-
Active Member
[Release][Python]Pymem - Python memory library
Hello guys,
It has been a long time since I've posted anything here, and today I'm presenting Pymem, which is a complete rewrite of the version I presented in 2010 (PyMem - Python process memory editing).
[Pyasm]
Before introducing pymem, I want to first say a word around FASM and the wrapper I wrote around it which is called pyfasm (I'm so creative).
Basically, for those who don't know you can manipulate dll assemblies using the python module called ctypes and have your code call dll functions, it's the same as "references" under a C# project i guess. So before working on pymem I first managed to wrap FASM into this python library called pyfasm, which is a requirement for pymem.
So here is an example demonstrating how to assemble inline asm to bytes (it's pretty similar to fasm_managed):
HTML Code:
import pyfasm
__asm = b"""
mov edi, edi
push ebp
mov ebp, esp
"""
assembled_mnemonics = pyfasm.assemble(__asm)
If you want to get a further look on the project it's on github.
[Pymem]
The aim of pymem is to cover the basics of process manipulation within a unique library that provides the necessary endpoints and abstract all the windows api kitchening.
The library continues to evolve, feature per feature, but in it's current state, it seems stable and provide enough features to get started.
[Pymem Requirements]
Obviously python: version 3.4
pywin32: build 219
[Pymem Install]
In a shell, install pymem like this (it will install pymem system-wide):
HTML Code:
pip install pymem
For those who are familiar with python, you can of course install it using a virtualenv.
[Pymem Examples]
- Reading from a process
HTML Code:
import pymem
# Open a process and leverage our privilege using AdjustTokenPrivileges + SeDebugPrivilege
pm = pymem.Pymem("Wow.exe")
# Process Base
print('Process Base Address: {}'.format(pm.process_base_address))
# static for player_name 3.3.5a
player_name_address = 0x00C79D18
player_name = pm.read_string(player_name_address, 40)
print(player_name)
- Allocating memory, writing (Rip of RivalFR's EndScene Hook)
HTML Code:
# Allocate some space for detour
detour_ptr = pm.allocate(0x256)
# Detour asm
detour = pm.assemble(address=detour_ptr, mnemonics="""
pushfd
pushad
mov eax, [ecx + 0xA8]
mov [{endscene_ptr}], eax
mov eax, 0x01
mov [{is_ready}], eax
popad
popfd
call DWORD[ecx + 0xA8]
jmp {addr}
""".format(**{
'endscene_ptr': endscene_ptr,
'is_read': is_ready_address,
'addr': hex(0x005A17B6 + 0x6)
})
pm.write_string(0x005A17B6, detour)
- Loaded module base
HTML Code:
import pymem.process
d3d9 = pymem.process. module_from_name(wow_process_id, 'd3d9')
print(d3d9.base_address)
- Some reads (3.3.5a)
HTML Code:
base_address = 0x00C79CE0
base = pm.read_uint(base_address)
player_guid = pm.read_long(base + 0xC0)
# iterate over objects
current_obj = pm.read_uint(base + 0xAC)
next_obj = current_obj
while current_obj != 0 and current_obj % 2 == 0:
guid = pm.read_long(current_obj + 0x30)
object_type = pm.read_uint(current_obj + 0x14)
next_obj = pm.read_uint(current_obj + 0x3C)
current_obj = next_obj
And the lists of example goes on, you can do most of the basic things you are used to with other programming languages.
More to come later.
Project documentation
Project source code
Changelog
0.2:
- Fixed a typo in `ProcessError`
- Fixed memory writes (using ctypes.addressof for non-strings)
- Added method `list_process_modules` and `module_from_name` to the process module.
- Added exceptions `MemoryReadError` and `MemoryWriteError` when read or write to/from memory failed
- Added `set_debug_privilege` method which leverage a given process token.
- Some code refactoring, mainly spaces and some pep8
0.1:
- initial release of pymem
Credits goes to RivalFR for his hook over EndScene, Shynd for Blackmagic, tanis2000 for Babot and I'm sure many others from the Forum.
Before you use the code, do not forget to read licenses:
Fasm License
Last edited by nopz; 06-09-2015 at 07:37 AM.
Reason: doc links
My blog: https://pimpmykitty.wordpress.com
PyFasm: https://github.com/srounet/pyfasm
Pymem: https://github.com/srounet/pymem
-
Post Thanks / Like - 2 Thanks
-
Think we spoke on Skype before about this. Very cool release
+4 rep
Check my blog: https://zzuks.blogspot.com
-
Contributor
Nice work, enjoy my +rep too.
-
Banned for scamming
good job, I really need to take a look about fasm x64 someday.
@Midi12 : Lol @ 92izii
-
Member
I installed the x64 version and was able to read the 8.1 in game Boolean correctly I wasn't able to read any strings (bad continuous bit) but it's still a start for me thank you.
-
Member
Hello, I'm trying to take the combat Log using Pymem, but I'm not getting any success, could you get my bearings? I want to thank you for your time and contribution to this topic. ^^
-
Established Member
Great!!! I love pymem, it's helpful and effective.
-
Member
@nopz Is there any way to get the combatlog and chat using Pymem?