search

memflow / memflow

physical memory introspection framework
https://memflow.github.io
MIT License
766 stars 67 forks source link

examples not work and invalid ABI errors. #96

Open fIappy opened 1 year ago

fIappy commented 1 year ago

➜ memflow git:(main) cargo run --example=process_list --release -- -vv -o win32
Finished release [optimized] target(s) in 0.06s Running /home/v/Desktop/virt/memflow/./runner.sh target/release/examples/process_list -vv -o win32 11:51:57 [INFO] scanning "/usr/lib/memflow" for libraries 11:51:57 [INFO] adding plugin 'Connector/dummy': "/usr/lib/memflow/libmemflow_ffi.so" 11:51:57 [INFO] adding plugin 'OS/dummy': "/usr/lib/memflow/libmemflow_ffi.so" 11:51:57 [INFO] scanning "/usr/local/lib/memflow" for libraries 11:51:57 [WARN] MEMFLOW_CONNECTOR_KCORE has invalid ABI. 11:51:57 [INFO] adding plugin 'OS/win32': "/usr/local/lib/memflow/libmemflow_win32.dev.so" 11:51:57 [WARN] MEMFLOW_CONNECTOR_PCILEECH has invalid ABI. 11:51:57 [WARN] MEMFLOW_OS_NATIVE has invalid ABI. 11:51:57 [WARN] MEMFLOW_CONNECTOR_COREDUMP has invalid ABI. 11:51:57 [WARN] MEMFLOW_CONNECTOR_QEMU has invalid ABI. 11:51:57 [WARN] MEMFLOW_CONNECTOR_KVM has invalid ABI. 11:51:57 [INFO] scanning "/home/v/.local/lib/memflow" for libraries 11:51:57 [INFO] scanning "/home/v/Desktop/virt/memflow" for libraries 11:51:57 [INFO] attempting to load OS type plugin win32 from /usr/local/lib/memflow/libmemflow_win32.dev.so 11:51:57 [ERROR] oslayer: configuration error (Must provide memory!) 11:51:57 [ERROR] oslayer: configuration error Error: Error(OsLayer, Configuration)

ihateadmins commented 1 year ago

in case you have used memflowup instead of building all libs from git source with tag beta9. that's a known issue and was answered in the memflow discord ko1N: "Will be fixed by version10"

ko1N commented 1 year ago

The error you are seeing comes from a missing physical memory connection. In memflow the examples allow to chain arguments, e.g. you can first load a connector with -c qemu then feed it into an os with -o win32 then another connector and so forth...

So the arguments required would look more something like this: cargo run --example=process_list --release -- -vv -c qemu -o win32

There is os plugins which do not require a physical memory connection like memflow-native, but win32 does.

The invalid ABI can be solved by manually installing the corresponding connectors from their plugins and checking out the proper version tag you checked out on memflow (e.g. in memflow repo check out 0.2.0-beta9 and then use connectors/win32 0.2.0-beta9).