vm

[xiaobaixuejava]

There is no real-time memory reading video about vm virtual machines on youtube. Can you tell me again how the python code is configured to read memory information through software?

[ufrisk]

Thanks, I'll remove it.

Google ransomed my account. I had it for for 10-15 years and then they locked it demanding that I'd pay a hefty monthly amount for "Google Workspace for business". When remade the account into a free one they deleted all the videos I had at youtube. A lesson for me to never trust the cloud in general, or Google specifically I guess...

I'll remove the broken link to the video.

As for reading VMs, it's dependent on what you wish to do, do you with to parse VMs out of a memory dump or out of the host physical memory you may do this for Hyper-V and WHVP VMs using MemProcFS - https://github.com/ufrisk/MemProcFS/wiki/VM or its APIs.

If wishing to connect to a specific VM to read/write memory VMWare, QEMU and Hyper-V is supported as separate memory aquisition devices. You may have to run as admin though. More info about these separate acquisition methods in the LeechCore wiki - https://github.com/ufrisk/LeechCore/wiki

[xiaobaixuejava]

I have the following code to connect to the vm, but it doesn't work and returns null. I have leechcore.dll and vmm.dll dependencies in the directory. I want to read the memory information of a vm virtual machine without dmf hardware. Through MemProcFS, I can see the mounted vm information and see the process files, etc., but I don't know how to get it through the code

const char* tmp_str[] = { "","-device","vmware://id=8596" }; VMM_HANDLE hVMM = VMMDLL_Initialize(3, tmp_str);

[ufrisk]

You have to start it as "elevated administrator" not as a normal user if targeting vmware.

Also it may be a good idea to add some verbosity flags, i.e. -v and -vv.

Your example code is C/C++ not Python as you first mention. Info about Python is found here: https://github.com/ufrisk/MemProcFS/wiki/API_Python

[xiaobaixuejava]

What I gave is a c++ project I found. I may change it to a python project later, but now the c++ project has not been read successfully. I have used administrator privileges to start vs and run the project, but it still returns null. Maybe I have a configuration error. You can debug this problem.

[xiaobaixuejava]

Use the code above to initialize, do you need to configure the vm virtual machine?Do I need to modify any configuration of the vm virtual machine using the above c++ code to initialize?

[xiaobaixuejava]

The operation can be read after restarting the computer. Anyway, thank you

[ufrisk]

Awesome to see you got it to work. I hope you'll find my open source software useful.

If you should have any questions in the future, it's probably better to ask them over at the Discord server I have linked, since this github issues section is more for reporting bugs and errors (which you did about the broken youtube link).

Best wishes with your project!

[xiaobaixuejava]

There is another question I need to ask you again. If I want to use python to implement the following c++ code, what should I do? I used the memprocfs library to implement it, but it didn't work python import memprocfs vmm = memprocfs.Vmm(['-device', 'vmware://id=20244'])

c++ DWORD DWPID = NULL; QWORD qProcessbase = NULL;

// 初始化库 const char* tmp_str[] = { "","-device","vmware://id=20244" }; VMM_HANDLE hVMM = VMMDLL_Initialize(3, tmp_str); if (hVMM == NULL) { return 0; }

[ufrisk]

run python as admin.

[xiaobaixuejava]

I found the python document in wiki and realized the memory reading function. Thank you for your patience in replying