Multi-platform library for memory editing
Project description
mem_edit
mem_edit is a multi-platform memory editing library written in Python.
Homepage: https://mpxd.net/code/jan/mem_edit
- PyPI: https://pypi.org/project/mem-edit/
- Github mirror: https://github.com/anewusername/mem_edit
Capabilities:
- Scan all readable memory used by a process.
- Optionally restrict searches to regions with read + write permissions.
- Report on address space allocation
- Read/write using ctypes objects
- Basic types, e.g.
ctypes.c_ulong() - Arrays, e.g.
(ctypes.c_byte * 4)() - Instances of
ctypes.Structure or ctypes.Unionand subclasses.
- Basic types, e.g.
- Run on Windows and Linux
Installation
Dependencies:
- python >=3.11
- ctypes
- typing (for type annotations)
Install with pip, from PyPI (preferred):
pip3 install mem_edit
Install with pip from git repository
pip3 install git+https://mpxd.net/code/jan/mem_edit.git@release
Documentation
Most functions and classes are documented inline. To read the inline help,
import mem_edit
help(mem_edit.Process)
Examples
Increment a magic number (unsigned long 1234567890) found in 'magic.exe':
import ctypes
from mem_edit import Process
magic_number = ctypes.ulong(1234567890)
pid = Process.get_pid_by_name('magic.exe')
with Process.open_process(pid) as p:
addrs = p.search_all_memory(magic_number)
# We don't want to edit if there's more than one result...
assert(len(addrs) == 1)
# We don't actually have to read the value here, but let's do so anyways...
num_ulong = p.read_memory(addrs[0], ctypes.c_ulong())
num = num_ulong.value
p.write_memory(addrs[0], ctypes.c_ulong(num + 1))
Narrow down a search after a value changes:
import ctypes
from mem_edit import Process
initial_value = 40
final_value = 55
pid = Process.get_pid_by_name('monitor_me.exe')
with Process.open_process(pid) as p:
addrs = p.search_all_memory(ctypes.c_int(initial_value))
input('Press enter when value has changed to ' + str(final_value))
filtered_addrs = p.search_addresses(addrs, ctypes.c_int(final_value))
print('Found addresses:')
for addr in filtered_addrs:
print(hex(addr))
Read and alter a structure:
import ctypes
from mem_edit import Process
class MyStruct(ctypes.Structure):
_fields_ = [
('first_member', ctypes.c_ulong),
('second_member', ctypes.c_void_p),
]
pid = Process.get_pid_by_name('something.exe')
with Process.open_process(pid) as p:
s = MyStruct()
s.first_member = 1234567890
s.second_member = 0x1234
addrs = p.search_all_memory(s)
print(addrs)
p.write_memory(0xafbfe0, s)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mem_edit-0.8.tar.gz
(34.7 kB
view details)
Built Distribution
mem_edit-0.8-py3-none-any.whl
(49.1 kB
view details)
File details
Details for the file mem_edit-0.8.tar.gz.
File metadata
- Download URL: mem_edit-0.8.tar.gz
- Upload date:
- Size: 34.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e3d65da87731177c6d548b51912867218ea667363d3a11bb4fbfd12c83b90147 |
|
| MD5 | d88c0b891a4380e082ce35480b7873ac |
|
| BLAKE2b-256 | d08d4d061546e8895c0ef0f636e8042ef9c345bfb05aa97c7c349245b9882e5e |
File details
Details for the file mem_edit-0.8-py3-none-any.whl.
File metadata
- Download URL: mem_edit-0.8-py3-none-any.whl
- Upload date:
- Size: 49.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 551bb1df379ea2a3133539dcb732850c1a0227745a0b9b34697161033706555c |
|
| MD5 | 62471fc3bc4d9265d2ab48190ef8ef5f |
|
| BLAKE2b-256 | e845c7d6e015f2569818741fca9101792d5b4fe6e11999e0335effa22f5da095 |
