vminer 0.1.0

Virtual Machine Introspection library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

#[cfg(any(feature = "linux", feature = "windows"))]
mod pointer;

#[cfg(any(feature = "linux", feature = "windows"))]
macro_rules! pointer_defs {
    ( $( $core_ty:path = $ptr:ty; )* ) => {
        trait ToPointer<T> {
            fn to_pointer<Os, Ctx>(self, os: &Os, ctx: Ctx) -> Pointer<T, Os, Ctx>;
        }

        $(
            impl ToPointer<$ptr> for $core_ty {
                #[inline]
                fn to_pointer<Os, Ctx>(self, os: &Os, ctx: Ctx) -> Pointer<$ptr, Os, Ctx> {
                    Pointer::new(self.0, os, ctx)
                }
            }

            impl<Os, Ctx> From<Pointer<'_, $ptr, Os, Ctx>> for $core_ty {
                #[inline]
                fn from(ptr: Pointer<$ptr, Os, Ctx>) -> $core_ty {
                    $core_ty(ptr.addr)
                }
            }
        )*
    };
}

#[cfg(feature = "linux")]
pub mod linux;
#[cfg(feature = "linux")]
pub use linux::Linux;

#[cfg(feature = "windows")]
pub mod windows;
#[cfg(feature = "windows")]
pub use windows::Windows;

use alloc::{boxed::Box, string::String};
use core::fmt;
use vmc::VmResult;

pub trait Buildable<B: vmc::Backend>: Sized {
    fn quick_check(_backend: &B) -> Option<OsBuilder> {
        None
    }

    fn build(backend: B, builder: OsBuilder) -> VmResult<Self>;
}

#[derive(Debug, Default)]
pub struct OsBuilder {
    pub symbols: Option<vmc::SymbolsIndexer>,
    pub kpgd: Option<vmc::PhysicalAddress>,
    pub kaslr: Option<vmc::VirtualAddress>,
    pub version: Option<String>,
    pub loader: Option<Box<dyn SymbolLoader + Send + Sync>>,
}

impl OsBuilder {
    #[inline]
    pub fn new() -> Self {
        Self::default()
    }

    #[inline]
    pub fn with_symbols(mut self, symbols: vmc::SymbolsIndexer) -> Self {
        self.symbols = Some(symbols);
        self
    }

    #[inline]
    pub fn with_kpgd(mut self, kpgd: vmc::PhysicalAddress) -> Self {
        self.kpgd = Some(kpgd);
        self
    }

    #[inline]
    pub fn with_kaslr(mut self, kaslr: vmc::VirtualAddress) -> Self {
        self.kaslr = Some(kaslr);
        self
    }

    #[inline]
    pub fn with_version(mut self, version: String) -> Self {
        self.version = Some(version);
        self
    }

    #[inline]
    pub fn build<B: vmc::Backend, Os: Buildable<B>>(self, backend: B) -> VmResult<Os> {
        Os::build(backend, self)
    }
}

#[inline]
pub fn os_builder() -> OsBuilder {
    OsBuilder::new()
}

pub trait SymbolLoader {
    fn load(&self, name: &str, id: &str) -> VmResult<Option<vmc::ModuleSymbols>>;
}

pub struct EmptyLoader;

impl SymbolLoader for EmptyLoader {
    fn load(&self, _name: &str, _id: &str) -> VmResult<Option<vmc::ModuleSymbols>> {
        Ok(None)
    }
}

impl fmt::Debug for dyn SymbolLoader + Send + Sync + '_ {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        f.debug_struct("SymbolLoader").finish_non_exhaustive()
    }
}