Mathieu Tarral

@dscdo can you already monitor `NtOpenFile` with `memaccess-event.py` script ? Your VM should have only 1 VCPU for the script to work. `(venv) ./examples/memaccess-event.py win7 NtOpenFile`

The script might fail if the page where the symbol is located is not mapped in the virtual address space.

> If we find a way to watch/save all syscall without symboll adress the problem will be solved. You still need to have the page mappped in the virtual address...

@dscdo can you describe your use case ? Drakvuf is already doing all of that plumbering on top of libvmi for you, so if you don't feel comportable tweaking or...

~~~ $ python3 -c 'from libvmi import Libvmi' Traceback (most recent call last): File "", line 1, in File "/home/tarrma/fsecure/python-libvmi/libvmi/__init__.py", line 3, in from .libvmi import INIT_DOMAINNAME, INIT_DOMAINID, INIT_EVENTS, INIT_SHM,...

Thanks for this PR and reviving the Zephyr target @ceolin ! I tried to repro your work, but I'm unlucky so far. First I wanted to use the official Zephyr...

I added a couple of fixes plus the Dockerfile image to compile the targets inside Docker, and avoid installing Zephyr locally. ```shell cd zephyr_x86_64 docker build -t kafl_zephyr . docker...

Hi @5angjun , thanks for reporting this issue. The best way to set these IP filters is by using the [`kAFL_HYPERCALL_RANGE_SUBMIT`](https://intellabs.github.io/kAFL/reference/hypercall_api.html#range-submit) to inform the host of the low-high ranges of...

If I understand your issue, you would are not able to associate a given payload to the corresponding crash log ? I looked at the function responsible for storing the...

Hi @bosswnx ! Please look at this commit merged a few weeks ago: https://github.com/intel/tsffs/commit/aaeafa3dd3c91e59e2ae2a65f407f3264fc82286 The changes wasn't reflected in the docs, i'll make a note to update the tutorial when...