https://discord.com/invite/Qw8jsPD99X
This project is licensed under the GNU AGPLv3.0
Read LICENSE for more information
libmem can:
- Find Processes
- Find Modules
- Find Symbols
- Read/Write/Set Memory
- Allocate/Protect Memory
- Scan Memory by Pattern/Signature
- Hook/Unhook Functions
- Assemble/Dissassemble Code (JIT)
- Do VMT Hooking/Unhooking
- Load/Unload Modules
- Get Page Information
- Enumerate Process Threads
And much more!
For more examples and API manual, access the documentation
```c
int main() { lmmodulet mod; lmaddresst main_sym;
LM_FindModule("mygamemodule.so", &mod);
main_sym = LM_FindSymbolAddress(&mod, "main");
printf("[*] Module Name: %s\n", mod.name);
printf("[*] Module Path: %s\n", mod.path);
printf("[*] Module Base: %p\n", mod.base);
printf("[*] Module Size: %p\n", mod.size);
printf("[*] Module End: %p\n", mod.end);
printf("[*] Main Addr: %p\n"), main_sym);
return 0;
} ```
```rust use libmem::*;
fn some_function() { // ... }
fn hksomefunction() { // ... }
fn main() { // reading/writing memory let number : i32 = 0; let numberaddr = &number as *const i32 as lmaddresst; let value : i32 = 1337; LMWriteMemory(numberaddr, &value).unwrap(); // write 1337 to number let readnumber : i32 = LMReadMemory(numberaddr).unwrap(); println!("[*] Number Value: {}", read_number); // it will show 1337
// hooking/detouring functions
let func_addr = some_function as *const () as lm_address_t;
let hk_addr = hk_some_function as *const () as lm_address_t;
println!("[*] Hooking 'some_function'");
println!("[*] Original Address: {:#x}", func_addr);
let trampoline = LM_HookCode(func_addr, hk_addr).unwrap();
println!("[*] Trampoline: {:#x?}", trampoline);
some_function(); // this will call 'hk_some_function'
// restore the original code from 'some_function'
LM_UnhookCode(some_function_addr, trampoline).unwrap();
println!("[*] Unhooked 'some_function'");
some_function(); // call 'some_function' to see if it has been unhooked
}
```
```py from libmem import *
print("[*] Assembly") inst = LM_Assemble("mov eax, ebx") print(f"{code} : {inst.bytes}")
print("[*] Disassembly:") inst = LMDisassemble(bytearray(b"\x55")) print(f"{inst.bytes} : {inst.mnemonic} {inst.opstr}") ```
Note: If you download a binary version of libmem in the GitHub releases, you only need to install the Windows SDK. Building is not necessary, just add libmem/include to your project's include directories and link it against the binary you downloaded.
Install the Windows SDK: Windows 7 - Windows 10/11
Install Python 3 (Check the option to add Python to PATH) (Use Python 3.8.9 for Windows 7)
Install Visual Studio 2022 or newer (with C++ support and CMake) (older versions might work, but they were not tested)
Install CMake
Install Git Bash
Run a Visual Studio Developer Command Prompt as Administrator
Run the following command to append libmem's destination directory to your %PATH% user variable:
setx PATH "%PATH%;%ProgramFiles%\libmem\include;%ProgramFiles%\libmem\lib"
Continue reading at Build and Install
Note: The following commands are for Debian/Ubuntu based distributions. Make sure to find the appropriate commands for your Linux distribution.
Open a terminal
Install GCC, G++, Git, CMake, Make, Python 3, and the Linux headers:
sudo apt install gcc g++ git cmake make python3 linux-headers
Continue reading at Build and Install
Install GCC, G++, Git and CMake (run as root):
pkg install gcc g++ git cmake make python3
Continue reading at Build and Install
Note: Run the following commands on Git Bash (Windows) or a terminal (Linux/FreeBSD).
Clone the repository:
git clone https://github.com/rdbo/libmem
Initialize and update the submodules:
git submodule init
git submodule update
Generate the CMake cache:
mkdir build
cd build
cmake .. -DCMAKE_BUILD_TYPE=Release
Compile libmem:
Windows: nmake
Unix-like: make -j 4
Install libmem (run as root or as Administrator):
Windows: nmake install
Unix-like: make install
After installing, follow the the proper Usage section for your programming language
Add #include <libmem/libmem.h> (C/C++) or #include <libmem/libmem.hpp> (C++) to your source code.
Link the generated libmem library against your binary (libmem.so for Unix-like or libmem.dll for Windows).
For GCC-like compilers: add the flag -llibmem to your compiler and it should link it.
```c
```
Add the following line to your Cargo.toml under [dependencies]:
toml
libmem = "0.1"
Import libmem in your Rust source code:
rust
use libmem::*;
Make sure to have Python >= 3.6 active
Either install the libmem package from PyPi by running the following command:
pip install --upgrade libmem
Or build and install it yourself by running the following commands:
cd libmem-py
python configure.py
python setup.py install
Now to import libmem, just do the following in your Python code:
py
from libmem import *
All: - capstone (included in root project) - keystone (included in root project) - LIEF (included in root project) - libstdc++ (used in keystone and LIEF) - libmath (used in keystone)
Windows:
- Windows SDK (-luser32, -lpsapi)
Linux/Android:
- libdl (-ldl)
BSD:
- libdl (-ldl)
- libkvm (-lkvm)
- libprocstat (-lprocstat)
- libelf (-lelf)
``` LMEnumProcesses LMGetProcess LMGetProcessEx LMFindProcess LMIsProcessAlive LMGetSystemBits
LMEnumThreads LMEnumThreadsEx LMGetThread LMGetThreadEx LM_GetThreadProcess
LMEnumModules LMEnumModulesEx LMFindModule LMFindModuleEx LMLoadModule LMLoadModuleEx LMUnloadModule LMUnloadModuleEx
LMEnumSymbols LMFindSymbolAddress
LMEnumPages LMEnumPagesEx LMGetPage LMGetPageEx
LMReadMemory LMReadMemoryEx LMWriteMemory LMWriteMemoryEx LMSetMemory LMSetMemoryEx LMProtMemory LMProtMemoryEx LMAllocMemory LMAllocMemoryEx LMFreeMemory LMFreeMemoryEx
LMDataScan LMDataScanEx LMPatternScan LMPatternScanEx LMSigScan LMSigScanEx
LMHookCode LMHookCodeEx LMUnhookCode LMUnhookCodeEx
LMAssemble LMAssembleEx LMFreeCodeBuffer LMDisassemble LMDisassembleEx LMFreeInstructions LMCodeLength LMCodeLengthEx ```
Made with libmem:
-
-
-
-
-
-
-