{"id":19765573,"url":"https://github.com/danielfvm/memmod","last_synced_at":"2025-04-30T15:30:30.016Z","repository":{"id":50521654,"uuid":"519317145","full_name":"danielfvm/memmod","owner":"danielfvm","description":"A library to modify another program's memory on linux x64.","archived":false,"fork":false,"pushed_at":"2024-03-26T17:25:43.000Z","size":4655,"stargazers_count":12,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-04-26T23:01:53.106Z","etag":null,"topics":["hacking-tools","injector","linux","memory","python-library"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danielfvm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-07-29T18:42:39.000Z","updated_at":"2024-04-21T20:10:49.000Z","dependencies_parsed_at":"2023-10-15T10:11:16.119Z","dependency_job_id":null,"html_url":"https://github.com/danielfvm/memmod","commit_stats":{"total_commits":17,"total_committers":2,"mean_commits":8.5,"dds":0.2941176470588235,"last_synced_commit":"8006e02d266f062bdb19f8c82d661e1f5b1155cc"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielfvm%2Fmemmod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielfvm%2Fmemmod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielfvm%2Fmemmod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielfvm%2Fmemmod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danielfvm","download_url":"https://codeload.github.com/danielfvm/memmod/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224214638,"owners_count":17274647,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking-tools","injector","linux","memory","python-library"],"created_at":"2024-11-12T04:18:36.165Z","updated_at":"2024-11-12T04:18:36.751Z","avatar_url":"https://github.com/danielfvm.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# memmod\n![Repository size](https://img.shields.io/github/repo-size/danielfvm/memmod?color=39d45f) \n[![GitHub last commit](https://img.shields.io/github/last-commit/danielfvm/memmod?color=39d45f)](https://github.com/danielfvm/memmod/commits/master) \n![License](https://img.shields.io/badge/license-GPL-39d45f) \n[![Stargazers](https://img.shields.io/github/stars/danielfvm/memmod?color=39d45f\u0026logo=github)](https://github.com/danielfvm/memmod/stargazers)\n\nA library to modify another program's memory on linux x64. The goal of this library is to provide easy\nfunctions to modify the memory of another application externaly. Additionaly creating a program like\n[CheatEngine](https://cheatengine.org/) that runs natively on Linux with many features that CheatEngine provides.\n\n## Examples\nA basic example on how to use memmod, for more examples look [here](examples).\n```py\nfrom memmod import Process\n\n# opens a process with the name \"supertux2\" \nproc = Process(name=\"supertux2\")\n\n# get the puts function and execute it inside the process\nputs = proc.get_libc_function(\"puts\")\nputs(\"Hello World!\")\n\n# Find a module by name\nmodulebase = proc.find_module(proc.name)\nassert modulebase != None, \"Failed to find module base\"\n\n# Search ingame coin address by resolving a pointer chain \nstatic_ptr = modulebase.start + 0x6CBC40\ncoin_ptr_addr = proc.resolve_pointer_chain(static_ptr, [0x28, 0x20, 0x0])\n\n# Write a number to address\nproc.write(coin_ptr_addr, 9999)\n```\n\n\n## Installation\nYou can find the uploaded library [here](https://pypi.org/project/libmemmod/) and install it with:\n```\npip3 install libmemmod\n```\nTogether with the library you can also use the various [scripts](memmod/scripts/) that have been installed.\nHere an example of their usage:\n```\nsudo -E loadshared -n supertux2 mysharedlib.so\nsudo -E accessanalyzer -n supertux2 -a 0x559c7b55330e\nsudo -E pointerscanner -n supertux2 -a 0x558599fb6fe0 -r 0x1ff\nsudo -E timerhack -n supertux2 -f 2.0\n```\n\n## Features\n* read/write to a process\n* inject breakpoints and listen to them\n* execute functions within the target process\n* find modules from `/proc/pid/maps` by name, mode, offset or address\n* inject `.so` into target process with `load_shared_library()`\n* create function detours with an optional trampoline\n* bindings for ptrace\n* get path to binary file with `get_path_to_executable()`\n* search pattern in a module with a signature\n* resolve a pointerchain to find addresses, can be used with the [Pointer Scanner](memmod/scripts/pointerscanner.py).\n* supports mono specific calls, [see here](memmod/monomanager.py)\n* find symbol and relocation offsets within a module\n* get X11 window id with `get_x11_window()`\n* send key presses to the process `send_key()`\n* search for data or addresses in a specified range with `scan()` \n\n## How it works\n### Finding processes and reading/writing to them\nWe use the `/proc/` folder that \"stores\" all processes in separate folders with their Process-ID (pid) as the folder name.\nEach process has a `/proc/pid/status` file that contains the process name, a `/proc/pid/maps` file with all the memory regions\nlisted, a `/proc/pid/mem` \"file\" in which we can read/write in to the memory of the process (with the necessary permissions).\nFor reading and writting use the functions `read()` and `write()`, searching for a module can be done by using the functions\n`find_module()` and `find_module_with_address()`.\n\n### Debugging\nFor debugging we use the ptrace systemcall that allows us to stop a process, read its registers and continue until it reaches\na breakpoint. A breakpoint in x64 linux is the hex number 0xCC and we can simply write this byte into the process as explained\nin the previous section. To use ptrace with this library run `with proc.ptrace() as ptrace:`, when running this, it will\nautomatically attach and stop the process, after that it will NOT detach, but instead just continue! If you want to detach\nyou will need todo it manually with `ptrace.detach()`. For easier handling with debugging and breakpoints you can use `add_breakpoint()`, \nit will take an `address` and a `handler` that is being executed as soon as the target process reaches the breakpoint. Optionaly you \ncan provide it with data that can be used in the handler. The handler will receive the registers and the data if provided. The handler \nmust return a boolean, if it returns `False` the breakpoint will be removed, to keep the breakpoint return `True`. But to start \nlistening to the breakpoints you will need to run the `listen()` function. Note that the breakpoints are not being written into the \nmemory by `add_breakpoint()` but by `listen()`. Listen will stop when all breakpoints have been deleted or the user interrupts it with \nctrl+c, which will lead to the automatic removal of all breakpoints. Look [here](/examples/) for examples on how to use it.\n\n### Function execution\nWe use ptrace to stop the application and write the `call rax` instruction at the current `rip` location and a breakpoint after \nthat. We load into the `rax` register the address to the function we want to execute and the other register are being set to the \narguments we want to pass to the function. After setting the registers, we continue the process flow and will reset the registers \nand the overwritten binary as soon as we reach the breakpoint. To use this feature use the function `run_function()`.\nFor more information see [this](https://ancat.github.io/python/2019/01/01/python-ptrace.html) article.\n\n\n\n## Scripts\nTo show the capabilities of this library I programmed a few scripts that can be helpful when searching for addresses and are \nalso being installed when installing this library. These scripts where inspired by the functionalities of [CheatEngine](https://cheatengine.org/).\n* [Access Analyzer](memmod/scripts/accessanalyzer.py) Searches for asm instruction accessing address\n* [Pointer Scanner](memmod/scripts/pointerscanner.py) Searches for pointers pointing to an address\n* [Load Shared Library](memmod/scripts/loadshared.py) Loads a `.so` file to a process\n* [Timer hack](memmod/scripts/timerhack.py) Speeds up the clock by a defined factor (x64 only)\n\n\n## Resources\nHere are some useful links to websites that helped me making this library and the scripts.\n* [Guided Hacking - Read / Write to memory](https://www.youtube.com/watch?v=VMlW7BoI_IQ)\n* [Linux-Inject](https://github.com/gaffe23/linux-inject)\n* [ELF-Structure](https://uclibc.org/docs/elf-64-gen.pdf)\n* [Injecting Code with Ptrace](https://ancat.github.io/python/2019/01/01/python-ptrace.html)\n* [BananaBot - CSGO hacking](https://bananamafia.dev/post/bananabot/)\n* [C++ vtables](https://defuse.ca/exploiting-cpp-vtables.htm)\n* [LD_PRELOAD and Symbols](http://www.goldsborough.me/c/low-level/kernel/2016/08/29/16-48-53-the_-ld_preload-_trick/)\n* [Guided Hacking - Function hooking](https://guidedhacking.com/threads/how-to-hook-functions-code-detouring-guide.14185/)\n* [Guided Hacking - Unity / Mono](https://www.youtube.com/watch?v=e7cCus-LfBo)\n* [Mono API Documentation](http://docs.go-mono.com/?link=root:/embed)\n* [Sendkeys (X11)](https://github.com/kyoto/sendkeys)\n\n\n## Tools\nSome tools and programs that I used when testing and debugging the library and it's scripts.\n* readelf (read symbols from binary file)\n* objdump (assembler code of binary file)\n* gdb (for debugging the target process)\n* monodis\n* [online-86-assembler](https://defuse.ca/online-x86-assembler.htm)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielfvm%2Fmemmod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanielfvm%2Fmemmod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielfvm%2Fmemmod/lists"}