SamRSA
commented
5 years ago @Wenzel, I have analyzed "vagrant-xen-pyvmidbg" repo also, but it didnt help at all.
Closed SamRSA closed 4 years ago
SamRSA
commented
5 years ago @Wenzel, I have analyzed "vagrant-xen-pyvmidbg" repo also, but it didnt help at all.
Wenzel
commented
5 years ago Hi @SamRSA ,
thank you for your interest in pyvmidbg. congrats for setting up everything, if you didn't use Vagrant.
VMI_ERROR: The selected hypervisor has no events support!
As you have seen, the KVM interface or "driver" in Libvmi doesn't support events yet. It can read/write physical memory and registers, but that's pretty much it.
If you want to know more about the state of VMI in KVM, i can give you an invite to the slack i created: https://kvm-vmi.slack.com/
a new series of VMI patches are available for KVM, and the LibVMI KVM driver needs to be rewritten.
I hope this helps
Wenzel
commented
5 years ago I have analyzed "vagrant-xen-pyvmidbg" repo also, but it didnt help at all.
what do you mean by analyzed ? are you familiar with Vagrant ? It's a tool used to create a reproductible development environment.
SamRSA
commented
5 years ago Hi @Wenzel
If you want to know more about the state of VMI in KVM, i can give you an invite to the slack i created: https://kvm-vmi.slack.com/
That would be great, should I sent you my email ?
a new series of VMI patches are available for KVM, and the LibVMI KVM driver needs to be rewritten.
You mean "KVM-VMI" repository ?
what do you mean by analyzed ? are you familiar with Vagrant ? It's a tool used to create a reproductible development environment.
I thought, that according to words "vagrant-xen-pyvmidbg provides a Vagrant environment based on KVM, with ready to use Windows and Linux VMs", that repo would help me somehow. But I analyzed every file, and realized that it uses Xen, not KVM. Nope, I didnt use Vagrant. Prefer to expand environment by myself.
Wenzel
commented
5 years ago That would be great, should I sent you my email ?
For the invite, yes, shoot me your email at mathieu.tarral@protonmail.com
You mean "KVM-VMI" repository ?
Yes
I thought, that according to words "vagrant-xen-pyvmidbg provides a Vagrant environment based on KVM, with ready to use Windows and Linux VMs", that repo would help me somehow.
I think i should be more precise in the README. The environment I provide is a Virtual Machine, built via Vagrant, running the Xen hypervisor, on top of KVM.
That's what I meant by based on KVM.
KVM > Xen > pyvmidbg
SamRSA
commented
5 years ago That would be great, should I sent you my email ?
For the invite, yes, shoot me your email at mathieu.tarral@protonmail.com
Done. In case nothing comes, I created temporary email: samrsa8[at]scryptmail.com
You mean "KVM-VMI" repository ?
Yes
Ok, seems there is a lot of code inside :) The project consists of four components... :)
I thought, that according to words "vagrant-xen-pyvmidbg provides a Vagrant environment based on KVM, with ready to use Windows and Linux VMs", that repo would help me somehow.
I think i should be more precise in the README. The environment I provide is a Virtual Machine, built via Vagrant, running the Xen hypervisor, on top of KVM.
That's what I meant by
based on KVM. KVM > Xen > pyvmidbg
Ok, I undestood. Will explore "KVM-VMI" now... :)
Wenzel
commented
5 years ago Ok, seems there is a lot of code inside :) The project consists of four components... :)
everything needed to play with VMI on KVM
Will explore "KVM-VMI" now... :)
The project has the master branch (stable) and the kvmi branch (experimental).
The stable branches are not maintained anymore, and all of the effort is put on kvmi branches, since these patches will become the upstream version soon(ish).
It would be absolutely fantastic if you could join the effort and build a new libvmi driver on KVM. A small driver was written before, based on the kvmi patches, and was able to read the physical memory for example.
So some code is already there. We can pursue this discussion on kvm-vmi.slack.com.
SamRSA
commented
5 years ago Ok, seems there is a lot of code inside :) The project consists of four components... :)
everything needed to play with VMI on KVM
It will take me some time to dig all the code...
Will explore "KVM-VMI" now... :)
The project has the master branch (stable) and the kvmi branch (experimental).
The stable branches are not maintained anymore, and all of the effort is put on
kvmibranches, since these patches will become the upstream version soon(ish).
Thanks, will use only "kvmi" branch.
It would be absolutely fantastic if you could join the effort and build a new libvmi driver on KVM. A small driver was written before, based on the kvmi patches, and was able to read the physical memory for example.
So some code is already there. We can pursue this discussion on kvm-vmi.slack.com.
Ok. Probably scryptmail.com have some issues(cant receive any email), so I created another samrsa8@protonmail.com
Wenzel
commented
5 years ago Hi @SamRSA ,
As the new LibVMI KVM driver is progressing very well, pyvmidbg has been ported on KVM. Most of the features are there, still in an experimental stage at this point, but if you are still interested, you can give it a try by building the latest KVM-VMI
SamRSA
commented
4 years ago @Wenzel, I didnt succeed with exploring "KVM-VMI", the environment is too complicated. And to be honest, I was looking for solution based on VirtualBox: https://forums.virtualbox.org/viewtopic.php?f=10&t=92343 Found this repository very useful: https://github.com/thalium/icebox And now pyvmidbg supports VirtualBox ?
Wenzel
commented
4 years ago Hi @SamRSA ,
I didnt succeed with exploring "KVM-VMI", the environment is too complicated.
I am truly sorry to hear that the KVM-VMI repos were too difficult to setup. I completely understand that managing to get a working environment with all these moving parts is a complex task. I have done my best so far to reduce the entry barrier, I wrote a full Wiki-page about the Setup, and maintained a Vagrant config as well.
But nonetheless, your feedback is unvaluable to me, because i'm blinded by my own knowledge. If you could point me out what were difficulties you had when you tried to take a serious look at KVM-VM:
Found this repository very useful: https://github.com/thalium/icebox
Yes, Icebox is based on VirtualBox, and you should definitely take a look at them.
And now pyvmidbg supports VirtualBox ?
I have spent the last few months working on the KVM driver for Libvmi. pyvmidbg is now officially supported on KVM, and it's a huge milestone ! :tada:
A Libvmi driver for VirtualBox could be built, but I'm spending my time fixing and improving WIndows 7 support these days.
We could look into that in the future.
Thanks.
SamRSA
commented
4 years ago I have spent the last few months working on the KVM driver for Libvmi. pyvmidbg is now officially supported on KVM, and it's a huge milestone ! 🎉
This is great news! Next two weeks I will experiment with building latest KVM-VMI ;)
Wenzel
commented
4 years ago @SamRSA closing this issue since KVM support is finally merged upsteam. feel free to reopen.
Start vmidbg as: "python3 -m vmidbg 5000 win10 --address 0.0.0.0 cmd -d" then Start radare2 as: "r2 -d gdb://127.0.0.1:5000 -b 64"
vmidbg outputs: "INFO:server:listening on 0.0.0.0:5000 DEBUG:server:ready for next client INFO:server:new client ('127.0.0.1', 54186) VMI_ERROR: The selected hypervisor has no events support! ..."
The reason is here: https://github.com/libvmi/libvmi/blob/master/libvmi/events.c#L96
So, is it possible to run vmidbg without Xen ? My progress here: https://github.com/SamRSA/Tools/blob/master/Virtualization/kvm-qemu.sh#L278