87

GitHub - Wenzel/r2vmi: Radare2 VMI IO and debugger plugins

 6 years ago
source link: https://github.com/Wenzel/r2vmi
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

README.md

r2vmi

Join the chat at https://gitter.im/r2vmi/Lobby

Radare2 VMI IO and debugger plugins.

These plugins allow you to debug remote process running in a VM, from the hypervisor-level, leveraging Virtual Machine Introspection.

Based on Libvmi to access the VM memory and listen on hardware events.

What works:

  • Intercept a process by name/PID
  • Read the registers
  • Single-step the process execution
  • Set breakpoints
  • Load Rekall symbols

Demo

R2VMI_DEMO

Requirements

  • Xen 4.6
  • libvmi
  • radare2
  • pkg-config

Setup

$ make
$ make install

Note: if pkgconfig fails, you need to:

export PKG_CONFIG_PATH=/usr/lib/pkgconfig

Usage

You need a virtual machine configured on top of Xen, and a process name/pid to intercept

$ r2 vmi://<vm_name>:<name/pid>

Example:

$ r2 vmi://win7:firefox

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK