This repository has been archived by the owner on Aug 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
memory.py
127 lines (106 loc) · 4.05 KB
/
memory.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
import win32api, win32process, win32con
from ctypes import *
from ctypes.wintypes import *
class PROCESSENTRY32(Structure):
_fields_ = [ ( 'dwSize' , DWORD ) ,
( 'cntUsage' , DWORD) ,
( 'th32ProcessID' , DWORD) ,
( 'th32DefaultHeapID' , POINTER(ULONG)) ,
( 'th32ModuleID' , DWORD) ,
( 'cntThreads' , DWORD) ,
( 'th32ParentProcessID' , DWORD) ,
( 'pcPriClassBase' , LONG) ,
( 'dwFlags' , DWORD) ,
( 'szExeFile' , c_char * 260 ) ]
class Memory(object):
def __init__(self):
self.CreateToolhelp32Snapshot = CDLL("kernel32.dll").CreateToolhelp32Snapshot
self.Process32First = CDLL("kernel32.dll").Process32First
self.Process32Next = CDLL("kernel32.dll").Process32Next
self.GetLastError = CDLL("kernel32.dll").GetLastError
self.CloseHandle = CDLL("kernel32.dll").CloseHandle
self.OpenProcess = CDLL("kernel32.dll").OpenProcess
self.ReadProcessMemory = CDLL("kernel32.dll").ReadProcessMemory
self.WriteProcessMemory = CDLL("kernel32.dll").WriteProcessMemory
self.VirtualProtectEx = CDLL("kernel32.dll").VirtualProtectEx
self.EnumProcessModulesEx = CDLL("Psapi.dll").EnumProcessModulesEx
self.TH32CS_SNAPPROCESS = 0x00000002
self.ALL_ACCESS = 0x1f0fff
def EnumModules(self, Handle):
return win32process.EnumProcessModulesEx(Handle, 3)
def GetProcessIDByName(self, pname):
pname = bytes(pname, encoding="utf8")
hSnapshot = HANDLE
hSnapshot = self.CreateToolhelp32Snapshot(self.TH32CS_SNAPPROCESS, 0)
if (hSnapshot):
pe32 = PROCESSENTRY32()
pe32.dwSize = sizeof(PROCESSENTRY32);
process = self.Process32First(hSnapshot, byref(pe32))
while True:
process = self.Process32Next(hSnapshot, byref(pe32))
if process:
if pe32.szExeFile.lower() == pname.lower():
return pe32.th32ProcessID
else:
print("Process not found!")
return False
else:
print("Snapshot failed!")
return False
def GetProcessHandle(self, pname, hType):
pid = self.GetProcessIDByName(pname)
if pid and type(1) == type(pid):
if hType == 0:
phandle = HANDLE(self.OpenProcess(DWORD(self.ALL_ACCESS),False,DWORD(pid)))
elif hType == 1:
phandle = self.OpenProcess(DWORD(self.ALL_ACCESS),False,DWORD(pid))
if phandle:
return phandle
else:
return self.GetLastError()
else:
print("Couldn't get the process ID!")
return False
def Read_UINT32(self, handle, addr):
buffer = c_ulong(0)
ret = self.ReadProcessMemory(handle,LPCVOID(addr),byref(buffer),sizeof(buffer),None)
if (ret == 0):
print("[+] ERROR: ReadProcessMemory Failed: ", self.GetLastError())
print("[+] ERROR: Access of Address", addr, " failed")
exit(1)
return buffer.value
def Read_UINT64(self, handle, addr):
buffer = c_ulonglong()
ret = self.ReadProcessMemory(handle, LPCVOID(addr), byref(buffer), sizeof(buffer), None)
if (ret == 0):
print("[+] ERROR: ReadProcessMemory Failed: ", self.GetLastError())
print("[+] ERROR: Access of Address", addr, " failed")
exit(1)
return buffer.value
def Read_String(self, handle, addr):
buffer = c_ulonglong(0)
ret = self.ReadProcessMemory(handle, LPCVOID(addr), byref(buffer), sizeof(buffer), None)
if (ret == 0):
print("[+] ERROR: ReadProcessMemory Failed: ", self.GetLastError())
print("[+] ERROR: Access of Address", addr, " failed")
exit(1)
str = ""
while (1):
c = c_char()
ret = self.ReadProcessMemory(handle,buffer,byref(c),sizeof(c),None)
if (ret == 0):
print("[+] ERROR: ReadProcessMemory Failed: ", self.GetLastError())
print("[+] ERROR: Access of Address", addr, " failed")
exit(1)
if (c.value == '\x00'):
break
str += c.value
buffer.value += 1
return str
def Write_UINT64(self, handle, addr, value):
buffer = c_ulonglong(value)
ret = self.WriteProcessMemory(handle,LPCVOID(addr),byref(buffer),sizeof(buffer),None)
if (ret == 0):
print("[+] ERROR: WriteProcessMemory Failed: ", self.GetLastError())
print("[+] ERROR: Access of Address", addr, " failed")
exit(1)