search

Wenzel / pyvmidbg

LibVMI-based debug server, implemented in Python. Building a guest aware, stealth and agentless full-system debugger
GNU General Public License v3.0
216 stars 25 forks source link

VMI_EVENTS_VERSION #46

Closed ghost closed 4 years ago

ghost commented 4 years ago

Hello dear @Wenzel, When I run vmidbg on Arch Linux I got this:

Traceback (most recent call last):
  File "/usr/bin/vmidbg", line 33, in <module>
    sys.exit(load_entry_point('vmidbg==0.1', 'console_scripts', 'vmidbg')())
  File "/usr/bin/vmidbg", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/lib/python3.8/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 783, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/usr/lib/python3.8/site-packages/vmidbg/__main__.py", line 21, in <module>
    from vmidbg.libvmistub import LibVMIStub
  File "/usr/lib/python3.8/site-packages/vmidbg/libvmistub.py", line 11, in <module>
    from .rawdebugcontext import RawDebugContext
  File "/usr/lib/python3.8/site-packages/vmidbg/rawdebugcontext.py", line 5, in <module>
    from vmidbg.abstractdebugcontext import AbstractDebugContext
  File "/usr/lib/python3.8/site-packages/vmidbg/abstractdebugcontext.py", line 3, in <module>
    from vmidbg.breakpoint import BreakpointManager
  File "/usr/lib/python3.8/site-packages/vmidbg/breakpoint.py", line 6, in <module>
    from libvmi.event import EventResponse, IntEvent, SingleStepEvent, DebugEvent, RegEvent, RegAccess
  File "/usr/lib/python3.8/site-packages/libvmi/event.py", line 8, in <module>
    EVENTS_VERSION = lib.VMI_EVENTS_VERSION
AttributeError: cffi library '_libvmi' has no function, constant or global variable named 'VMI_EVENTS_VERSION'

libvmi and python bindings are from https://github.com/libvmi/python (git clone && build) Thanks in advance!

Wenzel commented 4 years ago

Hi @roptimizer,

The error you are facing is linked to the python bindings to libvmi.

Libvmi can be installed with or without events.h header. This is detected by the cffi build script: https://www.github.com/libvmi/python/tree/master/libvmi%2Flibvmi_build.py

And if it cannot detect this header, events.h definitions will not be available, including VMI_EVENTS_VERSION.

➡️ Check that libvmi is configured to install events.h

Wenzel commented 4 years ago

According to the build system: https://www.github.com/libvmi/libvmi/tree/master/libvmi%2FCMakeLists.txt

events.h is only available for Xen driver.

You are trying to use vmidbg on top of KVM ?

ghost commented 4 years ago

@Wenzel thanks you for the quick response. Sorry, forgot to mention, I built without Xen. What can I do, to work without Xen libs?

ghost commented 4 years ago

when I simply copy events.h and rebuild all, I get: https://github.com/Wenzel/pyvmidbg/issues/42

Traceback (most recent call last):
  File "/usr/bin/vmidbg", line 33, in <module>
    sys.exit(load_entry_point('vmidbg==0.1', 'console_scripts', 'vmidbg')())
  File "/usr/bin/vmidbg", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/lib/python3.8/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 783, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/usr/lib/python3.8/site-packages/vmidbg/__main__.py", line 21, in <module>
    from vmidbg.libvmistub import LibVMIStub
  File "/usr/lib/python3.8/site-packages/vmidbg/libvmistub.py", line 11, in <module>
    from .rawdebugcontext import RawDebugContext
  File "/usr/lib/python3.8/site-packages/vmidbg/rawdebugcontext.py", line 5, in <module>
    from vmidbg.abstractdebugcontext import AbstractDebugContext
  File "/usr/lib/python3.8/site-packages/vmidbg/abstractdebugcontext.py", line 3, in <module>
    from vmidbg.breakpoint import BreakpointManager
  File "/usr/lib/python3.8/site-packages/vmidbg/breakpoint.py", line 6, in <module>
    from libvmi.event import EventResponse, IntEvent, SingleStepEvent, DebugEvent, RegEvent, RegAccess
  File "/usr/lib/python3.8/site-packages/libvmi/event.py", line 8, in <module>
    EVENTS_VERSION = lib.VMI_EVENTS_VERSION
ffi.error: the C compiler says 'VMI_EVENTS_VERSION' is equal to 7 (0x7), but the cdef disagrees
Wenzel commented 4 years ago

You can copy libvmi/events.h in /usrinclude/libvmi.

If you want to work with kvm you have to use kvm-vmi though

ghost commented 4 years ago

@Wenzel I simply move VMI_EVENTS_VERSION from 0x7 to 0x6 and everything is working now!

ghost commented 4 years ago

@Wenzel your tool is included in BlackArch Linux :)

Wenzel commented 4 years ago

@roptimizer that's great ! thanks for the effort of packaging pyvmidbg in your distro !

I can't find it listed under the tools, maybe this listing needs an update ? https://blackarch.org/tools.html

I fixed the issue you reported in this PR: https://github.com/libvmi/python/pull/62