/Titanium

Titanium is a library consisting of a driver and interface that allows to read and write memory, acquire process IDs and module addresses, all on the kernel level.

Primary LanguageCGNU General Public License v3.0GPL-3.0

Titanium

Titanium is a library consisting of a driver and interface that allows to read and write memory, acquire process IDs and module addresses, all on the kernel level.

Platform

Titanium is currently only supported on Windows 10.

Installation

The driver is not yet signed, so you will have to put your Windows 10 into test mode and load the driver using a tool like OSRLoader.

The interface files are Titanium.h and Titanium.cpp located in the Titanium source folder. Add them to your project to use them.

Sample Code

The following code waits until Sandbox.exe image loads, prints out the base address and module size, and injects a dll using APC injection.

int main()
{
	TitaniumInterface ti;

	std::wstring name = L"Sandbox.exe";

	ULONG pid = 0;
	while (!pid)
	{
		auto module = ti.GetTargetImageInfo(name.c_str());
		pid = module.ProcessID;

		if (pid == 0) std::this_thread::sleep_for(std::chrono::seconds(1));
	}

	auto module = ti.GetTargetImageInfo(name.c_str());
	std::cout << "Image Info 0:\n";
	std::cout << "    PID    : " << module.ProcessID << "\n";
	std::cout << "    Base   : " << module.ImageBase << "\n";
	std::cout << "    Size   : " << module.ImageSize << "\n";
	std::cout << "\n-------------------------\n\n";

	std::this_thread::sleep_for(std::chrono::milliseconds(100));

	ULONG64 base = ti.InjectX64DLL(module.ProcessID, L"C:\\Users\\alber\\Desktop\\TestDLL.dll");
	std::cout << "DLL Injected at 0x" << std::hex << base << std::dec << "\n";

	system("pause");
	return 0;
}

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

GPL-3.0