Multi-platform library for memory editing
Project description
mem_edit
mem_edit is a multi-platform memory editing library written in Python.
Homepage: https://mpxd.net/code/jan/mem_edit
Capabilities:
- Scan all readable memory used by a process.
- Optionally restrict searches to regions with read + write permissions.
- Report on address space allocation
- Read/write using ctypes objects
- Basic types, e.g.
ctypes.c_ulong() - Arrays, e.g.
(ctypes.c_byte * 4)() - Instances of
ctypes.Structure or ctypes.Unionand subclasses.
- Basic types, e.g.
- Run on Windows and Linux
Installation
Dependencies:
- python 3 (written and tested with 3.7)
- ctypes
- typing (for type annotations)
Install with pip, from PyPI (preferred):
pip3 install mem_edit
Install with pip from git repository
pip3 install git+https://mpxd.net/code/jan/mem_edit.git@release
Documentation
Most functions and classes are documented inline. To read the inline help,
import mem_edit
help(mem_edit.Process)
Examples
Increment a magic number (unsigned long 1234567890) found in 'magic.exe':
import ctypes
from mem_edit import Process
magic_number = ctypes.ulong(1234567890)
pid = Process.get_pid_by_name('magic.exe')
with Process.open_process(pid) as p:
addrs = p.search_all_memory(magic_number)
# We don't want to edit if there's more than one result...
assert(len(addrs) == 1)
# We don't actually have to read the value here, but let's do so anyways...
num_ulong = p.read_memory(addrs[0], ctypes.c_ulong())
num = num_ulong.value
p.write_memory(addrs[0], ctypes.c_ulong(num + 1))
Narrow down a search after a value changes:
import ctypes
from mem_edit import Process
initial_value = 40
final_value = 55
pid = Process.get_pid_by_name('monitor_me.exe')
with Process.open_process(pid) as p:
addrs = p.search_all_memory(ctypes.c_int(initial_value))
input('Press enter when value has changed to ' + str(final_value))
filtered_addrs = p.search_addresses(addrs, ctypes.c_int(final_value))
print('Found addresses:')
for addr in filtered_addrs:
print(hex(addr))
Read and alter a structure:
import ctypes
from mem_edit import Process
class MyStruct(ctypes.Structure):
_fields_ = [
('first_member', ctypes.c_ulong),
('second_member', ctypes.c_void_p),
]
pid = Process.get_pid_by_name('something.exe')
with Process.open_process(pid) as p:
s = MyStruct()
s.first_member = 1234567890
s.second_member = 0x1234
addrs = p.search_all_memory(s)
print(addrs)
p.write_memory(0xafbfe0, s)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mem_edit-0.2.tar.gz
(22.7 kB
view details)
Built Distribution
mem_edit-0.2-py3-none-any.whl
(23.6 kB
view details)
File details
Details for the file mem_edit-0.2.tar.gz.
File metadata
- Download URL: mem_edit-0.2.tar.gz
- Upload date:
- Size: 22.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.4.2 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.7.3rc1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a206a85f7131bd829c7131e206f2df9d4d7201e447570856139137548c3b0f75
|
|
| MD5 |
657a6860989730e225fc279a2ae2db54
|
|
| BLAKE2b-256 |
5df5b05ade688d0feec8c470f1efac09417e62a45098bcabb9e80da860f5193f
|
File details
Details for the file mem_edit-0.2-py3-none-any.whl.
File metadata
- Download URL: mem_edit-0.2-py3-none-any.whl
- Upload date:
- Size: 23.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.4.2 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.7.3rc1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8d133314fab9afb92932f0b629ab462e8e93373208cf9a6b4936e06e7185891d
|
|
| MD5 |
fe440b47c77b86b55dfa2f9325c59c44
|
|
| BLAKE2b-256 |
61690f8938cc560d631d973dbac7554ec7f8b03b9a6b9b91f64e3370ef26f72c
|
