Rust library for building and running BPF/eBPF modules

Last update: May 23, 2022

RedBPF

LICENSE element

A Rust eBPF toolchain.

Overview

The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes:

  • redbpf - a user space library that can be used to load eBPF programs

  • redbpf-probes - an idiomatic Rust API to write eBPF programs that can be loaded by the linux kernel

  • redbpf-macros - companion crate to redbpf-probes which provides convenient procedural macros useful when writing eBPF programs

  • cargo-bpf - a cargo subcommand for creating, building and debugging eBPF programs

Requirements

In order to use redbpf you need LLVM 11 and the headers for the kernel you want to target.

Linux kernel

The minimum kernel version supported is 4.19. Kernel headers are discovered automatically, or you can use the KERNEL_SOURCE environment variable to point to a specific location. Building against a linux source tree is supported as long as you run make prepare first.

Installing dependencies on Debian based distributions

On Debian, Ubuntu and derivatives you can install the dependencies running:

sudo apt-get -y install build-essential zlib1g-dev \
		llvm-11-dev libclang-11-dev linux-headers-$(uname -r)

If your distribution doesn't have LLVM 11, you can add the official LLVM APT repository to your sources.list.

Installing dependencies on RPM based distributions

First ensure that your distro includes LLVM 11:

yum info llvm-devel | grep Version
Version      : 11.0.0

If you don't have vesion 11, you can get it from the Fedora 33 repository.

Then install the dependencies running:

yum install clang llvm-devel zlib-devel kernel-devel

Getting started

The easiest way to get started is using cargo-bpf, see the documentation for more info.

redbpf-tools is a cargo-bpf generated crate that includes simple examples you can use to understand how to structure your programs.

Finally the foniod project includes more concrete examples of redbpf programs.

Building from source

After cloning the repository run:

git submodule sync
git submodule update --init

Install the dependencies as documented above, then run cargo build as usual.

License

This repository contains code from other software in the following directories, licensed under their own particular licenses:

  • bpf-sys/libelf/*: GPL2 + LGPL3
  • bpf-sys/bcc/*: Apache2, public domain
  • include/bpf_helpers.h LGPL2 + BSD-2
  • include/bpf_helper_defs.h: LGPL2 + BSD-2
  • bpf-sys/libbpf: LGPL2 + BSD-2

Where '+' means they are dual licensed.

RedBPF and its components, unless otherwise stated, are licensed under either of

at your option.

Contribution

This project is for everyone. We ask that our users and contributors take a few minutes to review our code of conduct.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

For further advice on getting started, please consult the Contributor's Guide. Please note that all contributions MUST contain a Developer Certificate of Origin sign-off line.

GitHub

https://github.com/foniod/redbpf
Comments
  • 1. bpf tc can't load by tc or cargo bpf load

    I'm using Archlinux

    Linux sherlockholo-pc 5.14.14-arch1-1 #1 SMP PREEMPT Wed, 20 Oct 2021 21:35:18 +0000 x86_64 GNU/Linux

    I try this codes

    #![no_std]
    #![no_main]
    
    use redbpf_probes::tc::prelude::*;
    // use redbpf_probes::xdp::prelude::*;
    
    program!(0xFFFFFFFE, "GPL");
    
    #[tc_action]
    fn test(skb: SkBuff) -> TcActionResult {
        Ok(TcAction::Ok)
    }
    

    and build with cargo bpf build

    When I try to load it by sudo tc filter add ingress bpf da obj target/bpf/programs/learn_bpf/learn_bpf.elf sec tc_action/test

    it reports

    Error fetching program/map! Unable to load program

    also I try to use cargo-bpf, sudo -E cargo bpf load -i lo target/bpf/programs/learn_bpf/learn_bpf.elf, it just stuck without any output.

    How should I do to load the bpf tc program?

    Reviewed by Sherlock-Holo at 2021-10-23 08:01
  • 2. TcHashMap can't set

    #![no_std]
    #![no_main]
    
    use core::mem::{size_of, transmute};
    
    use cty::c_void;
    use redbpf_macros::map;
    use redbpf_probes::tc::prelude::*;
    
    program!(0xFFFFFFFE, "GPL");
    
    #[map(link_section = "redirect_map")]
    static mut REDIRECT_MAP: TcHashMap<__be16, u16> =
        TcHashMap::with_max_entries(1024, TcMapPinning::GlobalNamespace);
    
    #[tc_action]
    fn test(skb: SkBuff) -> TcActionResult {
        let mut n: __be16 = 1;
        n = n.to_be();
    
        unsafe {
            REDIRECT_MAP.set(&n, &1);
        }
    
        Ok(TcAction::Ok)
    }
    

    when compile this codes and load by tc, it reports

    Prog section 'tc_action/test' rejected: Permission denied (13)!
     - Type:         3
     - Instructions: 12 (0 over limit)
     - License:      GPL
    
    Verifier analysis:
    
    0: (b7) r1 = 256
    1: (6b) *(u16 *)(r10 -2) = r1
    2: (bf) r2 = r10
    3: (07) r2 += -2
    4: (18) r1 = 0x0
    6: (18) r3 = 0x0
    8: (b7) r4 = 0
    9: (85) call bpf_map_update_elem#2
    R1 type=inv expected=map_ptr
    processed 8 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
    
    Error fetching program/map!
    Unable to load program
    

    it seems when uses the bpf_map_update_elem, the pointer is incorrect? but I don't know what's wrong in https://github.com/foniod/redbpf/blob/a9b98c2f9dfa1481a93d46560b0e11deec800865/redbpf-probes/src/tc/maps.rs#L172

    Reviewed by Sherlock-Holo at 2021-10-23 15:35
  • 3. Unknown func bpf_skb_load_bytes

    Hello,

    I first followed the tutorial to get started with redbpf which worked very nicely. I then used the tutorial template and changed it to hook into the kernel function __dev_queue_xmit to read properties of network packets being transmitted. Compilation works without errors but the program panicks when trying to load the probe program. In the probe program, I use the struct SkBuff from redbpf_probes::socket::SkBuff, which internally calls bpf_skb_load_bytes. When running it, it panicks with the error "unknown func bpf_skb_load_bytes":

         Running `target/debug/redbpf-tutorial`
    Nov 14 16:52:30.587 ERROR redbpf: error loading BPF program `__dev_queue_xmit' with bpf_load_program_xattr. ret=-1 os error=Invalid argument (os error 22): 0: (bf) r6 = r1
    1: (b7) r8 = 0
    2: (63) *(u32 *)(r10 -24) = r8
    last_idx 2 first_idx 0
    regs=100 stack=0 before 1: (b7) r8 = 0
    3: (7b) *(u64 *)(r10 -32) = r8
    4: (7b) *(u64 *)(r10 -40) = r8
    5: (7b) *(u64 *)(r10 -48) = r8
    6: (7b) *(u64 *)(r10 -56) = r8
    7: (7b) *(u64 *)(r10 -64) = r8
    8: (7b) *(u64 *)(r10 -72) = r8
    9: (7b) *(u64 *)(r10 -80) = r8
    10: (7b) *(u64 *)(r10 -88) = r8
    11: (7b) *(u64 *)(r10 -96) = r8
    12: (7b) *(u64 *)(r10 -104) = r8
    13: (7b) *(u64 *)(r10 -112) = r8
    14: (7b) *(u64 *)(r10 -120) = r8
    15: (7b) *(u64 *)(r10 -128) = r8
    16: (7b) *(u64 *)(r10 -136) = r8
    17: (7b) *(u64 *)(r10 -144) = r8
    18: (79) r7 = *(u64 *)(r6 +112)
    19: (85) call bpf_ktime_get_ns#5
    20: (7b) *(u64 *)(r10 -160) = r0
    21: (85) call bpf_get_current_pid_tgid#14
    22: (7b) *(u64 *)(r10 -152) = r0
    23: (7b) *(u64 *)(r10 -8) = r8
    24: (7b) *(u64 *)(r10 -16) = r8
    25: (bf) r1 = r10
    26: (07) r1 += -16
    27: (b7) r2 = 16
    28: (85) call bpf_get_current_comm#16
    last_idx 28 first_idx 22
    regs=4 stack=0 before 27: (b7) r2 = 16
    29: (79) r1 = *(u64 *)(r10 -8)
    30: (7b) *(u64 *)(r10 -128) = r1
    31: (79) r1 = *(u64 *)(r10 -16)
    32: (7b) *(u64 *)(r10 -136) = r1
    33: (bf) r3 = r10
    34: (07) r3 += -16
    35: (bf) r1 = r7
    36: (b7) r2 = 0
    37: (b7) r4 = 4
    38: (85) call bpf_skb_load_bytes#26
    unknown func bpf_skb_load_bytes#26
    processed 39 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 1
    
    thread 'main' panicked at 'error on Loader::load: LoadError("__dev_queue_xmit", BPF)', src/main.rs:22:49
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace`
    
    

    I am not quite sure what the issue is here, I'd really appreciate any help!

    This is my system info:

    rustc 1.56.1
    llvm 13.0.0-3
    Kernel: Linux 5.10.78-1-lts
    
    Reviewed by undvikar at 2021-11-14 16:08
  • 4. Can't install with Amazon Linux 2 due to LLVM issue

    I tried to set up a development env in Docker with RedBPF, using:

    FROM amazonlinux:2
    RUN curl https://sh.rustup.rs -sSf | \
            sh -s -- -y --default-toolchain stable && \
            PATH="/root/.cargo/bin:$PATH" rustup install stable
    RUN yum -y install clang-10.0.0 \
        llvm-10.0.0 \
        llvm-libs-10.0.0 \
        llvm-devel-10.0.0 \
        llvm-static-10.0.0 \
        kernel \
        kernel-devel \
        elfutils-libelf-devel \
        ca-certificates 
    RUN PATH="/root/.cargo/bin:$PATH" cargo install cargo-bpf
    ENV PATH $PATH:/root/.cargo/bin
    WORKDIR /tmp
    

    When I do a docker build this fails with:

    ...
    error: No suitable version of LLVM was found system-wide or pointed
           to by LLVM_SYS_100_PREFIX.
    
           Consider using `llvmenv` to compile an appropriate copy of LLVM, and
           refer to the llvm-sys documentation for more information.
    
           llvm-sys: https://crates.io/crates/llvm-sys
           llvmenv: https://crates.io/crates/llvmenv
       --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/llvm-sys-100.2.0/src/lib.rs:483:1
        |
    483 | / std::compile_error!(concat!(
    484 | |       "No suitable version of LLVM was found system-wide or pointed
    485 | |        to by LLVM_SYS_", env!("CARGO_PKG_VERSION_MAJOR"), "_PREFIX.
    486 | |
    ...   |
    490 | |        llvm-sys: https://crates.io/crates/llvm-sys
    491 | |        llvmenv: https://crates.io/crates/llvmenv"));
        | |____________________________________________________^
    
    error: aborting due to previous error
    
    error: could not compile `llvm-sys`.
    
    To learn more, run the command again with --verbose.
    warning: build failed, waiting for other jobs to finish...
    error: failed to compile `cargo-bpf v1.1.2`, intermediate artifacts can be found at `/tmp/cargo-installKGJVzw`
    

    Any idea what I'm doing wrong? I thought I got all the deps? 8-}

    Great project, BTW!

    Reviewed by mhausenblas at 2020-09-28 08:24
  • 5. Segmentation fault in simple ebpf program

    Running a program based on https://github.com/foniod/redbpf/blob/main/examples/example-probes/src/tcp_lifetime/main.rs with code:

    // This program can be executed by
    // # cargo run --example tcp-lifetime [interface]
    #![no_std]
    #![no_main]
    use core::mem::{self, MaybeUninit};
    use memoffset::offset_of;
    
    use redbpf_probes::socket_filter::prelude::*;
    
    use monitor::usage::{SocketAddr,message};
    
    #[map(link_section = "maps/perf_events")]
    static mut perf_events: PerfMap<message> = PerfMap::with_max_entries(1024);
    #[map(link_section = "maps/usage")]
    static mut usage: HashMap<u32, u32> = HashMap::with_max_entries(4096);
    
    #[map(link_section = "maps/time")]
    static mut time: HashMap<u32, u64> = HashMap::with_max_entries(4096);
    
    program!(0xFFFFFFFE, "GPL");
    #[socket_filter]
    fn measure_tcp_lifetime(skb: SkBuff) -> SkBuffResult {
        let eth_len = mem::size_of::<ethhdr>();
        let eth_proto = skb.load::<__be16>(offset_of!(ethhdr, h_proto))? as u32;
        if eth_proto != ETH_P_IP {
            return Ok(SkBuffAction::Ignore);
        }
    
        let ip_proto = skb.load::<__u8>(eth_len + offset_of!(iphdr, protocol))? as u32;
        if ip_proto != IPPROTO_TCP {
            return Ok(SkBuffAction::Ignore);
        }
    
        Ok(SkBuffAction::Ignore)
    }
    ´´´
    
    Gives a segmentation fault, however, used to work about a month ago don't know if it started to happen due to rust updates or redBPF updates.
    Thanks in Advance.
    Reviewed by sebastiaoamaro at 2021-11-05 15:57
  • 6. cargo bpf build block_http error: could not compile `redbpf-probes`.

    Centos7 3.10.0-1062.4.1.el7.x86_64 rust 1.39 clang version 9.0.0 (tags/RELEASE_900/final)

    cargo bpf build block_http Compiling redbpf-probes v0.9.6 error[E0588]: packed type cannot transitively contain a [repr(align)] type --> /home/alphapo/rust/hello-bpf/target/release/build/redbpf-probes-fcf682ba7259472e/out/gen_helpers.rs:977:1 | 977 | / pub struct desc_struct { 978 | | pub __bindgen_anon_1: desc_struct__bindgen_ty_1, 979 | | } | |_^

    error[E0587]: type has conflicting packed and align representation hints --> /home/alphapo/rust/hello-bpf/target/release/build/redbpf-probes-fcf682ba7259472e/out/gen_helpers.rs:5432:1 | 5432 | / pub struct xsave_struct { 5433 | | pub i387: i387_fxsave_struct, 5434 | | pub xsave_hdr: xsave_hdr_struct, 5435 | | pub ymmh: ymmh_struct, ... | 5439 | | pub __bindgen_padding_0: [u8; 48usize], 5440 | | } | |_^

    error: aborting due to 2 previous errors

    error: could not compile redbpf-probes.

    To learn more, run the command again with --verbose. error: failed to compile the `block_http' program

    Reviewed by juaby at 2019-11-10 11:32
  • 7. Loader.rs error "Permission denied"

    Hi, again I am running a Kubernetes deployment with multiple pods (17), where one of them injects rust programs in the rest of them, these rust programs run eBPF stuff specifically a part where they load an eBPF program, however, 6 of them load the eBPF program without an issue and the rest of them give the following error:

    "thread 'async-std/runtime' panicked at 'called Result::unwrap() on an Err value: IO(Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" })', redbpf/redbpf/src/load/loader.rs:51:67"

    After looking into the code I saw this was the line: let map = PerfMap::bind(m, -1, *cpuid, 16, -1, 0).unwrap();

    Bind is described here: https://github.com/foniod/redbpf/blob/c7f4b6811a2527ed033ec42aa34fe1d8cb4d97d4/redbpf/src/perf.rs#L274 The map section of the eBPF program (same for all Pods) loaded looks like this:

    #[map(link_section = "maps")]
    static mut perf_events: PerfMap<message> = PerfMap::with_max_entries(1024);
    #[map(link_section = "maps")]
    static mut usage: HashMap<u32, u32> = HashMap::with_max_entries(4096);
    
    #[map(link_section = "maps")]
    static mut time: HashMap<u32, u64> = HashMap::with_max_entries(4096);
    

    As a side note, this works completely fine in Docker, working in Docker, and the fact that 6 of them work makes this extremely confusing for me. Does anyone have any idea why this might happen or a way to continue debugging? Thanks in advance.

    Reviewed by sebastiaoamaro at 2022-03-10 15:50
  • 8. Multi distro build test

    I come up with this PR when I ran into the build failure of #131. Because I tried building RedBPF only under my Pop OS, I could not recognize the build failures derived from other distros.

    And also by Dockerfile-alpine-20210212 this PR suggests the solution of #130.

    Reviewed by rhdxmr at 2021-03-31 15:42
  • 9. When are socket filters removed?

    Hello everyone, I am running a program similar to this https://github.com/foniod/redbpf/blob/main/examples/example-userspace/examples/tcp-lifetime.rs I have a quick question, when are these socket filters removed? Or is there a certain way to remove them? (Didn't know where I could ask this, without creating an issue sorry if it is not supposed to be here) Thanks in advance.

    Reviewed by sebastiaoamaro at 2021-10-03 13:06
  • 10. HashMap Pinning for global maps

    Hello,

    As I am doing a tc program the creation of the map is not shared between user space and kernel space because we launch it with tc commands such as:

    tc qdisc add dev lo clsact
    
    sudo tc filter add dev lo ingress \
      bpf da obj target/bpf/programs/limit/limit.elf sec tc_action/limit
    

    So in order to share the file descriptor of the map created by this we need to do a global map in order to put it a global namespace so I can get it in other ebpf programs.

    To do that I see that I can modify the 'pinning' in the map options :

    /* This example has a pinning of PIN_OBJECT_NS, so it's private and
    * thus shared among various program sections within the object.
    *
    * A setting of PIN_GLOBAL_NS would place it into a global namespace,
    * so that it can be shared among different object files. A setting
    * of PIN_NONE (= 0) means no sharing, so each tc invocation a new map
    * instance is being created.
    */
    

    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/tree/examples/bpf/bpf_shared.c

    I saw in the documentation the implementation of Hash table map the High level API for BPF_MAP_TYPE_HASH maps

    impl<K, V> HashMap<K, V> {
        /// Creates a map with the specified maximum number of elements.
        pub const fn with_max_entries(max_entries: u32) -> Self {
            Self {
                def: bpf_map_def {
                    type_: bpf_map_type_BPF_MAP_TYPE_HASH,
                    key_size: mem::size_of::<K>() as u32,
                    value_size: mem::size_of::<V>() as u32,
                    max_entries,
                    map_flags: 0,
                },
                _k: PhantomData,
                _v: PhantomData,
            }
        }
    

    And in C they have the pinning options :

    struct bpf_elf_map {
        u32 type;
        u32 size_key;
        u32 size_value;
        u32 max_elem;
        u32 flags;
        u32 id;
        __u32 pinning;
    };
    
    

    Is it possible to choose the pinning value or there is pinning default value ? Can I retrieve the map fd with other solutions for the tc_action program ?

    Thank you

    Reviewed by Dunateo at 2021-04-28 15:49
  • 11. Soundness issues

    I was reading the post at https://blog.redsift.com/labs/writing-bpf-code-in-rust/ and started playing around with it. While debugging I glanced at the source code for Data::read here:

    https://github.com/redsift/redbpf/blob/master/redbpf-probes/src/xdp.rs#L236

        pub fn read<T>(&self) -> Option<T> {
            unsafe {
                let len = mem::size_of::<T>();
                if self.base.add(len) as *const u8 > (*self.ctx).data_end as *const u8 {
                    return None;
                }
                Some((self.base as *const T).read_unaligned())
            }
        }
    

    This function is not sound for all values of T and should at least be marked unsafe. Right beneath that is the MapData type which appears to be equally unsound and at the very least should have the payload method marked unsafe.

    These are just the first pieces of code I glanced at when trying to figure out what the http trace example in the blog post is doing, it is far from an exhaustive scan of the redbpf code base.

    Would you welcome changes that mark those API's unsafe?

    Reviewed by ggriffiniii at 2019-12-20 17:17
  • 12. Whether has supported CO-RE?

    Look at the situation of the development of ebpf, CO-RE is ebpf direction of the future.I am wondering to know that redbpf had any feature for supporting CO-RE at present?

    Reviewed by dafu-wu at 2022-05-11 14:19
  • 13. XDP Tx ring disable timeout when loader is stopped

    Hello, I've discovered in /var/log/syslog that when the loader program is stopped, there is a disable timeout, and then the i40e driver enters allmulti mode:

    Apr 26 15:26:55 SRV-PVE-2 kernel: [895028.655165] i40e 0000:01:00.0: VSI seid 404 XDP Tx ring 33 disable timeout
    Apr 26 15:26:57 SRV-PVE-2 kernel: [895030.595925] i40e 0000:01:00.0: entering allmulti mode.
    

    I'm using the same loader code as in this example. I have a few maps in my BPF program:

    • 3x PerfMap with 1024 max_entries
    • 2x HashMap with 1 max_entries
    • 1x PerCpuHashMap with 1_000_000 max_entries

    I suspect the last one caused the issue - it's used as a rate limit for each saddr as a key, and a counter as the value.

    Reviewed by QuiiBz at 2022-05-01 08:43
  • 14. Add a changelog

    Since breaking changes are inevitable, I think introducing a changelog would be a good idea.

    I propose to follow the format described on keepachangelog.com. Usually, it's not a huge maintenance burden: contributors guide can be updated to require updating the changelog with each PR (especially if the change is breaking).

    Reviewed by nbaksalyar at 2022-04-15 04:55
  • 15. Update RingBufs API - allow referring individual maps

    As was discussed in #251, the current ringbufs API has a disadvantage: in order to handle different maps in different async tasks, a user needs to redirect events to e.g. mpsc queues to handle them separately.

    This change simplifies the API and implementation by allowing to refer to BPF maps individually through a corresponding key in a HashMap.

    cc @yobiscus

    Reviewed by nbaksalyar at 2022-04-14 01:11
  • 16. Add support for USDT probes

    As discussed in #307, there should be public API to use USDT probes.

    The attach_usdt signature can mirror the uprobe API (because internally USDTs are simply uprobes with some extra features and publicly available metadata):

    pub fn attach_usdt(
      &mut self,
      probe_name: &str,
      offset: u64,
      target: &str,
      pid: Option<pid_t>,
    )
    

    This function should read probe addresses from the target ELF header (similarly to how it's done in redbpf::symbols::ElfSymbols).

    We will also needs a function to enable these probes -- either automatically or manually -- as many USDT probes require to update dynamic reference counters (called semaphores) to work properly.

    Reviewed by nbaksalyar at 2022-04-07 21:24
Secure transport for running MPC protocols backed by Signal

MPC over Signal Overview This library provides a high-level interface for connecting to Signal Server and using it to exchange messages with other con

Apr 30, 2022
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Xori - Custom disassembly framework Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and pro

May 16, 2022
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

LibAFL, the fuzzer library. Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust. LibAFL is written and main

May 25, 2022
Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).

Mundane Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order). Issues and

Apr 26, 2022
unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode
unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode

unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode. It is essentially a reimplementation of the Python VM with taint tracking.

Apr 26, 2022
CVEs for the Rust standard library

Rust CVE Preface This is a list of CVEs for unsound APIs in the Rust standard library. These bugs break Rust's memory safety guarantee and lead to sec

May 21, 2022
Rust library for developing safe canisters.

IC Kit This library provides an alternative to ic-cdk that can help developers write canisters and unit test them in their Rust code. Install Add this

May 4, 2022
QuickCheck bug hunting in Rust standard library data structures

BugHunt, Rust This project is aiming to provide "stateful" QuickCheck models for Rust's standard library. That is, we build up a random list of operat

Feb 17, 2022
A simple rust library for working with ZIP archives

rust-zip A simple rust library to read and write Zip archives, which is also my pet project for learning Rust. At the moment you can list the files in

Jan 29, 2021
An attempt to rewrite lite-client for TON Blockchain in Rust using ton-labs-adnl library.

An attempt to rewrite lite-client for TON Blockchain in Rust using ton-labs-adnl library.

Apr 30, 2022
A new shellcode injection technique. Given as C++ header, standalone Rust program or library.
A new shellcode injection technique. Given as C++ header, standalone Rust program or library.

FunctionStomping Description This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stompin

May 21, 2022
Extended precision integer Rust library. Provides signed/unsigned integer 256 to 2048.

Extended precision integer Rust library. Provides signed/unsigned integer 256 to 2048.

Apr 22, 2022
Cross-platform async library for system information fetching 🦀
Cross-platform async library for system information fetching 🦀

heim Cross-platform library for system information fetching heim is an ongoing attempt to create the best tool for system information fetching (ex., C

May 20, 2022
Memory hacking library for windows.

Memory hacking library for windows.

May 27, 2022
Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources
Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources

Kepler — Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

May 11, 2022
Steals browser passwords and cookies and sends to webhook.
Steals browser passwords and cookies and sends to webhook.

Browser-Stealer Steals browser passwords and cookies and sends to webhook. Donating Educational Purposes Only This code is made so you can learn from

Sep 27, 2021
Detects usage of unsafe Rust in a Rust crate and its dependencies.
Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️ Looking for maintainer: https://github.com/rust-secure-code/cargo-geiger/issues/210 A program that lists statistics related to the usa

May 18, 2022
An esoteric language/compiler written with Rust and Rust LLVM bindings

MeidoLang (メイドラング) A not so useful and esoteric language. The goal of this project was to contain some quirky or novel syntax in a stack-style program

Dec 24, 2021
Rust-verification-tools - RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.

Rust verification tools This is a collection of tools/libraries to support both static and dynamic verification of Rust programs. We see static verifi

May 19, 2022