[As you dropped me from CC, I missed your reply so far.] duck wrote: > Does this mean that hardware breakpoints set inside a guest (e.g. with a > debugger running within a Windows guest such as OllyDbg or WinDbg) will > finally work?
I haven't tested Windows debuggers, but I intensively checked hardware breakpoints in gdb and kgdb, the corresponding tools on Linux. You are always welcome to apply my patches (I can provide rebased versions on request) and report your findings for Windows! > > If so, then this is a Great Thing Indeed. Without hardware breakpoints, > numerous so-called "software protected" Windows apps -- notably games, but > also various more mainstream biz apps -- won't run, because they use code > obfuscation wrappers relying, inter alia, on hard breakpoints. This is to > slow down and to complicate reverse engineering. > > Quite a bit of modern malware uses the same sort of obfuscation wrappers > (often, actually, exactly the same wrappers as legit software, which is an > annoyance for another soap-box :-), which currently rules out KVM as a > general-purpose virtualisation platform for analysing and experimenting > with security threats, e.g. for reversing and honeypotting... You can be sure that this will change - at some point in the future. My patches are still blocked by the sometimes fairly slow merge process of qemu (which will gain the same level of support this way as well, BTW). Once this is resolved, kvm will likely merge the other bits as well. Jan -- Siemens AG, Corporate Technology, CT SE 2 Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
