Struct Process

Source

pub struct Process {
    pub process_name: String,
    pub process_id: u32,
    pub process_base_address: usize,
    pub process_handle: Handle,
    pub iswow64: bool,
}

Expand description

contains name, pid and handle of a process

Fields§

§process_name: String§process_id: u32

unique identifier if the process

§process_base_address: usize

used when desired data is not inside a loaded module

§process_handle: Handle

either PROCESS_ALL_ACCESS or PROCESS_VM_READ | PROCESS_VM_WRITE

§iswow64: bool

is x32 or x64

Implementations§

Source §

impl Process

Source

pub fn with_pid(pid: u32) -> Result<Self, ProcMemError>

returns the desired process with the provided pid

use proc_mem_rs::{Process, ProcMemError};
let process: Result<Process,ProcMemError> = Process::with_pid(12345);

Source

pub fn with_name(name: &str) -> Result<Self, ProcMemError>

returns the desired process with the provided name

use proc_mem_rs::{Process, ProcMemError};
let process: Result<Process,ProcMemError> = Process::with_name("process.exe");

Source

pub fn all_with_name(name: &str) -> Result<Vec<Process>, ProcMemError>

returns a Vec where all processes share the provided name

use proc_mem_rs::{Process, ProcMemError};
let processes: Result<Vec<Process>,ProcMemError> = Process::all_with_name("process.exe");

Source

pub fn module(&self, name: &str) -> Result<Module, ProcMemError>

returns an instance of module including its base address in memory

use proc_mem_rs::{Process, Module, ProcMemError};
let process = Process::with_name("process.exe")?;
let module: Result<Module,ProcMemError> = process.module("module.dll");

Source

pub fn modules(&self) -> Result<Vec<Module>, ProcMemError>

Returns a vector of Module instances

use proc_mem_rs::{Module, Process, ProcMemError};
let process = Process::with_name("process.exe")?;
let modules: Result<Vec<Module>, ProcMemError> = process.list_modules();

Source

pub fn kill(&self) -> bool

returns true if the process was terminated, otherwise will return false

use proc_mem_rs::{Process};
let process = Process::with_name("process.exe")?;
let did_terminate: bool = process.kill();

Source

pub fn read_mem<T: Default>(&self, address: usize) -> Result<T, ProcMemError>

This function takes a type and the address to read. On success the read value will be returned.

use proc_mem_rs::{Process, Module, ProcMemError};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let read_value: Result<T, ProcMemError> = chrome.read_mem::<T>(module.base_address() + 0x1337);

Source

pub fn read_mem_chain<T: Default>( &self, chain: Vec<usize>, ) -> Result<T, ProcMemError>

This function takes a type and a Vec of addresses/offsets, the first entry being the base address to start from. On success the read value will be returned.

use proc_mem_rs::{Process, Module, ProcMemError};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let chain: Vec<usize> = vec![module.base_address(), 0xDEA964, 0x100];
let read_value: Result<T, ProcMemError> = chrome.read_mem_chain::<T>(chain);

Source

pub fn read_ptr_chain(&self, chain: Vec<usize>) -> Result<usize, ProcMemError>

This function takes a type and a Vec of addresses/offsets, the first entry being the base address to start from. On success the address at the end of the chain will be returned.

use proc_mem_rs::{Process, Module, ProcMemError};
let some_game = Process::with_name("some_game.exe")?;
let module = some_game.module("client.dll")?;
let chain: Vec<usize> = vec![module.base_address(), 0xDEA964, 0x100];
let desired_address: Result<usize, ProcMemError> = module.read_ptr_chain(chain);

Source

pub fn write_mem<T: Default>(&self, address: usize, value: T) -> bool

This function takes a type and the address to write to. The returned boolean will be true on success and false on failure

use proc_mem_rs::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let mut value_to_write: i32 = 1337;
let write_result: bool = chrome.write_mem(module.base_address() + 0x1337, value_to_write);

Source

pub fn write_bytes(&self, address: usize, buf: *mut u8, size: usize) -> bool

With this function someone can write multiple bytes to a specified address. The returned boolean will be true on success and false on failure

use proc_mem_rs::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let mut bytes_to_write: Vec<u8> = [ 0x48, 0xC7, 0xC0, 0x0A, 0x00, 0x00, 0x00 ].to_vec();
let write_result: bool = chrome.write_bytes(module.base_address() + 0x1337, bytes_to_write.as_mut_ptr(), bytes_to_write.len());

Source

pub fn read_ptr<T: Copy>(&self, buf: *mut T, address: usize) -> bool

C style method to read memory Third argument is the multiplicator of the Size of “T” for example if someone would want to read multiple bytes

use proc_mem_rs::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let mut value_buffer: i32 = 0;
if !chrome.read_ptr(&mut value_buffer, module.base_address() + 0x1337) {
    println!("ReadMemory Failure");
} else {
    println!("ReadMemory Success");
}

Source

pub fn read_bytes(&self, address: usize, buf: *mut u8, size: usize) -> bool

C style method to read multiple bytes from memory

use proc_mem_rs::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;

let rsize = 10;
let mut bytes_buffer: Vec<u8> = vec![0u8;rsize];
if !chrome.read_bytes(module.base_address() + 0x1337, bytes_buffer.as_mut_ptr(), rsize) {
    println!("ReadMemory Failure");
} else {
    println!("ReadMemory Success");
}