Hi there,
Is there any way to know from outside VirtualBox which process is running currently in guest's user mode?
For example I want to reference from my own routine inside VBoxDrv.sys (which is in root-mode) and know which thread is running currently inside guest.
I run windows host and Windows guest.
I know that if I have access from VBoxDrv.sys to current context of guests virtual CPU - there is a way.
I can get it's KPCR structure from it's GS register and from there the path is known.
So I'm facing right now 2 problems:
1) Referencing the virtual CPU current context of the guest from VBoxDrv.sys code (implement my own routine to do that, but I need the reference to the vCpu).
2) A way to translate the "Guest's Virtual Address" to "Guest's Physical Address". How can I do that?
Thanks in advance,
~C0reDev~
Current guest's Process ID from outside guest
-
- Oracle Corporation
- Posts: 2973
- Joined: 19. Dec 2007, 15:45
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Any and all
- Contact:
Re: Current guest's Process ID from outside guest
What are you trying to achieve exactly?
Re: Current guest's Process ID from outside guest
When guest runs a thread, it executes under some process context, which a process id is assigned to. I want, somehow, to know every time the host would demand - "what process is the guest running right now?" (no matter which thread runs, just to know the process context in the guest).michaln wrote:What are you trying to achieve exactly?
Having a mapping of process name to pid of guests is possible (for example, each time a process in guest is started - it will send the host through some kind of communication the process name and pid).
-
- Oracle Corporation
- Posts: 2973
- Joined: 19. Dec 2007, 15:45
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Any and all
- Contact:
Re: Current guest's Process ID from outside guest
VirtualBox does not have any concept of a "guest process". It doesn't really have a concept of a "guest OS" to speak of. It is a virtual PC, it just executes instructions. It doesn't know or care what processes, if any, are running inside the VM.
Re: Current guest's Process ID from outside guest
Yeah, it's true.michaln wrote:VirtualBox does not have any concept of a "guest process". It doesn't really have a concept of a "guest OS" to speak of. It is a virtual PC, it just executes instructions. It doesn't know or care what processes, if any, are running inside the VM.
However, I thought maybe if we assume that the Host is permanent and known, and the Guest OS can only be one known OS (e.g. Windows 10 64 bit build 1607) - maybe there is a way to manipulate the VMM in such a way so that it will reveal (by demand) the process id of the current guest's context running thread. (This assumption is ok for me)
For example, if there is a way to implement a routine in the VBoxDrv driver so that it will get from the VMM the current PID, as for the VMM to get the PID from the vCpu -> GS register -> KPCR -> KPRCB -> KTHREAD (ETHREAD) -> CLIENT_ID -> UniqueProcess (Pid).
All with known offsets only because it's a specific build of a specific OS of course.
Is there a way to do so? Maybe other "hacky" way?
Thanks.
-
- Oracle Corporation
- Posts: 2973
- Joined: 19. Dec 2007, 15:45
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Any and all
- Contact:
Re: Current guest's Process ID from outside guest
Check the VM debugger (source code in src\VBox\Debugger). It can detect the OS type and such things. It's doable, it's just not something we ever found useful.