Skip to content

A library that allows execution of an ELF binary inside a virtual machine without a full-scale operating system

License

Notifications You must be signed in to change notification settings

TUD-OS/libelkvm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ELKVM

ELKVM is a library that allows execution of an -- 64bit x86 -- ELF binary inside a virtual machine and forwards all system calls to a handler in the host user land. This can be used to inspect system calls made by a binary or modify the results of those system calls.

A high-level design description can be found in my diploma thesis which is online at: https://os.inf.tu-dresden.de/papers_ps/pester-diplom.pdf

Two examples on how the API can be used are found in the examples directory.

Install

You need to install the following additional packages in your distribution:

  • check
  • cmake
  • libudis86 (built with the -fPIC compiler option)

ELKVM uses cmake as a build system, you can build it in any directory you like to. In that directory you need to run the following:

  • cmake PATH_TO_ELKVM_TOPLEVEL_DIRECTORY
  • make -C include install
  • make
  • make install
  • ldconfig

This will build the ELKVM library and an example application that just redirects all system calls to the host Linux kernel. You can find the source code for this application in the examples/ directory.

Using private versions of the tools

If you have libraries (e.g. libudis86) installed in non-standard locations, you can tell cmake to search these dirs using the CPATH and LIBRARY_PATH environment variable. For example:

CPATH=<udis86 include dir> LIBRARY_PATH=<udis86 library dir> cmake

Adjusting the Linux kernel

You also need to add the following patch to your Linux kernel for ELKVM to work:

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 064d0be..501e6a9 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5118,9 +5118,10 @@ static int handle_halt(struct kvm_vcpu *vcpu)
 
 static int handle_vmcall(struct kvm_vcpu *vcpu)
 {
-       skip_emulated_instruction(vcpu);
-       kvm_emulate_hypercall(vcpu);
-       return 1;
+//     skip_emulated_instruction(vcpu);
+//     kvm_emulate_hypercall(vcpu);
+  vcpu->run->exit_reason = KVM_EXIT_HYPERCALL;
+       return 0;
 }

Building and Running the Tests

ELKVM uses gmock and gtest for unit testing. By default tests are not built. If you want to build and run the tests you have to enable

libelkvm_build_tests

which you can do for example by running

ccmake PATH_TO_ELKVM_TOPLEVEL_DIRECTORY

inside your build directory. cmake will download and build gmock for you in order to run the tests.

If you have lcov installed, you can generate code coverage data by running

make coverage

This will generate some html files, givinig you coverage information in BUILD_DIRECTORY/cov/index.html You need to enable the libelkvm_generate_coverage option to enable the generation of coverage data. Additionally this currently only works with gcc.

Running the examples

The examples are automatically built with the normal make process. The proxy example is a simple monitor, which just forwards each system call to the host Linux kernel and returns the result to the guest binary. It can be run with:

./proxy /PATH/TO/MY/BINARY

You can use the -d switch to enable debug output, which gives you all system calls made by the guest binary. The -a option takes the id of a running process and allows you to move that process into an ELKVM VM.

Happy Hacking! :)

About

A library that allows execution of an ELF binary inside a virtual machine without a full-scale operating system

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published