A C# (.NET 8) wrapper for the memflow-ffi crate >= 0.2.1.
Compile the libmemflow_ffi
library (see Compiling the interopt library) for your distro/OS and copy into the memflow.NET/memflow.NET folder. Then copy the entire memflow.NET/memflow.NET folder with its 2 class files and the freshly built library to your project root.
Import the memflowNET
class like you'd import an ordinary class. The package contains abstract methods for the most used functionality of memflow. The memflow.Interop
namespace further exposes all raw memflow structs and methods through Methods
.
using memflowNET;
using memflowNET.Interop;
See Example.cs for a short demo or memflowNET.cs for the raw interop.
Build the correct version of memflow-ffi library:
git clone https://github.com/memflow/memflow.git --depth 1 --branch 0.2.X
cd memflow
cargo build --release --all-features --workspace
Navigate to /memflow/target/release/
and copy the freshly built libmemflow_ffi.so (Linux)
or memflow_ffi.dll (Windows)
to memflow.NET/
. This is the library used to interact with memflow. On windows you have to rename the library to libmemflow_ffi.dll
.
Use the latest memflowup utility to install your connector.
Linux:
curl --proto '=https' --tlsv1.2 -sSf https://sh.memflow.io | sh
memflowup install memflow-win32 memflow-kvm memflow-qemu --system --dev --from-source
modprobe memflow
echo memflow >> /etc/modules-load.d/modules.conf
Windows:
git clone https://github.com/memflow/memflowup.git
cd memflowup
cargo build --release --all-features
cd \target\release\
.\memflowup.exe install memflow-win32 memflow-pcileech --system --dev --from-source
To re-generate the bindings we use ClangSharp on Windows. Switch to Windows and execute:
git clone https://github.com/microsoft/ClangSharp.git
cd ClangSharp
dotnet build -c Release
cd \artifacts\bin\sources\ClangSharpPInvokeGenerator\Release\net8.0\
Get the matching ffi header file version to your libmemflow_ffi
library and place it in that folder. Execute following to generate the wrapper:
.\ClangSharpPInvokeGenerator.exe -f memflow.h -n memflowNET.Interop -o memflowInterop.cs -l libmemflow_ffi -c preview-codegen unix-types generate-aggressive-inlining generate-macro-bindings
This file isn't read to run yet, replace the old memflowInterop.cs of this repo with the new one and run the included CodeGenFix tool. It will automatically fix all CodeGen issues and copy over comments.
If there are any remaining errors you can try to fix them manually or adjust the CodeGenFix utility:
- Copy over the definitions of
NativeTypeNameAttribute
andNativeInheritanceAttribute
of this repo - Fix some
bool
<->byte
conversations - Remove
.operator=
and replace with regular=
- Replace
realloc()
withNativeMemory.Realloc()
- Change
nuint
touint
whenever the former causes a problem - Add explicit casts to
uint
whenever neccessary - Fix
void*
casts on helper methods - Fix empty definitions for
PhysicalAddress_INVALID
andPage_INVALID
- Some structs require manual layouting through
[StructLayout(LayoutKind.Explicit)]
:- ProcessInfo
In case you want to compile and install the connector manually:
kvm
git clone https://github.com/memflow/memflow-kvm.git
cd memflow-kvm
./install.sh
cp target/release/libmemflow_kvm.so /usr/lib/memflow/libmemflow_kvm.so
wget https://github.com/memflow/memflow-kvm/releases/download/v0.2.0/memflow-dkms_0.1.7_all.deb
dpkg -i memflow-dkms_0.1.7_all.deb
modprobe memflow
echo memflow >> /etc/modules-load.d/modules.conf
Afterwards as non-root execute:
mkdir -p ~/.local/lib/memflow
cp memflow-kvm/target/release/libmemflow_kvm.so ~/.local/lib/memflow/libmemflow_kvm.so
pcileech
git clone https://github.com/memflow/memflow-pcileech.git
cd memflow-pcileech
git submodule update --init
cargo build --release --all-features
Copy FTD3XX.dll
and leechcore.dll
to C:\Program Files\memflow\
.
Build and install the memflow-win32 library:
git clone https://github.com/memflow/memflow-win32.git
cd memflow-win32
cargo build --release --all-features --workspace
cp target/release/libmemflow_win32.so /usr/lib/memflow/libmemflow_win32.so
To update any branches to latest changes run:
memflowup update --dev --system
git fetch
git pull
git submodule update --init --recursive
cargo update
The helper class memflowNET.cs
has been optimized to be close to native Rust performance. On an AMD 5900X through the kvm connector one can expect single-core performance between 12,000,000 and 15,000,000 int
per second reading and similar in writing. This however depends heavily on the distro, VM setup and general hardware performance.
For debugging with VS Code you need to either follow the guide in launch.json to setup a local SSH and use Debug SSH (root-less)
debug configuration or run VS Code as root directly and use Debug (root only)
configuration (not recommended):
code --user-data-dir="/home/$(whoami)/.vscode-root" --no-sandbox