Overview

KVM-VMI is a community aiming at providing Virtual Machine Introspection (VMI) support to the KVM hypervisor.

Virtual Machine Introspection is a technology that aims to understand the guest’s execution context, solely based on the VM’s hardware state, for various purposes:

Debugging
Malware Analysis
Live-Memory Analysis
OS Hardening
Monitoring
Fuzzing

Repository structure

KVM-VMI repository consists of multiple components:

kvm: Linux’s Kernel-Based Virtual Machine kernel git tree, with VMI extensions
qemu: QEMU emulator, with VMI extensions
libkvmi: KVM Virtual Machine Introspection library
libvmi: fork of [LibVMI], the Simplified Virtual Machine Introspection Library, with an KVM driver integration based on KVM-VMI
vagrant: a Vagrant based development environment to easily setup KVM-VMI

KVMi

The KVMi refers to the new KVMi subsystem, is a set of Virtual Machine Introspection patches currently developed by Bitdefender for KVM.

The stable version available on master is: KVMi-v7