Current guest's Process ID from outside guest

Discussions related to using the OSE version of VirtualBox.

Current guest's Process ID from outside guest

Postby C0reDev » 3. Oct 2017, 16:38

Hi there,
Is there any way to know from outside VirtualBox which process is running currently in guest's user mode?
For example I want to reference from my own routine inside VBoxDrv.sys (which is in root-mode) and know which thread is running currently inside guest.
I run windows host and Windows guest.
I know that if I have access from VBoxDrv.sys to current context of guests virtual CPU - there is a way.
I can get it's KPCR structure from it's GS register and from there the path is known.
So I'm facing right now 2 problems:
1) Referencing the virtual CPU current context of the guest from VBoxDrv.sys code (implement my own routine to do that, but I need the reference to the vCpu).
2) A way to translate the "Guest's Virtual Address" to "Guest's Physical Address". How can I do that?

Thanks in advance,
~C0reDev~
C0reDev
 
Posts: 8
Joined: 28. Sep 2017, 14:24

Re: Current guest's Process ID from outside guest

Postby michaln » 5. Oct 2017, 13:18

What are you trying to achieve exactly?
michaln
Oracle Corporation
 
Posts: 2916
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all

Re: Current guest's Process ID from outside guest

Postby C0reDev » 8. Oct 2017, 10:41

michaln wrote:What are you trying to achieve exactly?

When guest runs a thread, it executes under some process context, which a process id is assigned to. I want, somehow, to know every time the host would demand - "what process is the guest running right now?" (no matter which thread runs, just to know the process context in the guest).
Having a mapping of process name to pid of guests is possible (for example, each time a process in guest is started - it will send the host through some kind of communication the process name and pid).
C0reDev
 
Posts: 8
Joined: 28. Sep 2017, 14:24

Re: Current guest's Process ID from outside guest

Postby michaln » 9. Oct 2017, 16:37

VirtualBox does not have any concept of a "guest process". It doesn't really have a concept of a "guest OS" to speak of. It is a virtual PC, it just executes instructions. It doesn't know or care what processes, if any, are running inside the VM.
michaln
Oracle Corporation
 
Posts: 2916
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all

Re: Current guest's Process ID from outside guest

Postby C0reDev » 10. Oct 2017, 11:01

michaln wrote:VirtualBox does not have any concept of a "guest process". It doesn't really have a concept of a "guest OS" to speak of. It is a virtual PC, it just executes instructions. It doesn't know or care what processes, if any, are running inside the VM.

Yeah, it's true.
However, I thought maybe if we assume that the Host is permanent and known, and the Guest OS can only be one known OS (e.g. Windows 10 64 bit build 1607) - maybe there is a way to manipulate the VMM in such a way so that it will reveal (by demand) the process id of the current guest's context running thread. (This assumption is ok for me)
For example, if there is a way to implement a routine in the VBoxDrv driver so that it will get from the VMM the current PID, as for the VMM to get the PID from the vCpu -> GS register -> KPCR -> KPRCB -> KTHREAD (ETHREAD) -> CLIENT_ID -> UniqueProcess (Pid).
All with known offsets only because it's a specific build of a specific OS of course.

Is there a way to do so? Maybe other "hacky" way?
Thanks.
C0reDev
 
Posts: 8
Joined: 28. Sep 2017, 14:24

Re: Current guest's Process ID from outside guest

Postby michaln » 10. Oct 2017, 16:55

Check the VM debugger (source code in src\VBox\Debugger). It can detect the OS type and such things. It's doable, it's just not something we ever found useful.
michaln
Oracle Corporation
 
Posts: 2916
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all


Return to VirtualBox OSE

Who is online

Users browsing this forum: No registered users and 2 guests