Crate raminspect
source ·Expand description
raminspect is a crate that allows for the inspection and manipulation of the memory and code of a running process on a Linux system. It provides functions for finding and replacing search terms in a processes’ memory, as well as an interface that allows for the injection of arbitrary shellcode running in the processes’ context. All of this requires root privileges, for obvious reasons.
Structs
- A description of a memory region spanning any given address range with information about its start address, its access permissions (i.e. whether it’s readable, writable, and/or executable), and whether or not it’s shared or private.
- This is the primary interface used by the crate to search through, read, and modify an arbitrary processes’ memory and code.
- A handle obtained by calling the
RamInspector::resume_process
method that re-pauses the target process when dropped, assuming no other handles for the process currently exist. See the docs of that method for more information.
Enums
- The error type for this library. The variants have self-explanatory names.
Functions
- Finds a list of all processes containing a given search term in their program name. This makes figuring out the process ID of the process you want to inspect or inject shellcode into easier.