Skip to content
/ faithe Public
forked from awsassets/radon

Memory hacking library for windows.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rs0d/faithe

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

113 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Faithe

Memory hacking library for windows.

Warning

Unsafe code ahead!

This library's internals may not mark some frequently used public api methods as unsafe although they may cause undefined behavior if used incorrectly. This is especially true for macros.

Installation

# Latest version
[dependencies]
faithe = "0.8.0"

# Development, most up-to-date version
[dependencies.faithe]
git = "https://github.com/sy1ntexx/faithe"

Opening processes

use faithe::types::access_rights::PROCESS_ALL_ACCESS;
use faithe::process as ps;

let process = ps::Processes::new()?
    .find(|p| p.sz_exe_file == "Process name.exe")
    .unwrap()
    .open(false, PROCESS_ALL_ACCESS)?;

Modules iterating

let process = get_process();
process
    .modules()?
    .for_each(|m| dbg!(m));

Reading / Writing memory

let process = get_process();
let mut value = process.read::<u32>(0xFF)?;
value += 100;

process.write(0xFF, value)?;

Allocating / Freeing / Protecting / Querying memory

use faithe::types::allocation_types::{MEM_COMMIT, MEM_RESERVE};
use faithe::types::free_types::MEM_RELEASE;
use faithe::memory::MemoryProtection;

let process = get_process();
let mut chunk = process.allocate(
    0,
    1000,
    MEM_COMMIT | MEM_RESERVE,
    MemoryProtection::READ_WRITE_EXECUTE
)?;
let info = process.query(chunk)?;

process.protect(chunk, 1000, MemoryProtection::Read)?;
process.free(chunk, 0, MEM_RELEASE)?;

Searching for patterns

use faithe::pattern::Pattern;

let process = get_process();
let address = process.find_pattern(
    "Something.exe",
    // Available styles: IDA, Code, PiDB
    Pattern::from_ida_style("48 89 85 F0 00 00 00 4C 8B ? ? ? ? ? 48 8D")
)?;

Macros

use faithe::{interface, xstruct};

// Creates a trait that will emulate behavior of virtual functions in C++.
struct CPlayer;
faithe::interface! {
    trait IEntity(CPlayer) {
        extern "C" fn get_health() -> i32 = 0;
        extern "C" fn set_health(new: i32) = 1;
    }
}
/*
C++ Equivalent
class CPlayer {
    virtual int get_health() = 0;
    virtual void set_health(int new_value) = 0;
};
*/

// Creates a function with explicitly defined RVA relative to some module.
faithe::function! {
    // Explicitly defined RVA offset relative to `01-hello` module.
    FUNC: extern "C" fn(a: i32) = "01-hello.exe"@0x1900;
}
FUNC.call(5);

faithe::global! {
    extern count: i32 = "01-hello.exe"%"8B ? ? ? ? ? 05 AD DE";
}

About

Memory hacking library for windows.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%