pub fn find_processes(name_contains: &str) -> Vec<i32>Expand description
Finds a list of all processes containing a given search term in their program name. This makes figuring out the process ID of the process you want to inspect or inject shellcode into easier.
Examples found in repository?
examples/firefox_search.rs (line 11)
8fn main() {
9 use raminspect::RamInspector;
10 // Iterate over all running Firefox instances
11 for pid in raminspect::find_processes("/usr/lib/firefox/firefox") {
12 let mut inspector = match RamInspector::new(pid) {
13 Ok(inspector) => inspector,
14 Err(_) => continue,
15 };
16
17 for (proc_addr, memory_region) in inspector.search_for_term(b"Old search text").unwrap() {
18 if !memory_region.writable() {
19 continue;
20 }
21
22 unsafe {
23 // This is safe because modifying the text in the Firefox search bar will not crash
24 // the browser or negatively impact system stability in any way.
25
26 println!("Writing to process virtual address: 0x{:X}", proc_addr);
27 inspector.queue_write(proc_addr, b"New search text");
28 }
29 }
30
31 unsafe {
32 // This is safe since the process is not currently resumed, which would possibly cause a data race.
33 inspector.flush().unwrap();
34 }
35 }
36}