#
memory
Memory is a direct access library to reading/writing into memory.
We are still working on adding features here such as built-in disassemblers & resolvers
#
Classes
#
memory.address
{
raw: number,
int8: number,
uint8: number,
int16: number,
uint16: number,
int32: number,
uint32: number,
int64: number,
uint64: number,
int64: number,
uint64: number,
bool: boolean,
char: number,
uchar: number,
short: number,
ushort: number,
int: number,
uint: number,
long: number,
ulong: number,
float: number,
double: number
}
#
memory.module
{
name: string,
address: memory.address,
base: memory.address,
size: number
}
#
memory.region
{
base: memory.address,
size: number,
state: "commit" | "free" | "reserve",
type: "none" | "image" | "mapped" | "private",
protect: string[] | {[index: string]: true}
}
#
Sizes
memory.size.int8: number
memory.size.uint8: number
memory.size.int16: number
memory.size.uint16: number
memory.size.int32: number
memory.size.uint32: number
memory.size.int64: number
memory.size.uint64: number
memory.size.bool: number
memory.size.char: number
memory.size.uchar: number
memory.size.short: number
memory.size.ushort: number
memory.size.int: number
memory.size.uint: number
memory.size.long: number
memory.size.ulong: number
memory.size.float: number
memory.size.double: number
#
Functions
memory.address(value: number | string | function | userdata): memory.address
- Creates a new address class.
- Using a string will attempt for format a hex-string to address.
- Using cfunctions or userdata retrives their absolute location in memory.
memory.allocate(size: number): memory.address
- Allocates a fixed size of memory in heap.
memory.module(name?: string): memory.module
- Attempts to retreive a loaded module.
- Windows are usually named .dll, while linux are .so
memory.modules(): memory.module[]
- Lists all modules that has been loaded.
- Windows are usually named .dll, while linux are .so
memory.regions(): memory.region[]
- Lists all regions that is associated with the current process.
- This basically gives you all of the virtual memory allocated to this process.
memory.region(loc: memory.address): memory.region?
- Finds the region that a memory address is located in.
memory.base(addr: memory.address): memory.module?
- Attempts to locate the base module based on the address.
- This only works if the address with within the address-space of a module.
memory.fetch(module: memory.module, name: string): memory.address
- Attempts to search for existing routines or variables that are disclosed.
memory.interface(module: memory.module, name: string): memory.address?
- Attempt to search for various interface routines & calls them.
memory.index(input: memory.address, index: number): memory.address?
- Performs a simple indexing on an address.
- This equates to simply
((void**)input)[index]
memory.offset(input: memory.address, offset: number): memory.address
- Performs a simple offset to an address
- This equates to simply
(void*)input + offset
memory.relative(input: memory.address, offset: number, size: number): memory.address?
- Performs a relative instruction operation.
- For windows-x64-intel this peaks into a subroutine using "call" opcode ->
memory.relative(addr, 0x1, 0x5)
memory.vtable(input: memory.address): memory.address?
- Performs a de-reference to a class for it's vtable.
- This equates to simply
*reinterpret_cast<void***>(address)
memory.aob.hex(module: memory.module, pattern: string): memory.address?
- Performs a hex-style signature scan on a module.
- Example:
\xA0?\xB1
memory.aob.ida(module: memory.module, pattern: string): memory.address?
- Performs a ida-style signature scan on a module.
- Example:
A0 ? B1
memory.read.int8(input: memory.address): number?
- Attempts to read a
int8value. - Size: 1 Byte - 8 Bits
memory.read.uint8(input: memory.address): number?
- Attempts to read a
uint8value. - Size: 1 Byte - 8 Bits
memory.read.int16(input: memory.address): number?
- Attempts to read a
int16value. - Size: 2 Bytes - 16 Bits
memory.read.uint16(input: memory.address): number?
- Attempts to read a
uint16value. - Size: 2 Bytes - 16 Bits
memory.read.int32(input: memory.address): number?
- Attempts to read a
int32value. - Size: 4 Bytes - 32 Bits
memory.read.uint32(input: memory.address): number?
- Attempts to read a
uint32value. - Size: 4 Bytes - 32 Bits
memory.read.int64(input: memory.address): number?
- Attempts to read a
int64value. - Size: 8 Bytes - 64 Bits
memory.read.uint64(input: memory.address): number?
- Attempts to read a
uint64value. - Size: 8 Bytes - 64 Bits
memory.read.bool(input: memory.address): boolean?
- Attempts to read a
booleanvalue. - Typically the size of a boolean is defined as 1 bit.
- However some systems differ claiming 1 byte or 8 bits.
memory.read.char(input: memory.address): number?
- Attempts to read a
charvalue. - Size: 1 Byte - 8 Bits
memory.read.uchar(input: memory.address): number?
- Attempts to read a
unsigned charvalue. - Size: 1 Byte - 8 Bits
memory.read.short(input: memory.address): number?
- Attempts to read a
shortvalue. - Size: 2 Bytes - 16 Bits
memory.read.ushort(input: memory.address): number?
- Attempts to read a
unsigned shortvalue. - Size: 2 Bytes - 16 Bits
memory.read.int(input: memory.address): number?
- Attempts to read a
intvalue. - Size: 4 Bytes - 32 Bits
memory.read.uint(input: memory.address): number?
- Attempts to read a
unsigned intvalue. - Size: 4 Bytes - 32 Bits
memory.read.long(input: memory.address): number?
- Attempts to read a
longvalue. - Size: 4 Bytes - 32 Bits (Win) | 8 Bytes - 64 Bits (Linux)
memory.read.ulong(input: memory.address): number?
- Attempts to read a
unsigned longvalue. - Size: 4 Bytes - 32 Bits (Win) | 8 Bytes - 64 Bits (Linux)
memory.read.float(input: memory.address): number?
- Attempts to read a
floatvalue. - Size: 4 Bytes - 32 Bits
memory.read.double(input: memory.address): number?
- Attempts to read a
doublevalue. - Size: 8 Bytes - 64 Bits
memory.read.sequence(input: memory.address, size: number): string
- Attempts to read a sequence of bytes.
- Example returns:
A1 B2 C3
memory.read.address(input: memory.address): memory.address?
- Attempts to read a
void*value.
memory.write.int8(input: memory.address, value: number)
- Attempts to write a
int8value. - Size: 1 Bytes - 8 Bits
memory.write.uint8(input: memory.address, value: number)
- Attempts to write a
uint8value. - Size: 1 Byte - 8 Bits
memory.write.int16(input: memory.address, value: number)
- Attempts to write a
int16value. - Size: 2 Bytes - 16 Bits
memory.write.uint16(input: memory.address, value: number)
- Attempts to write a
uint16value. - Size: 2 Bytes - 16 Bits
memory.write.int32(input: memory.address, value: number)
- Attempts to write a
int32value. - Size: 4 Bytes - 32 Bits
memory.write.uint32(input: memory.address, value: number)
- Attempts to write a
uint32value. - Size: 4 Bytes - 32 Bits
memory.write.int64(input: memory.address, value: number)
- Attempts to write a
int64value. - Size: 8 Bytes - 64 Bits
memory.write.uint64(input: memory.address, value: number)
- Attempts to write a
uint64value. - Size: 8 Bytes - 64 Bits
memory.write.bool(input: memory.address, value: boolean)
- Attempts to write a
booleanvalue. - Typically the size of a boolean is defined as 1 bit.
- However some systems differ claiming 1 byte or 8 bits.
memory.write.char(input: memory.address, value: number)
- Attempts to write a
charvalue. - Size: 1 Byte - 8 Bits
memory.write.uchar(input: memory.address, value: number)
- Attempts to write a
unsigned charvalue. - Size: 1 Byte - 8 Bits
memory.write.short(input: memory.address, value: number)
- Attempts to write a
shortvalue. - Size: 2 Bytes - 16 Bits
memory.write.ushort(input: memory.address, value: number)
- Attempts to write a
unsigned shortvalue. - Size: 2 Bytes - 16 Bits
memory.write.int(input: memory.address, value: number)
- Attempts to write a
intvalue. - Size: 4 Bytes - 32 Bits
memory.write.uint(input: memory.address, value: number)
- Attempts to write a
unsigned intvalue. - Size: 4 Bytes - 32 Bits
memory.write.long(input: memory.address, value: number)
- Attempts to write a
longvalue. - Size: 4 Bytes - 32 Bits (Win) | 8 Bytes - 64 Bits (Linux)
memory.write.ulong(input: memory.address, value: number)
- Attempts to write a
unsigned longvalue. - Size: 4 Bytes - 32 Bits (Win) | 8 Bytes - 64 Bits (Linux)
memory.write.float(input: memory.address, value: number)
- Attempts to write a
floatvalue. - Size: 4 Bytes - 32 Bits
memory.write.double(input: memory.address, value: number)
- Attempts to write a
doublevalue. - Size: 8 Bytes - 64 Bits
memory.write.sequence(input: memory.address, value: string, size: number)
- Attempts to write a sequence of bytes to the address.
- Example sequences that are valid:
A1 B2 C3orA1B2C3
memory.write.address(input: memory.address, value: memory.address)
- Attempts to write a
addressvalue.
memory.scan.int8(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
int8value.
memory.scan.uint8(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
uint8value.
memory.scan.int16(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
int16value.
memory.scan.uint16(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
uint16value.
memory.scan.int32(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
int32value.
memory.scan.uint32(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
uint32value.
memory.scan.int64(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
int64value.
memory.scan.uint64(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
uint64value.
memory.scan.bool(input: boolean, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
booleanvalue.
memory.scan.char(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
charvalue.
memory.scan.uchar(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
unsigned charvalue.
memory.scan.short(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
shortvalue.
memory.scan.ushort(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
unsigned shortvalue.
memory.scan.int(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
intvalue.
memory.scan.uint(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
unsigned intvalue.
memory.scan.long(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
longvalue.
memory.scan.ulong(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
unsigned longvalue.
memory.scan.float(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
floatvalue.
memory.scan.double(input: number, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
doublevalue.
memory.scan.address(input: memory.address, start?: memory.module | memory.region | memory.address, end?: memory.address): memory.address[]
- Attempts to scan for a certain
void*value.
memory.subroutine.blank(): memory.address
- Creates a blank subroutine that does nothing.
- This is created in heap, therefore it will increase memory.
memory.subroutine.int8(value: number): memory.address
- Creates a blank subroutine which only returns an 8-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.uint8(value: number): memory.address
- Creates a blank subroutine which only returns an unsigned 8-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.int16(value: number): memory.address
- Creates a blank subroutine which only returns an 16-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.uint16(value: number): memory.address
- Creates a blank subroutine which only returns an unsigned 16-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.int32(value: number): memory.address
- Creates a blank subroutine which only returns an 32-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.uint32(value: number): memory.address
- Creates a blank subroutine which only returns an unsigned 32-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.int64(value: number): memory.address
- Creates a blank subroutine which only returns an 16-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.uint64(value: number): memory.address
- Creates a blank subroutine which only returns an unsigned 64-bit integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.bool(value: boolean): memory.address
- Creates a blank subroutine which only returns a boolean.
- This is created in heap, therefore it will increase memory.
memory.subroutine.char(value: number): memory.address
- Creates a blank subroutine which only returns a character.
- This is created in heap, therefore it will increase memory.
memory.subroutine.uchar(value: number): memory.address
- Creates a blank subroutine which only returns a unsigned character.
- This is created in heap, therefore it will increase memory.
memory.subroutine.short(value: number): memory.address
- Creates a blank subroutine which only returns a short.
- This is created in heap, therefore it will increase memory.
memory.subroutine.ushort(value: number): memory.address
- Creates a blank subroutine which only returns a unsigned short.
- This is created in heap, therefore it will increase memory.
memory.subroutine.int(value: number): memory.address
- Creates a blank subroutine which only returns a integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.uint(value: number): memory.address
- Creates a blank subroutine which only returns a unsigned integer.
- This is created in heap, therefore it will increase memory.
memory.subroutine.long(value: number): memory.address
- Creates a blank subroutine which only returns a long.
- This is created in heap, therefore it will increase memory.
memory.subroutine.ulong(value: number): memory.address
- Creates a blank subroutine which only returns a unsigned long.
- This is created in heap, therefore it will increase memory.
stub
memory.subroutine.float(value: number): memory.address
- Creates a blank subroutine which only returns a float.
- This is created in heap, therefore it will increase memory.
stub
memory.subroutine.double(value: number): memory.address
- Creates a blank subroutine which only returns a double.
- This is created in heap, therefore it will increase memory.
memory.subroutine.sequence(hex: string): memory.address
- Creates a subroutine from a sequence.
- This is created in heap, therefore it will increase memory.
memory.subroutine.invoker(callback: function): memory.address
- Creates a subroutine that invokes a lua callback.
- Do note this doesn't allow returns or parameters (yet).
- This is created in heap, therefore it will increase memory.
memory.subroutine.emit(loc: memory.address, args...: memory.address): memory.address
- This calls a function at the specified address.
- Make sure to validate before invoking.
- This is the equivilant of calling functions in C.
Unstable
This will tell the processor to move into a routine.
Make sure to validate your routines before calling emit.
memory.jump.hook(loc: memory.address, target: memory.address): boolean
- Creates an unconditional jump to an address in a specified location.
- If a function is passed it will use
memory.subroutine.invoker.
memory.jump.unhook(loc: memory.address): boolean
- Removes and restores a specified location from an unconditional jump.
memory.jump.list(): memory.address[]
- Gives a list of memory addresses that have been hooked using jump.
memory.jump.get(loc: memory.address): memory.address?
- Gets the memory address that the jump is targeting.
stub
memory.call.hook(loc: memory.address, target: memory.address): boolean
- Creates a call to an address in a specified location.
- If a function is passed it will use
memory.subroutine.invoker.
stub
memory.call.unhook(loc: memory.address): boolean
- Removes and restores a specified location from an unconditional call.
stub
memory.call.list(): memory.address[]
- Gives a list of memory addresses that have been hooked using call.
stub
memory.call.get(loc: memory.address): memory.address?
- Gets the memory address that the call is targeting.
stub
memory.trampoline.hook(loc: memory.address, target: memory.address): memory.address?
- Creates a trampoline to an address in a specified location.
- This will return a clone of a function's first few bytes (which then jumps into the main function right after).
- If a function is passed it will use
memory.subroutine.invoker.
stub
memory.trampoline.unhook(loc: memory.address): boolean
- Removes and restores a specified location from an unconditional trampoline.
stub
memory.trampoline.list(): memory.address[]
- Gives a list of memory addresses that have been hooked using trampoline.
stub
memory.trampoline.get(loc: memory.address): memory.address?
- Gets the memory address that the trampoline is targeting.