HyperPlatform

HyperPlatform is an Intel VT-x based hypervisor (a.k.a. virtual machine monitor) aiming to provide a thin platform for research on Windows. HyperPlatform is capable of monitoring a wide range of events, including but not limited to, access to virtual/physical memory and system registers, occurrences of interrupts and execution of certain instructions.

Researchers are free to selectively enable and/or disable any of those event monitoring and implement their own logic on the top of HyperPlatform. Some potential applications are:

• Analyzing kernel mode rootkit
• Implementing virtual-machine-based intrusion prevention system (VIPS)
• Reverse-engineering the Windows kernel

Advantages

HyperPlatform is designed to be easy to read and extend by researchers, especially those who are familiar with Windows. For instance:

• runs on Windows 7, 8.1 and 10 in both 32 and 64-bit architectures without any special configuration (except for enabling Intel-VT technology).
• compiles in Visual Studio and can be debugged through Windbg just like a regular software driver.
• The source code of HyperPlatform is written and formatted in existing styles (Google C++ Style Guide and clang-format), and well commented.
• has no dependencies, supports the use of STL and is released under a relaxed license.

Supported Platforms

• x86 and x64 Windows 7, 8.1 and 10
• The system must support the Intel VT-x and EPT technology

Installation

Tutorial

Copyright (c) 2015-2018 Satoshi Tanda

Source: https://github.com/tandasat/