Skip to content
/ ksm Public

A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.

License

Notifications You must be signed in to change notification settings

asamy/ksm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ksm v1.6-dev Build Status Build Status Coverity Scan Build Status BountySource

A really simple and lightweight x64 hypervisor written in C for Intel processors.
KSM has a self-contained physical memory introspection engine and userspace physical memory virtualization which can be enabled at compiletime.

Currently, KSM runs on Windows and Linux kernels natively, and aims to support macOS by 2017, if you want to port KSM see Documentation/SPEC.rst for more information.

Note: You can find Windows 10 precompiled binaries here.

Purpose

Unlike other hypervisors (e.g. KVM, XEN, etc.), KSM's purpose is not to run other Operating Systems, instead, KSM can be used as an extra layer of protection to the existing running OS. This type of virtualization is usually seen in Anti-viruses, or sandboxers or even Viruses. KSM also supports nesting, that means it can emulate other hardware-assisted virtualization tools (VT-x).

Usage under Linux (+sandbox)

asciicast

Features

  • IDT Shadowing
  • EPT violation #VE (Disabled when unavailable - At least Broadwell required)
  • EPTP switching VMFUNC (Emulated when unavailable - At least Haswell required)
  • APIC virtualization (Experimental, do not use)
  • VMX Nesting (Experimental, do not use)
  • Builtin Userspace physical memory sandboxer (Optional)
  • Builtin Introspection engine (Optional)

Requirements

  • An Intel processor (with VT-x and EPT support)
  • A working C compiler (GCC or Microsoft compiler aka CL are supported)

Supported Kernels

  • Windows NT kernel (7/8/8.1/10)
  • Linux kernel (tested under 3.16, 4.8.13 and mainline)

Documentation

Module integration

Few modular examples are included to illustrate usage, those are:

  • epage.c - A shadow executale page hooking mechanism using multiple EPTP.
  • introspect.c - A small and stupid physical memory introspection engine using EPT.
  • sandbox.c - A small, incomplete and simple userspace physical memory sandbox.

See Documentation/BUILDING.rst on how to enable those modules while building.

Issues (bugs, features, etc.)

Feel free to use Github Issues, there is an Issue Template to help you file things as required.

References

  • Linux kernel (KVM)
  • HyperPlatform
  • XEN

License

GPL v2, see LICENSE file. Note that some code is thirdparty, respective licenses and/or copyright should be there, if you think otherwise, feel free to mail me.