API tools faq
paste
Advertisement
here2share

# ReadWriteMemory.py

here2share
Feb 24th, 2021
2,041
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 6.01 KB | None | 0 0
raw download clone embed print report
  1. # ReadWriteMemory.py
  2.  
  3. import os.path
  4. import ctypes
  5. import ctypes.wintypes
  6.  
  7. # Process Permissions
  8. PROCESS_QUERY_INFORMATION = 0x0400
  9. PROCESS_VM_OPERATION = 0x0008
  10. PROCESS_VM_READ = 0x0010
  11. PROCESS_VM_WRITE = 0x0020
  12.  
  13. MAX_PATH = 260
  14.  
  15.  
  16. class ReadWriteMemory:
  17.  
  18.     def GetProcessIdByName(self, pName):
  19.         if pName.endswith('.exe'):
  20.             pass
  21.         else:
  22.             pName = pName+'.exe'
  23.          
  24.         ProcessIds, BytesReturned = self.EnumProcesses()
  25.  
  26.         for index in list(range(int(BytesReturned / ctypes.sizeof(ctypes.wintypes.DWORD)))):
  27.             ProcessId = ProcessIds[index]
  28.             hProcess = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId)
  29.             if hProcess:
  30.                 ImageFileName = (ctypes.c_char*MAX_PATH)()
  31.                 if ctypes.windll.psapi.GetProcessImageFileNameA(hProcess, ImageFileName, MAX_PATH) > 0:
  32.                     filename = os.path.basename(ImageFileName.value)
  33.                     if filename.decode('utf-8') == pName:
  34.                         return ProcessId
  35.                 self.CloseHandle(hProcess)
  36.  
  37.     def EnumProcesses(self):
  38.         count = 32
  39.         while True:
  40.             ProcessIds = (ctypes.wintypes.DWORD*count)()
  41.             cb = ctypes.sizeof(ProcessIds)
  42.             BytesReturned = ctypes.wintypes.DWORD()
  43.             if ctypes.windll.Psapi.EnumProcesses(ctypes.byref(ProcessIds), cb, ctypes.byref(BytesReturned)):
  44.                 if BytesReturned.value < cb:
  45.                     return ProcessIds, BytesReturned.value
  46.                 else:
  47.                     count *= 2
  48.             else:
  49.                 return None
  50.  
  51.     def OpenProcess(self, dwProcessId):
  52.         dwDesiredAccess = (PROCESS_QUERY_INFORMATION |
  53.                            PROCESS_VM_OPERATION |
  54.                            PROCESS_VM_READ | PROCESS_VM_WRITE)
  55.         bInheritHandle = False
  56.         hProcess = ctypes.windll.kernel32.OpenProcess(
  57.                                                     dwDesiredAccess,
  58.                                                     bInheritHandle,
  59.                                                     dwProcessId
  60.                                                     )
  61.         if hProcess:
  62.             return hProcess
  63.         else:
  64.             return None
  65.  
  66.     def CloseHandle(self, hProcess):
  67.         ctypes.windll.kernel32.CloseHandle(hProcess)
  68.         return self.GetLastError()
  69.  
  70.     def GetLastError(self):
  71.         return ctypes.windll.kernel32.GetLastError()
  72.  
  73.     def getPointer(self, hProcess, lpBaseAddress, offsets):
  74.         pointer = self.ReadProcessMemory2(hProcess, lpBaseAddress)
  75.         if offsets == None:
  76.             return lpBaseAddress
  77.         elif len(offsets) == 1:
  78.             temp = int(str(pointer), 0) + int(str(offsets[0]), 0)
  79.             return temp
  80.         else:
  81.             count = len(offsets)
  82.             for i in offsets:
  83.                 count -= 1
  84.                 temp = int(str(pointer), 0) + int(str(i), 0)
  85.                 pointer = self.ReadProcessMemory2(hProcess, temp)
  86.                 if count == 1:
  87.                     break
  88.             return pointer
  89.  
  90.     def ReadProcessMemory(self, hProcess, lpBaseAddress):
  91.         try:
  92.             lpBaseAddress = lpBaseAddress
  93.             ReadBuffer = ctypes.c_uint()
  94.             lpBuffer = ctypes.byref(ReadBuffer)
  95.             nSize = ctypes.sizeof(ReadBuffer)
  96.             lpNumberOfBytesRead = ctypes.c_ulong(0)
  97.  
  98.             ctypes.windll.kernel32.ReadProcessMemory(
  99.                                                     hProcess,
  100.                                                     lpBaseAddress,
  101.                                                     lpBuffer,
  102.                                                     nSize,
  103.                                                     lpNumberOfBytesRead
  104.                                                     )
  105.             return ReadBuffer.value
  106.         except (BufferError, ValueError, TypeError):
  107.             self.CloseHandle(hProcess)
  108.             e = 'Handle Closed, Error', hProcess, self.GetLastError()
  109.             return e
  110.  
  111.     def ReadProcessMemory2(self, hProcess, lpBaseAddress):
  112.         try:
  113.             lpBaseAddress = lpBaseAddress
  114.             ReadBuffer = ctypes.c_uint()
  115.             lpBuffer = ctypes.byref(ReadBuffer)
  116.             nSize = ctypes.sizeof(ReadBuffer)
  117.             lpNumberOfBytesRead = ctypes.c_ulong(0)
  118.  
  119.             ctypes.windll.kernel32.ReadProcessMemory(
  120.                                                     hProcess,
  121.                                                     lpBaseAddress,
  122.                                                     lpBuffer,
  123.                                                     nSize,
  124.                                                     lpNumberOfBytesRead
  125.                                                     )
  126.             return ReadBuffer.value
  127.         except (BufferError, ValueError, TypeError):
  128.             self.CloseHandle(hProcess)
  129.             e = 'Handle Closed, Error', hProcess, self.GetLastError()
  130.             return e
  131.  
  132.     def WriteProcessMemory(self, hProcess, lpBaseAddress, Value):
  133.         try:
  134.             lpBaseAddress = lpBaseAddress
  135.             Value = Value
  136.             WriteBuffer = ctypes.c_uint(Value)
  137.             lpBuffer = ctypes.byref(WriteBuffer)
  138.             nSize = ctypes.sizeof(WriteBuffer)
  139.             lpNumberOfBytesWritten = ctypes.c_ulong(0)
  140.  
  141.             ctypes.windll.kernel32.WriteProcessMemory(
  142.                                                     hProcess,
  143.                                                     lpBaseAddress,
  144.                                                     lpBuffer,
  145.                                                     nSize,
  146.                                                     lpNumberOfBytesWritten
  147.                                                     )
  148.         except (BufferError, ValueError, TypeError):
  149.             self.CloseHandle(hProcess)
  150.             e = 'Handle Closed, Error', hProcess, self.GetLastError()
  151.             return e
  152.  
  153.  
  154. rwm = ReadWriteMemory()
  155.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!