memory_server/sample.py at main · gmh5225/memory_server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
import requests
import time

### Setting ####
base_url = "http://192.168.11.18:3030"  # Replace with the actual URL
target_processname = "SurvivalShooter"  # Replace with processname


def get_processid_by_name(name):
    enumprocess_url = f"{base_url}/enumprocess"
    enumprocess_response = requests.get(enumprocess_url)
    if enumprocess_response.status_code == 200:
        process_list = enumprocess_response.json()
        pids = (
            process["pid"] for process in process_list if process["processname"] == name
        )

        pid = list(pids)[0]
        return pid
    else:
        print(f"Failed to enumerate process:{enumprocess_response.content.decode()}")
        return False


def openprocess(pid):
    open_process_url = f"{base_url}/openprocess"
    open_process_payload = {"pid": pid}
    open_process_response = requests.post(
        open_process_url, json=open_process_payload, proxies={}
    )

    if open_process_response.status_code == 200:
        print(f"Process {pid} opened successfully")
    else:
        print(f"Failed to open process {pid}:{open_process_response.content.decode()}")
        return False


def get_address_ranges(protection):
    enum_regions_url = f"{base_url}/enumregions"
    enum_regions_response = requests.get(enum_regions_url)
    if enum_regions_response.status_code == 200:
        regions = enum_regions_response.json()["regions"]
        address_ranges = []
        for region in regions:
            _protection = region["protection"]
            if protection in _protection:
                start_address = int(region["start_address"], 16)
                end_address = int(region["end_address"], 16)
                address_ranges.append((start_address, end_address))
        return address_ranges
    else:
        print(f"Enumerate regions failed:{enum_regions_response.content.decode()}")
        return False


def find(pattern, address_ranges, is_regex=False, return_as_json=False):
    memory_scan_url = f"{base_url}/memoryscan"
    memory_scan_payload = {
        "pattern": pattern,
        "address_ranges": address_ranges,
        "is_regex": is_regex,
        "return_as_json": return_as_json,
    }

    start = time.time()
    memory_scan_response = requests.post(memory_scan_url, json=memory_scan_payload)
    end = time.time()
    network_time = end - start

    if memory_scan_response.status_code == 200:
        result = memory_scan_response.json()
        print(f"Pattern found {result['found']} times")
        print(f"Network time: {network_time}")
        return result
    else:
        print(f"Memory scan failed:{memory_scan_response.content.decode()}")
        return False


def filter(pattern, is_regex=False, return_as_json=False):
    memory_filter_url = f"{base_url}/memoryfilter"
    memory_filter_payload = {
        "pattern": pattern,
        "is_regex": is_regex,
        "return_as_json": return_as_json,
    }

    start = time.time()
    memory_filter_response = requests.post(
        memory_filter_url, json=memory_filter_payload
    )
    end = time.time()
    network_time = end - start

    if memory_filter_response.status_code == 200:
        result = memory_filter_response.json()
        print(f"Pattern found {result['found']} times")
        print(f"Network time: {network_time}")
        return result
    else:
        print(f"Memory filter failed:{memory_filter_response.content.decode()}")
        return False


pid = get_processid_by_name(target_processname)
if openprocess(pid) != False:
    address_ranges = get_address_ranges("rw")
    # Find url as regex
    url_regex = "https?://[\w/:%#\$&\?\(\)~\.=\+\-]+"
    ret = find(url_regex, address_ranges, True, True)
    if ret != False:
        print(f"found:{ret['found']}")
        for r in ret["matched_addresses"]:
            print(f"Address:{hex(r['address'])}　{bytes.fromhex(r['value']).decode()}")

    # Find integer value
    value = input(">input integer number:")
    pattern = int.to_bytes(int(value), 4, "little").hex()

    ret = find(pattern, address_ranges)
    if ret != False:
        value = input(">next:input integer number:")
        pattern = int.to_bytes(int(value), 4, "little").hex()
        filter(pattern)