Closed Mech0n closed 3 years ago
Run sudo gdb...
.
The scripts opens /proc/QEMU_PID/mem
to have access to the virtual memory of the qemu process. When reading big chunks of memory, the script would translate the GVA or GPA of the buffer in the VM to a Host Virtual Address. The script can then read the memory of the VM directly through QEMU's virtual memory which is way faster than going through the gdb stubs exposed by qemu. This works because QEMU would mmap
the VM's apertures into its address space and then one can simply pread proc mem node.
This is a big speedup for parsing page tables or searching through memory.
Thanks.
For anyone else running into this, depending on your system this may be an alternative:
echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
I'm trying to use this tools , but i get a error like this :
How can I deal with it? Thanks.