コード例 #1
0
ファイル: core.c プロジェクト: LoongWin/libvmi 
status_t
vmi_init_complete_custom(
    vmi_instance_t *vmi,
    uint32_t flags,
    vmi_config_t config)
{
    if (!vmi)
        return VMI_FAILURE;

    flags |= VMI_INIT_COMPLETE | (*vmi)->mode;

    if ( flags & VMI_CONFIG_STRING ) {
        char *name = NULL;

        if (VMI_FILE == (*vmi)->mode) {
            name = strdup((*vmi)->image_type_complete);
        } else {
            name = strdup((*vmi)->image_type);
        }

        vmi_destroy(*vmi);
        return vmi_init_private(vmi,
                                flags,
                                VMI_INVALID_DOMID,
                                name,
                                (vmi_config_t)config);
    }

    vmi_destroy(*vmi);
    return vmi_init_custom(vmi, flags, config);
}
コード例 #2
0
ファイル: vmifs.c プロジェクト: chonghw/libvmi 
int main(int argc, char *argv[])
{
    /* this is the VM or file that we are looking at */
    if (argc != 4) {
        printf("Usage: %s name|domid <name|domid> <path>\n", argv[0]);
        return 1;
    }

    uint64_t domid = VMI_INVALID_DOMID;
    GHashTable *config = g_hash_table_new(g_str_hash, g_str_equal);

    if(strcmp(argv[1],"name")==0) {
        g_hash_table_insert(config, "name", argv[2]);
    } else
    if(strcmp(argv[1],"domid")==0) {
        domid = strtoull(argv[2], NULL, 0);
        g_hash_table_insert(config, "domid", &domid);
    } else {
        printf("You have to specify either name or domid!\n");
        return 1;
    }

    /* initialize the libvmi library */
    if (vmi_init_custom(&vmi, VMI_AUTO | VMI_INIT_PARTIAL | VMI_CONFIG_GHASHTABLE, (vmi_config_t)config) == VMI_FAILURE) {
        printf("Failed to init LibVMI library.\n");
        return 1;
    }

    g_hash_table_destroy(config);

    char *fuse_argv[2] = { argv[0], argv[3] };

    return fuse_main(2, fuse_argv, &vmifs_oper);
}
コード例 #3
0
ファイル: win-guid.c プロジェクト: Chingliu/libvmi 
int main(int argc, char **argv) {

    vmi_instance_t vmi;

    /* this is the VM that we are looking at */
    if (argc != 3) {
        printf("Usage: %s name|domid <domain name|domain id>\n", argv[0]);
        return 1;
    }   // if

    uint32_t domid = VMI_INVALID_DOMID;
    GHashTable *config = g_hash_table_new(g_str_hash, g_str_equal);

    if(strcmp(argv[1],"name")==0) {
        g_hash_table_insert(config, "name", argv[2]);
    } else
    if(strcmp(argv[1],"domid")==0) {
        domid = atoi(argv[2]);
        g_hash_table_insert(config, "domid", &domid);
    } else {
        printf("You have to specify either name or domid!\n");
        return 1;
    }

    /* partialy initialize the libvmi library */
    if (vmi_init_custom(&vmi, VMI_AUTO | VMI_INIT_PARTIAL | VMI_CONFIG_GHASHTABLE, config) == VMI_FAILURE) {
        printf("Failed to init LibVMI library.\n");
        g_hash_table_destroy(config);
        return 1;
    }
    g_hash_table_destroy(config);

    /* the nice thing about the windows kernel is that it's page aligned */
    uint32_t i;
    uint32_t found = 0;
    for(i = 0; i < MAX_SEARCH_SIZE; i += PAGE_SIZE) {

        uint8_t pe[MAX_HEADER_SIZE];

        if(VMI_SUCCESS == peparse_get_image_phys(vmi, i, MAX_HEADER_SIZE, pe)) {
            if(VMI_SUCCESS == is_WINDOWS_KERNEL(vmi, i, pe)) {

                printf("Windows Kernel found @ 0x%"PRIx32"\n", i);
                print_os_version(vmi, i, pe);
                print_guid(vmi, i, pe);
                print_pe_header(vmi, i, pe);
                found=1;
                break;
            }
        }
    }

    /* cleanup any memory associated with the LibVMI instance */
    vmi_destroy(vmi);

    if(found) return 0;
    return 1;
}
コード例 #4
0
ファイル: core.c プロジェクト: adrianlshaw/libvmi 
status_t
vmi_init_complete_custom(
    vmi_instance_t *vmi,
    uint32_t flags,
    vmi_config_t config)
{
    flags |= VMI_INIT_COMPLETE | (*vmi)->mode;
    vmi_destroy(*vmi);
    return vmi_init_custom(vmi, flags, config);
}