VMware {code} Community
cwliner
Contributor
Contributor
‎02-20-2009 11:49 AM

Trying this out...

I tried to use the sample code and am getting an error.

I tried to run:

vmrun vprobeLoad Windows\ XP\ Professional.vmx "'cat vptop.vp'"

vprobeLoad: error: illegal variable reference in top-level context

I thought it might be a bug in the example, but I tried going back to a simple Hello! type script and I get the same error. If I type it out on the command line, the Hello! script works, but in a file it does not.

If I put the vptop.vp example on the command line, I get another error.

vprobeLoad: error: unknown callee cpuprocname

Any ideas?

I am running Redhat ES 4.7 on this machine, with VMWorkstation 6.5.

Thanks!

Cameron Liner

Cameron.Liner@arnold.af.mil

0 Kudos
6 Replies
fixitchris
Hot Shot
Hot Shot
‎02-24-2009 06:42 AM

Are you running this code on Windows or Linux?

What does vProbeList show?

0 Kudos
cwliner
Contributor
Contributor
‎02-24-2009 07:02 AM

Thanks for the reply.

I am running this on Redhat ES Linux.

I'm not seeing a command for vProbeList, but I ran vmrun vprobeListProbes and got a list of items.... I do not have internet access from the system in question so I'll just summarize.

Total probes: 42

In

HW_Exit

SMM_RSMPost

...

..

VMXUnload

VMM10Hz

I do not see curprocname in the list.

0 Kudos
cwliner
Contributor
Contributor
‎02-25-2009 05:24 AM

UPDATE

Well, I tried this out on another Linux box I have around running Ubuntu 8.10. I have no problems on that machine at all. I'm guessing there is something missing from the Red Hat system, but I have no idea what it is. I am going to reload my main system as Ubuntu to continue testing VProbes instead of fighting with Red Hat.

Thanks

0 Kudos
fixitchris
Hot Shot
Hot Shot
‎02-25-2009 06:52 AM

The LIST command shows the events and global vars. If anything , curprocname would be a global var (second list), but I think it is user defined and not part of the default variables...

What is your plan for Vprobes?

0 Kudos
cwliner
Contributor
Contributor
‎02-25-2009 07:32 AM

It is more of a learning exercise than anything, but the current idea is to monitor the VM for process launches. We are going to try to monitor for malware introduced through external media (thumb drives, cd, etc.). If it is found an action will be taken... possibly a destroy and revert to snapshot action. Might work, might not.

0 Kudos
fixitchris
Hot Shot
Hot Shot
‎02-25-2009 08:47 AM

Sounds pretty cool. Keep us updated.

0 Kudos