Not sure about VMware but you can do both with Xen and LibVMI (https://code.google.com/p/vmitools/).TamasOn Fri, May 31, 2013 at 5:22 PM, A B <amitrajitb@gmail.com> wrote:_______________________________________________All,This is my first post in this forum, and I am also very new to this website, so please excuse my ignorance.This is a fantastic project no doubt.
Now, coming to my questions:1. Is it possible to run volatility on a running 'live' VM's memory? That is, assuming that I have vmware work station running, can I use the live vmem file as input and get reliavble outputs?2. If one is possible, then is it possible to generate a breakpoint or get a call back when a particular memory location is hit? I ask this because, assuming that an executable is loaded in certain pages inside the vmem, and I want to get notified when a particular function of that loaded executable is called, this wuld mean that when the virtual CPU executes the first instruction of that function I need a callback, is that possible?thanks in advance...--
- ab
Vol-dev mailing list
Vol-dev@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
_______________________________________________
Vol-dev mailing list
Vol-dev@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev