int main(int argc, char **argv)
{
vmi_instance_t vmi = NULL;
status_t status = VMI_SUCCESS;
if (argc != 2) {
printf("Usage: %s <vmname>\n", argv[0]);
return 1;
}
char *name=argv[1];
//vmi_pid_t pid=atoi(argv[3]);
if (vmi_init(&vmi, VMI_AUTO | VMI_INIT_COMPLETE | VMI_INIT_EVENTS, name) == VMI_FAILURE) {
printf("Failed to init LibVMI library.\n");
return 1;
}
printf("success to init LibVMI\n");
int i;
vmi_pause_vm(vmi);
for (i = 0; i < num; i++) {
char *vaddr_str=hypercall_address[i][1];
char *hypercall_name=hypercall_address[i][0];
vaddr[i] =(addr_t) strtoul(vaddr_str, NULL, 16);
printf("virtual address is:%lx\n",vaddr[i]);
//printf("pid is: %d\n",pid);
paddr[i] = vmi_translate_kv2p(vmi,vaddr[i]);
printf("physical address is::%lx\n",paddr[i]);
mm_event[i].mem_event.gla2 = vaddr[i];//add comparing gla to memory event structure
mm_event[i].mem_event.hypercall=hypercall_name;
printf("Preparing memory event to catch HYPERCALL %s at PA 0x%lx, page 0x%lx\n\n",
hypercall_name, paddr[i], paddr[i] >> 12);
SETUP_MEM_EVENT(&mm_event[i], paddr[i], VMI_MEMEVENT_PAGE,
VMI_MEMACCESS_RWX, mm_callback);
vmi_register_event(vmi,&mm_event[i]);
}
vmi_resume_vm(vmi);
while(!interrupted){
status = vmi_events_listen(vmi,500);
if (status != VMI_SUCCESS) {
printf("Error waiting for events, quitting...\n");
interrupted = -1;
}
}
printf("Finished with test.\n");
vmi_destroy(vmi);
return 1;
}
int main(int argc, char **argv)
{
vmi_instance_t vmi = NULL;
status_t status = VMI_SUCCESS;
if (argc != 3) {
printf("Usage: %s <vmname> <hypercall-name>\n", argv[0]);
return 1;
}
char *name=argv[1];
//vmi_pid_t pid=atoi(argv[3]);
if (vmi_init(&vmi, VMI_AUTO | VMI_INIT_COMPLETE | VMI_INIT_EVENTS, name) == VMI_FAILURE) {
printf("Failed to init LibVMI library.\n");
return 1;
}
printf("success to init LibVMI\n");
int i;
char *hypercall_name=argv[2];
for (i = 0; i < num; i++) {
if (strcmp(hypercall_address[i][0],hypercall_name)==0) {
vmi_pause_vm(vmi);
char *vaddr_str=hypercall_address[i][1];
vaddr[i] =(addr_t) strtoul(vaddr_str, NULL, 16);
printf("virtual address is:%lx\n",vaddr);
paddr[i] = vmi_translate_kv2p(vmi,vaddr[i]);
printf("physical address is::%lx\n",paddr[i]);
mm_event[i].mem_event.gla2 = vaddr[i];//add comparing gla to memory event structure
mm_event[i].mem_event.hypercall=hypercall_name;
printf("Preparing memory event to catch HYPERCALL %s at PA 0x%lx, page 0x%lx\n\n",
hypercall_name, paddr, paddr[i] >> 12);
SETUP_MEM_EVENT(&mm_event[i], paddr[i], VMI_MEMEVENT_PAGE,
VMI_MEMACCESS_RWX, mm_callback);
vmi_register_event(vmi,&mm_event[i]);
vmi_resume_vm(vmi);
break;
}
if (i>=(num-1)){
printf("no hypercall found, please check the hypercall name!");
break;
}
}
int main (int argc, char **argv)
{
vmi_instance_t vmi = NULL;
status_t status = VMI_SUCCESS;
struct sigaction act;
mm_enabled=0;
char *name = NULL;
if(argc < 2){
fprintf(stderr, "Usage: %s <name of VM>\n", argv[0]);
exit(1);
}
// Arg 1 is the VM name.
name = argv[1];
/* for a clean exit */
act.sa_handler = close_handler;
act.sa_flags = 0;
sigemptyset(&act.sa_mask);
sigaction(SIGHUP, &act, NULL);
sigaction(SIGTERM, &act, NULL);
sigaction(SIGINT, &act, NULL);
sigaction(SIGALRM, &act, NULL);
// Initialize the libvmi library.
if (vmi_init(&vmi, VMI_XEN | VMI_INIT_COMPLETE | VMI_INIT_EVENTS, name) == VMI_FAILURE){
printf("Failed to init LibVMI library.\n");
if (vmi != NULL ) {
vmi_destroy(vmi);
}
return 1;
}
else{
printf("LibVMI init succeeded!\n");
}
vmi_pause_vm(vmi);
SETUP_REG_EVENT(&cr3_event, CR3, VMI_REGACCESS_W, 0, cr3_callback);
vmi_register_event(vmi, &cr3_event);
// Setup a mem event for tracking memory at the current instruction's page
// But don't install it; that will be done by the cr3 handler.
vmi_get_vcpureg(vmi, &rip, RIP, 0);
vmi_get_vcpureg(vmi, &cr3, CR3, 0);
printf("Current value of RIP is 0x%lx\n", rip);
rip -= 0x1;
pid = vmi_dtb_to_pid(vmi, cr3);
if(pid==4) {
rip_pa = vmi_translate_uv2p(vmi, rip, pid);
} else {
rip_pa = vmi_translate_kv2p(vmi, rip);
}
printf("Preparing memory event to catch next RIP 0x%lx, PA 0x%lx, page 0x%lx for PID %u\n",
rip, rip_pa, rip_pa >> 12, pid);
SETUP_MEM_EVENT(&mm_event, rip_pa, VMI_MEMEVENT_PAGE, VMI_MEMACCESS_X, mm_callback);
vmi_resume_vm(vmi);
while(!interrupted){
status = vmi_events_listen(vmi,500);
if (status != VMI_SUCCESS) {
printf("Error waiting for events, quitting...\n");
interrupted = -1;
}
}
printf("Finished with test.\n");
leave:
// cleanup any memory associated with the libvmi instance
vmi_destroy(vmi);
return 0;
}
