This repository has been archived by the owner on Nov 17, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
Project Setup
Mathieu Tarral edited this page Sep 5, 2018
·
12 revisions
r2vmi
has been tested on Ubuntu Bionic Beaver 18.04.1 LTS
, which provides Xen 4.9
$ sudo apt-get install xen-system-amd64
You can install pkgconfig
too:
$ sudo apt-get install pkg-config
r2vmi
has been tested on Windows 7
installed from this Packer template
You can reuse the same ISO, and use your own flavor of Windows 7.
Make sure to import the image in Libvirt
.
- Compile and install
LibVMI
, explicitely enabling the support for Xen (to be sure)
$ cd libvmi
$ ./configure --enable-xen
$ make -j4
$ sudo make install
$ sudo ldconfig
- Go to
libvmi/tools/windows-offset-finder
and install the required dependencies to use therekall_offset_finder
script. - Start the
Windows 7
VM inLibvirt
. Wait for the desktop. - Run the
rekall-offset-finder
script:
$ sudo venv/bin/python rekall_offset_finder.py <vm_name>
- A
LibVMI
config entry has been generated. Insert it into a config file, which will be searched at the following locations:/etc/libvmi.conf
$HOME/etc/libvmi.conf
$PWD/libvmi.conf
- Check the
LibVMI
configuration with theexmaples/vmi-process-list
test:
$ ./examples/vmi-process-list <vm_name>
...
Installation guide is available on the project's README
To install the plugins, simply run:
$ make
$ make install
They will be copied to the output of r2 -HR2_USER_PLUGINS
($HOME/.config/radare2/plugins
)
Checking:
$ r2 -L | grep vmi
rwd vmi VMI IO plugin for r2 vmi://[vm_name]:[pid] (LGPL)
Congratulations, you are ready to use r2vmi !
Note 1: If pkgconfig
cannot locate r2
.pc
modules, you need to set the following environment variables:
export PKG_CONFIG_PATH=/usr/lib/pkgconfig
Note 2: If the plugins don't appear, it might be due to a loading error. To display them, use:
R_DEBUG=yes r2 -L