From mboxrd@z Thu Jan 1 00:00:00 1970 From: big strong Subject: Re: how can I find hypercall page address? Date: Tue, 11 Aug 2015 10:44:29 +0800 Message-ID: References: <55C32DB4.6020203@citrix.com> <55C4AD58.5060300@citrix.com> <1439219058.24583.4.camel@citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3187048650057837920==" Return-path: In-Reply-To: <1439219058.24583.4.camel@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Dario Faggioli Cc: Andrew Cooper , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org --===============3187048650057837920== Content-Type: multipart/alternative; boundary=001a11349f9ec67410051d0014ea --001a11349f9ec67410051d0014ea Content-Type: text/plain; charset=UTF-8 My goal is to intercept hyprcalls to detect malicious calls. So I need firstly find where the hypercalls are. My plan is to locate hypercall page first, then walk through the hypercall page to get address of hyperccalls. If there is any other solutions, please let me know. Thanks very much. 2015-08-10 23:04 GMT+08:00 Dario Faggioli : > On Sat, 2015-08-08 at 08:02 +0800, big strong wrote: > > I think I've stated clearly what I want to do. > > > Well... > > > > |I want to locate the hypercall page address when creating a new domU, > > so as to locate hypercalls. > > > Ok. What for? > > Dario > > -- > <> (Raistlin Majere) > ----------------------------------------------------------------- > Dario Faggioli, Ph.D, http://about.me/dario.faggioli > Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) > --001a11349f9ec67410051d0014ea Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

My goal is to intercept hyprcalls to detect malicious call= s. So I need firstly find where the hypercalls are. My plan is to locate hy= percall page first, then walk through the hypercall page to get address of = hyperccalls. If there is any other solutions, please let me know. Thanks ve= ry much.

201= 5-08-10 23:04 GMT+08:00 Dario Faggioli <dario.faggioli@citrix.com<= /a>>:

On Sat, = 2015-08-08 at 08:02 +0800, big strong wrote:
> I think I've stated clearly what I want to do.
>
Well...
>
> |I want to locate the hypercall page address when creating a new domU,=
> so as to locate hypercalls.
>
Ok. What for?

Dario

--
<<This happens because I choose it to happen!>> (Raistlin Majer= e)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)

--001a11349f9ec67410051d0014ea-- --===============3187048650057837920== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============3187048650057837920==--