API
This part of the documentation covers all the methods of Pymem. For parts where Pymem depends on external dlls, we document the most important right here and provide links to the canonical documentation.
Pymem
- class pymem.Pymem(process_name: Optional[Union[str, int]] = None, exact_match: bool = False, ignore_case: bool = True)[source]
Initialize the Pymem class. If process_name is given, will open the process and retrieve a handle over it.
- Parameters
process_name – The name or process id of the process to be opened
exact_match – Defaults to False, is the full name match or just part of it expected?
ignore_case – Default to True, should ignore process name case?
- allocate(size)[source]
Allocate memory into the current opened process.
- Parameters
size (int) – The size of the region of memory to allocate, in bytes.
- Raises
ProcessError – If there is no process opened
TypeError – If size is not an integer
- Returns
The base address of the current process.
- Return type
int
- property base_address
Gets the memory address where the main module was loaded (ie address of exe file in memory)
- Raises
TypeError – If process_id is not an integer
ProcessError – Could not find process first module address
- Returns
Address of main module
- Return type
int
- close_process()[source]
Close the current opened process
- Raises
ProcessError – If there is no process opened
- free(address)[source]
Free memory from the current opened process given an address.
- Parameters
address (int) – An address of the region of memory to be freed.
- Raises
ProcessError – If there is no process opened
TypeError – If address is not an integer
- inject_python_interpreter(initsigs=1)[source]
Inject python interpreter into target process and call Py_InitializeEx.
- inject_python_shellcode(shellcode)[source]
Inject a python shellcode into memory and execute it.
- Parameters
shellcode (str) – A string with python instructions.
- list_modules()[source]
List a process loaded modules.
- Returns
List of process loaded modules
- Return type
list(MODULEINFO)
- property main_thread
Retrieve ThreadEntry32 of main thread given its creation time.
- Raises
ProcessError – If there is no process opened or could not list process thread
- Returns
Process main thread
- Return type
- property main_thread_id
Retrieve th32ThreadID from main thread
- Raises
ProcessError – If there is no process opened or could not list process thread
- Returns
Main thread identifier
- Return type
int
- open_process_from_id(process_id)[source]
Open process given its name and stores the handle into self.process_handle.
- Parameters
process_id (int) – The unique process identifier
- Raises
TypeError – If process identifier is not an integer
CouldNotOpenProcess – If process cannot be opened
- open_process_from_name(process_name: str, exact_match: bool = False, ignore_case: bool = True)[source]
Open process given its name and stores the handle into process_handle
- Parameters
process_name – The name of the process to be opened
exact_match – Defaults to False, is the full name match or just part of it expected?
ignore_case – Default to True, should ignore process name case?
- Raises
TypeError – If process name is not valid or search parameters are of the wrong type
ProcessNotFound – If process name is not found
CouldNotOpenProcess – If process cannot be opened
- pattern_scan_all(pattern, *, return_multiple=False)[source]
Scan the entire address space of this process for a regex pattern
- Parameters
pattern (bytes) – The regex pattern to search for
return_multiple (bool) – If multiple results should be returned
- Returns
Memory address of given pattern, or None if one was not found or a list of found addresses in return_multiple is True
- Return type
int, list, optional
- pattern_scan_module(pattern, module, *, return_multiple=False)[source]
Scan a module for a regex pattern
- Parameters
pattern (bytes) – The regex pattern to search for
module (str, MODULEINFO) – Name of the module to search for, or a MODULEINFO object
return_multiple (bool) – If multiple results should be returned
- Returns
Memory address of given pattern, or None if one was not found or a list of found addresses in return_multiple is True
- Return type
int, list, optional
- property process_base
Lookup process base Module.
- Raises
TypeError – process_id is not an integer
ProcessError – Could not find process first module address
- Returns
Base module information
- Return type
- read_bool(address)[source]
Reads 1 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
bool
- read_bytes(address, length)[source]
Reads bytes from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
length (int) – Number of bytes to be read
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
- Returns
the raw value read
- Return type
bytes
- read_char(address)[source]
Reads 1 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
str
- read_ctype(address, ctype, *, get_py_value=True, raw_bytes=False)[source]
Read a ctype basic type or structure from <address>
- Parameters
address (int) – An address of the region of memory to be read.
ctype – A simple ctypes type or structure
get_py_value (bool) – If the corrosponding python type should be used instead of returning the ctype This is automatically set to False for ctypes.Structure or ctypes.Array instances
raw_bytes (bool) – If we should return the raw ctype bytes
- Raises
WinAPIError – If ReadProcessMemory failed
- Returns
Return will be either the ctype with the read value if get_py_value is false or the corropsonding python type
- Return type
Any
- read_double(address)[source]
Reads 8 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_float(address)[source]
Reads 4 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
float
- read_int(address)[source]
Reads 4 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_long(address)[source]
Reads 4 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_longlong(address)[source]
Reads 8 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_short(address)[source]
Reads 2 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_string(address, byte=50)[source]
Reads n byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
byte (int) – Amount of bytes to be read
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
str
- read_uchar(address)[source]
Reads 1 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
str
- read_uint(address)[source]
Reads 4 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_ulong(address)[source]
Reads 4 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_ulonglong(address)[source]
Reads 8 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- read_ushort(address)[source]
Reads 2 byte from an area of memory in a specified process.
- Parameters
address (int) – An address of the region of memory to be read.
- Raises
ProcessError – If there is no opened process
MemoryReadError – If ReadProcessMemory failed
TypeError – If address is not a valid integer
- Returns
returns the value read
- Return type
int
- start_thread(address, params=None)[source]
Create a new thread within the current debugged process.
- Parameters
address (int) – An address from where the thread starts
params (int) – An optional address with thread parameters
- Returns
The new thread identifier
- Return type
int
- write_bool(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (bool) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_bytes(address, value, length)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (bytes) – the value to be written
length (int) – Number of bytes to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_char(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (str) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_ctype(address, ctype)[source]
Write a ctype basic type or structure to <address>
- Parameters
address (int) – An address of the region of memory to be written.
ctype – A simple ctypes type or structure
- Raises
WinAPIError – If WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- write_double(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (float) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_float(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (float) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_int(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_long(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_longlong(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_short(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_string(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (str) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_uchar(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_uint(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_ulong(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_ulonglong(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
- write_ushort(address, value)[source]
Write value to the given address into the current opened process.
- Parameters
address (int) – An address of the region of memory to be written.
value (int) – the value to be written
- Raises
ProcessError – If there is no opened process
MemoryWriteError – If WriteProcessMemory failed
TypeError – If address is not a valid integer
Structures
- class pymem.ressources.structure.EnumProcessModuleEX[source]
The following are the EnumProcessModuleEX flags
https://msdn.microsoft.com/ru-ru/library/windows/desktop/ms682633(v=vs.85).aspx
- LIST_MODULES_32BIT = 1
List the 32-bit modules
- LIST_MODULES_64BIT = 2
List the 64-bit modules.
- LIST_MODULES_ALL = 3
List all modules.
- LIST_MODULES_DEFAULT = 0
Use the default behavior.
- class pymem.ressources.structure.FLOATING_SAVE_AREA[source]
Undocumented ctypes.Structure used for ThreadContext.
- pymem.ressources.structure.LPMODULEENTRY32
alias of
pymem.ressources.structure.LP_ModuleEntry32
- pymem.ressources.structure.LPSECURITY_ATTRIBUTES
alias of
pymem.ressources.structure.LP_SECURITY_ATTRIBUTES
- pymem.ressources.structure.MEMORY_BASIC_INFORMATION
alias of
pymem.ressources.structure.MEMORY_BASIC_INFORMATION64
- class pymem.ressources.structure.MEMORY_BASIC_INFORMATION32[source]
Contains information about a range of pages in the virtual address space of a process. The VirtualQuery and VirtualQueryEx functions use this structure.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366775(v=vs.85).aspx
- class pymem.ressources.structure.MEMORY_PROTECTION(value)[source]
The following are the memory-protection options; you must specify one of the following values when allocating or protecting a page in memory https://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
- PAGE_EXECUTE_READWRITE = 64
Enables execute, read-only, or read/write access to the committed region of pages.
- class pymem.ressources.structure.MEMORY_STATE(value)[source]
The type of memory allocation
- MEM_DECOMMIT = 16384
Decommits the specified region of committed pages. After the operation, the pages are in the reserved state. https://msdn.microsoft.com/en-us/library/windows/desktop/aa366894(v=vs.85).aspx
- MEM_FREE = 65536
XXX
- MEM_RELEASE = 32768
Releases the specified region of pages. After the operation, the pages are in the free state. https://msdn.microsoft.com/en-us/library/windows/desktop/aa366894(v=vs.85).aspx
- MEM_RESERVE = 8192
XXX
- class pymem.ressources.structure.MEMORY_TYPES(value)[source]
An enumeration.
- MEM_IMAGE = 16777216
XXX
- MEM_MAPPED = 262144
XXX
- MEM_PRIVATE = 131072
XXX
- class pymem.ressources.structure.MODULEINFO(handle)[source]
Contains the module load address, size, and entry point.
- lpBaseOfDll
- SizeOfImage
- EntryPoint
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684229(v=vs.85).aspx
- class pymem.ressources.structure.ModuleEntry32(*args, **kwds)[source]
Describes an entry from a list of the modules belonging to the specified process.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684225%28v=vs.85%29.aspx
- class pymem.ressources.structure.PROCESS(value)[source]
Process manipulation flags
- DELETE = 65536
Required to delete the object.
- PROCESS_ALL_ACCESS = 2035711
All possible access rights for a process object.
- PROCESS_CREATE_PROCESS = 128
Required to create a process.
- PROCESS_CREATE_THREAD = 2
Required to create a thread.
- PROCESS_DUP_HANDLE = 64
PROCESS_DUP_HANDLE
- PROCESS_SET_INFORMATION = 512
Required to set certain information about a process, such as its priority class (see SetPriorityClass).
- PROCESS_SET_QUOTA = 256
Required to set memory limits using SetProcessWorkingSetSize.
- PROCESS_SUSPEND_RESUME = 2048
Required to suspend or resume a process.
- PROCESS_TERMINATE = 1
Required to terminate a process using TerminateProcess.
- PROCESS_VM_OPERATION = 8
Required to perform an operation on the address space of a process (see VirtualProtectEx and WriteProcessMemory).
- PROCESS_VM_READ = 16
Required to read memory in a process using ReadProcessMemory.
- PROCESS_VM_WRITE = 32
Required to write to memory in a process using WriteProcessMemory.
- READ_CONTROL = 131072
Required to read information in the security descriptor for the object, not including the information in the SACL. To read or write the SACL, you must request the ACCESS_SYSTEM_SECURITY access right. For more information see SACL Access Right.
- STANDARD_RIGHTS_REQUIRED = 983040
Combines DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER access.
- SYNCHRONIZE = 1048576
Required to wait for the process to terminate using the wait functions.
- WRITE_DAC = 262144
Required to modify the DACL in the security descriptor for the object.
- WRITE_OWNER = 524288
Required to change the owner in the security descriptor for the object.
- pymem.ressources.structure.PTOKEN_PRIVILEGES
alias of
pymem.ressources.structure.LP_TOKEN_PRIVILEGES
- class pymem.ressources.structure.ProcessEntry32(*args, **kwds)[source]
Describes an entry from a list of the processes residing in the system address space when a snapshot was taken.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684839(v=vs.85).aspx
- class pymem.ressources.structure.SECURITY_ATTRIBUTES[source]
The SECURITY_ATTRIBUTES structure contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379560(v=vs.85).aspx
- class pymem.ressources.structure.SE_TOKEN_PRIVILEGE(value)[source]
An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token.
- class pymem.ressources.structure.SYSTEM_INFO[source]
Contains information about the current computer system. This includes the architecture and type of the processor, the number of processors in the system, the page size, and other such information.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724958(v=vs.85).aspx
- class pymem.ressources.structure.ThreadEntry32(*args, **kwds)[source]
Describes an entry from a list of the threads executing in the system when a snapshot was taken.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms686735(v=vs.85).aspx
Pattern
- pymem.pattern.pattern_scan_all(handle, pattern, *, return_multiple=False)[source]
Scan the entire address space for a given regex pattern
- Parameters
handle (int) – Handle to an open process
pattern (bytes) – A regex bytes pattern to search for
return_multiple (bool) – If multiple results should be returned
- Returns
Memory address of given pattern, or None if one was not found or a list of found addresses in return_multiple is True
- Return type
int, list, optional
- pymem.pattern.pattern_scan_module(handle, module, pattern, *, return_multiple=False)[source]
Given a handle over an opened process and a module will scan memory after a byte pattern and return its corresponding memory address.
- Parameters
handle (int) – Handle to an open object
module (MODULEINFO) – An instance of a given module
pattern (bytes) – A regex byte pattern to search for
return_multiple (bool) – If multiple results should be returned instead of stopping on the first
- Returns
Memory address of given pattern, or None if one was not found or a list of found addresses in return_multiple is True
- Return type
int, list, optional
Examples
>>> pm = pymem.Pymem("Notepad.exe") # Here the "." means that the byte can be any byte; a "wildcard" # also note that this pattern may be outdated >>> bytes_pattern = b".\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ ... b"\x00\x00\x00\x00\x00\x00..\x00\x00..\x00\x00\x64\x04" >>> module_notepad = pymem.process.module_from_name(pm.process_handle, "Notepad.exe") >>> character_count_address = pymem.pattern.pattern_scan_module(pm.process_handle, module_notepad, bytes_pattern)
- pymem.pattern.scan_pattern_page(handle, address, pattern, *, return_multiple=False)[source]
Search a byte pattern given a memory location. Will query memory location information and search over until it reaches the length of the memory page. If nothing is found the function returns the next page location.
- Parameters
handle (int) – Handle to an open object
address (int) – An address to search from
pattern (bytes) – A regex byte pattern to search for
return_multiple (bool) – If multiple results should be returned instead of stopping on the first
- Returns
next_region, found address
found address may be None if one was not found, or we didn’t have permission to scan the region
if return_multiple is True found address will instead be a list of found addresses or an empty list if no results
- Return type
tuple
Examples
>>> pm = pymem.Pymem("Notepad.exe") >>> address_reference = 0x7ABC00001 # Here the "." means that the byte can be any byte; a "wildcard" # also note that this pattern may be outdated >>> bytes_pattern = b".\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ ... b"\x00\x00\x00\x00\x00\x00..\x00\x00..\x00\x00\x64\x04" >>> character_count_address = pymem.pattern.scan_pattern_page(pm.process_handle, address_reference, bytes_pattern)
Process
- pymem.process.base_module(handle)[source]
Returns process base module
- Parameters
handle (int) – A valid handle to an open object
- Returns
The base module of the process
- Return type
- pymem.process.close_handle(handle)[source]
Closes an open object handle. https://msdn.microsoft.com/en-us/library/windows/desktop/ms724211%28v=vs.85%29.aspx
- Parameters
handle (int) – A valid handle to an open object
- Returns
If the closure succeeded
- Return type
bool
- pymem.process.enum_process_module(handle)[source]
List and retrieves the base names of the specified loaded module within a process https://msdn.microsoft.com/en-us/library/windows/desktop/ms682633(v=vs.85).aspx https://msdn.microsoft.com/en-us/library/windows/desktop/ms683196(v=vs.85).aspx
- Parameters
handle (int) – Handle of the process to enum the modules of
- Returns
The process’s modules
- Return type
list[MODULEINFO]
- pymem.process.enum_process_thread(process_id)[source]
List all threads of given processes_id
- Parameters
process_id (int) – Identifier of the process to enum the threads of
- Returns
The process’s threads
- Return type
list[ThreadEntry32]
- pymem.process.get_python_dll(version)[source]
Given a python dll version will find its path using the current process as a placeholder
- Parameters
version (str) – A string representation of python version as a dll (python38.dll)
- Returns
The full path of dll
- Return type
str
- pymem.process.inject_dll(handle, filepath)[source]
Inject a dll into opened process.
- Parameters
handle (int) – Handle to an open object
filepath (bytes) – Dll to be injected filepath
- Returns
The address of injected dll
- Return type
DWORD
- pymem.process.is_64_bit(handle)[source]
Determines whether the specified process is running under WOW64 (emulation).
- Parameters
handle (int) – Handle of the process to check wow64 status of
- Returns
If the process is running under wow64
- Return type
bool
- pymem.process.list_processes()[source]
List all processes https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489%28v=vs.85%29.aspx https://msdn.microsoft.com/en-us/library/windows/desktop/ms684834%28v=vs.85%29.aspx
- Returns
A list of open process entries
- Return type
list[ProcessEntry32]
- pymem.process.module_from_name(process_handle, module_name)[source]
Retrieve a module loaded by given process.
- Parameters
process_handle (int) – Handle to the process to get the module from
module_name (str) – Name of the module to get
- Returns
The retrieved module
- Return type
Examples
>>> d3d9 = module_from_name(process_handle, 'd3d9')
- pymem.process.open(process_id, debug=True, process_access=None)[source]
Open a process given its process_id. By default, the process is opened with full access and in debug mode.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320%28v=vs.85%29.aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa379588%28v=vs.85%29.aspx
- Parameters
process_id (int) – The identifier of the process to be opened
debug (bool) – If the process should be opened in debug mode
process_access (pymem.ressources.structure.PROCESS) – Desired access level, defaulting to all access
- Returns
A handle to the opened process
- Return type
int
- pymem.process.open_main_thread(process_id)[source]
List given process threads and return a handle to first created one.
- Parameters
process_id (int) – The identifier of the process
- Returns
A handle to the main thread
- Return type
int
- pymem.process.open_thread(thread_id, thread_access=None)[source]
Opens an existing thread object. https://msdn.microsoft.com/en-us/library/windows/desktop/ms684335%28v=vs.85%29.aspx
- Parameters
thread_id (int) – The identifier of the thread to be opened
thread_access (int) – Desired access level, defaulting to all access
- Returns
A handle to the opened thread
- Return type
int
- pymem.process.process_from_id(process_id)[source]
Open a process given its name.
- Parameters
process_id (int) – The identifier of the process to be opened
- Returns
The process entry of the opened process
- Return type
- pymem.process.process_from_name(name: str, exact_match: bool = False, ignore_case: bool = True)[source]
Open a process given its name.
- Parameters
name – The name of the process to be opened
exact_match – Defaults to False, is the full name match or just part of it expected?
ignore_case – Default to True, should ignore process name case?
- Returns
The process entry of the opened process
- Return type
Ptypes
- class pymem.ptypes.RemotePointer(handle, v, endianess='little-endian')[source]
Pointer capable of reading the value mapped into another process memory.
- Parameters
handle (int) – Handle to the process
v (int, RemotePointer, any ctypes type) – The address value
endianess (str) – The endianess of the remote pointer, defaulting to little-endian
- Raises
PymemAlignmentError – If endianess is not a valid alignment
Notes
The bool of RemotePointer checks if the internal value is 0
- property cvalue
Reads targeted process memory and returns the value pointed by the given address.
- Returns
The value pointed at by this remote pointer as a ctypes type instance
- Return type
a ctypes type
- property value
Reads targeted process memory and returns the value pointed by the given address.
- Returns
The value pointed at by this remote pointer
- Return type
int
Thread
- class pymem.thread.Thread(process_handle, th_entry_32)[source]
Provides basic thread information such as TEB.
- Parameters
process_handle (int) – A handle to an opened process
th_entry_32 (ThreadEntry32) – Target thread’s entry object
Memory
- pymem.memory.allocate_memory(handle, size, allocation_type=None, protection_type=None)[source]
Reserves or commits a region of memory within the virtual address space of a specified process. The function initializes the memory it allocates to zero, unless MEM_RESET is used.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366890%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
size (int) – The size of the region of memory to allocate, in bytes.
allocation_type (MEMORY_STATE) – The type of memory allocation.
protection_type (MEMORY_PROTECTION) – The memory protection for the region of pages to be allocated.
- Returns
The address of the allocated region of pages.
- Return type
int
- pymem.memory.free_memory(handle, address, free_type=None)[source]
Releases, decommits, or releases and decommits a region of memory within the virtual address space of a specified process.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366894%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be freed.
free_type (MEMORY_PROTECTION) – The type of free operation.
- Returns
A boolean indicating if the call was a success.
- Return type
int
- pymem.memory.read_bool(handle, address)[source]
Reads 1 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as a bool
- Return type
bool
- pymem.memory.read_bytes(handle, address, byte)[source]
Reads data from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
byte (int) – Number of bytes to be read
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as bytes
- Return type
bytes
- pymem.memory.read_char(handle, address)[source]
Reads 1 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as a string
- Return type
str
- pymem.memory.read_ctype(handle, address, ctype, *, get_py_value=True, raw_bytes=False)[source]
Read a ctype basic type or structure from <address>
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
ctype – A simple ctypes type or structure
get_py_value (bool) – If the corrosponding python type should be used instead of returning the ctype This is automatically set to False for ctypes.Structure or ctypes.Array instances
raw_bytes (bool) – If we should return the raw ctype bytes
- Raises
WinAPIError – If ReadProcessMemory failed
- Returns
Return will be either the ctype with the read value if get_py_value is false or the corropsonding python type
- Return type
Any
- pymem.memory.read_double(handle, address)[source]
Reads 8 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as a float
- Return type
float
- pymem.memory.read_float(handle, address)[source]
Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as a float
- Return type
float
- pymem.memory.read_int(handle, address)[source]
Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_long(handle, address)[source]
Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_longlong(handle, address)[source]
Reads 8 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_short(handle, address)[source]
Reads 2 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_string(handle, address, byte=50)[source]
Reads n byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
byte (int, default=50) – max number of bytes to check for null terminator, defaults to 50
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as a string
- Return type
str
- pymem.memory.read_uchar(handle, address)[source]
Reads 1 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_uint(handle, address, is_64=False)[source]
Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
is_64 (bool) – Should we unpack as big-endian
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_ulong(handle, address)[source]
Reads 4 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_ulonglong(handle, address)[source]
Reads 8 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.read_ushort(handle, address)[source]
Reads 2 byte from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be read.
- Raises
TypeError – If address is not a valid integer
WinAPIError – If ReadProcessMemory failed
- Returns
The raw value read as an int
- Return type
int
- pymem.memory.virtual_query(handle, address)[source]
Retrieves information about a range of pages within the virtual address space of a specified process.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366775(v=vs.85).aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa366907(v=vs.85).aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of to be read.
- Returns
A memory basic information object
- Return type
MEMORY_BASIC_INFORMATION
- pymem.memory.write_bool(handle, address, value)[source]
Writes 1 byte to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (bool) – A boolean representing the value to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_bytes(handle, address, data, length)[source]
Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
Casts address using ctypes.c_char_p.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
data (void) – A buffer that contains data to be written
length (int) – Number of bytes to be written.
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_char(handle, address, value)[source]
Writes 1 byte to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (str) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_ctype(handle, address, ctype)[source]
Write a ctype basic type or structure to <address>
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
ctype – A simple ctypes type or structure
- Raises
WinAPIError – If WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_double(handle, address, value)[source]
Writes 8 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (float) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_float(handle, address, value)[source]
Writes 4 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (float) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_int(handle, address, value)[source]
Writes 4 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_long(handle, address, value)[source]
Writes 4 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_longlong(handle, address, value)[source]
Writes 8 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_short(handle, address, value)[source]
Writes 2 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_string(handle, address, bytecode)[source]
Writes n bytes of len(bytecode) to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
bytecode (str, bytes) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_uchar(handle, address, value)[source]
Writes 1 byte to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (str) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_uint(handle, address, value)[source]
Writes 4 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_ulong(handle, address, value)[source]
Writes 4 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_ulonglong(handle, address, value)[source]
Writes 8 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
- pymem.memory.write_ushort(handle, address, value)[source]
Writes 2 bytes to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
- Parameters
handle (int) – The handle to a process. The function allocates memory within the virtual address space of this process. The handle must have the PROCESS_VM_OPERATION access right.
address (int) – An address of the region of memory to be written.
value (int) – A buffer that contains data to be written
- Raises
TypeError – If address is not a valid integer
WinAPIError – if WriteProcessMemory failed
- Returns
A boolean indicating a successful write.
- Return type
bool
Exceptions
- exception pymem.exception.CouldNotOpenProcess(process_id)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.MemoryReadError(address, length, error_code=None)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.MemoryWriteError(address, value, error_code=None)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.ProcessError(message)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.ProcessNotFound(process_name)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.PymemAlignmentError(message)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.PymemError(message)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- exception pymem.exception.PymemMemoryError(message)[source]
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.