Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Native VirtualBox driver via builtin debugger interface #216

Open
Wenzel opened this issue Sep 6, 2021 · 3 comments
Open

Native VirtualBox driver via builtin debugger interface #216

Wenzel opened this issue Sep 6, 2021 · 3 comments
Labels
enhancement New feature or request

Comments

@Wenzel
Copy link
Owner

Wenzel commented Sep 6, 2021

Adding a note here that we could build a native VirtualBox driver, using the builtin debugger.
This interface provides read / write physical /virtual memory access:
https://www.virtualbox.org/sdkref/interface_i_machine_debugger.html#a5b8215a84f058957f2dbe59355e16f97
@Wenzel Wenzel added the enhancement New feature or request label Sep 6, 2021
@Wenzel
Copy link
Owner Author

Wenzel commented Oct 6, 2021
edited
Loading

To install the VirtualBox SDK

download SDK from https://www.virtualbox.org/wiki/Downloads and unzip

install the sdk

cd sdk/installer
export VBOX_INSTALL_PATH=/usr/lib/virtualbox  # for Ubuntu packaged installation
sudo -E python3 vboxapisetup.py install

to use the SDK

(venv) pip install virtualbox
(venv) export VBOX_SDK_PATH=/usr/lib/virtualbox/sdk
(venv) ipython3
(venv) %run vboxinstance.py

vboxinstance.py

# don't forget to set VBOX_SDK_PATH
# otherwise fallback to /usr/bin/virualbox/sdk which doesn't make sense anyway

import sys
import os
from pathlib import Path

VBOX_SDK_PATH = Path(os.environ['VBOX_SDK_PATH'])

# we force to sys append our own install path
# otherwise /usr/bin/virtualbox is used, which doesn't make sense
sys.path.append(str(VBOX_SDK_PATH.parent))

import virtualbox
vbox = virtualbox.VirtualBox()

@Wenzel
Copy link
Owner Author

Wenzel commented Oct 6, 2021

machine -> session

machine.lockMachine(session, type)
session.console
console.debugger

but console objects are non null only if VM lock type

@Wenzel
Copy link
Owner Author

Wenzel commented Oct 6, 2021

It looks like this API hasn't been implemented yet

OleErrorNotimpl                           Traceback (most recent call last)
<ipython-input-15-207b7e87d331> in <module>
----> 1 dbg.read_physical_memory(0x0, 4)

~/local/venv/lib/python3.8/site-packages/virtualbox/library.py in read_physical_memory(self, address, size)
  30013         if not isinstance(size, baseinteger):
  30014             raise TypeError("size can only be an instance of type baseinteger")
> 30015         bytes_p = self._call("readPhysicalMemory", in_p=[address, size])
  30016         return bytes_p
  30017 

~/local/venv/lib/python3.8/site-packages/virtualbox/library_base.py in _call(self, name, in_p)
    198         method = self._search_attr(name)
    199         if inspect.isfunction(method) or inspect.ismethod(method):
--> 200             return self._call_method(method, in_p=in_p)
    201         else:
    202             return method

~/local/venv/lib/python3.8/site-packages/virtualbox/library_base.py in _call_method(self, method, in_p)
    226                 default_msg = getattr(exc, "message", str(exc))
    227                 errobj.msg = getattr(exc, "msg", default_msg)
--> 228             raise errobj
    229         return ret

OleErrorNotimpl: 0x80004001 (Method readPhysicalMemory is not implemented)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Wenzel