0vercl0k
commented
2 months ago Hey @70RMUND,
Cheers for the kind words, and thank you for trying it!
That's right, there's a baked restriction for 1 vCPU as it makes everything easier basically. I haven't researched what it'd take that limitation, sorry.
In theory, as long as you are able to acquire physical memory and a CPU context you are good to go. The reality is a little bit more subtle I suppose. First, the format accepted is the Windows DMP format; you could craft one by end but easier to have WinDBG generates it. Then, it might seem like the hypervisor choice shouldn't impact WinDBG but in reality it does; it seems that generating a dump file from WinDBG under VMWare has issues (completes super slow, or doesn't complete). I haven't tested VirtualBox nor KVM either; so you're in uncharted territory. It doesn't mean it cannot work, it just mean it will (probably) not work out of the box :)
Cheers
70RMUND
Hey @0vercl0k ,
Awesome project. I have a couple of questions. First, I have a target that fails to run on 1 vCPU. I noticed snapshot fails on this check (the guest must be 1 proc), could you explain the 1 vCPU limitation and any possible alternatives?
Secondly, is hyper-v a mandatory hypervisor for a windows guest when taking a snapshot? Couldn't you run the windows guest on KVM and as long as the kernel debugger is running remotely on windows and has a connection to the guest the snapshot should still work?
Thanks in advance