IntroVirt, short for introspective virtualization, is a customized Xen Hypervisor and library that provides a robust virtual machine (VM) introspection application programming interface (API). VM introspection is the process of looking at the memory contents of a virtual machine during runtime. By applying knowledge of the guest operating system, introspection can be used for a variety of applications, including reverse engineering, debugging software, and securing guest VMs by limiting access to files or limiting an executing application’s functionality.
IntroVirt consists of two components: a patched version of the Xen Hypervisor, and the IntroVirt userland library. The Windows® IntroVirt library, WintroVirt, can be used as a userland library that sits above IntroVirt to interact with Windows®-based guests. As IntroVirt and WintroVirt are both libraries, they use the widely accepted library nomenclature, referred to as libintrovirt and libwintrovirt, respectively.