pyvmidbg: a flexible hypervisor-level debugger - Mathieu Tarral

Virtual machine introspection is a concept where a host application can rebuild a VM's execution context, via the hardware state provided by hypervisor interfaces. This technology has been leveraged since a couple of years already to build powerful stealth sandboxes for malware analysis. But what about our debuggers ? In this talk, i will explain why debugging from the hypervisor is powerful and relevant in today's world, as well as showing my research on the topic, a Libvmi based GDB stub in Python, capable of debugging a remote process running on Windows XP, on top of Xen.