{"id":197,"date":"2012-09-24T19:09:23","date_gmt":"2012-09-24T19:09:23","guid":{"rendered":"https:\/\/peterklemperer.com\/blog\/?p=197"},"modified":"2012-09-24T19:09:23","modified_gmt":"2012-09-24T19:09:23","slug":"vmitools-setup-instructions","status":"publish","type":"post","link":"https:\/\/peterklemperer.com\/blog\/2012\/09\/24\/vmitools-setup-instructions\/","title":{"rendered":"vmitools Setup Instructions"},"content":{"rendered":"

For my thesis work I study virtualization and I was interested in trying out the vmitools<\/a> project with a Windows 7 guest. Unfortunately I found the installation instructions a little difficult but I eventually muddled my way through. Below are my instructions but comment up if you need any clarifications!<\/p>\n

    \n
  1. Install Ubuntu 12.04.<\/li>\n
  2. Install Xen.
    \nThere are very good instructions by David Euler on his tutorial\u00a0    Setup your cloud server in 3 minutes with Xen 4.1 on Ubuntu 11.10<\/a>.<\/li>\n
  3. Download and compile vmitools from git<\/a>.
    \nI checked out the version from the git repository as it seemed more current and adequately stable. The installation instructions in the README were mostly correct but I had to install a few extra packages:
    \nsudo apt-get install automake libtool checkThe basic procedure was what you might expect:
    \n.\/autogen.sh
    \n.\/configure
    \nmakeI didn’t install the tools and this seems fine for now.<\/li>\n
  4. \u00a0Create a Xen guest with whatever Windows OS you want.
    \nThe Ubuntu supported Virtual Machine Manager GUI is fantastic and I didn’t need instructions. I used Windows 7 SP1 and named it win7-i386-xen. This name is important for later so make sure you don’t use any weird characters that don’t work easily with your shell.<\/li>\n
  5. Collect the configuration constants.
    \nThis is where I was in the weeds for a few whiles. There are many methods for getting the offsets but I found using WinDbg to be the quickest. I would have preferred to use the scripts included in the git repo but I couldn’t get them to work nearly as fast.
    \nInstall WinDbg using the instructions here<\/a>.Turn on debug in your Windows 7 instance that you installed in step 4. One easy way to do this is to turn on the guest, open a cmd prompt with administrative privileges, and type<\/p>\n
    bcdedit \/set debug on<\/pre>\n
    Then reboot.<\/p>\n
    Open WinDbg and create a local debug session as shown here<\/a>. Make sure you open WinDbg with Administrative privileges (on the right click menu) or else this won’t work!<\/p>\n
    Configure the WinDbg symbol stores (File->Symbol File Path), make sure to select reload:<\/p>\n
    srv*C:\\symbols*http:\/\/msdl.microsoft.com\/downloads\/symbols<\/pre>\n
    Dump the EPROCESS table and record the entries for UniqueProcessId and ActiveProcessLinks.<\/p>\n
    dt _eprocess<\/pre>\n
    For me UniqueProcessId was oxb4 and ActiveProcessLinks was 0xb8. Reload the symbol store (!reload) if this doesn’t work.<\/p>\n
    Dump the KPROCESS table and record the entry for DirectoryTableBase.<\/p>\n
    dt _kprocess<\/pre>\n
    For me DirectoryTableBase\u00a0was ox18.<\/p>\n
    Create the configuration file in ~\/etc\/libvmi.conf, substituting my values with the values you just recorded and the name of the vm you created in step 4:<\/p>\n
    win7-i386-xen {\r\n    ostype     = \"Windows\";\r\n\u00a0   win_tasks  = 0xb8;\r\n    win_pdbase = 0x18;\r\n    win_pid    = 0xb4;\r\n}<\/pre>\n<\/li>\n
  6. Create the libvmi configuration file.
    \nCreate the configuration file in ~\/etc\/libvmi.conf, substituting my values with the values you just recorded and the name of the vm you created in step 4:<\/p>\n
    win7-i386-xen {\r\n    ostype     = \"Windows\";\r\n\u00a0   win_tasks  = 0xb8;\r\n    win_pdbase = 0x18;\r\n    win_pid    = 0xb4;\r\n}<\/pre>\n<\/li>\n
  7. Test the installation with\u00a0the process list example.
    \ncd your host command line into in the vmitools\/examples directory. Then run:<\/p>\n
    sudo .\/process-list win7-i386-xen<\/pre>\n
    You should get a list of active process id’s in the guest. You can verify these by opening the Windows Process Explorer (ctrl-alt-delete in the Virtual Machine Manager GUI Send Key menu) and you may need to view->select columns and select “pid” in the Process Explorer.<\/li>\n<\/ol>\n
    CONGRATULATIONS! If you made it this far you probably deserve a big cup of coffee. I hope that this was helpful. If it was, please let me know below.<\/p>\n
    Links:<\/p>\n