search

Wenzel / libmicrovmi

A cross-platform unified Virtual Machine Introspection API library
https://wenzel.github.io/libmicrovmi/
GNU General Public License v3.0
165 stars 15 forks source link

Native VirtualBox driver via builtin debugger interface #216

Open Wenzel opened 3 years ago

Wenzel commented 3 years ago

Adding a note here that we could build a native VirtualBox driver, using the builtin debugger. This interface provides read / write physical /virtual memory access: https://www.virtualbox.org/sdkref/interface_i_machine_debugger.html#a5b8215a84f058957f2dbe59355e16f97

Wenzel commented 2 years ago

To install the VirtualBox SDK

download SDK from https://www.virtualbox.org/wiki/Downloads and unzip

install the sdk

cd sdk/installer
export VBOX_INSTALL_PATH=/usr/lib/virtualbox  # for Ubuntu packaged installation
sudo -E python3 vboxapisetup.py install

to use the SDK

(venv) pip install virtualbox
(venv) export VBOX_SDK_PATH=/usr/lib/virtualbox/sdk
(venv) ipython3
(venv) %run vboxinstance.py

vboxinstance.py

# don't forget to set VBOX_SDK_PATH
# otherwise fallback to /usr/bin/virualbox/sdk which doesn't make sense anyway

import sys
import os
from pathlib import Path

VBOX_SDK_PATH = Path(os.environ['VBOX_SDK_PATH'])

# we force to sys append our own install path
# otherwise /usr/bin/virtualbox is used, which doesn't make sense
sys.path.append(str(VBOX_SDK_PATH.parent))

import virtualbox
vbox = virtualbox.VirtualBox()
Wenzel commented 2 years ago

machine -> session

machine.lockMachine(session, type) session.console console.debugger

but console objects are non null only if VM lock type

Wenzel commented 2 years ago

It looks like this API hasn't been implemented yet

OleErrorNotimpl                           Traceback (most recent call last)
<ipython-input-15-207b7e87d331> in <module>
----> 1 dbg.read_physical_memory(0x0, 4)

~/local/venv/lib/python3.8/site-packages/virtualbox/library.py in read_physical_memory(self, address, size)
  30013         if not isinstance(size, baseinteger):
  30014             raise TypeError("size can only be an instance of type baseinteger")
> 30015         bytes_p = self._call("readPhysicalMemory", in_p=[address, size])
  30016         return bytes_p
  30017 

~/local/venv/lib/python3.8/site-packages/virtualbox/library_base.py in _call(self, name, in_p)
    198         method = self._search_attr(name)
    199         if inspect.isfunction(method) or inspect.ismethod(method):
--> 200             return self._call_method(method, in_p=in_p)
    201         else:
    202             return method

~/local/venv/lib/python3.8/site-packages/virtualbox/library_base.py in _call_method(self, method, in_p)
    226                 default_msg = getattr(exc, "message", str(exc))
    227                 errobj.msg = getattr(exc, "msg", default_msg)
--> 228             raise errobj
    229         return ret

OleErrorNotimpl: 0x80004001 (Method readPhysicalMemory is not implemented)