Multi-platform library for memory editing
Project description
mem_edit
mem_edit is a multi-platform memory editing library written in Python.
Homepage: https://mpxd.net/code/jan/mem_edit
- PyPI: https://pypi.org/project/mem-edit/
- Github mirror: https://github.com/anewusername/mem_edit
Capabilities:
- Scan all readable memory used by a process.
- Optionally restrict searches to regions with read + write permissions.
- Report on address space allocation
- Read/write using ctypes objects
- Basic types, e.g.
ctypes.c_ulong() - Arrays, e.g.
(ctypes.c_byte * 4)() - Instances of
ctypes.Structure or ctypes.Unionand subclasses.
- Basic types, e.g.
- Run on Windows and Linux
Installation
Dependencies:
- python >=3.11
- ctypes
- typing (for type annotations)
Install with pip, from PyPI (preferred):
pip3 install mem_edit
Install with pip from git repository
pip3 install git+https://mpxd.net/code/jan/mem_edit.git@release
Documentation
Most functions and classes are documented inline. To read the inline help,
import mem_edit
help(mem_edit.Process)
Examples
Increment a magic number (unsigned long 1234567890) found in 'magic.exe':
import ctypes
from mem_edit import Process
magic_number = ctypes.ulong(1234567890)
pid = Process.get_pid_by_name('magic.exe')
with Process.open_process(pid) as p:
addrs = p.search_all_memory(magic_number)
# We don't want to edit if there's more than one result...
assert(len(addrs) == 1)
# We don't actually have to read the value here, but let's do so anyways...
num_ulong = p.read_memory(addrs[0], ctypes.c_ulong())
num = num_ulong.value
p.write_memory(addrs[0], ctypes.c_ulong(num + 1))
Narrow down a search after a value changes:
import ctypes
from mem_edit import Process
initial_value = 40
final_value = 55
pid = Process.get_pid_by_name('monitor_me.exe')
with Process.open_process(pid) as p:
addrs = p.search_all_memory(ctypes.c_int(initial_value))
input('Press enter when value has changed to ' + str(final_value))
filtered_addrs = p.search_addresses(addrs, ctypes.c_int(final_value))
print('Found addresses:')
for addr in filtered_addrs:
print(hex(addr))
Read and alter a structure:
import ctypes
from mem_edit import Process
class MyStruct(ctypes.Structure):
_fields_ = [
('first_member', ctypes.c_ulong),
('second_member', ctypes.c_void_p),
]
pid = Process.get_pid_by_name('something.exe')
with Process.open_process(pid) as p:
s = MyStruct()
s.first_member = 1234567890
s.second_member = 0x1234
addrs = p.search_all_memory(s)
print(addrs)
p.write_memory(0xafbfe0, s)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mem_edit-0.8.tar.gz.
File metadata
- Download URL: mem_edit-0.8.tar.gz
- Upload date:
- Size: 34.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e3d65da87731177c6d548b51912867218ea667363d3a11bb4fbfd12c83b90147
|
|
| MD5 |
d88c0b891a4380e082ce35480b7873ac
|
|
| BLAKE2b-256 |
d08d4d061546e8895c0ef0f636e8042ef9c345bfb05aa97c7c349245b9882e5e
|
File details
Details for the file mem_edit-0.8-py3-none-any.whl.
File metadata
- Download URL: mem_edit-0.8-py3-none-any.whl
- Upload date:
- Size: 49.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
551bb1df379ea2a3133539dcb732850c1a0227745a0b9b34697161033706555c
|
|
| MD5 |
62471fc3bc4d9265d2ab48190ef8ef5f
|
|
| BLAKE2b-256 |
e845c7d6e015f2569818741fca9101792d5b4fe6e11999e0335effa22f5da095
|
