pybind11 extension

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mirusu400 from gravatar.com mirusu400

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

external_proc python module

Python Version PYPI Downloads

External process memory manager

Installation

Ensure you have at least Python 3.8+

pip install external_proc
or
pip install git+https://github.com/bananasss00/external_proc.git

Usage examples

More examples in 'tests' directory

Open/Close process

from external_proc import *

p = ExtProcess.open(PROCESS_NAME or PROCESS_ID)
p.close()
### or ###
with ExtProcess.ctx_open(PROCESS_NAME or PROCESS_ID) as p:
  pass

Read/Write values

with ExtProcess.ctx_open(process_name) as p:
  # write
  p.write.list_bytes(address, [0x90, 0x90])
  p.write.bytes(address, b'\x90\x90')
  p.write.str(address, 'string')
  p.write.wstr(address, 'unicode string')
  p.write.uint8(address, 1)
  p.write.uint16(address, 1)
  p.write.uint32(address, 1)
  p.write.uint64(address, 1)
  p.write.int8(address, -1)
  p.write.int16(address, -1)
  p.write.int32(address, -1)
  p.write.int64(address, -1)
  p.write.float(address, 0.01)
  p.write.double(address, 0.01)
  # read
  v = p.read.list_bytes(address, BYTES_COUNT)
  v = p.read.bytes(address, BYTES_COUNT)
  v = p.read.str(address, MAX_BYTES_COUNT) # read string to first \x00
  v = p.read.wstr(address, MAX_BYTES_COUNT) # read string to first \x00
  v = p.read.uint8(address) # signed 1 byte value
  v = p.read.uint16(address) # signed 2 byte value
  v = p.read.uint32(address) # signed 4 byte value
  v = p.read.uint64(address) # signed 8 byte value
  v = p.read.int8(address) # unsigned 1 byte value
  v = p.read.int16(address) # unsigned 2 byte value
  v = p.read.int32(address) # unsigned 4 byte value
  v = p.read.int64(address) # unsigned 8 byte value
  v = p.read.float(address) # 4 byte
  v = p.read.double(address) # 8 byte

Pointers

# Pointer types:
#   ListBytes
#   Bytes
#   Str
#   Wstr
#   Uint8
#   Uint16
#   Uint32
#   Uint64
#   Int8
#   Int16
#   Int32
#   Int64
#   Float
#   Double
#   Invalid
ptr = p.make_ptr(address, PtrType.Int32)
address = ptr.get_address() # return current address
ptr.set_value(333)
value = ptr.get_value()

# get address from multilevel pointers
ptr = p.make_ptr(0x6426E0, core.PtrType.Uint32)\
            .go_ptr(0xC)\
            .go_ptr(0x14)\
            .go_ptr()\
            .go_ptr(0x18)

# PtrTypes: ListBytes, Bytes, Str, Wstr
#   require additional argument
#   for get_value(BYTES_COUNT or MAX_BYTES_COUNT for strings)

Simple dll injector x32/x64

with ExtProcess.ctx_open(process_name) as p:
  dll_path = os.path.abspath('lib.dll')
  loadlib_func = get_proc_address('kernel32', 'LoadLibraryA', x64=p.is_x64_process())
  param = p.alloc()
  p.write.str(param, dll_path)
  with p.ctx_create_thread(loadlib, param, wait_thread=True) as th_id:
      pass

Signature scanner. IDA Style

exe_module = p.get_module()
client_module = p.get_module('client.dll')

# .text:00428873 8D 4D F0          lea ecx, [ebp+var_10]
# .text:00428876 E8 05 4E FE FF    call 0x40D680

# E8 ? ? ? ? - it's instruction call 0x40D680
signature = "8D 4D F0 E8 ? ? ? ?" 

# equal: find_pattern(signature) + 3
sig_in_all_module: Ptr = client_module.find_pattern(signature, add_offset=3)
sig_in_code_section: Ptr = client_module.section('.text').find_pattern(signature, 3)

# for read relative offset from call instruction you can simple do this
adr = sig_in_code_section.go_call_ptr().get_address()
# same for jmp, je and etc inctructions: .go_jmp_ptr(), .go_jmp_short_ptr()

Shellcode injection. Using nasm(need add in to PATH environment variable directory with nasm.exe)

    # CheatEngine Tutorial x64. Step 7: Code Injection: (PW=013370)
    with ExtProcess.ctx_open('Tutorial-x86_64.exe') as t:
        m = t.get_module()
        code_decrement_health = 0x10002D4F7
        new_code = t.alloc(2048, code_decrement_health)  # alloc memory near 'code_decrement_health'
                                                                                   # for short relative jump!!!
        t.virtual_protect(code_decrement_health, 7, PageFlags.PAGE_EXECUTE_READWRITE)
        t.write.bytes(code_decrement_health, nasm(f'''jmp {hex(new_code)}\nnop\nnop''', 64, hex(code_decrement_health)))
        t.write.bytes(new_code, nasm('''add dword [rsi+0x7E0], 0x2 ; +2 health instead -1
                                        jmp qword 0x10002D4FE''', 64, new_code))

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mirusu400 from gravatar.com mirusu400

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.1.2

This version

0.1.1

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

external_proc-0.1.1.tar.gz (16.8 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

external_proc-0.1.1-cp312-cp312-win_amd64.whl (143.1 kB view details)

Uploaded CPython 3.12Windows x86-64

external_proc-0.1.1-cp312-cp312-win32.whl (128.2 kB view details)

Uploaded CPython 3.12Windows x86

external_proc-0.1.1-cp311-cp311-win_amd64.whl (141.8 kB view details)

Uploaded CPython 3.11Windows x86-64

external_proc-0.1.1-cp311-cp311-win32.whl (127.2 kB view details)

Uploaded CPython 3.11Windows x86

external_proc-0.1.1-cp310-cp310-win_amd64.whl (140.7 kB view details)

Uploaded CPython 3.10Windows x86-64

external_proc-0.1.1-cp310-cp310-win32.whl (126.2 kB view details)

Uploaded CPython 3.10Windows x86

external_proc-0.1.1-cp39-cp39-win_amd64.whl (148.8 kB view details)

Uploaded CPython 3.9Windows x86-64

external_proc-0.1.1-cp39-cp39-win32.whl (126.3 kB view details)

Uploaded CPython 3.9Windows x86

external_proc-0.1.1-cp38-cp38-win_amd64.whl (140.4 kB view details)

Uploaded CPython 3.8Windows x86-64

external_proc-0.1.1-cp38-cp38-win32.whl (126.1 kB view details)

Uploaded CPython 3.8Windows x86

File details

Details for the file external_proc-0.1.1.tar.gz.

File metadata

  • Download URL: external_proc-0.1.1.tar.gz
  • Upload date:
  • Size: 16.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.1.tar.gz
Algorithm Hash digest
SHA256 c6f594ca42980e000b2b41e706e0632059fe777004f662134ba2d77a1a3b19cd
MD5 95223899882ab37b605c76a7487df09c
BLAKE2b-256 639642610ba24c4124ee58cddad40d2a10add218afd395409e2dd63018fe136a

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1.tar.gz:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.1-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 5185cf2bbe29cb6c94810f88c2de4edfd08157ad0c484eebacc8565a882e52aa
MD5 204adbcb24defe48595f1153d70b1253
BLAKE2b-256 1e92dfb3b49d91408379e644d1028059c1f7d82567b53b8d868a1fd3e9ae89de

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp312-cp312-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp312-cp312-win32.whl.

File metadata

  • Download URL: external_proc-0.1.1-cp312-cp312-win32.whl
  • Upload date:
  • Size: 128.2 kB
  • Tags: CPython 3.12, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.1-cp312-cp312-win32.whl
Algorithm Hash digest
SHA256 e56ae950976b015e4de79c506ee53ca0898142469551fdfbadc7c281329144ff
MD5 2f35b7414dc643e4d4ff2f5498701df9
BLAKE2b-256 712bdd5e0f2e7ec4c3a5098d4a6e84432356ffa32f202c41039e20986cd9c6d5

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp312-cp312-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp311-cp311-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.1-cp311-cp311-win_amd64.whl
Algorithm Hash digest
SHA256 d760b26e8eb517fb42624162b4cb2de991c022cb8143ab2e48e15b2c65e48125
MD5 4a67f93a6eb857d34e5ee0d45db6dcb4
BLAKE2b-256 5957c151238c1bc2b7779bb29861869125848f6135499204fe6c65ada05d037a

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp311-cp311-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp311-cp311-win32.whl.

File metadata

  • Download URL: external_proc-0.1.1-cp311-cp311-win32.whl
  • Upload date:
  • Size: 127.2 kB
  • Tags: CPython 3.11, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.1-cp311-cp311-win32.whl
Algorithm Hash digest
SHA256 70835031f587f01e6881af3ac52ee459aeb9937a35e175afe3594319d0fd0b6a
MD5 9bb024d45b47fcf0d3bd0d9fe1b61214
BLAKE2b-256 3b1de33f499216f5ffacc3b7dfe8485f712bbd36ee321ffa991425542f1acd4d

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp311-cp311-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.1-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 49791b3c718ba23dae6167bc4766c40b07159390358fd202f9f8e26be2c8a2e5
MD5 ce8fdd10c725560276680e4a3e27fb44
BLAKE2b-256 a7594c236ddf584065200fa04204fae3a13591cacf429834b103dbd5059d878c

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp310-cp310-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp310-cp310-win32.whl.

File metadata

  • Download URL: external_proc-0.1.1-cp310-cp310-win32.whl
  • Upload date:
  • Size: 126.2 kB
  • Tags: CPython 3.10, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.1-cp310-cp310-win32.whl
Algorithm Hash digest
SHA256 5eb308ef81c01528ce848118015c8f82ac4fdb957ed7a2452317476bc251f179
MD5 fd01c86820fa9b5850eead6cc751fbfa
BLAKE2b-256 958561ab23b7ecb8fefacfd7d190329decc69485ac076a63622fd8f41d0f9bb2

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp310-cp310-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp39-cp39-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.1-cp39-cp39-win_amd64.whl
Algorithm Hash digest
SHA256 13005d10cdbfc1ce7587a45151af70f04c1627ac1086f8c8d2d36abfcffe8334
MD5 d701eb157c157bd8b6f049cd24814c22
BLAKE2b-256 f4d3b9167f55f71e864168e2828e8672384f220c87f9a0e6ba345a804dd11c5d

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp39-cp39-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp39-cp39-win32.whl.

File metadata

  • Download URL: external_proc-0.1.1-cp39-cp39-win32.whl
  • Upload date:
  • Size: 126.3 kB
  • Tags: CPython 3.9, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.1-cp39-cp39-win32.whl
Algorithm Hash digest
SHA256 a82fa9f74a3e39663eca69f13851b02ba89cf05c16998f4dbd8807ef181651a1
MD5 24d671c76b8f361afef62a26ffc662f9
BLAKE2b-256 b393d6ad74f45cd94b4499df5ae4ca2abc346e9f9b409ef6fa35736507235998

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp39-cp39-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp38-cp38-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.1-cp38-cp38-win_amd64.whl
Algorithm Hash digest
SHA256 7684ebae8c9f4d841eeaa970607368cde881a75e4ddb25bc6cc4833b0e8acd25
MD5 082866056c4e3b1a75125a51e9963ad1
BLAKE2b-256 53b3857ff2c068717ec035ecb18227c7bd5f15aad65eece3a71c6b93769393af

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp38-cp38-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.1-cp38-cp38-win32.whl.

File metadata

  • Download URL: external_proc-0.1.1-cp38-cp38-win32.whl
  • Upload date:
  • Size: 126.1 kB
  • Tags: CPython 3.8, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.1-cp38-cp38-win32.whl
Algorithm Hash digest
SHA256 d653ccb6b84d42eeccf09b43c5aa6ce7f038794af655ef1ac383c313e86bc1ad
MD5 b40f37d3685575ac6b7a38bb267f9e9c
BLAKE2b-256 b9192b913de57616141fa7b477d68e3d526496a9b2592d4907869ea81d9c5650

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.1-cp38-cp38-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page