mquire 1.2.7

Memory forensics and analysis tool for querying Linux kernel memory dumps using SQL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

//
// Copyright (c) 2025-present, Trail of Bits, Inc.
// All rights reserved.
//
// This source code is licensed in accordance with the terms specified in
// the LICENSE file found in the root directory of this source tree.
//

/// Represents the source of dmesg/kernel log data
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum DmesgDataSource {
    /// Data read from the kernel's printk ringbuffer
    PrintkRingbuffer,
}

impl DmesgDataSource {
    pub fn as_str(&self) -> &'static str {
        match self {
            DmesgDataSource::PrintkRingbuffer => "printk_ringbuffer",
        }
    }
}

/// Represents a single kernel log message from dmesg
#[derive(Debug, Clone)]
pub struct DmesgEntry {
    /// The source of this log entry
    pub data_source: DmesgDataSource,

    /// Timestamp (nanoseconds since boot)
    pub timestamp_ns: u64,

    /// Log level (0-7, where 0=emergency, 7=debug)
    pub level: u8,

    /// Facility code
    pub facility: u8,

    /// The sequence number of this message
    pub sequence: u64,

    /// The log message text
    pub message: String,

    /// Caller information (if available)
    pub caller_id: Option<u32>,
}