instrtrace and unpack_hypervisor System crash!

[PJ]

Hello,

I just finally mastered the install of Xen/Ether on debian lenny (5.0.10) with everything installed without a hitch using tutorial found here: http://ether.gtisc.gatech.edu/source.html . I downloaded and installed windows XP SP2 and disabled PAE in both hvm config file and boot.ini; I also disabled ACPI and APIC in the hvm config file. Here is the issue I now have, when I issue the command ./ether <dom id> instrtrace malware.exe or ./ether <dom id> unpack_hypervisor malware.exe and run the malware.exe file on the windows guest it starts to load the malware file for about a minute or two then the Xen system reboots on its own. I have installed Xen/Ether on two different systems one from the era ether was built in and one on a newer system and both exhibit the same behaviour. I even tried disabling the NX (no execute) bit with no change at all. Does anyone know how to fix this issue? I am wondering if all windows XP SP2 ISO's are made differently meaning certain newer updates are added to the ISO's that are available today that may change the memory layout of XP which is causing these crashes on ether?

PJ

[PJ]

Well preliminary results show that I may have fixed my crashing issue. Thanks to the useful logdump.sh tool found in ether_ctl directory I was able to pinpoint the issue to a call made in unpack_init found in /xen-3.1.0-src/xen/arch/x86/hvm/ether_unpack.c to the function unpack_clear_map(struct vcpu *v). If for some reason I added a printk statement in the if statement

ie.

void unpack_clear_map(struct vcpu *v)

{

if(v->domain->arch.hvm_domain.ether_controls.unpack_map != NULL)

{

 printk("UNPACK_CLEAR_MAP: resetting/clearing memory");

         memset(v->domain->arch.hvm_domain.ether_controls.unpack_map,

0,

1024*1024*256);

}

}

it somehow resolved my crashing issue for instrtrace command. I will test further with hypervisor_unpack to see if the result remains.

Perry