Crate isr_cache

Source
Expand description

§Opinionated cache for OS kernel profiles

This crate provides a caching mechanism for profiles generated and used by the isr crate family. It offers several features to streamline the process of accessing and managing symbol information, including methods for downloading necessary debug symbols for Windows (PDB files) and Linux (DWARF debug info and system map).

§Usage

The main component of this crate is the IsrCache struct.

Example of loading a profile from a PDB file using the CodeView information:

use isr::{
    download::pdb::CodeView,
    cache::{IsrCache, JsonCodec},
};

// Create a new cache instance.
let cache = IsrCache::<JsonCodec>::new("cache")?;

// Use the CodeView information of the Windows 10.0.18362.356 kernel.
let codeview = CodeView {
    path: String::from("ntkrnlmp.pdb"),
    guid: String::from("ce7ffb00c20b87500211456b3e905c471"),
};

// Fetch and create (or get existing) the entry.
let entry = cache.entry_from_codeview(codeview)?;

// Get the profile from the entry.
let profile = entry.profile()?;

Example of loading a profile based on a Linux kernel banner:

use isr::cache::{IsrCache, JsonCodec};

// Create a new cache instance.
let cache = IsrCache::<JsonCodec>::new("cache")?;

// Use the Linux banner of the Ubuntu 6.8.0-40.40~22.04.3-generic kernel.
let banner = "Linux version 6.8.0-40-generic \
              (buildd@lcy02-amd64-078) \
              (x86_64-linux-gnu-gcc-12 (Ubuntu 12.3.0-1ubuntu1~22.04) \
              12.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) \
              #40~22.04.3-Ubuntu SMP PREEMPT_DYNAMIC \
              Tue Jul 30 17:30:19 UTC 2 \
              (Ubuntu 6.8.0-40.40~22.04.3-generic 6.8.12)";

// Fetch and create (or get existing) the entry.
// Note that the download of Linux debug symbols may take a while.
let entry = cache.entry_from_linux_banner(banner)?;

// Get the profile from the entry.
let profile = entry.profile()?;

Consult the vmi crate for more information on how to download debug symbols for introspected VMs.

Structs§

BincodeCodec
A codec for the bincode format.
CodeView
CodeView information extracted from a PDB file.
Entry
An entry in the IsrCache.
IsrCache
A cache for OS kernel profiles.
JsonCodec
A codec for the JSON format.
LinuxBanner
Linux banner.
MsgpackCodec
A codec for the MessagePack format.
PdbDownloader
Profile
Profile.
UbuntuDownloader
UbuntuVersionSignature

Enums§

Error
Error type for the ISR cache.
LinuxVersionSignature

Traits§

Codec
A codec for encoding and decoding profiles.