add basic CLI for testing enumeration
This commit is contained in:
Adir Shitrit
12
ghost-cli/Cargo.toml
Normal file
12
ghost-cli/Cargo.toml
Normal file
@@ -0,0 +1,12 @@
|
||||
[package]
|
||||
name = "ghost-cli"
|
||||
version.workspace = true
|
||||
edition.workspace = true
|
||||
authors.workspace = true
|
||||
license.workspace = true
|
||||
|
||||
[dependencies]
|
||||
ghost-core = { path = "../ghost-core" }
|
||||
anyhow.workspace = true
|
||||
env_logger.workspace = true
|
||||
log.workspace = true
|
||||
28
ghost-cli/src/main.rs
Normal file
28
ghost-cli/src/main.rs
Normal file
@@ -0,0 +1,28 @@
|
||||
use anyhow::Result;
|
||||
use ghost_core::{memory, process};
|
||||
|
||||
fn main() -> Result<()> {
|
||||
env_logger::init();
|
||||
|
||||
println!("Ghost - Process Injection Detection\n");
|
||||
|
||||
let processes = process::enumerate_processes()?;
|
||||
println!("Found {} processes\n", processes.len());
|
||||
|
||||
for proc in processes.iter().take(10) {
|
||||
println!("{}", proc);
|
||||
|
||||
if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
|
||||
let rwx_regions: Vec<_> = regions
|
||||
.iter()
|
||||
.filter(|r| r.protection == ghost_core::MemoryProtection::ReadWriteExecute)
|
||||
.collect();
|
||||
|
||||
if !rwx_regions.is_empty() {
|
||||
println!(" RWX regions: {}", rwx_regions.len());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Reference in New Issue
Block a user