search

Wenzel / libmicrovmi

A cross-platform unified Virtual Machine Introspection API library
https://wenzel.github.io/libmicrovmi/
GNU General Public License v3.0
167 stars 15 forks source link

Can't Install on Arch Based Systems #239

Open Movinggun opened 2 years ago

Movinggun commented 2 years ago

Hey I have been trying to get this installed on my system correctly for about 2 days now with little to no luck seemingly to do with the drivers. I am trying to install this to use MemProcFS on QEMU.

I have downloaded the .deb file converted it a a file which can be installed to a arch system using debtap and installed it. Upon running the command mentioned in the Guide sudo -E ./memprocfs -mount 'realpath mount' -device 'microvmi://memflow_connector_name=qemu_procfs' I get the following output

image

We see the errors [2022-07-04T14:44:38Z DEBUG microvmi] KVM driver initialization failed: libkvmi.so: cannot open shared object file: No such file or directory and memory allocation of 94461181627216 bytes failed

I then tried compiling and installing the library myself from source I ran cargo build --features kvm,memflow --release which built fine then I moved the respected libmicrovmi.so and the .h file to their respected directory. /usr/lib

Upon trying to load the sudo -E ./memprocfs -mount 'realpath mount' -device 'microvmi://memflow_connector_name=qemu_procfs' command again I get errors regarding no suitable microvmi drivers being available.

Any help would be appreciated.

Wenzel commented 2 years ago

Hi @Movinggun

thank you for the detailed issue report and the effort of installing libmicrovmi on Archlinux. From the logs, I see that the memflow driver has successfuly initialized: https://github.com/Wenzel/libmicrovmi/blob/master/src/lib.rs#L87

It's difficult to see why such a large number would be requested to the memory allocator, and by who ? memflow ? MemProcFS ?

It this was Rust, I suspected that you would see a detailed unwrap because the allocation failed. So i'm inclined to think that the issue is somwhere in MemProcFS at this point.

Wenzel commented 2 years ago

Also ping @ko1N from memflow, if he has an opinion. :)

Movinggun commented 2 years ago

I see interesting, I am not sure where to go from here to help narrow down the issue, I have tried a few different versions MemProcFS along with ensuring my Memflow is up to date. I also ensure memflow is working as I am able to use Cloudflow to access the memory of my PC.

Wenzel commented 2 years ago

I grepped MemProcFS, LeechCore and LeechCore-plugins to try to find this string, without success. I don't know which library is responsible for displaying this memory allocation failure.

Does the program segfaults ? if yes, that would be very useful.

Otherwise you could try to debug the program with GDB, configure a conditional breakpoint on malloc call with a size of 9446xxxx, and see if you can hit the breakpoint.