Crate raminspect

source ·
Expand description

raminspect is a crate that allows for the inspection and manipulation of the memory and code of a running process on a Linux system. It provides functions for finding and replacing search terms in a processes’ memory, as well as an interface that allows for the injection of arbitrary shellcode running in the processes’ context. All of this requires root privileges, for obvious reasons.

Structs

  • MemoryRegion
    A description of a memory region spanning any given address range with information about its start address, its access permissions (i.e. whether it’s readable, writable, and/or executable), and whether or not it’s shared or private.
  • RamInspector
    This is the primary interface used by the crate to search through, read, and modify an arbitrary processes’ memory and code.
  • ResumeHandle
    A handle obtained by calling the RamInspector::resume_process method that re-pauses the target process when dropped, assuming no other handles for the process currently exist. See the docs of that method for more information.

Enums

  • RamInspectError
    The error type for this library. The variants have self-explanatory names.

Functions

  • find_processes
    Finds a list of all processes containing a given search term in their program name. This makes figuring out the process ID of the process you want to inspect or inject shellcode into easier.