forked from jan/mem_edit
Fix docs (Process.open() -> Process(); remove trailing whitespace
This commit is contained in:
parent
96eea79bfc
commit
9f71883fbe
@ -32,36 +32,36 @@ class Process(metaclass=ABCMeta):
|
|||||||
Once you have found the pid, you are ready to construct an instance of Process
|
Once you have found the pid, you are ready to construct an instance of Process
|
||||||
and use it to read and write to memory. Once you are done with the process,
|
and use it to read and write to memory. Once you are done with the process,
|
||||||
use .close() to free up the process for access by other debuggers etc.
|
use .close() to free up the process for access by other debuggers etc.
|
||||||
|
|
||||||
p = Process.open(1239)
|
p = Process(1239)
|
||||||
p.close()
|
p.close()
|
||||||
|
|
||||||
To read/write to memory, first create a buffer using ctypes:
|
To read/write to memory, first create a buffer using ctypes:
|
||||||
|
|
||||||
buffer0 = (ctypes.c_byte * 5)(39, 50, 03, 40, 30)
|
buffer0 = (ctypes.c_byte * 5)(39, 50, 03, 40, 30)
|
||||||
buffer1 = ctypes.c_ulong()
|
buffer1 = ctypes.c_ulong()
|
||||||
|
|
||||||
and then use
|
and then use
|
||||||
|
|
||||||
p.write_memory(0x2fe, buffer0)
|
p.write_memory(0x2fe, buffer0)
|
||||||
|
|
||||||
val0 = p.read_memory(0x220, buffer0)[:]
|
val0 = p.read_memory(0x220, buffer0)[:]
|
||||||
|
|
||||||
val1a = p.read_memory(0x149, buffer1).value
|
val1a = p.read_memory(0x149, buffer1).value
|
||||||
val2b = buffer1.value
|
val2b = buffer1.value
|
||||||
assert(val1a == val2b)
|
assert(val1a == val2b)
|
||||||
|
|
||||||
Searching for a value can be done in a number of ways:
|
Searching for a value can be done in a number of ways:
|
||||||
Search a list of addresses:
|
Search a list of addresses:
|
||||||
found_addresses = p.search_addresses([0x1020, 0x1030], buffer0)
|
found_addresses = p.search_addresses([0x1020, 0x1030], buffer0)
|
||||||
Search the entire memory space:
|
Search the entire memory space:
|
||||||
found_addresses = p.search_all_memory(buffer0, writeable_only=False)
|
found_addresses = p.search_all_memory(buffer0, writeable_only=False)
|
||||||
|
|
||||||
You can also get a list of which regions in memory are mapped (readable):
|
You can also get a list of which regions in memory are mapped (readable):
|
||||||
regions = p.list_mapped_regions(writeable_only=False)
|
regions = p.list_mapped_regions(writeable_only=False)
|
||||||
|
|
||||||
which can be used along with search_buffer(...) to re-create .search_all_memory(...):
|
which can be used along with search_buffer(...) to re-create .search_all_memory(...):
|
||||||
|
|
||||||
found = []
|
found = []
|
||||||
for region_start, region_stop in regions:
|
for region_start, region_stop in regions:
|
||||||
region_buffer = (ctypes.c_byte * (region_stop - region_start))()
|
region_buffer = (ctypes.c_byte * (region_stop - region_start))()
|
||||||
@ -69,15 +69,15 @@ class Process(metaclass=ABCMeta):
|
|||||||
found += utils.search_buffer(ctypes.c_ulong(123456790), region_buffer)
|
found += utils.search_buffer(ctypes.c_ulong(123456790), region_buffer)
|
||||||
|
|
||||||
Other useful methods include the context manager, implemented as a static method:
|
Other useful methods include the context manager, implemented as a static method:
|
||||||
|
|
||||||
with Process.open_process(pid) as p:
|
with Process.open_process(pid) as p:
|
||||||
# use p here, no need to call p.close()
|
# use p here, no need to call p.close()
|
||||||
|
|
||||||
.get_path(), which reports the path of the executable file which was used
|
.get_path(), which reports the path of the executable file which was used
|
||||||
to start the process:
|
to start the process:
|
||||||
|
|
||||||
executable_path = p.get_path()
|
executable_path = p.get_path()
|
||||||
|
|
||||||
and deref_struct_pointer, which takes a pointer to a struct and reads out the struct members:
|
and deref_struct_pointer, which takes a pointer to a struct and reads out the struct members:
|
||||||
|
|
||||||
# struct is a list of (offset, buffer) pairs
|
# struct is a list of (offset, buffer) pairs
|
||||||
@ -86,7 +86,7 @@ class Process(metaclass=ABCMeta):
|
|||||||
values = p.deref_struct_pointer(0x0feab4, struct_defintion)
|
values = p.deref_struct_pointer(0x0feab4, struct_defintion)
|
||||||
|
|
||||||
which is shorthand for
|
which is shorthand for
|
||||||
|
|
||||||
struct_addr = p.read_memory(0x0feab4, ctypes.c_void_p())
|
struct_addr = p.read_memory(0x0feab4, ctypes.c_void_p())
|
||||||
values = [p.read_memory(struct_addr + 0x0, ctypes.c_ulong()),
|
values = [p.read_memory(struct_addr + 0x0, ctypes.c_ulong()),
|
||||||
p.read_memory(struct_addr + 0x20, ctypes.c_byte())]
|
p.read_memory(struct_addr + 0x20, ctypes.c_byte())]
|
||||||
@ -168,14 +168,14 @@ class Process(metaclass=ABCMeta):
|
|||||||
:returns: read_buffer is returned as well as being overwritten.
|
:returns: read_buffer is returned as well as being overwritten.
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
def list_mapped_regions(self, writeable_only=True) -> List[Tuple[int, int]]:
|
def list_mapped_regions(self, writeable_only=True) -> List[Tuple[int, int]]:
|
||||||
"""
|
"""
|
||||||
Return a list of (start_address, stop_address) for the regions of the address space
|
Return a list of (start_address, stop_address) for the regions of the address space
|
||||||
accessible to (readable and possibly writable by) the process.
|
accessible to (readable and possibly writable by) the process.
|
||||||
By default, this function does not return non-writeable regions.
|
By default, this function does not return non-writeable regions.
|
||||||
|
|
||||||
:param writeable_only: If True, only return regions which are also writeable.
|
:param writeable_only: If True, only return regions which are also writeable.
|
||||||
Default true.
|
Default true.
|
||||||
:return: List of (start_address, stop_address) for each accessible memory region.
|
:return: List of (start_address, stop_address) for each accessible memory region.
|
||||||
@ -197,7 +197,7 @@ class Process(metaclass=ABCMeta):
|
|||||||
"""
|
"""
|
||||||
Return a list of all process ids (pids) accessible on this system.
|
Return a list of all process ids (pids) accessible on this system.
|
||||||
|
|
||||||
:return: List of running process ids.
|
:return: List of running process ids.
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -216,8 +216,8 @@ class Process(metaclass=ABCMeta):
|
|||||||
executable file is renamed).
|
executable file is renamed).
|
||||||
:return: Process id (pid) of a process with the provided name, or None.
|
:return: Process id (pid) of a process with the provided name, or None.
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def deref_struct_pointer(self,
|
def deref_struct_pointer(self,
|
||||||
base_address: int,
|
base_address: int,
|
||||||
targets: List[Tuple[int, ctypes_buffer_t]],
|
targets: List[Tuple[int, ctypes_buffer_t]],
|
||||||
@ -279,7 +279,7 @@ class Process(metaclass=ABCMeta):
|
|||||||
except OSError:
|
except OSError:
|
||||||
logger.error('Failed to read in range 0x{} - 0x{}'.format(start, stop))
|
logger.error('Failed to read in range 0x{} - 0x{}'.format(start, stop))
|
||||||
return found
|
return found
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
@contextmanager
|
@contextmanager
|
||||||
def open_process(cls, process_id: int) -> 'Process':
|
def open_process(cls, process_id: int) -> 'Process':
|
||||||
|
Loading…
Reference in New Issue
Block a user