Wenzel / R2vmi
Licence: agpl-3.0
Hypervisor-Level Debugger based on Radare2 / LibVMI, using VMI IO and debug plugins
Stars: ✭ 130
Programming Languages
c
50402 projects - #5 most used programming language
Projects that are alternatives of or similar to R2vmi
X64dbg
An open-source x64/x32 debugger for windows.
Stars: ✭ 37,825 (+28996.15%)
Mutual labels: debugger
Frodo
Android Library for Logging RxJava Observables and Subscribers.
Stars: ✭ 1,496 (+1050.77%)
Mutual labels: debugger
Jest Electron
❯ ⚛️The easiest way to run and debug test cases in electron with jest.
Stars: ✭ 106 (-18.46%)
Mutual labels: debugger
Apidebugger
A IDEA plug-in to help you easily complete the API debugging.
Stars: ✭ 125 (-3.85%)
Mutual labels: debugger
Dap42
CMSIS-DAP debugger firmware for STM32F042Fx and STM32F103xx
Stars: ✭ 115 (-11.54%)
Mutual labels: debugger
React Native Vdebug
React-Native 调试工具,支持Console终端、Network导出cURL,可视化Response,Retry cURL。
Stars: ✭ 124 (-4.62%)
Mutual labels: debugger
Rexbug
A thin Elixir wrapper for the redbug Erlang tracing debugger.
Stars: ✭ 126 (-3.08%)
Mutual labels: debugger
Puppet Debugger
A interactive live debugger and REPL for the puppet language
Stars: ✭ 117 (-10%)
Mutual labels: debugger
Flow Storm Debugger
A debugger for Clojure and ClojureScript with some unique features.
Stars: ✭ 128 (-1.54%)
Mutual labels: debugger
Scout
Scout - Instruction based research debugger (a poor man's debugger)
Stars: ✭ 127 (-2.31%)
Mutual labels: debugger
r2vmi
Radare2 VMI IO and debugger plugins.
These plugins allow you to debug remote process running in a VM, from the hypervisor-level, leveraging Virtual Machine Introspection.
Based on Libvmi
to access the VM memory and listen on hardware events.
Note: since hack.lu 2018, I shifted my work towards an improved version of this project which is more flexible and open to any reverse-engineering framework that can act as a GDB frontend:
https://github.com/Wenzel/pyvmidbg
What works:
- Intercept a process by name/PID (at
CR3
load) - Read the registers
- Single-step the process execution
- Set breakpoints
- software
- hardware (based on memory access permissions, page must be mapped)
- Load Kernel symbols
Demo
The following demonstrate how r2vmi
:
- intercepts
explorer.exe
process - sets a
software
breakpoint onNtOpenKey
- how the breakpoint is hit (ignoring hits by not targeted processes)
- using
radare2
to disassembleNtOpenFile
's function - singlestep the execution
- opening a
Rekall
shell usin theVMIAddressSpace
to work on the VM's physical memory - running
pslist
plugin - running
dlllist
plugin and selecting a randomDLL
's base address - seeking there in
radare2
and displaying theMZ
header
Requirements
Setup
An complete installation guide is available on the Wiki
Usage
You need a virtual machine configured on top of Xen
, and a process name/pid to intercept
$ r2 -d vmi://<vm_name>:<name/pid>
Example:
$ r2 -d vmi://win7:firefox
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].