Crate raminspect

raminspect is a crate that allows for the inspection and manipulation of the memory and code of a running process on a Linux system. It provides functions for finding and replacing search terms in a processes’ memory, as well as an interface that allows for the injection of arbitrary shellcode running in the processes’ context. All of this requires root privileges, for obvious reasons.

Structs

MemoryRegion

A description of a memory region spanning any given address range with information about its start address, its access permissions (i.e. whether it’s readable, writable, and/or executable), and whether or not it’s shared or private.

RamInspector

This is the primary interface used by the crate to search through, read, and modify an arbitrary processes’ memory and code.

ResumeHandle

A handle obtained by calling the RamInspector::resume_process method that re-pauses the target process when dropped, assuming no other handles for the process currently exist. See the docs of that method for more information.

Enums

RamInspectError

The error type for this library. The variants have self-explanatory names.

Functions

find_processes

Finds a list of all processes containing a given search term in their program name. This makes figuring out the process ID of the process you want to inspect or inject shellcode into easier.