Pymem

class Pymem

__init__(self, process_name=None)

Initialize the Pymem class.

If process_name is given, will open the process and retrieve a handle over it.

Parameters:name (str) – The name of the process to be opened

set_debug_privilege(self, process_name)

Leverage current process privileges.

Parameters:

• hToken (HANDLE) – Current process handle
• lpszPrivilege (str) – privilege name
• bEnablePrivilege (bool) – Enable privilege

Returns:

True if privileges have been leveraged.

Return type:

bool

open_process_from_name(self, process_name)

Open process given it’s name and stores the handle into self.process_handle.

Parameters:

process_name (str) – The name of the process to be opened

Raises:

• TypeError – if process_name is not valid
• pymem.exception.ProcessNotFound – if process is not found
• pymem.exception.CouldNotOpenProcess – if process cannot be opened

open_process_from_id(self, process_id)

Open process given it’s name and stores the handle into self.process_handle.

Parameters:

process_id (int) – The name of the process to be opened

Raises:

• TypeError – if process_id is not an integer
• pymem.exception.CouldNotOpenProcess – if process cannot be opened

process_base_address

Lookup process base address.

Returns:

The base address of the current process.

Return type:

ctypes.wintypes.HANDLE

Raises:

• TypeError – if process_id is not an integer
• pymem.exception.ProcessError – if could not find process first module address

open_main_thread(self)

Open process main thread name and stores the handle into self.thread_handle the thread_id is also stored into self.main_thread_id.

Raises:

• pymem.exception.ProcessError – if there is no process opened
• pymem.exception.ProcessError – if could not list process thread

close_process(self)

Close the current opened process

Raises:pymem.exception.ProcessError – if there is no process opened

allocate(self, size)

Allocate memory into the current opened process.

Parameters:

size (int) – The size of the region of memory to allocate, in bytes.

Returns:

The base address of the current process.

Return type:

ctypes.wintypes.HANDLE

Raises:

• pymem.exception.ProcessError – if there is no process opened
• TypeError – if size is not an integer

free(self, address)

Free memory from the current opened process given an address.

Parameters:

address (int) – An address of the region of memory to be freed.

Raises:

• pymem.exception.ProcessError – if there is no process opened
• TypeError – if address is not an integer

assemble(self, address=None, mnemonics=None)

Assemble mnemonics to bytes using pyfasm.

If address is given then the origin org will be set to the address.

Parameters:

• address (int) – An address of the region of memory to be freed.
• mnemonics (str) – fasm syntax mnemonics

Returns:

The assembled mnemonics

Return type:

bytes

close_main_thread(self)

Close the opened main thread

Raises:pymem.exception.ProcessError – if main thread is not opened

read_bytes(self, address, length)

Reads bytes from an area of memory in a specified process.

Parameters:

• address (int) – An address of the region of memory to be read.
• length (int) – number of bytes to be read

Returns:

returns the raw value read

Return type:

bytes

Raises:

pymem.exception.ProcessError – if there id no opened process

Raise:

TypeError if address is not a valid integer

read_char(self, address)

Reads 1 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:string Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_uchar(self, address)

Reads 1 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:string Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_int(self, address)

Reads 4 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_uint(self, address)

Reads 4 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_short(self, address)

Reads 2 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_ushort(self, address)

Reads 2 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_float(self, address)

Reads 4 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:float Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_long(self, address)

Reads 4 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_ulong(self, address)

Reads 4 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_longlong(self, address)

Reads 8 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_ulonglong(self, address)

Reads 8 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_double(self, address)

Reads 8 byte from an area of memory in a specified process.

Parameters:address (int) – An address of the region of memory to be read. Returns:returns the value read Return type:int Raises:pymem.exception.ProcessError – if there id no opened process Raise:TypeError if address is not a valid integer Raise:pymem.exception.MemoryReadError if ReadProcessMemory failed

read_string(self, address, byte=50)

Reads n byte from an area of memory in a specified process.

Parameters:

• address (int) – An address of the region of memory to be read.
• byte (int) – number of bytes to read

Returns:

returns the value read

Return type:

str

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if byte is not a valid integer

Raise:

pymem.exception.MemoryReadError if ReadProcessMemory failed

write_int(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (int) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid integer

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_uint(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (int) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid integer

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_short(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (int) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid integer

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_ushort(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (int) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid integer

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_float(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid float

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_long(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid int

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_ulong(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid int

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_longlong(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid int

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_ulonglong(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid int

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_double(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a valid int

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_string(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (bytes) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not bytes

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed

write_char(self, address, value)

Write value to the given address into the current opened process.

Parameters:

• address (int) – An address of the region of memory to be read.
• value (float) – the value to be written

Raises:

pymem.exception.ProcessError – if there id no opened process

Raises:

TypeError if value is not a string

Raise:

pymem.exception.MemoryWriteError if WriteProcessMemory failed