asamy / ksm

A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.
https://asamy.github.io/ksm/
GNU General Public License v2.0
837 stars 182 forks source link
hypervisor introspect kernel linux reverse-engineering sandbox virtualization windows x86-64

ksm v1.6-dev Build Status Build Status Coverity Scan Build Status BountySource

A really simple and lightweight x64 hypervisor written in C for Intel processors.
KSM has a self-contained physical memory introspection engine and userspace physical memory virtualization which can be enabled at compiletime.

Currently, KSM runs on Windows and Linux kernels natively, and aims to support macOS by 2017, if you want to port KSM see Documentation/SPEC.rst for more information.

Note: You can find Windows 10 precompiled binaries here.

Purpose

Unlike other hypervisors (e.g. KVM, XEN, etc.), KSM's purpose is not to run other Operating Systems, instead, KSM can be used as an extra layer of protection to the existing running OS. This type of virtualization is usually seen in Anti-viruses, or sandboxers or even Viruses. KSM also supports nesting, that means it can emulate other hardware-assisted virtualization tools (VT-x).

Usage under Linux (+sandbox)

asciicast

Features

Requirements

Supported Kernels

Documentation

Module integration

Few modular examples are included to illustrate usage, those are:

See Documentation/BUILDING.rst on how to enable those modules while building.

Issues (bugs, features, etc.)

Feel free to use Github Issues, there is an Issue Template to help you file things as required.

References

License

GPL v2, see LICENSE file. Note that some code is thirdparty, respective licenses and/or copyright should be there, if you think otherwise, feel free to mail me.