1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

#![cfg(windows)]
#![deny(unsafe_op_in_unsafe_fn)]

/*!
ProcMem is a minimalistic rust library for dealing with processes, their modules and threads utilizing the winapi.
(therefore solely targeting windows systems)

The main purpose of ProcMem is to easily get access to running processes, their modules, threads and corresponding memory addresses.
In addition to that, this crate provides functionality to read/write memory of processes/modules and reading pointer chains.

# Installation

Use the package manager [cargo](https://doc.rust-lang.org/cargo/) to install ProcMem (cargo add proc_mem).
Or add: "proc_mem = VERSION" into your Cargo.toml file. You can find the newest version [on crates.io](https://crates.io/crates/proc_mem).

# Example: get a running process

In order to get a running process you will have to
call [`Process::with_name()`], [`Process::with_pid()`] or [`Process::all_with_name()`].
On success the returned value will be of type: [`Process`].

```rust
use proc_mem::Process;
let firefox: Result<Process, ProcMemError>      = Process::with_pid(12345);
let chrome:  Result<Process, ProcMemError>      = Process::with_name("chrome.exe");
let vscode: Result<Vec<Process>, ProcMemError>  = Process::all_with_name("Code.exe");
```

# Example: terminate a process

```rust
use proc_mem::Process;
let chrome:  Result<Process, ProcMemError> = Process::with_name("chrome.exe");
let did_terminate: bool = chrome.kill();
```

# Example: get a module from a process

To get a module which was loaded by a process
you just have to call [`Process::module()`].
which on success will return an instance of [`Module`](crate::process::Module).

```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let desired_module: Result<Module,ProcMemError> = chrome.module("kernel32.dll");
```

# Example: read/write memory

To read memory you have to call [`Process::read_mem()`].
This function takes a type and the address to read.
On success the read value will be returned.

```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let read_value: Result<T, ProcMemError> = chrome.read_mem::<T>(module.base_address() + 0x1337);
```

To write memory you have to call [`Process::write_mem()`].
This function takes a type and the address to write to.
the returned boolean will be true on success and false on failure

```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let write_result: bool = chrome.read_mem::<T>(module.base_address() + 0x1337);
```

There is also a function to read pointer chains [`Process::read_mem_chain()`].
This function takes a type and a Vec of addresses/offsets,
the first entry being the base address to start from.
On success the read value will be returned.

```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let chain: Vec<usize> = vec![module.base_address(), 0xDEA964, 0x100]
let read_value: Result<T, ProcMemError> = chrome.read_mem_chain::<T>(chain);
```

If you dont want to read the value from the end of the chain
you can use the function: [`Process::read_ptr_chain()`].
This function takes a Vec of addresses/offsets,
the first entry being the base address to start from.
On success the address at the end of the chain will be returned.

```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let chain: Vec<usize> = vec![module.base_address(), 0xDEA964, 0x100]
let desired_address: Result<usize, ProcMemError> = chrome.read_ptr_chain(chain);
```

# Example: pattern scanning

It´s a pain to maintain offsets manually, but luckily proc_mem
provides a way around that issue.
You can scan modules for byte patterns and get the desired address
this way.

```rust
use proc_mem::{Process, Module, Signature};
let some_game = Process::with_name("some_game.exe")?;
let module = some_game.module("module.dll")?;
let lp_signature = Signature {
    name: "LocalPlayer",
    pattern: "8D 34 85 ? ? ? ? 89 15 ? ? ? ? 8B 41 08 8B 48 04 83 F9 FF",
    offsets: vec![3],
    extra: 4,
    relative: true,
    rip_relative: false,
    rip_offset: 0,
};
let lp_address: Result<usize,ProcMemError> = module.find_signature(&lp_signature);
```
*/

/// contains data about certain processes
mod process;
/// error messages 
mod errors;

pub use process::Process;
pub use process::Module;
pub use process::Signature;
pub use errors::ProcMemError;