Master's Thesis

Overview: Enhanced Debugging Capabilities through the Application of Virtualization Technology

Powerful enhancements can be provided to current state-of-the-art kernel debugging technologies through creative applications of virtualization technology, or more specifically, with the assistance of a virtual machine monitor (VMM). A VMM that makes use of Intel’s Virtualization Technology (VT) has the ability to set specific conditions and take control of the central processing unit (CPU) when these conditions are met. These conditions are called exit reasons, or VM-Exits, and they proceed to pass execution control to a software handler that executes inside of the VMM. The term exit reason is used because execution flow is exiting the guest virtual machine and entering the VMM. From a debugging standpoint, the ability to trap (or breakpoint) on these events can greatly increase traditional debugging capabilities beyond simple memory and I/O breakpoints.

The ability for a VMM to trap on a specific system-level event and pass control to a software handler is analogous to the ability of a kernel debugger to trap on a specific breakpoint and pass control to the interrupt 0x01 handler. In contrast to a debug breakpoint, which can only be set to trap on a specified memory or I/O location, a tailored VMM can trap on a multitude of conditions, as defined by Intels list of basic exit reasons. By combining the vast set of exit reasons provided through the use of a VMM with the traditional capabilities of a kernel debugger, the kernel debugger can be enhanced to provide more specific fine-grained control over a system or application that is being manipulated by the debugger. With this greater degree of control a debugger can experience numerous enhancements, as demonstrated in this thesis document.

Download