ffi.error: the C compiler says 'VMI_EVENTS_VERSION' is equal to 6 (0x6), but the cdef disagrees

[Alibm73-zz]

hi @Wenzel when i run vmidbg i get this error: ffi.error: the C compiler says 'VMI_EVENTS_VERSION' is equal to 6 (0x6), but the cdef disagrees what should i do??

[Wenzel]

Hi @Alibm73

I would have said that it's a mismatch between the version in cffi libvmi bindings: https://github.com/libvmi/python/blob/master/libvmi/events_cdef.h#L1

And the one from Libvmi: https://github.com/libvmi/libvmi/blob/master/libvmi/events.h#L36 But they are both equal to 0x6

Do you have an old version of the libvmi Python bindings maybe ? I updated them in May 2018 to upgrade the events version from 0x5 to 0x6 https://github.com/libvmi/python/commit/76d9ea85eefa0d77f6ad4d6089e757e844763917

[Alibm73-zz]

sorry for replying late @Wenzel , i saw your reply, and thought i better install everything again in order to make sure nothing is old and wrong. but i ran into the same problem after a fresh installation of everything so i used the install instruction from https://drakvuf.com/ to install xen and libvmi, then i installed the python binding from the install instruction on github. then i ran install instruction from vmidbg on github. after that i ranvmidbg and i saw this error again.

[Wenzel]

@Alibm73 I tested to install the latest Libvmi and then install the libvmi python bindings and I can import the library without any cffi issues.

Instead of running vmidbg, can you test if you can import the libvmi module in python without any issues ? Thanks.

[Alibm73-zz]

@Wenzel yes i can

this is eveything i did:

aliadmin@alixen:~/iso$ ls
GUID.txt  MyBreakPoint.py  python  pyvmidbg  venv  windows7.cfg  Windows7.iso
aliadmin@alixen:~/iso$ virtualenv -p python3 venv
Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /home/aliadmin/iso/venv/bin/python3
Also creating executable in /home/aliadmin/iso/venv/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
aliadmin@alixen:~/iso$ source venv/bin/activate
(venv) aliadmin@alixen:~/iso$ cd pyvmidbg/
(venv) aliadmin@alixen:~/iso/pyvmidbg$ pip install .
Processing /home/aliadmin/iso/pyvmidbg
Processing /home/aliadmin/.cache/pip/wheels/9b/04/dd/7daf4150b6d9b12949298737de9431a324d4b797ffd63f526e/docopt-0.6.2-py2.py3-none-any.whl
Collecting lxml
  Using cached https://files.pythonhosted.org/packages/68/30/affd16b77edf9537f5be051905f33527021e20d563d013e8c42c7fd01949/lxml-4.4.2-cp36-cp36m-manylinux1_x86_64.whl
Processing /home/aliadmin/.cache/pip/wheels/76/76/46/13ad569b9021111124b7d433c42dbf337bd148e5945e482039/libvmi-3.3-cp36-cp36m-linux_x86_64.whl
Collecting cffi>=1.6.0
  Using cached https://files.pythonhosted.org/packages/49/72/0d42f94fe94afa8030350c26e9d787219f3f008ec9bf6b86c66532b29236/cffi-1.13.2-cp36-cp36m-manylinux1_x86_64.whl
Processing /home/aliadmin/.cache/pip/wheels/8b/99/a0/81daf51dcd359a9377b110a8a886b3895921802d2fc1b2397e/future-0.18.2-cp36-none-any.whl
Processing /home/aliadmin/.cache/pip/wheels/f2/9a/90/de94f8556265ddc9d9c8b271b0f63e57b26fb1d67a45564511/pycparser-2.19-py2.py3-none-any.whl
Building wheels for collected packages: vmidbg
  Building wheel for vmidbg (setup.py) ... done
  Created wheel for vmidbg: filename=vmidbg-0.1-cp36-none-any.whl size=35325 sha256=58b46f185cae937edc36219a282ca9631ebd494c351f0bd6330db6e0dba50ac9
  Stored in directory: /tmp/pip-ephem-wheel-cache-rfy1s5wm/wheels/8d/54/b3/192b2a8c376b418f1548e3fac3a8f9d02dfc101209bcb224c0
Successfully built vmidbg
Installing collected packages: docopt, lxml, pycparser, cffi, future, libvmi, vmidbg
Successfully installed cffi-1.13.2 docopt-0.6.2 future-0.18.2 libvmi-3.3 lxml-4.4.2 pycparser-2.19 vmidbg-0.1
(venv) aliadmin@alixen:~/iso/pyvmidbg$ vmidbg
Traceback (most recent call last):
  File "/home/aliadmin/iso/venv/bin/vmidbg", line 5, in <module>
    from vmidbg.__main__ import main
  File "/home/aliadmin/iso/venv/lib/python3.6/site-packages/vmidbg/__main__.py", line 21, in <module>
    from vmidbg.libvmistub import LibVMIStub
  File "/home/aliadmin/iso/venv/lib/python3.6/site-packages/vmidbg/libvmistub.py", line 11, in <module>
    from .rawdebugcontext import RawDebugContext
  File "/home/aliadmin/iso/venv/lib/python3.6/site-packages/vmidbg/rawdebugcontext.py", line 5, in <module>
    from vmidbg.abstractdebugcontext import AbstractDebugContext
  File "/home/aliadmin/iso/venv/lib/python3.6/site-packages/vmidbg/abstractdebugcontext.py", line 3, in <module>
    from vmidbg.breakpoint import BreakpointManager
  File "/home/aliadmin/iso/venv/lib/python3.6/site-packages/vmidbg/breakpoint.py", line 6, in <module>
    from libvmi.event import EventResponse, IntEvent, SingleStepEvent, DebugEvent, RegEvent, RegAccess
  File "/home/aliadmin/iso/venv/lib/python3.6/site-packages/libvmi/event.py", line 8, in <module>
    EVENTS_VERSION = lib.VMI_EVENTS_VERSION
ffi.error: the C compiler says 'VMI_EVENTS_VERSION' is equal to 6 (0x6), but the cdef disagrees
(venv) aliadmin@alixen:~/iso/pyvmidbg$

[Alibm73-zz]

@Wenzel This is how i installed libvmi python:

aliadmin@alixen:~/iso$ pip3 install pkgconfig
Collecting pkgconfig
  Using cached https://files.pythonhosted.org/packages/b4/2c/bf434cb5a6590417e1d4468050ec317ea17fd6231c2a256df4646c11e588/pkgconfig-1.5.1-py2.py3-none-any.whl
Installing collected packages: pkgconfig
Successfully installed pkgconfig-1.5.1
aliadmin@alixen:~/iso$ pip3 install cffi
Collecting cffi
  Using cached https://files.pythonhosted.org/packages/49/72/0d42f94fe94afa8030350c26e9d787219f3f008ec9bf6b86c66532b29236/cffi-1.13.2-cp36-cp36m-manylinux1_x86_64.whl
Collecting pycparser (from cffi)
Installing collected packages: pycparser, cffi
Successfully installed cffi-1.13.2 pycparser-2.19
aliadmin@alixen:~/iso$ pip3 install future
Collecting future
Installing collected packages: future
Successfully installed future-0.18.2
aliadmin@alixen:~/iso$ git clone https://github.com/libvmi/python.git
Cloning into 'python'...
remote: Enumerating objects: 24, done.
remote: Counting objects: 100% (24/24), done.
remote: Compressing objects: 100% (21/21), done.
remote: Total 406 (delta 11), reused 10 (delta 2), pack-reused 382
Receiving objects: 100% (406/406), 104.17 KiB | 335.00 KiB/s, done.
Resolving deltas: 100% (246/246), done.
aliadmin@alixen:~/iso$ cd python/
aliadmin@alixen:~/iso/python$ python setup.py build
warning: no previously-included files found matching 'setup.pyc'
warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
warning: no previously-included files matching 'lextab.*' found under directory 'tests'
warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
warning: no previously-included files matching 'lextab.*' found under directory 'examples'
zip_safe flag not set; analyzing archive contents...
pycparser.ply.lex: module references __file__
pycparser.ply.lex: module MAY be using inspect.getsourcefile
pycparser.ply.yacc: module references __file__
pycparser.ply.yacc: module MAY be using inspect.getsourcefile
pycparser.ply.yacc: module MAY be using inspect.stack
pycparser.ply.ygen: module references __file__

Installed /home/aliadmin/iso/python/.eggs/pycparser-2.19-py2.7.egg
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'long_description_content_type'
  warnings.warn(msg)
#include <libvmi/libvmi.h>
#include <libvmi/slat.h>
#include <libvmi/libvmi_extra.h>
#include <libvmi/events.h>
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/libvmi
copying libvmi/libvmi.py -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/event.py -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/libvmi_build.py -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/__init__.py -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/libvmi_cdef.h -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/slat_cdef.h -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/events_cdef.h -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/libvmi_extra_cdef.h -> build/lib.linux-x86_64-2.7/libvmi
copying libvmi/glib_cdef.h -> build/lib.linux-x86_64-2.7/libvmi
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_libvmi.c'
creating build/temp.linux-x86_64-2.7
building '_libvmi' extension
creating build/temp.linux-x86_64-2.7/build
creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-5Z483E/python2.7-2.7.17=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_libvmi.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_libvmi.o
warning: no library file corresponding to '-L/usr/local/lib' found (skipping)
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-5Z483E/python2.7-2.7.17=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-5Z483E/python2.7-2.7.17=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_libvmi.o -lvmi -lglib-2.0 -o build/lib.linux-x86_64-2.7/_libvmi.so
aliadmin@alixen:~/iso/python$ python setup.py install
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'long_description_content_type'
  warnings.warn(msg)
#include <libvmi/libvmi.h>
#include <libvmi/slat.h>
#include <libvmi/libvmi_extra.h>
#include <libvmi/events.h>
running install
error: can't create or remove files in install directory

The following error occurred while trying to add or remove files in the
installation directory:

    [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/test-easy-install-6827.write-test'

The installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /usr/local/lib/python2.7/dist-packages/

Perhaps your account does not have write access to this directory?  If the
installation directory is a system-owned directory, you may need to sign in
as the administrator or "root" account.  If you do not have administrative
access to this machine, you may wish to choose a different installation
directory, preferably one that is listed in your PYTHONPATH environment
variable.

For information on other options, you may wish to consult the
documentation at:

  https://setuptools.readthedocs.io/en/latest/easy_install.html

Please make the appropriate changes for your system and try again.

aliadmin@alixen:~/iso/python$ sudo python setup.py install
[sudo] password for aliadmin: 
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'long_description_content_type'
  warnings.warn(msg)
#include <libvmi/libvmi.h>
#include <libvmi/slat.h>
#include <libvmi/libvmi_extra.h>
#include <libvmi/events.h>
running install
running bdist_egg
running egg_info
creating libvmi.egg-info
writing requirements to libvmi.egg-info/requires.txt
writing libvmi.egg-info/PKG-INFO
writing top-level names to libvmi.egg-info/top_level.txt
writing dependency_links to libvmi.egg-info/dependency_links.txt
writing manifest file 'libvmi.egg-info/SOURCES.txt'
reading manifest file 'libvmi.egg-info/SOURCES.txt'
writing manifest file 'libvmi.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
running build_ext
generating cffi module 'build/temp.linux-x86_64-2.7/_libvmi.c'
already up-to-date
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/libvmi.py -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/libvmi_cdef.h -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/slat_cdef.h -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/event.py -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/libvmi_build.py -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/__init__.py -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/events_cdef.h -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/libvmi_extra_cdef.h -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/libvmi/glib_cdef.h -> build/bdist.linux-x86_64/egg/libvmi
copying build/lib.linux-x86_64-2.7/_libvmi.so -> build/bdist.linux-x86_64/egg
byte-compiling build/bdist.linux-x86_64/egg/libvmi/libvmi.py to libvmi.pyc
byte-compiling build/bdist.linux-x86_64/egg/libvmi/event.py to event.pyc
byte-compiling build/bdist.linux-x86_64/egg/libvmi/libvmi_build.py to libvmi_build.pyc
byte-compiling build/bdist.linux-x86_64/egg/libvmi/__init__.py to __init__.pyc
creating stub loader for _libvmi.so
byte-compiling build/bdist.linux-x86_64/egg/_libvmi.py to _libvmi.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying libvmi.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying libvmi.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying libvmi.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying libvmi.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying libvmi.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
zip_safe flag not set; analyzing archive contents...
libvmi.libvmi_build: module references __file__
creating dist
creating 'dist/libvmi-3.4-py2.7-linux-x86_64.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing libvmi-3.4-py2.7-linux-x86_64.egg
removing '/usr/local/lib/python2.7/dist-packages/libvmi-3.4-py2.7-linux-x86_64.egg' (and everything under it)
creating /usr/local/lib/python2.7/dist-packages/libvmi-3.4-py2.7-linux-x86_64.egg
Extracting libvmi-3.4-py2.7-linux-x86_64.egg to /usr/local/lib/python2.7/dist-packages
libvmi 3.4 is already the active version in easy-install.pth

Installed /usr/local/lib/python2.7/dist-packages/libvmi-3.4-py2.7-linux-x86_64.egg
Processing dependencies for libvmi==3.4
Searching for enum34==1.1.6
Best match: enum34 1.1.6
Processing enum34-1.1.6-py2.7.egg
enum34 1.1.6 is already the active version in easy-install.pth

Using /usr/local/lib/python2.7/dist-packages/enum34-1.1.6-py2.7.egg
Searching for future==0.18.2
Best match: future 0.18.2
Processing future-0.18.2-py2.7.egg
future 0.18.2 is already the active version in easy-install.pth
Installing pasteurize script to /usr/local/bin
Installing futurize script to /usr/local/bin

Using /usr/local/lib/python2.7/dist-packages/future-0.18.2-py2.7.egg
Searching for cffi==1.13.2
Best match: cffi 1.13.2
Processing cffi-1.13.2-py2.7-linux-x86_64.egg
cffi 1.13.2 is already the active version in easy-install.pth

Using /home/aliadmin/iso/python/.eggs/cffi-1.13.2-py2.7-linux-x86_64.egg
Searching for pycparser==2.19
Best match: pycparser 2.19
Processing pycparser-2.19-py2.7.egg
pycparser 2.19 is already the active version in easy-install.pth

Using /home/aliadmin/iso/python/.eggs/pycparser-2.19-py2.7.egg
Finished processing dependencies for libvmi==3.4

[Alibm73-zz]

@Wenzel And this is how i installed libvmi:

cd ~/drakvuf/libvmi
autoreconf -vif
./configure --disable-kvm --disable-bareflank --disable-file
make
sudo make install
sudo echo "export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:/usr/local/lib" >> ~/.bashrc

source https://drakvuf.com/

aliadmin@alixen:/tmp$ cd ~/drakvuf/libvmi
aliadmin@alixen:~/drakvuf/libvmi$ autoreconf -vif
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force 
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
libtoolize: Consider adding '-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
autoreconf: running: /usr/bin/autoconf --force
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:8: installing './compile'
configure.ac:6: installing './missing'
Makefile.am: installing './depcomp'
autoreconf: Leaving directory `.'
aliadmin@alixen:~/drakvuf/libvmi$ ./configure --disable-kvm --disable-bareflank --disable-file
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for supported architecture... x86_64
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking whether build environment is sane... yes
checking dependency style of gcc... gcc3
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for CHECK... no
checking for GLIB... yes
checking for dlopen in -ldl... yes
checking xenctrl.h usability... yes
checking xenctrl.h presence... yes
checking for xenctrl.h... yes
checking xen/io/ring.h usability... yes
checking xen/io/ring.h presence... yes
checking for xen/io/ring.h... yes
checking for hvmmem_access_t... no
checking xenstore.h usability... yes
checking xenstore.h presence... yes
checking for xenstore.h... yes
checking xs.h usability... yes
checking xs.h presence... yes
checking for xs.h... yes
checking for FUSE... yes
checking for bison... bison
Found yacc as bison.
checking for bison... (cached) bison
checking for lex... lex
Found lex as lex.
checking for flex... (cached) lex
checking lex output file root... lex.yy
checking lex library... -lfl
checking whether yytext is a pointer... yes
checking for JSONC... yes
checking that generated files are newer than configure... done
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating libvmi.pc
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
-------------------------------------------------------------------------------
LibVMI is configured as follows. Please verify that this configuration
matches your expectations.

Host system type: x86_64-pc-linux-gnu
Build system type: x86_64-pc-linux-gnu
Installation prefix: /usr/local

Hypervisor      | Option
----------------|---------------------------
Xen Support     | --enable-xen=yes
KVM Support     | --enable-kvm=no
File Support    | --enable-file=no
Bareflank       | --enable-bareflank=no
----------------|---------------------------

OS              | Option
----------------|---------------------------
Windows         | --enable-windows=yes
Linux           | --enable-linux=yes
FreeBSD         | --enable-freebsd=yes
----------------|---------------------------

Configuration   | Option
----------------|---------------------------
libvmi.conf     | --enable-config-file=yes
Rekall profiles | --enable-rekall-profiles=yes
Volatility IST  | --enable-volatility-ist=yes
----------------|---------------------------

Tools           | Option
----------------|---------------------------
Examples        | --enable-examples=yes
VMIFS           | --enable-vmifs=yes

If everything is correct, you can now run 'make' and (optionally)
'make install'.  Otherwise, you can run './configure' again.

aliadmin@alixen:~/drakvuf/libvmi$ make
make  all-am
make[1]: Entering directory '/home/aliadmin/drakvuf/libvmi'
make[1]: Leaving directory '/home/aliadmin/drakvuf/libvmi'
aliadmin@alixen:~/drakvuf/libvmi$ sudo make install
make[1]: Entering directory '/home/aliadmin/drakvuf/libvmi'
 /bin/mkdir -p '/usr/local/lib'
 /bin/bash ./libtool   --mode=install /usr/bin/install -c   libvmi/libvmi.la '/usr/local/lib'
libtool: install: /usr/bin/install -c libvmi/.libs/libvmi.so.0.0.13 /usr/local/lib/libvmi.so.0.0.13
libtool: install: (cd /usr/local/lib && { ln -s -f libvmi.so.0.0.13 libvmi.so.0 || { rm -f libvmi.so.0 && ln -s libvmi.so.0.0.13 libvmi.so.0; }; })
libtool: install: (cd /usr/local/lib && { ln -s -f libvmi.so.0.0.13 libvmi.so || { rm -f libvmi.so && ln -s libvmi.so.0.0.13 libvmi.so; }; })
libtool: install: /usr/bin/install -c libvmi/.libs/libvmi.lai /usr/local/lib/libvmi.la
libtool: install: /usr/bin/install -c libvmi/.libs/libvmi.a /usr/local/lib/libvmi.a
libtool: install: chmod 644 /usr/local/lib/libvmi.a
libtool: install: ranlib /usr/local/lib/libvmi.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/sbin" ldconfig -n /usr/local/lib
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/local/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the 'LD_RUN_PATH' environment variable
     during linking
   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to '/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
 /bin/mkdir -p '/usr/local/bin'
  /bin/bash ./libtool   --mode=install /usr/bin/install -c tools/vmifs/vmifs examples/vmi-process-list examples/vmi-module-list examples/vmi-dump-memory examples/vmi-win-guid examples/vmi-win-offsets '/usr/local/bin'
libtool: install: /usr/bin/install -c tools/vmifs/.libs/vmifs /usr/local/bin/vmifs
libtool: install: /usr/bin/install -c examples/.libs/vmi-process-list /usr/local/bin/vmi-process-list
libtool: install: /usr/bin/install -c examples/.libs/vmi-module-list /usr/local/bin/vmi-module-list
libtool: install: /usr/bin/install -c examples/.libs/vmi-dump-memory /usr/local/bin/vmi-dump-memory
libtool: install: /usr/bin/install -c examples/.libs/vmi-win-guid /usr/local/bin/vmi-win-guid
libtool: install: /usr/bin/install -c examples/.libs/vmi-win-offsets /usr/local/bin/vmi-win-offsets
 /bin/mkdir -p '/usr/local/include/libvmi'
 /usr/bin/install -c -m 644 libvmi/libvmi.h libvmi/libvmi_extra.h libvmi/slat.h libvmi/x86.h libvmi/events.h libvmi/peparse.h '/usr/local/include/libvmi'
 /bin/mkdir -p '/usr/local/lib/pkgconfig'
 /usr/bin/install -c -m 644 libvmi.pc '/usr/local/lib/pkgconfig'
make[1]: Leaving directory '/home/aliadmin/drakvuf/libvmi'
aliadmin@alixen:~/drakvuf/libvmi$ sudo echo "export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:/usr/local/lib" >> ~/.bashrc

[Wenzel]

Just a thing I noticed: aliadmin@alixen:~/iso/python$ sudo python setup.py install You are calling the system python interpreter , which is Python2, so you are installing libvmi-python as a Python2 library.

I will retry to setup vmidbg from scratch and get back to you

[Alibm73-zz]

@Wenzel Thanks. I'm really grateful

[Alibm73-zz]

@Wenzel By the way is there a documentation of some sort that explains the implementation code?? I'm reading the code, trying to understand it, but i have questions that are left unanswered, some parts, paratmeters, etc. that i don't understand. what should i do??

[Wenzel]

@Alibm73 I updated the Travis CI to add a smoke test in order to see if pyvmidbg would import the modules correctly, and it does: https://travis-ci.org/Wenzel/pyvmidbg/builds/636685296

So i'm pretty confident that it's a misconfiguration on your laptop at this point. You can checkout how the job is building the dependencies for pyvmidbg here: https://travis-ci.org/Wenzel/pyvmidbg/jobs/636685297/config or in .travis.yml (distro: Ubuntu Bionic 18.04 LTS)

Regarding the documentation, you are not the first one to mention this issue. I have been developping pyvmidbg as a PoC and was focused on making it work to demonstrate stuff at the next conference, which involve writing a lot of code. So documentation wasn't in my radar.

But please ask your question eithers here or on the gitter room, and I add some docstrings or open a Wiki page to describe the components that may be obscure to you.

Thanks !

[Alibm73-zz]

Hi @Wenzel First of all, thank your very much for all the effort you made for helping me, I really appreciate it. When I followed your instructions step by step it worked perfectly,

(venv) aliadmin@alixen:~/iso/new/Wenzel/pyvmidbg$ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/lib" python -m vmidbg || true
Usage:
  vmidbg.py [options] <port> <vm_name> [<process>]
  vmidbg.py (-h | --help)

And thank you for your reply regarding the documentation. You can close this issue if you want

[Wenzel]

@Alibm73 your welcome, always happy to help new users !

Note: you can remove the || true part, it's just to have a 0 return code, so the CI will go green, because printing the help message returns a non-zero return code by default :)