Memflow Versions Save

physical memory introspection framework

0.2.1

1 week ago
  • Added aarch64 16k page support
  • Added a seperate CachedView as a new page cache on top of MemoryView

0.2.0

1 week ago

0.2.0

  • Updated ABI version to 1

0.2.0-beta11

  • Added dtb1 and dtb2 fields to ProcessInfo structure
  • Added a function to the process trait which allows overriding dtb1/dtb2 with a custom value

0.2.0-beta10

  • Removed all 'Inner' types and replaced them with GAT - this also shifts memflow to a minimum rust version of 1.74.0
  • Improved cache configuration when using plugins (usage: --connector kvm:::cache=true,cache_size=1kb,cache_time=10,cache_page_size=1000 where size and page_size is specified in hex)
  • Added DelayedPhysicalMemory middleware (usage: --connector kvm:::delay=200 where delay is specified in microseconds)
  • Added PhysicalMemoryMetrics middleware (usage: --connector kvm:::metrics=true)
  • Updated FileIoMemory constructor with a default identity mapped memory mapping.
  • Rewrote argument parser to properly handle quotes in complex arguments.

0.2.0-beta9

0.2.0-beta8

  • Hotfix for new bumpalo release

0.2.0-beta7

  • Unified and simplified plugin proc macros and updated their documentation

0.2.0-beta6

  • Added additional export/import/section helpers
  • Dependency updates

0.2.0-beta5

  • Cleaned up plugin search paths and matched them with memflowup
  • Improved error messages
  • Plugins are resolved to their canonical path before adding
  • Added VirtualTranslate as optional trait on Os
  • Updated to latest cglue

0.2.0-beta4

  • Added missing functions to retrieve exports/imports/sections from kernel modules
  • Added functions to retrieve primary kernel module

0.2.0-beta3

  • Allow for PhysicalMemoryView to fill in gaps with zeros

0.2.0-beta2

  • Memory API and Address rework

0.2.0-beta1

  • Entirely new cglue based plugin architecture and various other major improvements

0.2.0-beta11

5 months ago
  • Added dtb1 and dtb2 fields to ProcessInfo structure
  • Added a function to the process trait which allows overriding dtb1/dtb2 with a custom value

0.2.0-beta1

2 years ago

0.2.0-beta1

  • Entirely new cglue based plugin architecture and various other major improvements

0.1.5

3 years ago

0.1.5

  • Added memflow::prelude::v1 and memflow_win32::prelude::v1 modules
  • Added new fields to FFI
  • Improved consistency of these function names in C FFI: phys_read_raw -> phys_read_raw_into, page_size -> arch_page_size.
  • Added C++ bindings for the FFI
  • Fixed core errors not displaying the full error message when wrapped in a win32 error
  • Changed windows inventory search path from [user]/.local/lib/memflow to [user]/Documents/memflow
  • Added {PWD} to inventory search path

Transitioning from C FFI to C++ FFI:

  • memflow.h, and memflow_win32.h become memflow_cpp.h, and memflow_win32_cpp.h.
    • The headers still depend on memflow.h, and memflow_win32.h. They are just wrappers for safety, and ergonomics.
  • Types transition from Type * to CType. Every CType include automatic object destruction, so there is no need for the type_free methods.
  • CType contains a Type * inside. The pointer can still be null. Checking whether object is valid is still the same: if (CType != NULL)
  • Methods are implemented as class members. Most methods loose their prefix. The change looks like this: process_module_info(Win32Process *process, const char *name) becomes CWin32Process::module_info(this, const char *name).
    • Calling methods changes into calling a function on the object, instead of with the object. Example: process_module_info(proc, "ntdll.dll") becomes proc.module_info("ntdll.dll").
    • Exception to this are virt, and phys read/write functions. They do not loose their prefix, because they do have the prefix in the Rust library. So, virt_read_u64(mem, addr) becomes mem.virt_read_u64(addr).
  • There are extra convenience functions that utilize STL's string, and vector containers. Getting process/module names, and lists becomes much simpler.