Lib.rs

Operating systems | Memory managementmemflow
#physical-memory #memflow #memory #introspection #linux-kernel #kernel-module #api-bindings

memflow-kvm

kvm connector for the memflow physical memory introspection framework

by Auri, ko1N and 3 contributors

9 releases

0.2.0 Dec 25, 2023
0.2.0-beta7 Jul 24, 2022
0.2.0-beta2 Mar 18, 2022
0.2.0-beta11 Dec 17, 2023
0.0.0 Sep 1, 2020

#168 in Memory management

Download history 4/week @ 2023-12-25 21/week @ 2024-02-26 8/week @ 2024-03-11 58/week @ 2024-04-01

66 downloads per month

MIT license

17KB
210 lines

memflow's KVM connector

This is a connector for Linux kernel based virtual machines (KVMs), which by utilizing a kernel module directly maps all VM memory. This provides an effortless way to run memflow on all KVM based VMs (not just QEMU), and with highest performance.

Setting up

This connector requires the memflow module to be present (to access /dev/memflow interface), and have appropriate permissions to access the interface.

For development purposes, it is possible to chmod o+rw /dev/memflow to gain access, but it is a security risk.

create_connector accepts a single, optional, argument - PID. This PID will be passed to the memflow module to select which VM monitor to target, or can be omitted to pick the first found one.

Dependencies

~6–9MB
~165K SLoC