Skip to main content

A library for interacting with Windows process memory

Project description



Invade is a Python 3 library for interacting with Windows processes. Common uses: software security and malware research, reverse engineering, and PoCs.

There are four classes in

  • Me: for operating environment info
  • Scout: for process discovery
  • Target: for target process info
  • Tool: for main operation

Common use case overview:

  1. Create an instance of Me and check the operating environment for compatibility.
  2. Use Scout to get a list of active processes and the desired PID (process identifier).
  3. Instantiate Target using the PID obtained by Scout.
  4. Check Target instance properties for information about the target process.
  5. Interact with the target process using Tool methods.

Another common use case is Invade's relatively fast byte pattern search with wildcard support. Operation is similar to IDA's "sequence of bytes" search. Use Tool.search_file_pattern() to search through a file on disk.

Tool.memory_read_pointers() is also useful. With it, you can read through a series of dynamically allocated memory pointers in another process. The method accepts a string containing a start address and relative pointers with common arithmetic operators.

Refer to for additional information and usage instructions.

Refer to for release notes.


Python 3.6+ is required

pip install invade

Install Keystone for Python. See Python module for Windows - Binaries.

Install Capstone for Python. See Python module for Windows - Binaries.


Inside /invade:

  • contains all main code and classes
  • contains Windows API code
  • contains version information

Example Projects


Chad Gosselin (


Thank you to the following projects:


This project is licensed under the MIT License. See for details. This project is for educational purposes only. Use at your own risk.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for invade, version 0.0.6
Filename, size File type Python version Upload date Hashes
Filename, size invade-0.0.6-py3-none-any.whl (18.1 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size invade-0.0.6.tar.gz (18.6 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page