Index

Symbols

--nobackend command line option

-o FILE, --out FILE command line option

A

AccessMask (class in nitro.backends.windows.types) add_syscall_filter() (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) (nitro.kvm.VM method) (nitro.listener.Listener method) apic_base (nitro.kvm.SRegs attribute) ARG_SIZE (nitro.backends.arguments.ArgumentMap attribute) arg_size_format (nitro.backends.arguments.ArgumentMap attribute) args (nitro.syscall.Syscall attribute)

ArgumentMap (class in nitro.backends.arguments) as_dict() (nitro.backends.process.Process method) (nitro.backends.windows.process.WindowsProcess method) (nitro.event.NitroEvent method) (nitro.syscall.Syscall method) associate_process() (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) attach_vcpus() (nitro.kvm.VM method) attach_vm() (nitro.kvm.KVM method) avl (nitro.kvm.Segment attribute)

B

Backend (class in nitro.backends.backend) BackendNotFoundError base (nitro.kvm.DTable attribute) (nitro.kvm.Segment attribute)

Buffer (nitro.backends.windows.types.UnicodeString attribute) build_syscall_name_map() (nitro.backends.linux.backend.LinuxBackend method)

C

ChangeTime (nitro.backends.windows.types.FileBasicInformation attribute) clean_name() (in module nitro.backends.linux.backend) (in module nitro.backends.windows.backend) ClientID (class in nitro.backends.windows.types) close() (nitro.kvm.IOCTL method) command line option --nobackend -o FILE, --out FILE command_line (nitro.backends.windows.process.WindowsProcess attribute) CommandLine (nitro.backends.windows.types.RtlUserProcessParameters attribute) continue_vm() (nitro.kvm.VCPU method)

CONVENTION (nitro.backends.linux.arguments.LinuxArgumentMap attribute) (nitro.backends.windows.arguments.WindowsArgumentMap attribute) cr0 (nitro.kvm.SRegs attribute) cr2 (nitro.kvm.SRegs attribute) cr3 (nitro.backends.process.Process attribute) (nitro.kvm.SRegs attribute) cr4 (nitro.kvm.SRegs attribute) cr8 (nitro.kvm.SRegs attribute) create_time (nitro.backends.windows.process.WindowsProcess attribute) CreationTime (nitro.backends.windows.types.FileBasicInformation attribute) cs (nitro.kvm.SRegs attribute) current_cont_event (nitro.listener.Listener attribute)

D

db (nitro.kvm.Segment attribute) define_hook() (nitro.backends.backend.Backend method) (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) DeleteFile (nitro.backends.windows.types.FileDispositionInformation attribute) destroy() (nitro.libvmi.Libvmi method) direction (nitro.event.NitroEvent attribute) (nitro.kvm.NitroEventStr attribute)

dispatch_hooks() (nitro.backends.backend.Backend method) domain (nitro.backends.backend.Backend attribute) (nitro.listener.Listener attribute) dpl (nitro.kvm.Segment attribute) ds (nitro.kvm.SRegs attribute) DTable (class in nitro.kvm)

E

efer (nitro.kvm.SRegs attribute) enter (nitro.event.SyscallDirection attribute) eproc (nitro.backends.windows.process.WindowsProcess attribute)

es (nitro.kvm.SRegs attribute) event (nitro.backends.arguments.ArgumentMap attribute) (nitro.syscall.Syscall attribute) exit (nitro.event.SyscallDirection attribute)

F

failures (nitro.libvmi.Libvmi attribute) fd (nitro.kvm.IOCTL attribute) fds (nitro.kvm.NitroVCPUs attribute) FileAccessMask (class in nitro.backends.windows.types) FileAttributes (nitro.backends.windows.types.FileBasicInformation attribute) FileBasicInformation (class in nitro.backends.windows.types) FileDispositionInformation (class in nitro.backends.windows.types) FileName (nitro.backends.windows.types.FileRenameInformation attribute)

FileNameLength (nitro.backends.windows.types.FileRenameInformation attribute) FileRenameInformation (class in nitro.backends.windows.types) find_eprocess() (nitro.backends.windows.backend.WindowsBackend method) find_qemu_pid() (in module nitro.listener) find_syscall_nb() (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) fs (nitro.kvm.SRegs attribute) full_name (nitro.syscall.Syscall attribute) futures (nitro.listener.Listener attribute)

G

g (nitro.kvm.Segment attribute) gdt (nitro.kvm.SRegs attribute) get_argument_value() (nitro.backends.arguments.ArgumentMap method) get_backend() (in module nitro.backends.factory) get_event() (nitro.kvm.VCPU method) get_offset() (nitro.libvmi.Libvmi method)

get_ostype() (nitro.libvmi.Libvmi method) get_register() (nitro.event.NitroEvent method) get_regs() (nitro.kvm.VCPU method) get_sregs() (nitro.kvm.VCPU method) get_syscall_name() (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) gs (nitro.kvm.SRegs attribute)

H

HighPartQuadPart (nitro.backends.windows.types.LargeInteger attribute)

hook (nitro.syscall.Syscall attribute) hooks (nitro.backends.backend.Backend attribute)

I

ids (nitro.kvm.NitroVCPUs attribute) idt (nitro.kvm.SRegs attribute) ImagePathName (nitro.backends.windows.types.RtlUserProcessParameters attribute)

InconsistentMemoryError interrupt_bitmap (nitro.kvm.SRegs attribute) IOCTL (class in nitro.kvm) iswow64 (nitro.backends.windows.process.WindowsProcess attribute)

K

KVM (class in nitro.kvm) kvm_file (nitro.kvm.KVM attribute) kvm_io (nitro.listener.Listener attribute) KVM_NITRO_ADD_SYSCALL_FILTER (nitro.kvm.VM attribute) KVM_NITRO_ATTACH_VCPUS (nitro.kvm.VM attribute) KVM_NITRO_ATTACH_VM (nitro.kvm.KVM attribute) KVM_NITRO_CONTINUE (nitro.kvm.VCPU attribute)

KVM_NITRO_GET_EVENT (nitro.kvm.VCPU attribute) KVM_NITRO_GET_REGS (nitro.kvm.VCPU attribute) KVM_NITRO_GET_SREGS (nitro.kvm.VCPU attribute) KVM_NITRO_REMOVE_SYSCALL_FILTER (nitro.kvm.VM attribute) KVM_NITRO_SET_REGS (nitro.kvm.VCPU attribute) KVM_NITRO_SET_SREGS (nitro.kvm.VCPU attribute) KVM_NITRO_SET_SYSCALL_TRAP (nitro.kvm.VM attribute) KVM_NODE (nitro.kvm.KVM attribute)

L

l (nitro.kvm.Segment attribute) LargeInteger (class in nitro.backends.windows.types) LastAccessTime (nitro.backends.windows.types.FileBasicInformation attribute) LastWriteTime (nitro.backends.windows.types.FileBasicInformation attribute) ldt (nitro.kvm.SRegs attribute) Length (nitro.backends.windows.types.ObjectAttributes attribute) (nitro.backends.windows.types.UnicodeString attribute) libc (nitro.kvm.IOCTL attribute) LIBC_6 (nitro.kvm.IOCTL attribute) Libvmi (class in nitro.libvmi) libvmi (nitro.backends.backend.Backend attribute) (nitro.backends.process.Process attribute) (nitro.libvmi.Libvmi attribute)

LibvmiError limit (nitro.kvm.DTable attribute) (nitro.kvm.Segment attribute) LINUX (nitro.libvmi.VMIOS attribute) LinuxArgumentMap (class in nitro.backends.linux.arguments) LinuxBackend (class in nitro.backends.linux.backend) LinuxProcess (class in nitro.backends.linux.process) listen() (nitro.listener.Listener method) (nitro.nitro.Nitro method) listen_vcpu() (nitro.listener.Listener method) Listener (class in nitro.listener) listener (nitro.backends.backend.Backend attribute) load_symbols() (nitro.backends.windows.backend.WindowsBackend method) LowPart (nitro.backends.windows.types.LargeInteger attribute)

M

make_ioctl() (nitro.kvm.IOCTL method) MaximumLength (nitro.backends.windows.types.UnicodeString attribute)

memory (nitro.backends.arguments.SyscallArgumentType attribute) mm_offset (nitro.backends.linux.backend.LinuxBackend attribute) modified (nitro.backends.arguments.ArgumentMap attribute)

N

name (nitro.backends.linux.process.LinuxProcess attribute) (nitro.backends.process.Process attribute) (nitro.backends.windows.process.WindowsProcess attribute) (nitro.syscall.Syscall attribute) nb_vcpu (nitro.backends.linux.backend.LinuxBackend attribute) (nitro.backends.windows.backend.WindowsBackend attribute) Nitro (class in nitro.nitro) nitro (module) nitro.backends (module) nitro.backends.arguments (module) nitro.backends.backend (module) nitro.backends.factory (module) nitro.backends.linux (module) nitro.backends.linux.arguments (module) nitro.backends.linux.backend (module) nitro.backends.linux.process (module)

nitro.backends.process (module) nitro.backends.windows (module) nitro.backends.windows.arguments (module) nitro.backends.windows.backend (module) nitro.backends.windows.process (module) nitro.backends.windows.types (module) nitro.event (module) nitro.kvm (module) nitro.libvmi (module) nitro.listener (module) nitro.nitro (module) nitro.syscall (module) NitroEvent (class in nitro.event) NitroEventStr (class in nitro.kvm) NitroVCPUs (class in nitro.kvm) num_vcpus (nitro.kvm.NitroVCPUs attribute)

O

ObjectAttributes (class in nitro.backends.windows.types)

ObjectName (nitro.backends.windows.types.ObjectAttributes attribute) opaque_vmi (nitro.libvmi.Libvmi attribute)

P

padding (nitro.kvm.DTable attribute) (nitro.kvm.Segment attribute) parent_pid (nitro.backends.windows.process.WindowsProcess attribute) path (nitro.backends.windows.process.WindowsProcess attribute) pdbase_offset (nitro.backends.windows.backend.WindowsBackend attribute) PEB (class in nitro.backends.windows.types) pgd_offset (nitro.backends.linux.backend.LinuxBackend attribute) pid (nitro.backends.linux.process.LinuxProcess attribute) (nitro.backends.process.Process attribute) (nitro.backends.windows.process.WindowsProcess attribute) (nitro.listener.Listener attribute)

pidcache_flush() (nitro.libvmi.Libvmi method) present (nitro.kvm.NitroEventStr attribute) (nitro.kvm.Segment attribute) Process (class in nitro.backends.process) process (nitro.backends.arguments.ArgumentMap attribute) (nitro.syscall.Syscall attribute) process_event() (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) processes (nitro.backends.windows.backend.WindowsBackend attribute) ProcessParameters (nitro.backends.windows.types.PEB attribute)

Q

QEMUNotFoundError

queue (nitro.listener.Listener attribute)

R

r10 (nitro.kvm.Regs attribute) r11 (nitro.kvm.Regs attribute) r12 (nitro.kvm.Regs attribute) r13 (nitro.kvm.Regs attribute) r14 (nitro.kvm.Regs attribute) r15 (nitro.kvm.Regs attribute) r8 (nitro.kvm.Regs attribute) r9 (nitro.kvm.Regs attribute) rax (nitro.kvm.Regs attribute) rbp (nitro.kvm.Regs attribute) rbx (nitro.kvm.Regs attribute) rcx (nitro.kvm.Regs attribute) rdi (nitro.kvm.Regs attribute) rdx (nitro.kvm.Regs attribute) read_32() (nitro.libvmi.Libvmi method) read_addr_ksym() (nitro.libvmi.Libvmi method) read_addr_va() (nitro.libvmi.Libvmi method) read_memory() (nitro.backends.process.Process method)

read_str_va() (nitro.libvmi.Libvmi method) read_va() (nitro.libvmi.Libvmi method) register (nitro.backends.arguments.SyscallArgumentType attribute) Regs (class in nitro.kvm) regs (nitro.event.NitroEvent attribute) (nitro.kvm.NitroEventStr attribute) remove_syscall_filter() (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) (nitro.kvm.VM method) (nitro.listener.Listener method) ReplaceIfExists (nitro.backends.windows.types.FileRenameInformation attribute) rflags (nitro.kvm.Regs attribute) rip (nitro.kvm.Regs attribute) RootDirectory (nitro.backends.windows.types.FileRenameInformation attribute) (nitro.backends.windows.types.ObjectAttributes attribute) rsi (nitro.kvm.Regs attribute) rsp (nitro.kvm.Regs attribute) RtlUserProcessParameters (class in nitro.backends.windows.types) rvacache_flush() (nitro.libvmi.Libvmi method)

S

s (nitro.kvm.Segment attribute) sdt (nitro.backends.windows.backend.WindowsBackend attribute) Segment (class in nitro.kvm) selector (nitro.kvm.Segment attribute) set_argument_value() (nitro.backends.arguments.ArgumentMap method) set_regs() (nitro.kvm.VCPU method) set_sregs() (nitro.kvm.VCPU method) set_syscall_trap() (nitro.kvm.VM method) set_traps() (nitro.listener.Listener method) SPECIFIC_RIGHTS (nitro.backends.windows.types.FileAccessMask attribute) SRegs (class in nitro.kvm) sregs (nitro.event.NitroEvent attribute) (nitro.kvm.NitroEventStr attribute) ss (nitro.kvm.SRegs attribute) STANDARD_RIGHTS (nitro.backends.windows.types.AccessMask attribute) stats (nitro.backends.backend.Backend attribute) (nitro.libvmi.Libvmi attribute) stop() (nitro.backends.backend.Backend method) (nitro.listener.Listener method) (nitro.nitro.Nitro method)

stop_listen() (nitro.listener.Listener method) stop_request (nitro.listener.Listener attribute) symbols (nitro.backends.windows.backend.WindowsBackend attribute) (nitro.backends.windows.process.WindowsProcess attribute) symcache_flush() (nitro.libvmi.Libvmi method) sys_call_table_addr (nitro.backends.linux.backend.LinuxBackend attribute) Syscall (class in nitro.syscall) syscall (nitro.event.SyscallType attribute) syscall_filtering (nitro.backends.backend.Backend attribute) syscall_names (nitro.backends.linux.backend.LinuxBackend attribute) syscall_stack (nitro.backends.linux.backend.LinuxBackend attribute) (nitro.backends.windows.backend.WindowsBackend attribute) SyscallArgumentType (class in nitro.backends.arguments) SyscallDirection (class in nitro.event) SyscallType (class in nitro.event) sysenter (nitro.event.SyscallType attribute)

T

task_struct (nitro.backends.linux.process.LinuxProcess attribute) tasks_offset (nitro.backends.linux.backend.LinuxBackend attribute) (nitro.backends.windows.backend.WindowsBackend attribute) time (nitro.event.NitroEvent attribute) tr (nitro.kvm.SRegs attribute)

translate_ksym2v() (nitro.libvmi.Libvmi method) translate_kv2p() (nitro.libvmi.Libvmi method) translate_v2ksym() (nitro.libvmi.Libvmi method) type (nitro.event.NitroEvent attribute) (nitro.kvm.NitroEventStr attribute) (nitro.kvm.Segment attribute)

U

undefine_hook() (nitro.backends.backend.Backend method) (nitro.backends.linux.backend.LinuxBackend method) (nitro.backends.windows.backend.WindowsBackend method) UnicodeString (class in nitro.backends.windows.types)

UniqueProcess (nitro.backends.windows.types.ClientID attribute) UniqueThread (nitro.backends.windows.types.ClientID attribute) UNKNOWN (nitro.libvmi.VMIOS attribute) unusable (nitro.kvm.Segment attribute) update_register() (nitro.event.NitroEvent method)

V

v2pcache_flush() (nitro.libvmi.Libvmi method) VCPU (class in nitro.kvm) vcpu_io (nitro.event.NitroEvent attribute) vcpu_nb (nitro.event.NitroEvent attribute) (nitro.kvm.VCPU attribute)

vcpus_io (nitro.listener.Listener attribute) vcpus_struct (nitro.kvm.VM attribute) VM (class in nitro.kvm) vm_io (nitro.listener.Listener attribute) vmi (nitro.libvmi.Libvmi attribute) VMIOS (class in nitro.libvmi)

W

WINDOWS (nitro.libvmi.VMIOS attribute) WindowsArgumentMap (class in nitro.backends.windows.arguments) WindowsBackend (class in nitro.backends.windows.backend)

WindowsProcess (class in nitro.backends.windows.process) WinStruct (class in nitro.backends.windows.types) write_memory() (nitro.backends.process.Process method) write_va() (nitro.libvmi.Libvmi method)