Memory Bandit

Memory Bandit is a Windows utility DLL designed for inspecting, analyzing, and manipulating the memory of the process it is injected into. It features a modern GUI built with Slint, allowing for easy interaction without the need for command-line tools.

Features

• Process Information: View detailed information about the host process, including:
  • Process ID, Parent Process, and Architecture (x64/x86).
  • Security Context: User account, Elevation status, Integrity level, and Privileges.
  • Loaded Modules: List of all DLLs and modules loaded in the process space.
  • DLL Search Paths: Inspection of standard Windows DLL search locations.
• Memory Inspection: Read raw bytes from specific memory addresses.
• Memory Manipulation: Write byte sequences to memory addresses (useful for patching or testing).
• Architecture Support: Designed for 64-bit (x64) Windows, with experimental support for 32-bit (x86).

Project Structure

The project is organized as a Cargo workspace with the following crates:

• dll: The main artifact. This crate compiles into memory_bandit.dll which is injected into target processes.
• gui: Contains the Slint UI logic and window management.
• engine: Core logic for memory operations, process inspection, and Windows API interactions.
• shared: Common types, constants, and helper functions used across the workspace.
• loader: A helper executable to load the DLL for development and testing purposes.

Build

Prerequisites

• OS: Windows 10 or 11.
• Rust: Nightly toolchain is currently required (due to usage of the 2024 edition).
• Dependencies: Windows SDK and C++ build tools (usually installed via Visual Studio Installer).

Compilation

1. Install the nightly toolchain (if not already installed):

   rustup toolchain install nightly
   rustup default nightly

2. Build the project:

   cargo build --release

The resulting artifact memory_bandit.dll will be located in target/release/.

Usage

Method 1: Using the Loader (Development/Testing)

The project includes a loader crate that mimics a target process. This is the easiest way to test the DLL.

# Copy the built DLL to the directory where the loader expects it (usually root or target dir)
# Or simply run the loader which should pick up the DLL if configured correctly, 
# typically you might need to ensure the DLL is in the same folder as the executable.

cargo run --bin bandit-loader --release

Method 2: DLL Injection

1. Build the project in release mode.
2. Use your preferred DLL injector (e.g., Process Hacker, Xenos, etc.).
3. Target the process you want to inspect.
4. Inject memory_bandit.dll.
5. The GUI window should appear immediately upon successful injection.

License

This project is licensed under the MIT License - see the LICENSE.md file for details.