def read(self, ctx, count): buffer = ffi.new("char[]", count) bytes_read = ffi.new("size_t *") status = lib.vmi_read(self.vmi, ctx, count, buffer, bytes_read) check(status) # transform into Python bytes buffer = ffi.buffer(buffer, bytes_read[0])[:] return (buffer, bytes_read[0])
def to_ffi(self): ffi_ctx = ffi.new("access_context_t *") ffi_ctx.translate_mechanism = self.tr_mechanism.value if self.tr_mechanism == TranslateMechanism.KERNEL_SYMBOL: ffi_ctx.ksym = ffi.new("char []", self.ksym.encode()) else: ffi_ctx.addr = self.addr ffi_ctx.dtb = self.dtb ffi_ctx.pid = self.pid return ffi_ctx
def __init__(self, vm_name): self.vmi = None self.opaque_vmi = ffi.new("vmi_instance_t *") init_error = ffi.new("vmi_init_error_t *") # init libvmi status = lib.vmi_init_complete(self.opaque_vmi, vm_name.encode(), lib.VMI_INIT_DOMAINNAME, ffi.NULL, lib.VMI_CONFIG_GLOBAL_FILE_ENTRY, ffi.NULL, init_error) error_msg = LibvmiInitError(init_error[0]).name check(status, error_msg) # store handle to real vmi_instance_t self.vmi = self.opaque_vmi[0]
def translate_v2ksym(self, addr): ctx = ffi.new("access_context_t *") ctx.translate_mechanism = lib.VMI_TM_PROCESS_PID symbol = lib.vmi_translate_v2ksym(self.vmi, ctx, addr) if symbol == ffi.NULL: raise LibvmiError('VMI_FAILURE') return ffi.string(symbol).decode()
def get_kernel_struct_offset(self, struct_name, member): value = ffi.new("addr_t *") status = lib.vmi_get_kernel_struct_offset(self.vmi, struct_name.encode(), member.encode(), value) check(status) return value[0]
def write_addr(self, ctx, value): cffi_value = ffi.new("addr_t *", value) status = lib.vmi_write_addr(self.vmi, ctx, cffi_value) check(status)
def write_64(self, ctx, value): cffi_value = ffi.new("uint64_t *", value) status = lib.vmi_write_64(self.vmi, ctx, cffi_value) check(status)
def write_pa(self, paddr, count, buffer): cffi_buffer = ffi.from_buffer(buffer) bytes_written = ffi.new("size_t *") status = lib.vmi_write_va(self.vmi, paddr, count, cffi_buffer, bytes_written) check(status)
def pid_to_dtb(self, pid): dtb = ffi.new('addr_t *') status = lib.vmi_pid_to_dtb(self.vmi, pid, dtb) check(status) return dtb[0]
def get_vcpuregs(self, vcpu): registers = ffi.new("registers_t *") status = lib.vmi_get_vcpuregs(self.vmi, registers, vcpu) check(status) return registers
def write_addr_pa(self, paddr, value): cffi_value = ffi.new("addr_t *", value) status = lib.vmi_write_addr_pa(self.vmi, paddr, cffi_value) check(status)
def read_addr_ksym(self, symbol): value = ffi.new("addr_t *") status = lib.vmi_read_addr_ksym(self.vmi, symbol.encode(), value) check(status) return value[0]
def read_addr(self, ctx): value = ffi.new("addr_t *") status = lib.vmi_read_addr(self.vmi, ctx, value) check(status) return value[0]
def read_64(self, ctx): value = ffi.new("uint64_t *") status = lib.vmi_read_64(self.vmi, ctx, value) check(status) return value[0]
def translate_sym2v(self, ctx, symbol): vaddr = ffi.new("addr_t *") status = lib.vmi_translate_sym2v(self.vmi, ctx, symbol.encode(), vaddr) check(status) return vaddr[0]
def pagetable_lookup_extended(self, dtb, vaddr): page_info = ffi.new("page_info_t *") status = lib.vmi_pagetable_lookup_extended(self.vmi, dtb, vaddr, page_info) check(status) return page_info
def pagetable_lookup(self, dtb, vaddr): paddr = ffi.new("addr_t *") status = lib.vmi_pagetable_lookup(self.vmi, dtb, vaddr, paddr) check(status) return paddr[0]
def dtb_to_pid(self, dtb): pid = ffi.new("vmi_pid_t *") status = lib.vmi_dtb_to_pid(self.vmi, dtb, pid) check(status) return pid[0]
def write_addr_ksym(self, symbol, value): cffi_value = ffi.new("addr_t *", value) status = lib.vmi_write_addr_ksym(self.vmi, symbol.encode(), cffi_value) check(status)
def write_addr_va(self, vaddr, pid, value): cffi_value = ffi.new("addr_t *", value) status = lib.vmi_write_addr_va(self.vmi, vaddr, pid, cffi_value) check(status)
def read_addr_va(self, vaddr, pid): value = ffi.new("addr_t *") status = lib.vmi_read_addr_va(self.vmi, vaddr, pid, value) check(status) return value[0]
def get_offset(self, offset_name): offset = ffi.new("addr_t *") status = lib.vmi_get_offset(self.vmi, offset_name.encode(), offset) check(status) return offset[0]
def translate_uv2p(self, vaddr, pid): paddr = ffi.new("addr_t *") status = lib.vmi_translate_uv2p(self.vmi, vaddr, pid, paddr) check(status) return paddr[0]
def get_vcpu_reg(self, reg, vcpu): value = ffi.new("uint64_t *") status = lib.vmi_get_vcpureg(self.vmi, value, reg, vcpu) check(status) return value[0]
def write_ksym(self, symbol, count, buffer): cffi_buffer = ffi.from_buffer(buffer) bytes_written = ffi.new("size_t *") status = lib.vmi_write_ksym(self.vmi, symbol, count, cffi_buffer, bytes_written) check(status)
def read_addr_pa(self, paddr): value = ffi.new("addr_t *") status = lib.vmi_read_addr_pa(self.vmi, paddr, value) check(status) return value[0]
def write_va(self, vaddr, pid, count): buffer = ffi.new("char[]", count) bytes_written = ffi.new("size_t *") status = lib.vmi_write_va(self.vmi, vaddr, pid, count, buffer, bytes_written) check(status)