Comments (10)
Writing:
from libmem import *
for p in LM_EnumProcesses():
if p.name == "notepad.exe":
print(LM_FindModuleEx(p, p.name))
print(LM_ReadMemoryEx(p, LM_FindModuleEx(p, p.name).base, 8))
print(LM_WriteMemoryEx(p, LM_FindModuleEx(p, p.name).base, bytearray(b"Hello!")))
-
lm_module_t(base = 0x00007FF75D090000, end = 0x00007FF75D0C8000, size = 0x0000000000038000, path = "C:\Windows\system32\notepad.exe", name = "notepad.exe")
-
None
-
False
from libmem.
You need admin access to write memory to other processes
And you're supposed to use LM_ReadMemory
and LM_WriteMemory
to write in the current process, instead of LM_ReadMemoryEx
and LM_WriteMemoryEx
from libmem.
I just tested that, still not working, continued tests and Alloc doesnt work either
from libmem.
You need admin access to write memory to other processes
And you're supposed to useLM_ReadMemory
andLM_WriteMemory
to write in the current process, instead ofLM_ReadMemoryEx
andLM_WriteMemoryEx
Ok, let me check
from libmem.
I made triple sure that im using an elevated executor.
i also used "LM_ReadMemory"
from libmem.
Ok, so i cleaned up the code to avoid mistakes and its behaving the same now as with the problem we had with the base address.
from libmem import *
print(LM_GetProcess())
print(LM_FindModule(LM_GetProcess().name))
print(LM_ReadMemory(LM_FindModule(LM_GetProcess().name).base, 4))
This will crash with Process finished with exit code -1073741819 (0xC0000005)
In Powershell it will freeze the shell
from libmem.
Ive added error output to the C Code:
py_LM_ReadMemory(PyObject *self, PyObject *args)
{
lm_address_t src;
lm_size_t size;
lm_byte_t *dst;
PyObject *pybuf;
if (!PyArg_ParseTuple(args, "kk", &src, &size))
return NULL;
dst = LM_MALLOC(size);
if (!dst) {
PyErr_NoMemory();
return NULL;
}
if (LM_ReadMemory(src, dst, size) != size) {
LM_FREE(dst);
PyErr_SetString(PyExc_RuntimeError, "Failed to read memory");
return NULL;
}
pybuf = PyByteArray_FromStringAndSize((const char *)dst, size);
LM_FREE(dst);
return pybuf;
}
and the result:
Traceback (most recent call last):
File "D:\Dev\libmemutil\libmemutil\read.py", line 5, in
print(LM_ReadMemory(LM_FindModule(LM_GetProcess().name).base, 4))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Programs\Python311\Lib\site-packages\libmem_init_.py", line 575, in LM_ReadMemory
return _libmem.LM_ReadMemory(src, size)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
MemoryError
from libmem.
@rdbo , i found the issue.
from libmem.
Ok, turns out that "k" isnt getting evaluated correctly on Windows 64bit. I think you found that out already.
Changing the Code to :
py_LM_ReadMemory(PyObject *self, PyObject *args)
{
lm_address_t src;
lm_size_t size;
lm_byte_t *dst;
PyObject *pybuf;
if (!PyArg_ParseTuple(args, "KK", &src, &size))
return NULL;
dst = LM_MALLOC(size);
if (!dst) {
PyErr_NoMemory();
return NULL;
}
if (LM_ReadMemory(src, dst, size) != size) {
LM_FREE(dst);
PyErr_SetString(PyExc_RuntimeError, "Failed to read memory");
return NULL;
}
pybuf = PyByteArray_FromStringAndSize((const char *)dst, size);
LM_FREE(dst);
return pybuf;
}
Worked and is giving me correct output.
Unfortunately i have no clue if that impacts other OSes. I will prepare a PR and you can decide if we can implement it like that.
from libmem.
from libmem.
Related Issues (20)
- Clean up files
- Do better cross compiling (remove `LIBMEM_ARCH` option)
- Remove mounting procfs in FreeBSD on README HOT 2
- Include Capstone's detail in `lm_inst_t` HOT 4
- Skip undefined symbols on LM_EnumSymbols HOT 1
- Error build on ubuntu 22 aarch64
- Add methods for comparing memory, similar to memcmp
- Add function for getting page size HOT 1
- Make `LM_DeepPointer(Ex)` 1:1 to Cheat Engine's pointer maps/pointer scans HOT 1
- rust build fails HOT 8
- Rust: no access to `lm_inst_t` properties. HOT 2
- Fix `liblibmem.so` issue on Unix-likes HOT 2
- `lm_time_t` is private HOT 1
- Small doc correction for Rust LM_FindSymbolAddress HOT 1
- Add basic debug logging HOT 1
- Add helper functions for Python to avoid manual unpacking all the time
- Deprecate `LM_` suffix in Python bindings HOT 1
- Figure out a way to allow more assembler/disassembler modes HOT 3
- Reconsider uses of `process->bits` HOT 1
- Place 32 bit jump in x64 if possible
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libmem.