Wenzel · arnabcs17b006 · Jul 25, 2020 · Aug 14, 2020 · Aug 14, 2020 · Aug 16, 2020
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "type_traits": "c"
+    }
+}
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,16 +28,20 @@ hyper-v = ["winapi", "widestring", "ntapi", "vid-sys"]
 log = "0.4.8"
 env_logger = "0.7.1"
 libc = { version = "0.2.58", optional = true }
-xenctrl = { git = "https://github.com/Wenzel/xenctrl", optional = true }
+xenctrl = { git = "https://github.com/arnabcs17b006/xenctrl", branch = "singlestep",  optional = true }
 xenstore = { git = "https://github.com/Wenzel/xenstore", optional = true }
 xenforeignmemory = { git = "https://github.com/Wenzel/xenforeignmemory", optional = true }
-kvmi = { git = "https://github.com/Wenzel/kvmi", rev = "dd10135a27bb3658d399dfb5477299ca0f4baeac", optional = true }
+xenevtchn = { git = "https://github.com/arnabcs17b006/xenevtchn", branch = "event-notification"}
+xenvmevent-sys = { git = "https://github.com/Wenzel/xenvmevent-sys"}
+kvmi = { git = "https://github.com/Wenzel/kvmi", optional = true }
 fdp = { git = "https://github.com/Wenzel/fdp", optional = true }
 winapi = { version = "0.3.8", features = ["tlhelp32", "winnt", "handleapi", "securitybaseapi"], optional = true }
 widestring = { version = "0.4.0", optional = true }
 ntapi = { version = "0.3.3", optional = true }
 vid-sys = { version = "0.3.0", features = ["deprecated-apis"], optional = true }
 cty = "0.2.1"
+nix = "0.18.0"
+bitflags = "1.2.1"
 
 [dev-dependencies]
 ctrlc = "3.1.3"

diff --git a/c_examples/Makefile b/c_examples/Makefile
@@ -5,7 +5,7 @@ CWD := $(shell pwd)
 
 .PHONY: all clean
 
-all: mem-dump pause regs-dump
+all: mem-dump pause regs-dump cr-events msr-events interrupt-events singlestep-events
 
 libmicrovmi.h: ../target/debug/libmicrovmi.so
 	cd ..; \
@@ -20,5 +20,17 @@ pause: libmicrovmi.h pause.c
 regs-dump: libmicrovmi.h regs-dump.c
 	$(CC) $(CFLAGS) regs-dump.c -o $@ $(LDFLAGS)
 
+cr-events: libmicrovmi.h cr-events.c
+	$(CC) $(CFLAGS) cr-events.c -o $@ $(LDFLAGS)
+
+msr-events: libmicrovmi.h msr-events.c
+	$(CC) $(CFLAGS) msr-events.c -o $@ $(LDFLAGS)
+
+interrupt-events: libmicrovmi.h interrupt-events.c
+	$(CC) $(CFLAGS) interrupt-events.c -o $@ $(LDFLAGS)
+
+singlestep-events: libmicrovmi.h singlestep-events.c
+	$(CC) $(CFLAGS) singlestep-events.c -o $@ $(LDFLAGS)
+
 clean:
-	rm -f libmicrovmi.h mem-dump pause regs-dump
+	rm -f libmicrovmi.h mem-dump pause regs-dump cr-events msr-events interrupt-events singlestep-events
diff --git a/c_examples/cr-events.c b/c_examples/cr-events.c
@@ -0,0 +1,69 @@
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "libmicrovmi.h"
+
+bool display_cr(int index)
+{
+    switch (index)
+    {
+    case 0:
+        printf("Cr0  ");
+        return true;
+    case 1:
+        printf("Cr3  ");
+        return true;
+    case 2:
+        printf("Cr4  ");
+        return true;
+    default:
+        break;
+    }
+    return false;
+}
+
+int main(int argc, char* argv[]) {
+    if (argc < 2) {
+        printf("No domain name given.\n");
+        return 1;
+    }
+    microvmi_envlogger_init();
+    void* driver = microvmi_init(argv[1], NULL, NULL);
+    InterceptType intercept = { .tag = Cr, .cr = {._0 = Cr3} };
+    for(uint16_t vcpu =0; vcpu<2;vcpu++)
+        microvmi_toggle_intercept(driver, vcpu, intercept, true);
+    while(true)
+    {
+        Event ev;
+        if(microvmi_listen(driver, 1000, &ev)==true)
+        {
+            switch(ev.kind.tag)
+            {
+                case CrEvents:
+
+                    if(display_cr(ev.kind.cr_events.cr_type)==true)
+                    {
+                        printf("vcpu:  %d   ", ev.vcpu);
+                        printf("old value: 0x%" PRIx64 "   ", ev.kind.cr_events.old);
+                        printf("new value: 0x%" PRIx64 "\n", ev.kind.cr_events.new_);
+                    }
+                    else
+                    {
+                        printf("No Events..\n");
+                    }
+
+                    break;
+                default:
+                    printf("No Events..\n");
+            }
+        }
+        else
+        {
+            printf("No events..\n");
+        }
+
+    }
+    microvmi_destroy(driver);
+    return 0;
+}
diff --git a/c_examples/interrupt-events.c b/c_examples/interrupt-events.c
@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "libmicrovmi.h"
+
+
+int main(int argc, char* argv[]) {
+    if (argc < 2) {
+        printf("No domain name given.\n");
+        return 1;
+    }
+    microvmi_envlogger_init();
+    void* driver = microvmi_init(argv[1], NULL, NULL);
+    InterceptType intercept = { .tag = Breakpoint};
+    for(uint16_t vcpu =0; vcpu<2;vcpu++)
+        microvmi_toggle_intercept(driver, vcpu, intercept, true);
+    while(true)
+    {
+        Event ev;
+        if(microvmi_listen(driver, 1000, &ev)==true)
+        {
+            switch(ev.kind.tag)
+            {
+                case BreakpointEvents:
+                        printf("vcpu:  %d   ", ev.vcpu);
+                        printf("Breakpoint detected!!  ");
+                        printf("gpa: 0x%" PRIx64 ": ", ev.kind.breakpoint_events.gpa);
+                        printf("insn_len: 0x%" PRIx16 "\n", ev.kind.breakpoint_events.insn_len);
+                        break;
+                default:
+                    printf("No Events..\n");
+            }
+        }
+        else
+        {
+            printf("No events..\n");
+        }
+
+    }
+    microvmi_destroy(driver);
+    return 0;
+}
diff --git a/c_examples/msr-events.c b/c_examples/msr-events.c
@@ -0,0 +1,42 @@
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "libmicrovmi.h"
+
+
+int main(int argc, char* argv[]) {
+    if (argc < 2) {
+        printf("No domain name given.\n");
+        return 1;
+    }
+    microvmi_envlogger_init();
+    void* driver = microvmi_init(argv[1], NULL, NULL);
+    InterceptType intercept = { .tag = Msr, .msr = {._0 = (uint32_t)0xc0000080} };
+    for(uint16_t vcpu =0; vcpu<2;vcpu++)
+        microvmi_toggle_intercept(driver, vcpu, intercept, true);
+    while(true)
+    {
+        Event ev;
+        if(microvmi_listen(driver, 1000, &ev)==true)
+        {
+            switch(ev.kind.tag)
+            {
+                case MsrEvents:
+                        printf("vcpu:  %d   ", ev.vcpu);
+                        printf("msr index: 0x%" PRIx32 ": ", ev.kind.msr_events.msr_type);
+                        printf("old value: 0x%" PRIx64 "\n", ev.kind.msr_events.value);
+                        break;
+                default:
+                    printf("No Events..\n");
+            }
+        }
+        else
+        {
+            printf("No events..\n");
+        }
+
+    }
+    microvmi_destroy(driver);
+    return 0;
+}
diff --git a/c_examples/regs-dump.c b/c_examples/regs-dump.c
@@ -4,6 +4,13 @@
 
 #include "libmicrovmi.h"
 
+
+void display_segment_register(SegmentReg segment)
+{
+    printf("base: 0x%" PRIx64 "\n", segment.base);
+    printf("base: 0x%" PRIx32 "\n", segment.limit);
+    printf("base: 0x%" PRIx16 "\n", segment.selector);
+}
 void read_registers(void* driver, const char* vm_name) {
     if (microvmi_pause(driver)) {
         printf("Paused.\n");
@@ -24,7 +31,47 @@ void read_registers(void* driver, const char* vm_name) {
         printf("rbp: 0x%" PRIx64 "\n", regs.x86._0.rbp);
         printf("rip: 0x%" PRIx64 "\n", regs.x86._0.rip);
         printf("rflags: 0x%" PRIx64 "\n", regs.x86._0.rflags);
+        printf("r8: 0x%" PRIx64 "\n", regs.x86._0.r8);
+        printf("r9: 0x%" PRIx64 "\n", regs.x86._0.r9);
+        printf("r10: 0x%" PRIx64 "\n", regs.x86._0.r10);
+        printf("r11: 0x%" PRIx64 "\n", regs.x86._0.r11);
+        printf("r12: 0x%" PRIx64 "\n", regs.x86._0.r12);
+        printf("r13: 0x%" PRIx64 "\n", regs.x86._0.r13);
+        printf("r14: 0x%" PRIx64 "\n", regs.x86._0.r14);
+        printf("r15: 0x%" PRIx64 "\n", regs.x86._0.r15);
+        printf("cr0: 0x%" PRIx64 "\n", regs.x86._0.cr0);
+        printf("cr2: 0x%" PRIx64 "\n", regs.x86._0.cr2);
         printf("cr3: 0x%" PRIx64 "\n", regs.x86._0.cr3);
+        printf("sysenter_cs: 0x%" PRIx64 "\n", regs.x86._0.sysenter_cs);
+        printf("sysenter_esp: 0x%" PRIx64 "\n", regs.x86._0.sysenter_esp);
+        printf("sysenter_eip: 0x%" PRIx64 "\n", regs.x86._0.sysenter_eip);
+        printf("msr_star: 0x%" PRIx64 "\n", regs.x86._0.msr_star);
+        printf("msr_lstar: 0x%" PRIx64 "\n", regs.x86._0.msr_lstar);
+        printf("msr_efer: 0x%" PRIx64 "\n", regs.x86._0.msr_efer);
+        printf("cs {\n");
+        display_segment_register(regs.x86._0.cs);
+        printf("}\n");
+        printf("ds {\n");
+        display_segment_register(regs.x86._0.ds);
+        printf("}\n");
+        printf("es {\n");
+        display_segment_register(regs.x86._0.es);
+        printf("}\n");
+        printf("fs {\n");
+        display_segment_register(regs.x86._0.fs);
+        printf("}\n");
+        printf("gs {\n");
+        display_segment_register(regs.x86._0.gs);
+        printf("}\n");
+        printf("ss {\n");
+        display_segment_register(regs.x86._0.ss);
+        printf("}\n");
+        printf("tr {\n");
+        display_segment_register(regs.x86._0.tr);
+        printf("}\n");
+        printf("ldt {\n");
+        display_segment_register(regs.x86._0.ldt);
+        printf("}\n");
     } else {
         printf("Unable to read registers.\n");
     }

diff --git a/c_examples/singlestep-events.c b/c_examples/singlestep-events.c
@@ -0,0 +1,42 @@
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "libmicrovmi.h"
+
+
+int main(int argc, char* argv[]) {
+    if (argc < 2) {
+        printf("No domain name given.\n");
+        return 1;
+    }
+    microvmi_envlogger_init();
+    void* driver = microvmi_init(argv[1], NULL, NULL);
+    InterceptType intercept = { .tag = Breakpoint};
+    for(uint16_t vcpu =0; vcpu<2;vcpu++)
+        microvmi_toggle_intercept(driver, vcpu, intercept, true);
+    while(true)
+    {
+        Event ev;
+        if(microvmi_listen(driver, 1000, &ev)==true)
+        {
+            switch(ev.kind.tag)
+            {
+                case SinglestepEvents:
+                        printf("vcpu:  %d   ", ev.vcpu);
+                        printf("Breakpoint detected!!  ");
+                        printf("gpa: 0x%" PRIx64 ": ", ev.kind.singlestep_events.gpa);
+                        break;
+                default:
+                    printf("No Events..\n");
+            }
+        }
+        else
+        {
+            printf("No events..\n");
+        }
+
+    }
+    microvmi_destroy(driver);
+    return 0;
+}
diff --git a/examples/cr-events.rs b/examples/cr-events.rs
@@ -42,10 +42,11 @@ fn toggle_cr_intercepts(drv: &mut Box<dyn Introspectable>, vec_cr: &Vec<CrType>,
         let intercept = InterceptType::Cr(*cr);
         let status_str = if enabled { "Enabling" } else { "Disabling" };
         println!("{} intercept on {:?}", status_str, cr);
-        for vcpu in 0..drv.get_vcpu_count().unwrap() {
-            drv.toggle_intercept(vcpu, intercept, enabled)
-                .expect(&format!("Failed to enable {:?}", cr));
-        }
+        //for vcpu in 0..drv.get_vcpu_count().unwrap() {
+        let vcpu = 0;
+        drv.toggle_intercept(vcpu, intercept, enabled)
+            .expect(&format!("Failed to enable {:?}", cr));
+        //}
     }
 
     drv.resume().expect("Failed to resume VM");
@@ -101,11 +102,11 @@ fn main() {
     // listen
     let mut i: u64 = 0;
     while running.load(Ordering::SeqCst) {
-        let event = drv.listen(1000).expect("Failed to listen for events");
+        let event = drv.listen(10).expect("Failed to listen for events");
         match event {
             Some(ev) => {
                 let (cr_type, new, old) = match ev.kind {
-                    EventType::Cr { cr_type, new, old } => (cr_type, new, old),
+                    EventType::CrEvents { cr_type, new, old } => (cr_type, new, old),
                     _ => panic!("not cr event"),
                 };
                 let cr_color = match cr_type {
@@ -120,8 +121,8 @@ fn main() {
                     "[{}] {} - {}:    old value: 0x{:x}    new value: 0x{:x}",
                     ev_nb_output, vcpu_output, cr_output, old, new
                 );
-                drv.reply_event(ev, EventReplyType::Continue)
-                    .expect("Failed to send event reply");
+                // drv.reply_event(ev, EventReplyType::Continue)
+                //   .expect("Failed to send event reply");
                 i = i + 1;
             }
             None => println!("No events yet..."),

diff --git a/examples/interrupt-events.rs b/examples/interrupt-events.rs
@@ -72,7 +72,7 @@ fn main() {
         match event {
             Some(ev) => {
                 let (gpa, insn_len) = match ev.kind {
-                    EventType::Breakpoint { gpa, insn_len } => (gpa, insn_len),
+                    EventType::BreakpointEvents { gpa, insn_len } => (gpa, insn_len),
                     _ => panic!("Not interrupt event"),
                 };
                 let ev_nb_output = format!("{}", i).cyan();