* Re: [PATCH 0/5] KVM: Fix and improve guest debugging and x86 debug registers
@ 2008-10-07 21:10 duck
2008-10-31 10:12 ` Jan Kiszka
0 siblings, 1 reply; 3+ messages in thread
From: duck @ 2008-10-07 21:10 UTC (permalink / raw)
To: kvm
Does this mean that hardware breakpoints set inside a guest (e.g. with a
debugger running within a Windows guest such as OllyDbg or WinDbg) will
finally work?
If so, then this is a Great Thing Indeed. Without hardware breakpoints,
numerous so-called "software protected" Windows apps -- notably games, but
also various more mainstream biz apps -- won't run, because they use code
obfuscation wrappers relying, inter alia, on hard breakpoints. This is to
slow down and to complicate reverse engineering.
Quite a bit of modern malware uses the same sort of obfuscation wrappers
(often, actually, exactly the same wrappers as legit software, which is an
annoyance for another soap-box :-), which currently rules out KVM as a
general-purpose virtualisation platform for analysing and experimenting
with security threats, e.g. for reversing and honeypotting...
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 0/5] KVM: Fix and improve guest debugging and x86 debug registers
2008-10-07 21:10 [PATCH 0/5] KVM: Fix and improve guest debugging and x86 debug registers duck
@ 2008-10-31 10:12 ` Jan Kiszka
0 siblings, 0 replies; 3+ messages in thread
From: Jan Kiszka @ 2008-10-31 10:12 UTC (permalink / raw)
To: duck; +Cc: kvm
[As you dropped me from CC, I missed your reply so far.]
duck wrote:
> Does this mean that hardware breakpoints set inside a guest (e.g. with a
> debugger running within a Windows guest such as OllyDbg or WinDbg) will
> finally work?
I haven't tested Windows debuggers, but I intensively checked hardware
breakpoints in gdb and kgdb, the corresponding tools on Linux. You are
always welcome to apply my patches (I can provide rebased versions on
request) and report your findings for Windows!
>
> If so, then this is a Great Thing Indeed. Without hardware breakpoints,
> numerous so-called "software protected" Windows apps -- notably games, but
> also various more mainstream biz apps -- won't run, because they use code
> obfuscation wrappers relying, inter alia, on hard breakpoints. This is to
> slow down and to complicate reverse engineering.
>
> Quite a bit of modern malware uses the same sort of obfuscation wrappers
> (often, actually, exactly the same wrappers as legit software, which is an
> annoyance for another soap-box :-), which currently rules out KVM as a
> general-purpose virtualisation platform for analysing and experimenting
> with security threats, e.g. for reversing and honeypotting...
You can be sure that this will change - at some point in the future. My
patches are still blocked by the sometimes fairly slow merge process of
qemu (which will gain the same level of support this way as well, BTW).
Once this is resolved, kvm will likely merge the other bits as well.
Jan
--
Siemens AG, Corporate Technology, CT SE 2
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 0/5] KVM: Fix and improve guest debugging and x86 debug registers
@ 2008-10-06 9:15 Jan Kiszka
0 siblings, 0 replies; 3+ messages in thread
From: Jan Kiszka @ 2008-10-06 9:15 UTC (permalink / raw)
To: kvm
This is the kernel part of my debugging patch series.
Jan
--
Siemens AG, Corporate Technology, CT SE 2
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-10-31 10:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-07 21:10 [PATCH 0/5] KVM: Fix and improve guest debugging and x86 debug registers duck
2008-10-31 10:12 ` Jan Kiszka
-- strict thread matches above, loose matches on Subject: below --
2008-10-06 9:15 Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox