Mathieu Tarral
Mathieu Tarral
You need to help me here and give me more details - what VM are you trying to introspect ? (r2vmi has only been tested on WIndows XP and Windows...
Well, it looks like something went wrong when trying to singlestep on the breakpoint. you should investigate into this. look into the wait implementation of the plugin
Hi, I think #38 will solve your problem. Can you retry with just 1 vcpu ?
The value of Win32StartAddress is correct. The problem is that it's a userland address that is just not mapped yet therefore, there is no physical frame.
Solution 1: watch the page tables until the missing page is inserted: - translate Win32StartAddress to paddr - look what entry is missing - watch this entry for modifications Solution...
The `safe_breakpoint` callbacks are not safe yet. There is a moment where the guest is paused, and no event is being reported. ~~~ Waiting for events {'data': {'mem_event': , 'symbol':...
Another solution would be to find the Windows kernel API responsible for mapping a defined page, and break on it.
new solution: singlestep until ring 3 problem is that i'm not receiving single step event at some point...
Blocked by https://github.com/libvmi/libvmi/issues/636
Hi, I'm currently developing Nitro, a syscall interception library based on KVM. https://github.com/KVM-VMI/kvm-vmi I have some experience working with LibVMI, and i already made some contributions there. I would be...