From 6913f73db4e822cb75959df863b8424455cda991 Mon Sep 17 00:00:00 2001 From: Jan Petykiewicz Date: Sun, 1 Nov 2020 20:16:46 -0800 Subject: [PATCH] cosmetic and typing-related changes --- mem_edit/abstract.py | 184 ++++++++++++++++++++++--------------- mem_edit/linux.py | 18 ++-- mem_edit/utils.py | 38 +++++--- mem_edit/windows.py | 212 ++++++++++++++++++++++--------------------- setup.py | 3 +- 5 files changed, 256 insertions(+), 199 deletions(-) diff --git a/mem_edit/abstract.py b/mem_edit/abstract.py index fb463f7..f2e6cd1 100644 --- a/mem_edit/abstract.py +++ b/mem_edit/abstract.py @@ -2,7 +2,7 @@ Abstract class for cross-platform memory editing. """ -from typing import List, Tuple +from typing import List, Tuple, Optional, Union, Generator from abc import ABCMeta, abstractmethod from contextlib import contextmanager import copy @@ -23,8 +23,8 @@ class Process(metaclass=ABCMeta): (i.e., by reading from or writing to the memory used by a given process). The static methods - Process.list_available_pids() - Process.get_pid_by_name(executable_filename) + `Process.list_available_pids()` + `Process.get_pid_by_name(executable_filename)` can be used to help find the process id (pid) of the target process. They are provided for convenience only; it is probably better to use the tools built in to your operating system to discover the pid of the specific process you @@ -32,18 +32,19 @@ class Process(metaclass=ABCMeta): Once you have found the pid, you are ready to construct an instance of Process and use it to read and write to memory. Once you are done with the process, - use .close() to free up the process for access by other debuggers etc. - + use `.close()` to free up the process for access by other debuggers etc. + ``` p = Process(1239) p.close() + ``` To read/write to memory, first create a buffer using ctypes: - + ``` buffer0 = (ctypes.c_byte * 5)(39, 50, 03, 40, 30) buffer1 = ctypes.c_ulong() - + ``` and then use - + ``` p.write_memory(0x2fe, buffer0) val0 = p.read_memory(0x220, buffer0)[:] @@ -51,52 +52,52 @@ class Process(metaclass=ABCMeta): val1a = p.read_memory(0x149, buffer1).value val2b = buffer1.value assert(val1a == val2b) + ``` Searching for a value can be done in a number of ways: Search a list of addresses: - found_addresses = p.search_addresses([0x1020, 0x1030], buffer0) + `found_addresses = p.search_addresses([0x1020, 0x1030], buffer0)` Search the entire memory space: - found_addresses = p.search_all_memory(buffer0, writeable_only=False) + `found_addresses = p.search_all_memory(buffer0, writeable_only=False)` You can also get a list of which regions in memory are mapped (readable): - regions = p.list_mapped_regions(writeable_only=False) - - which can be used along with search_buffer(...) to re-create .search_all_memory(...): - + `regions = p.list_mapped_regions(writeable_only=False)` + which can be used along with search_buffer(...) to re-create .search_all_memory(...): + ``` found = [] for region_start, region_stop in regions: region_buffer = (ctypes.c_byte * (region_stop - region_start))() p.read_memory(region_start, region_buffer) found += utils.search_buffer(ctypes.c_ulong(123456790), region_buffer) - + ``` Other useful methods include the context manager, implemented as a static method: - + ``` with Process.open_process(pid) as p: # use p here, no need to call p.close() - + ``` .get_path(), which reports the path of the executable file which was used to start the process: - + ``` executable_path = p.get_path() - + ``` and deref_struct_pointer, which takes a pointer to a struct and reads out the struct members: - + ``` # struct is a list of (offset, buffer) pairs struct_defintion = [(0x0, ctypes.c_ulong()), (0x20, ctypes.c_byte())] values = p.deref_struct_pointer(0x0feab4, struct_defintion) - + ``` which is shorthand for - + ``` struct_addr = p.read_memory(0x0feab4, ctypes.c_void_p()) values = [p.read_memory(struct_addr + 0x0, ctypes.c_ulong()), p.read_memory(struct_addr + 0x20, ctypes.c_byte())] - + ``` ================= Putting all this together, a simple program which alters a magic number in the only running instance of 'magic.exe' might look like this: - + ``` import ctypes from mem_edit import Process @@ -107,9 +108,9 @@ class Process(metaclass=ABCMeta): addrs = p.search_all_memory(magic_number) assert(len(addrs) == 1) p.write_memory(addrs[0], ctypes.c_ulong(42)) - + ``` Searching for a value which changes: - + ``` pid = Process.get_pid_by_name('monitor_me.exe') with Process.open_process(pid) as p: addrs = p.search_all_memory(ctypes.c_int(40)) @@ -118,18 +119,19 @@ class Process(metaclass=ABCMeta): print('Found addresses:') for addr in filtered_addrs: print(hex(addr)) - + ``` """ @abstractmethod def __init__(self, process_id: int): """ Constructing a Process object prepares the process with specified process_id for - memory editing. Finding the process_id for the process you want to edit is often + memory editing. Finding the `process_id` for the process you want to edit is often easiest using os-specific tools (or by launching the process yourself, e.g. with - subprocess.Popen(...)). + `subprocess.Popen(...)`). - :param process_id: Process id (pid) of the target process + Args: + process_id: Process id (pid) of the target process """ pass @@ -140,7 +142,7 @@ class Process(metaclass=ABCMeta): letting other debuggers attach to it instead. This function should be called after you are done working with the process - and will no longer need it. See the Process.open_process(...) context + and will no longer need it. See the `Process.open_process(...)` context manager to avoid having to call this function yourself. """ pass @@ -148,38 +150,45 @@ class Process(metaclass=ABCMeta): @abstractmethod def write_memory(self, base_address: int, write_buffer: ctypes_buffer_t): """ - Write the given buffer to the process's address space, starting at base_address. + Write the given buffer to the process's address space, starting at `base_address`. - :param base_address: The address to write at, in the process's address space. - :param write_buffer: A ctypes object, for example, ctypes.c_ulong(48), - (ctypes.c_byte * 3)(43, 21, 0xff), or a subclass of ctypes.Structure, - which will be written into memory starting at base_address. + Args: + base_address: The address to write at, in the process's address space. + write_buffer: A ctypes object, for example, `ctypes.c_ulong(48)`, + `(ctypes.c_byte * 3)(43, 21, 0xff)`, or a subclass of `ctypes.Structure`, + which will be written into memory starting at `base_address`. """ pass @abstractmethod def read_memory(self, base_address: int, read_buffer: ctypes_buffer_t) -> ctypes_buffer_t: """ - Read into the given buffer from the process's address space, starting at base_address. + Read into the given buffer from the process's address space, starting at `base_address`. - :param base_address: The address to read from, in the process's address space. - :param read_buffer: A ctypes object, for example. ctypes.c_ulong(), - (ctypes.c_byte * 3)(), or a subclass of ctypes.Structure, which will be - overwritten with the contents of the process's memory starting at base_address. - :returns: read_buffer is returned as well as being overwritten. + Args: + base_address: The address to read from, in the process's address space. + read_buffer: A `ctypes` object, for example. `ctypes.c_ulong()`, + `(ctypes.c_byte * 3)()`, or a subclass of `ctypes.Structure`, which will be + overwritten with the contents of the process's memory starting at `base_address`. + + Returns: + `read_buffer` is returned as well as being overwritten. """ pass @abstractmethod def list_mapped_regions(self, writeable_only=True) -> List[Tuple[int, int]]: """ - Return a list of (start_address, stop_address) for the regions of the address space + Return a list of `(start_address, stop_address)` for the regions of the address space accessible to (readable and possibly writable by) the process. By default, this function does not return non-writeable regions. - :param writeable_only: If True, only return regions which are also writeable. - Default true. - :return: List of (start_address, stop_address) for each accessible memory region. + Args: + writeable_only: If `True`, only return regions which are also writeable. + Default `True`. + + Returns: + List of `(start_address, stop_address)` for each accessible memory region. """ pass @@ -188,7 +197,8 @@ class Process(metaclass=ABCMeta): """ Return the path to the executable file which was run to start this process. - :return: A string containing the path. + Returns: + A string containing the path. """ pass @@ -198,13 +208,14 @@ class Process(metaclass=ABCMeta): """ Return a list of all process ids (pids) accessible on this system. - :return: List of running process ids. + Returns: + List of running process ids. """ pass @staticmethod @abstractmethod - def get_pid_by_name(target_name: str) -> int or None: + def get_pid_by_name(target_name: str) -> Optional[int]: """ Attempt to return the process id (pid) of a process which was run with an executable file with the provided name. If no process is found, return None. @@ -215,7 +226,12 @@ class Process(metaclass=ABCMeta): Don't rely on this method if you can possibly avoid it, since it makes no attempt to confirm that it found a unique process and breaks trivially (e.g. if the executable file is renamed). - :return: Process id (pid) of a process with the provided name, or None. + + Args: + target_name: Name of the process to find the PID for + + Returns: + Process id (pid) of a process with the provided name, or `None`. """ pass @@ -225,34 +241,48 @@ class Process(metaclass=ABCMeta): ) -> List[ctypes_buffer_t]: """ Take a pointer to a struct and read out the struct members: + ``` struct_defintion = [(0x0, ctypes.c_ulong()), (0x20, ctypes.c_byte())] values = p.deref_struct_pointer(0x0feab4, struct_defintion) + ``` which is shorthand for + ``` struct_addr = p.read_memory(0x0feab4, ctypes.c_void_p()) values = [p.read_memory(struct_addr + 0x0, ctypes.c_ulong()), p.read_memory(struct_addr + 0x20, ctypes.c_byte())] + ``` - :param base_address: Address at which the struct pointer is located. - :param targets: List of (offset, read_buffer) pairs which will be read from the struct. - :return: List of read values corresponding to the provided targets. + Args: + base_address: Address at which the struct pointer is located. + targets: List of `(offset, read_buffer)` pairs which will be read from the struct. + + Return: + List of read values corresponding to the provided targets. """ base = self.read_memory(base_address, ctypes.c_void_p()).value values = [self.read_memory(base + offset, buffer) for offset, buffer in targets] return values - def search_addresses(self, addresses: List[int], needle_buffer: ctypes_buffer_t, verbatim: bool=True) -> List[int]: + def search_addresses(self, + addresses: List[int], + needle_buffer: ctypes_buffer_t, + verbatim: bool = True, + ) -> List[int]: """ Search for the provided value at each of the provided addresses, and return the addresses where it is found. - :param addresses: List of addresses which should be probed. - :param needle_buffer: The value to search for. This should be a ctypes object of the same - sorts as used by .read_memory(...), which will be compared to the contents of + Args: + addresses: List of addresses which should be probed. + needle_buffer: The value to search for. This should be a `ctypes` object of the same + sorts as used by `.read_memory(...)`, which will be compared to the contents of memory at each of the given addresses. - :param verbatim: If True, perform bitwise comparison when searching for needle_buffer. - If False, perform utils.ctypes_equal-based comparison. Default True. - :return: List of addresses where the needle_buffer was found. + verbatim: If `True`, perform bitwise comparison when searching for `needle_buffer`. + If `False`, perform `utils.ctypes_equal`-based comparison. Default `True`. + + Returns: + List of addresses where the `needle_buffer` was found. """ found = [] read_buffer = copy.copy(needle_buffer) @@ -269,18 +299,25 @@ class Process(metaclass=ABCMeta): found.append(address) return found - def search_all_memory(self, needle_buffer: ctypes_buffer_t, writeable_only: bool=True, verbatim: bool=True) -> List[int]: + def search_all_memory(self, + needle_buffer: ctypes_buffer_t, + writeable_only: bool = True, + verbatim: bool = True, + ) -> List[int]: """ Search the entire memory space accessible to the process for the provided value. - :param needle_buffer: The value to search for. This should be a ctypes object of the same - sorts as used by .read_memory(...), which will be compared to the contents of + Args: + needle_buffer: The value to search for. This should be a ctypes object of the same + sorts as used by `.read_memory(...)`, which will be compared to the contents of memory at each accessible address. - :param writeable_only: If True, only search regions where the process has write access. - Default True. - :param verbatim: If True, perform bitwise comparison when searching for needle_buffer. - If False, perform utils.ctypes_equal-based comparison. Default True. - :return: List of addresses where the needle_buffer was found. + writeable_only: If `True`, only search regions where the process has write access. + Default `True`. + verbatim: If `True`, perform bitwise comparison when searching for `needle_buffer`. + If `False`, perform `utils.ctypes_equal-based` comparison. Default `True`. + + Returns: + List of addresses where the `needle_buffer` was found. """ found = [] if verbatim: @@ -299,15 +336,20 @@ class Process(metaclass=ABCMeta): @classmethod @contextmanager - def open_process(cls, process_id: int) -> 'Process': + def open_process(cls, process_id: int) -> Generator['Process', None, None]: """ Context manager which automatically closes the constructed Process: + ``` with Process.open_process(2394) as p: # use p here # no need to run p.close() + ``` - :param process_id: Process id (pid), passed to the Process constructor. - :return: Constructed Process object. + Args: + process_id: Process id (pid), passed to the Process constructor. + + Returns: + Constructed Process object. """ process = cls(process_id) yield process diff --git a/mem_edit/linux.py b/mem_edit/linux.py index ae8404d..58460b8 100644 --- a/mem_edit/linux.py +++ b/mem_edit/linux.py @@ -2,7 +2,7 @@ Implementation of Process class for Linux """ -from typing import List, Tuple +from typing import List, Tuple, Optional from os import strerror import os import os.path @@ -20,13 +20,13 @@ logger = logging.getLogger(__name__) ptrace_commands = { - 'PTRACE_GETREGS': 12, - 'PTRACE_SETREGS': 13, - 'PTRACE_ATTACH': 16, - 'PTRACE_DETACH': 17, - 'PTRACE_SYSCALL': 24, - 'PTRACE_SEIZE': 16902, - } + 'PTRACE_GETREGS': 12, + 'PTRACE_SETREGS': 13, + 'PTRACE_ATTACH': 16, + 'PTRACE_DETACH': 17, + 'PTRACE_SYSCALL': 24, + 'PTRACE_SEIZE': 16902, + } # import ptrace() from libc @@ -91,7 +91,7 @@ class Process(AbstractProcess): return pids @staticmethod - def get_pid_by_name(target_name: str) -> int or None: + def get_pid_by_name(target_name: str) -> Optional[int]: for pid in Process.list_available_pids(): try: logger.info('Checking name for pid {}'.format(pid)) diff --git a/mem_edit/utils.py b/mem_edit/utils.py index fc15970..2c9c022 100644 --- a/mem_edit/utils.py +++ b/mem_edit/utils.py @@ -12,24 +12,29 @@ Utility functions and types: ctypes_equal(a, b) """ -from typing import List +from typing import List, Union import ctypes -ctypes_buffer_t = ctypes._SimpleCData or ctypes.Array or ctypes.Structure or ctypes.Union +ctypes_buffer_t = Union[ctypes._SimpleCData, ctypes.Array, ctypes.Structure, ctypes.Union] class MemEditError(Exception): pass -def search_buffer_verbatim(needle_buffer: ctypes_buffer_t, haystack_buffer: ctypes_buffer_t) -> List[int]: +def search_buffer_verbatim(needle_buffer: ctypes_buffer_t, + haystack_buffer: ctypes_buffer_t, + ) -> List[int]: """ Search for a buffer inside another buffer, using a direct (bitwise) comparison - :param needle_buffer: Buffer to search for. - :param haystack_buffer: Buffer to search in. - :return: List of offsets where the needle_buffer was found. + Args: + needle_buffer: Buffer to search for. + haystack_buffer: Buffer to search in. + + Returns: + List of offsets where the `needle_buffer` was found. """ found = [] @@ -45,14 +50,19 @@ def search_buffer_verbatim(needle_buffer: ctypes_buffer_t, haystack_buffer: ctyp return found -def search_buffer(needle_buffer: ctypes_buffer_t, haystack_buffer: ctypes_buffer_t) -> List[int]: +def search_buffer(needle_buffer: ctypes_buffer_t, + haystack_buffer: ctypes_buffer_t, + ) -> List[int]: """ - Search for a buffer inside another buffer, using ctypes_equal for comparison. - Much slower than search_buffer_verbatim. + Search for a buffer inside another buffer, using `ctypes_equal` for comparison. + Much slower than `search_buffer_verbatim`. - :param needle_buffer: Buffer to search for. - :param haystack_buffer: Buffer to search in. - :return: List of offsets where the needle_buffer was found. + Args: + needle_buffer: Buffer to search for. + haystack_buffer: Buffer to search in. + + Returns: + List of offsets where the needle_buffer was found. """ found = [] read_type = type(needle_buffer) @@ -63,7 +73,9 @@ def search_buffer(needle_buffer: ctypes_buffer_t, haystack_buffer: ctypes_buffer return found -def ctypes_equal(a: ctypes_buffer_t, b: ctypes_buffer_t) -> bool: +def ctypes_equal(a: ctypes_buffer_t, + b: ctypes_buffer_t, + ) -> bool: """ Check if the values stored inside two ctypes buffers are equal. """ diff --git a/mem_edit/windows.py b/mem_edit/windows.py index cdaf657..e3bb013 100644 --- a/mem_edit/windows.py +++ b/mem_edit/windows.py @@ -2,7 +2,7 @@ Implementation of Process class for Windows """ -from typing import List, Tuple +from typing import List, Tuple, Optional from math import floor from os import strerror import os.path @@ -20,77 +20,77 @@ logger = logging.getLogger(__name__) # Process handle privileges privileges = { - 'PROCESS_QUERY_INFORMATION': 0x0400, - 'PROCESS_VM_OPERATION': 0x0008, - 'PROCESS_VM_READ': 0x0010, - 'PROCESS_VM_WRITE': 0x0020, - } + 'PROCESS_QUERY_INFORMATION': 0x0400, + 'PROCESS_VM_OPERATION': 0x0008, + 'PROCESS_VM_READ': 0x0010, + 'PROCESS_VM_WRITE': 0x0020, + } privileges['PROCESS_RW'] = ( - privileges['PROCESS_QUERY_INFORMATION'] | - privileges['PROCESS_VM_OPERATION'] | - privileges['PROCESS_VM_READ'] | - privileges['PROCESS_VM_WRITE'] - ) + privileges['PROCESS_QUERY_INFORMATION'] | + privileges['PROCESS_VM_OPERATION'] | + privileges['PROCESS_VM_READ'] | + privileges['PROCESS_VM_WRITE'] + ) # Memory region states mem_states = { - 'MEM_COMMIT': 0x1000, - 'MEM_FREE': 0x10000, - 'MEM_RESERVE': 0x2000, - } + 'MEM_COMMIT': 0x1000, + 'MEM_FREE': 0x10000, + 'MEM_RESERVE': 0x2000, + } # Memory region permissions page_protections = { - 'PAGE_EXECUTE': 0x10, - 'PAGE_EXECUTE_READ': 0x20, - 'PAGE_EXECUTE_READWRITE': 0x40, - 'PAGE_EXECUTE_WRITECOPY': 0x80, - 'PAGE_NOACCESS': 0x01, - 'PAGE_READWRITE': 0x04, - 'PAGE_WRITECOPY': 0x08, - } + 'PAGE_EXECUTE': 0x10, + 'PAGE_EXECUTE_READ': 0x20, + 'PAGE_EXECUTE_READWRITE': 0x40, + 'PAGE_EXECUTE_WRITECOPY': 0x80, + 'PAGE_NOACCESS': 0x01, + 'PAGE_READWRITE': 0x04, + 'PAGE_WRITECOPY': 0x08, + } # Custom (combined) permissions page_protections['PAGE_READABLE'] = ( - page_protections['PAGE_EXECUTE_READ'] | - page_protections['PAGE_EXECUTE_READWRITE'] | - page_protections['PAGE_READWRITE'] - ) + page_protections['PAGE_EXECUTE_READ'] | + page_protections['PAGE_EXECUTE_READWRITE'] | + page_protections['PAGE_READWRITE'] + ) page_protections['PAGE_READWRITEABLE'] = ( - page_protections['PAGE_EXECUTE_READWRITE'] | - page_protections['PAGE_READWRITE'] - ) + page_protections['PAGE_EXECUTE_READWRITE'] | + page_protections['PAGE_READWRITE'] + ) # Memory types mem_types = { - 'MEM_IMAGE': 0x1000000, - 'MEM_MAPPED': 0x40000, - 'MEM_PRIVATE': 0x20000, - } + 'MEM_IMAGE': 0x1000000, + 'MEM_MAPPED': 0x40000, + 'MEM_PRIVATE': 0x20000, + } # C struct for VirtualQueryEx class MEMORY_BASIC_INFORMATION32(ctypes.Structure): _fields_ = [ - ('BaseAddress', ctypes.wintypes.DWORD), - ('AllocationBase', ctypes.wintypes.DWORD), - ('AllocationProtect', ctypes.wintypes.DWORD), - ('RegionSize', ctypes.wintypes.DWORD), - ('State', ctypes.wintypes.DWORD), - ('Protect', ctypes.wintypes.DWORD), - ('Type', ctypes.wintypes.DWORD), - ] + ('BaseAddress', ctypes.wintypes.DWORD), + ('AllocationBase', ctypes.wintypes.DWORD), + ('AllocationProtect', ctypes.wintypes.DWORD), + ('RegionSize', ctypes.wintypes.DWORD), + ('State', ctypes.wintypes.DWORD), + ('Protect', ctypes.wintypes.DWORD), + ('Type', ctypes.wintypes.DWORD), + ] class MEMORY_BASIC_INFORMATION64(ctypes.Structure): _fields_ = [ - ('BaseAddress', ctypes.c_ulonglong), - ('AllocationBase', ctypes.c_ulonglong), - ('AllocationProtect', ctypes.wintypes.DWORD), - ('__alignment1', ctypes.wintypes.DWORD), - ('RegionSize', ctypes.c_ulonglong), - ('State', ctypes.wintypes.DWORD), - ('Protect', ctypes.wintypes.DWORD), - ('Type', ctypes.wintypes.DWORD), - ('__alignment2', ctypes.wintypes.DWORD), - ] + ('BaseAddress', ctypes.c_ulonglong), + ('AllocationBase', ctypes.c_ulonglong), + ('AllocationProtect', ctypes.wintypes.DWORD), + ('__alignment1', ctypes.wintypes.DWORD), + ('RegionSize', ctypes.c_ulonglong), + ('State', ctypes.wintypes.DWORD), + ('Protect', ctypes.wintypes.DWORD), + ('Type', ctypes.wintypes.DWORD), + ('__alignment2', ctypes.wintypes.DWORD), + ] PTR_SIZE = ctypes.sizeof(ctypes.c_void_p) if PTR_SIZE == 8: # 64-bit python @@ -98,36 +98,39 @@ if PTR_SIZE == 8: # 64-bit python elif PTR_SIZE == 4: # 32-bit python MEMORY_BASIC_INFORMATION = MEMORY_BASIC_INFORMATION32 -ctypes.windll.kernel32.VirtualQueryEx.argtypes = [ctypes.wintypes.HANDLE, - ctypes.wintypes.LPCVOID, - ctypes.c_void_p, - ctypes.c_size_t] -ctypes.windll.kernel32.ReadProcessMemory.argtypes = [ctypes.wintypes.HANDLE, - ctypes.wintypes.LPCVOID, - ctypes.c_void_p, - ctypes.c_size_t, - ctypes.c_void_p] -ctypes.windll.kernel32.WriteProcessMemory.argtypes = [ctypes.wintypes.HANDLE, - ctypes.wintypes.LPCVOID, - ctypes.c_void_p, - ctypes.c_size_t, - ctypes.c_void_p] +ctypes.windll.kernel32.VirtualQueryEx.argtypes = [ + ctypes.wintypes.HANDLE, + ctypes.wintypes.LPCVOID, + ctypes.c_void_p, + ctypes.c_size_t] +ctypes.windll.kernel32.ReadProcessMemory.argtypes = [ + ctypes.wintypes.HANDLE, + ctypes.wintypes.LPCVOID, + ctypes.c_void_p, + ctypes.c_size_t, + ctypes.c_void_p] +ctypes.windll.kernel32.WriteProcessMemory.argtypes = [ + ctypes.wintypes.HANDLE, + ctypes.wintypes.LPCVOID, + ctypes.c_void_p, + ctypes.c_size_t, + ctypes.c_void_p] # C struct for GetSystemInfo class SYSTEM_INFO(ctypes.Structure): _fields_ = [ - ('wProcessorArchitecture', ctypes.wintypes.WORD), - ('wReserved', ctypes.wintypes.WORD), - ('dwPageSize', ctypes.wintypes.DWORD), - ('lpMinimumApplicationAddress', ctypes.c_void_p), - ('lpMaximumApplicationAddress', ctypes.c_void_p), - ('dwActiveProcessorMask', ctypes.c_void_p), - ('dwNumberOfProcessors', ctypes.wintypes.DWORD), - ('dwProcessorType', ctypes.wintypes.DWORD), - ('dwAllocationGranularity', ctypes.wintypes.DWORD), - ('wProcessorLevel', ctypes.wintypes.WORD), - ('wProcessorRevision', ctypes.wintypes.WORD), - ] + ('wProcessorArchitecture', ctypes.wintypes.WORD), + ('wReserved', ctypes.wintypes.WORD), + ('dwPageSize', ctypes.wintypes.DWORD), + ('lpMinimumApplicationAddress', ctypes.c_void_p), + ('lpMaximumApplicationAddress', ctypes.c_void_p), + ('dwActiveProcessorMask', ctypes.c_void_p), + ('dwNumberOfProcessors', ctypes.wintypes.DWORD), + ('dwProcessorType', ctypes.wintypes.DWORD), + ('dwAllocationGranularity', ctypes.wintypes.DWORD), + ('wProcessorLevel', ctypes.wintypes.WORD), + ('wProcessorRevision', ctypes.wintypes.WORD), + ] class Process(AbstractProcess): @@ -152,24 +155,24 @@ class Process(AbstractProcess): def write_memory(self, base_address: int, write_buffer: ctypes_buffer_t): try: ctypes.windll.kernel32.WriteProcessMemory( - self.process_handle, - base_address, - ctypes.byref(write_buffer), - ctypes.sizeof(write_buffer), - None - ) + self.process_handle, + base_address, + ctypes.byref(write_buffer), + ctypes.sizeof(write_buffer), + None + ) except (BufferError, ValueError, TypeError): raise MemEditError('Error with handle {}: {}'.format(self.process_handle, self._get_last_error())) def read_memory(self, base_address: int, read_buffer: ctypes_buffer_t) -> ctypes_buffer_t: try: ctypes.windll.kernel32.ReadProcessMemory( - self.process_handle, - base_address, - ctypes.byref(read_buffer), - ctypes.sizeof(read_buffer), - None - ) + self.process_handle, + base_address, + ctypes.byref(read_buffer), + ctypes.sizeof(read_buffer), + None + ) except (BufferError, ValueError, TypeError): raise MemEditError('Error with handle {}: {}'.format(self.process_handle, self._get_last_error())) @@ -184,10 +187,9 @@ class Process(AbstractProcess): max_path_len = 260 name_buffer = (ctypes.c_char * max_path_len)() rval = ctypes.windll.psapi.GetProcessImageFileNameA( - self.process_handle, - name_buffer, - max_path_len - ) + self.process_handle, + name_buffer, + max_path_len) if rval > 0: return name_buffer.value.decode() @@ -199,7 +201,7 @@ class Process(AbstractProcess): # According to EnumProcesses docs, you can't find out how many processes there are before # fetching the list. As a result, we grab 100 on the first try, and if we get a full list # of 100, repeatedly double the number until we get fewer than we asked for. - + n = 100 returned_size = ctypes.wintypes.DWORD() returned_size_ptr = ctypes.byref(returned_size) @@ -224,7 +226,7 @@ class Process(AbstractProcess): return pids[:num_returned] @staticmethod - def get_pid_by_name(target_name: str) -> int or None: + def get_pid_by_name(target_name: str) -> Optional[int]: for pid in Process.list_available_pids(): try: logger.info('Checking name for pid {}'.format(pid)) @@ -260,11 +262,10 @@ class Process(AbstractProcess): mbi_size = ctypes.sizeof(mbi) success = ctypes.windll.kernel32.VirtualQueryEx( - self.process_handle, - address, - mbi_ptr, - mbi_size, - ) + self.process_handle, + address, + mbi_ptr, + mbi_size) if success != mbi_size: if success == 0: @@ -279,10 +280,11 @@ class Process(AbstractProcess): page_ptr = start while page_ptr < stop: page_info = get_mem_info(page_ptr) - if page_info.Type == mem_types['MEM_PRIVATE'] and \ - page_info.State == mem_states['MEM_COMMIT'] and \ - page_info.Protect & page_protections['PAGE_READABLE'] != 0 and \ - (page_info.Protect & page_protections['PAGE_READWRITEABLE'] != 0 or not writeable_only): + if (page_info.Type == mem_types['MEM_PRIVATE'] + and page_info.State == mem_states['MEM_COMMIT'] + and page_info.Protect & page_protections['PAGE_READABLE'] != 0 + and (page_info.Protect & page_protections['PAGE_READWRITEABLE'] != 0 + or not writeable_only)): regions.append((page_ptr, page_ptr + page_info.RegionSize)) page_ptr += page_info.RegionSize diff --git a/setup.py b/setup.py index 3a55145..130ebf2 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,8 @@ from setuptools import setup, find_packages -with open('README.md', 'r') as f: + +with open('README.md', 'rt') as f: long_description = f.read() with open('mem_edit/VERSION.py', 'rt') as f: