A really simple and lightweight x64 hypervisor written in C for Intel processors.
KSM has a self-contained physical memory introspection engine and userspace physical memory virtualization which can be enabled at compiletime.
Currently, KSM runs on Windows and Linux kernels natively, and aims to support
macOS by 2017, if you want to port KSM see
Documentation/SPEC.rst for more information.
Note: You can find Windows 10 precompiled binaries here.
Unlike other hypervisors (e.g. KVM, XEN, etc.), KSM's purpose is not to run other Operating Systems, instead, KSM can be used as an extra layer of protection to the existing running OS. This type of virtualization is usually seen in Anti-viruses, or sandboxers or even Viruses. KSM also supports nesting, that means it can emulate other hardware-assisted virtualization tools (VT-x).
Usage under Linux (+sandbox)
- IDT Shadowing
- EPT violation #VE (Disabled when unavailable - At least Broadwell required)
- EPTP switching VMFUNC (Emulated when unavailable - At least Haswell required)
- APIC virtualization (Experimental, do not use)
- VMX Nesting (Experimental, do not use)
- Builtin Userspace physical memory sandboxer (Optional)
- Builtin Introspection engine (Optional)
- An Intel processor (with VT-x and EPT support)
- A working C compiler (GCC or Microsoft compiler aka CL are supported)
- Windows NT kernel (7/8/8.1/10)
- Linux kernel (tested under 3.16, 4.8.13 and mainline)
Few modular examples are included to illustrate usage, those are:
epage.c- A shadow executale page hooking mechanism using multiple EPTP.
introspect.c- A small and stupid physical memory introspection engine using EPT.
sandbox.c- A small, incomplete and simple userspace physical memory sandbox.
See Documentation/BUILDING.rst on how to enable those modules while building.
Issues (bugs, features, etc.)
Feel free to use Github Issues, there is an Issue Template to help you file things as required.
- Linux kernel (KVM)
GPL v2, see LICENSE file. Note that some code is thirdparty, respective licenses and/or copyright should be there, if you think otherwise, feel free to mail me.