r2vmi: Radare2 VMI IO and debugger plugins
r2vmi
Radare2 VMI IO and debugger plugins.
These plugins allow you to debug a remote process running in a VM, from the hypervisor-level, leveraging Virtual Machine Introspection.
Based on Libvmi to access the VM memory and listen on hardware events.
What works:
- Intercept a process by name/PID
- Read the registers
- Single-step the process execution
- Set breakpoints
- Load Rekall symbols
Installation
$ git clone https://github.com/Wenzel/r2vmi.git
$ make
$ make install
Note: if pkgconfig fails, you need to:
export PKG_CONFIG_PATH=/usr/lib/pkgconfig
Use
Source: https://github.com/Wenzel/
