Overview

KVM-VMI is a community aiming at providing Virtual Machine Introspection (VMI) support to the KVM hypervisor.

Virtual Machine Introspection is a technology that aims to understand the guest’s execution context, solely based on the VM’s hardware state, for various purposes:

  • Debugging

  • Malware Analysis

  • Live-Memory Analysis

  • OS Hardening

  • Monitoring

  • Fuzzing

Repository structure

KVM-VMI repository consists of multiple components:

  • kvm: Linux’s Kernel-Based Virtual Machine kernel git tree, with VMI extensions

  • qemu: QEMU emulator, with VMI extensions

  • libkvmi: KVM Virtual Machine Introspection library

  • libvmi: fork of [LibVMI], the Simplified Virtual Machine Introspection Library, with an KVM driver integration based on KVM-VMI

  • vagrant: a Vagrant based development environment to easily setup KVM-VMI

KVMi

The KVMi refers to the new KVMi subsystem, is a set of Virtual Machine Introspection patches currently developed by Bitdefender for KVM.

The stable version available on master is: KVMi-v7