Lib.rs

Operating systemsWindows APIs
#memory #dma #forensics #pcileech #memprocfs

dmalibrary

A Rust crate that makes it easy to work with DMA cards for memory forensics and video game hacking

by Stipulations

2 releases

0.1.0 Aug 29, 2024
0.0.2 Aug 30, 2024
0.0.1 Aug 29, 2024

#75 in Windows APIs

MIT/Apache and AGPL-3.0-or-later

10KB
61 lines

DMALibrary

A crate for memory forensics and video game hacking

Features

  • Get Windows Version
  • Getting PID & Base Address
  • Patch CR3 [Untested]

ToDo

  • Sig Scanning
  • Read Memory
  • Write Memory
  • Scatter Read Memory
  • Scatter Write Memory
  • Dumping Physical Memory
  • Dumping Memory
  • Target Computer Keyboard
  • Code Cave Finder
  • Function Caller
  • Syscalling kernel functions
  • Utilities (Get Import, Get Export, Get Base Size ect)

Acknowledgements

Contributing

Contributions are always welcome!

Make a PR and ill add if it is worth adding.

Usage/Examples

use colored::*;
use dmalibrary::{find_base_address, find_process, fix_cr3, get_winver, init};
use std::{env, error::Error};

const TARGETPE: &str = "smss.exe";

fn main() -> Result<(), Box<dyn Error>> {
    let current_dir = env::current_dir()?;
    let current_dir_str = current_dir
        .to_str()
        .ok_or("Failed to convert current directory to string")?;
    let vmm_path = format!("{}\\vmm.dll", current_dir_str);
    let args = ["", "-device", "fpga"].to_vec();

    match init(vmm_path.as_str(), &args) {
        Ok(vmm) => {
            println!("{}", "Successfully initialized Vmm.".green());

            let winver = get_winver(&vmm)?;
            println!("Windows version: {:?}", winver);

            let process_pid = find_process(&vmm, TARGETPE).ok_or_else(|| {
                Box::<dyn Error>::from(format!(
                    "{}",
                    format!("Failed to find process {}", TARGETPE).red()
                ))
            })?;

            println!("PID: {}", process_pid);

            let process = vmm.process_from_pid(process_pid).map_err(|e| {
                Box::<dyn Error>::from(format!(
                    "{}",
                    format!("Failed to get process from PID: {}", e).red()
                ))
            })?;

            let base_address = find_base_address(&vmm, process_pid, TARGETPE).ok_or_else(|| {
                Box::<dyn Error>::from(format!(
                    "{}",
                    format!("Failed to find base address for {}", TARGETPE).red()
                ))
            })?;

            println!("Base address: 0x{:X}", base_address);

            let patch_cr3 = fix_cr3(&vmm, &process, TARGETPE, process_pid)?;
            if patch_cr3 {
                println!("{}", "Successfully fixed CR3 register.".green());
            } else {
                println!("{}", "Failed to fix CR3 register.".red());
                println!("{}", "Probably should reboot PC".red());
            }
        }
        Err(e) => {
            println!("{} {}", "Failed to initialize Vmm:".red(), e);
        }
    }
    Ok(())
}

Documentation

Documentation

Crates.io

Appendix

Make sure you have all the nessessary dlls like vmm.dll, leechcore.dll, FTD3XX.dll and so on

Dependencies

~0.9–6MB
~30K SLoC