From 92269fa257ef99d87336265de491db581753db01 Mon Sep 17 00:00:00 2001 From: AntiVM Date: Wed, 28 May 2025 01:44:17 +0500 Subject: [PATCH 1/2] Add arg qemu_process_name --- src/lib.rs | 26 ++++++++++++++++++++++---- src/qemu_args.rs | 2 +- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 96541f5..4b2cc28 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -31,11 +31,18 @@ impl QemuProcfs

{ pub fn new>( mut os: O, map_override: Option>, + process_name: Option, ) -> Result { let mut proc = None; let callback = &mut |info: ProcessInfo| { - if proc.is_none() && is_qemu(&info) { + + let matches = process_name + .as_ref() + .map(|nm| &*info.name == nm) + .unwrap_or_else(|| is_qemu(&info)); + + if proc.is_none() && matches { proc = Some(info); } @@ -58,12 +65,17 @@ impl QemuProcfs

{ mut os: O, name: &str, map_override: Option>, + process_name: Option, ) -> Result { let mut proc = None; let callback = &mut |info: ProcessInfo| { + let matches = process_name + .as_ref() + .map(|nm| &*info.name == nm) + .unwrap_or_else(|| is_qemu(&info)); if proc.is_none() - && is_qemu(&info) + && matches && qemu_arg_opt(info.command_line.split_whitespace(), "-name", "guest").as_deref() == Some(name) { @@ -202,6 +214,7 @@ fn validator() -> ArgsValidator { ArgsValidator::new() .arg(ArgDescriptor::new("map_base").description("override of VM memory base")) .arg(ArgDescriptor::new("map_size").description("override of VM memory size")) + .arg(ArgDescriptor::new("qemu_process_name").description("override default QEMU binary name")) } /// Creates a new Qemu Procfs instance. @@ -262,15 +275,20 @@ pub fn create_connector_with_os( .and_then(|size| umem::from_str_radix(size, 16).ok()), ) .map(|(start, size)| CTup2(Address::from(start), size)); + + let process_name_override = args + .get("qemu_process_name") + .map(|s| s.to_string()); + if let Some(name) = name.or_else(|| args.get("name")) { if let Ok(pid) = Pid::from_str_radix(name, 10) { QemuProcfs::with_pid(os, pid, map_override) } else { - QemuProcfs::with_guest_name(os, name, map_override) + QemuProcfs::with_guest_name(os, name, map_override, process_name_override) } } else { - QemuProcfs::new(os, map_override) + QemuProcfs::new(os, map_override, process_name_override) } } Err(err) => { diff --git a/src/qemu_args.rs b/src/qemu_args.rs index a1bafed..45cc9d2 100644 --- a/src/qemu_args.rs +++ b/src/qemu_args.rs @@ -1,6 +1,6 @@ pub fn is_qemu(process: &memflow::os::process::ProcessInfo) -> bool { let name = &*process.name; - name.contains("qemu-system-") || name == "QEMULauncher" + name.contains("qemu-system-") || name == "QEMULauncher" || name == "kvm" } pub fn qemu_arg_opt<'a>( From 0f942427e222c856e8f8952f1605021def225c0f Mon Sep 17 00:00:00 2001 From: AntiVM Date: Wed, 28 May 2025 16:12:17 +0500 Subject: [PATCH 2/2] rename qemu_process_name arg to qemu_binary_name and debug print process info struct --- src/lib.rs | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 4b2cc28..68e1eef 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,4 +1,4 @@ -use log::{error, info}; +use log::{error, info, debug}; use memflow::cglue; use memflow::connector::cpu_state::*; @@ -31,22 +31,23 @@ impl QemuProcfs

{ pub fn new>( mut os: O, map_override: Option>, - process_name: Option, + qemu_binary_name: Option, ) -> Result { let mut proc = None; let callback = &mut |info: ProcessInfo| { - let matches = process_name + let matches = qemu_binary_name .as_ref() .map(|nm| &*info.name == nm) .unwrap_or_else(|| is_qemu(&info)); - if proc.is_none() && matches { + debug!("Found QEMU process: {:#?}", info); proc = Some(info); } - + proc.is_none() + }; os.process_info_list_callback(callback.into())?; @@ -65,12 +66,12 @@ impl QemuProcfs

{ mut os: O, name: &str, map_override: Option>, - process_name: Option, + qemu_binary_name: Option, ) -> Result { let mut proc = None; let callback = &mut |info: ProcessInfo| { - let matches = process_name + let matches = qemu_binary_name .as_ref() .map(|nm| &*info.name == nm) .unwrap_or_else(|| is_qemu(&info)); @@ -79,6 +80,7 @@ impl QemuProcfs

{ && qemu_arg_opt(info.command_line.split_whitespace(), "-name", "guest").as_deref() == Some(name) { + debug!("Found QEMU process with guest name '{}': {:#?}", name, info); proc = Some(info); } @@ -214,7 +216,7 @@ fn validator() -> ArgsValidator { ArgsValidator::new() .arg(ArgDescriptor::new("map_base").description("override of VM memory base")) .arg(ArgDescriptor::new("map_size").description("override of VM memory size")) - .arg(ArgDescriptor::new("qemu_process_name").description("override default QEMU binary name")) + .arg(ArgDescriptor::new("qemu_binary_name").description("override default QEMU binary name")) } /// Creates a new Qemu Procfs instance. @@ -276,8 +278,8 @@ pub fn create_connector_with_os( ) .map(|(start, size)| CTup2(Address::from(start), size)); - let process_name_override = args - .get("qemu_process_name") + let qemu_binary_name_override = args + .get("qemu_binary_name") .map(|s| s.to_string()); @@ -285,10 +287,10 @@ pub fn create_connector_with_os( if let Ok(pid) = Pid::from_str_radix(name, 10) { QemuProcfs::with_pid(os, pid, map_override) } else { - QemuProcfs::with_guest_name(os, name, map_override, process_name_override) + QemuProcfs::with_guest_name(os, name, map_override, qemu_binary_name_override) } } else { - QemuProcfs::new(os, map_override, process_name_override) + QemuProcfs::new(os, map_override, qemu_binary_name_override) } } Err(err) => {