- Status
- Offline
- Joined
- Mar 3, 2026
- Messages
- 330
- Reaction score
- 7
Anyone here digging into hypervisor-level memory access for The Finals? Running a Windows 11 VM on Proxmox (KVM) is a solid start for staying under the radar, but the real power comes from reading and writing RAM directly from the host without touching the guest environment.
The goal is live memory analysis from the Proxmox side—essentially turning the hypervisor into a software-based DMA setup.
Current Environment & Objectives:
The LibVMI Approach
LibVMI is the usual suspect for Virtual Machine Introspection (VMI), but setting it up on a Proxmox environment can be a headache. It is not as straightforward as a standard KVM build because of how Proxmox manages its config files and process namespaces. If you are coming from basic memory dumping (like using IDA to find a LocalPlayer address in League), this is the next logical step in the cat-and-mouse game.
Technical Hurdles:
If you have successfully bridged the gap between the Proxmox host and guest RAM or have experience with direct KVM memory mapping for live analysis, drop some knowledge.
who's run this Proxmox setup for live R/W?
The goal is live memory analysis from the Proxmox side—essentially turning the hypervisor into a software-based DMA setup.
Current Environment & Objectives:
- Host: Proxmox (KVM/QEMU)
- Guest: Windows 11 running The Finals
- Status: No crashes, anti-cheat is currently quiet in this setup
- Objective: Map VM memory to host space for external manipulation
The LibVMI Approach
LibVMI is the usual suspect for Virtual Machine Introspection (VMI), but setting it up on a Proxmox environment can be a headache. It is not as straightforward as a standard KVM build because of how Proxmox manages its config files and process namespaces. If you are coming from basic memory dumping (like using IDA to find a LocalPlayer address in League), this is the next logical step in the cat-and-mouse game.
Technical Hurdles:
- Basic Proof-of-Concept: Reading a known address from the host side to verify the bridge.
- Memory Mapping: Translating Guest Physical Address (GPA) to Host Virtual Address (HVA).
- Process Context: Identifying the specific game process within the guest RAM from the hypervisor level.
Working with KVM guests means you need to hook into the memory slots allocated to the VM process. While some developers use custom KVM patches to simplify R/W, LibVMI is supposed to handle the abstraction, though documentation for Proxmox-specific integration is thin. You are basically looking at live memory mapping without the guest OS ever knowing its RAM is being peeked at.
If you have successfully bridged the gap between the Proxmox host and guest RAM or have experience with direct KVM memory mapping for live analysis, drop some knowledge.
who's run this Proxmox setup for live R/W?
