Go to the source code of this file.
Data Structures | |
| struct | xa_cache_entry |
| struct | xa_instance |
| XenAccess instance. More... | |
| struct | xa_linux_taskaddr |
| Linux task information. More... | |
| struct | xa_windows_peb |
| Windows PEB information. More... | |
Defines | |
| #define | XA_SUCCESS 0 |
| #define | XA_FAILURE -1 |
| #define | XA_OS_LINUX 0 |
| #define | XA_OS_WINDOWS 1 |
| #define | XA_XENVER_UNKNOWN 0 |
| #define | XA_XENVER_3_0_4 1 |
| #define | XA_XENVER_3_1_0 2 |
Functions | |
| int | xa_init (uint32_t domain_id, xa_instance_t *instance) |
| int | xa_destroy (xa_instance_t *instance) |
| void * | xa_access_kernel_symbol (xa_instance_t *instance, char *symbol, uint32_t *offset) |
| void * | xa_access_kernel_sym (xa_instance_t *instance, char *symbol, uint32_t *offset, int prot) |
| void * | xa_access_virtual_address (xa_instance_t *instance, uint32_t virt_address, uint32_t *offset) |
| void * | xa_access_kernel_va (xa_instance_t *instance, uint32_t virt_address, uint32_t *offset, int prot) |
| void * | xa_access_virtual_range (xa_instance_t *instance, uint32_t virt_address, uint32_t size, uint32_t *offset) |
| void * | xa_access_kernel_va_range (xa_instance_t *instance, uint32_t virt_address, uint32_t size, uint32_t *offset, int prot) |
| void * | xa_access_user_virtual_address (xa_instance_t *instance, uint32_t virt_address, uint32_t *offset, int pid) |
| void * | xa_access_user_va (xa_instance_t *instance, uint32_t virt_address, uint32_t *offset, int pid, int prot) |
| void * | xa_access_user_virtual_range (xa_instance_t *instance, uint32_t virt_address, uint32_t size, uint32_t *offset, int pid) |
| void * | xa_access_user_va_range (xa_instance_t *instance, uint32_t virt_address, uint32_t size, uint32_t *offset, int pid, int prot) |
| uint32_t | xa_translate_kv2p (xa_instance_t *instance, uint32_t virt_address) |
| int | xa_read_long_sym (xa_instance_t *instance, char *sym, uint32_t *value) |
| int | xa_read_long_long_sym (xa_instance_t *instance, char *sym, uint64_t *value) |
| int | xa_read_long_virt (xa_instance_t *instance, uint32_t vaddr, int pid, uint32_t *value) |
| int | xa_read_long_long_virt (xa_instance_t *instance, uint32_t vaddr, int pid, uint64_t *value) |
| int | xa_read_long_phys (xa_instance_t *instance, uint32_t paddr, uint32_t *value) |
| int | xa_read_long_long_phys (xa_instance_t *instance, uint32_t paddr, uint64_t *value) |
| int | xa_read_long_mach (xa_instance_t *instance, uint32_t maddr, uint32_t *value) |
| int | xa_read_long_long_mach (xa_instance_t *instance, uint32_t maddr, uint64_t *value) |
| int | xa_symbol_to_address (xa_instance_t *instance, char *sym, uint32_t *vaddr) |
| int | xa_linux_get_taskaddr (xa_instance_t *instance, int pid, xa_linux_taskaddr_t *taskaddr) |
| int | xa_windows_get_peb (xa_instance_t *instance, int pid, xa_windows_peb_t *peb) |
More detailed description can go here.
| #define XA_SUCCESS 0 |
Return value indicating success.
Referenced by xa_destroy(), xa_linux_get_taskaddr(), xa_read_long_long_mach(), xa_read_long_long_phys(), xa_read_long_long_sym(), xa_read_long_long_virt(), xa_read_long_mach(), xa_read_long_phys(), xa_read_long_sym(), xa_read_long_virt(), and xa_windows_get_peb().
| #define XA_FAILURE -1 |
Return value indicating failure.
Referenced by xa_destroy(), xa_init(), xa_linux_get_taskaddr(), xa_read_long_long_mach(), xa_read_long_long_phys(), xa_read_long_long_sym(), xa_read_long_long_virt(), xa_read_long_mach(), xa_read_long_phys(), xa_read_long_sym(), xa_read_long_virt(), xa_symbol_to_address(), and xa_windows_get_peb().
| #define XA_OS_LINUX 0 |
Constant used to specify Linux in the os_type member of the xa_instance struct.
Referenced by xa_access_kernel_sym(), and xa_symbol_to_address().
| #define XA_OS_WINDOWS 1 |
Constant used to specify Windows in the os_type member of the xa_instance struct.
Referenced by xa_access_kernel_sym(), and xa_symbol_to_address().
| #define XA_XENVER_UNKNOWN 0 |
Constant used to indicate that we are running on a version of Xen that XenAccess does not support. XenAccess might work, or it might not. This is used in the xen_version member of the xa_instance struct.
| #define XA_XENVER_3_0_4 1 |
Constant used to indicate that we are running on Xen 3.0.4-1. This is used in the xen_version member of the xa_instance struct.
| #define XA_XENVER_3_1_0 2 |
Constant used to indicate that we are running on Xen 3.0.1 This is used in the xen_version member of the xa_instance struct.
| int xa_init | ( | uint32_t | domain_id, | |
| xa_instance_t * | instance | |||
| ) |
Initializes access to a specific domU given a domain id. The domain id must represent an active domain and must be > 0. All calls to xa_init must eventually call xa_destroy.
This is a costly funtion in terms of the time needed to execute. You should call this function only once per domain, and then use the resulting instance when calling any of the other library functions.
| [in] | domain_id | Domain id to access, specified as a number |
| [out] | instance | Struct that holds instance information |
References xa_instance::cache_head, xa_instance::cache_tail, xa_instance::current_cache_size, xa_instance::domain_id, xa_instance::live_pfn_to_mfn_table, xa_instance::nr_pfns, XA_FAILURE, and xa_instance::xc_handle.
| int xa_destroy | ( | xa_instance_t * | instance | ) |
Destroys an instance by freeing memory and closing any open handles.
| [in] | instance | Instance to destroy |
References xa_instance::domain_id, XA_FAILURE, XA_SUCCESS, and xa_instance::xc_handle.
| void* xa_access_kernel_symbol | ( | xa_instance_t * | instance, | |
| char * | symbol, | |||
| uint32_t * | offset | |||
| ) |
| [in] | instance | XenAccess instance |
| [in] | symbol | Desired kernel symbol to access |
| [out] | offset | Offset to kernel symbol within the mapped memory |
| void* xa_access_kernel_sym | ( | xa_instance_t * | instance, | |
| char * | symbol, | |||
| uint32_t * | offset, | |||
| int | prot | |||
| ) |
Memory maps one page from domU to a local address range. The memory to be mapped is specified with a kernel symbol (e.g., from System.map on linux). This memory must be unmapped manually with munmap.
| [in] | instance | XenAccess instance |
| [in] | symbol | Desired kernel symbol to access |
| [out] | offset | Offset to kernel symbol within the mapped memory |
| [in] | prot | Desired memory protection (PROT_READ, PROT_WRITE, etc) |
References xa_instance::os_type, XA_OS_LINUX, and XA_OS_WINDOWS.
| void* xa_access_virtual_address | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t * | offset | |||
| ) |
| [in] | instance | XenAccess instance |
| [in] | virt_address | Virtual address to access |
| [out] | offset | Offset to address within the mapped memory |
| void* xa_access_kernel_va | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t * | offset, | |||
| int | prot | |||
| ) |
Memory maps one page from domU to a local address range. The memory to be mapped is specified with a kernel virtual address. This memory must be unmapped manually with munmap.
| [in] | instance | XenAccess instance |
| [in] | virt_address | Virtual address to access |
| [out] | offset | Offset to address within the mapped memory |
| [in] | prot | Desired memory protection (PROT_READ, PROT_WRITE, etc) |
| void* xa_access_virtual_range | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t | size, | |||
| uint32_t * | offset | |||
| ) |
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired virtual address to access |
| [in] | size | Size in bytes of the accessed range |
| [out] | offset | Offset to the address within mapped memory |
| void* xa_access_kernel_va_range | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t | size, | |||
| uint32_t * | offset, | |||
| int | prot | |||
| ) |
Memory maps multiple pages from domU to a local address range. The memory to be mapped is specified with a kernel virtual address. This memory must be unmapped manually with munmap.
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired virtual address to access |
| [in] | size | Size in bytes of the accessed range |
| [out] | offset | Offset to the address within mapped memory |
| [in] | prot | Desired memory protection (PROT_READ, PROT_WRITE, etc) |
| void* xa_access_user_virtual_address | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t * | offset, | |||
| int | pid | |||
| ) |
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired virtual address to access |
| [out] | offset | Offset to address within the mapped memory |
| [in] | pid | PID of process' address space to use. If you specify 0 here, XenAccess will access the kernel virtual address space and this function's behavior will be the same as xa_access_virtual_address. |
| void* xa_access_user_va | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t * | offset, | |||
| int | pid, | |||
| int | prot | |||
| ) |
Memory maps one page from domU to a local address range. The memory to be mapped is specified with a virtual address from a process' address space. This memory must be unmapped manually with munmap.
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired virtual address to access |
| [out] | offset | Offset to address within the mapped memory |
| [in] | pid | PID of process' address space to use. If you specify 0 here, XenAccess will access the kernel virtual address space and this function's behavior will be the same as xa_access_virtual_address. |
| [in] | prot | Desired memory protection (PROT_READ, PROT_WRITE, etc) |
References xa_instance::kpgd.
| void* xa_access_user_virtual_range | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t | size, | |||
| uint32_t * | offset, | |||
| int | pid | |||
| ) |
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired virtual address to access |
| [in] | size | Size in bytes of the accessed range |
| [out] | offset | Offset to the address within mapped memory |
| [in] | pid | PID of process' address space to use. If you specify 0 here, XenAccess will access the kernel virtual address space and this function's be the same as xa_access_virtual_range. |
| void* xa_access_user_va_range | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address, | |||
| uint32_t | size, | |||
| uint32_t * | offset, | |||
| int | pid, | |||
| int | prot | |||
| ) |
Memory maps multiple pages from domU to a local address range. the memory to be mapped is specified by a virtual address from process' address space. Data structures that span multiple pages can be mapped without dealing with fragmentation.
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired virtual address to access |
| [in] | size | Size in bytes of the accessed range |
| [out] | offset | Offset to the address within mapped memory |
| [in] | pid | PID of process' address space to use. If you specify 0 here, XenAccess will access the kernel virtual address space and this function's be the same as xa_access_virtual_range. |
| [in] | prot | Desired memory protection (PROT_READ, PROT_WRITE, etc) |
References xa_instance::domain_id, xa_instance::kpgd, xa_instance::page_shift, xa_instance::page_size, and xa_instance::xc_handle.
| uint32_t xa_translate_kv2p | ( | xa_instance_t * | instance, | |
| uint32_t | virt_address | |||
| ) |
Performs the translation from a kernel virtual address to a physical address.
| [in] | instance | XenAccess instance |
| [in] | virt_address | Desired kernel virtual address to translate |
References xa_instance::kpgd.
| int xa_read_long_sym | ( | xa_instance_t * | instance, | |
| char * | sym, | |||
| uint32_t * | value | |||
| ) |
Reads a long (32 bit) value from memory, given a kernel symbol.
| [in] | instance | XenAccess instance |
| [in] | sym | Kernel symbol to read from |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_long_sym | ( | xa_instance_t * | instance, | |
| char * | sym, | |||
| uint64_t * | value | |||
| ) |
Reads a long long (64 bit) value from memory, given a kernel symbol.
| [in] | instance | XenAccess instance |
| [in] | sym | Kernel symbol to read from |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_virt | ( | xa_instance_t * | instance, | |
| uint32_t | vaddr, | |||
| int | pid, | |||
| uint32_t * | value | |||
| ) |
Reads a long (32 bit) value from memory, given a virtual address.
| [in] | instance | XenAccess instance |
| [in] | vaddr | Virtual address to read from |
| [in] | pid | Pid of the virtual address space (0 for kernel) |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_long_virt | ( | xa_instance_t * | instance, | |
| uint32_t | vaddr, | |||
| int | pid, | |||
| uint64_t * | value | |||
| ) |
Reads a long long (64 bit) value from memory, given a virtual address.
| [in] | instance | XenAccess instance |
| [in] | vaddr | Virtual address to read from |
| [in] | pid | Pid of the virtual address space (0 for kernel) |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_phys | ( | xa_instance_t * | instance, | |
| uint32_t | paddr, | |||
| uint32_t * | value | |||
| ) |
Reads a long (32 bit) value from memory, given a physical address.
| [in] | instance | XenAccess instance |
| [in] | paddr | Physical address to read from |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_long_phys | ( | xa_instance_t * | instance, | |
| uint32_t | paddr, | |||
| uint64_t * | value | |||
| ) |
Reads a long long (64 bit) value from memory, given a physical address.
| [in] | instance | XenAccess instance |
| [in] | paddr | Physical address to read from |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_mach | ( | xa_instance_t * | instance, | |
| uint32_t | maddr, | |||
| uint32_t * | value | |||
| ) |
Reads a long (32 bit) value from memory, given a machine address.
| [in] | instance | XenAccess instance |
| [in] | maddr | Machine address to read from |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_read_long_long_mach | ( | xa_instance_t * | instance, | |
| uint32_t | maddr, | |||
| uint64_t * | value | |||
| ) |
Reads a long long (64 bit) value from memory, given a machine address.
| [in] | instance | XenAccess instance |
| [in] | maddr | Machine address to read from |
| [out] | value | The value read from memory |
References xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_symbol_to_address | ( | xa_instance_t * | instance, | |
| char * | sym, | |||
| uint32_t * | vaddr | |||
| ) |
Looks up the virtual address of an exported kernel symbol.
| [in] | instance | XenAccess instance |
| [in] | sym | Kernel symbol (must be exported) |
| [out] | vaddr | The virtual address of the symbol |
References xa_instance::os_type, XA_FAILURE, XA_OS_LINUX, and XA_OS_WINDOWS.
| int xa_linux_get_taskaddr | ( | xa_instance_t * | instance, | |
| int | pid, | |||
| xa_linux_taskaddr_t * | taskaddr | |||
| ) |
Extracts information about the specified process' location in memory from the task struct specified by pid.
| [in] | instance | XenAccess instance |
| [in] | pid | The PID for the task to read from |
| [out] | taskaddr | Information from the specified task struct |
References xa_instance::linux_instance, xa_instance::os, xa_instance::page_size, XA_FAILURE, and XA_SUCCESS.
| int xa_windows_get_peb | ( | xa_instance_t * | instance, | |
| int | pid, | |||
| xa_windows_peb_t * | peb | |||
| ) |
Extracts information from the PEB struct, which is located at the top of the EPROCESS struct with the specified pid.
| [in] | instance | XenAccess instance |
| [in] | pid | The unique ID for the PEB to read from |
| [out] | peb | Information from the specified PEB |
References xa_windows_peb::ImageBaseAddress, xa_instance::os, xa_instance::page_size, xa_windows_peb::ProcessHeap, xa_instance::windows_instance, XA_FAILURE, and XA_SUCCESS.
1.5.5