andoryuuta / kiwi Goto Github PK

View Code? Open in Web Editor NEW

35.0 4.0 7.0 41 KB

A package for memory editing in go.

License: MIT License

Go 100.00%

go golang memory memory-hacking memory-editing

kiwi's Introduction

Kiwi

A package for memory editing in go.

Current Features

Reading and Writing with support for [uint & int 8, 16, 32, 64] [float 32, 64] data types
Support for Windows and Linux(assuming /proc/ directory exists.)

Future plans

Pattern scanning for bytecode
Call remote functions via injected assembly
Hooking functions via injected assembly
Setting breakpoints via windows debugging api
Mono runtime features (if hooking and remote functions are possible)

Installation

go get github.com/Andoryuuta/kiwi

Usage

package main

import (
	"log"

	"github.com/Andoryuuta/kiwi"
)

func main() {
	// The memory address of variable inside of target process.
	externVarAddr := uintptr(0x001A51E8)

	// Find the process from the executable name.
	proc, err := kiwi.GetProcessByFileName("example.exe")
	if err != nil {
		log.Fatalln("Error while trying to find process.")
	}

	// Read from the target process.
	externVar, err := proc.ReadUint32(externVarAddr)
	if err != nil {
		log.Fatalln("Error while trying to read from target process.")
	}

	// Output the variable we read.
	log.Println("Read", externVar)

	// Write a new value of 1000 to the variable
	err = proc.WriteUint32(externVarAddr, 1000)
	if err != nil {
		log.Fatal(err)
	}
}

kiwi's People

Contributors

Stargazers

Watchers

Forkers

l3lackshark securityclippy icodein anima-os-dev zzqgit ascorbic-acid jstsdev

kiwi's Issues

Add functionality to get memory regions and permissions.

A way of getting all memory regions within a process along with the region permissions (read, write, execute) needs to be added all of the platform back-ends. This needs to be added before a search functionality can be added.

Windows via VirtualQueryEx.

Linux via /proc/pid/maps

OSX via vm_region which is part of mach's virtual memory interface

Add a memory write test

A test similar to the read_test.go test needs to be added for writing of memory.

Pattern Scanning

I don't know if you are still working on this, but the only remaining feature that this library missing for me is Pattern scanning. Here is the implementation for Linux, I would be glad if you could adopt it, and, if possible, add support for Windows.

Implement Mac back-end

The back-end functions for OSX/Darwin in process_darwin.go need to be properly implemented.

Getting error `Module32First: %!w(<nil>)` when calling `GetModuleBase`

Hi, here is the small code I'm trying to run, on Windows 11 (tried as Administrator too)

package main

import (
	"github.com/Andoryuuta/kiwi"
	"log"
)

func addOffsets(proc kiwi.Process, addr uintptr, ofs ...uintptr) (uintptr, error) {
	for _, o := range ofs {
		var nextAddr uintptr
		nextAddrUint64, err := proc.ReadUint64(addr + o)
		nextAddr = uintptr(nextAddrUint64)
		if err != nil {
			return 0, err
		}
		addr = nextAddr
	}
	return addr, nil
}

const (
	OffsetWaterCtrl = uintptr(0xC18)
)

var (
	offsetsToPlayerStruct = []uintptr{0x48, 0x1A8, 0x430, 0x40, 0x280, 0x320, 0x578, 0x118}
)

func main() {
	// Get a handle to the process.
	proc, err := kiwi.GetProcessByFileName("atg-steam-engine-demo.exe")
	if err != nil {
		panic(err)
	}

	log.Println(proc.PID)

	// Base pointer = "atg-steam-engine-demo.exe"+00097A90
	base, err := proc.GetModuleBase("atg-steam-engine-demo.exe")
	if err != nil {
		panic(err)
	}

	base += 0x00097A90 // Add the base offset.

	finalAddr, err := addOffsets(proc, base, offsetsToPlayerStruct...)
	if err != nil {
		panic(err)
	}

	finalAddr += OffsetWaterCtrl // Add the final offset without reading it.

	w, err := proc.ReadFloat64(finalAddr)
	if err != nil {
		panic(err)
	}

	log.Printf("Got base: %f\n", w)
}

Here is the output:

(today's-date) 21856
panic: Module32First: %!w(<nil>)

goroutine 1 [running]:
main.main()
        C:/.../main.go:41 +0x194

I took a look "under the hood" and this is the line which returns the error:

func (p *Process) GetModuleBase(moduleName string) (uintptr, error) {
...
	if !w32.Module32First(snap, &me32) {
		return 0, fmt.Errorf("Module32First: %w", windows.GetLastError())
	}
...
}

Any idea what could cause this? windows.GetLastError() is nil.

Read String (linux)

As I saw that you are planning on resuming the work on this project, I would like to see a ReadString() function. Currently I have to read bytes but that's not really an option. Is it possible to implement? Or if not, what is the issue?

Is there any way I could contact you?

I have a problem with huge memory leaks on Linux, possibly related to your functions regarding memory reading. I would like to share the code with you, but I don't want to release it in public yet.

Add proper errors and error handling.

Errors types need to be added to the library for user error handling. Current error handling needs to be rewritten to return new error types to the user.

Add common string functions.

There are many different ways to represent "strings" in memory (different encodings, null-terminated or not, encoding endianess, etc). It would be difficult to make a universal solution for this, so we should at least add some basic functionality for the most common use cases:

ReadNullTerminatedUTF8String()
ReadNullTerminatedUTF16String()