[Vol-dev] Breakpoints On Instruction calls

A B amitrajitb at gmail.com
Fri May 31 10:22:36 CDT 2013


This is my first post in this forum, and I am also very new to this
website, so please excuse my ignorance.

This is a fantastic project no doubt.

Now, coming to my questions:

1. Is it possible to run volatility on a running 'live' VM's memory? That
is, assuming that I have vmware work station running, can I use the live
vmem file as input and get reliavble outputs?

2. If one is possible, then is it possible to generate a breakpoint or get
a call back when a particular  memory location is hit? I ask this because,
assuming that an executable is loaded in certain pages inside the vmem, and
I want to get notified when a particular function of that loaded executable
is called, this wuld mean that when the virtual CPU executes the first
instruction of that function I need a callback, is that possible?

thanks in advance...


- ab
