No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Makefile
README.md
detect.c

README.md

DRAKVUF PRESENCE DETECTION

How to use

  • Enable debug in DRAKVUF
  • Set a breakpoint and run DRAKVUF
  • In the target machine, clone this code and put the RPA address from the debug
  • information for BP1 and my_ptr1
Trap added @ PA 0x38ed7930 RPA 0xff006930 Page 233175 for name.
  • Put the second address for BP2 and my_ptr2 where the offset should be the same, for instance 0xff007930
  • Compile
make
  • Load the kernel module
insmod detect.ko
  • Look at the kern.log
tail -f /var/log/kern.log