memkit v0.5.0

Android Memory Toolkit

A fast, Go-powered framework for Android memory inspection, scanning, and patching. Built for reverse-engineering workflows, automation, and deep debugging.

GitHub Repo Explore Features
session://memkit 

$ go get github.com/pwh-pwh/memkit
$ memkit scan --pid 1234 --type i32 --eq 1337
> matches: 18
> patched: 6

Core Capabilities

Memory IO

Read/write via /proc/<pid>/mem or process_vm_readv with automatic fallback.

Maps Intelligence

Parse /proc/<pid>/maps, classify ranges (heap/stack/java), and resolve module bases.

Search Engine

Typed scans, sliding search, AOB patterns, range filters, refinement, and set operations.

Pointer Chains

Resolve and search pointer chains to stabilize dynamic addresses.

Fuzzy Scan

Snapshot memory and filter by increase/decrease/unchanged values.

Pagemap

Virtual-to-physical lookup when system permissions allow.

Operational Modes

MODE

Syscall First

Use process_vm_readv/writev for speed. Automatically falls back to /proc.

MODE

Mem File

Direct /proc/<pid>/mem access for environments without syscall support.

MODE

Direct

Unsafe pointer reads for same-process debugging.

API Snapshot

proc := memory.NewProcess(pid)
proc.SetMode(memory.ModeSyscall)

base, _ := proc.ModuleBase("libil2cpp.so")

s := memory.NewSearcher(proc)
s.Workers = 4
hits, _ := s.SearchPattern("12 34 ?? 56")

snap, _ := memory.CaptureFuzzySnapshot[int32](s)
changed, _ := memory.FilterFuzzySnapshot(s, snap, memory.FuzzyIncreased)

chains, _ := memory.FindPointerChains(proc, target, memory.PointerSearchOptions{
  MaxDepth: 3,
  MaxOffset: 0x1000,
})

Release v0.5.0