KVM support

[SamRSA]

Start vmidbg as:
"python3 -m vmidbg 5000 win10 --address 0.0.0.0 cmd -d"
then
Start radare2 as:
"r2 -d gdb://127.0.0.1:5000 -b 64"

vmidbg outputs:
"INFO:server:listening on 0.0.0.0:5000
DEBUG:server:ready for next client
INFO:server:new client ('127.0.0.1', 54186)
VMI_ERROR: The selected hypervisor has no events support!
..."

The reason is here: https://github.com/libvmi/libvmi/blob/master/libvmi/events.c#L96

So, is it possible to run vmidbg without Xen ?
My progress here: https://github.com/SamRSA/Tools/blob/master/Virtualization/kvm-qemu.sh#L278

[SamRSA]

@Wenzel, I have analyzed "vagrant-xen-pyvmidbg" repo also, but it didnt help at all.

[Wenzel]

Hi @SamRSA ,

thank you for your interest in pyvmidbg.
congrats for setting up everything, if you didn't use Vagrant.

VMI_ERROR: The selected hypervisor has no events support!

As you have seen, the KVM interface or "driver" in Libvmi doesn't support events yet.
It can read/write physical memory and registers, but that's pretty much it.

If you want to know more about the state of VMI in KVM, i can give you an invite to the slack i created:
https://kvm-vmi.slack.com/

a new series of VMI patches are available for KVM, and the LibVMI KVM driver needs to be rewritten.

I hope this helps

[Wenzel]

I have analyzed "vagrant-xen-pyvmidbg" repo also, but it didnt help at all.

what do you mean by analyzed ?
are you familiar with Vagrant ?
It's a tool used to create a reproductible development environment.

[SamRSA]

Hi @Wenzel

If you want to know more about the state of VMI in KVM, i can give you an invite to the slack i created:
https://kvm-vmi.slack.com/

That would be great, should I sent you my email ?

a new series of VMI patches are available for KVM, and the LibVMI KVM driver needs to be rewritten.

You mean "KVM-VMI" repository ?

what do you mean by analyzed ?
are you familiar with Vagrant ?
It's a tool used to create a reproductible development environment.

I thought, that according to words "vagrant-xen-pyvmidbg provides a Vagrant environment based on KVM, with ready to use Windows and Linux VMs", that repo would help me somehow.
But I analyzed every file, and realized that it uses Xen, not KVM.
Nope, I didnt use Vagrant. Prefer to expand environment by myself.

[Wenzel]

That would be great, should I sent you my email ?

For the invite, yes, shoot me your email at mathieu.tarral@protonmail.com

You mean "KVM-VMI" repository ?

Yes

I thought, that according to words "vagrant-xen-pyvmidbg provides a Vagrant environment based on KVM, with ready to use Windows and Linux VMs", that repo would help me somehow.

I think i should be more precise in the README.
The environment I provide is a Virtual Machine, built via Vagrant, running the Xen hypervisor, on top of KVM.

That's what I meant by based on KVM.
KVM > Xen > pyvmidbg

[SamRSA]

That would be great, should I sent you my email ?

For the invite, yes, shoot me your email at mathieu.tarral@protonmail.com

Done. In case nothing comes, I created temporary email: samrsa8[at]scryptmail.com

You mean "KVM-VMI" repository ?

Yes

Ok, seems there is a lot of code inside :) The project consists of four components... :)

I thought, that according to words "vagrant-xen-pyvmidbg provides a Vagrant environment based on KVM, with ready to use Windows and Linux VMs", that repo would help me somehow.

I think i should be more precise in the README.
The environment I provide is a Virtual Machine, built via Vagrant, running the Xen hypervisor, on top of KVM.

That's what I meant by based on KVM.
KVM > Xen > pyvmidbg

Ok, I undestood.
Will explore "KVM-VMI" now... :)

[Wenzel]

Ok, seems there is a lot of code inside :) The project consists of four components... :)

everything needed to play with VMI on KVM

Will explore "KVM-VMI" now... :)

The project has the master branch (stable) and the kvmi branch (experimental).

The stable branches are not maintained anymore, and all of the effort is put on kvmi branches, since these patches will become the upstream version soon(ish).

It would be absolutely fantastic if you could join the effort and build a new libvmi driver on KVM.
A small driver was written before, based on the kvmi patches, and was able to read the physical memory for example.

So some code is already there.
We can pursue this discussion on kvm-vmi.slack.com.

[SamRSA]

Ok, seems there is a lot of code inside :) The project consists of four components... :)

everything needed to play with VMI on KVM

It will take me some time to dig all the code...

Will explore "KVM-VMI" now... :)

The project has the master branch (stable) and the kvmi branch (experimental).

The stable branches are not maintained anymore, and all of the effort is put on kvmi branches, since these patches will become the upstream version soon(ish).

Thanks, will use only "kvmi" branch.

It would be absolutely fantastic if you could join the effort and build a new libvmi driver on KVM.
A small driver was written before, based on the kvmi patches, and was able to read the physical memory for example.

So some code is already there.
We can pursue this discussion on kvm-vmi.slack.com.

Ok. Probably scryptmail.com have some issues(cant receive any email), so I created another samrsa8@protonmail.com

[Wenzel]

Hi @SamRSA ,

As the new LibVMI KVM driver is progressing very well, pyvmidbg has been ported on KVM.
Most of the features are there, still in an experimental stage at this point, but if you are still interested, you can give it a try by building the latest KVM-VMI

[SamRSA]

@Wenzel, I didnt succeed with exploring "KVM-VMI", the environment is too complicated. And to be honest, I was looking for solution based on VirtualBox: https://forums.virtualbox.org/viewtopic.php?f=10&t=92343
Found this repository very useful: https://github.com/thalium/icebox
And now pyvmidbg supports VirtualBox ?

[Wenzel]

Hi @SamRSA ,

I didnt succeed with exploring "KVM-VMI", the environment is too complicated.

I am truly sorry to hear that the KVM-VMI repos were too difficult to setup.
I completely understand that managing to get a working environment with all these moving parts is a complex task.
I have done my best so far to reduce the entry barrier, I wrote a full Wiki-page about the Setup, and maintained a Vagrant config as well.

But nonetheless, your feedback is unvaluable to me, because i'm blinded by my own knowledge.
If you could point me out what were difficulties you had when you tried to take a serious look at KVM-VM:

• was the README clear and consive enough ?
• was there enough documentation ?
• where did you had trouble most of the time ?

Found this repository very useful: https://github.com/thalium/icebox

Yes, Icebox is based on VirtualBox, and you should definitely take a look at them.

And now pyvmidbg supports VirtualBox ?

I have spent the last few months working on the KVM driver for Libvmi.
pyvmidbg is now officially supported on KVM, and it's a huge milestone ! 🎉

A Libvmi driver for VirtualBox could be built, but I'm spending my time fixing and improving WIndows 7 support these days.

We could look into that in the future.

Thanks.

[SamRSA]

I have spent the last few months working on the KVM driver for Libvmi.
pyvmidbg is now officially supported on KVM, and it's a huge milestone ! 🎉

This is great news!
Next two weeks I will experiment with building latest KVM-VMI ;)

[Wenzel]

@SamRSA closing this issue since KVM support is finally merged upsteam.
feel free to reopen.