forked from DarthTon/Blackbone
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
140 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,108 @@ | ||
| import ctypes as c | ||
| from ctypes import wintypes as w | ||
| import enum | ||
|
|
||
| # Github : x544D | ||
|
|
||
| class PythonicBlackBone(): | ||
|
|
||
| class DataTypes(enum.Enum): | ||
| BOOL = 0 | ||
| INT16 = 1 | ||
| INT32 = 2 | ||
| INT64 = 3 | ||
| FLOAT = 4 | ||
| DOUBLE = 5 | ||
| LONG = 6 | ||
| ULONG = 7 | ||
| LLONG = 8 | ||
| ULLONG = 9 | ||
| SIZE_T = 10 | ||
| CHAR = 11 | ||
| BYTE = 12 | ||
| WCHAR = 13 | ||
| VOIDP = 14 | ||
|
|
||
|
|
||
| def ParseType(self, i , value=None): | ||
| _ = { | ||
| 0:c.c_bool, | ||
| 1:c.c_int16, | ||
| 2:c.c_int32, | ||
| 3:c.c_int64, | ||
| 4:c.c_float, | ||
| 5:c.c_double, | ||
| 6:c.c_long, | ||
| 7:c.c_ulong, | ||
| 8:c.c_longlong, | ||
| 9:c.c_ulonglong, | ||
| 10:c.c_size_t, | ||
| 11:c.c_char, | ||
| 12:c.c_byte, | ||
| 13:c.c_wchar, | ||
| 14:c.c_void_p, | ||
| } | ||
| F=_[i] | ||
| if value:return F(value=value) | ||
| else: return F() | ||
|
|
||
|
|
||
|
|
||
| def __init__(self, ProcessId , DesiredAccess=0x000F0000|0x00100000|0xFFF): | ||
| if ProcessId is None: | ||
| print("+ Please Give a valid PID .") | ||
| exit(0) | ||
|
|
||
| print("\t[ AN EASY WIN32API PYTHON WRAPPER CTYPE BASED ]\n\t- This is still under Dev .. !") | ||
| self.pid = ProcessId | ||
| self.access = DesiredAccess | ||
|
|
||
| self.k32 = c.windll.kernel32 | ||
| self.OpenProcess = self.k32.OpenProcess | ||
| self.OpenProcess.argtypes = [w.DWORD,w.BOOL,w.DWORD] | ||
| self.OpenProcess.restype = w.HANDLE | ||
|
|
||
| self.ReadProcessMemory = self.k32.ReadProcessMemory | ||
| self.ReadProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID,c.c_size_t,c.POINTER(c.c_size_t)] | ||
| self.ReadProcessMemory.restype = w.BOOL | ||
|
|
||
| self.WriteProcessMemory = self.k32.WriteProcessMemory | ||
| self.WriteProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID,c.c_size_t,c.POINTER(c.c_size_t)] | ||
| self.WriteProcessMemory.restype = w.BOOL | ||
|
|
||
| self.GetLastError = self.k32.GetLastError | ||
| self.GetLastError.argtypes = None | ||
| self.GetLastError.restype = w.DWORD | ||
|
|
||
| self.CloseHandle = self.k32.CloseHandle | ||
| self.CloseHandle.argtypes = [w.HANDLE] | ||
| self.CloseHandle.restype = w.BOOL | ||
|
|
||
| self.hProc = self.OpenProcess(self.access , False, self.pid) | ||
| if not self.hProc: | ||
| print('+ Failed To open a handle to the Target Process .') | ||
| exit(0) | ||
|
|
||
| def CheckLastError(self): | ||
| return self.GetLastError() | ||
|
|
||
| def DestroyHandle(self): | ||
| self.CloseHandle(self.hProc) | ||
| del self | ||
|
|
||
| def RPM(self, address, data): | ||
| ''' ReadProcessMemory''' | ||
| return self.ReadProcessMemory(self.hProc, address, c.byref(data) , c.sizeof(data), None) | ||
|
|
||
| def WPM(self, address, data): | ||
| ''' WriteProcessMemory ''' | ||
| return self.WriteProcessMemory(self.hProc, address, c.byref(data) , c.sizeof(data), None) | ||
|
|
||
| def __del__(self): | ||
| print(f"+ Instance {type(self).__name__} Destroyed .") | ||
|
|
||
|
|
||
|
|
||
| if __name__ == "__main__": | ||
| print('+ Please Intanciate the Class first .') | ||
| exit(0) |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| import sys | ||
| sys.path.append("..") | ||
| from BlackBone import PythonicBlackBone | ||
|
|
||
|
|
||
| # Intance of BlackBone python Classs | ||
| # Constructor Takes 2 Params ProcId and dwDesiredAccess (default = PROCESS_ALL_ACCESS ) | ||
| bb=PythonicBlackBone(4284) | ||
|
|
||
| # Address to read From | ||
| addr = 0x0063DE0C | ||
|
|
||
| # data is the Variable that will end up holding the Read Value from that address | ||
| # Tho, we need to Parse it to a C_TYPE in this case 'Double' you can find more on DataTypes | ||
| data = bb.ParseType(bb.DataTypes.DOUBLE.value) | ||
|
|
||
| # Result of ReadProcessMemory (Bool) | ||
| res = bb.RPM(addr , data) | ||
|
|
||
| print('+ RPM result: {} - err code: {}'.format(res,bb.CheckLastError())) | ||
| print('data: {}\n'.format(data.value)) | ||
|
|
||
| # in Case of WriteProcessMemory we can directly parse our value as a C_Type , simply pass it as the second param | ||
| # in this case we want to write 1.5 | ||
| _wdata = bb.ParseType(bb.DataTypes.FLOAT.value, 1.5) | ||
| res = bb.WPM(addr, _wdata) | ||
|
|
||
| print('+WPM result: {} - err code: {}'.format(res,bb.CheckLastError())) | ||
| print('data: {}'.format(_wdata.value)) | ||
|
|
||
| # This will CloseHandle , and Invoke the built in __del__ function . | ||
| bb.DestroyHandle() |