Overview¶
KVM-VMI
is a community aiming at providing Virtual Machine Introspection (VMI) support
to the KVM hypervisor.
Virtual Machine Introspection is a technology that aims to understand the guest’s execution context, solely based on the VM’s hardware state, for various purposes:
Debugging
Malware Analysis
Live-Memory Analysis
OS Hardening
Monitoring
Fuzzing
Repository structure¶
KVM-VMI
repository consists of multiple components:
kvm
: Linux’s Kernel-Based Virtual Machine kernel git tree, with VMI extensionsqemu
: QEMU emulator, with VMI extensionslibvmi
: fork of [LibVMI], the Simplified Virtual Machine Introspection Library, with an KVM driver integration based onKVM-VMI
vagrant
: a Vagrant based development environment to easily setupKVM-VMI
KVMi & Nitro¶
This repository contains 2 different/incompatible VMI patches for KVM:
Nitro
KVMi
KVM-VMI started with VMI patches from a project called Nitro
.
Nitro
is not maintained anymore, and a new set of patches (with a completely different API) has been developed by Bitdefender and proposed on the official KVM mailing list.
This new version is named KVMi
.
The review and integration of the patches is still ongoing at this point.
The Setup guide will help you install the best API: KVMi