{ "info": { "author": "Mathieu Tarral", "author_email": "mathieu.tarral@protonmail.com", "bugtrack_url": null, "classifiers": [], "description": "# Libvmi Python bindings\n\n[![Join the chat at https://gitter.im/libvmi/python](https://badges.gitter.im/libvmi/python.svg)](https://gitter.im/libvmi/python?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)\n[![Build Status](https://travis-ci.org/libvmi/python.svg?branch=master)](https://travis-ci.org/libvmi/python)\n\nIf you'd rather perform introspection using Python instead of C, then these\nbindings will help get you going.\n\nThe bindings are `Python 2` compatible.\n\n## Requirements\n\n- `python3-pkgconfig`\n- `python3-cffi` (`> 1.6.0`)\n- `python3-future`\n- `libvmi`\n\n## Setup\n\n python setup.py build\n python setup.py install\n\n## API\n\n### Constructor\n\nThe main class that you need to import is `Libvmi`.\n\nThe default parameters uses `VMI_CONFIG_GLOBAL_FILE_ENTRY` and calls `vmi_init_complete`:\n~~~Python\nfrom libvmi import Libvmi\n\nwith Libvmi(\"Windows_7\") as vmi:\n os = vmi.get_ostype()\n~~~\n\nYou can specify a `string` (`VMI_CONFIG_STRING`):\n~~~Python\nfrom libvmi import Libvmi, VMIConfig\n\nconfig_str = '{ostype = \"Windows\";win_pdbase=0x28;win_pid=0x180;win_tasks=0x188;win_pname=0x2e0;}'\n\nwith Libvmi(\"Windows_7\", mode=VMIConfig.STRING, config=config_str) as vmi:\n os = vmi.get_ostype()\n~~~\n\nOr a `dict` (`VMI_CONFIG_GHASHTABLE`):\n~~~Python\nfrom libvmi import Libvmi, VMIConfig\n\nhash = {\n \"ostype\": \"Windows\",\n \"win_pdbase\": 0x28,\n \"win_tasks\": 0x188,\n \"win_pid\": 0x180,\n \"win_pname\": 0x2e0,\n}\n\nwith Libvmi(\"Windows_7\", mode=VMIConfig.DICT, config=hash) as vmi:\n os = vmi.get_ostype()\n~~~\n\nYou can also use a `partial` initialization, which calls `vmi_init`.\n(It doesn't require a configuration):\n~~~Python\nfrom libvmi import Libvmi\n\nwith Libvmi(\"Windows_7\", partial=True) as vmi:\n\n~~~\n\n### Examples\n\n~~~Python\nfrom libvmi import Libvmi, AccessContext, TranslateMechanism\n\nwith Libvmi(\"Windows_7\") as vmi:\n pshead = vmi.read_addr_ksym(\"PsActiveProcessHead\")\n name = vmi.get_name()\n id = vmi.get_vmid()\n buffer, bytes_read = vmi.read_va(pshead, 4, 16)\n vmi.write_va(pshead, 4, buffer)\n ctx = AccessContext(TranslateMechanism.KERNEL_SYMBOL, ksym=\"PsActiveProcessHead\")\n buffer, bytes_read = vmi.read(ctx, 8)\n~~~\n\n\nNote: The implementation already checks if the return value is `VMI_FAILURE` and\nraises a `LibvmiError` in such case.\n\n\n## Integration\n\n### Volatility\n\nYou can use the\n[`volatlity`](https://github.com/volatilityfoundation/volatility) framework\ndirectly in top of the bindings.\n\n git clone https://github.com/volatilityfoundation/volatility /tmp\n cp ./volatility/vmi.py /tmp/volatility/volatility/plugins/addrspaces/\n\nUsage\n\n python vol.py -l vmi://domain --profile=Win7SP0x64 pslist\n\n### Rekall\n\nThe [`Rekall`](https://github.com/google/rekall) address space is already\nintegrated\n[upstream](https://github.com/google/rekall/blob/master/rekall-core/rekall/plugins/addrspaces/vmi.py).\n\nUsage\n\n rekall -f vmi://domain pslist\n\n# Contributors\n\n- Bryan D. Payne\n- Mathieu Tarral", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/libvmi/python", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "libvmi", "package_url": "https://pypi.org/project/libvmi/", "platform": "", "project_url": "https://pypi.org/project/libvmi/", "project_urls": { "Homepage": "https://github.com/libvmi/python" }, "release_url": "https://pypi.org/project/libvmi/3.3/", "requires_dist": null, "requires_python": "", "summary": "Python interface to LibVMI", "version": "3.3" }, "last_serial": 4744368, "releases": { "3.2": [ { "comment_text": "", "digests": { "md5": "211c49f9318790c1be4005dd00bd67f9", "sha256": "7fb975d40ba83f1d18eb8c14ecd0e048da4990dda5fb1e2b522b49a51e62c8c1" }, "downloads": -1, "filename": "libvmi-3.2.tar.gz", "has_sig": false, "md5_digest": "211c49f9318790c1be4005dd00bd67f9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15254, "upload_time": "2018-06-06T10:06:47", "url": "https://files.pythonhosted.org/packages/f0/e2/ee8623ed9a7f1f6a8addad0f98860e71ca8979774f275d36249ec49f7fcb/libvmi-3.2.tar.gz" } ], "3.2.1": [ { "comment_text": "", "digests": { "md5": "3ce9ca202ec5f1e4f720f1b96a635501", "sha256": "06ce71f6c804f3399d53ee03b7e7eef06855f957d994d53f09b4877409357ff6" }, "downloads": -1, "filename": "libvmi-3.2.1.tar.gz", "has_sig": false, "md5_digest": "3ce9ca202ec5f1e4f720f1b96a635501", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15283, "upload_time": "2018-06-06T10:44:47", "url": "https://files.pythonhosted.org/packages/96/3b/15c1741d64fa520daad914089e58a6d3cee76475e32fe3ba13bc9f5046b7/libvmi-3.2.1.tar.gz" } ], "3.2.3": [ { "comment_text": "", "digests": { "md5": "0a996d969f5ce7a618aa7bca75e8de21", "sha256": "97d5150d12d26ae9553a77f9abf45426844de341c63c06edd5a073dd6d7cfcb4" }, "downloads": -1, "filename": "libvmi-3.2.3.tar.gz", "has_sig": false, "md5_digest": "0a996d969f5ce7a618aa7bca75e8de21", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15322, "upload_time": "2018-11-13T00:49:35", "url": "https://files.pythonhosted.org/packages/9c/c0/85a2b37a0e6af21b0d79c851d63217e81dc759faf57564b2a9bb18b7c613/libvmi-3.2.3.tar.gz" } ], "3.3": [ { "comment_text": "", "digests": { "md5": "fceebdd338d6cec683419cf85d933cb4", "sha256": "6f5bae5e612b016dbcf178d3252b6af4159666b926184097e9ec2a4478366f74" }, "downloads": -1, "filename": "libvmi-3.3.tar.gz", "has_sig": false, "md5_digest": "fceebdd338d6cec683419cf85d933cb4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16161, "upload_time": "2019-01-26T19:51:21", "url": "https://files.pythonhosted.org/packages/a5/8f/d0212b289927732e6e902bee1e7f9450a9fe8db325c91df8663bdc46db44/libvmi-3.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "fceebdd338d6cec683419cf85d933cb4", "sha256": "6f5bae5e612b016dbcf178d3252b6af4159666b926184097e9ec2a4478366f74" }, "downloads": -1, "filename": "libvmi-3.3.tar.gz", "has_sig": false, "md5_digest": "fceebdd338d6cec683419cf85d933cb4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16161, "upload_time": "2019-01-26T19:51:21", "url": "https://files.pythonhosted.org/packages/a5/8f/d0212b289927732e6e902bee1e7f9450a9fe8db325c91df8663bdc46db44/libvmi-3.3.tar.gz" } ] }