KVM-based Virtual Machine Introspection
This project adds virtual machine introspection to the KVM hypervisor.
Virtual Machine Introspection is a technology that aims to understand the guest's execution context, solely based on the VM's hardware state, for various purposes:
See the presentations section for more information.
This project is divided into 4 components:
kvm
: linux kernel with vmi patches for KVMqemu
: patched to allow introspectionnitro
(legacy): userland library which receives events, introspects the virtual
machine state, and fills the semantic gaplibvmi
: virtual machine instrospection library with unified API
across Xen
and KVM
At the moment, 2 versions of VMI patches are available for QEMU/KVM
in this repository:
Follow the Setup guide
The legacy VMI system contained in this repo (Nitro) is based on Jonas Pfoh
's work: