Hi community!
I wonder, if there are any projects like DECAF, Panda, DRAKVUF based not on Qemu, but on VirtualBox ?
I myself could only find one - HyBIS "Windows Guest Protection through Advanced Memory Introspection", but it is not publicly available.
What functions I would like to see(or maybe implement):
1)API tracer (syscall interception, IDT hooking)
2)Memory Introspection (with Rekall forensic framework)
3)Instruction tracer
Has anyone tried doing this functions in VirtualBox OSE ?
I started analysing VMM(R3, R0, All) sections of code to implement api tracer - especially three functions "emR3RawExecute, emR3HmExecute, emR3RemExecute" in VMM\VMMR3\EM.cpp;
The main idea is to rewrite the EIP of syscall to an illegal value, so when call is attempted - page fault occurs with VMEXIT - to gain control in handler and log everything needed...
Am I doing everything right or there are ways easier to intercept syscall ?
Research project
Discussions related to using the OSE version of VirtualBox.
Jump to
- General
- ↳ Howtos and Tutorials
- ↳ Rules and FAQ
- ↳ Generic Advice
- ↳ Building VirtualBox
- ↳ Windows Hosts
- ↳ Linux Hosts
- ↳ Other Hosts
- ↳ Windows Guests
- ↳ Linux Guests
- ↳ Other Guests
- ↳ Using VirtualBox
- ↳ VirtualBox on Windows Hosts
- ↳ VirtualBox on Windows pre-releases
- ↳ VirtualBox on Linux Hosts
- ↳ VirtualBox on Mac OS X Hosts
- ↳ VirtualBox on Mac OS X pre-releases
- ↳ VirtualBox on Solaris Hosts
- ↳ VirtualBox on Other Hosts
- ↳ Suggestions
- ↳ Third Party Applications
- Guest systems
- ↳ Windows Guests
- ↳ Linux Guests
- ↳ Solaris Guests
- ↳ Mac OS X Guests
- ↳ Other Guests
- Deutschsprachige Anwender
- ↳ Allgemeine Diskussionen
- VirtualBox Programming
- ↳ The VirtualBox API
- ↳ VirtualBox OSE
- Special Purpose
- ↳ VirtualBox Beta / Release Candidate Feedback
- ↳ Old Beta Postings