This repository has been archived by the owner on Nov 17, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
Project Setup
Mathieu Tarral edited this page Sep 5, 2018
·
12 revisions
r2vmi has been tested on Ubuntu Bionic Beaver 18.04.1 LTS, which provides Xen 4.9
$ sudo apt-get install xen-system-amd64
You can install pkgconfig too:
$ sudo apt-get install pkg-config
r2vmi has been tested on Windows 7 installed from this Packer template
You can reuse the same ISO, and use your own flavor of Windows 7.
Make sure to import the image in Libvirt.
- Compile and install
LibVMI, explicitely enabling the support for Xen (to be sure)
$ cd libvmi
$ ./configure --enable-xen
$ make -j4
$ sudo make install
$ sudo ldconfig
- Go to
libvmi/tools/windows-offset-finderand install the required dependencies to use therekall_offset_finderscript. - Start the
Windows 7VM inLibvirt. Wait for the desktop. - Run the
rekall-offset-finderscript:
$ sudo venv/bin/python rekall_offset_finder.py <vm_name>
- A
LibVMIconfig entry has been generated. Insert it into a config file, which will be searched at the following locations:/etc/libvmi.conf$HOME/etc/libvmi.conf$PWD/libvmi.conf
- Check the
LibVMIconfiguration with theexmaples/vmi-process-listtest:
$ ./examples/vmi-process-list <vm_name>
...
Installation guide is available on the project's README
To install the plugins, simply run:
$ make
$ make install
They will be copied to the output of r2 -HR2_USER_PLUGINS ($HOME/.config/radare2/plugins)
Checking:
$ r2 -L | grep vmi
rwd vmi VMI IO plugin for r2 vmi://[vm_name]:[pid] (LGPL)
Congratulations, you are ready to use r2vmi !
Note 1: If pkgconfig cannot locate r2 .pc modules, you need to set the following environment variables:
export PKG_CONFIG_PATH=/usr/lib/pkgconfig
Note 2: If the plugins don't appear, it might be due to a loading error. To display them, use:
R_DEBUG=yes r2 -L