首页
社区
课程
招聘
[转帖]Page Fault Injection in Virtual Machines: Accessing Swapped-Out Pages from HVMI
发表于: 2020-12-15 19:16 1606

[转帖]Page Fault Injection in Virtual Machines: Accessing Swapped-Out Pages from HVMI

2020-12-15 19:16
1606

Page Fault Injection in Virtual Machines: Accessing Swapped-Out Pages from HVMI

Dec 14, 2020 • Andrei Lutas

Introduction

Hypervisor Memory Introspection, as its name implies, relies heavily an analyzing guest memory contents in order to infer details about the OS structures or to analyze the behavior of the kernel and applications. This works perfectly as long as only physical memory or resident virtual memory is analyzed (for example, guest page-tables, or non-paged kernel memory). Many times, however, regions of the Windows kernel memory or regions belonging to user-mode processes will not be mapped in physical memory, thus preventing HVMI from analyzing their contents. In this blog post, we will describe how we deal with swapped-out guest memory, in order to ensure HVMI will get a chance to analyze the contents of a memory page even if it is not resident in physical memory: meet the page-fault injection mechanism!

https://hvmi.github.io/blog/2020/12/14/pfinjection.html



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 2
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//