Expand description
wraith-rs: Safe abstractions for Windows PEB/TEB manipulation
This library provides high-level, safe APIs for interacting with Windows process internals, including:
- PEB/TEB structure access with version-aware field offsets
- Module enumeration and querying
- Module unlinking from PEB lists
- Manual PE mapping (LoadLibrary bypass)
- Direct/indirect syscall invocation
- Hook detection and removal
- Anti-debug techniques
§Feature Flags
std(default): Use the standard library. Disable forno_stdenvironments.alloc: Enable heap allocation inno_stdmode (requires an allocator).
Re-exports§
pub use error::Result;pub use error::WraithError;pub use structures::Peb;pub use structures::Teb;pub use version::WindowsRelease;pub use version::WindowsVersion;
Modules§
- arch
- Architecture detection and segment register access
- error
- Unified error types for wraith-rs
- km
- Kernel-mode driver support for wraith-rs
- km_
client - Usermode client for kernel driver communication
- manipulation
- Manipulation primitives for PE loading, module hiding, syscalls, hooks, and anti-debug
- navigation
- Navigation abstractions for PEB data structures
- structures
- Windows internal structure definitions
- util
- Shared utilities
- version
- Windows version detection and release mapping
Macros§
- define_
ioctl_ handler - macro to define IOCTL handler
- driver_
entry - macro to generate driver entry boilerplate
- hash
- compile-time hash macro
- ioctl_
dispatcher - macro to create IOCTL dispatcher
- unicode_
str - helper macro to create static unicode strings
Constants§
- VERSION
- library version