Skip to content

Commit

Permalink
Add unicode extraction wrapper and expose it to introspectionAPI (#87)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cakeless
cakeless authored Mar 20, 2023
1 parent 84dbb76 commit 3cc75e4
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 1 deletion.
4 changes: 4 additions & 0 deletions vmicore/src/include/vmicore/vmi/IIntrospectionAPI.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include "../types.h"
#include <cstdint>
#include <memory>
#include <optional>
#include <string>
#include <tuple>
#include <vector>
Expand Down Expand Up @@ -45,6 +46,9 @@ namespace VmiCore

virtual std::unique_ptr<std::string> extractUnicodeStringAtVA(addr_t stringVA, addr_t cr3) = 0;

[[nodiscard]] virtual std::optional<std::unique_ptr<std::string>>
tryExtractUnicodeStringAtVA(const addr_t stringVA, const addr_t cr3) = 0;

virtual std::unique_ptr<std::string> extractStringAtVA(addr_t virtualAddress, addr_t cr3) = 0;

[[nodiscard]] virtual OperatingSystem getOsType() = 0;
Expand Down
14 changes: 13 additions & 1 deletion vmicore/src/lib/vmi/LibvmiInterface.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,18 @@ namespace VmiCore
}

std::unique_ptr<std::string> LibvmiInterface::extractUnicodeStringAtVA(const addr_t stringVA, const addr_t cr3)
{
auto extractedString = tryExtractUnicodeStringAtVA(stringVA, cr3);

if (!extractedString)
{
throw VmiException(fmt::format("{}: Unable to convert unicode string", __func__));
}
return std::move(extractedString.value());
}

std::optional<std::unique_ptr<std::string>> LibvmiInterface::tryExtractUnicodeStringAtVA(const addr_t stringVA,
const addr_t cr3)
{
auto accessContext = createVirtualAddressAccessContext(stringVA, cr3);
std::lock_guard<std::mutex> lock(libvmiLock);
Expand All @@ -351,7 +363,7 @@ namespace VmiCore
vmi_free_unicode_str(extractedUnicodeString);
if (success != VMI_SUCCESS)
{
throw VmiException(fmt::format("{}: Unable to convert unicode string", __func__));
return std::nullopt;
}
auto result = std::make_unique<std::string>(reinterpret_cast<char*>(convertedUnicodeString.contents),
convertedUnicodeString.length);
Expand Down
3 changes: 3 additions & 0 deletions vmicore/src/lib/vmi/LibvmiInterface.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ namespace VmiCore

[[nodiscard]] std::unique_ptr<std::string> extractUnicodeStringAtVA(addr_t stringVA, addr_t cr3) override;

[[nodiscard]] std::optional<std::unique_ptr<std::string>>
tryExtractUnicodeStringAtVA(const addr_t stringVA, const addr_t cr3) override;

[[nodiscard]] std::unique_ptr<std::string> extractStringAtVA(addr_t virtualAddress, addr_t cr3) override;

void stopSingleStepForVcpu(vmi_event_t* event, uint vcpuId) override;
Expand Down
5 changes: 5 additions & 0 deletions vmicore/test/include/vmicore_test/vmi/mock_IntrospectionAPI.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ namespace VmiCore

MOCK_METHOD(std::unique_ptr<std::string>, extractUnicodeStringAtVA, (addr_t, addr_t), (override));

MOCK_METHOD(std::optional<std::unique_ptr<std::string>>,
tryExtractUnicodeStringAtVA,
(addr_t, addr_t),
(override));

MOCK_METHOD(std::unique_ptr<std::string>, extractStringAtVA, (addr_t, addr_t), (override));

MOCK_METHOD(OperatingSystem, getOsType, (), (override));
Expand Down
5 changes: 5 additions & 0 deletions vmicore/test/lib/vmi/mock_LibvmiInterface.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@ namespace VmiCore

MOCK_METHOD(std::unique_ptr<std::string>, extractUnicodeStringAtVA, (const addr_t, const addr_t), (override));

MOCK_METHOD(std::optional<std::unique_ptr<std::string>>,
tryExtractUnicodeStringAtVA,
(addr_t, addr_t),
(override));

MOCK_METHOD(std::unique_ptr<std::string>, extractStringAtVA, (const addr_t, const addr_t), (override));

MOCK_METHOD(void, stopSingleStepForVcpu, (vmi_event_t*, uint), (override));
Expand Down

0 comments on commit 3cc75e4

Please sign in to comment.