def test_write_double(): pm = pymem.Pymem('python.exe') address = pm.allocate(10) pm.write_double(address, 13.37) assert pm.read_double(address) == 13.37 pm.free(address) with pytest.raises(TypeError): pm.write_double(0x111111, "1337") pm = pymem.Pymem() with pytest.raises(pymem.exception.ProcessError): pm.write_double(0x111111, 13.37)
def test_write_string(): pm = pymem.Pymem('python.exe') address = pm.allocate(10) pm.write_string(address, "pymem") assert pm.read_string(address) == "pymem" pm.free(address) with pytest.raises(TypeError): pm.write_string(0x111111, 1) pm = pymem.Pymem() with pytest.raises(pymem.exception.ProcessError): pm.write_string(0x111111, 1)
def __init__(self, process_name): """Class initialization. :param process_name: process name. """ self.process = pymem.Pymem(process_name) self.base_address = self.process.process_base.lpBaseOfDll
def __init__(self): self.pm = pymem.Pymem("csgo.exe") self.base_client = pymem.process.module_from_name( self.pm.process_handle, "client.dll").lpBaseOfDll self.base_engine = pymem.process.module_from_name( self.pm.process_handle, "engine.dll").lpBaseOfDll self.dye_em()
def test_list_process_modules(): pm = pymem.Pymem('python.exe') modules = list(pm.list_modules()) assert len(modules) assert 'python.exe' in [ m.name for m in modules ]
def CMD_WH(): pm = pymem.Pymem('csgo.exe') client = pymem.process.module_from_name(pm.process_handle,'client.dll') clientModule = pm.read_bytes(client.lpBaseOfDll, client.SizeOfImage) address = client.lpBaseOfDll + re.search(rb'\x83\xF8.\x8B\x45\x08\x0F',clientModule).start() + 2 pm.write_uchar(address, 2 if pm.read_uchar(address) == 1 else 1) pm.close_process()
def test_read_no_handle(): pm = pymem.Pymem() with pytest.raises(pymem.exception.ProcessError): pm.read_bool(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_char(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_uchar(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_int(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_uint(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_short(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_ushort(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_float(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_long(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_ulong(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_longlong(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_ulonglong(0x111111) with pytest.raises(pymem.exception.ProcessError): pm.read_double(0x111111)
def get_COH_memory_address(self) -> bool: """Gets the active process for RelicCOH.exe Returns ------- bool True if COH is running. """ try: self.pm = pymem.Pymem("RelicCOH.exe") except Exception as e: if e: pass if self.pm: self.cohProcessID = self.pm.process_id logging.info(f"self.pm : {str(self.pm)}") logging.info(f"cohProcessID : {str(self.cohProcessID)}") ph = self.pm.process_handle mi = pymem.process.module_from_name(ph, "RelicCOH.exe") if mi: self.baseAddress = mi.lpBaseOfDll info = ( "getCOHMemoryAddress self.baseAddress :" f"{str(self.baseAddress)}" ) logging.info(info) self.cohRunning = True logging.info(f"self.cohRunning {self.cohRunning}") return True else: self.cohRunning = False logging.info(f"self.cohRunning {self.cohRunning}") return False
def main(): pm = pymem.Pymem("csgo.exe") client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll engine = pymem.process.module_from_name(pm.process_handle, "engine.dll").lpBaseOfDll rgba = [0, 255, 0] while True: try: time.sleep(0.001) for i in range(32): entity = pm.read_int(client + dwEntityList + i * 0x10) if entity: entity_team_id = pm.read_int(entity + m_iTeamNum) player = pm.read_int(client + dwLocalPlayer) player_team = pm.read_int(player + m_iTeamNum) if entity_team_id != player_team : pm.write_int(entity + m_clrRender, (rgba[0])) pm.write_int(entity + m_clrRender + 0x1, (rgba[1])) pm.write_int(entity + m_clrRender + 0x2, (rgba[2])) else: pass except Exception as e: print(e)
def glow(): pm = pymem.Pymem("csgo.exe") client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll while True: if keyboard.is_pressed('delete'): exit(0) glow_manager = pm.read_int(client + dwGlowObjectManager) for i in range(1, 32): entity = pm.read_int(client + dwEntityList + i * 0x10) if entity: entity_team = pm.read_int(entity + m_iTeamNum) entity_glow = pm.read_int(entity + m_iGlowIndex) #Uses normal RGBA (RED,GREEN,BLUE,ALPHA) Color Input. Use wanted Value divided by 255 Formula if entity_team == 2: #Red Glow for Terrorists pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(255 / 255)) #R pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0 / 255)) #G pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(0 / 255)) #B pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(255 / 255)) #A pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1) #Enables glow for that Entity elif entity_team == 3: #Blue Glow for Terrorists pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(0 / 255)) #R pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0 / 255)) #G pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(255 / 255)) #B pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(255 / 255)) #A pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1) #Enables glow for that Entity
def main(): print("injected") pm = pymem.Pymem("csgo.exe") client = pymem.process.module_from_name(pm.process_handle, "client_panorama.dll").lpBaseOfDll while True: glow_manager = pm.read_int(client + dwGlowObjectManager) for i in range(1, 32): entity = pm.read_int(client + dwEntityList + i * 0x10) if entity: entity_team_id = pm.read_int(entity + m_iTeamNum) entity_glow = pm.read_int(entity + m_iGlowIndex) if entity_team_id == 2: pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(1)) pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0)) pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(0)) pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(1)) pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1) elif entity_team_id == 3: pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(0)) pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0)) pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(1)) pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(1)) pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1)
def main(): while True: try: pm = pymem.Pymem('csgo.exe') p_handle = pm.process_handle base_client = pymem.process.module_from_name(p_handle, 'client.dll').lpBaseOfDll base_engine = pymem.process.module_from_name(p_handle, 'engine.dll').lpBaseOfDll break except: sleep(2) print('[@pyglue]\n') modules = {'base_client':base_client, 'base_engine':base_engine} offsets = get_offsets() offsets_date = datetime.fromtimestamp(offsets['timestamp']) print(f'loaded offsets [{offsets_date}]') glow = Glow(pm, modules, offsets) aim = Aim(pm, modules, offsets) chams = Chams(pm, modules, offsets) with ThreadPoolExecutor() as executor: executor.submit(glow.run) executor.submit(aim.run) executor.submit(chams.run)
def __init__(self, window_handle: int): self.window_handle = window_handle self._pymem = pymem.Pymem() self._pymem.open_process_from_id(self.process_id) self.hook_handler = HookHandler(self._pymem, self) self.cache_handler = CacheHandler() self.mouse_handler = MouseHandler(self) self.stats = CurrentGameStats(self.hook_handler) self.body = CurrentActorBody(self.hook_handler) self.duel = CurrentDuel(self.hook_handler) self.quest_position = CurrentQuestPosition(self.hook_handler) self.client_object = CurrentClientObject(self.hook_handler) self.root_window = CurrentRootWindow(self.hook_handler) self.render_context = CurrentRenderContext(self.hook_handler) self.game_client = CurrentGameClient(self.hook_handler) self._teleport_helper = TeleportHelper(self.hook_handler) self._template_ids = None self._is_loading_addr = None self._world_view_window = None self._movement_update_address = None self._movement_update_original_bytes = None self._movement_update_patched = False # for teleport self._je_instruction_forward_backwards = None
def __init__(self) : try : pm = pymem.Pymem("csgo.exe") except : MessageBox = ctypes.windll.user32.MessageBoxW MessageBox(None, 'Could not find the csgo.exe process !', 'Error', 16) return client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll read("misc") while features_check.check.hitsound : try : read("misc") player = pm.read_int(client + dwLocalPlayer) hitsound = pm.read_int(player + m_totalHitsOnServer) if hitsound > 0: pm.write_int(player + m_totalHitsOnServer, 0) winsound.PlaySound("sounds/"+features_check.check.sound, winsound.SND_FILENAME) time.sleep(0.1) except : pass pm.close_process()
def aGdR(process, sc): pm = pymem.Pymem(process);pm.inject_python_interpreter() try: assert pm.py_run_simple_string except: return False try: pm.inject_python_shellcode(sc) except: return False return True
def scan_for_process(): logger.info('Waiting for aos client.') ps_pid = None ps_cmdline = None while True: # Iterate thru processes to find one that matches our wanted one # and assign important variables for further functions that will be executed for proc in psutil.process_iter(['name', 'pid', 'cmdline']): if proc.info['name'] == 'client.exe': ps_pid = proc.info['pid'] try: ps_cmdline = proc.info['cmdline'][1] # This is the server identifier "aos://XXXXXXXXXX:XXXXX" handle = pymem.Pymem('client.exe') if handle.process_id != ps_pid: logger.info("Not a valid aos process.") return except IndexError: break except pymem.exception.ProcessNotFound: break update_presence(ps_pid, ps_cmdline, handle) else: time.sleep(0.05)
def main(): try: pm = pymem.Pymem("csgo.exe") except: MessageBox = ctypes.windll.user32.MessageBoxW MessageBox(None, 'Could not find the csgo.exe process !', 'Error', 16) return client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll while True: if not GetWindowText( GetForegroundWindow()) == "Counter-Strike: Global Offensive": continue if keyboard.is_pressed("space"): force_jump = client + dwForceJump player = pm.read_int(client + dwLocalPlayer) if player: on_ground = pm.read_int(player + m_fFlags) if on_ground and on_ground == 257: a = randint(0, 5) time.sleep(a / 100) pm.write_int(force_jump, 5) time.sleep(0.08) pm.write_int(force_jump, 4) time.sleep(0.002)
def main(): print("made by pero") pm = pymem.Pymem("csgo.exe") client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll while True: if not keyboard.is_pressed(trigger_key): time.sleep(0.1) print("triggerbot is running") if not GetWindowText( GetForegroundWindow()) == "Counter-Strike: Global Offensive": continue if keyboard.is_pressed(trigger_key): player = pm.read_int(client + dwLocalPlayer) entity_id = pm.read_int(player + m_iCrosshairId) entity = pm.read_int(client + dwEntityList + (entity_id - 1) * 0x10) entity_team = pm.read_int(entity + m_iTeamNum) player_team = pm.read_int(player + m_iTeamNum) if entity_id > 0 and entity_id <= 64 and player_team != entity_team: pm.write_int(client + dwForceAttack, 6) time.sleep(0.006)
def __init__(self): self.dwForceJump = 0x51F4D88 self.dwLocalPlayer = 0xD36B94 self.m_fFlags = 0x104 self.pm = pymem.Pymem("csgo.exe") self.client = pymem.process.module_from_name( self.pm.process_handle, "self.client.dll").lpBaseOfDll while True: if not GetWindowText(GetForegroundWindow() ) == "Counter-Strike: Global Offensive": continue if keyboard.is_pressed("space"): self.force_jump = self.client + self.dwForceJump self.player = self.pm.read_int(self.client + self.dwLocalPlayer) if self.player: self.on_ground = self.pm.read_int(self.player + self.m_fFlags) if self.on_ground and self.on_ground == 257: self.pm.write_int(self.force_jump, 5) time.sleep(0.08) self.pm.write_int(self.force_jump, 4) time.sleep(0.002)
def __init__(self, pid=None, godi_path=None, cmd_path=None): if pid is None: pids = [ ps.pid for ps in psutil.process_iter() if ps.name() == 'WoW.exe' ] if len(pids) <= 1: pid, = pids else: for i, pid in enumerate(pids): print(i, pid) pid = pids[int(input().strip())] pm = pymem.Pymem() pm.open_process_from_id(pid) self.pid = pid self.pm = pm mod, = [mod for mod in pm.list_modules() if mod.name == 'WoW.exe'] base_address = mod.lpBaseOfDll obj_mgr_addr = pm.read_uint(base_address + Offset.obj_manager) first_obj_addr = pm.read_uint(obj_mgr_addr + Offset.ObjectManager.first_obj) self.mod = mod self.base_address = base_address self.player_name = pm.read_string(self.base_address + Offset.player_name) self.first_obj_addr = first_obj_addr if godi_path is not None: self.godi = GameObjectDisplayInfo(godi_path) if cmd_path is not None: self.cmd = CreatureModelData(cmd_path) self._player_name_per_guid = {}
def __init__(self, wallhack, bunnyhop, noflash, topmost, rapidfire, triggerbot, rapidbutton, triggerbutton, thirdperson): self.wallhack = wallhack self.bunnyhop = bunnyhop self.noflash = noflash self.topmost = topmost self.rapidfire = rapidfire self.triggerbot = triggerbot self.rapidbutton = rapidbutton self.triggerbutton = triggerbutton self.thirdperson = thirdperson self.checkforteam = False #Game process, modules self.pm_memory = pymem.Pymem("csgo.exe") self.engine = pymem.process.module_from_name( self.pm_memory.process_handle, "engine.dll").lpBaseOfDll self.client = pymem.process.module_from_name( self.pm_memory.process_handle, "client_panorama.dll").lpBaseOfDll self.lcbase = self.pm_memory.read_int(self.client + dwLocalPlayer) #Starting Threads Thread(target=self.gui_thread).start() Thread(target=self.updategui_thread).start() Thread(target=self.wallhack_thread).start() Thread(target=self.bunnyhop_thread).start() Thread(target=self.noflash_thread).start() Thread(target=self.rapidfire_thread).start() Thread(target=self.triggerbot_thread).start() Thread(target=self.thirdperson_thread).start()
def openEmu(self, emu_name: str = '') -> bool: """Open process by name Parameters ---------- emu_name: str Name of the emulator """ if emu_name: if emu_name in ['Project64']: for Process in psutil.process_iter(): if emu_name in Process.name(): self.pid = Process.pid self.pm = pymem.Pymem() if self.pid: self.pm.open_process_from_id(self.pid) self.is_emuOpen = True self.base_ptr = hex( self.pm.read_int(0x7C640000) & (2**32 - 1)) if self.debug_mode: self.debug_log( f"Process pid {self.pid} has been opened") self.debug_log( f"Base Pointer of SM64 is {self.base_ptr}") else: raise Exception('RAM: Emulator not running') else: raise Exception('RAM: Emulator name not compatible') return True
def ShowM(): pm = pymem.Pymem('csgo.exe') client = pymem.process.module_from_name(pm.process_handle,'client.dll') clientModule = pm.read_bytes(client.lpBaseOfDll, client.SizeOfImage) address = client.lpBaseOfDll + re.search(rb'.\x0C\x5B\x5F\xB8\xFB\xFF\xFF\xFF',clientModule).start() pm.write_uchar(address, 0xEB if pm.read_uchar(address) == 0x75 else 0x75) pm.close_process()
def __init__(self, process_name=D2_GAME_EXE): self.pm = pymem.Pymem(process_name, verbose=False) self.is_d2se = (process_name == D2_SE_EXE) self.base_address = self.pm.process_base.lpBaseOfDll logging.debug('D2 base address: %s' % self.base_address) self.d2_ver = self.get_d2_version() logging.debug('D2 version: %s' % self.d2_ver) self.dlls_loaded = True self.is_plugy = False self.d2client = None self.d2game = None self.d2net = None # print([x.name for x in self.pm.list_modules()]) for mod in self.pm.list_modules(): mod_str = mod.name.lower() if mod_str == 'plugy.dll': self.is_plugy = True elif mod_str == 'd2client.dll': self.d2client = mod.lpBaseOfDll elif mod_str == 'd2game.dll': self.d2game = mod.lpBaseOfDll elif mod_str == 'd2net.dll': self.d2net = mod.lpBaseOfDll if self.is_d2se or self.d2_ver in ['1.13c', '1.13d']: if self.d2client is None or self.d2game is None or self.d2net is None: self.dlls_loaded = False self.patch_supported = True self.world_ptr = None self.players_x_ptr = None self.player_unit_ptr = None
def test_existing_process(): pm = pymem.Pymem('python.exe') assert pm.process_handle assert pm.process_id assert pm.process_base assert pm.main_thread assert pm.main_thread_id
def __init__(self): self.trigc = False self.whc = False self.bhc = False self.nf = False self.fovtog = False self.triggerkey = "" self.fovt = False self.fovkey = "" self.radarc = False self.aimc = False self.silentshit = False self.baim = False self.Fov = int() self.pm = pymem.Pymem("csgo.exe") self.client = pymem.process.module_from_name(self.pm.process_handle, "client.dll").lpBaseOfDll self.engine = pymem.process.module_from_name(self.pm.process_handle, "engine.dll").lpBaseOfDll self.rcse = False self.aimrcs = False self.aimfov = int() self.fovvalue = int() self.aimkey = str() self.larryfov = False
def __init__(self): try: pm = pymem.Pymem("csgo.exe") except: MessageBox = ctypes.windll.user32.MessageBoxW MessageBox(None, 'Could not find the csgo.exe process !', 'Error', 16) return client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll player = pm.read_int(client + dwLocalPlayer) flash_value = player + m_flFlashMaxAlpha read("misc") while features_check.check.no_flash: try: read("misc") pm.write_float(flash_value, float(0)) time.sleep(0.2) except: pass pm.close_process()
def __init__(self): self.dwEntityList = 0x4D4B104 self.dwForceAttack = 0x317C6EC self.dwLocalPlayer = 0xD36B94 self.m_fFlags = 0x104 self.m_iCrosshairId = 0xB3D4 self.m_iTeamNum = 0xF4 self.pm = pymem.Pymem("csgo.exe") self.client = pymem.process.module_from_name( self.pm.process_handle, "self.client.dll").lpBaseOfDll while True: if not GetWindowText(GetForegroundWindow() ) == "Counter-Strike: Global Offensive": continue self.player = self.pm.read_int(self.client + self.dwLocalPlayer) self.entity_id = self.pm.read_int(self.player + self.m_iCrosshairId) self.entity = self.pm.read_int(self.client + self.dwEntityList + (self.entity_id - 1) * 0x10) self.entity_team = self.pm.read_int(self.entity + self.m_iTeamNum) self.player_team = self.pm.read_int(self.player + self.m_iTeamNum) if 0 < self.entity_id <= 64 and self.player_team != self.entity_team: self.pm.write_int(self.client + self.dwForceAttack, 6) time.sleep(0.006)
def test_inject_python_shellcode(): notepad = subprocess.Popen(['notepad.exe']) pm = pymem.Pymem('notepad.exe') pm.inject_python_interpreter() # test already injected pm.inject_python_interpreter() assert pm.py_run_simple_string filepath = os.path.join(os.path.abspath('.'), 'pymem_injection.txt') filepath = filepath.replace("\\", "\\\\") shellcode = """ f = open("{}", "w+") f.write("pymem_injection") f.close() """.format(filepath) pm.inject_python_shellcode(shellcode) assert os.path.exists(filepath) os.remove(filepath) notepad.kill()
def __init__(self, process_name): #self.cheat_table = cheat_table error = None try: sys.stdout = open(os.devnull, "w") sys.stderr = open(os.devnull, "w") self.process = pymem.Pymem(process_name) self.base = self.process.process_base.lpBaseOfDll except pymem.exception.ProcessNotFound as pnf: error = pnf except TypeError as te: error = te finally: sys.stdout.close() sys.stderr.close() sys.stdout = sys.__stdout__ sys.stderr = sys.__stderr__ if error is not None: raise error #self.address_list = load_address_list_from_cheat_table(self.cheat_table, offset=self.base) self.memory_cache = None self.memory_sections = None