def read(self, ctx, count):
buffer = ffi.new("char[]", count)
bytes_read = ffi.new("size_t *")
status = lib.vmi_read(self.vmi, ctx, count, buffer, bytes_read)
check(status)
# transform into Python bytes
buffer = ffi.buffer(buffer, bytes_read[0])[:]
return (buffer, bytes_read[0])
def to_ffi(self):
ffi_ctx = ffi.new("access_context_t *")
ffi_ctx.translate_mechanism = self.tr_mechanism.value
if self.tr_mechanism == TranslateMechanism.KERNEL_SYMBOL:
ffi_ctx.ksym = ffi.new("char []", self.ksym.encode())
else:
ffi_ctx.addr = self.addr
ffi_ctx.dtb = self.dtb
ffi_ctx.pid = self.pid
return ffi_ctx
def __init__(self, vm_name):
self.vmi = None
self.opaque_vmi = ffi.new("vmi_instance_t *")
init_error = ffi.new("vmi_init_error_t *")
# init libvmi
status = lib.vmi_init_complete(self.opaque_vmi, vm_name.encode(),
lib.VMI_INIT_DOMAINNAME, ffi.NULL,
lib.VMI_CONFIG_GLOBAL_FILE_ENTRY,
ffi.NULL, init_error)
error_msg = LibvmiInitError(init_error[0]).name
check(status, error_msg)
# store handle to real vmi_instance_t
self.vmi = self.opaque_vmi[0]
def translate_v2ksym(self, addr):
ctx = ffi.new("access_context_t *")
ctx.translate_mechanism = lib.VMI_TM_PROCESS_PID
symbol = lib.vmi_translate_v2ksym(self.vmi, ctx, addr)
if symbol == ffi.NULL:
raise LibvmiError('VMI_FAILURE')
return ffi.string(symbol).decode()
def get_kernel_struct_offset(self, struct_name, member):
value = ffi.new("addr_t *")
status = lib.vmi_get_kernel_struct_offset(self.vmi,
struct_name.encode(),
member.encode(), value)
check(status)
return value[0]
def write_addr(self, ctx, value):
cffi_value = ffi.new("addr_t *", value)
status = lib.vmi_write_addr(self.vmi, ctx, cffi_value)
check(status)
def write_64(self, ctx, value):
cffi_value = ffi.new("uint64_t *", value)
status = lib.vmi_write_64(self.vmi, ctx, cffi_value)
check(status)
def write_pa(self, paddr, count, buffer):
cffi_buffer = ffi.from_buffer(buffer)
bytes_written = ffi.new("size_t *")
status = lib.vmi_write_va(self.vmi, paddr, count, cffi_buffer,
bytes_written)
check(status)
def pid_to_dtb(self, pid):
dtb = ffi.new('addr_t *')
status = lib.vmi_pid_to_dtb(self.vmi, pid, dtb)
check(status)
return dtb[0]
def get_vcpuregs(self, vcpu):
registers = ffi.new("registers_t *")
status = lib.vmi_get_vcpuregs(self.vmi, registers, vcpu)
check(status)
return registers
def write_addr_pa(self, paddr, value):
cffi_value = ffi.new("addr_t *", value)
status = lib.vmi_write_addr_pa(self.vmi, paddr, cffi_value)
check(status)
def read_addr_ksym(self, symbol):
value = ffi.new("addr_t *")
status = lib.vmi_read_addr_ksym(self.vmi, symbol.encode(), value)
check(status)
return value[0]
def read_addr(self, ctx):
value = ffi.new("addr_t *")
status = lib.vmi_read_addr(self.vmi, ctx, value)
check(status)
return value[0]
def read_64(self, ctx):
value = ffi.new("uint64_t *")
status = lib.vmi_read_64(self.vmi, ctx, value)
check(status)
return value[0]
def translate_sym2v(self, ctx, symbol):
vaddr = ffi.new("addr_t *")
status = lib.vmi_translate_sym2v(self.vmi, ctx, symbol.encode(), vaddr)
check(status)
return vaddr[0]
def pagetable_lookup_extended(self, dtb, vaddr):
page_info = ffi.new("page_info_t *")
status = lib.vmi_pagetable_lookup_extended(self.vmi, dtb, vaddr,
page_info)
check(status)
return page_info
def pagetable_lookup(self, dtb, vaddr):
paddr = ffi.new("addr_t *")
status = lib.vmi_pagetable_lookup(self.vmi, dtb, vaddr, paddr)
check(status)
return paddr[0]
def dtb_to_pid(self, dtb):
pid = ffi.new("vmi_pid_t *")
status = lib.vmi_dtb_to_pid(self.vmi, dtb, pid)
check(status)
return pid[0]
def write_addr_ksym(self, symbol, value):
cffi_value = ffi.new("addr_t *", value)
status = lib.vmi_write_addr_ksym(self.vmi, symbol.encode(), cffi_value)
check(status)
def write_addr_va(self, vaddr, pid, value):
cffi_value = ffi.new("addr_t *", value)
status = lib.vmi_write_addr_va(self.vmi, vaddr, pid, cffi_value)
check(status)
def read_addr_va(self, vaddr, pid):
value = ffi.new("addr_t *")
status = lib.vmi_read_addr_va(self.vmi, vaddr, pid, value)
check(status)
return value[0]
def get_offset(self, offset_name):
offset = ffi.new("addr_t *")
status = lib.vmi_get_offset(self.vmi, offset_name.encode(), offset)
check(status)
return offset[0]
def translate_uv2p(self, vaddr, pid):
paddr = ffi.new("addr_t *")
status = lib.vmi_translate_uv2p(self.vmi, vaddr, pid, paddr)
check(status)
return paddr[0]
def get_vcpu_reg(self, reg, vcpu):
value = ffi.new("uint64_t *")
status = lib.vmi_get_vcpureg(self.vmi, value, reg, vcpu)
check(status)
return value[0]
def write_ksym(self, symbol, count, buffer):
cffi_buffer = ffi.from_buffer(buffer)
bytes_written = ffi.new("size_t *")
status = lib.vmi_write_ksym(self.vmi, symbol, count, cffi_buffer,
bytes_written)
check(status)
def read_addr_pa(self, paddr):
value = ffi.new("addr_t *")
status = lib.vmi_read_addr_pa(self.vmi, paddr, value)
check(status)
return value[0]
def write_va(self, vaddr, pid, count):
buffer = ffi.new("char[]", count)
bytes_written = ffi.new("size_t *")
status = lib.vmi_write_va(self.vmi, vaddr, pid, count, buffer,
bytes_written)
check(status)