vmi-os-windows
| Crates.io | vmi-os-windows |
| lib.rs | vmi-os-windows |
| version | |
| source | src |
| created_at | 2024-10-30 11:26:00.080149 |
| updated_at | 2024-11-09 06:05:44.71674 |
| description | Windows OS specific code for VMI |
| homepage | https://github.com/vmi-rs/vmi |
| repository | https://github.com/vmi-rs/vmi |
| max_upload_size | |
| id | 1428394 |
| Cargo.toml error: | TOML parse error at line 20, column 1 | 20 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
| size | 0 |
Petr Beneš (wbenny)
documentation
README
Windows OS-specific VMI operations
This crate provides functionality for introspecting Windows-based
virtual machines, working in conjunction with the vmi-core crate.
It offers abstractions and utilities for navigating Windows kernel
structures, analyzing processes and memory, and performing Windows-specific
VMI tasks.
Features
- Windows kernel structure parsing and navigation
- Process and thread introspection
- Memory management operations (VAD tree traversal, PFN database manipulation)
- Windows object handling (files, sections, etc.)
- PE file format parsing and analysis
Safety Considerations
Many operations in this crate require pausing the VM to ensure consistency. Always pause the VM when performing operations that could be affected by concurrent changes in the guest OS. Be aware of the Windows version you're introspecting, as kernel structures may vary between versions. Handle errors appropriately, as VMI operations can fail due to various reasons (e.g., invalid memory access, incompatible Windows version).
Example
let _guard = vmi.pause_guard()?;
// Perform introspection operations here
// VM automatically resumes when `_guard` goes out of scope
Always consider the potential for race conditions and ensure you're working with a consistent state of the guest OS.