A process memory reader and debugger for Windows (x86_64)

Overview

Gopher

Winreader

Winreader is a process memory reader and debugger for Windows, implemented and developed in the Rust language, using the official Microsoft Rust API.

Winreader is able to return information such as: process path, memory address, buffer address and size of allocated memory

Process Path Memory Address
Stack Value Allocated Memory (MiB)
Dependencies (DLLs, modules), that the process is using Value of assembly Registers (x86_64) in frame

Usage

All information you need to use winreader is the PID (Process Identifier) ​​of the program that will be read, you can use Windows Task Manager or PowerShell's tasklist command.

winreader --help
winreader: Read buffer memory in processes on Windows

Usage: winreader.exe [PID]

Arguments:
  [PID]  Program Process Identifier

Options:
  -h, --help     Print help
  -V, --version  Print version

A file called WINREADER-DATE.txt will be created inside the directory where the winreader.exe is located, with all buffer memory information.

TODO

Tool Description
GUI Intent to move software from CLI to GUI, using WinAPI.

PRs are very welcome!

Install

The purpose and main focus of winreader is only for Windows NT operating system, to install it you will need rust:

Or you can just download the release executable:

Also the project is on crates.io:

cargo install winreader

License

Winreader is licensed under the MIT License - see the LICENSE.md file for details


You might also like...
Proof-of-concept for a memory-efficient data structure for zooming billion-event traces

Proof-of-concept for a gigabyte-scale trace viewer This repo includes: A memory-efficient representation for event traces An unusually simple and memo

This crate allows to generate a flat binary with the memory representation of an ELF.

flatelf Library This crate allows to generate a flat binary with the memory representation of an ELF. It also allows to generate a FLATELF with the fo

High concurrency, RealTime, In-memory storage inspired by erlang mnesia
High concurrency, RealTime, In-memory storage inspired by erlang mnesia

DarkBird is a Document oriented, high concurrency in-memory Storage, also persist data to disk to avoid loss any data The darkbird provides the follow

A additional Rust compiler pass to detect memory safe bugs of Rust programs.

SafeDrop A additional Rust compiler pass to detect memory safe bugs of Rust programs. SafeDrop performs path-sensitive and field-sensitive inter-proce

A small in-memory key value database for rust

SmollDB Small in-memory key value database for rust This is a small in-memory key-value database, which can be easly backed up in a file or stream and

Linked Atomic Random Insert Vector: a thread-safe, self-memory-managed vector with no guaranteed sequential insert.
Linked Atomic Random Insert Vector: a thread-safe, self-memory-managed vector with no guaranteed sequential insert.

Linked Atomic Random Insert Vector Lariv is a thread-safe, self-memory-managed vector with no guaranteed sequential insert. It internally uses a linke

A Rust implementation of HyperLogLog trying to be parsimonious with memory.

🧮 HyperLogLog-rs This is a Rust library that provides an implementation of the HyperLogLog (HLL) algorithm, trying to be parsimonious with memory. Wh

Vemcache is an in-memory vector database.

Vemcache Vemcache is an in-memory vector database. Vemcache can be thought of as the Redis equivalent for vector databases. Getting Started Prerequisi

Super-simple, fully Rust powered
Super-simple, fully Rust powered "memory" (doc store + semantic search) for LLM projects, semantic search, etc.

memex Super simple "memory" for LLM projects, semantic search, etc. Running the service Note that if you're running on Apple silicon (M1/M2/etc.), it'

Releases(v2.0.0)
Owner
Nip it in The Bud.
null
Business Process eXecution Engine

BPXE (Business Process eXecution Engine) BPMN 2.0 based business process execution engine implemented in Rust. BPMN stands for Business Process Model

BPXE 36 Oct 28, 2022
A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models you subscribe to on Onlyfans.

OF-notifier A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models

Gentlemen Mercenary 10 Dec 20, 2022
Support SIMD low-memory overhead and high-performance adaptive radix tree.

Artful Artful is an adaptive radix tree library for Rust. At a high-level, it's like a BTreeMap. It is based on the implementation of paper, see The A

future 3 Sep 7, 2022
🧪 The versatile and intuitive memory hacking framework.

?? hax ?? About hax is a Rust crate designed to make memory hacking, game hacking, cheat development, and any other low level memory based development

null 16 Dec 18, 2022
Library and proc macro to analyze memory usage of data structures in rust.

Allocative: memory profiler for Rust This crate implements a lightweight memory profiler which allows object traversal and memory size introspection.

Meta Experimental 19 Jan 6, 2023
RcLite: small, fast, and memory-friendly reference counting for Rust

RcLite: small, fast, and memory-friendly reference counting RcLite is a lightweight reference-counting solution for Rust that serves as an alternative

Khashayar Fereidani 147 Apr 14, 2023
Rust library for concurrent data access, using memory-mapped files, zero-copy deserialization, and wait-free synchronization.

mmap-sync mmap-sync is a Rust crate designed to manage high-performance, concurrent data access between a single writer process and multiple reader pr

Cloudflare 97 Jun 26, 2023
x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec

Rust Crypter x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec Usage Put your Portable Executable in /crypt/ and renam

Daniel Ballard 10 May 28, 2023
Idiomatic Rust implementations for various Windows string types (like UNICODE_STRING)

nt-string by Colin Finck <[email protected]> Provides idiomatic Rust implementations for various Windows string types: NtUnicodeString (with NtUnicode

Colin Finck 5 Jun 4, 2023
A skeleton WinRT component that can serve as a substitute for the Region Policy Evaluator in Windows.

Region Policy Evaluator Skeleton A skeleton WinRT component that can serve as a substitute for the Region Policy Evaluator in Windows. Please note tha

Rafael Rivera 3 Nov 20, 2023