Skip to content

thomasdangl/kvm-vmi

 
 

Repository files navigation


KVM-VMI

KVM-based Virtual Machine Instrospection.

CI Slack Slack_Users

Table of Contents

Overview

This project adds virtual machine introspection to the KVM hypervisor.

Virtual Machine Introspection is a technology that aims to understand the guest's execution context, solely based on the VM's hardware state, for various purposes:

  • Debugging
  • Malware Analysis
  • Live-Memory Analysis
  • OS Hardening
  • Monitoring
  • Fuzzing

See the presentations section for more information.

This project is divided into 4 components:

  • kvm: linux kernel with vmi patches for KVM
  • qemu: patched to allow introspection
  • nitro (legacy): userland library which receives events, introspects the virtual machine state, and fills the semantic gap
  • libvmi: virtual machine instrospection library with unified API across Xen and KVM

At the moment, 2 versions of VMI patches are available for QEMU/KVM in this repository:

Installation

Follow the Setup guide

Presentations

References

The legacy VMI system contained in this repo (Nitro) is based on Jonas Pfoh's work:

Maintainers

@Wenzel

License

GNU General Public License v3.0

About

KVM-based Virtual Machine Introspection

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Jinja 45.4%
  • Batchfile 23.8%
  • PowerShell 18.1%
  • VBScript 8.1%
  • Makefile 4.6%