Memory

Memory

class revenge.memory.Memory(engine)[source]

Bases: object

Class to simplify getting and writing things to memory.

Examples

# Read a signed 8-bit int from address
memory[0x12345].int8

# Returns MemoryBytes object for memory
memory[0x12345:0x12666]

# Write int directly to memory
memory[0x12345] = types.Int8(12)

# Write string directly to memory
memory[0x12345] = types.StringUTF8("hello!")
alloc(size)[source]

Allocate size bytes of memory and get a MemoryBytes object back to use it.

Parameters

size (int) – How many bytes to allocate.

Returns

Object for the new memory location.

Return type

revenge.memory.MemoryBytes

alloc_string(s, encoding='latin-1')[source]

Short-hand to run alloc of appropriate size, then write in the string.

Parameters

  • s (bytes, str) – String to allocate

  • encoding (str, optional) – How to encode the string if passed in as type str.

alloc_struct(struct)[source]

Short-hand to alloc appropriate space for the struct and write it in.

Parameters

struct (revenge.types.Struct) – The struct to write into memory.

Returns

The original struct, but now bound to the new memory location.

Return type

revenge.types.Struct

describe_address(address, color=False)[source]

Takes in address and attempts to return a better description of what’s there.

Parameters

  • address (int) – What address to describe

  • color (bool, optional) – Should the description be colored? (default: False)

Returns

description of the address

Return type

str

find(*args, **kwargs)[source]

Search for thing in memory. Must be one of the defined types.

property maps

Return a list of memory ranges that are currently allocated.

MemoryBytes

class revenge.memory.MemoryBytes(engine, address, address_stop=None)[source]

Bases: object

Abstracting what memory location is.

Parameters

  • engine (revenge.engines.Engine) – The engine this is tied to.

  • address (int) – Starting address of the memory location.

  • address_stop (int, optional) – Optional stopping memory location.

Examples

# Trace specifically the function "win"
win = process.memory['a.out:win']
trace = process.techniques.NativeInstructionTracer(exec=True)

# This will populate the trace
win("input", techniques=trace)
print(trace)
property address

Address of this MemoryBytes.

Type

Pointer

property address_stop

Stop address of this MemoryBytes.

Type

Pointer

property argument_types

Returns the registered arguments types for this function or None if none have been found/registered.

Type

tuple

property breakpoint

Does this address have an active breakpoint?

Type

bool

property bytes

Return this as raw bytes.

Type

bytes

cast(cast_to)[source]

Returns this memory cast to whatever type you give it.

Examples

ptr = memory.cast(types.Pointer)

struct = types.Struct()
struct.add_member('my_int', types.Int)
struct.add_member('my_pointer', types.Pointer)
struct = memory.cast(struct)
property double

Read as double val

property float

Read as float val

free()[source]

bool: Free this memory location. This is only valid if this memory location has been allocated by us.

property implementation
property instruction

Returns an assembly instruction parsed from what is in memory at this location.

Type

AssemblyInstruction

property instruction_block

Returns an AssemblyBlock starting at this instruction.

Type

AssemblyBlock

property int16

Signed 16-bit int

property int32

Signed 32-bit int

property int64

Signed 64-bit int

property int8

Signed 8-bit int

property name

Descriptive name for this address. Optional.

Type

str

property pointer

Read as pointer val

property replace
property replace_on_message

Optional callable to be called if/when something inside the function replace sends data back.

Example

# If you just wanted to print out the messages that came back
def on_message(x,y):
    print(x,y)

strlen.replace_on_message = on_message
Type

callable

property return_type

What’s the return type for this? Only valid if this is a function.

property size

Size of this MemoryBytes. Only valid if it was generated as a slice, alloc or something else that has known size.

Type

int

property string_ansi

Read as ANSI string

property string_utf16

Read as utf-16 string

property string_utf8

Read as utf-8 string

property struct

Write as a struct.

Example

struct = types.Struct()
struct.add_member('test1', types.Int32(-5))
struct.add_member('test2', types.Int8(-12))
struct.add_member('test3', types.UInt16(16))
process.memory[0x12345].struct = struct

# Or
process.memory[0x12345] = struct
property uint16

Unsigned 16-bit int

property uint32

Unsigned 32-bit int

property uint64

Unsigned 64-bit int

property uint8

Unsigned 8-bit int

MemoryRange

class revenge.memory.MemoryRange(engine, base, size, protection, file=None)[source]

Bases: object

property base

Base address for this range.

Type

int

property executable

Is this range executable?

Type

bool

property file

File backing this memory range, or None.

Type

str

property file_offset

Offset into backing file or None.

Type

int

property protection

Protection for this range.

Type

str

property readable

Is this range readable?

Type

bool

set_protection(read, write, execute)[source]

Sets the protection for this memory page.

Parameters

  • read (bool) – Allow read?

  • write (bool) – Allow write?

  • execute (bool) – Allow execute?

This will call appropriate mprotect or similar. This can be done implicitly from the .protection property.

property size

Size for this range.

Type

int

property writable

Is this range writable?

Type

bool

MemoryFind

class revenge.memory.MemoryFind(engine, thing, ranges=None)[source]

Bases: object

property completed

Is this search completed?

Type

bool

property ranges
property search_string

The search string for this thing.

sleep_until_completed()[source]

This call sleeps and only returns once the search is completed.

property thing

What we’re looking for.