Skip to content
This repository has been archived by the owner on Nov 17, 2021. It is now read-only.

Build the introspection layer #21

Open
3 tasks
Wenzel opened this issue Sep 11, 2018 · 0 comments
Open
3 tasks

Build the introspection layer #21

Wenzel opened this issue Sep 11, 2018 · 0 comments
Labels
Goal Next objective on the project Priority: High

Comments

@Wenzel
Copy link
Owner

Wenzel commented Sep 11, 2018

At the moment we rely on parsing LibVMI's JSON rekall profile and insert the entries into radare's flagspace.

This will only bring us kernel symbols, and it needs Rekall in the first place to generate this profile.

At r2con 2018, i learned that i could use the idpd command to download the appropriate PDB's for my kernel.

TODO:

  • Find out how to create a new IO inside the physical memory IO, that contains only the kernel
  • Download the PDB and load them using idpd and idp commands
  • Find out if the types and kernel structures have been extracted and inserted into radare2, and how to use them.
@Wenzel Wenzel added enhancement New feature or request Priority: High Goal Next objective on the project and removed enhancement New feature or request labels Sep 11, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Goal Next objective on the project Priority: High
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Wenzel