Struct vmemory::ProcessMemory [−][src]
pub struct ProcessMemory { /* fields omitted */ }Implementations
This spawns a process suspended and has to be manually resumed via public self.resume()
On Linux, this creates a new process via fork() which maps to clone(2) depending on libc ptrace the fork and replace the current image with a new one in create_reference_process
On Windows, this calls CreateProcess with the flag CREATE_SUSPENDED
On macOS, this calls posix_spawn(2) with the flag POSIX_SPAWN_START_SUSPENDED
Accepts a file path, as well as arguments to the new process
Write the buffer (vector, identifier: data) at the address in the process
If the offset bool is set to true, then only an offset is given to this function, relative to the first mapping/module in the process.
Example, the first module is loaded at 0x00400000
offset is set to true, and _address = 5
Memory would be written at 0x00400005
If offset is false, it takes an immediate - direct address.
Read memory from the process and return a vector. If the offset bool is set to true, then only an offset is given to this function, relative to the first mapping/module in the process.
Example, the first module is loaded at 0x00400000
offset is set to true,
and _address = 5
Memory would be read from 0x00400005
If offset is false, it takes an immediate - direct address.
For example, _address = 0x00400005
Resume the process by resuming the first thread (Windows) or sending a continue signal (Unix)
Retrieve the first mapping/module loaded into memory for the process