You cannot post messages because only members can post, and you are not currently a member.
Description:
Ether is a malware analysis framework which leverages hardware virtualization extensions (specifically Intel VT) to remain transparent to malicious software.
This list is intended as a collaboration medium for those who would like to further develop the Ether platform.
|
|
|
Digest for ether-devel@googlegroups.com - 4 Messages in 1 Topic
|
| |
Thanks for the info. I made my Windows.img file on an updated version of Xen and verified that its working correctly. Everything copied over to the Ether box just fine as well and boots/works normally. I am trying to use ether to unpack a malware sample by mounting the Windows.img and copying the sample to the VM's Desktop folder. I then unmount and start the Windows XP VM. On the host machine I cd to the ether_ctl/ folder and run ./ether 1 unpack_userspace malware.exe ~/home/user/malware.exe. Ether looks happy and is listening for the executable. I then switch to the VM start task manager and then execute the malware.exe file.... more »
|
|
|
Xen Console Problem
|
| |
Finally got everything up and running on my test box. The only problem
comes when I run xm create config.hvm, no console window for the VM
pops up. So I try running xm console windows-001, and it just returns
BSsBSsBSsBSs then the terminal stops responding and I can't control+c
to quit out. I've also installed xtightvncviewer in order to vnc into... more »
|
|
|
Single stepping for Linux guests
|
| |
Hi at all. I'm currently trying to extent Ether such that Linux HVM
guests are supported and am encountering a strange behavior during
instruction tracing. In contrast to Windows, kernel instructions under
Linux 32 begin at 0xC0000000, but while tracing the instructions of
e.g. top the EIP stored in VMCS (__vmread(GUEST_RIP)) is always... more »
|
|
|
Xen Kernel
|
| |
Hi all. I am trying to set up my first Ether system for analysis in my
company's lab.
I cannot find the pre-requisite linux-image-2.6.26-1-xen-amd64 .
Most of the repositories for Lenny do not work anymore so I cannot
find any where to use the synamptic package manager to automatically
download and install the kernel plus its dependencies.... more »
|
|
|
BSOD on syscall trace enabled
|
| |
Greetings,
I am running Windows XP SP2 domain with nopae and noexecute=alwaysoff
options set in the boot.ini. Windows domain crashes with BSOD as soon
as syscall trace is invoked displaying DRIVER_IRQL_NOT_LESS_OR_EQUAL
with the stop information of 0xD1 followed by the guest virtual
address Ether was trying to set the new SYSTENTER EIP to... more »
|
|
|
xp gets hanged after patching xen with ether
|
| |
I installed xp in non ether xen. Then i patched ether and compiled
ether controller. After that I rebooted in ether, my xp gets hanged at
the screen showing windows boot options (start windows normally, start
safe mode etc.).
And now even it doesn't boot in xen too.
please help me.
|
|
|
error in xc_core.o
|
| |
Hello,
During "make world" I got the follwing errors. Please suggest me how
to remove the error.
The message in terminal is :-
make libxenctrl.a libxenctrl.so libxenctrl.so.3.0 libxenctrl.so.3.0.0
libxenguest.a libxenguest.so libxenguest.so.3.0 libxenguest.so.3.0.0
make[4]: Entering directory `/root/ether/xen-3.1.0-src/too ls/libxc'... more »
|
|
|
Error during "make world" execution
|
| |
Hello,
During "make world" execetion I am getting an error in *xc_core.c*. Please suggest me how to remove the error.
The message in terminal is :-
make libxenctrl.a libxenctrl.so libxenctrl.so.3.0 libxenctrl.so.3.0.0 libxenguest.a libxenguest.so libxenguest.so.3.0 libxenguest.so.3.0.0
make[4]: Entering directory `/root/ether/xen-3.1.0-src/too ls/libxc'... more »
|
|
|
System doesn't restart
|
| |
Hello,
After installation of xen when I reboot my system a message is shown
on screen and system gets hang.
The screen message is:
The system is going down for reboot NOW!
acpid: exiting
[11831.690851] Restarting system.
|
|
|
New Problem
|
| |
Sorry for trouble :
I have fixed the previous problem with add the #include <xen/hvm/
ether.h> to syscall.c
and now I encounter a new compile problem;
rm -rf ./*.o ./ether ./*.output ./*.pp.* ./pp.* ./*.tab.* ./*.yy.* *~
rm -rf ./*.o ./ether ./*.output ./*.pp.* ./pp.* ./*.tab.* ./*.yy.* *~... more »
|
|
|
