{"id":21075274,"url":"https://github.com/maxking/pyvmi_example","last_synced_at":"2026-04-28T14:32:13.505Z","repository":{"id":141775938,"uuid":"64260752","full_name":"maxking/pyvmi_example","owner":"maxking","description":"A simple example for PyVMI that walks through the process table of the OS (not a VM, /dev/mem).","archived":false,"fork":false,"pushed_at":"2016-07-26T23:11:40.000Z","size":4,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-01T14:36:13.399Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maxking.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-26T23:10:30.000Z","updated_at":"2025-06-12T15:41:18.000Z","dependencies_parsed_at":null,"dependency_job_id":"d7daf764-2fce-4911-a4ad-71f198abbc11","html_url":"https://github.com/maxking/pyvmi_example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/maxking/pyvmi_example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxking%2Fpyvmi_example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxking%2Fpyvmi_example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxking%2Fpyvmi_example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxking%2Fpyvmi_example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maxking","download_url":"https://codeload.github.com/maxking/pyvmi_example/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxking%2Fpyvmi_example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32384990,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T11:25:28.583Z","status":"ssl_error","status_checked_at":"2026-04-28T11:25:05.435Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T19:20:54.527Z","updated_at":"2026-04-28T14:32:13.489Z","avatar_url":"https://github.com/maxking.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"This python file using [pyvmi][1] to walk through the process list from the\nmemory using `/dev/mem`. [LibVMI][2] doesn't really support the introspection of\n`/dev/mem` out of the box, although, it does support introspection of memory\nsnapshots. So, to make it work with `/dev/mem` I applied a *very* dirty hack and\npatched the LibVMI's source with a hardcoded value of the size. Since,\n`/dev/mem`'s size comes out to be zero.\n\n```\ndiff --git a/libvmi/driver/file/file.c b/libvmi/driver/file/file.c\nindex 90830b9..05d0c8e 100644\n--- a/libvmi/driver/file/file.c\n+++ b/libvmi/driver/file/file.c\n@@ -225,8 +225,12 @@ file_get_memsize(\n         errprint(\"Failed to stat file.\\n\");\n         goto error_exit;\n     }\n-    *allocated_ram_size = s.st_size;\n-    *max_physical_address = s.st_size;\n+       /*\n+        * XXX: Harcoding the size of the memory here as the file descriptor\n+        * to /dev/mem would have the size of 0 bytes.\n+        */\n+    *allocated_ram_size = 1073733632;\n+    *max_physical_address = 1073733632;\n     ret = VMI_SUCCESS;\n\n error_exit:\n@@ -306,7 +310,9 @@ file_test(\n         goto error_exit;\n     }\n     if (!s.st_size) {\n-        goto error_exit;\n+               errprint(\"The file size zero! Please check if it is correct.\\n\");\n+               errprint(\"Setting the file size to a hardcoded value of :1073733632 \\n\");\n+               s.st_size = 1073733632;\n     }\n     ret = VMI_SUCCESS;\n\n```\n\nThe value of `1073733632` is the size of my memory in bytes. What I did was that\nI took a memory snapshot using `dd if=/dev/mem of=mem` and used the size of mem.\n\nAfter that, just use the `linux_offset_finder` to find offsets of the current\nkernel and put that into `/etc/libvmi.conf` which would look something like\nthis:\n\n```\nmem {\n    ostype = \"Linux\";\n    sysmap = \"/boot/System.map-4.7.0-rc7\";\n    linux_name = 0x590;\n    linux_tasks = 0x2e0;\n    linux_mm = 0x330;\n    linux_pid = 0x3e0;\n    linux_pgd = 0x40;\n}\n```\n_Note_: These values are going to differ for you, this is just an\nexample. Please don't copy the values from here.\n\nAfter that, you can just try out LibVMI on your live memory!\n\nThis python script compares the state of processes from the memory to entries in\ndebugfs. I made a linux kernel patch exports the process parameters to debugfs\non every fork. It also deletes the processes on `exit`. The code for that is\navailable [here][3] for sometime. It is an experimental setup and is gauranteed\nto change in next few days.\n\n[1]: https://github.com/libvmi/libvmi\n[2]: https://github.com/libvmi/libvmi/tree/master/tools/pyvmi\n[3]: https://github.com/maxking/linux/tree/dev/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxking%2Fpyvmi_example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaxking%2Fpyvmi_example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxking%2Fpyvmi_example/lists"}