Crate vmw_backdoor

source ·
Expand description

A pure-Rust library for VMware host-guest protocol (“VMXh backdoor”).

This library provides helpers to access and use the VMware backdoor from a guest VM. It allows bi-directional interactions with the VMWare hypervisor and host environment.

The “backdoor” protocol does not have official specifications, but it has been widely analyzed and there are multiple projects documenting it:

  1. https://github.com/vmware/open-vm-tools/blob/stable-11.0.5/open-vm-tools/lib/include/backdoor_def.h
  2. https://wiki.osdev.org/VMware_tools
  3. https://sysprogs.com/legacy/articles/kdvmware/guestrpc.shtml
  4. https://github.com/vmware/vmw-guestinfo/tree/master/bdoor
  5. https://sites.google.com/site/chitchatvmback/backdoor

Example

let is_vmw = vmw_backdoor::is_vmware_cpu();
println!("VMware CPU detected: {}.", is_vmw);

let mut guard = vmw_backdoor::access_backdoor_privileged().unwrap();
println!("Raised I/O access to reach backdoor port.");

let found = guard.probe_vmware_backdoor().unwrap_or(false);
println!("VMware backdoor detected: {}.", found);

let mut erpc = guard.open_enhanced_chan().unwrap();
let key = "guestinfo.ignition.config.data";
let guestinfo = erpc.get_guestinfo(key.as_bytes()).unwrap();

if let Some(val) = guestinfo {
    println!("Got value for key '{}':", key);
    println!("{}", String::from_utf8_lossy(&val));
};

Structs

BackdoorGuard
Guard for an open backdoor.
EnhancedChan
Channel for enhanced-RPC transfers.
VmwError
VMware backdoor errors.

Functions

access_backdoor
Try to acquire access to the backdoor, but do NOT probe its presence.
access_backdoor_privileged
Try to acquire access to the backdoor, but do NOT probe its presence.
is_vmware_cpu
Check whether this is running on VMware virtual CPU.
probe_backdoor
Try to acquire access to the backdoor, and probe its presence.
probe_backdoor_privileged
Try to acquire access to the backdoor, and probe its presence.