Memory hacking library for windows.

Related tags

Security tools radon
Overview

Radon

Memory hacking library for windows.

Instalation

[dependencies.radon]
git = "https://github.com/sy1ntexx/radon"

Opening processes

use radon::types::access_rights::PROCESS_ALL_ACCESS;
use radon::process as ps;

let process = ps::Processes::new()?
    .find(|p| p.sz_exe_file == "Process name.exe")
    .unwrap()
    .open(false, PROCESS_ALL_ACCESS)?;

Modules iterating

let process = get_process();
process
    .modules()?
    .for_each(|m| dbg!(m));

Reading / Writing memory

let process = get_process();
let mut value = process.read_process_memory::<u32>(0xFF)?;
value += 100;

process.write_process_memory(0xFF, value)?;

Allocating / Freeing / Protecting / Querying memory

use radon::types::protection_flags::{PAGE_EXECUTE_READWRITE, PAGE_READONLY};
use radon::types::allocation_types::{MEM_COMMIT, MEM_RESERVE};
use radon::types::free_types::MEM_RELEASE;

let process = get_process();
let mut chunk = process.virtual_allocate(
    0,
    1000,
    MEM_COMMIT | MEM_RESERVE,
    PAGE_EXECUTE_READWRITE
)?;
let info = process.virtual_query(chunk)?;

process.virtual_protect(chunk, 1000, PAGE_READONLY)?;
process.virtual_free(chunk, 0, MEM_RELEASE)?;

Searching for patterns

use radon::pattern::Pattern;

let process = get_process();
let address = process.find_pattern(
    "Something.exe",
    // Available styles: IDA, Code, PiDB
    Pattern::from_ida_style("48 89 85 F0 00 00 00 4C 8B ? ? ? ? ? 48 8D")
)?;

Macros

use radon::{interface, xstruct};

struct CEntity;

// Creates a trait that will emulate behavior of virtual functions in C++.
interface! {
    trait IEntity {
        0 @ fn get_health() -> u32;
        1 @ fn set_health(new_value: u32);
    }
    impl for CEntity;
    /*
    class IEntity {
        virtual int get_health() = 0;
        virtual void set_health(int new_value) = 0;
    };
    */
}

// Creates struct with explicitly defined offsets.
xstruct! {
    struct CPlayer {
        // health will be availble at offset 0x100
        0x100 @ health: u32,
        // stamina will be availble at offset 0x100
        0x250 @ stamina: f32
    }
}
You might also like...
Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.
Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with 3 for pentesters. Written in Rust.

Ronflex Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with 3 for penteste

null 5 Apr 17, 2023
A simple allocator written in Rust that manages memory in fixed-size chunks.

Simple Chunk Allocator A simple no_std allocator written in Rust that manages memory in fixed-size chunks/blocks. Useful for basic no_std binaries whe

Philipp Schuster 7 Aug 8, 2022
Using fibers to run in-memory code in a different and stealthy way.
Using fibers to run in-memory code in a different and stealthy way.

Description A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechan

Kurosh Dabbagh Escalante 121 Apr 20, 2023
CVEs for the Rust standard library

Rust CVE Preface This is a list of CVEs for unsound APIs in the Rust standard library. These bugs break Rust's memory safety guarantee and lead to sec

Yechan Bae 26 Dec 4, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode
unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode

unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode. It is essentially a reimplementation of the Python VM with taint tracking.

Lander Brandt 171 Dec 14, 2022
Rust library for developing safe canisters.

IC Kit This library provides an alternative to ic-cdk that can help developers write canisters and unit test them in their Rust code. Install Add this

Psychedelic 26 Nov 28, 2022
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Xori - Custom disassembly framework Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and pro

ENDGAME 712 Nov 28, 2022
QuickCheck bug hunting in Rust standard library data structures

BugHunt, Rust This project is aiming to provide "stateful" QuickCheck models for Rust's standard library. That is, we build up a random list of operat

Brian L. Troutwine 161 Dec 15, 2022
Comments
  • THREADSTACK0 address for process

    THREADSTACK0 address for process

    When working with cheatengine, you can come across a token called THREADSTACK0.

    THREADSTACK0 is explained here: https://forum.cheatengine.org/viewtopic.php?p=5487976#5487976

    Does this library have anything similar to address offsets for modifying memory after game restarts?

    opened by tqwewe 3
Owner
sy1ntexx
sy1ntexx
GitHub
Custom memory allocator that helps discover reads from uninitialized memory

libdiffuzz: security-oriented alternative to Memory Sanitizer This is a drop-in replacement for OS memory allocator that can be used to detect uses of

Sergey 155 Dec 3, 2022
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

LibAFL, the fuzzer library. Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust. LibAFL is written and main

Advanced Fuzzing League ++ 1.2k Jan 6, 2023
Binary coverage tool without binary modification for Windows

Summary Mesos is a tool to gather binary code coverage on all user-land Windows targets without need for source or recompilation. It also provides an

null 381 Dec 22, 2022
Rapidly Search and Hunt through Windows Event Logs

Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows

F-Secure Countercept 1.8k Dec 28, 2022
A tiny program that locates and extracts public save files from Windows to your local directory!

Save Game Extractor | Download Save Game Extractor is a tool that automatically locates and copies save files for Windows games in public directories.

popcar2 6 Dec 23, 2021
Rslide - A web service that allows you to move through multiple html pages in the browser like a slide, even without focusing on the app console or the browser. Currently only supports Windows.

rslide rslide is a web service that allows you to move through multiple html pages in the browser like a slide, even without focusing on the app conso

Jason Dongheng Lee 3 Jan 1, 2022
A Rust program to control bias lighting on Linux and Windows.

displaylight_rs This Rust workspace is a rewrite of my DisplayLight project. It colors leds mounted behind the monitor with the colors shown on the di

Ivor Wanders 2 Sep 25, 2022
Checks whether the process is running as root/sudo/admin permission in Windows and Unix systems

Is_sudo Checks if program is running as sudo in unix systems, or using admin permission in windows. Usage use is_sudo::check; use is_sudo::RunningAs;

Spark 2 Aug 12, 2022
Single stub direct and indirect syscalling with runtime SSN resolving for windows.

RUST_SYSCALLS Single stub direct and indirect syscalling with runtime SSN resolving for windows. Features: One single line for all your syscalls Funct

Yxel 81 Dec 4, 2022
A small oscilloscope UI for the Owon HDS series portable oscilloscopes (Windows 10+, x86_64 only)

owowon - A small oscilloscope UI for the Owon HDS series portable oscilloscopes Screenshot of the program, reading a 10 MHz sinewave generated by the

Dennis Duda 7 Jan 22, 2023