windows

This module contains classes functions and exceptions specific to Windows environments.

Classes

class WindowsProcess(pid=None, exe=None, handle=None, arch='x86', access=None)[source]

Bases: mayhem.proc.ProcessBase

This class represents a process in a Windows environment.

__init__(pid=None, exe=None, handle=None, arch='x86', access=None)[source]

Initialize self. See help(type(self)) for accurate signature.

allocate(size=1024, address=None, permissions=None)[source]

Allocate memory in the attached process. If permissions is not specified it will be the platform specific version of read, write and execute.

Parameters:
  • size (int) – The size of the space to allocate.
  • address (int) – The preferred address to allocate space at.
  • permissions (str) – The permissions to set in the newly allocated space.
close()[source]

Close the handle to the process and perform any necessary clean up operations. No further calls should be made to the object after this function is called.

free(address)[source]

Unallocate the memory at address.

Parameters:address (int) – The address to unallocate.
get_proc_attribute(attribute)[source]

Look up a platform specific attribute of the process. Valid values for attribute will be different depending on the class.

Parameters:attribute (str) – The attribute to look up.
install_hook(mod_name, new_address, name=None, ordinal=None)[source]

Install a hook to redirect execution from the specified function to new_address. Different platform implemenations of this function may not support both the name and ordinal parameters.

Parameters:
  • mod_name (str) – The module where the target function to hook resides.
  • new_address (int) – The address of the new code to be executed.
  • name (str) – The name of the function to hook.
  • ordinal (int) – The ordinal of the function to hook.
join_thread(thread_id)[source]

Wait for the thread described in thread_id to finish execution.

Parameters:thread_id (int) – The ID of the thread to wait for.
kill()[source]

Kill the process which is currently being manipulated.

load_library(libpath)[source]

Load the library specified by libpath into the address space of the attached process.

Parameters:libpath (str) – The path to the library to load.
protect(address, permissions=None, size=1024)[source]

Change the access permissions to the memory residing at address. If permissions is not specified it will be the platform specific version of read, write and execute.

Parameters:
  • address (int) – The address to change the permissions of.
  • permissions (str) – The permissions to set for address.
  • size (int) – The size of the space starting at address to change the permissions of.
read_memory(address, size=1024)[source]

Return the contents of memory at address.

Parameters:
  • address (int) – The location from which to read memory.
  • size (int) – The number of bytes to read.
Returns:

The contents of memory at address.
Return type:

str
start_thread(address, targ=None)[source]

Execute address in the context of a new thread.

Parameters:
  • address (int) – The entry point of the thread.
  • targ – The arguments to supply for the thread.
Returns:

A platform specific thread identifier.
write_memory(address, data)[source]

Write arbitrary data to the processes memory.

Parameters:
  • address (int) – The location to start writing to.
  • data (str) – The data to write into memory.

Exceptions

exception WindowsProcessError(*args, **kwargs)[source]

Bases: mayhem.proc.ProcessError

args
with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.