Hey!
I am writing a Linux memoryhacking library for some time now and it finally
reached a state where I consider it to be usefull for other people.
(It's still under heavy development though).
I tried to keep the code as fast & generic as possible, with a modern C++ style.
Features:
- Enumerate processes and threads and extract information from abstract objects
representing them. There are also utilities to find processes running on the
system.
- Enumerate memory regions a process mapped into it's memory space.
- A debugger class which offers a lot of debug utilities.
- A memoryeditor to read and write a process' memory.
- A scanner to find addresses of POD values and byte patterns in the remote
process with an efficent approach.
Compiling:
- I use advanced C++0x features, so you need gcc 4.5 or later to compile the
library.
But this shouldn't be an issue as many distros already ship gcc 4.6 .
- The Boost library has to be installed. I compiled with version 1.40 and 1.46,
but older/newer versions should work as well.
- cmake/Code:Blocks is used as build system, please get one of them.
- Kernel 2.6 or higher is required so everything behaves like it should.
- Linux blocks writing to /proc/[PID]/mem per default, as it's considered a
security hazard. There are patches out there which enable writing to it without any
security issues. This is the fastest way to write memory, but it is only enabled
by Ethonmem if you define 'I_PATCHED_MY_KERNEL_TO_SUPPORT_WRITING_TO_MEM' when
compiling the library.
Download:
Checkout the source at https://github.com/Ethon/Ethonmem .
Create the docs yourself with 'doxygen Doxyfile' or get these slightly outdated docs:git clone git://github.com/Ethon/Ethonmem.git
http://ethon.cc/blog/wp-content/uploads/2011/07/doc.zip
Some example code:
[C++] Ethonmem example code - Pastebin.com
I am releasing this because I want criticism and suggestions how to improve my library.
So, if you consider using it, please tell me what you'd like to change or why you don't want to use it.
Just a note, I am using the nickname "Ethon" for more than 4 years, neither the design nor the name ('insert greek mythology' + mem)
are 'stolen' from Cypher's HadesMem.
Have fun!
Greets,
Ethon