Trait memflow::mem::memory_view::MemoryView
source · pub trait MemoryView: Send {
Show 36 methods
// Required methods
fn read_raw_iter(
&mut self,
data: ReadRawMemOps<'_, '_, '_, '_>
) -> Result<()>;
fn write_raw_iter(
&mut self,
data: WriteRawMemOps<'_, '_, '_, '_>
) -> Result<()>;
fn metadata(&self) -> MemoryViewMetadata;
// Provided methods
fn read_iter<'a, 'b>(
&mut self,
inp: impl Iterator<Item = ReadData<'a>>,
out: Option<&mut ReadCallback<'b, 'a>>,
out_fail: Option<&mut ReadCallback<'b, 'a>>
) -> Result<()> { ... }
fn read_raw_list(&mut self, data: &mut [ReadData<'_>]) -> PartialResult<()> { ... }
fn read_raw_into(
&mut self,
addr: Address,
out: &mut [u8]
) -> PartialResult<()> { ... }
fn read_raw(&mut self, addr: Address, len: usize) -> PartialResult<Vec<u8>> { ... }
fn read_into<T: Pod + ?Sized>(
&mut self,
addr: Address,
out: &mut T
) -> PartialResult<()>
where Self: Sized { ... }
fn read<T: Pod + Sized>(&mut self, addr: Address) -> PartialResult<T>
where Self: Sized { ... }
fn read_addr32(&mut self, addr: Address) -> PartialResult<Address>
where Self: Sized { ... }
fn read_addr64(&mut self, addr: Address) -> PartialResult<Address>
where Self: Sized { ... }
fn read_addr64_rip(&mut self, addr: Address) -> PartialResult<Address>
where Self: Sized { ... }
fn read_addr_arch(
&mut self,
arch: ArchitectureObj,
addr: Address
) -> PartialResult<Address>
where Self: Sized { ... }
fn read_ptr_into<U: PrimitiveAddress, T: Pod + ?Sized>(
&mut self,
ptr: Pointer<U, T>,
out: &mut T
) -> PartialResult<()>
where Self: Sized { ... }
fn read_ptr<U: PrimitiveAddress, T: Pod + Sized>(
&mut self,
ptr: Pointer<U, T>
) -> PartialResult<T>
where Self: Sized { ... }
fn write_iter<'a, 'b>(
&mut self,
inp: impl Iterator<Item = WriteData<'a>>,
out: Option<&mut WriteCallback<'b, 'a>>,
out_fail: Option<&mut WriteCallback<'b, 'a>>
) -> Result<()> { ... }
fn write_raw_list(&mut self, data: &[WriteData<'_>]) -> PartialResult<()> { ... }
fn write_raw(&mut self, addr: Address, data: &[u8]) -> PartialResult<()> { ... }
fn write<T: Pod + ?Sized>(
&mut self,
addr: Address,
data: &T
) -> PartialResult<()>
where Self: Sized { ... }
fn write_ptr<U: PrimitiveAddress, T: Pod + ?Sized>(
&mut self,
ptr: Pointer<U, T>,
data: &T
) -> PartialResult<()>
where Self: Sized { ... }
fn read_char_array(
&mut self,
addr: Address,
len: usize
) -> PartialResult<String> { ... }
fn read_char_string_n(
&mut self,
addr: Address,
n: usize
) -> PartialResult<String> { ... }
fn read_char_string(&mut self, addr: Address) -> PartialResult<String> { ... }
fn cursor(&mut self) -> MemoryCursor<Fwd<&mut Self>> ⓘ
where Self: Sized { ... }
fn into_cursor(self) -> MemoryCursor<Self> ⓘ
where Self: Sized { ... }
fn cursor_at(&mut self, address: Address) -> MemoryCursor<Fwd<&mut Self>> ⓘ
where Self: Sized { ... }
fn into_cursor_at(self, address: Address) -> MemoryCursor<Self> ⓘ
where Self: Sized { ... }
fn batcher(&mut self) -> MemoryViewBatcher<'_, Self>
where Self: Sized { ... }
fn into_overlay_arch(self, arch: ArchitectureObj) -> ArchOverlayView<Self>
where Self: Sized { ... }
fn overlay_arch(
&mut self,
arch: ArchitectureObj
) -> ArchOverlayView<Fwd<&mut Self>>
where Self: Sized { ... }
fn into_overlay_arch_parts(
self,
arch_bits: u8,
little_endian: bool
) -> ArchOverlayView<Self>
where Self: Sized { ... }
fn overlay_arch_parts(
&mut self,
arch_bits: u8,
little_endian: bool
) -> ArchOverlayView<Fwd<&mut Self>>
where Self: Sized { ... }
fn into_remap_view(
self,
mem_map: MemoryMap<(Address, umem)>
) -> RemapView<Self>
where Self: Sized { ... }
fn remap_view(
&mut self,
mem_map: MemoryMap<(Address, umem)>
) -> RemapView<Fwd<&mut Self>>
where Self: Sized { ... }
fn into_phys_mem(self) -> PhysicalMemoryOnView<Self>
where Self: Sized { ... }
fn phys_mem(&mut self) -> PhysicalMemoryOnView<Fwd<&mut Self>>
where Self: Sized { ... }
}
Expand description
The MemoryView
trait implements generic access to memory, no matter if it is a process
virtual memory, or machine’s physical memory.
The CPU accesses virtual memory by setting the CR3 register to the appropiate Directory Table Base (DTB) for that process. The ntoskrnl.exe Kernel Process has it’s own DTB. Using the DTB it is possible to resolve the physical memory location of a virtual address page. After the address has been resolved the physical memory page can then be read or written to.
There are 3 methods which are required to be implemented by the provider of this trait.
Examples
Reading from a MemoryView
:
use memflow::types::Address;
use memflow::mem::MemoryView;
fn read(mem: &mut impl MemoryView, read_addr: Address) {
let mut addr = 0u64;
mem.read_into(read_addr, &mut addr).unwrap();
println!("addr: {:x}", addr);
}
Required Methods§
fn read_raw_iter(&mut self, data: ReadRawMemOps<'_, '_, '_, '_>) -> Result<()>
fn write_raw_iter(&mut self, data: WriteRawMemOps<'_, '_, '_, '_>) -> Result<()>
fn metadata(&self) -> MemoryViewMetadata
Provided Methods§
sourcefn read_iter<'a, 'b>(
&mut self,
inp: impl Iterator<Item = ReadData<'a>>,
out: Option<&mut ReadCallback<'b, 'a>>,
out_fail: Option<&mut ReadCallback<'b, 'a>>
) -> Result<()>
fn read_iter<'a, 'b>( &mut self, inp: impl Iterator<Item = ReadData<'a>>, out: Option<&mut ReadCallback<'b, 'a>>, out_fail: Option<&mut ReadCallback<'b, 'a>> ) -> Result<()>
Read arbitrary amount of data.
Arguments
inp
- input iterator of (address, buffer) pairs.out
- optional callback for any successful reads - along the wayinp
pairs may be split and only parts of the reads may succeed. This callback will return any successful chunks that have their buffers filled in.out_fail
- optional callback for any unsuccessful reads - this is the opposite ofout
, meaning any unsuccessful chunks with buffers in an unspecified state.
Examples
use memflow::types::Address;
use memflow::mem::MemoryView;
use memflow::cglue::CTup2;
fn read(mut mem: impl MemoryView, read_addrs: &[Address]) {
let mut bufs = vec![0u8; 8 * read_addrs.len()];
let data = read_addrs
.iter()
.zip(bufs.chunks_mut(8))
.map(|(&a, chunk)| CTup2(a, chunk.into()));
mem.read_iter(data, None, None).unwrap();
println!("{:?}", bufs);
}
fn read_raw_list(&mut self, data: &mut [ReadData<'_>]) -> PartialResult<()>
fn read_raw_into(&mut self, addr: Address, out: &mut [u8]) -> PartialResult<()>
fn read_raw(&mut self, addr: Address, len: usize) -> PartialResult<Vec<u8>>
fn read_into<T: Pod + ?Sized>(
&mut self,
addr: Address,
out: &mut T
) -> PartialResult<()>where
Self: Sized,
fn read<T: Pod + Sized>(&mut self, addr: Address) -> PartialResult<T>where
Self: Sized,
fn read_addr32(&mut self, addr: Address) -> PartialResult<Address>where
Self: Sized,
fn read_addr64(&mut self, addr: Address) -> PartialResult<Address>where
Self: Sized,
sourcefn read_addr64_rip(&mut self, addr: Address) -> PartialResult<Address>where
Self: Sized,
fn read_addr64_rip(&mut self, addr: Address) -> PartialResult<Address>where
Self: Sized,
Reads the specified address as a rip-relative address.
fn read_addr_arch(
&mut self,
arch: ArchitectureObj,
addr: Address
) -> PartialResult<Address>where
Self: Sized,
fn read_ptr_into<U: PrimitiveAddress, T: Pod + ?Sized>(
&mut self,
ptr: Pointer<U, T>,
out: &mut T
) -> PartialResult<()>where
Self: Sized,
fn read_ptr<U: PrimitiveAddress, T: Pod + Sized>(
&mut self,
ptr: Pointer<U, T>
) -> PartialResult<T>where
Self: Sized,
sourcefn write_iter<'a, 'b>(
&mut self,
inp: impl Iterator<Item = WriteData<'a>>,
out: Option<&mut WriteCallback<'b, 'a>>,
out_fail: Option<&mut WriteCallback<'b, 'a>>
) -> Result<()>
fn write_iter<'a, 'b>( &mut self, inp: impl Iterator<Item = WriteData<'a>>, out: Option<&mut WriteCallback<'b, 'a>>, out_fail: Option<&mut WriteCallback<'b, 'a>> ) -> Result<()>
Write arbitrary amount of data.
Arguments
inp
- input iterator of (address, buffer) pairs.out
- optional callback for any successful writes - along the wayinp
pairs may be split and only parts of the writes may succeed. This callback will return any successful chunks that have their buffers filled in.out_fail
- optional callback for any unsuccessful writes - this is the opposite ofout
, meaning any unsuccessful chunks with buffers in an unspecified state.
Examples
use memflow::types::Address;
use memflow::mem::MemoryView;
use memflow::cglue::CTup2;
use dataview::PodMethods;
fn write(mut mem: impl MemoryView, writes: &[(Address, usize)]) {
let data = writes
.iter()
.map(|(a, chunk)| CTup2(*a, chunk.as_bytes().into()));
mem.write_iter(data, None, None).unwrap();
}
fn write_raw_list(&mut self, data: &[WriteData<'_>]) -> PartialResult<()>
fn write_raw(&mut self, addr: Address, data: &[u8]) -> PartialResult<()>
fn write<T: Pod + ?Sized>(
&mut self,
addr: Address,
data: &T
) -> PartialResult<()>where
Self: Sized,
fn write_ptr<U: PrimitiveAddress, T: Pod + ?Sized>(
&mut self,
ptr: Pointer<U, T>,
data: &T
) -> PartialResult<()>where
Self: Sized,
sourcefn read_char_array(
&mut self,
addr: Address,
len: usize
) -> PartialResult<String>
fn read_char_array( &mut self, addr: Address, len: usize ) -> PartialResult<String>
Reads a fixed length string from the target.
Remarks:
The string does not have to be null-terminated.
If a null terminator is found the string is truncated to the terminator.
If no null terminator is found the resulting string is exactly len
characters long.
sourcefn read_char_string_n(
&mut self,
addr: Address,
n: usize
) -> PartialResult<String>
fn read_char_string_n( &mut self, addr: Address, n: usize ) -> PartialResult<String>
Reads a variable length string with a length of up to specified amount from the target.
Arguments
addr
- target address to read fromn
- maximum number of bytes to read
Remarks:
The string must be null-terminated. If no null terminator is found the this function will return an error.
For reading fixed-size char arrays the read_char_array
should be used.
sourcefn read_char_string(&mut self, addr: Address) -> PartialResult<String>
fn read_char_string(&mut self, addr: Address) -> PartialResult<String>
Reads a variable length string with up to 4kb length from the target.
Arguments
addr
- target address to read from