A .NET library for interacting with the memory of external processes. This library provides functionality to open processes, read and write memory, query memory pages, enumerate modules, and allocate or deallocate memory regions.
- Open processes with specified access rights.
- Hijack an existing process handle.
- Enumerate loaded modules in the target process.
- Query memory pages using
VirtualQueryEx. - Read and write memory values and byte arrays.
- Pattern searching with wildcard support.
- Allocate and deallocate memory in the target process.
- Dereference pointer chains.
- Comprehensive logging using Serilog.
- .NET 8.0 or later.
- Serilog for logging (optional).
- Administrator privileges may be required for accessing certain processes.
Include the Memlib project in your solution or build it and reference the resulting DLL in your project.
A nuget package is planned.
var memory = new Memory(processId, Log.Logger);memory.Open(ProcessAccessRights.PROCESS_VM_READ |
ProcessAccessRights.PROCESS_VM_WRITE |
ProcessAccessRights.PROCESS_QUERY_INFORMATION |
ProcessAccessRights.PROCESS_VM_OPERATION);var modules = memory.Modules();
foreach (var module in modules)
{
Console.WriteLine($"{module.ModuleName} - Base: {module.Base}, Size: {module.SizeOfImage}");
}var pages = memory.Query();
foreach (var page in pages)
{
Console.WriteLine($"Base Address: {page.BaseAddress}, Size: {page.RegionSize}");
}var value = memory.Read<int>(address);
Console.WriteLine($"Value: {value}");memory.Write<int>(address, 12345);var allocatedAddress = memory.Alloc(1024);
Console.WriteLine($"Allocated Address: {allocatedAddress}");memory.Dealloc(allocatedAddress);var matches = memory.Search("AA BB ?? DD", startAddress, endAddress);
foreach (var match in matches)
{
Console.WriteLine($"Match found at: {match}");
}This library uses Serilog for logging. You can provide your own logger or use the default Log.Logger instance. Debug logs are generated for all operations.
- Fork the repository.
- Create a new branch.
- Make your changes.
- Submit a pull request.
This library interacts with external processes and memory. Misuse can result in application crashes, system instability, or unintended behavior. Use responsibly and ensure you comply with all relevant laws and regulations.