The Lain library (liblain) provides a programmatic interface to the memory and memory maps of processes on Linux. Liblain offers both a procfs and a lainko kernel driver backend. Both interfaces provide identical functionality. The kernel driver backend is not provided by this repository.
Liblain stores both VM areas and VM backing objects in lists, which means a memory map can be updated without invalidating pointers to the map. This allows liblain to be easily used for prolonged analysis where a target's memory allocations change. Despite being lists, traversal between relevant areas/objects is still possible in O(1) in many cases.
In addition to memory maps, liblain also provides the following:
- Read / write process memory.
- Resolve a process name to PID(s) the same way utilities like ps/top/htop do.
- Various utils to streamline the development process.
Fetch the repo:
$ git clone https://github.com/vykt/liblain
Build:
$ make lib
Install:
# make install
Install additional markdown documentation:
# make install_docs
Ensure your linker searches for liblain in the install directory (adjust as required):
# echo "/usr/local/lib" > /etc/ld.so.conf.d/liblain.conf
Include <libpwu.h> in your sources:
#include <liblain.h>
Ask your compiler to link liblain:
$ gcc -o test test.c -llain
See /doc/md for documentation. If you have installed liblain, you can view the manpages with man 3 {liblain_error,liblain_iface,liblain_map,liblain_util}. For examples, take a look at /src/test.