https://github.com/wenzel/kvm-vmi

KVM-based Virtual Machine Introspection
https://github.com/wenzel/kvm-vmi

Last synced: 3 months ago
JSON representation

KVM-based Virtual Machine Introspection

• Host: GitHub
• URL: https://github.com/wenzel/kvm-vmi
• Owner: Wenzel
• Created: 2016-05-23T20:49:26.000Z (about 10 years ago)
• Default Branch: master
• Last Pushed: 2024-06-26T08:27:12.000Z (almost 2 years ago)
• Last Synced: 2025-02-21T21:25:33.709Z (over 1 year ago)
• Language: Jinja
• Homepage:
• Size: 3.76 MB
• Stars: 7
• Watchers: 7
• Forks: 4
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          


  
KVM-VMI





KVM-based Virtual Machine Instrospection.





  

    

  

  

    

  

  

  

    

  

  

    

  



## Table of Contents

- [Overview](#overview)

- [Installation](#installation)

- [Presentations](#presentations)

- [References](#references)

- [Maintainers](#maintainers)

- [License](#license)

## Overview

This project adds virtual machine introspection to the KVM hypervisor.

_Virtual Machine Introspection_ is a technology that aims to understand the guest's execution context, solely based on the VM's hardware state, for various purposes:

- Debugging

- Malware Analysis

- Live-Memory Analysis

- OS Hardening

- Monitoring

- Fuzzing

See the [presentations](#presentations) section for more information.

This project is divided into 4 components:

- `kvm`: linux kernel with _vmi_ patches for KVM

- `qemu`: patched to allow introspection

- `nitro` (legacy): userland library which receives events, introspects the virtual

  machine state, and fills the semantic gap

- `libvmi`: virtual machine instrospection library with unified API

  across `Xen` and `KVM`

At the moment, 2 versions of VMI patches are available for `QEMU/KVM`

in this repository:

## Installation

Follow the [Setup guide](https://kvm-vmi.github.io/kvm-vmi/master/setup.html)

## Presentations

- [Bringing Commercial Grade Virtual Machine Introspection to KVM](https://www.linux-kvm.org/images/7/72/KVMForum2017_Introspection.pdf)

- [KVM Forum 2019: Advanced VMI on KVM - A Progress Report](https://static.sched.com/hosted_files/kvmforum2019/f6/Advanced%20VMI%20on%20KVM%3A%20A%20progress%20Report.pdf)

- [Hack.lu 2019: Leveraging KVM as a Debugging Platform](https://drive.google.com/file/d/1nFoCM62BWKSz2TKhNkrOjVwD8gP51VGK/view?usp=sharing)

- [Advanced VMI on KVM: A Progress Report](https://static.sched.com/hosted_files/kvmforum2019/f6/Advanced%20VMI%20on%20KVM%3A%20A%20progress%20Report.pdf)

## References

The legacy VMI system contained in this repo (_Nitro_) is based on `Jonas Pfoh`'s work:

- [Nitro: Hardware-based System Call Tracing for Virtual Machines](https://www.sec.in.tum.de/assets/staff/pfoh/PfohSchneider2011a.pdf)

- [Nitro - VMI Extensions for Linux/KVM](http://nitro.pfoh.net/)

## Maintainers

[@Wenzel](https://github.com/Wenzel)

## License

[GNU General Public License v3.0](https://github.com/KVM-VMI/kvm-vmi/blob/master/LICENSE)