Accessing VMI events from LibDRAKVUF

tklengyel / drakvuf

DRAKVUF Black-box Binary Analysis

https://drakvuf.com

Other

1.07k stars 255 forks source link

Accessing VMI events from LibDRAKVUF #234

Closed v-p-b closed 7 years ago

v-p-b commented 7 years ago

The vmi_events_listen LibVMI API is currently only accessible through drakvuf_loop that prevents extending the event loop (e.g. with additional logic to react on events independent from VMI). Would it be possible to create a simple wrapper around vmi_events_listen so it could be called in a custom event loop?

tklengyel commented 7 years ago

Not really possible, libdrakvuf was specifically designed to abstract away the libvmi events API as it only allows 1 callback per event. The libdrakvuf abstraction allows multiple subscribers to get callbacks from the same event without them having to know about each other. Maybe it would help if you explained what exactly you would want to accomplish.

v-p-b commented 7 years ago

Basically this, only with libdrakvuf: https://github.com/Zentific/vmidbg/blob/master/src/vmidbg.c#L1440

Another option that came to my mind is to run drakvuf_loop in a separate thread and wait for debugger commands in another one.

tklengyel commented 7 years ago

Yeap, I think that would be the appropriate setup for this. The loop really just issues the callbacks so it is safe to run that in the background.

v-p-b commented 7 years ago

OK, thank you!