invade

Release 0.0.6

A library for interacting with Windows process memory

Homepage PyPI Python

License
MIT
Install
pip install invade==0.0.6

Documentation

Invade

Invade

Invade is a Python 3 library for interacting with Windows processes. Common uses: software security and malware research, reverse engineering, and PoCs.

https://github.com/cgio/invade

https://pypi.org/project/invade

There are four classes in main.py:

  • Me: for operating environment info
  • Scout: for process discovery
  • Target: for target process info
  • Tool: for main operation

Common use case overview:

  1. Create an instance of Me and check the operating environment for compatibility.
  2. Use Scout to get a list of active processes and the desired PID (process identifier).
  3. Instantiate Target using the PID obtained by Scout.
  4. Check Target instance properties for information about the target process.
  5. Interact with the target process using Tool methods.

Another common use case is Invade's relatively fast byte pattern search with wildcard support. Operation is similar to IDA's "sequence of bytes" search. Use Tool.search_file_pattern() to search through a file on disk.

Tool.memory_read_pointers() is also useful. With it, you can read through a series of dynamically allocated memory pointers in another process. The method accepts a string containing a start address and relative pointers with common arithmetic operators.

Refer to main.py for additional information and usage instructions.

Refer to RELEASE.md for release notes.

Installation

Python 3.6+ is required

pip install invade

Install Keystone for Python. See Python module for Windows - Binaries.

Install Capstone for Python. See Python module for Windows - Binaries.

Files

Inside /invade:

  • main.py: contains all main code and classes
  • winapi.py: contains Windows API code
  • version.py: contains version information

Example Projects

Authors

Chad Gosselin (https://github.com/cgio)

Credits

Thank you to the following projects:

License

This project is licensed under the MIT License. See LICENSE.md for details. This project is for educational purposes only. Use at your own risk.

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
2
Forks
0
Watchers
1
Contributors
1
Repository size
44.9 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.6
0.0.5
0.0.4
0.0.3
0.0.2

Contributors

Chad G.


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-16 16:33:58 UTC

Login to resync this project