pybind11 extension

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mirusu400 from gravatar.com mirusu400

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

external_proc python module

Python Version PYPI Downloads

External process memory manager

Installation

Ensure you have at least Python 3.6+

pip install external_proc
or
pip install git+https://github.com/bananasss00/external_proc.git

Usage examples

More examples in 'tests' directory

Open/Close process

from external_proc import *

p = ExtProcess.open(PROCESS_NAME or PROCESS_ID)
p.close()
### or ###
with ExtProcess.ctx_open(PROCESS_NAME or PROCESS_ID) as p:
  pass

Read/Write values

with ExtProcess.ctx_open(process_name) as p:
  # write
  p.write.list_bytes(address, [0x90, 0x90])
  p.write.bytes(address, b'\x90\x90')
  p.write.str(address, 'string')
  p.write.wstr(address, 'unicode string')
  p.write.uint8(address, 1)
  p.write.uint16(address, 1)
  p.write.uint32(address, 1)
  p.write.uint64(address, 1)
  p.write.int8(address, -1)
  p.write.int16(address, -1)
  p.write.int32(address, -1)
  p.write.int64(address, -1)
  p.write.float(address, 0.01)
  p.write.double(address, 0.01)
  # read
  v = p.read.list_bytes(address, BYTES_COUNT)
  v = p.read.bytes(address, BYTES_COUNT)
  v = p.read.str(address, MAX_BYTES_COUNT) # read string to first \x00
  v = p.read.wstr(address, MAX_BYTES_COUNT) # read string to first \x00
  v = p.read.uint8(address) # signed 1 byte value
  v = p.read.uint16(address) # signed 2 byte value
  v = p.read.uint32(address) # signed 4 byte value
  v = p.read.uint64(address) # signed 8 byte value
  v = p.read.int8(address) # unsigned 1 byte value
  v = p.read.int16(address) # unsigned 2 byte value
  v = p.read.int32(address) # unsigned 4 byte value
  v = p.read.int64(address) # unsigned 8 byte value
  v = p.read.float(address) # 4 byte
  v = p.read.double(address) # 8 byte

Pointers

# Pointer types:
#   ListBytes
#   Bytes
#   Str
#   Wstr
#   Uint8
#   Uint16
#   Uint32
#   Uint64
#   Int8
#   Int16
#   Int32
#   Int64
#   Float
#   Double
#   Invalid
ptr = p.make_ptr(address, PtrType.Int32)
address = ptr.get_address() # return current address
ptr.set_value(333)
value = ptr.get_value()

# get address from multilevel pointers
ptr = p.make_ptr(0x6426E0, core.PtrType.Uint32)\
            .go_ptr(0xC)\
            .go_ptr(0x14)\
            .go_ptr()\
            .go_ptr(0x18)

# PtrTypes: ListBytes, Bytes, Str, Wstr
#   require additional argument
#   for get_value(BYTES_COUNT or MAX_BYTES_COUNT for strings)

Simple dll injector x32/x64

with ExtProcess.ctx_open(process_name) as p:
  dll_path = os.path.abspath('lib.dll')
  loadlib_func = get_proc_address('kernel32', 'LoadLibraryA', x64=p.is_x64_process())
  param = p.alloc()
  p.write.str(param, dll_path)
  with p.ctx_create_thread(loadlib, param, wait_thread=True) as th_id:
      pass

Signature scanner. IDA Style

exe_module = p.get_module()
client_module = p.get_module('client.dll')

# .text:00428873 8D 4D F0          lea ecx, [ebp+var_10]
# .text:00428876 E8 05 4E FE FF    call 0x40D680

# E8 ? ? ? ? - it's instruction call 0x40D680
signature = "8D 4D F0 E8 ? ? ? ?" 

# equal: find_pattern(signature) + 3
sig_in_all_module: Ptr = client_module.find_pattern(signature, add_offset=3)
sig_in_code_section: Ptr = client_module.section('.text').find_pattern(signature, 3)

# for read relative offset from call instruction you can simple do this
adr = sig_in_code_section.go_call_ptr().get_address()
# same for jmp, je and etc inctructions: .go_jmp_ptr(), .go_jmp_short_ptr()

Shellcode injection. Using nasm(need add in to PATH environment variable directory with nasm.exe)

    # CheatEngine Tutorial x64. Step 7: Code Injection: (PW=013370)
    with ExtProcess.ctx_open('Tutorial-x86_64.exe') as t:
        m = t.get_module()
        code_decrement_health = 0x10002D4F7
        new_code = t.alloc(2048, code_decrement_health)  # alloc memory near 'code_decrement_health'
                                                                                   # for short relative jump!!!
        t.virtual_protect(code_decrement_health, 7, PageFlags.PAGE_EXECUTE_READWRITE)
        t.write.bytes(code_decrement_health, nasm(f'''jmp {hex(new_code)}\nnop\nnop''', 64, hex(code_decrement_health)))
        t.write.bytes(new_code, nasm('''add dword [rsi+0x7E0], 0x2 ; +2 health instead -1
                                        jmp qword 0x10002D4FE''', 64, new_code))

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mirusu400 from gravatar.com mirusu400

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.1.2

0.1.1

This version

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

external_proc-0.1.0.tar.gz (16.9 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

external_proc-0.1.0-cp312-cp312-win_amd64.whl (153.3 kB view details)

Uploaded CPython 3.12Windows x86-64

external_proc-0.1.0-cp312-cp312-win32.whl (128.2 kB view details)

Uploaded CPython 3.12Windows x86

external_proc-0.1.0-cp311-cp311-win_amd64.whl (141.8 kB view details)

Uploaded CPython 3.11Windows x86-64

external_proc-0.1.0-cp311-cp311-win32.whl (127.2 kB view details)

Uploaded CPython 3.11Windows x86

external_proc-0.1.0-cp310-cp310-win_amd64.whl (140.6 kB view details)

Uploaded CPython 3.10Windows x86-64

external_proc-0.1.0-cp310-cp310-win32.whl (126.2 kB view details)

Uploaded CPython 3.10Windows x86

File details

Details for the file external_proc-0.1.0.tar.gz.

File metadata

  • Download URL: external_proc-0.1.0.tar.gz
  • Upload date:
  • Size: 16.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for external_proc-0.1.0.tar.gz
Algorithm Hash digest
SHA256 70686f4a4e4052ca2b5abcaf97f31e4bc12b64558dbe13354470387e8695cab0
MD5 5367863132e3f283cdfcc55a0797a9c4
BLAKE2b-256 3cd6f7bd27f87ce0b64c462d822560c94f7dc49f6e413f95f6cf0dc9546e6955

See more details on using hashes here.

File details

Details for the file external_proc-0.1.0-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.0-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 3617cba5f5db11cae6aef06b1a3778d7f4926d06a0f6b9aaae1035a778073e13
MD5 f4a44c213b1f0722676de5f31e544191
BLAKE2b-256 bbeb5b952a56ef49aeccbd178e6bae288e3db912f07c3daf30e3520d4d132262

See more details on using hashes here.

File details

Details for the file external_proc-0.1.0-cp312-cp312-win32.whl.

File metadata

  • Download URL: external_proc-0.1.0-cp312-cp312-win32.whl
  • Upload date:
  • Size: 128.2 kB
  • Tags: CPython 3.12, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.0-cp312-cp312-win32.whl
Algorithm Hash digest
SHA256 5bb4ce0e5ce4feac036f6b41bd729a1cf4ee5540730b704f6cd322a2939a0f46
MD5 6ef99efc401c958b37c02abfec75549a
BLAKE2b-256 652308a956d21b89a0e343bd08ec04dc3ef48ce0e028d2ed8c5708c1f16e8a5e

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.0-cp312-cp312-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.0-cp311-cp311-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.0-cp311-cp311-win_amd64.whl
Algorithm Hash digest
SHA256 6c02a9596e1504ac28fc00e2c4f49314dca34eaea5461e0ee89ac8f77a6b1e5e
MD5 ed6636f4c8928af4f95ef618b38acabf
BLAKE2b-256 7c9f91b07bfbe81515b1b39167e0862f5b05d744343ca1e2bb3c5be6dbc4e1d6

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.0-cp311-cp311-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.0-cp311-cp311-win32.whl.

File metadata

  • Download URL: external_proc-0.1.0-cp311-cp311-win32.whl
  • Upload date:
  • Size: 127.2 kB
  • Tags: CPython 3.11, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.0-cp311-cp311-win32.whl
Algorithm Hash digest
SHA256 5dac4a99bdafb1dce43160fccd02addd553047f538777a33c998084e960006a4
MD5 9f12d6c70f1e7627743670dd1c7a09dd
BLAKE2b-256 d0e4e80d0223570d44f2c875115ea8f6ad19afc060ca2a15e45b84753b13fc40

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.0-cp311-cp311-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.0-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.0-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 8dc66046bd8324c37ad3f8a7ea3c9471124cf35b3d1ba57869682989440e55ed
MD5 009b3e971038ac0770157740c9e9c922
BLAKE2b-256 a7a11707a4c1a88f3d14d32f093ee268809791e8a01d3b6cc9d9580373161ad4

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.0-cp310-cp310-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.0-cp310-cp310-win32.whl.

File metadata

  • Download URL: external_proc-0.1.0-cp310-cp310-win32.whl
  • Upload date:
  • Size: 126.2 kB
  • Tags: CPython 3.10, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.0-cp310-cp310-win32.whl
Algorithm Hash digest
SHA256 194fe89ca82f70086e5e7b93d4c732cf2a2e66773dd91eadf9e40e2428aaab36
MD5 08163fa1f555073f0741b674abf4021a
BLAKE2b-256 69abdd37755bd42bcda8f17c517cd0e66298dade4461db4047fc90ddb0cc58a4

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.0-cp310-cp310-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page