Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → jianpingzju → Hypro

jianpingzju / Hypro

Licence: other

VMI on BitVisor to detect hidden rootkits.

Programming Languages

50402 projects - #5 most used programming language

perl

6916 projects

Makefile

30231 projects

C++

36643 projects - #6 most used programming language

assembly

5116 projects

DIGITAL Command Language

90 projects

Hypro - VMI on BitVisor to detect hidden rootkits.

tools/adore-ng is a well-known LKM(loadable kernel modules) rootkit for getting root privilege, hiding certain processes, files, ports, .etc.
tools/hypercall has the files to read VM's processes, loaded kernel modules, physical memory from VMM, so we can check the differences to find exceptions.
core/vmmcall_vmi.c implements the core VMI functions.
VMI/fs is a ported EXT4 file system from Uboot. With this module, we can reread block device to check to hidden files.
Guest's Fs/(attacked)    VMI/fs
  |_______________________|
  |
driver
  |
hardware
BitVisor uses parapass-through architecture that allows VM's device driver to handle the real device. So VMI/fs is ported to host's OS.

New features(such as capture of memory event and register event) are under developement.

How to build:
Hypro's build can be found in BitVisor's HomePage.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 23

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗