Mathieu Tarral

Did you modified the `syscall.hook` dict while in the callback ? Look at the example.

Use `define_hook`: https://github.com/KVM-VMI/nitro/blob/master/nitro/backends/backend.py#L80 define a callback and pass it to this method. ~~~Python def callback(syscall, backend): ... self.nitro.backend.define_hook('NtOpenFile', callback) ~~~

You can try to remove the definition of the hook, this will intercept all syscalls. Check if you have NtOpenFile in one of them. Otherwise you need to investigate by...

I agree with all the issues that you listed above ! Adding the registers directly in the event will improve performance, since we need the registers info anyway. An yes,...

Hi @shlomopongartz , thanks for your review, it's very appreciated ! # first implementation using a table > One, In windows we have up to two SSDT (from 4 possible...

I fixed `nitro_find_syscall` by surrounding the search with mutexes. Also, I will keep the `hashtable` implementation for now because it simplifies how we process an event. With an 8K table,...

Hi, I don't understand the title of the issue, and the content is unrelated. Please edit and explain in details, or i will have to close it

Do you still need those patches ? Otherwise please close this issue, thanks.

libmicrovmi's installation has been simplified with a Debian package: https://github.com/Wenzel/libmicrovmi/issues/143 However, the generated `libmicrovmi.h` header is not included yet. This issue will track the progress: https://github.com/Wenzel/libmicrovmi/issues/177 Edit: the libmicrovmi.so library...

I updated the [build](https://github.com/Wenzel/libvmi/pull/1/checks?check_run_id=2016107457) workflow to download libmicrovmi debian package and install it, instead of cloning libmicrovmi and compiling it. It works :slightly_smiling_face: ! Next step: implement `driver_init_mode`, and able...