vmi::utils::injector

Struct InjectorHandler

Source 
pub struct InjectorHandler<Driver, Os, T, Bridge = ()>
where
    Driver: VmiDriver,
    Os: VmiOs<Driver> + OsAdapter<Driver>,
    Bridge: BridgeHandler<Driver, Os, u64>,
{ /* private fields */ }
Available on crate feature utils only.
Expand description

A handler for managing code injection into a running system.

The handler monitors CPU events to hijack threads, inject code, and track execution. It uses recipes to define the injection sequence and maintains state about the injection process.

Implementations§

Source§

impl<Driver, T> InjectorHandler<Driver, WindowsOs<Driver>, T>
where Driver: VmiDriver<Architecture = Amd64>,

Source

pub fn new( vmi: &VmiCore<Driver>, profile: &Profile<'_>, pid: ProcessId, recipe: Recipe<Driver, WindowsOs<Driver>, T>, ) -> Result<InjectorHandler<Driver, WindowsOs<Driver>, T>, VmiError>

Creates a new injector handler.

Examples found in repository?
examples/windows-recipe-messagebox.rs (lines 94-102)
64fn main() -> Result<(), Box<dyn std::error::Error>> {
65    let (session, profile) = common::create_vmi_session()?;
66
67    let explorer_pid = {
68        // This block is used to drop the pause guard after the PID is found.
69        // If the `session.handle()` would be called with the VM paused, no
70        // events would be triggered.
71        let _pause_guard = session.pause_guard()?;
72
73        let registers = session.registers(VcpuId(0))?;
74        let vmi = session.with_registers(&registers);
75
76        let explorer = match common::find_process(&vmi, "explorer.exe")? {
77            Some(explorer) => explorer,
78            None => {
79                tracing::error!("explorer.exe not found");
80                return Ok(());
81            }
82        };
83
84        tracing::info!(
85            pid = %explorer.id()?,
86            object = %explorer.object()?,
87            "found explorer.exe"
88        );
89
90        explorer.id()?
91    };
92
93    session.handle(|session| {
94        InjectorHandler::new(
95            session,
96            &profile,
97            explorer_pid,
98            recipe_factory(MessageBox::new(
99                "Hello, World!",
100                "This is a message box from the VMI!",
101            )),
102        )
103    })?;
104
105    Ok(())
106}
More examples
Hide additional examples
examples/windows-recipe-writefile.rs (lines 232-240)
202fn main() -> Result<(), Box<dyn std::error::Error>> {
203    let (session, profile) = common::create_vmi_session()?;
204
205    let explorer_pid = {
206        // This block is used to drop the pause guard after the PID is found.
207        // If the `session.handle()` would be called with the VM paused, no
208        // events would be triggered.
209        let _pause_guard = session.pause_guard()?;
210
211        let registers = session.registers(VcpuId(0))?;
212        let vmi = session.with_registers(&registers);
213
214        let explorer = match common::find_process(&vmi, "explorer.exe")? {
215            Some(explorer) => explorer,
216            None => {
217                tracing::error!("explorer.exe not found");
218                return Ok(());
219            }
220        };
221
222        tracing::info!(
223            pid = %explorer.id()?,
224            object = %explorer.object()?,
225            "found explorer.exe"
226        );
227
228        explorer.id()?
229    };
230
231    session.handle(|session| {
232        InjectorHandler::new(
233            session,
234            &profile,
235            explorer_pid,
236            recipe_factory(GuestFile::new(
237                "C:\\Users\\John\\Desktop\\test.txt",
238                "Hello, World!".as_bytes(),
239            )),
240        )
241    })?;
242
243    Ok(())
244}
examples/windows-recipe-writefile-advanced.rs (lines 332-340)
297fn main() -> Result<(), Box<dyn std::error::Error>> {
298    let (session, profile) = common::create_vmi_session()?;
299
300    let explorer_pid = {
301        // This block is used to drop the pause guard after the PID is found.
302        // If the `session.handle()` would be called with the VM paused, no
303        // events would be triggered.
304        let _pause_guard = session.pause_guard()?;
305
306        let registers = session.registers(VcpuId(0))?;
307        let vmi = session.with_registers(&registers);
308
309        let explorer = match common::find_process(&vmi, "explorer.exe")? {
310            Some(explorer) => explorer,
311            None => {
312                tracing::error!("explorer.exe not found");
313                return Ok(());
314            }
315        };
316
317        tracing::info!(
318            pid = %explorer.id()?,
319            object = %explorer.object()?,
320            "found explorer.exe"
321        );
322
323        explorer.id()?
324    };
325
326    let mut content = Vec::new();
327    for c in 'A'..='Z' {
328        content.extend((0..2049).map(|_| c as u8).collect::<Vec<_>>());
329    }
330
331    session.handle(|session| {
332        InjectorHandler::new(
333            session,
334            &profile,
335            explorer_pid,
336            recipe_factory(GuestFile::new(
337                "C:\\Users\\John\\Desktop\\test.txt",
338                content,
339            )),
340        )
341    })?;
342
343    Ok(())
344}
Source§

impl<Driver, T, Bridge> InjectorHandler<Driver, WindowsOs<Driver>, T, Bridge>
where Driver: VmiDriver<Architecture = Amd64>, Bridge: BridgeHandler<Driver, WindowsOs<Driver>, u64>,

Source

pub fn with_bridge( vmi: &VmiCore<Driver>, profile: &Profile<'_>, pid: ProcessId, bridge: Bridge, recipe: Recipe<Driver, WindowsOs<Driver>, T>, ) -> Result<InjectorHandler<Driver, WindowsOs<Driver>, T, Bridge>, VmiError>

Creates a new injector handler.

Trait Implementations§

Source§

impl<Driver, T, Bridge> VmiHandler<Driver, WindowsOs<Driver>> for InjectorHandler<Driver, WindowsOs<Driver>, T, Bridge>
where Driver: VmiDriver<Architecture = Amd64>, Bridge: BridgeHandler<Driver, WindowsOs<Driver>, u64>,

Source§

type Output = Result<u64, BridgePacket>

The output type of the handler.
Source§

fn handle_event( &mut self, vmi: VmiContext<'_, Driver, WindowsOs<Driver>>, ) -> VmiEventResponse<Amd64>

Handles a VMI event.
Source§

fn check_completion( &self, ) -> Option<<InjectorHandler<Driver, WindowsOs<Driver>, T, Bridge> as VmiHandler<Driver, WindowsOs<Driver>>>::Output>

Checks if the handler has completed. Read more
Source§

fn handle_timeout(&mut self, _session: &VmiSession<'_, Driver, Os>)

Handles a timeout event.
Source§

fn handle_interrupted(&mut self, _session: &VmiSession<'_, Driver, Os>)

Handles an interrupted event.

Auto Trait Implementations§

§

impl<Driver, Os, T, Bridge> Freeze for InjectorHandler<Driver, Os, T, Bridge>
where <Os as OsAdapter<Driver>>::Offsets: Freeze, Bridge: Freeze, T: Freeze, <<Driver as VmiDriver>::Architecture as Architecture>::Registers: Freeze,

§

impl<Driver, Os, T, Bridge = ()> !RefUnwindSafe for InjectorHandler<Driver, Os, T, Bridge>

§

impl<Driver, Os, T, Bridge> Send for InjectorHandler<Driver, Os, T, Bridge>
where <Os as OsAdapter<Driver>>::Offsets: Send, Bridge: Send, T: Send, <<Driver as VmiDriver>::Architecture as Architecture>::Registers: Send,

§

impl<Driver, Os, T, Bridge> Sync for InjectorHandler<Driver, Os, T, Bridge>
where <Os as OsAdapter<Driver>>::Offsets: Sync, Bridge: Sync, T: Sync, <<Driver as VmiDriver>::Architecture as Architecture>::Registers: Sync,

§

impl<Driver, Os, T, Bridge> Unpin for InjectorHandler<Driver, Os, T, Bridge>
where <Os as OsAdapter<Driver>>::Offsets: Unpin, Bridge: Unpin, T: Unpin, <<Driver as VmiDriver>::Architecture as Architecture>::Registers: Unpin,

§

impl<Driver, Os, T, Bridge = ()> !UnwindSafe for InjectorHandler<Driver, Os, T, Bridge>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,