libkvmi API help

[allewwaly]

I'm trying to setup libkvmi, however I cannot get any document about the APIs in libkvmi.h, or any examples on how to combine it with libvmi. Can anybody give me some help? Thanks a lot.

[adlazar]

@allewwaly , if you want to use libkvmi directly, take a look at kvmi-test.c. For the low level API (between kernel and userspace) you can find the documentation here.
libvmi from this project already uses libkvmi. @Wenzel can point you to the right branch.

[Wenzel]

Regarding libvmi, there is an integration for kvmi-v6 and kvmi-v7

Also there is an opened pull request to integrate the new KVM driver in upstream libvmi: libvmi/libvmi#844

I hope this helps.

[allewwaly]

That helps, Thx.

[allewwaly]

Is there any example on using libkvmi to capture syscalls with context like syscall name and parameters? Just like Nitro does with backend option.

[adlazar]

None that I know of.

[Wenzel]

@allewwaly Nitro is a deprecated project.
if you want to revive it you will likely need to use libvmi exclusively and put breakpoints on the syscall handlers.