81
GitHub - Wenzel/r2vmi: Radare2 VMI IO and debugger plugins
source link: https://github.com/Wenzel/r2vmi
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
r2vmi
Radare2 VMI IO and debugger plugins.
These plugins allow you to debug remote process running in a VM, from the hypervisor-level, leveraging Virtual Machine Introspection.
Based on Libvmi to access the VM memory and listen on hardware events.
What works:
- Intercept a process by name/PID
- Read the registers
- Single-step the process execution
- Set breakpoints
- Load Rekall symbols
Demo
Requirements
Xen 4.6libvmiradare2pkg-config
Setup
$ make
$ make install
Note: if pkgconfig fails, you need to:
export PKG_CONFIG_PATH=/usr/lib/pkgconfig
Usage
You need a virtual machine configured on top of Xen, and a process name/pid to intercept
$ r2 vmi://<vm_name>:<name/pid>
Example:
$ r2 vmi://win7:firefox
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK