-
-
Notifications
You must be signed in to change notification settings - Fork 424
Dev_Python
This section relates to integration python plugin functionality in the Memory Process File System - for including the Memory Process File System in stand alone applications and scripts please check out the Python API section.
Python plugin functionality requires that the Memory Process File System is able to access a Python 3.6 installation - either an embedded Python in the python36 sub-directory or on the system path.
Creating a minimal plugin is as simple as dropping a python module called pym_* in the plugins directory. Please see the example Python plugin/module pym_procstruct for how to do this.
The Python plugin module should make the Initialize and Close functions available in its init.py file - like in the example below:
init.py:
from plugins.pym_testmodule.pym_testmodule import (
Initialize,
Close,
)
__all__ = [
"Initialize",
"Close",
]pym_testmodule.py:
from vmmpy import *
from vmmpycc import *
def Callback_List(pid, path):
# not part of example - please see pym_procstruct.py for example info.
pass
def Callback_Read(pid, path, bytes_length, bytes_offset):
# not part of example - please see pym_procstruct.py for example info.
pass
def Callback_Write(pid, path, bytes_data, bytes_offset):
# not part of example - please see pym_procstruct.py for example info.
pass
def Initialize(target_system, target_memorymodel):
# Check that the operating system is 32-bit or 64-bit Windows. If it's not
# then raise an exception to terminate loading of this module.
if target_system != VMMPY_SYSTEM_WINDOWS_X64 and target_system != VMMPY_SYSTEM_WINDOWS_X86:
raise RuntimeError("Only Windows is supported by the pym_procstruct module.")
# Register a directory with the VmmPyPlugin plugin manager. The directory
# is a non-root (i.e. a process) directory and have a custom List function.
VmmPyPlugin_FileRegisterDirectory(False, 'procstruct', Callback_List)
# alternatively: register a file (in or not in a sub-directory to /py/) with the
# python plugin manager. Necessary sub-directories will be created if required.
VmmPyPlugin_FileRegister(False, 'testdir/testfile.txt', 4096, Callback_Read, Callback_Write)Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖