Skip to main content

Multi-platform library developed with ctypes for reading, writing and searching process memory, in a simple and friendly way with Python 3.

Project description

PyMemoryEditor

A Python library developed with ctypes to manipulate Windows and Linux processes (32 bits and 64 bits),
reading and writing values in the process memory.

Python Package Pypi License Platforms Python Version Downloads

Installing PyMemoryEditor:

pip3 install PyMemoryEditor

Tkinter application sample:

You can run a simple tkinter application to scan the memory of a process by typing pymemoryeditor at the CLI.

Basic Usage:

Import PyMemoryEditor and open a process using the OpenProcess class, passing a window title, process name
or PID as an argument. You can use the context manager to do this.

from PyMemoryEditor import OpenProcess

with OpenProcess(process_name = "example.exe") as process:
    # Do something...

After that, use the methods read_process_memory and write_process_memory to manipulate the process
memory, passing in the function call the memory address, data type and its size. See the example below:

from PyMemoryEditor import OpenProcess

title = "Window title of an example program"
address = 0x0005000C

with OpenProcess(window_title = title) as process:

    # Getting value from the process memory.
    value = process.read_process_memory(address, int, 4)

    # Writing to the process memory.
    process.write_process_memory(address, int, 4, value + 7)

Getting memory addresses by a target value:

You can look up a value in memory and get the address of all matches, like this:

for address in process.search_by_value(int, 4, target_value):
    print("Found address:", address)

Choosing the comparison method used for scanning:

There are many options to scan the memory. Check all available options in ScanTypesEnum.

The default option is EXACT_VALUE, but you can change it at scan_type parameter:

for address in process.search_by_value(int, 4, target_value, scan_type = ScanTypesEnum.BIGGER_THAN):
    print("Found address:", address)

Note: The scan types EXACT_VALUE and NOT_EXACT_VALUE uses KMP (Knuth–Morris–Pratt) Algorithm, that has completixy O(n + m) — n is the size of the memory page and m is the value length — to speed up the search process. The other scan types use the brute force algorithm, which is O(n * m), so the search may be slower depending on the length of the target value.

You can also search for a value within a range:

for address in process.search_by_value_between(int, 4, min_value, max_value, ...):
    print("Found address:", address)

All methods described above work even for strings, including the method search_by_value_between — however, bytes comparison may work differently than str comparison, depending on the byteorder of your system.

Progress information on searching:

These methods has the progress_information parameter that returns a dictionary containing the search progress information.

for address, info in process.search_by_value(..., progress_information = True):
    template = "Address: 0x{:<10X} | Progress: {:.1f}%"
    progress = info["progress"] * 100
    
    print(template.format(address, progress))

Reading multiple addresses efficiently:

If you have a large number of addresses where their values need to be read from memory, using the search_by_addresses method is much more efficient than reading the value of each address one by one.

for address, value in process.search_by_addresses(int, 4, addresses_list):
    print(f"Address", address, "holds the value", value)

The key advantage of this method is that it reads a memory page just once, obtaining the values of the addresses within the page. This approach reduces the frequency of system calls.

Getting memory regions:

Use the method get_memory_regions() to get the base address, size and more information of all memory regions used by the process.

for memory_region in process.get_memory_regions():
    base_address = memory_region["address"]
    size = memory_region["size"]
    information = memory_region["struct"]

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pymemoryeditor-1.5.11.tar.gz (35.2 kB view hashes)

Uploaded Source

Built Distribution

pymemoryeditor-1.5.11-py3-none-any.whl (37.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page