memory package¶

Submodules¶

Module contents¶

Provides binary/memory based functionality.

class memory.BinaryFile¶

Bases: Boost.Python.instance

__init__()¶: Raises an exception This class cannot be instantiated from Python

find_address((BinaryFile)arg1, (object)identifier) → Pointer :¶: Returns the address of a signature or symbol found in memory.

find_pointer((BinaryFile)arg1, (object)arg2[, (Channel)offset=0[, (int)level=0]]) → Pointer :¶: Rips out a pointer from a function.

base¶: Base address of the binary.

module¶: Handle of the binary.

size¶: Size of the binary.

symbols¶: Return a dict containing all symbols and their addresses.

class memory.Callback(convention, arg_types, return_type)[source]¶

Bases: core.AutoUnload, _memory.Function

Decorator to create a function in memory to call a Python callback.

__init__(convention, arg_types, return_type)[source]¶

Initialize the Callback object.

Parameters:	convention (Convention\|CallingConvention) – Calling convention that should be used for this callback. arg_types (iterable) – Argument types of the callback. return_type – Return type of the callback.

class memory.CallingConvention¶

Bases: Boost.Python.instance

An an abstract class that is used to create custom calling conventions (only available for hooking function and not for calling functions).

__init__((object)arg1, (object)arg2, (DataType)arg3[, (Channel)alignment=4[, (Convention)default_convention=_memory.Convention.CUSTOM]]) → object :¶

Initialize the calling convention.

Parameters:	arg_types (iterable) – A list of `DataType` values that define the argument types of a function. return_type (DataType) – The return type of a function. alignment (int) – The stack alignment. default_convention (Convention_t) – The default convention for un override function.

argument_ptr_changed((CallingConvention)arg1, (Channel)index, (Registers)registers, (object)ptr) → None :¶

Called when the argument pointer returned by get_argument_ptr() has been changed.

Parameters:	index (int) – The index of the argument that has been changed. registers (Registers) – A snapshot of all saved registers. ptr (Pointer) – The argument pointer that has been changed.

get_argument_ptr((CallingConvention)arg1, (Channel)index, (Registers)registers) → object :¶

Return a pointer to the argument at the given index.

Parameters:	index (int) – The index of the argument. registers (Registers) – A snapshot of all saved registers.

get_pop_size((CallingConvention)arg1) → int :¶: Return the number of bytes that should be added to the stack to clean up.

get_registers((CallingConvention)arg1) → object :¶: Return a list of Register values. These registeres will be saved for later access.

get_return_ptr((CallingConvention)arg1, (Registers)registers) → object :¶

Return a pointer to the return value.

Parameters:	registers (Registers) – A snapshot of all saved registers.

return_ptr_changed((CallingConvention)arg1, (Registers)registers, (object)ptr) → None :¶

Called when the return value pointer returned by get_return_ptr() has been changed.

Parameters:	registers (Registers) – A snapshot of all saved registers. ptr (Pointer) – The return value pointer that has been changed.

alignment¶: An integer that defines the stack alignment.

argument_types¶: A list of DataType values that define the argument types of a function.

return_type¶: A DataType value that defines the return type of a function.

class memory.Convention¶

Bases: Boost.Python.enum

CDECL = _memory.Convention.CDECL¶

CUSTOM = _memory.Convention.CUSTOM¶

FASTCALL = _memory.Convention.FASTCALL¶

STDCALL = _memory.Convention.STDCALL¶

THISCALL = _memory.Convention.THISCALL¶

names = {'CUSTOM': _memory.Convention.CUSTOM, 'CDECL': _memory.Convention.CDECL, 'STDCALL': _memory.Convention.STDCALL, 'THISCALL': _memory.Convention.THISCALL, 'FASTCALL': _memory.Convention.FASTCALL}¶

values = {0: _memory.Convention.CUSTOM, 1: _memory.Convention.CDECL, 3: _memory.Convention.STDCALL, 2: _memory.Convention.THISCALL, 4: _memory.Convention.FASTCALL}¶

class memory.DataType¶

Bases: Boost.Python.enum

BOOL = _memory.DataType.BOOL¶

CHAR = _memory.DataType.CHAR¶

DOUBLE = _memory.DataType.DOUBLE¶

FLOAT = _memory.DataType.FLOAT¶

INT = _memory.DataType.INT¶

LONG = _memory.DataType.LONG¶

LONG_LONG = _memory.DataType.LONG_LONG¶

POINTER = _memory.DataType.POINTER¶

SHORT = _memory.DataType.SHORT¶

STRING = _memory.DataType.STRING¶

UCHAR = _memory.DataType.UCHAR¶

UINT = _memory.DataType.UINT¶

ULONG = _memory.DataType.ULONG¶

ULONG_LONG = _memory.DataType.ULONG_LONG¶

USHORT = _memory.DataType.USHORT¶

VOID = _memory.DataType.VOID¶

names = {'VOID': _memory.DataType.VOID, 'BOOL': _memory.DataType.BOOL, 'CHAR': _memory.DataType.CHAR, 'UCHAR': _memory.DataType.UCHAR, 'SHORT': _memory.DataType.SHORT, 'USHORT': _memory.DataType.USHORT, 'INT': _memory.DataType.INT, 'UINT': _memory.DataType.UINT, 'LONG': _memory.DataType.LONG, 'ULONG': _memory.DataType.ULONG, 'LONG_LONG': _memory.DataType.LONG_LONG, 'ULONG_LONG': _memory.DataType.ULONG_LONG, 'FLOAT': _memory.DataType.FLOAT, 'DOUBLE': _memory.DataType.DOUBLE, 'POINTER': _memory.DataType.POINTER, 'STRING': _memory.DataType.STRING}¶

values = {0: _memory.DataType.VOID, 1: _memory.DataType.BOOL, 2: _memory.DataType.CHAR, 3: _memory.DataType.UCHAR, 4: _memory.DataType.SHORT, 5: _memory.DataType.USHORT, 6: _memory.DataType.INT, 7: _memory.DataType.UINT, 8: _memory.DataType.LONG, 9: _memory.DataType.ULONG, 10: _memory.DataType.LONG_LONG, 11: _memory.DataType.ULONG_LONG, 12: _memory.DataType.FLOAT, 13: _memory.DataType.DOUBLE, 14: _memory.DataType.POINTER, 15: _memory.DataType.STRING}¶

class memory.Function¶

Bases: _memory.Pointer

__init__((object)arg1, (int)arg2, (object)arg3, (object)arg4, (object)arg5) → None¶: __init__( (object)arg1, (Function)arg2) -> None

add_hook((Function)arg1, (HookType)hook_type, (object)callback) → None :¶: Adds a hook callback.

add_post_hook((Function)arg1, (object)arg2) → None :¶: Adds a post-hook callback.

add_pre_hook((Function)arg1, (object)arg2) → None :¶: Adds a pre-hook callback.

call_trampoline()¶

object call_trampoline(tuple args, dict kwds) :: Calls the trampoline function dynamically.

is_callable((Function)arg1) → bool :¶: Return True if the function is callable.

is_hookable((Function)arg1) → bool :¶: Return True if the function is hookable.

is_hooked((Function)arg1) → bool :¶: Return True if the function is hooked.

remove_hook((Function)arg1, (HookType)hook_type, (object)callback) → None :¶: Removes a hook callback.

remove_post_hook((Function)arg1, (object)arg2) → None :¶: Removes a post-hook callback.

remove_pre_hook((Function)arg1, (object)arg2) → None :¶: Removes a pre-hook callback.

skip_hooks()¶

object skip_hooks(tuple args, dict kwds) :: Call the function, but skip hooks if there are any.

arguments¶

convention¶

converter¶

custom_convention¶

return_type¶

trampoline¶: Return the trampoline function if the function is hooked.

class memory.FunctionInfo¶

Bases: Boost.Python.instance

__init__()¶: Raises an exception This class cannot be instantiated from Python

argument_types¶

calling_convention¶

is_virtual¶

return_type¶

this_pointer_offset¶

vtable_index¶

vtable_offset¶

class memory.Pointer¶

Bases: Boost.Python.instance

__init__((object)arg1[, (int)arg2[, (bool)arg3]]) → None¶: __init__( (object)arg1, (Pointer)arg2) -> None

compare((Pointer)arg1, (object)other, (int)num) → int :¶: Compares the first <num> bytes of both pointers. Returns 0 if they are equal. A value greater than zero indicates that the first byte that does not match in both pointers has a greater value in <self> than in <other>. A value less than zero indicates the opposite.

copy((Pointer)arg1, (object)destination, (int)num_bytes) → None :¶: Copies <num_bytes> from <self> to the pointer <destination>. Overlapping is not allowed!

dealloc((object)arg1) → None :¶: Deallocates a memory block.

get_bool((Pointer)arg1[, (Channel)offset=0]) → bool :¶: Returns the value at the given memory location.

get_char((Pointer)arg1[, (Channel)offset=0]) → str :¶: Returns the value at the given memory location.

get_double((Pointer)arg1[, (Channel)offset=0]) → float :¶: Returns the value at the given memory location.

get_float((Pointer)arg1[, (Channel)offset=0]) → float :¶: Returns the value at the given memory location.

get_int((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_long((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_long_long((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_pointer((Pointer)arg1[, (Channel)offset=0]) → Pointer :¶: Returns the value at the given memory location.

get_short((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_string_array((Pointer)arg1[, (Channel)offset=0]) → str :¶: Returns the value at the memory location.

get_string_pointer((Pointer)arg1[, (Channel)offset=0]) → str :¶: Returns the value at the given memory location.

get_uchar((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_uint((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_ulong((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_ulong_long((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_ushort((Pointer)arg1[, (Channel)offset=0]) → int :¶: Returns the value at the given memory location.

get_virtual_func((Pointer)arg1, (Channel)index) → Pointer :¶: Returns the address (as a Pointer instance) of a virtual function at the given index.

is_overlapping((Pointer)arg1, (object)destination, (int)num_bytes) → bool :¶: Returns True if the pointers are overlapping each other.

make_function((Pointer)arg1, (object)convention, (object)arguments, (object)return_type) → Function :¶

Creates a new Function instance.

make_function( (Pointer)arg1, (FunctionInfo)arg2) -> Function :: Use the given FunctionInfo object to convert the pointer into a Function object.

make_virtual_function((Pointer)arg1, (Channel)index, (object)convention, (object)arguments, (object)return_type) → Function :¶

Creates a new Function instance.

make_virtual_function( (Pointer)arg1, (FunctionInfo)arg2) -> Function :: Use the given FunctionInfo object to retrieve a virtual function and convert it into a Function object.

move((Pointer)arg1, (object)destination, (int)num_bytes) → None :¶: Copies <num_bytes> from <self> to the pointer <destination>. Overlapping is allowed!

protect((Pointer)arg1, (Channel)size) → None :¶: Make the memory block read-only.

realloc((object)arg1, (Channel)size) → Pointer :¶: Reallocates a memory block.

search_bytes((Pointer)arg1, (object)bytes, (int)num_bytes) → Pointer :¶: Searches within the first <num_bytes> of this memory block for the first occurence of <bytes> and returns a pointer it.

set_bool((Pointer)arg1, (bool)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_char((Pointer)arg1, (str)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_double((Pointer)arg1, (float)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_float((Pointer)arg1, (float)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_int((Pointer)arg1, (Channel)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_long((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_long_long((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_pointer((Pointer)arg1, (object)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_protection((Pointer)arg1, (Protection)protection, (Channel)size) → None :¶: Set memory protection.

set_short((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_string_array((Pointer)arg1, (str)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_string_pointer((Pointer)arg1, (str)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_uchar((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_uint((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_ulong((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_ulong_long((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

set_ushort((Pointer)arg1, (int)arg2[, (Channel)offset=0]) → None :¶: Sets the value at the given memory location.

unprotect((Pointer)arg1, (Channel)size) → None :¶: Make the memory block read-, write- and executable.

address¶

auto_dealloc¶

size¶: Returns the size of the memory block.

type_info¶

class memory.ProcessorRegister¶

Bases: Boost.Python.instance

__init__()¶: Raises an exception This class cannot be instantiated from Python

address¶

size¶

class memory.Register¶

Bases: Boost.Python.enum

AH = _memory.Register.AH¶

AL = _memory.Register.AL¶

AX = _memory.Register.AX¶

BH = _memory.Register.BH¶

BL = _memory.Register.BL¶

BP = _memory.Register.BP¶

BX = _memory.Register.BX¶

CH = _memory.Register.CH¶

CL = _memory.Register.CL¶

CS = _memory.Register.CS¶

CX = _memory.Register.CX¶

DH = _memory.Register.DH¶

DI = _memory.Register.DI¶

DL = _memory.Register.DL¶

DS = _memory.Register.DS¶

DX = _memory.Register.DX¶

EAX = _memory.Register.EAX¶

EBP = _memory.Register.EBP¶

EBX = _memory.Register.EBX¶

ECX = _memory.Register.ECX¶

EDI = _memory.Register.EDI¶

EDX = _memory.Register.EDX¶

ES = _memory.Register.ES¶

ESI = _memory.Register.ESI¶

ESP = _memory.Register.ESP¶

FS = _memory.Register.FS¶

GS = _memory.Register.GS¶

MM0 = _memory.Register.MM0¶

MM1 = _memory.Register.MM1¶

MM2 = _memory.Register.MM2¶

MM3 = _memory.Register.MM3¶

MM4 = _memory.Register.MM4¶

MM5 = _memory.Register.MM5¶

MM6 = _memory.Register.MM6¶

MM7 = _memory.Register.MM7¶

SI = _memory.Register.SI¶

SP = _memory.Register.SP¶

SS = _memory.Register.SS¶

ST0 = _memory.Register.ST0¶

XMM0 = _memory.Register.XMM0¶

XMM1 = _memory.Register.XMM1¶

XMM2 = _memory.Register.XMM2¶

XMM3 = _memory.Register.XMM3¶

XMM4 = _memory.Register.XMM4¶

XMM5 = _memory.Register.XMM5¶

XMM6 = _memory.Register.XMM6¶

XMM7 = _memory.Register.XMM7¶

names = {'AL': _memory.Register.AL, 'CL': _memory.Register.CL, 'DL': _memory.Register.DL, 'BL': _memory.Register.BL, 'AH': _memory.Register.AH, 'CH': _memory.Register.CH, 'DH': _memory.Register.DH, 'BH': _memory.Register.BH, 'AX': _memory.Register.AX, 'CX': _memory.Register.CX, 'DX': _memory.Register.DX, 'BX': _memory.Register.BX, 'SP': _memory.Register.SP, 'BP': _memory.Register.BP, 'SI': _memory.Register.SI, 'DI': _memory.Register.DI, 'EAX': _memory.Register.EAX, 'ECX': _memory.Register.ECX, 'EDX': _memory.Register.EDX, 'EBX': _memory.Register.EBX, 'ESP': _memory.Register.ESP, 'EBP': _memory.Register.EBP, 'ESI': _memory.Register.ESI, 'EDI': _memory.Register.EDI, 'MM0': _memory.Register.MM0, 'MM1': _memory.Register.MM1, 'MM2': _memory.Register.MM2, 'MM3': _memory.Register.MM3, 'MM4': _memory.Register.MM4, 'MM5': _memory.Register.MM5, 'MM6': _memory.Register.MM6, 'MM7': _memory.Register.MM7, 'XMM0': _memory.Register.XMM0, 'XMM1': _memory.Register.XMM1, 'XMM2': _memory.Register.XMM2, 'XMM3': _memory.Register.XMM3, 'XMM4': _memory.Register.XMM4, 'XMM5': _memory.Register.XMM5, 'XMM6': _memory.Register.XMM6, 'XMM7': _memory.Register.XMM7, 'CS': _memory.Register.CS, 'SS': _memory.Register.SS, 'DS': _memory.Register.DS, 'ES': _memory.Register.ES, 'FS': _memory.Register.FS, 'GS': _memory.Register.GS, 'ST0': _memory.Register.ST0}¶

values = {0: _memory.Register.AL, 1: _memory.Register.CL, 2: _memory.Register.DL, 3: _memory.Register.BL, 4: _memory.Register.AH, 5: _memory.Register.CH, 6: _memory.Register.DH, 7: _memory.Register.BH, 8: _memory.Register.AX, 9: _memory.Register.CX, 10: _memory.Register.DX, 11: _memory.Register.BX, 12: _memory.Register.SP, 13: _memory.Register.BP, 14: _memory.Register.SI, 15: _memory.Register.DI, 16: _memory.Register.EAX, 17: _memory.Register.ECX, 18: _memory.Register.EDX, 19: _memory.Register.EBX, 20: _memory.Register.ESP, 21: _memory.Register.EBP, 22: _memory.Register.ESI, 23: _memory.Register.EDI, 24: _memory.Register.MM0, 25: _memory.Register.MM1, 26: _memory.Register.MM2, 27: _memory.Register.MM3, 28: _memory.Register.MM4, 29: _memory.Register.MM5, 30: _memory.Register.MM6, 31: _memory.Register.MM7, 32: _memory.Register.XMM0, 33: _memory.Register.XMM1, 34: _memory.Register.XMM2, 35: _memory.Register.XMM3, 36: _memory.Register.XMM4, 37: _memory.Register.XMM5, 38: _memory.Register.XMM6, 39: _memory.Register.XMM7, 40: _memory.Register.CS, 41: _memory.Register.SS, 42: _memory.Register.DS, 43: _memory.Register.ES, 44: _memory.Register.FS, 45: _memory.Register.GS, 46: _memory.Register.ST0}¶

class memory.Registers¶

Bases: Boost.Python.instance

__init__()¶: Raises an exception This class cannot be instantiated from Python

ah¶

al¶

ax¶

bh¶

bl¶

bp¶

bx¶

ch¶

cl¶

cs¶

cx¶

dh¶

di¶

dl¶

ds¶

dx¶

eax¶

ebp¶

ebx¶

ecx¶

edi¶

edx¶

es¶

esi¶

esp¶

fs¶

gs¶

mm0¶

mm1¶

mm2¶

mm3¶

mm4¶

mm5¶

mm6¶

mm7¶

si¶

sp¶

ss¶

st0¶

xmm0¶

xmm1¶

xmm2¶

xmm3¶

xmm4¶

xmm5¶

xmm6¶

xmm7¶

class memory.StackData¶

Bases: Boost.Python.instance

__init__((object)arg1, (object)arg2) → None¶

registers¶

return_address¶: Return the ‘return address’ to which DynamicHooks will jump after the post-hook has finished.

use_pre_registers¶

memory.alloc((Channel)arg1[, (bool)auto_dealloc=True]) → Pointer :¶

Allocate a memory block.

Parameters:	size (int) – The size (in bytes) of the memory block. auto_dealloc (bool) – If True the memory block will be deallocated automatically when the return value goes out of the scope.

memory.find_binary((str)arg1[, (bool)srv_check=True[, (bool)check_extension=True]]) → BinaryFile :¶

Search for a binary and return it as a BinaryFile object.

Parameters:	path (str) – The path to the binary file (absolute, relative or just the name of the file if it’s on the search path). srv_check (bool) – If True it will automatically check the binary for the ‘_srv’ ending on Linux.

memory.get_class(classname)[source]¶

Return the class of an exposed class by its C++ class name.

Parameters:	classname (str) – The name of the exposed class on the C++ side.
Raises:	KeyError – Raised if the classname is not the name of an exposed class.

memory.get_class_info(cls)[source]¶

Return the class info dictionary of a class.

Parameters:	cls (str) – A string that defines the name of the class on the C++ side or an exposed class or an object of an exposed class.
Raises:	ValueError – See `get_class_name()`.

memory.get_class_name(cls)[source]¶

Return the name of a class or class object on the C++ side.

Parameters:	cls – A class or class object.
Raises:	ValueError – Raised if the class was not exposed by Source.Python.

memory.get_data_type_size((DataType)arg1[, (Channel)alignment=4]) → int :¶

Return the size of the data type after applying alignment.

Parameters:	data_type (DataType) – The data type you would like to get the size of. alignment (int) – The alignment that should be used.

memory.get_function_info(cls, function_name, function_index=0)[source]¶

Return the FunctionInfo object of a member function.

Parameters:	cls (str) – See `get_class_info()`. function_name (str) – The name of the member function on the C++ side. function_index (int) – The index of the member function in the function info list. This is only required if the function is overloaded and you want to get a different FunctionInfo object than the first one.
Raises:	ValueError – See `get_class_name()`.

memory.get_object_pointer((object)obj) → object :¶

Return the pointer of the C++ object of a given Python object.

Parameters:	obj – The object you want to retrieve a pointer from.

memory.get_size((object)cls) → object :¶

Return the size of a class or class object of its C++ class.

Parameters:	cls – A class or class object.

memory.get_virtual_function(obj, function_name, function_index=0)[source]¶

Return a Function object.

Create the Function object by using a FunctionInfo object.

Parameters:	obj – An object of an exposed class. function_name (str) – See `get_function_info()`. function_index (int) – See `get_function_info()`.
Raises:	ValueError – See `get_class_name()`.

memory.make_object((object)cls, (object)ptr) → object :¶

Wrap a pointer using an exposed class.

param cls: The class that should be used to wrap the pointer.

param Pointer ptr:

The pointer that should be wrapped.

make_object( (object)cls, (Pointer)ptr) -> object :

Wrap a pointer using an exposed class.

param Pointer ptr:
param cls:	The class that should be used to wrap the pointer.
	The pointer that should be wrapped.

memory package¶

Submodules¶

Module contents¶

Table Of Contents

This Page