Skip to main content
libmem provides a comprehensive set of APIs for memory manipulation, process management, and code hooking across multiple categories. All APIs follow consistent naming conventions and patterns for both internal and external (cross-process) operations.

API Categories

The libmem API is organized into the following categories:

Process APIs

Enumerate, find, and manage processes on the system

Thread APIs

Enumerate and retrieve information about process threads

Module APIs

Load, unload, find, and enumerate modules in processes

Symbol APIs

Find and enumerate symbols in modules with demangling support

Memory Segment APIs

Enumerate and find memory segments in process address space

Memory APIs

Read, write, allocate, protect, and manage memory

Scanning APIs

Search memory for patterns, signatures, and data

Assembler APIs

Assemble and disassemble instructions for multiple architectures

Hooking APIs

Hook and unhook functions with code detours and VMT hooks

Naming Conventions

“Ex” Suffix ConventionAPIs with the “Ex” suffix operate on external processes (cross-process operations). APIs without the suffix operate on the current process.For example:
  • LM_ReadMemory() reads memory from the current process
  • LM_ReadMemoryEx() reads memory from a specified external process

Function Patterns

All libmem functions follow these patterns:
  • Prefix: All functions start with LM_
  • Naming: Functions use PascalCase (e.g., LM_FindProcess, LM_EnumModules)
  • External Operations: Functions with Ex suffix require a lm_process_t *process parameter as the first argument
  • Callbacks: Enumeration functions take callback functions that return LM_TRUE to continue or LM_FALSE to stop

Type Conventions

All libmem types follow these patterns:
  • Prefix: All types start with lm_
  • Naming: Types use snake_case and end with _t (e.g., lm_process_t, lm_module_t)
  • Consistency: The same types are used across both internal and external operations

Return Values

Most libmem functions follow these return conventions:
  • Boolean Operations: Return LM_TRUE on success, LM_FALSE on failure
  • Address Operations: Return a valid address on success, LM_ADDRESS_BAD on failure
  • Size Operations: Return the size/count on success, 0 on failure
  • Pointer Operations: Return a valid pointer on success, NULL on failure

Getting Started

To get started with the libmem API:
  1. Choose the category that matches your use case
  2. Review the available functions in that category
  3. Check whether you need the internal or external (Ex) version
  4. Refer to the detailed documentation for parameter and return value information
Each API category page provides detailed documentation for all functions, including parameters, return values, and usage examples.

Build docs developers (and LLMs) love

Get started for freeTalk to us