In fact, my tool walks through paging data structures (entry by entry)
using the function "kvm_read_guest" (sorry i don't have my machine with
me right now to poste my code :-( ).
for example to read PDPTEs, I do something like this:
for(i = 0; i < 32; i= i + 8)
{
kvm_read_guest(kvm, cr3
On 01/12/2015 19:30, Yacine HEBBAL wrote:
> Hi all,
> I'm trying to build some tools on top of kvm in order to debug, monitor and
> reverse engineer the guest OS (ubuntu 12.04, 32 bits)
> One of my tools walks through (and prints) the guest paging data structures
> as following: cr3 -> pdpte ->
Hi all,
I'm trying to build some tools on top of kvm in order to debug, monitor and
reverse engineer the guest OS (ubuntu 12.04, 32 bits)
One of my tools walks through (and prints) the guest paging data structures
as following: cr3 -> pdpte -> pde -> pte -> page (PAE paging, 32 bits)
According to
