{"id":13593713,"url":"https://github.com/memflow/memflow-qemu","last_synced_at":"2025-12-12T13:41:18.267Z","repository":{"id":43901468,"uuid":"282670967","full_name":"memflow/memflow-qemu","owner":"memflow","description":"Connector plugin for memflow that enables reading and writing of physical memory in qemu.","archived":false,"fork":false,"pushed_at":"2025-05-28T14:33:35.000Z","size":180,"stargazers_count":45,"open_issues_count":6,"forks_count":9,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-18T19:04:44.961Z","etag":null,"topics":["dma","introspection","physical-memory","rust","virtual-machines"],"latest_commit_sha":null,"homepage":"https://memflow.io","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/memflow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-26T14:50:43.000Z","updated_at":"2025-10-28T06:40:59.000Z","dependencies_parsed_at":"2024-04-03T22:30:23.952Z","dependency_job_id":"625cd720-dd3c-4bf0-b58d-e17ee987d310","html_url":"https://github.com/memflow/memflow-qemu","commit_stats":{"total_commits":111,"total_committers":3,"mean_commits":37.0,"dds":"0.23423423423423428","last_synced_commit":"306636d83723e91e5814c50f1436f6f215c3b5c1"},"previous_names":["memflow/memflow-qemu-procfs"],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/memflow/memflow-qemu","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/memflow%2Fmemflow-qemu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/memflow%2Fmemflow-qemu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/memflow%2Fmemflow-qemu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/memflow%2Fmemflow-qemu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/memflow","download_url":"https://codeload.github.com/memflow/memflow-qemu/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/memflow%2Fmemflow-qemu/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27683986,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-12T02:00:06.775Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dma","introspection","physical-memory","rust","virtual-machines"],"created_at":"2024-08-01T16:01:23.537Z","updated_at":"2025-12-12T13:41:18.240Z","avatar_url":"https://github.com/memflow.png","language":"Rust","funding_links":[],"categories":["Exploitation Tools"],"sub_categories":["Unikernel-like"],"readme":"# memflow-qemu\n\nThe qemu connector implements a memflow plugin interface for Qemu on top of the Process Filesystem on Linux.\n\n## Compilation\n\n### Installing the library\n\nThe recommended way to install memflow connectors is using [memflowup](https://github.com/memflow/memflowup#memflow-setup-tool).\n\n### Development builds\n\nTo compile the connector as dynamic library to be used with the memflow plugin system use the following command:\n\n```\ncargo build --release --all-features\n```\n\nThe plugin can then be found in the `target/release/` directory and has to be copied to one of [memflows default search paths](https://github.com/memflow/memflow/blob/main/memflow/src/plugins/mod.rs#L379).\n\n### Linking the crate statically in a rust project\n\nTo use the connector in a rust project just include it in your Cargo.toml\n\n```\nmemflow-qemu = \"^0.2.0-beta\"\n```\n\n## Arguments\n\nThe `target` argument specifies the name of the qemu virtual machine (specified with -name when starting qemu).\n\nThe following additional arguments can be used when loading the connector:\n\n- `map_base` - overrides the default VM memory base (optional)\n- `map_size` - overrides the default VM memory size (optional)\n\n## Permissions\n\nThe `qemu` connector requires access to the qemu process via the linux procfs. This means any process which loads this connector requires to have at least ptrace permissions set.\n\nTo set ptrace permissions on a binary simply use:\n```bash\nsudo setcap 'CAP_SYS_PTRACE=ep' [filename]\n```\n\nAlternatively you can just run the binary via `sudo`.\n\n## Memory Mappings\n\nThe connector supports dynamic acquisition of the qemu memory mappings by utilizing the [qemu qmp protocol](https://qemu.readthedocs.io/en/latest/interop/qemu-qmp-ref.html).\n\nTo enable qmp on a virtual machine simply add this to the qemu command line:\n```\n-qmp unix:/tmp/qmp-my-vm.sock,server,nowait\n```\n\nAlternatively a tcp server can be exposed:\n```\n-qmp tcp:localhost:12345,server,nowait\n```\n\nOr via libvirt:\n```xml\n\u003cdomain xmlns:qemu=\"http://libvirt.org/schemas/domain/qemu/1.0\" type=\"kvm\"\u003e\n\n...\n\n  \u003c/devices\u003e\n  \u003cqemu:commandline\u003e\n    \u003cqemu:arg value=\"-qmp\"/\u003e\n    \u003cqemu:arg value=\"unix:/tmp/qmp-my-vm.sock,server,nowait\"/\u003e\n  \u003c/qemu:commandline\u003e\n\u003c/domain\u003e\n```\n\nPlease refer to the qemu [qmp manual](https://wiki.qemu.org/Documentation/QMP) for more information about how to configure this feature.\n\nIn case qmp is not active or could not be fetched, the connector falls back to hard-coded mapping tables for specific qemu machine types.\n\n## Running Examples\n\nAnalog to the examples found in the main memflow repository examples can be run via:\n\n```bash\nRUST_SETPTRACE=1 cargo run --example read_phys --release\nRUST_SETPTRACE=1 cargo run --example ps_win32 --release\nRUST_SETPTRACE=1 cargo run --example ps_inventory --release\n```\n\nFor more information about `RUST_SETPTRACE` and how to run examples see the [running-examples](https://github.com/memflow/memflow#running-examples) section in the main memflow repository. \n\n## License\n\nLicensed under MIT License, see [LICENSE](LICENSE).\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, shall be licensed as above, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmemflow%2Fmemflow-qemu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmemflow%2Fmemflow-qemu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmemflow%2Fmemflow-qemu/lists"}