Expand description
wraith-rs: Safe abstractions for Windows PEB/TEB manipulation
This library provides high-level, safe APIs for interacting with Windows process internals, including:
- PEB/TEB structure access with version-aware field offsets
- Module enumeration and querying
- Module unlinking from PEB lists
- Manual PE mapping (LoadLibrary bypass)
- Direct/indirect syscall invocation
- Hook detection and removal
- Anti-debug techniques
Re-exports§
pub use error::Result;pub use error::WraithError;pub use structures::Peb;pub use structures::Teb;pub use version::WindowsRelease;pub use version::WindowsVersion;
Modules§
- arch
- Architecture detection and segment register access
- error
- Unified error types for wraith-rs
- manipulation
- Manipulation primitives for PE loading, module hiding, syscalls, hooks, and anti-debug
- navigation
- Navigation abstractions for PEB data structures
- structures
- Windows internal structure definitions
- util
- Shared utilities
- version
- Windows version detection and release mapping
Macros§
- hash
- compile-time hash macro
Constants§
- VERSION
- library version