Skip to content

AAASS554/CS2-memflow-Example-of-an-algorithm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
read
read
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
README_CN.md
README_CN.md
 
 
README_EN.md
README_EN.md
 
 

Repository files navigation

Memory Analysis Tool

简体中文 | English

A Windows process memory analysis tool based on memflow, providing memory read/write and pattern scanning capabilities.

Features

Process Management

  • List all system processes
  • Get process module information
  • Process memory region analysis

Memory Operations

  • Read/Write process memory
  • Memory region protection flag management
  • Memory pattern scanning

Tool Support

  • Byte pattern matching
  • Hexadecimal formatting
  • Memory region information management

Quick Start

Requirements

  • Rust 1.70+
  • Windows system (for target analysis)
  • Administrator privileges (for memory access)

Dependencies

[dependencies]
memflow = "0.2.3"
memflow-win32 = "0.2"
memflow-native = { git = "https://github.com/memflow/memflow-native" }
dataview = "1.0.1"
log = "0.4.22"
simple_logger = "5.0.0"
anyhow = "1.0.93"
clap = { version = "4.5.21", features = ["derive"] }

Installation

  1. Clone the project
git clone https://github.com/yourusername/memory-analysis-tool.git
cd memory-analysis-tool
  1. Build the project
cargo build --release
  1. Run examples
# List all processes
cargo run

# Scan specific process
cargo run -- -p notepad.exe

Usage Guide

Basic Usage

use memory_analysis_tool::{MemoryManager, services::ProcessService};

fn main() -> Result<()> {
    // Create memory manager
    let memory_manager = MemoryManager::new(connector)?;
    
    // Use process service
    let process_service = ProcessService::new(process);
    
    // Read memory
    let data = process_service.read_memory(address, size)?;
    
    Ok(())
}

Memory Scanning

use memory_analysis_tool::utils::MemoryScanner;

// Create scan pattern
let pattern = MemoryScanner::create_pattern("48 8B 05 ?? ?? ?? ??")?;

// Scan memory
let matches = MemoryScanner::scan_pattern(&memory_data, &pattern);

Project Structure

src/
├── main.rs          # Command line entry
├── lib.rs           # Library entry and core manager
├── models/          # Data models
│   ├── mod.rs
│   └── memory.rs    # Memory related structures
├── services/        # Business logic
│   ├── mod.rs
│   └── process_service.rs  # Process service
└── utils/           # Utility functions
    ├── mod.rs
    ├── scanner.rs   # Memory scanner
    └── memory.rs    # Memory utilities

API Documentation

MemoryManager

Memory manager providing Windows kernel interaction interface:

pub struct MemoryManager {
    kernel: Win32Kernel<impl PhysicalMemory>,
}

ProcessService

Process service encapsulating process operations:

pub struct ProcessService {
    process: Process,
}

MemoryScanner

Memory scanning tool supporting pattern matching:

pub struct MemoryScanner;

Common Issues

  1. Permission Errors

    • Ensure running with administrator privileges
    • Check process access permissions

  2. Memory Access Failures

    • Confirm target process exists
    • Verify memory address validity

  3. Pattern Matching Issues

    • Validate pattern format
    • Ensure appropriate memory range

Contributing

  1. Fork the project
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

License

MIT License

Disclaimer

This tool is for educational and research purposes only. Users must comply with relevant laws and regulations and not use it for illegal purposes. The author is not responsible for any misuse.

Author

记得晚安

Contact

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages