LibVMI is a C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine by viewing its memory, trapping on hardware events, and accessing the vCPU registers. This is called virtual machine introspection.
Access memory using physical addresses, virtual addresses, and operating system or application level symbols. Receive notifications for memory and register events. Integration with Volatility for higher-level analysis.
Works with Xen, KVM, Qemu, and Raw memory files. Supports both Windows and Linux VMs. Supports 32-bit, PAE, and 64-bit x86 and ARM Cortex-A15 architectures.
Virtual machine introspection does not have to be slow. Access Xen and KVM guest memory at speeds that will make you think you are inside the guest. Multiple cache layers with optional manual cache management.