[Vol-dev] Breakpoints On Instruction calls

Tamas Lengyel tamas.k.lengyel at gmail.com
Fri May 31 14:30:16 CDT 2013


Not sure about VMware but you can do both with Xen and LibVMI (
https://code.google.com/p/vmitools/).

Tamas


On Fri, May 31, 2013 at 5:22 PM, A B <amitrajitb at gmail.com> wrote:

> All,
>
> This is my first post in this forum, and I am also very new to this
> website, so please excuse my ignorance.
>
> This is a fantastic project no doubt.
>
>
> Now, coming to my questions:
>
> 1. Is it possible to run volatility on a running 'live' VM's memory? That
> is, assuming that I have vmware work station running, can I use the live
> vmem file as input and get reliavble outputs?
>
> 2. If one is possible, then is it possible to generate a breakpoint or get
> a call back when a particular  memory location is hit? I ask this because,
> assuming that an executable is loaded in certain pages inside the vmem, and
> I want to get notified when a particular function of that loaded executable
> is called, this wuld mean that when the virtual CPU executes the first
> instruction of that function I need a callback, is that possible?
>
> thanks in advance...
>
> --
>
> - ab
>
> _______________________________________________
> Vol-dev mailing list
> Vol-dev at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-dev/attachments/20130531/8d34faec/attachment.html


More information about the Vol-dev mailing list