memflow_kcore/
lib.rs

1use goblin::Object;
2use memflow::connector::fileio::{CloneFile, FileIoMemory};
3use memflow::mem::MemoryMap;
4use memflow::prelude::v1::*;
5use std::fs::File;
6use std::io::Read;
7
8#[cfg_attr(feature = "plugins", connector(name = "kcore"))]
9pub fn create_connector(args: &ConnectorArgs) -> Result<FileIoMemory<CloneFile>> {
10    let mut mem = File::open(
11        args.target
12            .as_ref()
13            .map(|v| v.as_ref())
14            .unwrap_or("/proc/kcore"),
15    )
16    .map_err(|_| Error(ErrorOrigin::Connector, ErrorKind::UnableToReadFile))?;
17
18    let mut head = vec![0; size::mb(2)];
19    mem.read(&mut head).ok();
20
21    let mut map = MemoryMap::new();
22
23    if let Ok(Object::Elf(elf)) = Object::parse(&head) {
24        for (b, s, r) in elf
25            .program_headers
26            .iter()
27            .filter(|h| h.p_paddr != u64::MAX)
28            .filter(|h| h.p_vaddr != 0)
29            .map(|h| {
30                (
31                    Address::from(h.p_paddr),
32                    h.p_filesz as umem,
33                    Address::from(h.p_offset),
34                )
35            })
36        {
37            map.push_remap(b, s, r);
38        }
39
40        FileIoMemory::with_mem_map(mem.into(), map)
41    } else {
42        Err(Error(ErrorOrigin::Connector, ErrorKind::InvalidExeFile))
43    }
44}
memflow_kcore/lib.rs

memflow_kcore/
lib.rs
