{"id":16693047,"url":"https://github.com/rdbo/pclone","last_synced_at":"2025-10-05T13:54:31.602Z","repository":{"id":118702343,"uuid":"312659480","full_name":"rdbo/pclone","owner":"rdbo","description":"This project is not mine. It's a fork. The original one seems to be deleted.","archived":false,"fork":false,"pushed_at":"2020-11-13T18:44:44.000Z","size":0,"stargazers_count":4,"open_issues_count":0,"forks_count":7,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-01T18:10:15.133Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rdbo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-11-13T18:56:47.000Z","updated_at":"2024-11-30T14:21:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"0f54dbf4-a765-4f1e-a38a-d9d866d7e97b","html_url":"https://github.com/rdbo/pclone","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rdbo/pclone","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdbo%2Fpclone","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdbo%2Fpclone/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdbo%2Fpclone/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdbo%2Fpclone/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rdbo","download_url":"https://codeload.github.com/rdbo/pclone/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdbo%2Fpclone/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278464272,"owners_count":25991177,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-12T16:29:09.930Z","updated_at":"2025-10-05T13:54:31.585Z","avatar_url":"https://github.com/rdbo.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003cimg src=\"https://githacks.org/_xeroxz/pclone/-/raw/78ec8745ad117f42640063ef3bd10e5946f7ad6d/img/pclone-icon.png\"/\u003e\n\u003c/div\u003e\n\n# pclone\n\npclone is small project designed to clone running processes. The cloning does not clone threads nor handles, it does however clone all virtual memory. \nIt does this by swapping dirbase in the clones EPROCESS structure. It also swaps the PEB in the EPROCESS structure so the clone will list the same loaded modules\nas the cloned process.\n\n# usage\n\nTo make a `pclone_ctx` you must create a `vdm_ctx` and you must have a process id you want to clone. Once you have both of those you can clone a process.\n\n```cpp\npclone_ctx clone_ctx(vdm, util::get_pid(\"notepad.exe\"));\n\n// clone_pid is the pid of the new clone process\n// clone_handle is a PROCESS_ALL_ACCESS handle which you can\n// use to call VirtualAllocEx, ReadProcessMemory, WriteProcessMemory... etc...\nconst auto [clone_pid, clone_handle] = clone_ctx.clone();\n```\n\n# example\n\nAs you can see here I clone notepad using a `RuntimeBroker.exe` as a dummy process to use as the clone. The loaded modules list the ones in notepad.exe and all the virtual memory is the same\nas it is in notepad.exe\n\n\u003cimg src=\"https://imgur.com/XDADPMA.png\"/\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frdbo%2Fpclone","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frdbo%2Fpclone","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frdbo%2Fpclone/lists"}