MemorySharp - Managed library for memory editing, and Fasm.NET - Managed wrapper to use the FASM compiler from .NET applications

(Obviously of possible interest for some language implementors)

By Jämes Ménétrey (aka "ZenLulz") :

MemorySharp

MemorySharp is a C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.

The goal of this library is to provide a safe, powerful and easy to use API, keeping the remote process as clean as possible. This library is said Out-of-Process, in other words it does not need to be injected within the target process. Only your application loads MemorySharp, ensuring that only the requested operations are executed in the opened process. For the moment, the library only supports 32-bit development.

Home page:

http://binarysharp.com/products/memorysharp/

Also on GitHub: https://github.com/ZenLulz/MemorySharp

and on NuGet: http://www.nuget.org/packages/MemorySharp/

Fasm.NET

A managed wrapper to use the FASM compiler from .NET applications.

This library is written in C++/CLI and embeds FASM compiler as a linkable Microsoft COFF object. As FASM compiler is built in 32-bit, the managed assembly can only be used within a 32-bit development.

The branches match with the current versions of FASM compiler as published on the official website.

Home page:

http://binarysharp.com/products/fasmnet/

Also on GitHub: https://github.com/ZenLulz/Fasm.NET

and on NuGet: http://www.nuget.org/packages/Fasm.NET/

Licensing

Both librairies come with the MIT license:

* MemorySharp, since 9/14/2013 (Announcement)

* Fasm.NET, as of v2.0.0

Excerpt from MemorySharp's feature list :

Process interactions

* Check if the process is debugged
* Gather information of the process
* Interact with the PEB (Process Environment Block)

Memory interactions

* Allocate and free a chunk of memory
* Change the protection of allocated regions
* Get an absolute/relative address from a pointer
* Query the memory allocated
* Read and write primitive and complex data types

Module interactions

* Enumerate all modules loaded
* Find functions inside a module
* Get the main module
* Inject and eject modules

Thread interactions

* Create and terminate threads
* Get the exit code of terminated threads
* Get the main thread
* Get the segments addresses
* Get threads by identifier
* Interact with the TEB (Thread Environment Block)
* Join threads
* Manage the context of threads
* Query the state of threads
* Suspend and resume threads

Window interactions

* Enumerate the windows of the process
* Enumerate the child windows of the process
* Enumerate the child windows of another window
* ...

Assembly interactions

* Assemble mnemonics
* Embed FASM compiler (Fasm.NET)
* Execute remote codes (such as functions) with/without parameter(s) synchronously and asynchronously
* Inject mnemonics
* Support several calling conventions

(... and more)

Fasm.NET's feature list :

* Assemble mnemonics on the fly
* Assemble a file
* Assemble multiple files
* Create a instance of the class to assemble your mnemonics code with ease
* Throw managed and detailed exceptions when compilation errors occur
* Customize the memory size and the number of pass
* Get the version of the FASM compiler

...

(A few FASM links)

P.S.

Happy new year 2014, everybody, "by the way" :)

And a random fact, as of 01/01/2014:

both the CLR and C# are still in their teenage, for just a couple more years to come... ;)

Cheers,

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Regarding code injection/ejection in a .NET context

Regarding code injection/ejection in a .NET context, the interested may find useful to know about the relevant "classic" (so to speak) articles, by Daniel Pistelli :

.NET Internals and Code Injection

http://www.ntcore.com/files/netint_injection.htm

.NET Internals and Native Compiling

http://www.ntcore.com/files/netint_native.htm

(quoting: "... presented in this article [...] from the perspective of a reverser")