[−][src]Struct memflow_win32::win32::kernel_builder::KernelBuilder
Builder for a Windows Kernel structure.
This function encapsulates the entire setup process for a Windows target and will make sure the user gets a properly initialized object at the end.
This function is a high level abstraction over the individual parts of initialization a Windows target:
- Scanning for the ntoskrnl and retrieving the
KernelInfostruct. - Retrieving the Offsets for the target Windows version.
- Creating a struct which implements
VirtualTranslatefor virtual to physical address translations. - Optionally wrapping the Connector or the
VirtualTranslateobject into a cached object. - Initialization of the Kernel structure itself.
Examples
Using the builder with default values:
use memflow::mem::PhysicalMemory; use memflow_win32::win32::Kernel; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .build() .unwrap(); }
Using the builder with default cache configurations:
use memflow::mem::PhysicalMemory; use memflow_win32::win32::Kernel; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .build_default_caches() .build() .unwrap(); }
Customizing the caches:
use memflow::mem::{PhysicalMemory, CachedMemoryAccess, CachedVirtualTranslate}; use memflow_win32::win32::Kernel; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .build_page_cache(|connector, arch| { CachedMemoryAccess::builder(connector) .arch(arch) .build() .unwrap() }) .build_vat_cache(|vat, arch| { CachedVirtualTranslate::builder(vat) .arch(arch) .build() .unwrap() }) .build() .unwrap(); }
Remarks
Manual initialization of the above examples would look like the following:
use memflow::prelude::v1::*; use memflow_win32::prelude::{KernelInfo, Win32Offsets, Kernel}; fn test<T: PhysicalMemory>(mut connector: T) { // Use the ntoskrnl scanner to find the relevant KernelInfo (start_block, arch, dtb, ntoskrnl, etc) let kernel_info = KernelInfo::scanner(&mut connector).scan().unwrap(); // Download the corresponding pdb from the default symbol store let offsets = Win32Offsets::builder().kernel_info(&kernel_info).build().unwrap(); // Create a struct for doing virtual to physical memory translations let vat = DirectTranslate::new(); // Create a Page Cache layer with default values let mut connector_cached = CachedMemoryAccess::builder(connector) .arch(kernel_info.start_block.arch) .build() .unwrap(); // Create a TLB Cache layer with default values let vat_cached = CachedVirtualTranslate::builder(vat) .arch(kernel_info.start_block.arch) .build() .unwrap(); // Initialize the final Kernel object let _kernel = Kernel::new(&mut connector_cached, vat_cached, offsets, kernel_info); }
Implementations
impl<T> KernelBuilder<T, T, DirectTranslate> where
T: PhysicalMemory, [src]
T: PhysicalMemory,
pub fn new(connector: T) -> KernelBuilder<T, T, DirectTranslate>[src]
impl<'a, T, TK, VK> KernelBuilder<T, TK, VK> where
T: PhysicalMemory,
TK: PhysicalMemory,
VK: VirtualTranslate, [src]
T: PhysicalMemory,
TK: PhysicalMemory,
VK: VirtualTranslate,
pub fn build(self) -> Result<Kernel<TK, VK>>[src]
pub fn arch(self, arch: ArchitectureObj) -> Self[src]
pub fn kernel_hint(self, kernel_hint: Address) -> Self[src]
pub fn dtb(self, dtb: Address) -> Self[src]
pub fn symbol_store(self, symbol_store: SymbolStore) -> Self[src]
Configures the symbol store to be used when constructing the Kernel. This will override the default symbol store that is being used if no other setting is configured.
Examples
use memflow::mem::PhysicalMemory; use memflow_win32::prelude::{Kernel, SymbolStore}; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .symbol_store(SymbolStore::new().no_cache()) .build() .unwrap(); }
pub fn no_symbol_store(self) -> Self[src]
Disables the symbol store when constructing the Kernel. By default a default symbol store will be used when constructing a kernel. This option allows the user to disable the symbol store alltogether and fall back to the built-in offsets table.
Examples
use memflow::mem::PhysicalMemory; use memflow_win32::win32::Kernel; use memflow_win32::offsets::SymbolStore; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .no_symbol_store() .build() .unwrap(); }
pub fn build_default_caches(
self
) -> KernelBuilder<T, CachedMemoryAccess<'a, T, DefaultCacheValidator>, CachedVirtualTranslate<DirectTranslate, DefaultCacheValidator>>[src]
self
) -> KernelBuilder<T, CachedMemoryAccess<'a, T, DefaultCacheValidator>, CachedVirtualTranslate<DirectTranslate, DefaultCacheValidator>>
Creates the Kernel structure with default caching enabled.
If this option is specified, the Kernel structure is generated with a (page level cache)[../index.html] with default settings. On top of the page level cache a vat cache will be setupped.
Examples
use memflow::mem::PhysicalMemory; use memflow_win32::win32::Kernel; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .build_default_caches() .build() .unwrap(); }
pub fn build_page_cache<TKN, F: FnOnce(T, ArchitectureObj) -> TKN + 'static>(
self,
func: F
) -> KernelBuilder<T, TKN, VK> where
TKN: PhysicalMemory, [src]
self,
func: F
) -> KernelBuilder<T, TKN, VK> where
TKN: PhysicalMemory,
Creates a Kernel structure by constructing the page cache from the given closure.
This function accepts a FnOnce closure that is being evaluated
after the ntoskrnl has been found.
Examples
use memflow::mem::{PhysicalMemory, CachedMemoryAccess}; use memflow_win32::win32::Kernel; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .build_page_cache(|connector, arch| { CachedMemoryAccess::builder(connector) .arch(arch) .build() .unwrap() }) .build() .unwrap(); }
pub fn build_vat_cache<VKN, F: FnOnce(DirectTranslate, ArchitectureObj) -> VKN + 'static>(
self,
func: F
) -> KernelBuilder<T, TK, VKN> where
VKN: VirtualTranslate, [src]
self,
func: F
) -> KernelBuilder<T, TK, VKN> where
VKN: VirtualTranslate,
Creates a Kernel structure by constructing the vat cache from the given closure.
This function accepts a FnOnce closure that is being evaluated
after the ntoskrnl has been found.
Examples
use memflow::mem::{PhysicalMemory, CachedVirtualTranslate}; use memflow_win32::win32::Kernel; fn test<T: PhysicalMemory>(connector: T) { let _kernel = Kernel::builder(connector) .build_vat_cache(|vat, arch| { CachedVirtualTranslate::builder(vat) .arch(arch) .build() .unwrap() }) .build() .unwrap(); }
Auto Trait Implementations
impl<T, TK, VK> !RefUnwindSafe for KernelBuilder<T, TK, VK>[src]
impl<T, TK, VK> !Send for KernelBuilder<T, TK, VK>[src]
impl<T, TK, VK> !Sync for KernelBuilder<T, TK, VK>[src]
impl<T, TK, VK> Unpin for KernelBuilder<T, TK, VK> where
T: Unpin, [src]
T: Unpin,
impl<T, TK, VK> !UnwindSafe for KernelBuilder<T, TK, VK>[src]
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized, [src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T[src]
impl<T> From<T> for T[src]
impl<T, U> Into<U> for T where
U: From<T>, [src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,