vmemory
Rust library for reading/writing memory in other processes for Windows, macOS, Linux, and in the future potentially, BSD variants. This will write to memory regardless of memory page protections.
API
new_process
Spawn a new process in a suspended state to be manually resumed via self.resume(), passing the file path of the process to start and the arguments to spawn the process with. Returns an option consisting of the struct to be unwrapped
attach_process
Attach to a process with the process ID (PID). Returning a structure in an option to be unwrapped, which will allow memory read/write operations
write_memory
Write memory to the process. The memory to be written is the memory in the data
parameter, at the location of _address
in the remote process. The offset
boolean will specify whether the value of _address
is an offset relative to the first module/mapping loaded into the process (true), or if it is a direct address value to be written (false)
Example, the first module is loaded at 0x00400000
offset
is set to true, and _address
= 5
Memory would be written at 0x00400005
read_memory
Read memory from the process at the location of _address
, and read n bytes according to size
. The rules off the offset
parameter are the same as specified in
ProcessMemory::write_memory()
resume
Resume the process from a suspended state (SIGCONT on Linux/macOS. ResumeThread on the first thread from CreateProcess on Windows). This should generally only be used for ptrace(2) sessions on Linux, posix_spawn(2) from a suspended state on macOS, or CreateProcess on Windows. Essentially all ProcessMemory::new_process()
calls will require this function to be called
base
Retrieve the base address for the first mapping/module loaded into the process
Examples
Example 1
Using new_process
use *;
Example 2
Here we use attach_process
instead of new_process
.
Take note of the offset
boolean (third argument to write_memory
and read_memory
) in this example. Here the direct address passed to write_memory
and the offset passed to read_memory
refer to the same location in the process's memory.
use *;