Hello Mr. Air

Is it possible to monitor the rwx accesses of a process memory range done by process itself using current state of AirHv (and log RIP, axx-ed mem addr to screen or file)? Does it work even if mem range is large(hundreds of MB)?

Thanks

This is not possible in the current state (although it would't be difficult to implement), but if you are looking for such functionality, take a look at the HyperDbg

Yeah, I already did, unfortunately HyperDbg has many issues which makes it unusable for what I need(I raised quite a few Issues on their github page).
I hope your project will develop nicely and maybe u could implement a user space library to easily to things like : intercepting/logging rwx accesses , CPUID ,etc

Is it possible to add a "Sponsor project" button , so you can implement features some people need with a higher priority?
Thanks

Most likely I won't implement such functionalities, because first of all this project is quite poorly written and needs heavy refactoring or it should be rewritten from scratch so that adding new functionalities would be easier.

Secondly, I now want to make airhv as stable as it is possible for HyperHide, because I am working on other things and I would not want to spend more time on both of them, but if HyperDbg does not work, you can try to use qiling, whose only drawback is that it is an emulator, which may therefore be too slow for what you are trying to achieve.

OK , thanks for explanations, this issue can be closed, from my point of view.