vmi_core::os

Trait VmiOsProcess

Source 
pub trait VmiOsProcess<'a, Driver>: VmiVa + 'a
where
    Driver: VmiDriver,
{
    type Os: VmiOs<Driver>;

    // Required methods
    fn id(&self) -> Result<ProcessId, VmiError>;
    fn object(&self) -> Result<ProcessObject, VmiError>;
    fn name(&self) -> Result<String, VmiError>;
    fn parent_id(&self) -> Result<ProcessId, VmiError>;
    fn architecture(&self) -> Result<VmiOsImageArchitecture, VmiError>;
    fn translation_root(&self) -> Result<Pa, VmiError>;
    fn user_translation_root(&self) -> Result<Pa, VmiError>;
    fn image_base(&self) -> Result<Va, VmiError>;
    fn regions(
        &self,
    ) -> Result<impl Iterator<Item = Result<<Self::Os as VmiOs<Driver>>::Region<'a>, VmiError>>, VmiError>;
    fn find_region(
        &self,
        address: Va,
    ) -> Result<Option<<Self::Os as VmiOs<Driver>>::Region<'a>>, VmiError>;
    fn threads(
        &self,
    ) -> Result<impl Iterator<Item = Result<<Self::Os as VmiOs<Driver>>::Thread<'a>, VmiError>>, VmiError>;
    fn is_valid_address(&self, address: Va) -> Result<Option<bool>, VmiError>;
}
Expand description

A trait for process objects.

This trait provides an abstraction over processes within a guest OS.

Required Associated Types§

Source

type Os: VmiOs<Driver>

The VMI OS type.

Required Methods§

Source

fn id(&self) -> Result<ProcessId, VmiError>

Returns the process ID.

Source

fn object(&self) -> Result<ProcessObject, VmiError>

Returns the process object.

Source

fn name(&self) -> Result<String, VmiError>

Returns the name of the process.

§Platform-specific
  • Windows: _EPROCESS.ImageFileName (limited to 16 characters).
  • Linux: _task_struct.comm (limited to 16 characters).
Source

fn parent_id(&self) -> Result<ProcessId, VmiError>

Returns the parent process ID.

Source

fn architecture(&self) -> Result<VmiOsImageArchitecture, VmiError>

Returns the architecture of the process.

Source

fn translation_root(&self) -> Result<Pa, VmiError>

Returns the process’s page table translation root.

Source

fn user_translation_root(&self) -> Result<Pa, VmiError>

Returns the user-mode page table translation root.

If KPTI is disabled, this function will return the same value as translation_root.

Source

fn image_base(&self) -> Result<Va, VmiError>

Returns the base address of the process image.

Source

fn regions( &self, ) -> Result<impl Iterator<Item = Result<<Self::Os as VmiOs<Driver>>::Region<'a>, VmiError>>, VmiError>

Returns an iterator over the process’s memory regions.

Source

fn find_region( &self, address: Va, ) -> Result<Option<<Self::Os as VmiOs<Driver>>::Region<'a>>, VmiError>

Finds the memory region containing the given address.

Source

fn threads( &self, ) -> Result<impl Iterator<Item = Result<<Self::Os as VmiOs<Driver>>::Thread<'a>, VmiError>>, VmiError>

Returns an iterator over the threads in the process.

§Platform-specific
  • Windows: _EPROCESS.ThreadListHead.
Source

fn is_valid_address(&self, address: Va) -> Result<Option<bool>, VmiError>

Checks whether the given virtual address is valid in the process.

This method checks if page-faulting on the address would result in a successful access.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§

Source§

impl<'a, Driver> VmiOsProcess<'a, Driver> for NoOS
where Driver: VmiDriver,

Source§

type Os = NoOS