vmi_os_windows

Struct WindowsFileObject

Source 
pub struct WindowsFileObject<'a, Driver>
where
    Driver: VmiDriver,
    Driver::Architecture: Architecture + ArchAdapter<Driver>,
{ /* private fields */ }
Expand description

A Windows file object.

A file object is a kernel structure that represents an open file or device in the Windows Object Manager. It contains metadata about the file, its access permissions, and associated device or volume.

§Implementation Details

Corresponds to _FILE_OBJECT.

Implementations§

Source§

impl<'a, Driver> WindowsFileObject<'a, Driver>
where Driver: VmiDriver, Driver::Architecture: Architecture + ArchAdapter<Driver>,

Source

pub fn new(vmi: VmiState<'a, Driver, WindowsOs<Driver>>, va: Va) -> Self

Creates a new Windows file object.

Source

pub fn device_object(&self) -> Result<WindowsObject<'a, Driver>, VmiError>

Returns the device object associated with the file object.

§Implementation Details

Corresponds to _FILE_OBJECT.DeviceObject.

Source

pub fn filename(&self) -> Result<String, VmiError>

Returns the filename associated with the file object.

§Implementation Details

Corresponds to _FILE_OBJECT.FileName.

§Notes

This operation might fail as the filename is allocated from paged pool.

Source

pub fn full_path(&self) -> Result<String, VmiError>

Constructs the full path of a file from its FILE_OBJECT.

This function first reads the DeviceObject field of the FILE_OBJECT structure. Then it reads the ObjectNameInfo of the DeviceObject and its directory. Finally, it concatenates the device directory name, device name, and file name.

§Implementation Details

Corresponds to _FILE_OBJECT.DeviceObject.NameInfo.Name concatenated with _FILE_OBJECT.FileName.

Trait Implementations§

Source§

impl<'a, Driver> From<WindowsFileObject<'a, Driver>> for WindowsObject<'a, Driver>
where Driver: VmiDriver, Driver::Architecture: Architecture + ArchAdapter<Driver>,

Source§

fn from(value: WindowsFileObject<'a, Driver>) -> Self

Converts to this type from the input type.
Source§

impl<Driver> VmiVa for WindowsFileObject<'_, Driver>
where Driver: VmiDriver, Driver::Architecture: Architecture + ArchAdapter<Driver>,

Source§

fn va(&self) -> Va

Returns the virtual address.

Auto Trait Implementations§

§

impl<'a, Driver> Freeze for WindowsFileObject<'a, Driver>

§

impl<'a, Driver> !RefUnwindSafe for WindowsFileObject<'a, Driver>

§

impl<'a, Driver> !Send for WindowsFileObject<'a, Driver>

§

impl<'a, Driver> !Sync for WindowsFileObject<'a, Driver>

§

impl<'a, Driver> Unpin for WindowsFileObject<'a, Driver>

§

impl<'a, Driver> !UnwindSafe for WindowsFileObject<'a, Driver>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,