Skip to main content

Multi-platform library for memory editing

Project description

mem_edit

mem_edit is a multi-platform memory editing library written in Python.

Homepage: https://mpxd.net/code/jan/mem_edit

Capabilities:

  • Scan all readable memory used by a process.
    • Optionally restrict searches to regions with read + write permissions.
    • Report on address space allocation
  • Read/write using ctypes objects
    • Basic types, e.g. ctypes.c_ulong()
    • Arrays, e.g. (ctypes.c_byte * 4)()
    • Instances of ctypes.Structure or ctypes.Union and subclasses.
  • Run on Windows and Linux

Installation

Dependencies:

  • python >=3.11
  • ctypes
  • typing (for type annotations)

Install with pip, from PyPI (preferred):

pip3 install mem_edit

Install with pip from git repository

pip3 install git+https://mpxd.net/code/jan/mem_edit.git@release

Documentation

Most functions and classes are documented inline. To read the inline help,

import mem_edit
help(mem_edit.Process)

Examples

Increment a magic number (unsigned long 1234567890) found in 'magic.exe':

    import ctypes
    from mem_edit import Process

    magic_number = ctypes.ulong(1234567890)

    pid = Process.get_pid_by_name('magic.exe')
    with Process.open_process(pid) as p:
        addrs = p.search_all_memory(magic_number)

        # We don't want to edit if there's more than one result...
        assert(len(addrs) == 1)

        # We don't actually have to read the value here, but let's do so anyways...
        num_ulong = p.read_memory(addrs[0], ctypes.c_ulong())
        num = num_ulong.value

        p.write_memory(addrs[0], ctypes.c_ulong(num + 1))

Narrow down a search after a value changes:

    import ctypes
    from mem_edit import Process

    initial_value = 40
    final_value = 55

    pid = Process.get_pid_by_name('monitor_me.exe')
    with Process.open_process(pid) as p:
        addrs = p.search_all_memory(ctypes.c_int(initial_value))

        input('Press enter when value has changed to ' + str(final_value))

        filtered_addrs = p.search_addresses(addrs, ctypes.c_int(final_value))

        print('Found addresses:')
        for addr in filtered_addrs:
            print(hex(addr))

Read and alter a structure:

    import ctypes
    from mem_edit import Process

    class MyStruct(ctypes.Structure):
        _fields_ = [
               ('first_member', ctypes.c_ulong),
               ('second_member', ctypes.c_void_p),
               ]

    pid = Process.get_pid_by_name('something.exe')

    with Process.open_process(pid) as p:
        s = MyStruct()
        s.first_member = 1234567890
        s.second_member = 0x1234

        addrs = p.search_all_memory(s)
        print(addrs)

        p.write_memory(0xafbfe0, s)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mem_edit-0.8.tar.gz (34.7 kB view details)

Uploaded Source

Built Distribution

mem_edit-0.8-py3-none-any.whl (49.1 kB view details)

Uploaded Python 3

File details

Details for the file mem_edit-0.8.tar.gz.

File metadata

  • Download URL: mem_edit-0.8.tar.gz
  • Upload date:
  • Size: 34.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.11.8

File hashes

Hashes for mem_edit-0.8.tar.gz
Algorithm Hash digest
SHA256 e3d65da87731177c6d548b51912867218ea667363d3a11bb4fbfd12c83b90147
MD5 d88c0b891a4380e082ce35480b7873ac
BLAKE2b-256 d08d4d061546e8895c0ef0f636e8042ef9c345bfb05aa97c7c349245b9882e5e

See more details on using hashes here.

File details

Details for the file mem_edit-0.8-py3-none-any.whl.

File metadata

  • Download URL: mem_edit-0.8-py3-none-any.whl
  • Upload date:
  • Size: 49.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.11.8

File hashes

Hashes for mem_edit-0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 551bb1df379ea2a3133539dcb732850c1a0227745a0b9b34697161033706555c
MD5 62471fc3bc4d9265d2ab48190ef8ef5f
BLAKE2b-256 e845c7d6e015f2569818741fca9101792d5b4fe6e11999e0335effa22f5da095

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page