Struct memprocfs::VmmPdb

source · 
pub struct VmmPdb<'a> {
    pub module: String,
    /* private fields */
}
Expand description

Debug Symbol API.

The PDB sub-system requires that MemProcFS supporting DLLs/.SO’s for debugging and symbol server are put alongside vmm.dll. Also it’s recommended that the file info.db is put alongside vmm.dll.

Created By

  • vmmprocess.pdb_from_module_address()
  • vmm.kernel().pdb()

Examples

// Retrieve the PDB struct associated with the kernel (nt).
let kernel = vmm.kernel();
let pdb = kernel.pdb();
// Retrieve the PDB struct associated with a process module.
let pdb = vmmprocess.pdb("ntdll.dll")?;

Fields§

§module: String

Implementations§

source§

impl VmmPdb<'_>

source

pub fn symbol_name_from_address( &self, va_or_offset: u64 ) -> ResultEx<(String, u32)>

Retrieve a symbol name and a displacement given a module offset or virtual address.

Arguments
  • va_or_offset - Virtual address or offset from module base.
Examples
if let Ok(r) = pdb.symbol_name_from_address(va_symbol) {
    println!("va_o: {:x} name: '{}' displacement: {:x}", va_symbol, r.0, r.1);
}
source

pub fn symbol_address_from_name(&self, symbol_name: &str) -> ResultEx<u64>

Lookup a symbol address given its name.

Arguments
  • symbol_name
Examples
let va = pdb_nt.symbol_address_from_name("MiMapContiguousMemory")?;
source

pub fn type_size(&self, type_name: &str) -> ResultEx<u32>

Retrieve the size of a struct/type.

Arguments
  • type_name
Examples
let size_eprocess = pdb_nt.type_size("_EPROCESS")?;
source

pub fn type_child_offset( &self, type_name: &str, type_child_name: &str ) -> ResultEx<u32>

Retrieve offset of a struct child member.

Arguments
  • type_name
  • type_child_name
Examples
let offet_vadroot = pdb_nt.type_child_offset("_EPROCESS", "VadRoot")?

Trait Implementations§

source§

impl<'a> Debug for VmmPdb<'a>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Display for VmmPdb<'_>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<'a> RefUnwindSafe for VmmPdb<'a>

§

impl<'a> Send for VmmPdb<'a>

§

impl<'a> Sync for VmmPdb<'a>

§

impl<'a> Unpin for VmmPdb<'a>

§

impl<'a> UnwindSafe for VmmPdb<'a>

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToString for Twhere T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.