# Libvmi Python bindings
[](https://gitter.im/libvmi/python?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[](https://github.com/libvmi/python/actions/workflows/ci.yml)
If you'd rather perform introspection using Python instead of C, then these
bindings will help get you going.
The bindings are `Python 2` compatible.
## Requirements
- `python3-pkgconfig`
- `python3-cffi` (`> 1.6.0`)
- `python3-future`
- `libvmi`
## Setup
python setup.py build
python setup.py install
## API
### Constructor
The main class that you need to import is `Libvmi`.
The default parameters uses `VMI_CONFIG_GLOBAL_FILE_ENTRY` and calls `vmi_init_complete`:
~~~Python
from libvmi import Libvmi
with Libvmi("Windows_7") as vmi:
os = vmi.get_ostype()
~~~
You can specify a `string` (`VMI_CONFIG_STRING`):
~~~Python
from libvmi import Libvmi, VMIConfig
config_str = '{ostype = "Windows";win_pdbase=0x28;win_pid=0x180;win_tasks=0x188;win_pname=0x2e0;}'
with Libvmi("Windows_7", mode=VMIConfig.STRING, config=config_str) as vmi:
os = vmi.get_ostype()
~~~
Or a `dict` (`VMI_CONFIG_GHASHTABLE`):
~~~Python
from libvmi import Libvmi, VMIConfig
hash = {
"ostype": "Windows",
"win_pdbase": 0x28,
"win_tasks": 0x188,
"win_pid": 0x180,
"win_pname": 0x2e0,
}
with Libvmi("Windows_7", mode=VMIConfig.DICT, config=hash) as vmi:
os = vmi.get_ostype()
~~~
You can also use a `partial` initialization, which calls `vmi_init`.
(It doesn't require a configuration):
~~~Python
from libvmi import Libvmi
with Libvmi("Windows_7", partial=True) as vmi:
~~~
### Examples
~~~Python
from libvmi import Libvmi, AccessContext, TranslateMechanism
with Libvmi("Windows_7") as vmi:
pshead = vmi.read_addr_ksym("PsActiveProcessHead")
name = vmi.get_name()
id = vmi.get_vmid()
buffer, bytes_read = vmi.read_va(pshead, 4, 16)
vmi.write_va(pshead, 4, buffer)
ctx = AccessContext(TranslateMechanism.KERNEL_SYMBOL, ksym="PsActiveProcessHead")
buffer, bytes_read = vmi.read(ctx, 8)
~~~
Note: The implementation already checks if the return value is `VMI_FAILURE` and
raises a `LibvmiError` in such case.
## Integration
### Volatility
You can use the
[`volatlity`](https://github.com/volatilityfoundation/volatility) framework
directly in top of the bindings.
git clone https://github.com/volatilityfoundation/volatility /tmp
cp ./volatility/vmi.py /tmp/volatility/volatility/plugins/addrspaces/
Usage
python vol.py -l vmi://domain --profile=Win7SP0x64 pslist
### Rekall
The [`Rekall`](https://github.com/google/rekall) address space is already
integrated
[upstream](https://github.com/google/rekall/blob/master/rekall-core/rekall/plugins/addrspaces/vmi.py).
Usage
rekall -f vmi://domain pslist
# Contributors
- Bryan D. Payne
- Mathieu Tarral
Raw data
{
"_id": null,
"home_page": "https://github.com/libvmi/python",
"name": "libvmi",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "Mathieu Tarral",
"author_email": "mathieu.tarral@protonmail.com",
"download_url": null,
"platform": null,
"description": "# Libvmi Python bindings\n\n[](https://gitter.im/libvmi/python?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)\n[](https://github.com/libvmi/python/actions/workflows/ci.yml)\n\nIf you'd rather perform introspection using Python instead of C, then these\nbindings will help get you going.\n\nThe bindings are `Python 2` compatible.\n\n## Requirements\n\n- `python3-pkgconfig`\n- `python3-cffi` (`> 1.6.0`)\n- `python3-future`\n- `libvmi`\n\n## Setup\n\n python setup.py build\n python setup.py install\n\n## API\n\n### Constructor\n\nThe main class that you need to import is `Libvmi`.\n\nThe default parameters uses `VMI_CONFIG_GLOBAL_FILE_ENTRY` and calls `vmi_init_complete`:\n~~~Python\nfrom libvmi import Libvmi\n\nwith Libvmi(\"Windows_7\") as vmi:\n os = vmi.get_ostype()\n~~~\n\nYou can specify a `string` (`VMI_CONFIG_STRING`):\n~~~Python\nfrom libvmi import Libvmi, VMIConfig\n\nconfig_str = '{ostype = \"Windows\";win_pdbase=0x28;win_pid=0x180;win_tasks=0x188;win_pname=0x2e0;}'\n\nwith Libvmi(\"Windows_7\", mode=VMIConfig.STRING, config=config_str) as vmi:\n os = vmi.get_ostype()\n~~~\n\nOr a `dict` (`VMI_CONFIG_GHASHTABLE`):\n~~~Python\nfrom libvmi import Libvmi, VMIConfig\n\nhash = {\n \"ostype\": \"Windows\",\n \"win_pdbase\": 0x28,\n \"win_tasks\": 0x188,\n \"win_pid\": 0x180,\n \"win_pname\": 0x2e0,\n}\n\nwith Libvmi(\"Windows_7\", mode=VMIConfig.DICT, config=hash) as vmi:\n os = vmi.get_ostype()\n~~~\n\nYou can also use a `partial` initialization, which calls `vmi_init`.\n(It doesn't require a configuration):\n~~~Python\nfrom libvmi import Libvmi\n\nwith Libvmi(\"Windows_7\", partial=True) as vmi:\n\n~~~\n\n### Examples\n\n~~~Python\nfrom libvmi import Libvmi, AccessContext, TranslateMechanism\n\nwith Libvmi(\"Windows_7\") as vmi:\n pshead = vmi.read_addr_ksym(\"PsActiveProcessHead\")\n name = vmi.get_name()\n id = vmi.get_vmid()\n buffer, bytes_read = vmi.read_va(pshead, 4, 16)\n vmi.write_va(pshead, 4, buffer)\n ctx = AccessContext(TranslateMechanism.KERNEL_SYMBOL, ksym=\"PsActiveProcessHead\")\n buffer, bytes_read = vmi.read(ctx, 8)\n~~~\n\n\nNote: The implementation already checks if the return value is `VMI_FAILURE` and\nraises a `LibvmiError` in such case.\n\n\n## Integration\n\n### Volatility\n\nYou can use the\n[`volatlity`](https://github.com/volatilityfoundation/volatility) framework\ndirectly in top of the bindings.\n\n git clone https://github.com/volatilityfoundation/volatility /tmp\n cp ./volatility/vmi.py /tmp/volatility/volatility/plugins/addrspaces/\n\nUsage\n\n python vol.py -l vmi://domain --profile=Win7SP0x64 pslist\n\n### Rekall\n\nThe [`Rekall`](https://github.com/google/rekall) address space is already\nintegrated\n[upstream](https://github.com/google/rekall/blob/master/rekall-core/rekall/plugins/addrspaces/vmi.py).\n\nUsage\n\n rekall -f vmi://domain pslist\n\n# Contributors\n\n- Bryan D. Payne\n- Mathieu Tarral\n\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Python interface to LibVMI",
"version": "3.7.1",
"project_urls": {
"Homepage": "https://github.com/libvmi/python"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "06fd79c953f2f05d7a8b394cae0236954568998bb1dc56f11b89059a8e69201f",
"md5": "dec2e2e35ace419c44e2f55f11823761",
"sha256": "5d197d3f2274392614639e111cd54f56426d0c6c3653409f59725039fa6931d0"
},
"downloads": -1,
"filename": "libvmi-3.7.1-cp310-cp310-manylinux_2_28_x86_64.whl",
"has_sig": false,
"md5_digest": "dec2e2e35ace419c44e2f55f11823761",
"packagetype": "bdist_wheel",
"python_version": "cp310",
"requires_python": null,
"size": 946894,
"upload_time": "2024-11-13T14:56:59",
"upload_time_iso_8601": "2024-11-13T14:56:59.998858Z",
"url": "https://files.pythonhosted.org/packages/06/fd/79c953f2f05d7a8b394cae0236954568998bb1dc56f11b89059a8e69201f/libvmi-3.7.1-cp310-cp310-manylinux_2_28_x86_64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "d8dc718616f2a3c8a943ff1cff891fc3d4ab86c869cb6cbf0059b586aeea87fa",
"md5": "ab3485dad75ceed83b87a4885771e08a",
"sha256": "00c4341e7fea70c86524bd9947b5cf2ddd4e8c61d39459deacdef8de61279a13"
},
"downloads": -1,
"filename": "libvmi-3.7.1-cp311-cp311-manylinux_2_28_x86_64.whl",
"has_sig": false,
"md5_digest": "ab3485dad75ceed83b87a4885771e08a",
"packagetype": "bdist_wheel",
"python_version": "cp311",
"requires_python": null,
"size": 946885,
"upload_time": "2024-11-13T14:56:50",
"upload_time_iso_8601": "2024-11-13T14:56:50.224871Z",
"url": "https://files.pythonhosted.org/packages/d8/dc/718616f2a3c8a943ff1cff891fc3d4ab86c869cb6cbf0059b586aeea87fa/libvmi-3.7.1-cp311-cp311-manylinux_2_28_x86_64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "875b96ab29a5279027a7f902a9863776e46a3f3481dcde4370a54084636f36be",
"md5": "368a813749db3b64d8d1990622b7f78d",
"sha256": "6039eb2ad65a3fb26367987f73d4f7e1fcbee61d3d99b5521ef60bbbe571ad96"
},
"downloads": -1,
"filename": "libvmi-3.7.1-cp37-cp37m-manylinux_2_28_x86_64.whl",
"has_sig": false,
"md5_digest": "368a813749db3b64d8d1990622b7f78d",
"packagetype": "bdist_wheel",
"python_version": "cp37",
"requires_python": null,
"size": 946416,
"upload_time": "2024-11-13T14:56:51",
"upload_time_iso_8601": "2024-11-13T14:56:51.380930Z",
"url": "https://files.pythonhosted.org/packages/87/5b/96ab29a5279027a7f902a9863776e46a3f3481dcde4370a54084636f36be/libvmi-3.7.1-cp37-cp37m-manylinux_2_28_x86_64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "9a4b5e64dee55585a866e2d2e8d14d72c18d03cc2e7e4c7d9ee796731a2d5212",
"md5": "4ebff7cdc6d60b8b226d93392d1a4fe0",
"sha256": "254188a772fb57584e6bf259aa2256abfa63d0225bfc4246542489f16520d4d7"
},
"downloads": -1,
"filename": "libvmi-3.7.1-cp38-cp38-manylinux_2_28_x86_64.whl",
"has_sig": false,
"md5_digest": "4ebff7cdc6d60b8b226d93392d1a4fe0",
"packagetype": "bdist_wheel",
"python_version": "cp38",
"requires_python": null,
"size": 947144,
"upload_time": "2024-11-13T14:56:41",
"upload_time_iso_8601": "2024-11-13T14:56:41.459607Z",
"url": "https://files.pythonhosted.org/packages/9a/4b/5e64dee55585a866e2d2e8d14d72c18d03cc2e7e4c7d9ee796731a2d5212/libvmi-3.7.1-cp38-cp38-manylinux_2_28_x86_64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c986491d6a02434e5d66f4622f5a7bc189e8f41eaaaa8cc45152d9137825e3aa",
"md5": "a75c42f4ed703a933da1323602b86426",
"sha256": "604630333a21e1c5347463792a883e97ee95bf75df76459d2e360e3545af9412"
},
"downloads": -1,
"filename": "libvmi-3.7.1-cp39-cp39-manylinux_2_28_x86_64.whl",
"has_sig": false,
"md5_digest": "a75c42f4ed703a933da1323602b86426",
"packagetype": "bdist_wheel",
"python_version": "cp39",
"requires_python": null,
"size": 946898,
"upload_time": "2024-11-13T14:56:44",
"upload_time_iso_8601": "2024-11-13T14:56:44.377660Z",
"url": "https://files.pythonhosted.org/packages/c9/86/491d6a02434e5d66f4622f5a7bc189e8f41eaaaa8cc45152d9137825e3aa/libvmi-3.7.1-cp39-cp39-manylinux_2_28_x86_64.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-13 14:56:59",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "libvmi",
"github_project": "python",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "libvmi"
}
JSON
