[−][src]Crate vmread
A library for reading and writing windows memory running on a KVM-based virtual machine
Feature flags
vmread uses a set of feature flags to switch between different modes of operation. This is to allow maximum performance in given circumstances. Currently there are 3 available modes:
default
: Uses system calls to perform memory read/write operations. It is the safest option available, although rather slow.internal_rw
: Accesses memory directly. This is meant for shared libraries that get loaded into the KVM process (usually qemu-system-x86_64). This is the least safe option, and is very inconsistent to pull off across various system installations.kmod_rw
: With the help of a kernel module we are able to map the entirety of KVM address space into our current address space and access it directly. It is a great blend between the default and internal modes, and is the best way forward if running custom kernel modules is an option.
Example
A simple process list:
extern crate vmread; fn main() { let ctx_ret = vmread::create_context(0); if ctx_ret.is_ok() { let (mut ctx, _) = ctx_ret.unwrap(); println!("VMRead initialized!"); println!("Process List:\nPID\tVIRT\t\t\tPHYS\t\tBASE\t\tNAME"); for i in &(ctx.refresh_processes().process_list) { println!("{:#4x}\t{:#16x}\t{:#9x}\t{:#9x}\t{}", i.proc.pid, i.proc.process, i.proc.physProcess, i.proc.dirBase, i.name); } } else { let (eval, estr) = ctx_ret.err().unwrap(); println!("Initialization error {}: {}", eval, estr); } }
Re-exports
pub extern crate vmread_sys as sys; |
pub use self::win_context::*; |
pub use self::win_process::*; |
pub use self::win_dll::*; |
pub use self::win_export::*; |
pub use self::rwlist::*; |
pub use self::tlb::*; |
Modules
rwlist | |
tlb | |
win_context | |
win_dll | |
win_export | |
win_process |