[Release][Python]Pymem - Python memory library menu

User Tag List

Results 1 to 6 of 6
  1. #1
    nopz's Avatar Active Member
    Reputation
    66
    Join Date
    Aug 2009
    Posts
    56
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [Release][Python]Pymem - Python memory library

    Hello guys,

    It has been a long time since I've posted anything here, and today I'm presenting Pymem, which is a complete rewrite of the version I presented in 2010 (PyMem - Python process memory editing).

    [Pyasm]
    Before introducing pymem, I want to first say a word around FASM and the wrapper I wrote around it which is called pyfasm (I'm so creative).
    Basically, for those who don't know you can manipulate dll assemblies using the python module called ctypes and have your code call dll functions, it's the same as "references" under a C# project i guess. So before working on pymem I first managed to wrap FASM into this python library called pyfasm, which is a requirement for pymem.

    So here is an example demonstrating how to assemble inline asm to bytes (it's pretty similar to fasm_managed):

    HTML Code:
    import pyfasm
    
    __asm = b"""
        mov edi, edi
        push ebp
        mov ebp, esp
    """
    assembled_mnemonics = pyfasm.assemble(__asm)
    If you want to get a further look on the project it's on github.


    [Pymem]

    The aim of pymem is to cover the basics of process manipulation within a unique library that provides the necessary endpoints and abstract all the windows api kitchening.
    The library continues to evolve, feature per feature, but in it's current state, it seems stable and provide enough features to get started.

    [Pymem Requirements]

    Obviously python: version 3.4
    pywin32: build 219

    [Pymem Install]

    In a shell, install pymem like this (it will install pymem system-wide):

    HTML Code:
    pip install pymem
    For those who are familiar with python, you can of course install it using a virtualenv.


    [Pymem Examples]

    - Reading from a process

    HTML Code:
    import pymem
    
    # Open a process and leverage our privilege using AdjustTokenPrivileges + SeDebugPrivilege
    pm = pymem.Pymem("Wow.exe")
    
    # Process Base
    print('Process Base Address: {}'.format(pm.process_base_address))
    
    # static for player_name 3.3.5a
    player_name_address = 0x00C79D18
    player_name = pm.read_string(player_name_address, 40)
    print(player_name)
    - Allocating memory, writing (Rip of RivalFR's EndScene Hook)

    HTML Code:
    # Allocate some space for detour
    detour_ptr = pm.allocate(0x256)
    
    # Detour asm
    detour = pm.assemble(address=detour_ptr, mnemonics="""
        pushfd
        pushad
        mov eax, [ecx + 0xA8]
        mov [{endscene_ptr}], eax
        mov eax, 0x01
        mov [{is_ready}], eax
        popad
        popfd
        call DWORD[ecx + 0xA8]
        jmp {addr}
    """.format(**{
        'endscene_ptr': endscene_ptr,
        'is_read': is_ready_address,
        'addr': hex(0x005A17B6 + 0x6)
    })
    pm.write_string(0x005A17B6, detour)
    - Loaded module base

    HTML Code:
    import pymem.process
    
    d3d9 = pymem.process. module_from_name(wow_process_id, 'd3d9')
    print(d3d9.base_address)
    - Some reads (3.3.5a)

    HTML Code:
    base_address = 0x00C79CE0
    base = pm.read_uint(base_address)
    
    player_guid = pm.read_long(base + 0xC0)
    
    # iterate over objects
    current_obj = pm.read_uint(base + 0xAC)
    next_obj = current_obj
    
    while current_obj != 0 and current_obj % 2 == 0:
        guid = pm.read_long(current_obj + 0x30)
        object_type = pm.read_uint(current_obj + 0x14)
    
        next_obj = pm.read_uint(current_obj + 0x3C)
        current_obj = next_obj
    And the lists of example goes on, you can do most of the basic things you are used to with other programming languages.
    More to come later.

    Project documentation
    Project source code

    Changelog
    0.2:
    - Fixed a typo in `ProcessError`
    - Fixed memory writes (using ctypes.addressof for non-strings)
    - Added method `list_process_modules` and `module_from_name` to the process module.
    - Added exceptions `MemoryReadError` and `MemoryWriteError` when read or write to/from memory failed
    - Added `set_debug_privilege` method which leverage a given process token.
    - Some code refactoring, mainly spaces and some pep8

    0.1:
    - initial release of pymem


    Credits goes to RivalFR for his hook over EndScene, Shynd for Blackmagic, tanis2000 for Babot and I'm sure many others from the Forum.

    Before you use the code, do not forget to read licenses:
    Fasm License
    Last edited by nopz; 06-09-2015 at 07:37 AM. Reason: doc links
    My blog: https://pimpmykitty.wordpress.com
    PyFasm: https://github.com/srounet/pyfasm
    Pymem: https://github.com/srounet/pymem

    These ads disappear when you log in.

  2. Thanks A Squishy Nerd (1 members gave Thanks to nopz for this useful post)
  3. #2
    Corthezz's Avatar Elite User Authenticator enabled
    Reputation
    379
    Join Date
    Nov 2011
    Posts
    320
    Thanks G/R
    159/96
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Think we spoke on Skype before about this. Very cool release
    +4 rep
    Check my blog: https://zzuks.blogspot.com

  4. #3
    Midi12's Avatar Contributor
    Reputation
    90
    Join Date
    Sep 2012
    Posts
    182
    Thanks G/R
    6/13
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice work, enjoy my +rep too.
    92izii !

  5. #4
    JuJuBoSc's Avatar Banned for scamming CoreCoins Purchaser
    Reputation
    1019
    Join Date
    May 2007
    Posts
    922
    Thanks G/R
    1/3
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    good job, I really need to take a look about fasm x64 someday.

    @Midi12 : Lol @ 92izii

  6. #5
    taladork's Avatar Member
    Reputation
    2
    Join Date
    Sep 2017
    Posts
    17
    Thanks G/R
    4/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I installed the x64 version and was able to read the 8.1 in game Boolean correctly I wasn't able to read any strings (bad continuous bit) but it's still a start for me thank you.

  7. #6
    Fufavu's Avatar Member
    Reputation
    1
    Join Date
    May 2018
    Posts
    14
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello, I'm trying to take the combat Log using Pymem, but I'm not getting any success, could you get my bearings? I want to thank you for your time and contribution to this topic. ^^

Similar Threads

  1. [Release] New Arcemu low memory Restarter
    By project anthrax in forum WoW EMU Programs
    Replies: 12
    Last Post: 06-18-2010, 09:50 PM
  2. PyMem - Python process memory editing
    By nopz in forum WoW Memory Editing
    Replies: 5
    Last Post: 05-09-2010, 05:01 AM
  3. PyMem - Python process memory editing
    By nopz in forum Programming
    Replies: 5
    Last Post: 03-25-2010, 03:47 AM
  4. WoWLib (Memory Library)
    By xwinterx in forum WoW Memory Editing
    Replies: 18
    Last Post: 01-08-2010, 04:37 PM
  5. [Mac Release] Python WoW API - Unfinished
    By flukes1 in forum WoW Memory Editing
    Replies: 0
    Last Post: 09-15-2009, 02:47 PM
All times are GMT -5. The time now is 11:46 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search