IceBox - Virtual Machine Introspection, Tracing & Debugging

Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox. BUILD.md: how to build icebox. Demo Project Organisation fdp: Fast Debugging Protocol sources icebox: Icebox sources icebox: Icebox lib (core, os helpers, plugins...) icebox_cmd: Program that test several features samples: Bunch of examples winbagility: stub to connect WinDBG to FDP virtualbox: VirtualBox sources patched for FDP. Getting Started Some sample have been written in samples folder. You can build them with these instructions after you installed the requirements. If your using a Windows guest you might want to set the environment variable _NT_SYMBOL_PATH to a folder that contains your guest's pdb. Please note that icebox setup will fail if it does not find your guest's kernel's pdb. vm_resume: vm_resume just pause then resume your VM. cd icebox/bin/$ARCH/ ./vm_resume <vm_name> nt_writefile: nt_writefile breaks....