Comments (7)
BTW, the vm halted when I stopped drakvuf with Ctrl+C
from drakvuf.
On Mon May 4 2015 03:44:35 AM CEST, aweally [email protected] wrote:
BTW, the vm halted when I stopped drakvuf with Ctrl+C
That's by design so that the malware doesn't continue to run without an observer.
Reply to this email directly or view it on GitHub:
#2 (comment)
from drakvuf.
On Mon May 4 2015 03:41:18 AM CEST, aweally [email protected] wrote:
When I run the ./dravuf cmd to monitor the execution of the guest vm,
the vm's cpu cost sharply increase and keep running at 100%. After
inspect the task manager, I found the major cost is caused by
taskmgr.exe itself. So was it because dravuf runs default to inject
taskmgr and how can I reduce the impact on vm's running?
Drakvuf can inject into any executing process, you don't need taskmgr for that. The cpu spike taskmgr shows I have noticed as well but I haven't been able to track down the root cause.
Reply to this email directly or view it on GitHub:
#2
from drakvuf.
Thanks for your reply. Here're another two questions.
- How can I assign a particular process to monitor instead of all execution of the os? The current outputs are really noisy and performance costing. I'd like to extract the actual behavior of one particular process so as to do deeper analysis with other tools.
- The injector function of drakvuf is really amazing. However, it might also be used to attack the vm. So is there any way to prevent it from inside the vm?
Best wishes.
from drakvuf.
On Mon May 4 2015 10:18:50 AM CEST, aweally [email protected] wrote:
Thanks for your reply. Here're another two questions.
- How can I assign a particular process to monitor instead of all
execution of the os? The current outputs are really noisy and
performance costing. I'd like to extract the actual behavior of one
particular process so as to do deeper analysis with other tools.
Right now the target of the inspection is the OS. To monitor a process it would be the same method - get it's debug symbols and inject breakpoints in the function entry points. At that point it will be effectively just regular debugging so you might just want to use gdb for that.
- The injector function of drakvuf is really amazing. However, it might
also be used to attack the vm. So is there any way to prevent it from
inside the vm?
Thanks ;) There really isn't much the VM can do. That's why you should protect your dom0 and your hypervisor. Once those are compromised it's pretty much game over.
Best wishes.
Reply to this email directly or view it on GitHub:
#2 (comment)
from drakvuf.
All right. I guess I need to check out the source code and find where I can add monitoring function of specific process. Is there any IRC channel for drakvuf so I can discuss it with you?
from drakvuf.
I'm usually on #libvmi on Freenode!
from drakvuf.
Related Issues (20)
- vmi-win-guid name out print is NULL
- Virtualization problem
- interception specify process
- Format code with clang-format and clang-tidy HOT 1
- apimon doesn't work after 9/1's commit HOT 3
- Plugin etwmon startup failed! HOT 2
- Unable to control mouse in Win7 when drakvuf is running HOT 1
- [LIBHOOK] makes the xen virtual machine hang HOT 8
- How to automated batch analysis HOT 1
- trace powershell behavior with apimon
- drakvuf meson and ninja-injector linking build errors HOT 4
- How to exit a running drakvuf HOT 1
- How to obtain the value of a handle
- Injector sometimes hangs while injecting commands into explorer HOT 3
- avx instruction not support HOT 3
- Most of the Nargs=0 in the output of plugin-syscalls HOT 2
- Fresh installation unstable, entire system crashes intermittently and xenstored/xencommons not working consistently HOT 7
- Incompatiability With ProxMox VM HOT 1
- No SYSRET printed in linux VM HOT 1
- Consider returning syscall arguments inside a dictionary referenced by an "Arguments" key (similar to apimon plugin) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from drakvuf.