On Fri, Nov 15, 2019 at 1:31 PM Paul Durrant <pdurrant@gmail.com> wrote:

> On Thu, 14 Nov 2019 at 04:57, Julian Tuminaro <julian.tuminaro@gmail.com>
> wrote:
> >
> > From: Julian Tuminaro and Jenish Rakholiya <julian.tuminaro@gmail.com
> and rakholiyajenish.07@gmail.com>
> >
> > Current implementation of find_os is based on the hard-coded values for
> > different Windows version. It uses the value for get the address to
> > start looking for DOS header in the given specified range. However, this
> > is not scalable to all version of Windows as it will require us to keep
> > adding new entries and also due to KASLR, chances of not hitting the PE
> > header is significant. We implement a way for 64-bit systems to use IDT
> > entry to get a valid exception/interrupt handler and then move back into
> > the memory to find the valid DOS header. Since IDT entries are protected
> > by PatchGuard, we think our assumption that IDT entries will not be
> > corrupted is valid for our purpose. Once we have the image base, we
> > search for the DBGKD_GET_VERSION64 structure type in .data section to
> > get information required for handshake.
> >
> > Currently, this is a work in progress feature and current patch only
> > supports the handshake and memory read/write on 64-bit systems.
> >
> > NOTE: This is the Updated version of the previous patch submitted
> > NOTE: This has currently been only tested when debugging was not enabled
> > on the guest Windows.
> >
> > Signed-off-by: Jenish Rakholiya <rjenish@cmu.edu>
> > Signed-off-by: Julian Tuminaro <jtuminar@andrew.cmu.edu>
>
> LGTM.
>
> Reviewed-by: Paul Durrant <paul@xen.org>
>

Paul, is this something worth adding a line to CHANGELOG about?

 -George