1 unstable release
new 0.0.1-rc.1 | Nov 6, 2024 |
---|
#328 in Unix APIs
51KB
954 lines
Opinionated cache for OS kernel profiles
This crate provides a caching mechanism for profiles generated and used by
the isr
crate family. It offers several features to streamline the process
of accessing and managing symbol information, including methods for
downloading necessary debug symbols for Windows (PDB files) and Linux
(DWARF debug info and system map).
Usage
The main component of this crate is the IsrCache
struct.
Example of loading a profile from a PDB file using the CodeView information:
use isr::{
download::pdb::CodeView,
cache::{IsrCache, JsonCodec},
};
// Create a new cache instance.
let cache = IsrCache::<JsonCodec>::new("cache")?;
// Use the CodeView information of the Windows 10.0.18362.356 kernel.
let codeview = CodeView {
path: String::from("ntkrnlmp.pdb"),
guid: String::from("ce7ffb00c20b87500211456b3e905c471"),
};
// Fetch and create (or get existing) the entry.
let entry = cache.entry_from_codeview(codeview)?;
// Get the profile from the entry.
let profile = entry.profile()?;
Example of loading a profile based on a Linux kernel banner:
use isr::cache::{IsrCache, JsonCodec};
// Create a new cache instance.
let cache = IsrCache::<JsonCodec>::new("cache")?;
// Use the Linux banner of the Ubuntu 6.8.0-40.40~22.04.3-generic kernel.
let banner = "Linux version 6.8.0-40-generic \
(buildd@lcy02-amd64-078) \
(x86_64-linux-gnu-gcc-12 (Ubuntu 12.3.0-1ubuntu1~22.04) \
12.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) \
#40~22.04.3-Ubuntu SMP PREEMPT_DYNAMIC \
Tue Jul 30 17:30:19 UTC 2 \
(Ubuntu 6.8.0-40.40~22.04.3-generic 6.8.12)";
// Fetch and create (or get existing) the entry.
// Note that the download of Linux debug symbols may take a while.
let entry = cache.entry_from_linux_banner(banner)?;
// Get the profile from the entry.
let profile = entry.profile()?;
Consult the vmi
crate for more information on how to download debug
symbols for introspected VMs.
License: MIT
Dependencies
~2–16MB
~215K SLoC