Not sure about VMware but you can do both with Xen and LibVMI (https://code.google.com/p/vmitools/).

Tamas


On Fri, May 31, 2013 at 5:22 PM, A B <amitrajitb@gmail.com> wrote:
All,

This is my first post in this forum, and I am also very new to this website, so please excuse my ignorance.

This is a fantastic project no doubt. 


Now, coming to my questions:

1. Is it possible to run volatility on a running 'live' VM's memory? That is, assuming that I have vmware work station running, can I use the live vmem file as input and get reliavble outputs?

2. If one is possible, then is it possible to generate a breakpoint or get a call back when a particular  memory location is hit? I ask this because, assuming that an executable is loaded in certain pages inside the vmem, and I want to get notified when a particular function of that loaded executable is called, this wuld mean that when the virtual CPU executes the first instruction of that function I need a callback, is that possible?

thanks in advance...

--

- ab

_______________________________________________
Vol-dev mailing list
Vol-dev@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev