ddebug
Contributor
Contributor

Dynamic probes no longer working?

Hi,

I'm using vprobes in VMware Workstation (10.0.1 build-1379776).

I am using a dynamic probe to monitor for a guest write on a specific memory address.

My script is taken from the example:

(vprobe GUEST_WRITE:0xb8000

(printf "Write to VGA text RAM.\n"))

However, the problem is that I have an error when I try to vprobeLoadFile the script.

vprobeLoadFile: error: Unrecognized characters ':0xb8000' in probe 'GUEST_WRITE:0xb8000'

vprobeLoadFile: 0 warnings, 1 errors

Error: Unknown error

I have tried many different addresses after GUEST_WRITE, but I always get the same error: "Unrecognized characters".

Also why is there only a Guest_CR3Write and not Guest_OtherRegister here? Like rax, ldtr, etc.

0 Kudos
6 Replies
mcarbone
Contributor
Contributor

Hi,

Thank you for using VProbes! The "VProbes Programming Reference" is a bit outdated, and we are currently working on a new, updated version.

Basically, the syntax for guest probes has changed. If you replace GUEST_WRITE with GUEST:WRITE, your script should load.


Regarding your second question, the CPU provides facilities to intercept CR3 writes made by the guest, but the same is not true for general-purpose registers, making it hard to implement what you suggest.

Just out of curiosity, what are you using VProbes for?

0 Kudos
msheep
Contributor
Contributor

Hi mcarbone,

When will the "vProbes Programming Reference" be updated?

Does vProbes works on ESXi 5.5 as well?

0 Kudos
mcarbone
Contributor
Contributor

Hi,

Our expectation is to have the new User Guide uploaded to the community forum webpage in approximately 2 months.

VProbes is not supported on ESXi.

0 Kudos
msheep
Contributor
Contributor

Thanks for the reply.Smiley Happy

Are there any plans to extend VProbes to ESXi? Or are there any alternatives to monitor the behavior of processes in VMs running in ESXi servers?

It seems like VMware only allow vshield partners to have access to APIs for vm introspection in ESXi...

Is this true?


0 Kudos
virtualirfan
Contributor
Contributor

Look forward to the new guide!

CTO | Co-founder CloudPhysics, Inc. http://www.cloudphysics.com http://virtualirfan.com
0 Kudos
avshein
Contributor
Contributor

Is there a new User Guide for Vprobes available?

0 Kudos