kvmi 0.5.0

Safe Rust bindings for libkvmi (v6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

use std::fs::File;
use std::io::Write;
use std::path::Path;

use kvmi::constants::PAGE_SIZE;
use kvmi::{create_kvmi, KVMIntrospectable, SocketType};

use clap::{App, Arg, ArgMatches};
use indicatif::{ProgressBar, ProgressStyle};
use log::{debug, trace};
use std::error::Error;

fn parse_args() -> ArgMatches<'static> {
    App::new(file!())
        .version("0.1")
        .author("Mathieu Tarral")
        .about("Dumps VM physical memory")
        .arg(Arg::with_name("vm_name").index(1).required(true))
        .arg(
            Arg::with_name("unix_socket")
                .short("u")
                .takes_value(true)
                .help("KVMi UNIX socket"),
        )
        .arg(
            Arg::with_name("vsock_port")
                .short("v")
                .takes_value(true)
                .help("KVMi vSock port"),
        )
        .arg(
            Arg::with_name("output")
                .short("o")
                .takes_value(true)
                .help("Output path"),
        )
        .get_matches()
}

fn main() -> Result<(), Box<dyn Error>> {
    env_logger::init();

    // handle args
    let matches = parse_args();
    let domain_name = matches
        .value_of("vm_name")
        .expect("The VM name is required");

    // either one of unix or vsock socket
    let unix_socket = matches
        .value_of("unix_socket")
        .map(|s| SocketType::UnixSocket(s.to_string()));
    let vsock_socket = matches.value_of("vsock_port").map(|s| {
        SocketType::VSock(s.parse::<u32>().expect(&*format!(
            "Failed to convert command line value \"{}\" to vSock port integer",
            s
        )))
    });
    let kvmi_sock_type = unix_socket.unwrap_or_else(|| {
        vsock_socket.expect("One of UNIX or vSock connection method must be specified.")
    });

    let dump_path = Path::new(
        matches
            .value_of("output")
            .map_or(&*format!("{}.dump", domain_name), |v| v),
    )
    .to_path_buf();
    let mut dump_file = File::create(&dump_path).expect("Fail to open dump file");
    // canonicalize now that the file exists
    dump_path.canonicalize().unwrap();

    // create KVMi and init
    let mut kvmi = create_kvmi()?;

    let spinner = ProgressBar::new_spinner();
    spinner.enable_steady_tick(200);
    spinner.set_message("Initializing KVMi...");
    kvmi.init(kvmi_sock_type)
        .expect("Failed to initialize KVMi");
    spinner.finish_and_clear();

    // ensure paused before dumping the RAM
    println!("Pausing the VM");
    kvmi.pause().expect("Failed to pause the VM");

    let max_addr = kvmi
        .get_maximum_paddr()
        .expect("Failed to retrieve the highest physical address");
    println!(
        "Dumping {} memory to {} until {:#X}",
        domain_name,
        dump_path.file_name().unwrap().to_str().unwrap(),
        max_addr
    );
    let bar = ProgressBar::new(max_addr);
    bar.set_style(ProgressStyle::default_bar().template(
        "{prefix} {wide_bar} {bytes_per_sec} • {bytes}/{total_bytes} • {percent}% • {elapsed}",
    ));
    // redraw every 0.1% change, otherwise the redraw becomes the bottleneck
    bar.set_draw_delta(max_addr / 1000);

    // dump memory, frame by frame
    for cur_paddr in (0..max_addr).step_by(PAGE_SIZE) {
        trace!(
            "reading {:#X} bytes of memory at {:#X}",
            PAGE_SIZE,
            cur_paddr
        );
        // reset buffer each loop
        let mut buffer: [u8; PAGE_SIZE] = [0; PAGE_SIZE];
        kvmi.read_physical(cur_paddr, &mut buffer)
            .unwrap_or_else(|_| debug!("failed to read memory at {:#X}", cur_paddr));
        dump_file
            .write_all(&buffer)
            .expect("failed to write to file");
        // update bar
        bar.set_prefix(&*format!("{:#X}", cur_paddr));
        bar.inc(PAGE_SIZE as u64);
    }
    bar.finish();
    println!(
        "Finished dumping physical memory at {}",
        dump_path.display()
    );

    println!("Resuming the VM");
    kvmi.resume().expect("Failed to resume VM");
    Ok(())
}