示例#1
0
 def read(self, process_handle):
     """Reads the entire memory region and returns a bytearray
     Keyword arguments:
     process_handle -- handle to process
     """
     buffer = read_bytes(process_handle, self.BaseAddress, self.RegionSize)
     return buffer
示例#2
0
def find_bytes_image(process_handle, buffer):
    """Searches for a bytes-like object in image process memory
    returns a list of addresses which matched at the time of scanning
    On a finding a match, skips the length of the match before searching for the next match

    Keyword arguments:
    process_handle -- handle to process
    buffer -- a bytes-like object; the bytes to scan for"""
    # gets a list of regions (filtered), scans each region for all matches
    # only get regions that are commited
    regions = map_commit_regions(process_handle)
    addresses = []
    for region in regions:
        if region.Type != 0x1000000:
            continue
        if region.Protect != 0x02:
            if region.Protect != 0x04:
                continue
        remote_buffer = read_bytes(process_handle, region.BaseAddress,
                                   region.RegionSize)
        q_offset = 0
        while True:
            offset = remote_buffer.find(buffer, q_offset)
            if offset == -1:
                break
            else:
                addresses.append(region.BaseAddress + offset)
                q_offset = offset + len(buffer)
    return addresses
示例#3
0
def dump_readable_memory(process_handle, file):
    "Dumps all readable memory in a process"
    regions = map_commit_regions(process_handle)
    with open(file, "wb") as current_file:
        for region in regions:
            buffer = read_bytes(process_handle, region.BaseAddress,
                                region.RegionSize)
            current_file.write(buffer)
示例#4
0
    def __init__(self, address, patch_bytes, process):
        """Patch(address, patch_bytes, process)

        Keyword arguments:
        address -- address to patch
        patch_bytes -- bytes to change at self.address"""
        self.address = address
        self.patch_bytes = patch_bytes
        self.length = len(patch_bytes)
        self.process = process
        self.original_bytes = memory.read_bytes(self.process.process_handle,
                                                self.address, self.length)
示例#5
0
def dump_region(process_handle, region, file):
    "Dumps a single region into a file"
    buffer = read_bytes(process_handle, region.BaseAddress, region.RegionSize)
    with open(file, "rb") as current_file:
        current_file.write(buffer)