[Vol-dev] Breakpoints On Instruction calls

nir izraeli nirizr at gmail.com
Fri May 31 14:49:26 CDT 2013


AFAIK you can't rely on vmware to sync files with live memory.
it uses them mostly to save states when the machine is suspended.
you could suspend, modify, resume but it'll be a slow process.


On Fri, May 31, 2013 at 10:30 PM, Tamas Lengyel
<tamas.k.lengyel at gmail.com>wrote:

> Not sure about VMware but you can do both with Xen and LibVMI (
> https://code.google.com/p/vmitools/).
>
> Tamas
>
>
> On Fri, May 31, 2013 at 5:22 PM, A B <amitrajitb at gmail.com> wrote:
>
>> All,
>>
>> This is my first post in this forum, and I am also very new to this
>> website, so please excuse my ignorance.
>>
>> This is a fantastic project no doubt.
>>
>>
>> Now, coming to my questions:
>>
>> 1. Is it possible to run volatility on a running 'live' VM's memory? That
>> is, assuming that I have vmware work station running, can I use the live
>> vmem file as input and get reliavble outputs?
>>
>> 2. If one is possible, then is it possible to generate a breakpoint or
>> get a call back when a particular  memory location is hit? I ask this
>> because, assuming that an executable is loaded in certain pages inside the
>> vmem, and I want to get notified when a particular function of that loaded
>> executable is called, this wuld mean that when the virtual CPU executes the
>> first instruction of that function I need a callback, is that possible?
>>
>> thanks in advance...
>>
>> --
>>
>> - ab
>>
>> _______________________________________________
>> Vol-dev mailing list
>> Vol-dev at volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>>
>>
>
> _______________________________________________
> Vol-dev mailing list
> Vol-dev at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-dev/attachments/20130531/c6e3fa4d/attachment.html


More information about the Vol-dev mailing list