kvm-vmi

KVM-based Virtual Machine Instrospection.

Table of Contents

• Overview
  • 1 - KVMI
  • 2 - Nitro (Legacy)
• Setup
• References
• Maintainers
• Contributing
• License

Overview

This project adds virtual machine introspection to the KVM hypervisor to monitor a running virtual machine without a guest agent.

This project is divided into 4 components:

• kvm: linux kernel with vmi patches for KVM
• qemu: patched to allow introspection
• nitro (legacy): userland library which receives events, introspects the virtual machine state, and fills the semantic gap
• libvmi: virtual machine instrospection library with unified API across Xen and KVM

At the moment, 2 versions of VMI patches are available for QEMU/KVM in this repository:

1 - KVMI

A complete set of VMI APIs proposed by BitDefender

This is where the current effort is focused on today.

API overview

git clone https://github.com/KVM-VMI/kvm-vmi.git --recursive --branch kvmi

Corresponding submodule branches:

• kvm: kvmi
• qemu: kvmi
• nitro: kvmi
• libvmi: kvmi

Note: the nitro is a legacy component and not part of kvmi.

2 - Nitro (legacy)

This version of KVM-VMI has been deprecated.

For details regarding how it works, see the Wiki page

Setup

Configuration and install instructions are detailed on the following Wiki page:

KVM-VMI setup

References

Based on Jonas Pfoh's work:

• Nitro: Hardware-based System Call Tracing for Virtual Machines
• Nitro - VMI Extensions for Linux/KVM

Maintainers

@Wenzel

Contributing

PRs accepted.

Small note: If editing the Readme, please conform to the standard-readme specification.

License

GNU General Public License v3.0