kiwi

package module
v0.0.0-...-214591e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2020 License: MIT Imports: 10 Imported by: 0

README

Kiwi

GoDoc

A package for memory editing in go.

Current Features

  • Reading and Writing with support for [uint & int 8, 16, 32, 64] [float 32, 64] data types
  • Support for Windows and Linux(assuming /proc/ directory exists.)

Future plans

  • Pattern scanning for bytecode
  • Call remote functions via injected assembly
  • Hooking functions via injected assembly
  • Setting breakpoints via windows debugging api
  • Mono runtime features (if hooking and remote functions are possible)

Installation

go get github.com/Andoryuuta/kiwi

Usage

package main

import (
	"log"

	"github.com/Andoryuuta/kiwi"
)

func main() {
	// The memory address of variable inside of target process.
	externVarAddr := uintptr(0x001A51E8)

	// Find the process from the executable name.
	proc, err := kiwi.GetProcessByFileName("example.exe")
	if err != nil {
		log.Fatalln("Error while trying to find process.")
	}

	// Read from the target process.
	externVar, err := proc.ReadUint32(externVarAddr)
	if err != nil {
		log.Fatalln("Error while trying to read from target process.")
	}

	// Output the variable we read.
	log.Println("Read", externVar)

	// Write a new value of 1000 to the variable
	err = proc.WriteUint32(externVarAddr, 1000)
	if err != nil {
		log.Fatal(err)
	}
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ProcPlatAttribs 

type ProcPlatAttribs struct {
}

Platform specific fields to be embedded into the Process struct.

type Process 

type Process struct {
	// Embedded struct for platform specific fields
	ProcPlatAttribs

	// Platform independent process details
	PID uint64
}

Process holds general information about the process, as well as embedding the struct ProcPlatAttribs which contains platform-specific data such as Windows process handles, linux `/proc` file handles, etc.

func GetProcessByFileName 

func GetProcessByFileName(fileName string) (Process, error)

GetProcessByFileName returns the process with the given file name. If multiple processes have the same filename, the first process enumerated by this function is returned.

func GetProcessByPID 

func GetProcessByPID(PID int) (Process, error)

GetProcessByPID returns the process with the given PID.

func (*Process) ReadBytes 

func (p *Process) ReadBytes(addr uintptr, size int) ([]byte, error)

ReadBytes reads a slice of bytes.

func (*Process) ReadFloat32 

func (p *Process) ReadFloat32(addr uintptr) (float32, error)

ReadFloat32 reads a float32.

func (*Process) ReadFloat64 

func (p *Process) ReadFloat64(addr uintptr) (float64, error)

ReadFloat64 reads a float64

func (*Process) ReadInt16 

func (p *Process) ReadInt16(addr uintptr) (int16, error)

ReadInt16 reads an int16.

func (*Process) ReadInt32 

func (p *Process) ReadInt32(addr uintptr) (int32, error)

ReadInt32 reads an int32.

func (*Process) ReadInt64 

func (p *Process) ReadInt64(addr uintptr) (int64, error)

ReadInt64 reads an int64

func (*Process) ReadInt8 

func (p *Process) ReadInt8(addr uintptr) (int8, error)

ReadInt8 reads an int8.

func (*Process) ReadNullTerminatedUTF16String 

func (p *Process) ReadNullTerminatedUTF16String(addr uintptr) (string, error)

ReadNullTerminatedUTF16String reads a null-termimated UTF16 string. Respects BOM, assumes little endianess if no BOM is present.

func (*Process) ReadNullTerminatedUTF8String 

func (p *Process) ReadNullTerminatedUTF8String(addr uintptr) (string, error)

ReadNullTerminatedUTF8String reads a null-termimated UTF8 string.

func (*Process) ReadUint16 

func (p *Process) ReadUint16(addr uintptr) (uint16, error)

ReadUint16 reads an uint16.

func (*Process) ReadUint32 

func (p *Process) ReadUint32(addr uintptr) (uint32, error)

ReadUint32 reads an uint32.

func (*Process) ReadUint32Ptr 

func (p *Process) ReadUint32Ptr(addr uintptr, offsets ...uintptr) (uint32, error)

ReadUint32Ptr reads a uint32 pointer chain with offsets.

func (*Process) ReadUint64 

func (p *Process) ReadUint64(addr uintptr) (uint64, error)

ReadUint64 reads an uint64.

func (*Process) ReadUint8 

func (p *Process) ReadUint8(addr uintptr) (uint8, error)

ReadUint8 reads an uint8.

func (*Process) WriteBytes 

func (p *Process) WriteBytes(addr uintptr, v []byte) error

WriteBytes writes a slice of bytes.

func (*Process) WriteFloat32 

func (p *Process) WriteFloat32(addr uintptr, v float32) error

WriteFloat32 writes a float32.

func (*Process) WriteFloat64 

func (p *Process) WriteFloat64(addr uintptr, v float64) error

WriteFloat64 writes a float64.

func (*Process) WriteInt16 

func (p *Process) WriteInt16(addr uintptr, v int16) error

WriteInt16 writes an int16.

func (*Process) WriteInt32 

func (p *Process) WriteInt32(addr uintptr, v int32) error

WriteInt32 writes an int32.

func (*Process) WriteInt64 

func (p *Process) WriteInt64(addr uintptr, v int64) error

WriteInt64 writes an int64.

func (*Process) WriteInt8 

func (p *Process) WriteInt8(addr uintptr, v int8) error

WriteInt8 writes an int8.

func (*Process) WriteUint16 

func (p *Process) WriteUint16(addr uintptr, v uint16) error

WriteUint16 writes an uint16.

func (*Process) WriteUint32 

func (p *Process) WriteUint32(addr uintptr, v uint32) error

WriteUint32 writes an uint32.

func (*Process) WriteUint64 

func (p *Process) WriteUint64(addr uintptr, v uint64) error

WriteUint64 writes an uint64.

func (*Process) WriteUint8 

func (p *Process) WriteUint8(addr uintptr, v uint8) error

WriteUint8 writes an uint8.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.