Python API and LeechCore plugins?

[wilhelmw201]

Hi, I am trying to use the hyperv plugin (leechcore_device_hvmm.dll) for leechcore, but I do not know where to put this plugin or how to edit the search path so that it is recognized. I tried Lib\site-packages\leechcorepyc\ where a few other similarly named dlls are located (e.g. leechcore_device_hvsavedstate.dll) but I still get TypeError: Vmm.init(): Initialization of vmm failed when I run vmm = memprocfs.Vmm(['-device', 'hvmm']). and TypeError: Unable to initialize. when I run x = leechcorepyc.LeechCore('hvmm'). Any help is appreciated.

[ufrisk]

I haven't tried this combo myself, but it should work. Drop the leechcore_device_hvmm.dll file together with other supporting files (hvmm.sys and hvlib.dll) next to leechcore.dll in the leechcore package folder under site-packages.

then as elevated admin start python (this is required to load the hvmm driver).

Then to list VMs:

vmm = memprocfs.Vmm(['-printf', '-device', 'hvmm://listvm'])

And connect to a VM with id = 1

vmm = memprocfs.Vmm(['-device', 'hvmm://id=1'])

Please let me know how it goes.

[wilhelmw201]

Hi, thank you for the quick reply! I am running in admin, running the provided line still get me errors such as this one:

DEVICE: ERROR: Failed opening file: 'hvmm://listvm'.
MemProcFS: Failed to connect to memory acquisition device.

The leechcorepyc folder already looks like this

.....\Lib\site-packages\leechcorepyc> ls -n

__pycache__
FTD3XX.dll
hvlib.dll
hvmm.sys
leechcore.dll
leechcorepyc.pyd
leechcore_device_hvmm.dll
leechcore_device_hvsavedstate.dll
leechcore_device_rawtcp.dll
leechcore_device_sp605tcp.dll
vcruntime140.dll
__init__.py

Also the other dlls (I am trying hvsavedstate only) seem to look fine.

However, running python in WinDBG can make it work...

[wilhelmw201]

I dont get it, I tried running python from an IDE and running it standalone as admin, both fail at loading, but if I run it in an admin WinDBG it loads without problems :rofl:.

[ufrisk]

I'm sorry I was a bit late in responding. I've been away and was thinking about looking into why this was happening in the weekend.

But I get that you resolved it on your own?

If you don't mind me asking, what did you do to resolve the issue?

[wilhelmw201]

It was not resolved, but running python and using memprocfs from an admin WinDBG works. So despite being ugly this does not become an issue for me 😆 I just need to use WinDBG each time.

I guess I should reopen it?

[ufrisk]

The issue seems to be that hvlib.dll is loaded from current path only.

It will work if hvlib.dll is placed in the current directory while leechcore_device_hvmm.dll and hvmm.sys are placed in the Python \Lib\site-packages\leechcorepyc folder.

This is an issue with the LiveCloudKd plugin. Do you wish to create an issue for it in the LiveCloudKd repo or do you wish for me to do it?

The workaround is easy enough. Place hvlib.dll in current directory (or system32) and it will work.

[wilhelmw201]

ah ok. thank you for the reply! I will open the issue and copy the dll to system32. 👍