Process and Module Information
Process and Module Operations
get_proc_base(std::uint32_t pid)
Gets the base address of a process given its Process ID.
Parameters:
pid: Process ID
Returns: uint32_t (Process base address)
Example:
std::uint32_t pid = 1234;
uint32_t base_addr = Styx::get_proc_base(pid);
std::cout << "Process base address: 0x" << std::hex << base_addr << std::endl;get_kmodule_address()
Retrieves addresses of various kernel modules and functions.
Returns: bool
Example:
if (Styx::get_kmodule_address()) {
std::cout << "Kernel module addresses retrieved successfully" << std::endl;
}get_kmodule_base(const char* module_name)
Gets the base address of a kernel module.
Parameters:
module_name: Name of the kernel module
Returns: std::uintptr_t
Example:
const char* module_name = "ntoskrnl.exe";
std::uintptr_t module_base = Styx::get_kmodule_base(module_name);
std::cout << "Module base address: 0x" << std::hex << module_base << std::endl;get_kmodule_export(const char* module_name, const char* export_name, bool rva = false)
Gets the address of an exported function from a kernel module.
Parameters:
module_name: Name of the kernel moduleexport_name: Name of the exported functionrva: If true, returns the Relative Virtual Address (default: false)
Returns: void*
Example:
const char* module_name = "ntoskrnl.exe";
const char* export_name = "PsLookupProcessByProcessId";
void* func_addr = Styx::get_kmodule_export(module_name, export_name);
std::cout << "Function address: " << func_addr << std::endl;get_pid(const wchar_t* proc_name)
Gets the Process ID of a process given its name.
Parameters:
proc_name: Name of the process
Returns: std::uint32_t
Example:
const wchar_t* proc_name = L"notepad.exe";
std::uint32_t pid = Styx::get_pid(proc_name);
std::cout << "Process ID: " << pid << std::endl;Last updated