Features Overview
libmem provides a rich set of features for memory manipulation, process interaction, and code modification across multiple platforms.Core Capabilities
Internal & External
Work both from within a process (internal) or from another process (external) with the same API
Process Management
Find, enumerate, and interact with running processes on your system
Module Enumeration
Discover and manipulate loaded modules (DLLs/shared libraries) in any process
Symbol Resolution
Find function addresses and resolve symbols from debug information
Memory Operations
Read/Write Memory
Direct memory access for reading and writing data in local or remote processes
Memory Allocation
Allocate and free memory regions with custom protection flags
Memory Protection
Change memory protection flags (read, write, execute) on any memory region
Segment Enumeration
Enumerate and find memory segments/pages with specific protection flags
Pattern Scanning & Searching
Signature Scanning
Search memory for byte patterns with wildcards (AOB scanning)
Pattern Matching
Advanced pattern scanning with support for complex signatures
Data Scanning
Scan memory for specific data values and types
Pointer Scanning
Resolve multi-level pointers and deep pointer chains (Cheat Engine compatible)
Pointer scanning supports Cheat Engine pointer maps, making it easy to port existing cheats and trainers.
Code Modification
JIT Assembly
Assemble x86/x64/ARM assembly code at runtime using the integrated assembler
Disassembly
Disassemble machine code into human-readable assembly instructions
Function Hooking
Hook and unhook functions with automatic trampoline generation
VMT Hooking
Hook virtual method tables (VMT) for C++ object manipulation
Supported Architectures for Assembly
libmem’s assembler and disassembler support a wide range of architectures:- x86: 16-bit, 32-bit, and 64-bit
- ARM: ARMv7, ARMv8, Thumb mode, Big Endian variants
- ARM64: AArch64
- MIPS: 32-bit and 64-bit, little and big endian
- PowerPC: 32-bit, 64-bit, and 64-bit LE
- SPARC: SPARC, SPARC64, SPARCEL
- SystemZ: S390X
Module Management
Load Modules
Inject DLLs or shared libraries into running processes
Unload Modules
Safely unload modules from a process
Module Information
Get detailed information about loaded modules (base address, size, path)
Symbol Enumeration
Enumerate all symbols exported by a module
Thread Operations
Thread Enumeration
Enumerate all threads belonging to a process with detailed information
Process Information
Process Details
Get PID, PPID, architecture, bits, start time, path, and name for any process
Command Line
Retrieve the command line arguments used to start a process
Architecture Detection
Automatically detect process architecture (x86, x64, ARM, ARM64)
Liveness Check
Check if a process is still running
Complete Feature List
All features are available in both internal and external modes across all supported languages (C/C++, Rust, Python).
Process APIs
- Enumerate all running processes
- Get current process information
- Get remote process information
- Retrieve process command line
- Find process by name
- Check process liveness
- Get process architecture (32-bit/64-bit)
- Get system architecture
Thread APIs
- Enumerate threads in current process
- Enumerate threads in remote process
- Get current thread information
- Get remote thread information
- Get the process owning a thread
Module APIs
- Enumerate modules in current process
- Enumerate modules in remote process
- Find module by name (local)
- Find module by name (remote)
- Load module into current process
- Load module into remote process
- Unload module from current process
- Unload module from remote process
Symbol APIs
- Enumerate symbols in a module
- Find symbol address by name
- Demangle C++ symbols
- Enumerate demangled symbols
- Find demangled symbol address
Memory Segment APIs
- Enumerate memory segments (local)
- Enumerate memory segments (remote)
- Find specific memory segment (local)
- Find specific memory segment (remote)
Memory APIs
- Read memory (local)
- Read memory (remote)
- Write memory (local)
- Write memory (remote)
- Set memory to a value (memset)
- Set remote memory to a value
- Change memory protection (local)
- Change memory protection (remote)
- Allocate memory (local)
- Allocate memory (remote)
- Free memory (local)
- Free memory (remote)
Scanning APIs
- Resolve deep pointers (local)
- Resolve deep pointers (remote)
- Scan for data values (local)
- Scan for data values (remote)
- Scan by pattern (local)
- Scan by pattern (remote)
- Scan by signature with wildcards (local)
- Scan by signature with wildcards (remote)
Assembler APIs
- Get current architecture
- Assemble code for current architecture
- Assemble code for specific architecture
- Free assembled payload
- Disassemble code (local)
- Disassemble code (remote)
- Free disassembled instructions
- Calculate code length (local)
- Calculate code length (remote)
Hooking APIs
- Hook function (local)
- Hook function (remote)
- Unhook function (local)
- Unhook function (remote)
- Create new VMT
- Hook VMT entry
- Unhook VMT entry
- Get original VMT function
- Reset VMT to original
- Free VMT
Language Support
libmem provides first-class support for multiple programming languages:C/C++
Native C API with C++ wrapper for modern codebases
Rust
Idiomatic Rust bindings with strong type safety
Python
Easy-to-use Python bindings for rapid prototyping
All language bindings provide the same functionality - choose based on your project needs.
Projects Built with libmem
libmem has been battle-tested in numerous real-world projects:- AssaultCube Multihack
- X-Inject
- DirectX9 BaseHook
- DirectX11 BaseHook
- OpenGL BaseHook
- Counter-Strike 1.6 BaseHook
Next Steps
Platform Support
Check which platforms and architectures are supported
Installation
Get started by installing libmem