def test_write_double():
pm = pymem.Pymem('python.exe')
address = pm.allocate(10)
pm.write_double(address, 13.37)
assert pm.read_double(address) == 13.37
pm.free(address)
with pytest.raises(TypeError):
pm.write_double(0x111111, "1337")
pm = pymem.Pymem()
with pytest.raises(pymem.exception.ProcessError):
pm.write_double(0x111111, 13.37)
def test_write_string():
pm = pymem.Pymem('python.exe')
address = pm.allocate(10)
pm.write_string(address, "pymem")
assert pm.read_string(address) == "pymem"
pm.free(address)
with pytest.raises(TypeError):
pm.write_string(0x111111, 1)
pm = pymem.Pymem()
with pytest.raises(pymem.exception.ProcessError):
pm.write_string(0x111111, 1)
def __init__(self, process_name):
"""Class initialization.
:param process_name: process name.
"""
self.process = pymem.Pymem(process_name)
self.base_address = self.process.process_base.lpBaseOfDll
def __init__(self):
self.pm = pymem.Pymem("csgo.exe")
self.base_client = pymem.process.module_from_name(
self.pm.process_handle, "client.dll").lpBaseOfDll
self.base_engine = pymem.process.module_from_name(
self.pm.process_handle, "engine.dll").lpBaseOfDll
self.dye_em()
def test_list_process_modules():
pm = pymem.Pymem('python.exe')
modules = list(pm.list_modules())
assert len(modules)
assert 'python.exe' in [
m.name for m in modules
]
def CMD_WH():
pm = pymem.Pymem('csgo.exe')
client = pymem.process.module_from_name(pm.process_handle,'client.dll')
clientModule = pm.read_bytes(client.lpBaseOfDll, client.SizeOfImage)
address = client.lpBaseOfDll + re.search(rb'\x83\xF8.\x8B\x45\x08\x0F',clientModule).start() + 2
pm.write_uchar(address, 2 if pm.read_uchar(address) == 1 else 1)
pm.close_process()
def test_read_no_handle():
pm = pymem.Pymem()
with pytest.raises(pymem.exception.ProcessError):
pm.read_bool(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_char(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_uchar(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_int(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_uint(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_short(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_ushort(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_float(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_long(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_ulong(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_longlong(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_ulonglong(0x111111)
with pytest.raises(pymem.exception.ProcessError):
pm.read_double(0x111111)
def get_COH_memory_address(self) -> bool:
"""Gets the active process for RelicCOH.exe
Returns
-------
bool
True if COH is running.
"""
try:
self.pm = pymem.Pymem("RelicCOH.exe")
except Exception as e:
if e:
pass
if self.pm:
self.cohProcessID = self.pm.process_id
logging.info(f"self.pm : {str(self.pm)}")
logging.info(f"cohProcessID : {str(self.cohProcessID)}")
ph = self.pm.process_handle
mi = pymem.process.module_from_name(ph, "RelicCOH.exe")
if mi:
self.baseAddress = mi.lpBaseOfDll
info = (
"getCOHMemoryAddress self.baseAddress :"
f"{str(self.baseAddress)}"
)
logging.info(info)
self.cohRunning = True
logging.info(f"self.cohRunning {self.cohRunning}")
return True
else:
self.cohRunning = False
logging.info(f"self.cohRunning {self.cohRunning}")
return False
def main():
pm = pymem.Pymem("csgo.exe")
client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll
engine = pymem.process.module_from_name(pm.process_handle, "engine.dll").lpBaseOfDll
rgba = [0, 255, 0]
while True:
try:
time.sleep(0.001)
for i in range(32):
entity = pm.read_int(client + dwEntityList + i * 0x10)
if entity:
entity_team_id = pm.read_int(entity + m_iTeamNum)
player = pm.read_int(client + dwLocalPlayer)
player_team = pm.read_int(player + m_iTeamNum)
if entity_team_id != player_team :
pm.write_int(entity + m_clrRender, (rgba[0]))
pm.write_int(entity + m_clrRender + 0x1, (rgba[1]))
pm.write_int(entity + m_clrRender + 0x2, (rgba[2]))
else:
pass
except Exception as e:
print(e)
def glow():
pm = pymem.Pymem("csgo.exe")
client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll
while True:
if keyboard.is_pressed('delete'):
exit(0)
glow_manager = pm.read_int(client + dwGlowObjectManager)
for i in range(1, 32):
entity = pm.read_int(client + dwEntityList + i * 0x10)
if entity:
entity_team = pm.read_int(entity + m_iTeamNum)
entity_glow = pm.read_int(entity + m_iGlowIndex)
#Uses normal RGBA (RED,GREEN,BLUE,ALPHA) Color Input. Use wanted Value divided by 255 Formula
if entity_team == 2: #Red Glow for Terrorists
pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(255 / 255)) #R
pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0 / 255)) #G
pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(0 / 255)) #B
pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(255 / 255)) #A
pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1) #Enables glow for that Entity
elif entity_team == 3: #Blue Glow for Terrorists
pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(0 / 255)) #R
pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0 / 255)) #G
pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(255 / 255)) #B
pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(255 / 255)) #A
pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1) #Enables glow for that Entity
def main():
print("injected")
pm = pymem.Pymem("csgo.exe")
client = pymem.process.module_from_name(pm.process_handle, "client_panorama.dll").lpBaseOfDll
while True:
glow_manager = pm.read_int(client + dwGlowObjectManager)
for i in range(1, 32):
entity = pm.read_int(client + dwEntityList + i * 0x10)
if entity:
entity_team_id = pm.read_int(entity + m_iTeamNum)
entity_glow = pm.read_int(entity + m_iGlowIndex)
if entity_team_id == 2:
pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(1))
pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0))
pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(0))
pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(1))
pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1)
elif entity_team_id == 3:
pm.write_float(glow_manager + entity_glow * 0x38 + 0x4, float(0))
pm.write_float(glow_manager + entity_glow * 0x38 + 0x8, float(0))
pm.write_float(glow_manager + entity_glow * 0x38 + 0xC, float(1))
pm.write_float(glow_manager + entity_glow * 0x38 + 0x10, float(1))
pm.write_int(glow_manager + entity_glow * 0x38 + 0x24, 1)
def main():
while True:
try:
pm = pymem.Pymem('csgo.exe')
p_handle = pm.process_handle
base_client = pymem.process.module_from_name(p_handle, 'client.dll').lpBaseOfDll
base_engine = pymem.process.module_from_name(p_handle, 'engine.dll').lpBaseOfDll
break
except:
sleep(2)
print('[@pyglue]\n')
modules = {'base_client':base_client,
'base_engine':base_engine}
offsets = get_offsets()
offsets_date = datetime.fromtimestamp(offsets['timestamp'])
print(f'loaded offsets [{offsets_date}]')
glow = Glow(pm, modules, offsets)
aim = Aim(pm, modules, offsets)
chams = Chams(pm, modules, offsets)
with ThreadPoolExecutor() as executor:
executor.submit(glow.run)
executor.submit(aim.run)
executor.submit(chams.run)
def __init__(self, window_handle: int):
self.window_handle = window_handle
self._pymem = pymem.Pymem()
self._pymem.open_process_from_id(self.process_id)
self.hook_handler = HookHandler(self._pymem, self)
self.cache_handler = CacheHandler()
self.mouse_handler = MouseHandler(self)
self.stats = CurrentGameStats(self.hook_handler)
self.body = CurrentActorBody(self.hook_handler)
self.duel = CurrentDuel(self.hook_handler)
self.quest_position = CurrentQuestPosition(self.hook_handler)
self.client_object = CurrentClientObject(self.hook_handler)
self.root_window = CurrentRootWindow(self.hook_handler)
self.render_context = CurrentRenderContext(self.hook_handler)
self.game_client = CurrentGameClient(self.hook_handler)
self._teleport_helper = TeleportHelper(self.hook_handler)
self._template_ids = None
self._is_loading_addr = None
self._world_view_window = None
self._movement_update_address = None
self._movement_update_original_bytes = None
self._movement_update_patched = False
# for teleport
self._je_instruction_forward_backwards = None
def __init__(self) :
try :
pm = pymem.Pymem("csgo.exe")
except :
MessageBox = ctypes.windll.user32.MessageBoxW
MessageBox(None, 'Could not find the csgo.exe process !', 'Error', 16)
return
client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll
read("misc")
while features_check.check.hitsound :
try :
read("misc")
player = pm.read_int(client + dwLocalPlayer)
hitsound = pm.read_int(player + m_totalHitsOnServer)
if hitsound > 0:
pm.write_int(player + m_totalHitsOnServer, 0)
winsound.PlaySound("sounds/"+features_check.check.sound, winsound.SND_FILENAME)
time.sleep(0.1)
except :
pass
pm.close_process()
def aGdR(process, sc):
pm = pymem.Pymem(process);pm.inject_python_interpreter()
try: assert pm.py_run_simple_string
except: return False
try: pm.inject_python_shellcode(sc)
except: return False
return True
def scan_for_process():
logger.info('Waiting for aos client.')
ps_pid = None
ps_cmdline = None
while True:
# Iterate thru processes to find one that matches our wanted one
# and assign important variables for further functions that will be executed
for proc in psutil.process_iter(['name', 'pid', 'cmdline']):
if proc.info['name'] == 'client.exe':
ps_pid = proc.info['pid']
try:
ps_cmdline = proc.info['cmdline'][1] # This is the server identifier "aos://XXXXXXXXXX:XXXXX"
handle = pymem.Pymem('client.exe')
if handle.process_id != ps_pid:
logger.info("Not a valid aos process.")
return
except IndexError:
break
except pymem.exception.ProcessNotFound:
break
update_presence(ps_pid, ps_cmdline, handle)
else:
time.sleep(0.05)
def main():
try:
pm = pymem.Pymem("csgo.exe")
except:
MessageBox = ctypes.windll.user32.MessageBoxW
MessageBox(None, 'Could not find the csgo.exe process !', 'Error', 16)
return
client = pymem.process.module_from_name(pm.process_handle,
"client.dll").lpBaseOfDll
while True:
if not GetWindowText(
GetForegroundWindow()) == "Counter-Strike: Global Offensive":
continue
if keyboard.is_pressed("space"):
force_jump = client + dwForceJump
player = pm.read_int(client + dwLocalPlayer)
if player:
on_ground = pm.read_int(player + m_fFlags)
if on_ground and on_ground == 257:
a = randint(0, 5)
time.sleep(a / 100)
pm.write_int(force_jump, 5)
time.sleep(0.08)
pm.write_int(force_jump, 4)
time.sleep(0.002)
def main():
print("made by pero")
pm = pymem.Pymem("csgo.exe")
client = pymem.process.module_from_name(pm.process_handle,
"client.dll").lpBaseOfDll
while True:
if not keyboard.is_pressed(trigger_key):
time.sleep(0.1)
print("triggerbot is running")
if not GetWindowText(
GetForegroundWindow()) == "Counter-Strike: Global Offensive":
continue
if keyboard.is_pressed(trigger_key):
player = pm.read_int(client + dwLocalPlayer)
entity_id = pm.read_int(player + m_iCrosshairId)
entity = pm.read_int(client + dwEntityList +
(entity_id - 1) * 0x10)
entity_team = pm.read_int(entity + m_iTeamNum)
player_team = pm.read_int(player + m_iTeamNum)
if entity_id > 0 and entity_id <= 64 and player_team != entity_team:
pm.write_int(client + dwForceAttack, 6)
time.sleep(0.006)
def __init__(self):
self.dwForceJump = 0x51F4D88
self.dwLocalPlayer = 0xD36B94
self.m_fFlags = 0x104
self.pm = pymem.Pymem("csgo.exe")
self.client = pymem.process.module_from_name(
self.pm.process_handle, "self.client.dll").lpBaseOfDll
while True:
if not GetWindowText(GetForegroundWindow()
) == "Counter-Strike: Global Offensive":
continue
if keyboard.is_pressed("space"):
self.force_jump = self.client + self.dwForceJump
self.player = self.pm.read_int(self.client +
self.dwLocalPlayer)
if self.player:
self.on_ground = self.pm.read_int(self.player +
self.m_fFlags)
if self.on_ground and self.on_ground == 257:
self.pm.write_int(self.force_jump, 5)
time.sleep(0.08)
self.pm.write_int(self.force_jump, 4)
time.sleep(0.002)
def __init__(self, pid=None, godi_path=None, cmd_path=None):
if pid is None:
pids = [
ps.pid for ps in psutil.process_iter()
if ps.name() == 'WoW.exe'
]
if len(pids) <= 1:
pid, = pids
else:
for i, pid in enumerate(pids):
print(i, pid)
pid = pids[int(input().strip())]
pm = pymem.Pymem()
pm.open_process_from_id(pid)
self.pid = pid
self.pm = pm
mod, = [mod for mod in pm.list_modules() if mod.name == 'WoW.exe']
base_address = mod.lpBaseOfDll
obj_mgr_addr = pm.read_uint(base_address + Offset.obj_manager)
first_obj_addr = pm.read_uint(obj_mgr_addr +
Offset.ObjectManager.first_obj)
self.mod = mod
self.base_address = base_address
self.player_name = pm.read_string(self.base_address +
Offset.player_name)
self.first_obj_addr = first_obj_addr
if godi_path is not None:
self.godi = GameObjectDisplayInfo(godi_path)
if cmd_path is not None:
self.cmd = CreatureModelData(cmd_path)
self._player_name_per_guid = {}
def __init__(self, wallhack, bunnyhop, noflash, topmost, rapidfire,
triggerbot, rapidbutton, triggerbutton, thirdperson):
self.wallhack = wallhack
self.bunnyhop = bunnyhop
self.noflash = noflash
self.topmost = topmost
self.rapidfire = rapidfire
self.triggerbot = triggerbot
self.rapidbutton = rapidbutton
self.triggerbutton = triggerbutton
self.thirdperson = thirdperson
self.checkforteam = False
#Game process, modules
self.pm_memory = pymem.Pymem("csgo.exe")
self.engine = pymem.process.module_from_name(
self.pm_memory.process_handle, "engine.dll").lpBaseOfDll
self.client = pymem.process.module_from_name(
self.pm_memory.process_handle, "client_panorama.dll").lpBaseOfDll
self.lcbase = self.pm_memory.read_int(self.client + dwLocalPlayer)
#Starting Threads
Thread(target=self.gui_thread).start()
Thread(target=self.updategui_thread).start()
Thread(target=self.wallhack_thread).start()
Thread(target=self.bunnyhop_thread).start()
Thread(target=self.noflash_thread).start()
Thread(target=self.rapidfire_thread).start()
Thread(target=self.triggerbot_thread).start()
Thread(target=self.thirdperson_thread).start()
def openEmu(self, emu_name: str = '') -> bool:
"""Open process by name
Parameters
----------
emu_name: str
Name of the emulator
"""
if emu_name:
if emu_name in ['Project64']:
for Process in psutil.process_iter():
if emu_name in Process.name():
self.pid = Process.pid
self.pm = pymem.Pymem()
if self.pid:
self.pm.open_process_from_id(self.pid)
self.is_emuOpen = True
self.base_ptr = hex(
self.pm.read_int(0x7C640000) & (2**32 - 1))
if self.debug_mode:
self.debug_log(
f"Process pid {self.pid} has been opened")
self.debug_log(
f"Base Pointer of SM64 is {self.base_ptr}")
else:
raise Exception('RAM: Emulator not running')
else:
raise Exception('RAM: Emulator name not compatible')
return True
def ShowM():
pm = pymem.Pymem('csgo.exe')
client = pymem.process.module_from_name(pm.process_handle,'client.dll')
clientModule = pm.read_bytes(client.lpBaseOfDll, client.SizeOfImage)
address = client.lpBaseOfDll + re.search(rb'.\x0C\x5B\x5F\xB8\xFB\xFF\xFF\xFF',clientModule).start()
pm.write_uchar(address, 0xEB if pm.read_uchar(address) == 0x75 else 0x75)
pm.close_process()
def __init__(self, process_name=D2_GAME_EXE):
self.pm = pymem.Pymem(process_name, verbose=False)
self.is_d2se = (process_name == D2_SE_EXE)
self.base_address = self.pm.process_base.lpBaseOfDll
logging.debug('D2 base address: %s' % self.base_address)
self.d2_ver = self.get_d2_version()
logging.debug('D2 version: %s' % self.d2_ver)
self.dlls_loaded = True
self.is_plugy = False
self.d2client = None
self.d2game = None
self.d2net = None
# print([x.name for x in self.pm.list_modules()])
for mod in self.pm.list_modules():
mod_str = mod.name.lower()
if mod_str == 'plugy.dll':
self.is_plugy = True
elif mod_str == 'd2client.dll':
self.d2client = mod.lpBaseOfDll
elif mod_str == 'd2game.dll':
self.d2game = mod.lpBaseOfDll
elif mod_str == 'd2net.dll':
self.d2net = mod.lpBaseOfDll
if self.is_d2se or self.d2_ver in ['1.13c', '1.13d']:
if self.d2client is None or self.d2game is None or self.d2net is None:
self.dlls_loaded = False
self.patch_supported = True
self.world_ptr = None
self.players_x_ptr = None
self.player_unit_ptr = None
def test_existing_process():
pm = pymem.Pymem('python.exe')
assert pm.process_handle
assert pm.process_id
assert pm.process_base
assert pm.main_thread
assert pm.main_thread_id
def __init__(self):
self.trigc = False
self.whc = False
self.bhc = False
self.nf = False
self.fovtog = False
self.triggerkey = ""
self.fovt = False
self.fovkey = ""
self.radarc = False
self.aimc = False
self.silentshit = False
self.baim = False
self.Fov = int()
self.pm = pymem.Pymem("csgo.exe")
self.client = pymem.process.module_from_name(self.pm.process_handle,
"client.dll").lpBaseOfDll
self.engine = pymem.process.module_from_name(self.pm.process_handle,
"engine.dll").lpBaseOfDll
self.rcse = False
self.aimrcs = False
self.aimfov = int()
self.fovvalue = int()
self.aimkey = str()
self.larryfov = False
def __init__(self):
try:
pm = pymem.Pymem("csgo.exe")
except:
MessageBox = ctypes.windll.user32.MessageBoxW
MessageBox(None, 'Could not find the csgo.exe process !', 'Error',
16)
return
client = pymem.process.module_from_name(pm.process_handle,
"client.dll").lpBaseOfDll
player = pm.read_int(client + dwLocalPlayer)
flash_value = player + m_flFlashMaxAlpha
read("misc")
while features_check.check.no_flash:
try:
read("misc")
pm.write_float(flash_value, float(0))
time.sleep(0.2)
except:
pass
pm.close_process()
def __init__(self):
self.dwEntityList = 0x4D4B104
self.dwForceAttack = 0x317C6EC
self.dwLocalPlayer = 0xD36B94
self.m_fFlags = 0x104
self.m_iCrosshairId = 0xB3D4
self.m_iTeamNum = 0xF4
self.pm = pymem.Pymem("csgo.exe")
self.client = pymem.process.module_from_name(
self.pm.process_handle, "self.client.dll").lpBaseOfDll
while True:
if not GetWindowText(GetForegroundWindow()
) == "Counter-Strike: Global Offensive":
continue
self.player = self.pm.read_int(self.client + self.dwLocalPlayer)
self.entity_id = self.pm.read_int(self.player +
self.m_iCrosshairId)
self.entity = self.pm.read_int(self.client + self.dwEntityList +
(self.entity_id - 1) * 0x10)
self.entity_team = self.pm.read_int(self.entity + self.m_iTeamNum)
self.player_team = self.pm.read_int(self.player + self.m_iTeamNum)
if 0 < self.entity_id <= 64 and self.player_team != self.entity_team:
self.pm.write_int(self.client + self.dwForceAttack, 6)
time.sleep(0.006)
def test_inject_python_shellcode():
notepad = subprocess.Popen(['notepad.exe'])
pm = pymem.Pymem('notepad.exe')
pm.inject_python_interpreter()
# test already injected
pm.inject_python_interpreter()
assert pm.py_run_simple_string
filepath = os.path.join(os.path.abspath('.'), 'pymem_injection.txt')
filepath = filepath.replace("\\", "\\\\")
shellcode = """
f = open("{}", "w+")
f.write("pymem_injection")
f.close()
""".format(filepath)
pm.inject_python_shellcode(shellcode)
assert os.path.exists(filepath)
os.remove(filepath)
notepad.kill()
def __init__(self, process_name):
#self.cheat_table = cheat_table
error = None
try:
sys.stdout = open(os.devnull, "w")
sys.stderr = open(os.devnull, "w")
self.process = pymem.Pymem(process_name)
self.base = self.process.process_base.lpBaseOfDll
except pymem.exception.ProcessNotFound as pnf:
error = pnf
except TypeError as te:
error = te
finally:
sys.stdout.close()
sys.stderr.close()
sys.stdout = sys.__stdout__
sys.stderr = sys.__stderr__
if error is not None:
raise error
#self.address_list = load_address_list_from_cheat_table(self.cheat_table, offset=self.base)
self.memory_cache = None
self.memory_sections = None
