memorpy
1.0.0
Python库使用CTYPES搜索/编辑Windows/Linux/OSX/SUNOS程序内存。
pip install https://github.com/n1nj4sec/memorpy/archive/master.zip
在此示例中,打开Notepad.exe并输入一些文本,我们将从内存中编辑!
> >> from memorpy import *
> >> mw = MemWorker ( pid = 3856 ) #you can also select a process by its name with the kwarg name=
> >> l = [ x for x in mw . umem_search ( "hello" )]
> >> l
[( '' , < Addr : 0x003287B0 > )]
> >> a = l [ 0 ][ 1 ]
> >> a
< Addr : 0x003287B0 >
> >> a + 4
< Addr : 0x003287B4 >
> >> print a
< Addr : 0x003287B0 : "h x00 e x00 l x00 l x00 o x00 x00 t x00 h x00 i x00 s x00 x00 i x00 s x00 x00 a x00 x00 m x00 e x00 s x00 s x00 a x00 g x00 e x00 x00 I x00 " ( bytes ) >
> >> a . dump ()
00328790 : 46 00 72 00 61 00 6 E 00 63 00 65 00 29 00 00 00 F . r . a . n . c . e .)...
003287 A0 : 00 00 00 00 00 00 00 00 F3 8 F 57 0 C 7 F 6 A 00 10 .......... W .. j ..
003287 B0 : 63 00 6 F 00 75 00 63 00 6 F 00 75 00 20 00 74 00 c . o . u . c . o . u . . t .
003287 C0 : 68 00 69 00 73 00 20 00 69 00 73 00 20 00 61 00 h . i . s . . i . s . . a .
003287 D0 : 20 00 6 D 00 65 00 73 00 73 00 61 00 67 00 65 00 . m . e . s . s . a . g . e .
003287E0 : 20 00 49 00 20 00 74 00 79 00 70 00 65 00 64 00 . I . . t . y . p . e . d .
003287 F0 : 20 00 69 00 6 E 00 20 00 6 E 00 6 F 00 74 00 65 00 . i . n . . n . o . t . e .
00328800 : 70 00 61 00 64 00 2 E 00 65 00 78 00 65 00 20 00 p . a . d ... e . x . e . .
00328810 : 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 !...............
00328820 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00328830 : 00 00 00 00 04 00 27 00 F7 8 F 74 2 B 6 A 6 A 00 00 ......'... t + jj ..
00328840 : 30 7 A 32 00 C0 8 B 32 00 00 00 00 00 00 00 00 00 0 z2 ... 2. ........
00328850 : 01 00 01 00 01 01 00 00 00 00 00 00 00 00 00 00 ................
00328860 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00328870 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00328880 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00328890 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003288 A0 : 01 00 00 01 00 00 01 00 00 00 00 01 00 00 00 00 ................
003288 B0 : 07 00 00 07 59 6 A 00 00 B8 79 32 00 E8 35 32 00 .... Yj ... y2 . .52 .
003288 C0 : 50 54 9 D ED E6 EB 55 42 82 89 F8 A3 1 E 68 72 28 PT .... UB ..... hr (
003288 D0 : 03 00 00 03 7 F 6 A 00 00 C0 8 B 32 00 E8 35 32 00 ..... j .... 2. . 52.
003288E0 : AA BA 43 9 F 5 C 80 8 F 67 E2 8 F 75 3 F 6 E 6 A 00 0 C .. C ... g .. u ? nj ..
003288 F0 : F0 FE 30 00 70 FE 30 00 F0 FD 30 00 1 D 17 ED 00 . .0 . p . 0. . .0 .....
00328900 : B6 8 F 75 6 B 7 B 6 A 00 08 00 00 00 00 00 00 00 00 .. uk { j ..........
00328910 : 11 10 0 A 61 00 00 00 00 00 00 00 00 A0 00 00 00 ... a ............
00328920 : 0 D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00328930 : 00 00 80 41 00 00 80 41 00 00 80 3 D 00 00 80 3 D ... A ... A ... = ... =
00328940 : 00 00 D0 00 00 00 30 00 1 E FF 20 1 F 00 00 00 00 ..... .0 ... .....
00328950 : 71 80 0 E 00 30 00 30 00 30 00 30 00 30 00 30 00 q ... 0.0 .0 . 0.0 .0 .
00328960 : 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 0.0 . 0.0 .0 . 0.0 .0 .
00328970 : 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 0.0 . 0.0 .0 . 0.0 .0 .
00328980 : 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 0.0 . 0.0 .0 . 0.0 .0 .
> >> a . read ( 100 ). decode ( "utf-16-le" )
u'hello this is a message I typed in notepad.exe ! x00 x00 '
>> > a . write ( "pwned" . encode ( "utf-16-le" ))
1
>> > a . read ( 100 ). decode ( "utf-16-le" )
u'pwned this is a message I typed in notepad.exe ! x00 x00 '回头看您的记事本,应该更改文字! :)更快的方法可能是:
> >> mw . umem_replace ( "hello" , "pwned" )还通过定位器类实现了其他一些有趣的功能,例如在内存中搜索不同的值类型和监视其更改。例如,如果您想在游戏中作弊,并且从200弹药开始,则可以做类似的事情:
> >> lo = Locator ( mw )
> >> lo . feed ( 200 )
...
< Addr : 0x0018FDE2 > ,
< Addr : 0x0018FDE4 > ,
< Addr : 0x0018FDE6 > ,
...]}使用一些弹药和“重新添加”定位器(执行几次,直到剩下一个结果)
> >> lo . feed ( 199 )
{ 'double' : [],
'float' : [],
'int' : [ < Addr : 0x0019FAF0 > ],
'long' : [],
'short' : [],
'uint' : [],
'ulong' : [],
'ushort' : []}
> >> a = _ [ "int" ][ 0 ]
> >> a . read ()
199
> >> a . write ( 999999 )
1现在您有无限弹药:o)
我希望此代码对某人有用。
玩得开心 !
看看来自各个过程内存的密码的mimipy
通过邮件:[email protected]
在Twitter上:在Twitter上关注我
如果你们中有些人想参加或向我发送反馈,请不要犹豫:-)
这个项目是个人发展,请尊重其哲学,不要将其用于邪恶目的!
