{"id":27059912,"url":"https://github.com/item-self/ntprocesses","last_synced_at":"2025-04-10T22:48:30.307Z","repository":{"id":286203628,"uuid":"960711958","full_name":"item-self/ntprocesses","owner":"item-self","description":"Rust library that makes it easy to manipulate Windows' processes.","archived":false,"fork":false,"pushed_at":"2025-04-09T15:33:12.000Z","size":34,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-09T19:44:22.629Z","etag":null,"topics":["assembly","process","reverse-engineering","rust","windows","x64"],"latest_commit_sha":null,"homepage":"https://docs.rs/ntprocesses/latest/ntprocesses/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/item-self.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-04T23:15:36.000Z","updated_at":"2025-04-09T15:33:15.000Z","dependencies_parsed_at":"2025-04-09T19:36:46.121Z","dependency_job_id":null,"html_url":"https://github.com/item-self/ntprocesses","commit_stats":null,"previous_names":["item-self/ntprocesses"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/item-self%2Fntprocesses","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/item-self%2Fntprocesses/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/item-self%2Fntprocesses/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/item-self%2Fntprocesses/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/item-self","download_url":"https://codeload.github.com/item-self/ntprocesses/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248143253,"owners_count":21054737,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","process","reverse-engineering","rust","windows","x64"],"created_at":"2025-04-05T13:16:55.186Z","updated_at":"2025-04-10T22:48:30.299Z","avatar_url":"https://github.com/item-self.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ntprocesses\r\n\r\n## About\r\nRust library that makes it easy to manipulate Windows' processes.\r\nThe name comes from the ability to specifically target processes found with the undocumented NtAPI, and use of NtAPI functions. You can use officially supported APIs just as well, too.\r\n\r\n## Usage\r\n```toml\r\n[dependencies]\r\nntprocesses = \"*\"\r\n```\r\n\\- or -\r\n```bash\r\n$ git clone https://github.com/item-self/ntprocesses.git\r\n$ cd ntprocesses\r\n$ cargo test\r\n```\r\n\r\n## Examples\r\n\r\n#### Getting a process using a snapshot:\r\n```rust\r\nlet process = ProcessBuilder::\u003cAttach\u003e::default()\r\n    .permissions(PROCESS_ALL_ACCESS)\r\n    .process_id(process_id)\r\n    .build_from_snapshot()?;\r\n```\r\n#### Getting a process using the NtAPI:\r\n```rust\r\nlet process = ProcessBuilder::\u003cAttach\u003e::default()\r\n    .permissions(PROCESS_ALL_ACCESS)\r\n    .process_id(process_id)\r\n    .build_from_nt()?;\r\n```\r\n\r\n#### Basic memory operations on a process:\r\n```rust\r\n// this will actually allocate an entire page, read only.\r\nlet addr = process.virtual_alloc(None, 1, PAGE_READONLY)?;\r\n\r\n// this will set the page to be able to be read and written to.\r\nprocess.set_protection(addr, 1, PAGE_READWRITE)?;\r\n\r\nprocess.write(addr, 1337 as usize)?;\r\n\r\nassert_eq!(process.read::\u003cusize\u003e(addr)?, 1337 as usize);\r\n```\r\n\r\n#### Iterate through process threads with undocumented flags:\r\n```rust\r\nlet process = Process::\u003cNT\u003e::from_pid(process_id, PROCESS_ALL_ACCESS)?;\r\n\r\nfor thread process.get_threads() {\r\n    thread.suspend()?;\r\n    println!(\"{:?}\", thread.thread_state);\r\n}\r\n```\r\n\r\n#### Thread hijacking made easy with these methods!\r\n```rust\r\nlet thread = process.get_threads().next().unwrap();\r\n\r\nthread.suspend()\r\nthread.get_context()\r\nthread.set_context()\r\nthread.resume()\r\n// etc ...\r\n```\r\n\r\nAnd, many more examples in the test modules.\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitem-self%2Fntprocesses","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fitem-self%2Fntprocesses","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitem-self%2Fntprocesses/lists"}