Giters

KVM-VMI / kvm-vmi

KVM-based Virtual Machine Introspection

Home Page:https://kvm-vmi.github.io/kvm-vmi/master/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

virtual-machinekvmnitrointrospectionhypervisortrapvirtual-machine-introspectionsyscallsmonitor


KVM-VMI

KVM-based Virtual Machine Instrospection.

Slack

Table of Contents

Overview

This project adds virtual machine introspection to the KVM hypervisor.

Virtual Machine Introspection is a technology that aims to understand the guest's execution context, solely based on the VM's hardware state, for various purposes:

  • Debugging
  • Malware Analysis
  • Live-Memory Analysis
  • OS Hardening
  • Monitoring
  • Fuzzing

See the presentations section for more information.

This project is divided into 4 components:

  • kvm: linux kernel with vmi patches for KVM
  • qemu: patched to allow introspection
  • nitro (legacy): userland library which receives events, introspects the virtual machine state, and fills the semantic gap
  • libvmi: virtual machine instrospection library with unified API across Xen and KVM

At the moment, 2 versions of VMI patches are available for QEMU/KVM in this repository:

Installation

Follow the Setup guide

Presentations

References

The legacy VMI system contained in this repo (Nitro) is based on Jonas Pfoh's work:

Maintainers

@Wenzel

License

GNU General Public License v3.0

About

KVM-based Virtual Machine Introspection

https://kvm-vmi.github.io/kvm-vmi/master/

virtual-machinekvmnitrointrospectionhypervisortrapvirtual-machine-introspectionsyscallsmonitor

Languages

Language:Jinja 45.4%Language:Batchfile 23.8%Language:PowerShell 18.1%Language:VBScript 8.1%Language:Makefile 4.6%