pub struct RemoteProcess { /* private fields */ }Expand description
wrapper for a remote process handle with memory operations
Implementations§
Source§impl RemoteProcess
impl RemoteProcess
Sourcepub fn open(pid: u32, access: ProcessAccess) -> Result<Self>
pub fn open(pid: u32, access: ProcessAccess) -> Result<Self>
open a process by PID with specified access rights
Sourcepub fn open_all_access(pid: u32) -> Result<Self>
pub fn open_all_access(pid: u32) -> Result<Self>
open a process with all access rights
Sourcepub unsafe fn from_handle(handle: usize, pid: u32) -> Self
pub unsafe fn from_handle(handle: usize, pid: u32) -> Self
create from an existing handle (does not take ownership)
§Safety
caller must ensure handle is valid and has appropriate access rights
Sourcepub unsafe fn from_handle_owned(handle: usize, pid: u32) -> Self
pub unsafe fn from_handle_owned(handle: usize, pid: u32) -> Self
create from an existing handle (takes ownership)
§Safety
caller must ensure handle is valid and has appropriate access rights
Sourcepub fn read(&self, address: usize, buffer: &mut [u8]) -> Result<usize>
pub fn read(&self, address: usize, buffer: &mut [u8]) -> Result<usize>
read memory from the remote process
Sourcepub fn read_value<T: Copy>(&self, address: usize) -> Result<T>
pub fn read_value<T: Copy>(&self, address: usize) -> Result<T>
read a typed value from the remote process
Sourcepub fn read_string(&self, address: usize, max_len: usize) -> Result<String>
pub fn read_string(&self, address: usize, max_len: usize) -> Result<String>
read a null-terminated string from the remote process
Sourcepub fn read_wstring(&self, address: usize, max_chars: usize) -> Result<String>
pub fn read_wstring(&self, address: usize, max_chars: usize) -> Result<String>
read a wide string from the remote process
Sourcepub fn write(&self, address: usize, buffer: &[u8]) -> Result<usize>
pub fn write(&self, address: usize, buffer: &[u8]) -> Result<usize>
write memory to the remote process
Sourcepub fn write_value<T: Copy>(&self, address: usize, value: &T) -> Result<usize>
pub fn write_value<T: Copy>(&self, address: usize, value: &T) -> Result<usize>
write a typed value to the remote process
Sourcepub fn allocate(&self, size: usize, protection: u32) -> Result<RemoteAllocation>
pub fn allocate(&self, size: usize, protection: u32) -> Result<RemoteAllocation>
allocate memory in the remote process
Sourcepub fn allocate_at(
&self,
preferred_base: usize,
size: usize,
protection: u32,
) -> Result<RemoteAllocation>
pub fn allocate_at( &self, preferred_base: usize, size: usize, protection: u32, ) -> Result<RemoteAllocation>
allocate memory at a preferred address
Sourcepub fn allocate_rw(&self, size: usize) -> Result<RemoteAllocation>
pub fn allocate_rw(&self, size: usize) -> Result<RemoteAllocation>
allocate RW memory
Sourcepub fn allocate_rwx(&self, size: usize) -> Result<RemoteAllocation>
pub fn allocate_rwx(&self, size: usize) -> Result<RemoteAllocation>
allocate RWX memory
Sourcepub fn allocate_rx(&self, size: usize) -> Result<RemoteAllocation>
pub fn allocate_rx(&self, size: usize) -> Result<RemoteAllocation>
allocate RX memory
Sourcepub fn protect(
&self,
address: usize,
size: usize,
protection: u32,
) -> Result<u32>
pub fn protect( &self, address: usize, size: usize, protection: u32, ) -> Result<u32>
change memory protection in the remote process
Sourcepub fn protect_guard(
&self,
address: usize,
size: usize,
new_protection: u32,
) -> Result<RemoteProtectionGuard>
pub fn protect_guard( &self, address: usize, size: usize, new_protection: u32, ) -> Result<RemoteProtectionGuard>
change protection with RAII guard that restores on drop
Sourcepub fn write_shellcode(&self, shellcode: &[u8]) -> Result<RemoteAllocation>
pub fn write_shellcode(&self, shellcode: &[u8]) -> Result<RemoteAllocation>
write shellcode and allocate executable memory
Sourcepub fn execute_shellcode(&self, shellcode: &[u8]) -> Result<u32>
pub fn execute_shellcode(&self, shellcode: &[u8]) -> Result<u32>
write and execute shellcode via remote thread