libmem 5.0.1

Advanced Game Hacking Library (Windows/Linux/FreeBSD)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
![libmem-logo](https://raw.githubusercontent.com/rdbo/libmem/master/LOGO.png)  
### Advanced Game Hacking Library (C/C++/Rust/Python) (Windows/Linux/FreeBSD)
### Made by rdbo
#  

## Discord Server
https://discord.com/invite/Qw8jsPD99X

## License
This project is licensed under the `GNU AGPLv3.0` (no later versions)

Read `LICENSE` for more information

**NOTE:** Submodules and external dependencies might have their own licenses! Check for their licenses as well.

## Platforms
|OS|x86|x64|ARM|Aarch64|
|:--:|:---:|:---:|:---:|:-------:|
|Windows|:white_check_mark:|:white_check_mark:|:warning:|:warning:|
|Linux|:white_check_mark:|:white_check_mark:|:warning:|:warning:|
|FreeBSD|:heavy_check_mark:|:heavy_check_mark:|:warning:|:warning:|

|Status|Description|
|:------:|:-----------:|
|:white_check_mark:|100% working|
|:heavy_check_mark:|Mostly working|
|:warning:|Untested|

## Features
- [x] Internal and External
- [x] Find and Enumerate Processes, Modules, Symbols, Threads and Segments
- [x] Read/Write Memory
- [x] Allocate/Protect Memory
- [x] Scan Memory by Pattern/Signature
- [x] Resolve Pointer Scans/Pointer Maps
- [x] Hook/Unhook Functions
- [x] Assemble/Dissassemble Code (JIT)
- [x] VMT Hooking/Unhooking
- [x] Load/Unload Modules
- [x] Enumerate Process Threads

***And much more!***

## Examples
### Modern C++
```cpp
/* C++20 or higher */
#include <libmem/libmem.hpp>
#include <iostream>

using namespace libmem;

int main()
{
	Address disas_addr = reinterpret_cast<Address>(main);

	// Disassemble function 'main' until a 'ret' is found
	for (;;) {
		auto inst = Disassemble(disas_addr).value();
		std::cout << inst.to_string() << std::endl;
		if (inst.mnemonic == "ret")
			break;
		disas_addr += inst.bytes.size();
	}

	return 0;
}

/*
Output:
0x55b1a3259275: push rbp -> [ 55 ]
0x55b1a3259276: mov rbp, rsp -> [ 48 89 e5 ]
...
0x55b1a325941a: leave  -> [ c9 ]
0x55b1a325941b: ret  -> [ c3 ]
*/
```

### C/C++
```c
#include <libmem/libmem.h>

void hk_take_damage(int amount)
{
  printf("hooked take_damage! no damage will be taken\n");
  return;
}

int main()
{
	lm_module_t game_mod;
	lm_address_t fn_take_damage;

	LM_FindModule("game.dll", &game_mod);
	printf("[*] Base address of 'game.dll': %p\n", game_mod.base);

	fn_take_damage = LM_FindSymbolAddress(&game_mod, "take_damage");
	printf("[*] Found 'take_damage' function: %p\n", fn_take_damage);

	LM_HookCode(fn_take_damage, hk_take_damage, LM_NULLPTR);
	printf("[*] 'take_damage' hooked, player will no longer receive damage\n");

	return 0;
}
```

### Rust
```rust
use libmem::*;

fn godmode() -> Option<()> {
    let game_process = find_process("game_linux64")?;
    let client_module = find_module_ex(&game_process, "libclient.so")?;

    let fn_update_health = sig_scan_ex(
        &game_process,
        "55 48 89 E5 66 B8 ?? ?? 48 8B 5D FC",
        client_module.base,
        client_module.size,
    )?;
    println!(
        "[*] Signature scan result for 'update_health' function: {}",
        fn_update_health
    );

    let shellcode = assemble_ex("mov rbx, 1337; mov [rdi], rbx; ret", Arch::X64, 0)?;
    write_memory_ex(&game_process, fn_update_health + 8, &shellcode.as_slice())?;
    println!("[*] Patched 'update_health' function to always set health to 1337!");

    Some(())
}

fn main() {
    godmode();
}
```

### Python
```py
from libmem import *
import time

process = find_process("game.exe")
game_mod = find_module_ex(process, process.name)

# Resolve a Cheat Engine pointer scan
health_pointer = deep_pointer_ex(process, game_mod.base + 0xdeadbeef, [0xA0, 0x04, 0x10, 0xF0, 0x0])

# Set player health to 1337 forever
while True:
    write_memory_ex(process, health_pointer, bytearray(int(1337).to_bytes(4)))
    time.sleep(0.2)
```

## Documentation
The main documentation for libmem can be found in `include/libmem.h`.
All APIs are documented and contain very descriptive information about each function, their parameters and return value.
They are located in nearby comments, so you should be able to see them by hovering on your text editor/IDE.

Similarly, the bindings documentation is embedded with their packages, so your text editor/IDE should be able to access the documentation for each API.

## Unnoficial Bindings
These bindings are done by the community/third-parties and are not affiliated with the libmem project or its author.

Their code can have their own licenses as well, diverging from libmem's.

- [Nim_Libmem]https://github.com/Hypnootika/Nim_Libmem
- [Crazymem (NodeJS)]https://github.com/karliky/Crazymem

## CMake Usage (without installing)
Add the following commands to your `CMakeLists.txt`.

They will fetch `libmem-config.cmake` from the root of this repository, which will download libmem binaries for your system and include libmem in your CMake project.

```cmake
include(FetchContent)

# Download and set up libmem
FetchContent_Declare(libmem-config URL "https://raw.githubusercontent.com/rdbo/libmem/config-v1/libmem-config.cmake" DOWNLOAD_NO_EXTRACT TRUE)
FetchContent_MakeAvailable(libmem-config)
set(CMAKE_PREFIX_PATH "${libmem-config_SOURCE_DIR}" "${CMAKE_PREFIX_PATH}")
set(LIBMEM_DOWNLOAD_VERSION "5.0.1")

# Find libmem package
find_package(libmem CONFIG REQUIRED)
```

Use the following to link against libmem (NOTE: it might be necessary to link against other dependencies - go to the `Dependencies` section for more information):
```cmake
# Link against libmem
target_link_libraries(<YOUR_TARGET_NAME> PRIVATE libmem::libmem)
```

## Installing

### Windows
**Note**: If you download a binary version of libmem in the GitHub releases, you only need to install the Windows SDK. Building is not necessary, just add `libmem/include` to your project's include directories and link it against the binary you downloaded.

1. Install the Windows SDK: [Windows 7]https://www.microsoft.com/en-us/download/details.aspx?id=8279 - [Windows 10/11]https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/

2. Install [Python 3]https://python.org/downloads (Check the option to add Python to PATH) (Use [Python 3.8.9]https://python.org/downloads/release/python-389 for Windows 7)

3. Install [Visual Studio]https://visualstudio.microsoft.com/ 2022 or newer (with C++ support and CMake) (older versions might work, but they were not tested). NOTE: You can install only the Visual Studio Build Tools if you don't want the whole IDE.

4. Install [Git Bash]https://git-scm.com/downloads

5. Run a Visual Studio `Developer Command Prompt` (or `x64 Native Tools Command Prompt for VS 2022` for 64 bits) as Administrator

6. Run the following command to append libmem's destination directory to your `%PATH%` user variable (**WARNING** - watch for your `%PATH%` size limit!):

        setx PATH "%PATH%;%ProgramFiles%\libmem\include;%ProgramFiles%\libmem\lib"

7. Continue reading at `Build and Install`

### Linux
**Note**: The following commands are for Debian/Ubuntu based distributions. Make sure to find the appropriate commands for your Linux distribution.

1. Open a terminal

2. Install GCC, G++, Git, CMake, Make, Python 3, and the Linux headers:

        sudo apt install gcc g++ git cmake make python3 linux-headers

3. Continue reading at `Build and Install`

### FreeBSD

1. Add a mountpoint for the `procfs` filesystem in your `/etc/fstab` by appending the following line:

        proc		/proc		procfs	rw	0	0

2. Manually mount the `procfs`. This will only be necessary if you don't reboot. If you reboot, it will be automatically mounted because of the line at `/etc/fstab`. Run the following command (as root):

        mount -t procfs proc /proc

3. Install Git, CMake and Python3 (run as root) (clang, clang++ and make should already be installed):

        pkg install git cmake python3

4. Continue reading at `Build and Install`

### Build and Install
**Note**: Run the following commands on Git Bash (Windows) or a terminal (Linux/FreeBSD).

Clone the repository:
```
git clone --recursive --depth 1 https://github.com/rdbo/libmem
```
Generate the CMake cache:
```
mkdir build
cd build
cmake .. -DCMAKE_BUILD_TYPE=Release
```

Compile libmem:

*Windows*: `nmake`

*Unix-like*: `make -j 4`

Install libmem (run as root or as Administrator):

*Windows*: `nmake install`

*Unix-like*: `make install`

After installing, follow the the proper `Usage` section for your programming language

## Usage (C/C++)

Add `#include <libmem/libmem.h>` (C/C++) or `#include <libmem/libmem.hpp>` (C++) to your source code.
Link the generated libmem library against your binary (`liblibmem.so` for Unix-like or `libmem.dll` for Windows).
*For GCC-like compilers*: add the flag `-llibmem` to your compiler and it should link it.
```c
#include <libmem/libmem.h> /* C/C++ */
#include <libmem/libmem.hpp> /* Force C++ */
```

## Usage (Rust)
**NOTE**: You no longer have to install libmem to use with Rust, as long as the `fetch` feature is enabled on the libmem crate (default). If you disable that feature, it will look for libmem in your system, and you can make the libmem path explicit by using the environment var `LIBMEM_DIR=<path to libmem's directory>`.

Add the following line to your `Cargo.toml` under `[dependencies]`:
```toml
libmem = "5"
```
Import libmem in your Rust source code:
```rust
use libmem::*;
```

## Usage (Python)
**NOTE**: You no longer have to install libmem to use with Python. If no installation is found, the package will fetch and link libmem for you seamlessly. You can use the `LIBDIR=<path to libmem's directory>` environment variable to tell the libmem package where to look for your installation (if you installed it).

Make sure to have Python >= 3.6 active  
Either install the `libmem` package from PyPi by running the following command:  
```
pip install --upgrade libmem
```
Or build and install it yourself by running the following commands:
```
cd libmem-py
python configure.py
python setup.py install
```
Now to import libmem, just do the following in your Python code:
```py
from libmem import *
```

## Dependencies
All:
- capstone (included in root project)
- keystone (included in root project)
- LIEF (included in root project)
- libstdc++ (used in keystone, LIEF and LLVM)
- libmath (used in keystone)

Windows:  
- Windows SDK (user32.lib, psapi.lib, ntdll.lib, shell32.lib)

Linux/Android:  
- libdl (-ldl)

BSD:  
- libdl (-ldl)  
- libkvm (-lkvm)
- libprocstat (-lprocstat)    
- libelf (-lelf)
  
## API Overview
```
LM_EnumProcesses
LM_GetProcess
LM_GetProcessEx
LM_FindProcess
LM_IsProcessAlive
LM_GetBits
LM_GetSystemBits

LM_EnumThreads
LM_EnumThreadsEx
LM_GetThread
LM_GetThreadEx
LM_GetThreadProcess

LM_EnumModules
LM_EnumModulesEx
LM_FindModule
LM_FindModuleEx
LM_LoadModule
LM_LoadModuleEx
LM_UnloadModule
LM_UnloadModuleEx

LM_EnumSymbols
LM_FindSymbolAddress
LM_DemangleSymbol
LM_FreeDemangledSymbol
LM_EnumSymbolsDemangled
LM_FindSymbolAddressDemangled

LM_EnumSegments
LM_EnumSegmentsEx
LM_FindSegment
LM_FindSegmentEx

LM_ReadMemory
LM_ReadMemoryEx
LM_WriteMemory
LM_WriteMemoryEx
LM_SetMemory
LM_SetMemoryEx
LM_ProtMemory
LM_ProtMemoryEx
LM_AllocMemory
LM_AllocMemoryEx
LM_FreeMemory
LM_FreeMemoryEx
LM_DeepPointer
LM_DeepPointerEx

LM_DataScan
LM_DataScanEx
LM_PatternScan
LM_PatternScanEx
LM_SigScan
LM_SigScanEx

LM_GetArchitecture
LM_Assemble
LM_AssembleEx
LM_FreePayload
LM_Disassemble
LM_DisassembleEx
LM_FreeInstructions
LM_CodeLength
LM_CodeLengthEx

LM_HookCode
LM_HookCodeEx
LM_UnhookCode
LM_UnhookCodeEx

LM_VmtNew
LM_VmtHook
LM_VmtUnhook
LM_VmtGetOriginal
LM_VmtReset
LM_VmtFree
```

## Contributing
Read the file `CONTRIBUTING.md` in the root directory of this repository

## Projects
Made with libmem:  
- [AssaultCube Multihack]https://github.com/rdbo/AssaultCube-Multihack  
- [X-Inject]https://github.com/rdbo/x-inject  
- [DirectX9 BaseHook]https://github.com/rdbo/DX9-BaseHook  
- [DirectX11 BaseHook]https://github.com/rdbo/DX11-BaseHook  
- [OpenGL BaseHook]https://github.com/rdbo/GL-BaseHook  
- [Counter-Strike 1.6 BaseHook]https://github.com/rdbo/cstrike-basehook