andoryuuta / kiwi Goto Github PK

I have a problem with huge memory leaks on Linux, possibly related to your functions regarding memory reading. I would like to share the code with you, but I don't want to release it in public yet.

There are many different ways to represent "strings" in memory (different encodings, null-terminated or not, encoding endianess, etc). It would be difficult to make a universal solution for this, so we should at least add some basic functionality for the most common use cases:

ReadNullTerminatedUTF8String()
ReadNullTerminatedUTF16String()

A test similar to the read_test.go test needs to be added for writing of memory.

As I saw that you are planning on resuming the work on this project, I would like to see a ReadString() function. Currently I have to read bytes but that's not really an option. Is it possible to implement? Or if not, what is the issue?

I don't know if you are still working on this, but the only remaining feature that this library missing for me is Pattern scanning. Here is the implementation for Linux, I would be glad if you could adopt it, and, if possible, add support for Windows.

A way of getting all memory regions within a process along with the region permissions (read, write, execute) needs to be added all of the platform back-ends. This needs to be added before a search functionality can be added.

Windows via VirtualQueryEx.

Linux via /proc/pid/maps

OSX via vm_region which is part of mach's virtual memory interface

Errors types need to be added to the library for user error handling. Current error handling needs to be rewritten to return new error types to the user.

The back-end functions for OSX/Darwin in process_darwin.go need to be properly implemented.

Hi, here is the small code I'm trying to run, on Windows 11 (tried as Administrator too)

package main

import (
	"github.com/Andoryuuta/kiwi"
	"log"
)

func addOffsets(proc kiwi.Process, addr uintptr, ofs ...uintptr) (uintptr, error) {
	for _, o := range ofs {
		var nextAddr uintptr
		nextAddrUint64, err := proc.ReadUint64(addr + o)
		nextAddr = uintptr(nextAddrUint64)
		if err != nil {
			return 0, err
		}
		addr = nextAddr
	}
	return addr, nil
}

const (
	OffsetWaterCtrl = uintptr(0xC18)
)

var (
	offsetsToPlayerStruct = []uintptr{0x48, 0x1A8, 0x430, 0x40, 0x280, 0x320, 0x578, 0x118}
)

func main() {
	// Get a handle to the process.
	proc, err := kiwi.GetProcessByFileName("atg-steam-engine-demo.exe")
	if err != nil {
		panic(err)
	}

	log.Println(proc.PID)

	// Base pointer = "atg-steam-engine-demo.exe"+00097A90
	base, err := proc.GetModuleBase("atg-steam-engine-demo.exe")
	if err != nil {
		panic(err)
	}

	base += 0x00097A90 // Add the base offset.

	finalAddr, err := addOffsets(proc, base, offsetsToPlayerStruct...)
	if err != nil {
		panic(err)
	}

	finalAddr += OffsetWaterCtrl // Add the final offset without reading it.

	w, err := proc.ReadFloat64(finalAddr)
	if err != nil {
		panic(err)
	}

	log.Printf("Got base: %f\n", w)
}

Here is the output:

(today's-date) 21856
panic: Module32First: %!w(<nil>)

goroutine 1 [running]:
main.main()
        C:/.../main.go:41 +0x194

I took a look "under the hood" and this is the line which returns the error:

func (p *Process) GetModuleBase(moduleName string) (uintptr, error) {
...
	if !w32.Module32First(snap, &me32) {
		return 0, fmt.Errorf("Module32First: %w", windows.GetLastError())
	}
...
}

Any idea what could cause this? windows.GetLastError() is nil.