static status_t vmi_init_private( vmi_instance_t *vmi, uint32_t flags, uint64_t id, const char *name, vmi_config_t config) { uint32_t access_mode = flags & 0x0000FFFF; uint32_t init_mode = flags & 0x00FF0000; uint32_t config_mode = flags & 0xFF000000; status_t status = VMI_FAILURE; /* allocate memory for instance structure */ *vmi = (vmi_instance_t) safe_malloc(sizeof(struct vmi_instance)); memset(*vmi, 0, sizeof(struct vmi_instance)); /* initialize instance struct to default values */ dbprint(VMI_DEBUG_CORE, "LibVMI Version 0.11.0\n"); //TODO change this with each release /* save the flags and init mode */ (*vmi)->flags = flags; (*vmi)->init_mode = init_mode; (*vmi)->config_mode = config_mode; /* the config hash table is set up later based on mode */ (*vmi)->config = NULL; /* set page mode to unknown */ (*vmi)->page_mode = VMI_PM_UNKNOWN; /* setup the caches */ pid_cache_init(*vmi); sym_cache_init(*vmi); rva_cache_init(*vmi); v2p_cache_init(*vmi); if ( init_mode & VMI_INIT_SHM_SNAPSHOT ) { #if ENABLE_SHM_SNAPSHOT == 1 v2m_cache_init(*vmi); #else errprint("LibVMI wasn't compiled with SHM support!\n"); status = VMI_FAILURE; goto error_exit; #endif } /* connecting to xen, kvm, file, etc */ if (VMI_FAILURE == set_driver_type(*vmi, access_mode, id, name)) { goto error_exit; } /* driver-specific initilization */ if (VMI_FAILURE == driver_init(*vmi)) { goto error_exit; } dbprint(VMI_DEBUG_CORE, "--completed driver init.\n"); /* resolve the id and name */ if (VMI_FAILURE == set_id_and_name(*vmi, access_mode, id, name)) { goto error_exit; } /* init vmi for specific file/domain through the driver */ if (VMI_FAILURE == driver_init_vmi(*vmi)) { goto error_exit; } /* setup the page offset size */ if (VMI_FAILURE == init_page_offset(*vmi)) { goto error_exit; } /* get the memory size */ if (driver_get_memsize(*vmi, &(*vmi)->allocated_ram_size, &(*vmi)->max_physical_address) == VMI_FAILURE) { errprint("Failed to get memory size.\n"); goto error_exit; } dbprint(VMI_DEBUG_CORE, "**set size = %"PRIu64" [0x%"PRIx64"]\n", (*vmi)->size, (*vmi)->size); // for file mode we need os-specific heuristics to deduce the architecture // for live mode, having arch_interface set even in VMI_PARTIAL mode // allows use of dtb-based translation methods. if (VMI_FILE != (*vmi)->mode) { if(VMI_FAILURE == arch_init(*vmi)) { if (init_mode & VMI_INIT_COMPLETE) { dbprint(VMI_DEBUG_CORE, "--failed to determine architecture of live vm and INIT_COMPLETE.\n"); goto error_exit; } else { dbprint(VMI_DEBUG_CORE, "--failed to determine architecture of live vm and INIT_PARTIAL, continuing.\n"); } } else { dbprint(VMI_DEBUG_CORE, "--succesfully completed architecture init.\n"); } } /* we check VMI_INIT_COMPLETE first as VMI_INIT_PARTIAL is not exclusive */ if (init_mode & VMI_INIT_COMPLETE) { switch((*vmi)->config_mode) { case VMI_CONFIG_STRING: /* read and parse the config string */ if(VMI_FAILURE == read_config_string(*vmi, (char*)config)) { goto error_exit; } break; case VMI_CONFIG_GLOBAL_FILE_ENTRY: /* read and parse the config file */ if(VMI_FAILURE == read_config_file_entry(*vmi)) { goto error_exit; } break; case VMI_CONFIG_GHASHTABLE: /* read and parse the ghashtable */ if (!config) { goto error_exit; } (*vmi)->config = (GHashTable*)config; break; case VMI_CONFIG_NONE: default: /* init_complete requires configuration falling back to VMI_CONFIG_GLOBAL_FILE_ENTRY is unsafe here as the config pointer is probably NULL */ goto error_exit; } if(VMI_FAILURE == set_os_type_from_config(*vmi)) { dbprint(VMI_DEBUG_CORE, "--failed to determine os type from config\n"); goto error_exit; } /* setup OS specific stuff */ switch ( (*vmi)->os_type ) { #ifdef ENABLE_LINUX case VMI_OS_LINUX: if(VMI_FAILURE == linux_init(*vmi)) { goto error_exit; } break; #endif #ifdef ENABLE_WINDOWS case VMI_OS_WINDOWS: if(VMI_FAILURE == windows_init(*vmi)) { goto error_exit; } break; #endif default: goto error_exit; } status = VMI_SUCCESS; } else if (init_mode & VMI_INIT_PARTIAL) { status = VMI_SUCCESS; } else { errprint("Need to specify either VMI_INIT_PARTIAL or VMI_INIT_COMPLETE.\n"); goto error_exit; } if(init_mode & VMI_INIT_EVENTS) { #if ENABLE_XEN_EVENTS == 1 /* Enable event handlers */ events_init(*vmi); #else errprint("LibVMI wasn't compiled with events support!\n"); status = VMI_FAILURE; #endif } error_exit: return status; }
static status_t vmi_init_private( vmi_instance_t *vmi, uint32_t flags, unsigned long id, char *name, vmi_config_t *config) { uint32_t access_mode = flags & 0x0000FFFF; uint32_t init_mode = flags & 0x00FF0000; uint32_t config_mode = flags & 0xFF000000; status_t status = VMI_FAILURE; /* allocate memory for instance structure */ *vmi = (vmi_instance_t) safe_malloc(sizeof(struct vmi_instance)); memset(*vmi, 0, sizeof(struct vmi_instance)); /* initialize instance struct to default values */ dbprint("LibVMI Version 0.9_alpha\n"); //TODO change this with each release /* save the flags and init mode */ (*vmi)->flags = flags; (*vmi)->init_mode = init_mode; (*vmi)->config = config; (*vmi)->config_mode = config_mode; /* setup the caches */ pid_cache_init(*vmi); sym_cache_init(*vmi); rva_cache_init(*vmi); v2p_cache_init(*vmi); /* connecting to xen, kvm, file, etc */ if (VMI_FAILURE == set_driver_type(*vmi, access_mode, id, name)) { goto error_exit; } /* resolve the id and name */ if (VMI_FAILURE == set_id_and_name(*vmi, access_mode, id, name)) { goto error_exit; } /* driver-specific initilization */ if (VMI_FAILURE == driver_init(*vmi)) { goto error_exit; } dbprint("--completed driver init.\n"); /* we check VMI_INIT_COMPLETE first as VMI_INIT_PARTIAL is not exclusive */ if (init_mode & VMI_INIT_COMPLETE) { /* init_complete requires configuration */ if(VMI_CONFIG_NONE & (*vmi)->config_mode) { /* falling back to VMI_CONFIG_GLOBAL_FILE_ENTRY is unsafe here as the config pointer is probably NULL */ goto error_exit; } /* read and parse the config file */ else if ( (VMI_CONFIG_STRING & (*vmi)->config_mode || VMI_CONFIG_GLOBAL_FILE_ENTRY & (*vmi)->config_mode) && VMI_FAILURE == read_config_file(*vmi)) { goto error_exit; } /* read and parse the ghashtable */ else if (VMI_CONFIG_GHASHTABLE & (*vmi)->config_mode && VMI_FAILURE == read_config_ghashtable(*vmi)) { dbprint("--failed to parse ghashtable\n"); goto error_exit; } /* setup the correct page offset size for the target OS */ if (VMI_FAILURE == init_page_offset(*vmi)) { goto error_exit; } /* get the memory size */ if (driver_get_memsize(*vmi, &(*vmi)->size) == VMI_FAILURE) { errprint("Failed to get memory size.\n"); goto error_exit; } dbprint("**set size = %"PRIu64" [0x%"PRIx64"]\n", (*vmi)->size, (*vmi)->size); /* determine the page sizes and layout for target OS */ // Find the memory layout. If this fails, then proceed with the // OS-specific heuristic techniques. (*vmi)->pae = (*vmi)->pse = (*vmi)->lme = (*vmi)->cr3 = 0; (*vmi)->page_mode = VMI_PM_UNKNOWN; status = get_memory_layout(*vmi, &((*vmi)->page_mode), &((*vmi)->cr3), &((*vmi)->pae), &((*vmi)->pse), &((*vmi)->lme)); if (VMI_FAILURE == status) { dbprint ("**Failed to get memory layout for VM. Trying heuristic method.\n"); // fall-through } // if // Heuristic method if (!(*vmi)->cr3) { (*vmi)->cr3 = find_cr3((*vmi)); dbprint("**set cr3 = 0x%.16"PRIx64"\n", (*vmi)->cr3); } // if /* setup OS specific stuff */ if (VMI_OS_LINUX == (*vmi)->os_type) { status = linux_init(*vmi); } else if (VMI_OS_WINDOWS == (*vmi)->os_type) { status = windows_init(*vmi); } /* Enable event handlers only if we're in a consistent state */ if((status == VMI_SUCCESS) && (init_mode & VMI_INIT_EVENTS)){ events_init(*vmi); } return status; } else if (init_mode & VMI_INIT_PARTIAL) { init_page_offset(*vmi); driver_get_memsize(*vmi, &(*vmi)->size); /* Enable event handlers */ if(init_mode & VMI_INIT_EVENTS){ events_init(*vmi); } return VMI_SUCCESS; } error_exit: return status; }