Possible Rust support?

[22Jase]

Just want to start off and say you have an amazing project here and I really appreciate all the hard work.

Do you have any plans on adding a Rust API for this repo?

[ufrisk]

Hi,

Thanks for this very nice feature request.

I've been thinking about looking into Rust for quite some time; mainly to allow for easy Rust modules support within MemProcFS. I've been a bit busy for this. Also I kinda hope Rust support will make its way into Visual Studio which would make things a lot easier for me. The core project as such is likely to stay as C though since it's working really without any issues (what I know of) around memory management.

---

I agree that having a Rust API / Rust Crate would be super nice though. And with the growing popularity of Rust this is definitely soemthing I'd have to add. I'll put this up as an enhancement.

I first have to learn Rust though. With me having a full time job to take care of as well time is somewhat limited unfortunately. It's probably not going to be a near-term addition, but it's very likely I'll be able to add this before the end of the year.

[worstpractice]

Hi,

Thanks for this very nice feature request.

I've been thinking about looking into Rust for quite some time; mainly to allow for easy Rust modules support within MemProcFS. I've been a bit busy for this. Also I kinda hope Rust support will make its way into Visual Studio which would make things a lot easier for me. The core project as such is likely to stay as C though since it's working really without any issues (what I know of) around memory management.

I agree that having a Rust API / Rust Crate would be super nice though. And with the growing popularity of Rust this is definitely soemthing I'd have to add. I'll put this up as an enhancement.

I first have to learn Rust though. With me having a full time job to take care of as well time is somewhat limited unfortunately. It's probably not going to be a near-term addition, but it's very likely I'll be able to add this before the end of the year.

Wonderful news @ufrisk! I am far from a Rust expert myself, but I have a few years of enthusiastic tinkering under my belt (primarily on Windows).

If there's anything I can assist you with please don't hesitate to ask 🙂 There are no stupid questions!

PS: your work is a constant source of inspiration for me. Thanks for everything you do Ulf 👏

One link I suspect you might enjoy: https://cheats.rs

[ufrisk]

Thanks. This is high up on my list, but I've been putting it off for some time. Unfortunately I have some other projects in the near future, also got to prepare some labs for the defcon conference (mid august). After that I'll try to find the time though. Hopefully I'll have something ready in September/October.

For me it would be nice to be able to write some plugins for MemProcFS in Rust even if the core is probably a bit too large and well functioning as-is to convert.

[jaybocc2]

MemFlow supports PciLeech and various other memory adapters and I have been using it for at least 7-8+ months on a Linux Arm based SBC! It works great and I highly recommend giving it a shot. Its very powerful and performant!

[ufrisk]

Long over due, but I had to take the time to learn rust first which was a bit of a hurdle...

But now there is an official MemProcFS Rust API. It's well documented and there are examples for everything under the vmmrust project sub-directory here on Github.

For simplicity it may be much easier to include MemProcFS on crates.io directly in your Cargo.toml rather than including from the Github project directly.

My intention is that the Rust API should be fairly complete, well documented and easy to use.

Initialize by specifying the path to the directory containing the native release containing vmm.so or vmm.dll (together with the other supporting files).

let args = ["-device", "fpga"].to_vec();
let vmm = Vmm::new("/home/user/memprocfs/vmm.so", &args)?
if let Ok(process_all) = vmm.process_list() {
    for process in &*process_all {
        println!("{} : {}", process.pid, process.info()?.name);
    }
}

I have a few remaining features to add in the coming days. Primarily full support for the Windows registry and the Search functionality. I expect to complete this very soon.

Also it would be super awesome if I could get some feedback on this API. Is there anything that I should change/add or maybe document better?

I hope this library will be extremely useful, fast and easy-to-use.

Please let me know!

[KernelKrusha]

TACK! ❤️

[ufrisk]

Updated with Registry support and documentation here and on crates.io

(documentation build seems to be taking a couple of hours still).

Search will be implemented in the coming days.

[jaybocc2]

@ufrisk I have been using MemFlow which had its own implementation of the leechcore interface (https://github.com/memflow/memflow-pcileech). Can i expect more or less the same performance for this library vs memflow? That is if you have any idea, of course. Otherwise i will try to find some time to give it a whirl myself.

[ufrisk]

@jaybocc2 I have no idea. I'm not associated with that project.

I suspect performance will be similar since it would be mostly I/O bound anyway and they use my tools in the background as far as I know. The one thing that will give a huge performance boost that I'm aware of at the moment is to run it on Windows since the underlying driver is more performant.

MemProcFS is much more feature rich though. If you are interested in those extra features.

Also I hope I created a well thought out API that should be easy to use. Please let me know if you have any improvement suggestions.

[ufrisk]

The general Rust API for MemProcFS should now be feature complete and have an 1:1 parity with the C/C++ API for all general use.

Since last versions I've added the missing registry support, and also a binary quick search functionality.

The only part where the Rust API does not have 1:1 parity with the C/C++ API if if you're creating a Plugin for MemProcFS that use advanced functionality to feed data into the forensic timeline and some other plugin forensic functions. These will be added when I do a general refresh of that API in the next MemProcFS version.

Once again, it would be super awesome if I could get some feedback about the Rust API. It works on both Linux and Windows and is very feature rich. Let me know what you think or if you feel I should be adding something to it. Check out the new crate at https://crates.io/crates/memprocfs

It seems the updated docs will take quite some time before it appears at https://docs.rs/memprocfs/ but hopefully it should be there tomorrow. I haven't changed anything to existing functionality (other than updating some documentation) though.

---

Anyway I'm closing this enhancement request now since it's finally fulfilled 2,5 years later. I apologize it took this long time, but it was a large task for me to complete since it involved getting started with Rust as well.