Re: [XenAccess-devel] Xenaccess examples with Windows XP/Vista
Status: Beta
Brought to you by:
bdpayne
Menu
▾
▴
Re: [XenAccess-devel] Xenaccess examples with Windows XP/Vista
|
From: Matthew D. <ma...@at...> - 2008-01-17 19:24:07
|
Thanks for the pointers.
I think I've exhausted all combinations of option 1 with no success. The
extra output (= _Symbol@X) shows some linking information (calling
convention and total size of arguments in bytes) and was caused by
dumpbin.exe. I used the version that came with Visual Studio 2008; an older
version of dumpbin doesn't produce it. I generated export files for both
kernels (pae and non-paw) and stipped out the extra stuff. Still no go.
I guess I'll move on to option 2.
-matthew
-----Original Message-----
From: Bryan D. Payne [mailto:br...@th...]
Sent: Thursday, January 17, 2008 10:11 AM
To: Matthew Donovan
Cc: xen...@li...
Subject: Re: [XenAccess-devel] Xenaccess examples with Windows XP/Vista
Matthew,
Welcome to the list. I have a few thoughts for you to explore...
(1) My best guess is that you are using the wrong windows "sysmap"
file. Of course, it is not really a sysmap file for windows but it does
have critical offset information. And, while the snippet that you showed
appears to be close to the right format (the extra "= xxx"
and the end of each line looks weird to me), I would question if it is the
correct information. Specifically, these data will be different for PAE and
non-PAE kernels. Here's how to get the file:
(non-PAE) dumpbin /exports c:\windows\system32\ntoskrnl.exe
(PAE) dumpbin /exports c:\windows\system32\ntkrnlpa.exe
Just save the output of these commands to a file and use that for the
"sysmap". As an example, the files for my version of Windows XP SP2 are
provided under the notes directory in subversion.
(2) I noticed in the debug output that your version of windows is using
PSE. My setup at this end does not use that, so it is likely that there are
bugs in the PSE support mechanism. If (1) doesn't fix your problem, I would
look into this next.
(3) Finally, you are using Xen 3.1.2. This *should* work with HVM domains,
but I haven't had time to work out all the kinks in supported Xen 3.1.x. So
it's possible that there is some weird bug that you are triggering.
Although I think that (1) and (2) are more likely.
Also, it's worth noting that I haven't played with Vista yet. I imagine
that it will "just work" if you get the right offsets and exports file.
But, you'll be charting new territory there. Let me know how that goes as
I'd be very interested in knowing if it works!
Cheers,
bryan
On Jan 17, 2008 9:36 AM, Matthew Donovan <ma...@at...> wrote:
> Hi,
>
> I'm trying to get the Xenaccess examples working with Windows. I
> ultimately want to use it with Vista but for a first step I'd be happy
> to get it working with XP SP2. When I try to run the process-list and
> module-list examples on Vista or XP, it fails during initialization
> with "failed to init XenAccess library: Bad address". (The full
> output is below.)
>
> For Vista, I changed the constants in process-list.c to be appropriate
> (determined using windbg).
> For XP I just used the constants that were already there and verified
> they were correct.
>
> I talked with Jim (I've just started on the project) and he showed me
> a Windows sysmap(?) file. I included part of that just so you can
> tell me if I got the format right. I assume it's OK since there isn't
> an error looking up PsInitialSystemProcess.
>
> I'm using Xen 3.1.2 and XenAccess 0.4 on Fedora Core 8.
>
> I'm not really sure what to try next.
>
> Thanks for the help.
> -matthew
>
>
> XENACCESS.CONF:
> winvista {
> sysmap ="/root/libxa/winvista-exports.txt";
> ostype = "Windows";
> win_tasks = 0xa0;
> win_pdbase = 0x18;
> win_pid = 0x9c;
> win_peb = 0x188;
> win_iba = 0x8;
> win_ph = 0x18;
> }
>
> winxp0 {
> sysmap ="/root/libxa/winxp-exports.txt";
> ostype = "Windows";
> win_tasks = 0x88;
> win_pdbase = 0x18;
> win_pid = 0x84;
> win_peb = 0x1b0;
> win_iba = 0x8;
> win_ph = 0x18;
> }
>
> SYSMAP (?) SNIPPET:
> 94 0 000CA3D3 AlpcGetHeaderSize = _AlpcGetHeaderSize@4
> 95 1 000CA451 AlpcGetMessageAttribute =
> _AlpcGetMessageAttribute@8
> 96 2 000CA414 AlpcInitializeMessageAttribute =
> _AlpcInitializeMessageAttribute@16
> 97 3 0003273E CcCanIWrite = _CcCanIWrite@16
> 98 4 001D7530 CcCopyRead = _CcCopyRead@24
>
>
>
> PROCESS-LIST OUTPUT FOR XP VM:
>
> XenAccess Version 0.4
> --got domain info.
> **set instance->xen_version = 3.1.0
> --got domain name from id (4 ==> winxp0).
> 1 |winvista {
> 2 | sysmap ="/root/libxa/winvista-exports.txt";
> 3 | ostype = "Windows";
> 4 | win_tasks = 0xa0;
> 5 | win_pdbase = 0x18;
> 6 | win_pid = 0x9c;
> 7 | win_peb = 0x188;
> 8 | win_iba = 0x8;
> 9 | win_ph = 0x18;
> 10 |}
> 11 |
> 12 |winxp0 {
> 13 | sysmap ="/root/libxa/winxp-exports.txt";
> 14 | ostype = "Windows";
> 15 | win_tasks = 0x88;
> 16 | win_pdbase = 0x18;
> 17 | win_pid = 0x84;
> 18 | win_peb = 0x1b0;
> 19 | win_iba = 0x8;
> 20 | win_ph = 0x18;
> 21 |}
> 22 |
> --got sysmap from config (/root/libxa/winxp-exports.txt).
> --reading in windows offsets from config file.
> --got ostype from config (Windows).
> **set instance->os_type to Windows.
> **set instance->pae = 1
> **set instance->pse = 1
> --got memory layout.
> **set instance->hvm to true (HVM).
> --MapPFN: Mapping mfn = 1.
> --MapPFN: Mapping mfn = 2.
> --MapPFN: Mapping mfn = 3.
> --MapPFN: Mapping mfn = 4.
> --MapPFN: Mapping mfn = 5.
> --MapPFN: Mapping mfn = 6.
> --MapPFN: Mapping mfn = 7.
> --MapPFN: Mapping mfn = 8.
> <snip>
> --MapPFN: Mapping mfn = 4093.
> --MapPFN: Mapping mfn = 4094.
> --MapPFN: Mapping mfn = 4095.
> failed to init XenAccess library: Bad address
>
>
>
> ----------------------------------------------------------------------
> --- This SF.net email is sponsored by: Microsoft Defy all challenges.
> Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> XenAccess-devel mailing list
> Xen...@li...
> https://lists.sourceforge.net/lists/listinfo/xenaccess-devel
>
--
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center http://www.bryanpayne.org
|
