VmmPdb

memprocfs

Struct VmmPdb 

Source 
pub struct VmmPdb<'a> {
    pub module: String,
    /* private fields */
}
Expand description

Debug Symbol API.

The PDB sub-system requires that MemProcFS supporting DLLs/.DYLIBs/.SOs for debugging and symbol server are put alongside vmm.dll. Also it’s recommended that the file info.db is put alongside vmm.dll.

§Created By

§Examples

// Retrieve the PDB struct associated with the kernel (nt).
let kernel = vmm.kernel();
let pdb = kernel.pdb();
// Retrieve the PDB struct associated with a process module.
let pdb = vmmprocess.pdb_from_module_name("ntdll.dll")?;

Fields§

§module: String

Implementations§

Source§

impl VmmPdb<'_>

Source

pub fn symbol_name_from_address( &self, va_or_offset: u64, ) -> ResultEx<(String, u32)>

Retrieve a symbol name and a displacement given a module offset or virtual address.

§Arguments
  • va_or_offset - Virtual address or offset from module base.
§Examples
if let Ok(r) = pdb.symbol_name_from_address(va_symbol) {
    println!("va_o: {:x} name: '{}' displacement: {:x}", va_symbol, r.0, r.1);
}
Source

pub fn symbol_address_from_name(&self, symbol_name: &str) -> ResultEx<u64>

Lookup a symbol address given its name.

§Arguments
  • symbol_name
§Examples
let va = pdb_nt.symbol_address_from_name("MiMapContiguousMemory")?;
Source

pub fn type_size(&self, type_name: &str) -> ResultEx<u32>

Retrieve the size of a struct/type.

§Arguments
  • type_name
§Examples
let size_eprocess = pdb_nt.type_size("_EPROCESS")?;
Source

pub fn type_child_offset( &self, type_name: &str, type_child_name: &str, ) -> ResultEx<u32>

Retrieve offset of a struct child member.

§Arguments
  • type_name
  • type_child_name
§Examples
let offet_vadroot = pdb_nt.type_child_offset("_EPROCESS", "VadRoot")?

Trait Implementations§

Source§

impl<'a> Clone for VmmPdb<'a>

Source§

fn clone(&self) -> VmmPdb<'a>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<'a> Debug for VmmPdb<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for VmmPdb<'_>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<'a> Freeze for VmmPdb<'a>

§

impl<'a> RefUnwindSafe for VmmPdb<'a>

§

impl<'a> Send for VmmPdb<'a>

§

impl<'a> Sync for VmmPdb<'a>

§

impl<'a> Unpin for VmmPdb<'a>

§

impl<'a> UnwindSafe for VmmPdb<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.