search

rdbo / libmem

Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External) (Assembler/Disassembler)
GNU Affero General Public License v3.0
764 stars 92 forks source link

Hey buddy, I need to update to your latest API. Can you provide the latest header files and DLL files? #136

Closed ytrsoft closed 7 months ago

ytrsoft commented 1 year ago

import com.sun.jna.Native; import com.sun.jna.ptr.IntByReference; import com.sun.jna.ptr.PointerByReference; import com.sun.jna.win32.StdCallLibrary; import com.sun.jna.win32.W32APIOptions;

public interface Libmem extends StdCallLibrary {

Libmem INSTANCE = Native.load("libmem", Libmem.class, W32APIOptions.DEFAULT_OPTIONS);

boolean LM_EnumProcesses(LMProcessCallback callback);

boolean LM_GetProcess(LMProcess process);

boolean LM_GetProcessEx(int pid, LMProcess process);

boolean LM_FindProcess(byte[] name, LMProcess process);

boolean LM_IsProcessAlive(LMProcess process);

void LM_GetSystemBits(IntByReference bits);

boolean LM_EnumThreads(LMThreadCallback callback);

boolean LM_EnumThreadsEx(LMProcess process, LMThreadCallback callback);

boolean LM_GetThread(LMThread thread);

boolean LM_GetThreadEx(LMProcess process, LMThread thread);

boolean LM_GetThreadProcess(LMThread thread, LMProcess process);

boolean LM_EnumModules(LMModuleCallback callback);

boolean LM_EnumModulesEx(LMProcess process, LMModuleCallback callback);

boolean LM_FindModule(String name, LMModule module);

boolean LM_FindModuleEx(LMProcess process, String name, LMModule module);

boolean LM_LoadModule(String path);

boolean LM_LoadModuleEx(LMProcess process, String path, LMModule module);

boolean LM_UnloadModule(LMModule module);

boolean LM_UnloadModuleEx(LMProcess process, LMModule module);

boolean LM_EnumSymbols(LMModule module, LMSymbolCallback callback);

boolean LM_FindSymboladdr(LMSymbol symbol);

boolean LM_EnumPages(LMPageCallback callback);

boolean LM_EnumPagesEx(LMProcess process, LMPageCallback callback);

boolean LM_GetPage(int addr, LMPage page);

boolean LM_GetPageEx(LMProcess process, int addr, LMPage page);

boolean LM_ReadMemory(int src, IntByReference dst, int size);

boolean LM_ReadMemoryEx(LMProcess process, int src, IntByReference dst, int size);

boolean LM_WriteMemory(int dst, IntByReference src, int size);

boolean LM_WriteMemoryEx(LMProcess process, int dst, IntByReference src, int size);

boolean LM_SetMemory(int dst, char ch, int size);

boolean LM_SetMemoryEx(LMProcess process, int dst, char ch, int size);

boolean LM_ProtMemory(int addr, int size, int prot, IntByReference prev);

boolean LM_ProtMemoryEx(LMProcess process, int addr, int size, int prot, IntByReference prev);

boolean LM_AllocMemory(int size, int prot);

boolean LM_AllocMemoryEx(LMProcess process, int size, int prot);

boolean LM_FreeMemory(int alloc, int size);

boolean LM_FreeMemoryEx(LMProcess process, int alloc, int size);

boolean LM_DataScan(byte[] data, int size, int addr, int scanSize);

boolean LM_DataScanEx(LMProcess process, byte[] data, int size, int addr, int scanSize);

boolean LM_PatternScan(byte[] pattern, String mask, int addr, int scanSize);

boolean LM_PatternScanEx(LMProcess process, byte[] pattern, String mask, int addr, int scanSize);

boolean LM_SigScan(String sig, int addr, int scanSize);

boolean LM_SigScanEx(LMProcess process, String sig, int addr, int scanSize);

boolean LM_HookCode(int from, int to, IntByReference ptrampoline);

boolean LM_HookCode(LMProcess process, int from, int to, IntByReference ptrampoline);

boolean LM_UnhookCode(int from, int trampoline, int size);

boolean LM_UnhookCodeEx(LMProcess process, int from, int trampoline, int size);

boolean LM_Assemble(String code, LMInst inst);

boolean LM_AssembleEx(String code, int bits, int runtime_addr, LMInst inst, byte[] pcodebuf);

boolean LM_FreeCodeBuffer(byte[] pcodebuf);

boolean LM_Disassemble(int code, LMInst inst);

boolean LM_DisassembleEx(int code, int size, int count, int runtime_addr, PointerByReference inst);

boolean LM_FreeInstructions(LMInst inst);

boolean LM_CodeLength(int code, int minlength);

boolean LM_CodeLengthEx(LMProcess process, int code, int minlength);

boolean LM_VmtNew(IntByReference vtable, LMVmt vmt);

boolean LM_VmtHook(LMVmt vmt, int index, int dst);

boolean LM_VmtUnhook(LMVmt vmt, int index);

boolean LM_VmtGetOriginal(LMVmt vmt, int index);

boolean LM_VmtReset(LMVmt vmt);

boolean LM_VmtFree(LMVmt vmt);

}

rdbo commented 1 year ago

Working on it

ytrsoft commented 1 year ago

I've roughly tried some code, and there's a significant issue with the passing of string values my code: https://github.com/ytrsoft/jmem/tree/main/src/main/java/com/ytrsoft

rdbo commented 1 year ago

I've roughly tried some code, and there's a significant issue with the passing of string values my code: https://github.com/ytrsoft/jmem/tree/main/src/main/java/com/ytrsoft

Strings are a bit problematic on Windows. You have two types of strings, char *s (Multibyte) and wchar_t *s (Unicode). The default string is picked based on how you compiled libmem (with or without _UNICODE). Another possible issue (which I think is the most likely one), is that Java strings are not null terminated. I didn't look your code very deeply, but since you're receiving a byte[], you can just push the value 0 before passing it to libmem to append the null terminator, making it become a C string.

ytrsoft commented 1 year ago

for example

the returned path field is not a complete path

i dont understand

import com.sun.jna.Native;

public class MainClass { public static void main(String[] args) { Libmem.INSTANCE.LM_EnumProcesses(process -> { System.out.println(Native.toString(process.path)); return true; }); } }

output: ws\System32\conhost.exe ws\System32\sihost.exe ws\System32\svchost.exe am Files (x86)\Alibaba\wuying\1.3.1-R-20230619.223451\dasd\AspDriveService.exe ws\System32\svchost.exe ws\System32\conhost.exe ws\System32\taskhostw.exe ws\System32\ctfmon.exe am Files\Common Files\microsoft shared\ink\TabTip.exe am Files (x86)\Common Files\microsoft shared\Ink\TabTip32.exe ws\explorer.exe ws\System32\InputMethod\CHS\ChsIME.exe ws\System32\smartscreen.exe ws\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe ws\System32\RuntimeBroker.exe ws\System32\RuntimeBroker.exe ws\System32\RuntimeBroker.exe ws\System32\ApplicationFrameHost.exe ws\System32\dllhost.exe am Files (x86)\letsvpn\app-3.3.2\LetsPRO.exe ws\System32\svchost.exe ws\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe am Files\JetBrains\IntelliJ IDEA 2023.2\bin\idea64.exe am Files\JetBrains\IntelliJ IDEA 2023.2\bin\fsnotifier.exe ws\System32\conhost.exe am Files\JetBrains\IntelliJ IDEA 2023.2\jbr\bin\java.exe ws\System32\conhost.exe am Files\Java\jdk-1.8\bin\java.exe ws\System32\conhost.exe am Files\JetBrains\IntelliJ IDEA 2023.2\bin\idea64.exe am Files\JetBrains\IntelliJ IDEA 2023.2\bin\idea64.exe am Files\JetBrains\IntelliJ IDEA 2023.2\bin\idea64.exe am Files\JetBrains\IntelliJ IDEA 2023.2\bin\idea64.exe am Files\JetBrains\IntelliJ IDEA 2023.2\jbr\bin\java.exe ws\System32\conhost.exe am Files\Java\jdk-1.8\bin\java.exe ws\System32\conhost.exe

rdbo commented 1 year ago

@ytrsoft I think your structure might be missaligned. Check if the other fields before the path are returning the correct values.

rdbo commented 7 months ago

New binary releases at: https://github.com/rdbo/libmem/releases Closing for inactivity