Hypervisor Memory Introspection¶
Specification¶
- Overview
- Activation & Protection Options
- Alerts & Events
- Exceptions Mechanism
- OS Support Mechanism
- Engines Scan Mechanism
- Agents Architecture
- Coding Style
- Indentation and line ending
- Naming conventions
- Spacing
- Include guards and macros
- Functions
- Local variables
- Global variables
- Defining and using structures, unions, and enums
- Statements, code blocks, and curly braces
- Conditions
- Lines length and spacing
- Documenting the code
- Defensive Coding
- Code review
- Static analysis
- Development guideline
- Developing New Protection Features Guideline
- New feature design document template
- Important terms
- Overall internal architecture
- Protection activation flow
- Setting memory hooks
- The Virtual Address Space Monitor
- The Unpacker
- The Integrity Mechanism
- Setting register hooks
- Setting API hooks
- Accessing guest memory
- Accessing guest physical memory using the cache
- Accessing swapped-out guest memory
- Hiding guest memory contents
- Accessing guest state
- Working with instructions
- The Slack Allocator
- The Agents Injection
- Windows introspection
- Linux introspection
- Integration Guideline
- Functional & Performance Testing Recommendations