VMICore is a VM Introsepction tool capable of dynamic malware analysis.
-
Install Build Requirements
- g++ or clang++
- cmake
- tclap
-
Clone this repository
-
[Optionally] Create an output directory
-
Inside the output directory (or your current working directory for that matter), run:
[user@localhost output_dir]$ cmake <path_to_top_level_project_dir>
[user@localhost output_dir]$ cmake --build .[user@localhost output_dir]$ ./vmicore -c <path_to_configuration.yml> -n <domain_name>Note: All parameters are optional but the program will abort if the configuration could not be found.
Default search location is /etc/vmicore.conf .
VMICore uses YAML as its configuration file format. An example configuration file can be found in configurations/.
VMICore is able to load plugins as shared object files at runtime. The folder in which to look for plugins can be configured via the configuration file:
plugin_system:
directory: /usr/local/lib/Plugins that should be loaded have to be declared by their shared object file name under the plugins node:
plugin_system:
directory: /usr/local/lib/
plugins:
libmyplugin.so:
option1: value1In the example above, everything under libmyplugin.so will be passed to the respective plugin as configuration
options.