Mathieu Tarral
Mathieu Tarral
Yeah, the build is passing :heavy_check_mark: :exclamation:
@tklengyel I believe kvmi-v12 is a subset of kvmi-v7 features to faciliate the review for KVM maintainers.
hi @shlomopongartz , how did you make the counts ? Yes, if an exit syscall is missing, the corresponding stack will continue to grow at the next syscall entering in...
I monitored the `enter` and `exit` direction of the syscalls in `backend.py:process_event`, and here are my results after some time: ~~~ { "exit": 132515, "enter": 132629 } ~~~ So we...
Actually it's the reverse, we should move the code that configures the event in `em_sysret` and `em_sysexit` at the beginning of the function, so that we are not missing any...
So, if we want to monitor all syscall attempt (good or bad), we have to place our event at the beginning of the function, and if we want only the...
If i place the event at the beginning : ~~~Python { "enter": 64289, "exit": 64198 } ~~~ Almost the same results
Hi, I think i found why. After a bit of googling, i saw this comment: http://www.abfl.org.in/Aug-08/interrupts-return-quarry-iretq/ > However, NtContinue uses iretq to return to usermode, not sysret. We have to...
Hi, I don't understand how your issue is related to kvm-vmi ? can you explain better ?
cc @adlazar, @mdontu can kvm-vmi be used to intercept **RDTSC** or **CLFLUSH** ? 🤔