Process and Module Information

Process and Module Operations

get_proc_base(std::uint32_t pid)

Gets the base address of a process given its Process ID.

Parameters:

pid: Process ID

Returns: uint32_t (Process base address)

Example:

std::uint32_t pid = 1234;
uint32_t base_addr = Styx::get_proc_base(pid);
std::cout << "Process base address: 0x" << std::hex << base_addr << std::endl;

get_kmodule_address()

Retrieves addresses of various kernel modules and functions.

Returns: bool

Example:

if (Styx::get_kmodule_address()) {
    std::cout << "Kernel module addresses retrieved successfully" << std::endl;
}

get_kmodule_base(const char* module_name)

Gets the base address of a kernel module.

Parameters:

module_name: Name of the kernel module

Returns: std::uintptr_t

Example:

const char* module_name = "ntoskrnl.exe";
std::uintptr_t module_base = Styx::get_kmodule_base(module_name);
std::cout << "Module base address: 0x" << std::hex << module_base << std::endl;

get_kmodule_export(const char* module_name, const char* export_name, bool rva = false)

Gets the address of an exported function from a kernel module.

Parameters:

module_name: Name of the kernel module
export_name: Name of the exported function
rva: If true, returns the Relative Virtual Address (default: false)

Returns: void*

Example:

const char* module_name = "ntoskrnl.exe";
const char* export_name = "PsLookupProcessByProcessId";
void* func_addr = Styx::get_kmodule_export(module_name, export_name);
std::cout << "Function address: " << func_addr << std::endl;

get_pid(const wchar_t* proc_name)

Gets the Process ID of a process given its name.

Parameters:

proc_name: Name of the process

Returns: std::uint32_t

Example:

const wchar_t* proc_name = L"notepad.exe";
std::uint32_t pid = Styx::get_pid(proc_name);
std::cout << "Process ID: " << pid << std::endl;

PreviousHypervisor and Memory Management NextShadow EPT Management

Last updated 8 months ago