LibVMI on ARM32

[manch...@gmail.com]

I am trying to get LibVMI working on Cubietruck (armv7). I have Xen 4.11 installed and a Debian Linux (4.17.0-rc2) domU running. My goal is to able to listen to the system calls from the guest. I have worked with getting the traces of the system calls from a Windows guest (x86 and x64). I understand it involves with 2 steps, 1) Finding the addresses of the syscalls, and 2) Breakpoint injection.Step 1 was relatively easy as I can get most of the information from a rekall profile, however I have problem testing Step 2.

Basing my testing code interrupt-event-example.c, I modified it to call SETUP_PRIVCALL_EVENT(&interrupt_event, privcall_cb), then call vmi_register_event(vmi, &interrupt_event), which returned VMI_SUCCESS. However when I tried to trigger an interrupt on gdb in domU, I received no event with my privcall_cb.

Is my understanding of interrupt wrong in the context of ARM32?

[Tamas K Lengyel]

PRIVCALL traps SMC instructions, not breakpoints. So using gdb in the
guest will not trap into the hypervisor.

Tamas

> --
> You received this message because you are subscribed to the Google Groups "vmitools" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vmitools+u...@googlegroups.com.
> To post to this group, send email to vmit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/vmitools.
> For more options, visit https://groups.google.com/d/optout.