Crate memflex

Memflex - Memory hacking library

Installation

[dependencies]
memflex = "0.8"

Features

• Pattern matching

use memflex::{ida_pat, peid_pat};
// Pattern creation and parsing happens at compile time.
let ida = ida_pat!("13 ? D1");
let peid = peid_pat!("13 ?? D1");

#[cfg(windows)]
{
    let first = memflex::internal::find_pattern_in_module(ida, "ntdll.dll").unwrap().next();
    let last = memflex::internal::find_pattern_in_module(peid, "ntdll.dll").unwrap().last();
}

• Module searching

#[cfg(windows)]
let module = memflex::internal::find_module_by_name("ntdll.dll");
// module.size, module.base

• Read/Write external memory

#[cfg(windows)]
if let Ok(p) = memflex::external::open_process_by_id(666, false, memflex::types::win::PROCESS_ALL_ACCESS) {
    let value = p.read::<u32>(0x7FFF)?;
    p.write(0x7FFF, 100_u32)?;
}

Ok::<_, memflex::MfError>(())

• Macros for emulating C++ behavior

#[repr(C)]
pub struct ConcreteType {
    vmt: memflex::VmtPtr
};

memflex::interface! {
    pub trait IPlayer impl for ConcreteType {
        // Notice missing `&self`, this is intentional and macro will implicitly add it.
        // Functions without `&self` in interface doesn't make much sense.
        extern "C" fn get_health() -> i32 = #0; // 0 - Index of the virtual function.

        // *Returns old health*
        extern "C" fn set_health(new: i32) -> i32 = #1; // 1 - Index of the virtual function.
    }

    trait Foo {
        extern fn foo() = #0;
    }

    trait ParentVmt {
        fn f1() -> i32 = #0;
        fn f2() -> i32 = #1;
    }

    trait ChildVmt {
        fn f3(a: i32) = #0;
        fn f4(a: i32) = #1;
    }
}

// Automatically wraps all structures in `#[repr(C)]`
// Virtual functions with inheritence is not tested(probably doesnt work).
memflex::makestruct! {
    // Attributes works as expected
    #[derive(Default)]
    struct Parent {
        // on fields as well
        // #[serde(skip)]
        first: f32
    }
    
    // `pub` means that `parent` field will be `pub`
    // but Deref<Target = Parent> implementation will be generated regardless.
    struct Child : pub Parent {
        second: i32
    }

    // Implements `Foo` interface on `Nested`
    struct Nested impl Foo : Child {
        third: bool
    }

    struct ParentWithVmt impl ParentVmt {
        vmt: usize,
        t1: f32,
        t2: bool
    }

    // By using `dyn ParentWithVmt`, child offsets all of their vfunc indices by the number of functions in `ParentWithVmt`,
    // should work with nested inheritance but hasn't been tested so I just pray it works.
    struct ChildInheritsParentVmt impl ChildVmt(dyn ParentWithVmt) : pub ParentWithVmt {
        t3: u64,
        t4: i8
    }
}

memflex::global! {
    // Uses default ldr resolver on windows
    pub extern MY_GLOBAL: i32 = "ntdll.dll"#0x1000;
}

memflex::function! {
    // Function with offset from the module
    fn ADDER(i32, i32) -> i32 = "function.exe"#0x2790;

    // Function with signature
    fn MIXER(f32, f32, f32) -> u32 = "function.exe"%"48 81 EC B8 00 00 00 F3";
}


memflex::bitstruct! {
    struct SomeStruct : u8 {
        // Bits: 0, 1, 2
        first: 0..=2,
        // Bits: 3, 4, 5, 6, 7
        next: 3..=7,
    }
}

// Null terminated strings
use memflex::types::TStr;
let zero_terminated: TStr = memflex::tstr!("Hello, World!");

Re-exports

pub use types::TStr;

pub use types::VmtPtr;

pub use obfstr;

Modules

external

Some handy external API for interacting with the system

internal

Module with helper functions for internal apis.

types

Useful types for interacting with C

Macros

assert_offset

Asserts offset of the fields

assert_size

Asserts size of the type

bitfields

Implement bitfields for an existing type.

bitflags

Generate a flags type.

bitstruct

Creates a structure with access to individual bits

bp

Puts int3 breakpoint

code_pat

Generates a pattern from code style strings.

function

Creates a function defenition with explicitly defined offset from module or signature.

global

Declares global variables with fixed offset from module

ida_pat

Generates a pattern from IDA style string.

interface

Generates a trait that will emulate behaviour of C++ virtual functions

makestruct

Emulates C++ parenting, with a constraint that a child may only has ONE parent.

offset_of

Gets the offset of the field.

peid_pat

Generates a pattern from PEID style string.

size_of

Gets the size in bytes of the type or the variable

tstr

Generates C-like terminated string with the type of crate::types::TStr

Structs

BitField

Immutable bitfield that provides get method.

BitFieldMut

Mutable bitfield that provides get, set methods.

Function

Function that resolve its address on the first access.

Global

Global variable with explicitly defined offset.

Pattern

Represents a staticly built sequence of bytes to match against.

Enums

MfError

Global error type

ResolveBy

How to resolve static offsets

Traits

Matcher

Trait for generalizing static & dynamic memory patterns.

Functions

find_pattern^⚠

Searches for a pattern internally by start address and search length.

find_pattern_range^⚠

Searches for a pattern internally in a given range.

resolve_multilevel^⚠

Resolves immutable multilevel pointer.

resolve_multilevel_mut^⚠

Resolves mutable multilevel pointer.

terminated_array^⚠

Creates an inmmutable slice from terminated array.

terminated_array_mut^⚠

Creates a mutable slice from terminated array.

Type Aliases

Result