virtualbox.org

Hello,

I would like to set up VirtualBox to monitor the execution of a guest OS.

In particular, I'd like to be able to view the guest OS' instructions before they are run by the virtual CPU. Additionally, I'd also like to be able to set monitors on some of the guest OS' CPU registers so if they are modified (e.g. on write with a MOV instruction), the guest's state will be suspended at the location where the write occurred (and the rip/eip will point to that instruction).

I've been searching for a VMM solution that exposes a way to accomplish my goals, but I couldn't find anything. Does anyone know if VirtualBox supports something of this nature? If so, can you please link me to the appropriate documentation?

Thanks a lot!

This seems a strange thing to expect to be provided in VirtualBox.

I would have though that, if you are up to using such information, you would be able to modify VirtualBox yourself to do what you want. The program is open-source. Why not study the source code, modify it as appropriate, and recompile your own version?

Why do it in VirtualBox anyway?

dlharper wrote:This seems a strange thing to expect to be provided in VirtualBox.

I would have though that, if you are up to using such information, you would be able to modify VirtualBox yourself to do what you want. The program is open-source. Why not study the source code, modify it as appropriate, and recompile your own version?

Why do it in VirtualBox anyway?

What's a better platform to do it in? Hyper-V? ESX/vSphere? Xen? Qemu? Basically you need something that's monitoring the VM (a hypervisor/VMM).

OK. I suppose it depends on what sort of system you want to do this with. I did a few close investigations like this a good many years ago with old systems (principally DOS 2), and at that stage I found standard debuggers did what was needed. (I used to use Eric Isaacson's A86/D86 package.) That handled it from inside the operating system itself, and could still be done totally within a virtual machine. I find it hard to imagine that Assembler-level monitoring of a modern OS is likely to achieve much, but it is up to you what you do with it, of course.

I would still suggest that if you need to do this then you will be capable of understanding the VirtualBox sources, and will be able to modify it to your needs.