Nitro – Virtual Machine Introspection Framework

Nitro is a flexible framework for virtual machine introspection. It provides a Python API for analyzing and altering system call use of KVM-based virtual machines. With Nitro, you can monitor what the machines are doing without executing a single line of code inside a virtual machine as all the work happens on the host.

Nitro is open source and the code for the project can be found from the project’s GitHub page. Pull requests welcome!

User Guide

• Introduction
  • Why You Might Want to Consider Nitro
  • State of the Project
• Installation
  • Installing the Kernel
  • Setting up QEMU
  • Getting libvmi
  • Setting up libvirt
  • Python Dependencies
• Command-line Interface
• Architecture Overview
  • Virtual Machines
  • Nitro
  • Event Listeners
  • Analysis Back ends
  • Process Info Objects
  • System Call Argument Access
• Tutorial: Finding Out What Notepad is Doing
  • Getting a Connection
  • Letting the Events Flow
  • Understanding the Data
  • Looking for a Notepad
• Developing Nitro: Testing
  • Unit Tests
  • Integration Tests

Project Structure

• nitro package
  • Subpackages
    • nitro.backends package
      • Subpackages
      • Submodules
      • nitro.backends.arguments module
      • nitro.backends.backend module
      • nitro.backends.factory module
      • nitro.backends.process module
      • Module contents
  • Submodules
  • nitro.event module
  • nitro.kvm module
  • nitro.libvmi module
  • nitro.listener module
  • nitro.nitro module
  • nitro.syscall module
  • Module contents

Indices and tables

• Index
• Module Index
• Search Page