Memory¶

allocate_memory(handle, size, allocation_type=None, protection_type=None)¶

Reserves or commits a region of memory within the virtual address space of a specified process. The function initializes the memory it allocates to zero, unless MEM_RESET is used.

https://msdn.microsoft.com/en-us/library/windows/desktop/aa366890%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right. size (int) – The size of the region of memory to allocate, in bytes. allocation_type (pymem.ressources.structure.MemoryAllocation) – The type of memory allocation. protection_type (pymem.ressources.structure.MemoryProtection) – The memory protection for the region of pages to be allocated.
Returns:	return the base address of the allocated region of pages.
Return type:	ctypes.wintypes.HANDLE

free_memory(handle, address, free_type=None)¶

Releases, decommits, or releases and decommits a region of memory within the virtual address space of a specified process.

https://msdn.microsoft.com/en-us/library/windows/desktop/aa366894%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to a process. The function frees memory within the virtual address space of the process. The handle must have the PROCESS_VM_OPERATION access right. address (int) – An address of the region of memory to be freed. free_type (pymem.ressources.structure.MemoryProtection) – The type of free operation.
Returns:	If the function succeeds, the return value is a nonzero value.
Return type:	ctypes.wintypes.BOOL

read_bytes(handle, address, byte)¶

Reads data from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed. byte (int) – number of bytes to be read
Returns:	If the function succeeds, returns the raw value read
Return type:	bytes
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_char(handle, address)¶

Reads 1 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<b’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	string of length 1
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_uchar(handle, address)¶

Reads 1 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<B’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_short(handle, address)¶

Reads 2 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<h’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_ushort(handle, address)¶

Reads 2 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<H’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_int(handle, address)¶

Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<i’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_uint(handle, address)¶

Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<I’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_float(handle, address)¶

Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<f’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	float
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_long(handle, address)¶

Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<l’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_ulong(handle, address)¶

Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<L’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_longlong(handle, address)¶

Reads 8 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<q’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_ulonglong(handle, address)¶

Reads 8 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<Q’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	int
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

bytes = read_bytes(handle, address, struct.calcsize(‘Q’)) bytes = struct.unpack(‘<Q’, bytes)[0] return bytes

read_double(handle, address)¶

Reads 8 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

Unpack the value using struct.unpack(‘<d’)

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	float
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

read_string(handle, address, byte=50)¶

Reads n byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process. address (int) – An address of the region of memory to be freed.
Returns:	If the function succeeds, returns the value read
Return type:	str
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if ReadProcessMemory failed

write_bytes(handle, address, src, length)¶

Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.

Casts address using ctypes.c_char_p.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process. address (int) – An address in the specified process to which data is written. src (int) – A buffer that contains data to be written in the address space of the specified process. length (int) – The number of bytes to be written to the specified process.
Returns:	If the function succeeds, the return value is nonzero.
Return type:	bool
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if WriteProcessMemory failed

write_char(handle, address, value)¶

Writes 1 byte to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.

Transforms value using: ctypes.c_char(value).

https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process. address (int) – An address in the specified process to which data is written. value (int) – The data to be written.
Returns:	If the function succeeds, the return value is nonzero.
Return type:	bool
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if WriteProcessMemory failed

write_short(handle, address, value)¶

Writes 2 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.

Transforms value using: ctypes.c_short(value).

https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process. address (int) – An address in the specified process to which data is written. value (int) – The data to be written.
Returns:	If the function succeeds, the return value is nonzero.
Return type:	bool
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if WriteProcessMemory failed

write_ushort(handle, address, value)¶

Writes 2 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.

Transforms value using: ctypes.c_ushort(value).

https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx

Parameters:	handle (ctypes.wintypes.HANDLE) – A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process. address (int) – An address in the specified process to which data is written. value (int) – The data to be written.
Returns:	If the function succeeds, the return value is nonzero.
Return type:	bool
Raise:	TypeError if address is not a valid integer
Raise:	WinAPIError if WriteProcessMemory failed

write_int(handle, address, value)¶