Struct faithe::process::OwnedProcess

pub struct OwnedProcess(_);

Represents a handle to a process.

Implementations

impl OwnedProcess

pub unsafe fn from_handle(h: HANDLE) -> Self

Creates process from handle.

Safety

Passed handle must never be used/closed after its move. This structure will close handle by itself when dropped.

pub fn open_by_id(
    id: u32,
    inherit_handle: bool,
    desired_access: PROCESS_ACCESS_RIGHTS
) -> Result<Self, FaitheError>

Opens process by it’s id.

pub fn open_by_name(
    name: impl AsRef<str>,
    inherit_handle: bool,
    desired_access: PROCESS_ACCESS_RIGHTS
) -> Result<Self, FaitheError>

Searches for runing processes and opens one if found.

pub fn modules(&self) -> Result<ModuleIterator, FaitheError>

Returns an iterator over all modules in the process.

pub fn threads(&self) -> Result<ThreadIterator, FaitheError>

Returns an iterator over running threads in the process. Note Unlike Windows API, this iterator iterates only over process’s threads.

pub fn id(&self) -> u32

Returns process’s id.

pub fn image_name(&self) -> Option<String>

Retrieves process’s image file name.

Panics

If failed to get process’s name (GetProcessImageFileNameW).

pub fn regions(&self) -> MemoryRegionIter<'_>

Returns an itertor over process’s allocated memory pages

pub unsafe fn handle(&self) -> HANDLE

Returns the handle to the process.

Safety

Do not close it and you will be alright.

pub fn into_handle(self) -> HANDLE

Converts OwnedProcess into inner HANDLE.

pub fn address_module(&self, address: usize) -> Result<String, FaitheError>

Gets module that contains selected address

pub fn follow_pointer_path(
    &self,
    base: usize,
    offsets: &[usize]
) -> Result<usize, FaitheError>

Folows offsets’ path, returning a pointer to an offset after.

pub fn path(&self) -> Result<String, FaitheError>

Retrieves full path to process’s executable.

pub fn find_pattern(
    &self,
    mod_name: impl AsRef<str>,
    pat: Pattern
) -> Result<Option<usize>, FaitheError>

Searches for a specific pattern in the process’s module. Returns None if failed to find specified pattern. Otherwise returns the address of the first occurence.

pub fn read<T>(&self, address: usize) -> Result<T, FaitheError>

Reads process’s memory at address and returns read value.

pub fn read_ext<T>(
    &self,
    address: usize,
    read: &mut usize
) -> Result<T, FaitheError>

Reads process’s memory at address and returns read value and amount of bytes read.

pub fn read_buf(
    &self,
    address: usize,
    buf: impl AsMut<[u8]>
) -> Result<usize, FaitheError>

Reads process’s memory at address and copy buf.len() bytes into buffer. Returns the amount of bytes read.

pub fn write<T>(&self, address: usize, value: T) -> Result<usize, FaitheError>where
    T: Clone,

Writes process’s memory at address by copying value into the target memory. Returns the amount of bytes written.

pub fn write_ext(
    &self,
    address: usize,
    written: &mut usize,
    buf: impl AsRef<[u8]>
) -> Result<(), FaitheError>

Writes process’s memory at address by coping while buffer into the target memory. Returns the amount of bytes written.

pub fn write_buf(
    &self,
    address: usize,
    buf: impl AsRef<[u8]>
) -> Result<usize, FaitheError>

Writes process’s memory at address by copying whole buffer into the target memory. Returns the amount of bytes written.

pub fn protect(
    &self,
    address: usize,
    size: usize,
    new_protection: MemoryProtection
) -> Result<MemoryProtection, FaitheError>

Changes the protection of memory pages of the target process. For more info see microsoft documentation.

pub fn allocate(
    &self,
    address: usize,
    size: usize,
    allocation_type: VIRTUAL_ALLOCATION_TYPE,
    protection: MemoryProtection
) -> Result<usize, FaitheError>

Tries to allocate memory pages in the target process. On success returns the address of allocated region.

pub fn free(
    &self,
    address: usize,
    size: usize,
    free_type: VIRTUAL_FREE_TYPE
) -> Result<(), FaitheError>

Tries to free memory pages in the target process.

pub fn query_memory(
    &self,
    address: usize
) -> Result<MemoryBasicInformation, FaitheError>

Queries basic information about memory region at address.

pub fn create_remote_thread<T>(
    &self,
    address: usize,
    param: *const T
) -> Result<(HANDLE, u32), FaitheError>

Creates remote thread in the process. On success returns thread’s handle and it’s thread id.

pub fn module_path(&self, address: usize) -> Result<String, FaitheError>

Queries the full path to the module located by the address.

pub fn module_name(&self, address: usize) -> Result<String, FaitheError>

Queries the full path to the module located by the address.

Panics

If the name of the file is not valid UTF-16.

pub fn query(&self) -> Query<'_>

Advanced memory querying

Trait Implementations

impl Drop for OwnedProcess

fn drop(&mut self)

Executes the destructor for this type.