An Introduction to Virtual Machine Introspection Using LibVMI

9bafe8f749b8681f57d6179e5d6943e9?s=47 Bryan Payne
December 09, 2014

An Introduction to Virtual Machine Introspection Using LibVMI

MMF Workshop at ACSAC 2014, December 2014. This talk will provide a brief introduction to LibVMI. LibVMI provides an API for performing memory analysis tasks on running virtual machines. We will explore how LibVMI provides a common API for interfacing with Linux and Windows VMs running on both Xen and KVM/Qemu. And we will look at the abstractions available ranging from memory access based on physical addresses, virtual addresses, or kernel symbols to event driven runtime memory analysis. Finally, we will discuss different ways of using LibVMI including as a C library, a Python library, and as a Volatility address space plugin. Along the way we will discuss how LibVMI has worked to address the performance and semantic gap concerns that often arise when programming with virtual machine introspection. LibVMI is actively maintained, and freely available on GitHub under the LGPL license (https://github.com/libvmi/libvmi). http://www.acsac.org/2014/workshops/mmf/

9bafe8f749b8681f57d6179e5d6943e9?s=128

Bryan Payne

December 09, 2014
Tweet