wraith/
lib.rs

1#![cfg(windows)]
2#![cfg_attr(not(feature = "std"), no_std)]
3#![deny(unsafe_op_in_unsafe_fn)]
4#![allow(clippy::missing_safety_doc)] // we document safety in SAFETY comments
5
6//! wraith-rs: Safe abstractions for Windows PEB/TEB manipulation
7//!
8//! This library provides high-level, safe APIs for interacting with Windows
9//! process internals, including:
10//!
11//! - PEB/TEB structure access with version-aware field offsets
12//! - Module enumeration and querying
13//! - Module unlinking from PEB lists
14//! - Manual PE mapping (LoadLibrary bypass)
15//! - Direct/indirect syscall invocation
16//! - Hook detection and removal
17//! - Anti-debug techniques
18//!
19//! # Feature Flags
20//!
21//! - `std` (default): Use the standard library. Disable for `no_std` environments.
22//! - `alloc`: Enable heap allocation in `no_std` mode (requires an allocator).
23
24#[cfg(all(not(feature = "std"), feature = "alloc"))]
25extern crate alloc;
26
27#[cfg(feature = "std")]
28extern crate std;
29
30// re-export alloc for kernel module when std is available
31#[cfg(all(feature = "std", feature = "kernel"))]
32extern crate alloc;
33
34pub mod arch;
35pub mod error;
36#[cfg(any(
37    feature = "manual-map",
38    feature = "syscalls",
39    feature = "spoof",
40    feature = "hooks",
41    feature = "antidebug",
42    feature = "unlink",
43    feature = "remote"
44))]
45pub mod manipulation;
46#[cfg(feature = "navigation")]
47pub mod navigation;
48pub mod structures;
49pub mod util;
50pub mod version;
51
52#[cfg(feature = "kernel")]
53pub mod km;
54
55#[cfg(feature = "kernel-client")]
56pub mod km_client;
57
58// re-exports for convenience
59pub use error::{Result, WraithError};
60pub use structures::{Peb, Teb};
61pub use version::{WindowsRelease, WindowsVersion};
62
63/// library version
64pub const VERSION: &str = env!("CARGO_PKG_VERSION");