Hi, I wanted to publish a talk that I did last week at hack.lu 2019 conference in Luxembourg. The talk was about showing the new introspection capabilities of KVM, still in development, and plugging a "smart" GDB stub on top that would understand the guest execution context. There are 2 demos: 1. I demonstrate the integration in LibVMI (intercepting CR3, memory events and MSR) 2. I demonstrate debugging Microsoft Paint inside a Windows 10 VM, setting a breakpoint on NtWriteFile in the kernel, and avoid other processes's hits. Abstract: https://cfp.hack.lu/hacklu19/talk/MLPXAF/ Slides: https://drive.google.com/file/d/1nFoCM62BWKSz2TKhNkrOjVwD8gP51VGK/view Video: https://www.youtube.com/watch?v=U-wDpvItPUU Project: https://github.com/Wenzel/pyvmidbg I thought it might be interesting to share it with the KVM community. Thanks.
