Skip to content

Instantly share code, notes, and snippets.

@scorpionzezz scorpionzezz/vmi.c
Created Jun 14, 2018

What would you like to do?
DRAKVUF set trap to the empty page and emulate no write
drakvuf->guard0.type = MEMACCESS;
drakvuf->guard0.memaccess.access = VMI_MEMACCESS_RWX;
drakvuf->guard0.memaccess.type = PRE;
drakvuf->guard0.memaccess.gfn = drakvuf->zero_page_gfn;
if (!inject_trap_mem(drakvuf, &drakvuf->guard0, 0))
PRINT_DEBUG("Failed to create guard trap for the empty page!\n");
return 0;
if (event->mem_event.gfn == drakvuf->zero_page_gfn)
PRINT_DEBUG("Somebody try to do something to the empty page, let's emulate it\n");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.