memflow - machine introspection framework
memflow is a library that allows live memory introspection of running systems and their snapshots. Due to its modular approach it trivial to support almost any scenario where Direct Memory Access is available.
The very core of the library is a PhysicalMemory that provides direct memory access in an abstract environment. This object that can be defined both statically, and dynamically with the use of the inventory
feature. If inventory
is enabled, it is possible to dynamically load libraries that provide Direct Memory Access.
Through the use of OS abstraction layers, like memflow-win32, user can gain access to virtual memory of individual processes, by creating objects that implement MemoryView.
Bridging the two is done by a highly throughput optimized virtual address translation function, which allows for crazy fast memory transfers at scale.
The core is architecture independent (as long as addresses fit in 64-bits), and currently both 32, and 64-bit versions of the x86 family are available to be used.
For non-rust libraries, it is possible to use the FFI to interface with the library.