Expand description
§Windows OS-specific VMI operations
This crate provides functionality for introspecting Windows-based
virtual machines, working in conjunction with the vmi-core crate.
It offers abstractions and utilities for navigating Windows kernel
structures, analyzing processes and memory, and performing Windows-specific
VMI tasks.
§Features
- Windows kernel structure parsing and navigation
- Process and thread introspection
- Memory management operations (VAD tree traversal, PFN database manipulation)
- Windows object handling (files, sections, etc.)
- PE file format parsing and analysis
§Safety Considerations
Many operations in this crate require pausing the VM to ensure consistency. Always pause the VM when performing operations that could be affected by concurrent changes in the guest OS. Be aware of the Windows version you’re introspecting, as kernel structures may vary between versions. Handle errors appropriately, as VMI operations can fail due to various reasons (e.g., invalid memory access, incompatible Windows version).
§Example
let _guard = vmi.pause_guard()?;
// Perform introspection operations here
// VM automatically resumes when `_guard` goes out of scopeAlways consider the potential for race conditions and ensure you’re working with a consistent state of the guest OS.
Re-exports§
Modules§
- pe
- Portable Executable (PE) module.
Structs§
- Code
View - CodeView information extracted from a PDB file.
- Handle
Table Entry Iterator - An iterator for traversing entries in a Windows handle table.
- List
Entry Iterator - An iterator for traversing list entries.
- Offsets
- Offsets for Windows.
- Parse
Object Type Error - Error parsing a Windows object type.
- Symbols
- Windows kernel symbols used by the
WindowsOsimplementation. - Tree
Node Iterator - An iterator for traversing tree nodes.
- Windows
Control Area - A Windows control area.
- Windows
Directory Object - A Windows directory object.
- Windows
Exception Record - Represents a
_EXCEPTION_RECORDstructure. - Windows
File Object - A Windows file object.
- Windows
Handle Table - A Windows handle table.
- Windows
Handle Table Entry - A Windows handle table entry.
- Windows
Image - A Windows executable image (PE).
- Windows
Kernel Information - Information about the Windows kernel image.
- Windows
Module - A Windows kernel module.
- Windows
Object - A Windows object.
- Windows
Object Attributes - A Windows object attributes.
- Windows
Object Header Name Info - A name information for a Windows object.
- Windows
Object Type - A Windows object type object.
- Windows
Os - VMI operations for the Windows operating system.
- Windows
Peb - A Windows process environment block (PEB).
- Windows
Process - A Windows process.
- Windows
Process Parameters - A Windows process parameters structure.
- Windows
Region - A Windows memory region.
- Windows
Section Object - A Windows section object.
- Windows
Session - A Windows session space.
- Windows
Thread - A Windows thread.
Enums§
- Offsets
Ext - Extended offsets for Windows.
- Windows
Error - Error types for Windows operations.
- Windows
Object Type Kind - Identifies the type of a Windows kernel object.
- Windows
Wow64 Kind - The address space type in a WoW64 process.
Traits§
- Windows
OsExt WindowsOsextensions for theVmiContext.