New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memflow-pcileech vmware / remote implementation #95
Comments
Hey there, better place for this issue would be memflow-pcileech project. Anyways, does leechcore require to set the device argument to "vmware://" or is "vmware" sufficient? I personally haven't tried anything besides FPGA yet. |
Device is straight put into LC_CONFIG: Does it need anything else being setup apart from running as admin? |
Don't think so |
I couldnt see any additional steps that memprocfs is doing to initialize leechcore, but there probably is something i overlooked. Otherwise im kinda out of ideas right now, will have to test this on my setup at one point. |
Also wanted to ask, is it currently possible to dump memory remotely, e.g. using pcileech -remote? (LC_CONFIG.szRemote) |
Oh I see, is support for it planned anytime soon? |
No one used them before but it should be quite straight forward to add those parameters, do you have an example on how they would be set? I Assume remote and remoteDisableCompress are bools and szRemote is just a string that we should pass through? |
Not sure how they're set in the code specifically, this is what I was using: |
It seems to only require szRemote to be set: I gave it a shot and added a |
Sure, I'll give it a shot tomorrow (actually, today since it's 2:34 AM for me). Thank you so much! 😄 |
I noticed yesterday that more complex argument formatting will confuse our argument parser. For the time being you can parse it manually like so:
I also added new test cases here: So i can fix them up. Ideally the |
You can close this issue if you want to, or use it to track vmware integration in the future if you'd want to add it 😄 |
I updated the title but would like to keep this open until the original issues are resolved (and arg parsing works fine). |
Again, had to use the "0.2.0-beta9" version for memflow-win32 crate, this fixed my issue, although API is different, maybe there's a documentation to it already? |
Can't find process_info_list() as well |
With version 0.2 of memflow all os implementations are generic over the base traits found in the memflow repository (Os, Process). You should be able to find the methods, it could be that you are not including those traits in your source file and intellij-rust cannot find the traits, could you share code? It would be advised to use the memflow applied videos as a loose reference as they have not been updated/corrected for 0.2, however they still provide good general information that carries over. @h33p might update the videos for 0.2 (once the release has been stabilized), I don't know. |
Thank you so much @dankope, I didn't include the trait, fixed my issue |
This comment was marked as outdated.
This comment was marked as outdated.
So this parser confusion is now fixed on the next branch and will be released in 0.2.0-beta10 somewhat soon. You should be able to put in the arguments in the format you "expect" with this update :) |
I have the following code from example:
My Win10 VM is open, MemProcFS can read from it:
However, the example does not work:
Is there anything I can do to fix this and achieve fast live memory reads/writes or is it currently a technical issue?
I'm very new to this and it would be great if you could tell if I'm doing something wrong or is it actually not working right now? :D
The text was updated successfully, but these errors were encountered: