1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
#![cfg(windows)]
#![deny(unsafe_op_in_unsafe_fn)]
/*!
ProcMem is a minimalistic rust library for dealing with processes, their modules and threads utilizing the winapi.
(therefore solely targeting windows systems)
The main purpose of ProcMem is to easily get access to running processes, their modules, threads and corresponding memory addresses.
In addition to that, this crate provides functionality to read/write memory of processes/modules and reading pointer chains.
# Installation
Use the package manager [cargo](https://doc.rust-lang.org/cargo/) to install ProcMem (cargo add proc_mem).
Or add: "proc_mem = VERSION" into your Cargo.toml file. You can find the newest version [on crates.io](https://crates.io/crates/proc_mem).
# Example: get a running process
In order to get a running process you will have to
call [`Process::with_name()`], [`Process::with_pid()`] or [`Process::all_with_name()`].
On success the returned value will be of type: [`Process`].
```rust
use proc_mem::Process;
let firefox: Result<Process, ProcMemError> = Process::with_pid(12345);
let chrome: Result<Process, ProcMemError> = Process::with_name("chrome.exe");
let vscode: Result<Vec<Process>, ProcMemError> = Process::all_with_name("Code.exe");
```
# Example: terminate a process
```rust
use proc_mem::Process;
let chrome: Result<Process, ProcMemError> = Process::with_name("chrome.exe");
let did_terminate: bool = chrome.kill();
```
# Example: get a module from a process
To get a module which was loaded by a process
you just have to call [`Process::module()`].
which on success will return an instance of [`Module`](crate::process::Module).
```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let desired_module: Result<Module,ProcMemError> = chrome.module("kernel32.dll");
```
# Example: read/write memory
To read memory you have to call [`Process::read_mem()`].
This function takes a type and the address to read.
On success the read value will be returned.
```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let read_value: Result<T, ProcMemError> = chrome.read_mem::<T>(module.base_address() + 0x1337);
```
To write memory you have to call [`Process::write_mem()`].
This function takes a type and the address to write to.
the returned boolean will be true on success and false on failure
```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let write_result: bool = chrome.read_mem::<T>(module.base_address() + 0x1337);
```
There is also a function to read pointer chains [`Process::read_mem_chain()`].
This function takes a type and a Vec of addresses/offsets,
the first entry being the base address to start from.
On success the read value will be returned.
```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let chain: Vec<usize> = vec![module.base_address(), 0xDEA964, 0x100]
let read_value: Result<T, ProcMemError> = chrome.read_mem_chain::<T>(chain);
```
If you dont want to read the value from the end of the chain
you can use the function: [`Process::read_ptr_chain()`].
This function takes a Vec of addresses/offsets,
the first entry being the base address to start from.
On success the address at the end of the chain will be returned.
```rust
use proc_mem::{Process, Module};
let chrome = Process::with_name("chrome.exe")?;
let module = chrome.module("kernel32.dll")?;
let chain: Vec<usize> = vec![module.base_address(), 0xDEA964, 0x100]
let desired_address: Result<usize, ProcMemError> = chrome.read_ptr_chain(chain);
```
# Example: pattern scanning
It´s a pain to maintain offsets manually, but luckily proc_mem
provides a way around that issue.
You can scan modules for byte patterns and get the desired address
this way.
```rust
use proc_mem::{Process, Module, Signature};
let some_game = Process::with_name("some_game.exe")?;
let module = some_game.module("module.dll")?;
let lp_signature = Signature {
name: "LocalPlayer",
pattern: "8D 34 85 ? ? ? ? 89 15 ? ? ? ? 8B 41 08 8B 48 04 83 F9 FF",
offsets: vec![3],
extra: 4,
relative: true,
rip_relative: false,
rip_offset: 0,
};
let lp_address: Result<usize,ProcMemError> = module.find_signature(&lp_signature);
```
*/
/// contains data about certain processes
mod process;
/// error messages
mod errors;
pub use process::Process;
pub use process::Module;
pub use process::Signature;
pub use errors::ProcMemError;