Future of LibVMI

124 views
Skip to first unread message

Patrick Colp

unread,
Nov 19, 2018, 1:08:38 PM11/19/18
to vmitools
Hi all,

I work at Oracle and we're using introspection/LibVMI for some of our
security projects. We were just wondering what, if any, current efforts
are underway (e.g., new features) and how we might be able to help. We're
also wondering if anybody has been thinking about how to integrate it with
encrypted memory.

Thanks,
Patrick

Tamas K Lengyel

unread,
Nov 19, 2018, 1:18:17 PM11/19/18
to vmit...@googlegroups.com
Hi Patric,
nice to hear you guys are using LibVMI too (I've been following your
work since Xoar). To get a sense of what the community is working on
you can take a look at the issues list on Github:
https://github.com/libvmi/libvmi/issues. There are some LibVMI related
efforts to implement introspection capabilities for KVM at
https://github.com/kvm-vmi and to get it upstream. There are also
efforts for better integration with debugging tools like r2
https://github.com/Wenzel/r2vmi. I've also sponsored a GSoC project
this summer to get LibVMI running on Xen MiniOS:
https://blog.xenproject.org/2018/09/05/tinyvmi-porting-libvmi-to-mini-os-on-xen-project-hypervisor/.
So there is a bunch of things happening in the community and help with
any of these or any new projects/improvements you are working and can
share would be very welcome :)

Cheers,
Tamas
> --
> You received this message because you are subscribed to the Google Groups "vmitools" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vmitools+u...@googlegroups.com.
> To post to this group, send email to vmit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/vmitools.
> For more options, visit https://groups.google.com/d/optout.

mathieu...@gmail.com

unread,
Nov 24, 2018, 1:32:30 PM11/24/18
to vmitools
Hi Patrick, Tamas,

It's nice to see an interest about the future of LibVMI, because i was also curious about discussing this topic
I think i can add some information about the work I am currently doing:
- porting LibVMI on Windows, first by switching to CMake: https://github.com/libvmi/libvmi/pull/674
  I'm almost there, but blocked by generating a libtool file with the CMake build system
  I asked on the mailing list, but no reply so far .... :/

- working on a Python implementation of vmidbg: https://github.com/Wenzel/pyvmidbg
  the idea here is to allow any GDB frontend to debug a process on top of LibVMI.
  It's a generalization of the work I have done with r2vmi on radare2.
  It's an old idea though, started by Steve Maresca a few years ago: https://github.com/Zentific/vmidbg
  But he never had the time to continue the development.
  I'm doing it in Python because I don't care about speed, I just want a reference implementation to show a good prototype :)

- regarding kvm-vmi, the kvmi branches haven't been updated in a while, and I didn't get any news from BitDefender either.
  I can try to ping them to ask for the status of the patches, and update the vagrant box that we have.

- there was a discussion about releasing a VirtualBox driver, already a month ago:
  @tamas can we have an update on the efforts ?

- I would like to also mention the documentation issues. ATM we are lacking a description of how
  a developer can implement a new driver for example.
  and some libVMI internals could benefit from being documented for the user point of view.

Thanks !
Mathieu

Patrick Colp

unread,
Nov 27, 2018, 11:47:45 AM11/27/18
to vmit...@googlegroups.com
On Fri, 2018-11-23 at 14:57 -0800, mathieu...@gmail.com wrote:
> Hi Patrick, Tamas,
>
> It's nice to see an interest about the future of LibVMI, because i was also curious about discussing this topic
> I think i can add some information about the work I am currently doing:
> - porting LibVMI on Windows, first by switching to CMake: https://github.com/libvmi/libvmi/pull/674
> I'm almost there, but blocked by generating a libtool file with the CMake build system
> I asked on the mailing list, but no reply so far .... :/
>
> - working on a Python implementation of vmidbg: https://github.com/Wenzel/pyvmidbg
> the idea here is to allow any GDB frontend to debug a process on top of LibVMI.
> It's a generalization of the work I have done with r2vmi on radare2.
> It's an old idea though, started by Steve Maresca a few years ago: https://github.com/Zentific/vmidbg
> But he never had the time to continue the development.
> I'm doing it in Python because I don't care about speed, I just want a reference implementation to show a good prototype :)
>
> - regarding kvm-vmi, the kvmi branches haven't been updated in a while, and I didn't get any news from BitDefender either.
> I can try to ping them to ask for the status of the patches, and update the vagrant box that we have.

KVMi is something we're interested in. I'm in the process of porting the
patches to a newer kernel version, although right now I have an issue
where the host crashes somewhere in the scheduler once I pause the vcpu of
a guest -- presumably when trying to schedule the guest, as it stems from
a call to vcpu_enter_guest (and ultimately from do_syscall_64).

mathieu...@gmail.com

unread,
Nov 28, 2018, 8:38:19 PM11/28/18
to vmitools
Hi Patrick,


KVMi is something we're interested in. I'm in the process of porting the
patches to a newer kernel version, although right now I have an issue
where the host crashes somewhere in the scheduler once I pause the vcpu of
a guest -- presumably when trying to schedule the guest, as it stems from
a call to vcpu_enter_guest (and ultimately from do_syscall_64).

I suppose you are using the patches published by BitDefender on the mailing list.
Did the Github KVM-VMI repos helped in any way ?
I just upated the README to better explain the status of the project.

I also asked BitDefender if they could update their set of patches and publish the new version on Github
for anyone to reproduce the current state of their work.

Looking forward to work with you !

Patrick Colp

unread,
Nov 29, 2018, 5:46:49 PM11/29/18
to vmit...@googlegroups.com
On Wed, 2018-11-28 at 13:39 -0800, mathieu...@gmail.com wrote:
> Hi Patrick,
>
> > KVMi is something we're interested in. I'm in the process of porting the
> > patches to a newer kernel version, although right now I have an issue
> > where the host crashes somewhere in the scheduler once I pause the vcpu of
> > a guest -- presumably when trying to schedule the guest, as it stems from
> > a call to vcpu_enter_guest (and ultimately from do_syscall_64).
>
> I suppose you are using the patches published by BitDefender on the mailing list.
> Did the Github KVM-VMI repos helped in any way ?

I actually used GitHub KVM-VMI/kvm:kvmi as the basis of my port, although
maybe I should try the LKML ones. I thought that KVM-VMI repo contained
all of those patches (and more).

> I just upated the README to better explain the status of the project.
>
> I also asked BitDefender if they could update their set of patches and publish the new version on Github
> for anyone to reproduce the current state of their work.
>
> Looking forward to work with you !
Reply all
Reply to author
Forward
0 new messages