Multi-platform library developed with ctypes for reading, writing and searching process memory, in a simple and friendly way with Python 3. It supports Windows and Linux (32-bit and 64-bit).
Project description
PyMemoryEditor
A Python library developed with ctypes to manipulate Windows and Linux processes (32 bits and 64 bits),
reading and writing values in the process memory.
Installing PyMemoryEditor:
pip3 install PyMemoryEditor
Basic Usage:
Import PyMemoryEditor
and open a process using the OpenProcess
class, passing a window title, process name
or PID as an argument. You can use the context manager to do this.
from PyMemoryEditor import OpenProcess
with OpenProcess(process_name = "example.exe") as process:
# Do something...
After that, use the methods read_process_memory
and write_process_memory
to manipulate the process
memory, passing in the function call the memory address, data type and its size. See the example below:
from PyMemoryEditor import OpenProcess
title = "Window title of an example program"
address = 0x0005000C
with OpenProcess(window_title = title) as process:
# Getting value from the process memory.
value = process.read_process_memory(address, int, 4)
# Writing to the process memory.
process.write_process_memory(address, int, 4, value + 7)
Getting memory addresses by a target value:
You can look up a value in memory and get the address of all matches, like this:
for address in process.search_by_value(int, 4, target_value):
print("Found address:", address)
Choosing the comparison method used for scanning:
There are many options to scan the memory. Check all available options in ScanTypesEnum
.
The default option is EXACT_VALUE
, but you can change it at scan_type
parameter:
for address in process.search_by_value(int, 4, target_value, scan_type = ScanTypesEnum.BIGGER_THAN):
print("Found address:", address)
Note: The scan types EXACT_VALUE
and NOT_EXACT_VALUE
uses KMP (Knuth–Morris–Pratt) Algorithm, that has completixy O(n + m) — n
is the size of the memory page and m
is the value length — to speed up the search process. The other scan types use the brute force algorithm, which is O(n * m), so the search may be slower depending on the length of the target value.
You can also search for a value within a range:
for address in process.search_by_value_between(int, 4, min_value, max_value, ...):
print("Found address:", address)
All methods described above work even for strings, including the method search_by_value_between
— however, bytes
comparison may work differently than str
comparison, depending on the byteorder
of your system.
Progress information on searching:
These methods has the progress_information
parameter that returns a dictionary containing the search progress information.
for address, info process.search_by_value(..., progress_information = True):
template = "Address: 0x{:<10X} | Progress: {:.1f}%"
progress = info["progress"] * 100
print(template.format(address, progress))
Getting memory regions:
Use the method get_memory_regions()
to get the base address, size and more information of all memory regions used by the process.
for memory_region in process.get_memory_regions():
base_address = memory_region["address"]
size = memory_region["size"]
information = memory_region["struct"]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pymemoryeditor-1.5.7-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 68ee02385d78ccca5cdcf548d06a0ada80dd3cb283c28edbe7e69566217aabbf |
|
MD5 | bc47d882f78e2a98e76ce0f3e6d262d6 |
|
BLAKE2b-256 | b0566f2084b4b24294af62512f400efbb8369dd4484870dc54a1abefbc20aa88 |