Skip to content

Android Memory Tools written in python for RAM data reading and writing process of android, linux and windows os's.

License

Notifications You must be signed in to change notification settings

Anonym0usWork1221/android-memorytool

AndroidMemoryTool

PyPI - Version PyPI - Downloads GitHub stars GitHub forks GitHub issues GitHub watchers Python GPT_LICENSE code size




AndroidMemoryTool: A Powerful Memory Reader and Writer Tool for Android, Linux, and Windows Operating Systems

AndroidMemoryTool is a sophisticated memory manipulation tool meticulously crafted for use on Android, Linux, and Windows operating systems. This versatile tool is meticulously coded in Python, utilizing ctypes and struct datatypes, ensuring efficiency comparable to C.

Our commitment to excellence extends to our support system. If you encounter any bugs or non-functional features, please do not hesitate to contact us. Your feedback is invaluable in our pursuit of continuous improvement.

GNU General Public License
Copyright (c) 2023 AbdulMoez


Note

1. This documentation is for 0.6 version (UPDATED)
2. You can find old version on pypi if you want to use them
3. For Linux and Android Users use 0.6.3 Build other wise you will get PID error
4. Fow now please calculate the windows pointer addresses manually this tool does not have feature to calculate pointer for windows yet.

Version 0.6.3

-----------------------------------------MODIFICATION LOG--------------------------------------------------

1. Added Support for Windows OS (while maintaining compatibility with existing API calls).
2. Introduced a Robust Memory Profiler capable of threshold-based memory leak and churn detection using process IDs.
3. Customizability of the Memory Profiler has been enhanced (Please refer to the documentation for details).
4. Introduced several static methods, including:
  - get_developer
  - get_version_code
  - get_cpu_counts
  - get_platform
  - is_root_acquired
5. We are pleased to announce the addition of group search support with a new parameter, "is_grouped," 
   which can be set to True. This enhancement allows users to perform grouped searches effectively and efficiently. 
   By default, the value of the range is set to 512, aligning with the capabilities of Game Guardian.

6. We have recently introduced two new error classes to enhance the functionality of our memory tool: 
   WINAPIException and PIDException. These additions further bolster our product's robustness and error-handling 
   capabilities, ensuring a more seamless and reliable user experience.
7. We've meticulously updated and expanded our documentation to ensure that it's more informative, user-friendly, 
   and grammatically impeccable than ever before.
--------------------------------------------TO-DO LIST----------------------------------------------------

1. FIXME: Resolve the speed mode bug on Windows OS.
2. TODO: Implement Reverse Engineering Support for offline binaries using renowned disassemblers such as Capstone, 
         Keystone, and R2pipe.
3. TODO: Add Assembly support for runtime memory reading and writing.
4. TODO: Incorporate wildcard support in Windows API.
5. TODO: Expand the functionality with additional API handling methods.

----------------------------------------SUGGESTIONS-------------------------------------------------------

Your valuable suggestions are welcome through either direct messages or our Discord server.

-------------------------------------------NOTICE--------------------------------------------------------

This update has significantly increased the complexity of the Memory Tool, making it increasingly challenging for a 
single individual to manage its development. Therefore, we warmly welcome contributions from anyone interested in 
collaborating on its further enhancement.

Supported Platforms

  • Windows Support (Started from 0.6 Version)
  • Linux Support (Started From 0.2 Version)
  • Android Support (Started From 0.1 Version)

Supported ByteOrders

  • Little-Endian
  • Big-Endian

Tested Platforms

Our tool has been rigorously tested and proven to run seamlessly on the following platforms:

  • Windows 11 (64-bit)
  • Linux - Kali Linux (64-bit)
  • Android - Xiaomi 11T (Termux, 64-bit, Android 13)

Rest assured, our commitment to compatibility ensures a smooth and efficient user experience across these platforms.


Requirements

  • Python 3.5+
  • Android Requirements: Rooted Device Required
  • Linux Requirements: Root access may be necessary on certain Linux platforms.
  • Windows Requirements: Administrator permissions required

Dependencies

  • Pip Dependencies (Automatically Installed in Requirements): psutil

Installation

  1. Installation via Pip for Easy Integration into Your Project
    To effortlessly incorporate the Android Memory Tool into your project, execute the following pip command:

    pip install androidMemoryTool==0.6.3

  2. Installation by Cloning the Repository and Running Commands
    Alternatively, you can acquire the Android Memory Tool by cloning the GitHub repository and executing the subsequent commands:

    git clone https://github.com/Anonym0usWork1221/android-memorytool/tree/main
    cd android-memorytool
    pip install .

  3. Project live at
    PyPi-0.6.3

Utilize our cutting-edge Memory Tool, replete with intricate examples, readily accessible within the designated folder. Access Android-Py-Cheats-Script @ 723ca6b.


Video Demo - 0.6

Video Demo


Documentation

  • Getting Process ID
    To obtain the Process ID (PID) of a target process, you can use the following code snippet:
from androidMemoryTool import AndroidMemoryTool
# Initialize the tool and set the speed_mode to off for Windows in this version only.
tool = AndroidMemoryTool(PKG="ac_client")
pid = tool.get_pid()
print(pid)
  • Getting Module Base
    To retrieve the base address of a specific module in the target process, you can use the following code snippet:
from androidMemoryTool import AndroidMemoryTool

tool = AndroidMemoryTool(PKG="ac_client")
base_addr = tool.get_module_base_address("client.so")
print(base_addr)
  • Searching and Reading Process Memory
    To search for a specific value in the process memory and read the results, use the following code:
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

# Initialize the tool and set the speed_mode to off for Windows in this version only.
tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe",
                         SPEED_MODE=False,
                         TYPE=DataTypes.DWORD,
                         WORKERS=AndroidMemoryTool.get_cpu_counts(fraction=2),
                         pMAP=PMAP(ALL=True)
                         )
# Search for a value in the entire memory.
values = tool.read_value(100)
founded_offsets = values[0]
founded_values = values[1]
print(founded_values)
print(founded_offsets)
  • Searching and Writing Process Memory
    You can search for a specific value in the process memory and replace it with a new value using the following code:
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

# Initialize the tool and set the speed_mode to off for Windows in this version only.
tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe",
                         SPEED_MODE=False,
                         TYPE=DataTypes.DWORD,
                         WORKERS=AndroidMemoryTool.get_cpu_counts(fraction=2),
                         pMAP=PMAP(ALL=True)
                         )
# Search for all values and replace them with a new value.
values1 = tool.read_write_value(100, 10)
print(values1)
  • Reading Address Value
    To read the value at a specific memory address, use the following code:
from androidMemoryTool import AndroidMemoryTool, DataTypes

tool = AndroidMemoryTool(PKG="ac_client",
                         TYPE=DataTypes.DWORD
                         )
base_addr = tool.get_module_base_address("client.so")
values1 = tool.read_lib(base_addr, '0xfff150d')
print(values1)
  • Writing Address Value
    To write a value to a specific memory address, use the following code:
from androidMemoryTool import AndroidMemoryTool, DataTypes

tool = AndroidMemoryTool(PKG="ac_client", TYPE=DataTypes.DWORD)
base_addr = tool.get_module_base_address("client.so")
values1 = tool.write_lib(base_addr, '0xfff150d', 58)
print(values1)
  • Raw Dump Process Memory
    You can dump the memory of a process using the following code:
from androidMemoryTool import AndroidMemoryTool

tool = AndroidMemoryTool(PKG="ac_client")
dump = tool.raw_dump(lib_name='client.so', path='./')
print(dump)
  • Address Refiner
    To refine addresses based on a value, use the following code:
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe",
                         SPEED_MODE=False,
                         TYPE=DataTypes.DWORD,
                         WORKERS=AndroidMemoryTool.get_cpu_counts(fraction=2),
                         pMAP=PMAP(ALL=True)
                         )
values = tool.read_value(100)
founded_offsets = values[0]
refined_address = tool.refiner_address(list_address=founded_offsets, value_to_refine=50)
print(refined_address)
  • Finding Hex Patterns (Linux and Android only)
    To locate hex patterns in memory, use the following code (Linux and Android only):
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe",
                         SPEED_MODE=False,
                         TYPE=DataTypes.DWORD,
                         WORKERS=AndroidMemoryTool.get_cpu_counts(fraction=2),
                         pMAP=PMAP(ALL=True)
                         )
found_pattern = tool.find_hex_pattern("87 ?? 2B")
for index in range(0, len(found_pattern[0])):
    print(f"{found_pattern[0][index]}: {found_pattern[2][index]}")
print(f"Total Pattern found: {found_pattern[1]}")
  • Finding and Replacing Hex Patterns (Linux and Android only)
    To find and replace hex patterns in memory, use the following code (Linux and Android only):
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe",
                         SPEED_MODE=False,
                         TYPE=DataTypes.DWORD,
                         WORKERS=AndroidMemoryTool.get_cpu_counts(fraction=2),
                         pMAP=PMAP(ALL=True)
                         )
found_pattern = tool.find_and_replace_hex_pattern("87 ?? 2B", "87 1D 2B")
for index in range(0, len(found_pattern[0])):
    print(f"{found_pattern[0][index]}: {found_pattern[2][index]}")
print(f"Total Pattern found and replaced: {found_pattern[1]}")
  • Dumping Memory Maps
    You can dump the memory maps of a process using the following code:
from androidMemoryTool import AndroidMemoryTool

tool = AndroidMemoryTool(PKG="ac_client")
is_dumped = tool.dump_maps(path="./")
print(is_dumped)
  • Group Search
    Perform a group search to read and modify multiple values at once in specific range:
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe",
                         SPEED_MODE=False,
                         TYPE=DataTypes.DWORD,
                         WORKERS=AndroidMemoryTool.get_cpu_counts(fraction=3),
                         pMAP=PMAP(ALL=True)
                         )
values = tool.read_value(read=[1000, 100], is_grouped=True, range_val=510)
for value in values[0]:
    tool.write_lib(value, '0x0', 1000)
print(f"Total Values Modified: {values[1]}")
  • Prebuilt Memory Profiler
    Utilize the prebuilt Memory Profiler to analyze memory usage:
from androidMemoryTool import AndroidMemoryTool

tool = AndroidMemoryTool(PKG="Tutorial-x86_64.exe")
memory_profiler = tool.get_memory_profiler()
memory_profiler.start_profiling(logging=False)
  • Static Methods
    The AndroidMemoryTool also provides static methods for various functionalities:
from androidMemoryTool import AndroidMemoryTool

# Get the name of the developer
print(AndroidMemoryTool.get_developer())

# Get the version code of the tool
print(AndroidMemoryTool.get_version_code())

# Get the number of CPU cores available on your device (can specify a fraction)
print(AndroidMemoryTool.get_cpu_counts())

# Get the platform the script is running on (Linux, Android, Windows)
print(AndroidMemoryTool.get_platform(verbose=True))

# Check if the script is running on a rooted terminal or non-rooted
print(AndroidMemoryTool.is_root_acquired())

Error Handling Enhancements

We have introduced new error handling classes to enhance the robustness of our code. These error handling classes will help you better manage and troubleshoot issues that may arise during the execution of your code.

  • PIDException:
    The PIDException is raised when there is an issue with connecting to the specified process. This error message provides valuable information to help you diagnose and resolve the problem efficiently.
try:
    from androidMemoryTool import AndroidMemoryTool, PIDException
    tool = AndroidMemoryTool(PKG="ac_client")
except PIDException as e:
    print(f"An error occurred while trying to connect to the process: {e}")
  • WINAPIException (Only occur on Windows):
    The WINAPIException is specific to Windows environments and is raised when an error occurs during a read operation. This error message provides detailed information about the issue encountered during the reading process, making it easier for you to pinpoint and rectify the problem.
try:
    from androidMemoryTool import AndroidMemoryTool, WINAPIException
    tool = AndroidMemoryTool(PKG="ac_client")
    tool.read_value(read="some_wrong_value")
except WINAPIException as e:
    print(f"An error occurred while reading a value: {e}")

Android Memory Tool CLI Documentation

CLI Documentation Relocated: The CLI documentation has been relocated to the Documentation folder. You can access it by visiting the AndroidMemoryToolCLIDOCS on GitHub.


Custom Android Memory Profiling Documentation

You can make custom Profiling tools by going to MemoryProfilerDOCS on GitHub.


Comprehensive Documentation

For in-depth and comprehensive documentation, please refer to the following link: Comprehensive Documentation


Troubleshooting Errors

  • Windows ERROR ON SPEED_MODE
    An issue has been identified on Windows systems related to the SPEED_MODE option, which may result in the application getting stuck in a thread indefinitely. As a temporary solution, we recommend disabling the SPEED_MODE for Windows.

Some other known errors and their solutions can be found here


Supported Data Types (For all Linux, Android and Windows)

All data types are signed.

Range Name Type Bytes
-2,147,483,648 to 2,147,483,647 DWORD signed int 4
3.4E +/- 38 (7 digits) FLOAT float 4
1.7E +/- 308 (15 digits) DOUBLE double 8
-32,768 to 32,767 WORD signed short int 2
-128 to 127 BYTE signed char 1
-9,223,372,036,854,775,808 to 9,223,372,036,854,775,807 QWORD signed long long 8
-2,147,483,648 to 2,147,483,647 XOR signed long 4
Random UTF_8 char[] Random
Random UTF_16LE char[] Random

Supported Map Ranges (Linux and Android only)

Script Name Name Description
ALL Whole Memory Whole Memory of current process (slow)
C_ALLOC C++ alloc RAM c++ Allocated memory
A_ANONYMOUS Anonymous Range with r-w access only
CODE_APP Code App shared libs memory (dangerous)
JAVA_HEAP Java Heap Java heap
C_HEAP C++ Heap Heap memory of cpp
C_DATA C++ .data .Data Memory
C_BSS C++ .bss .bss section memory
J_Java Java Java memory section
STACK Stack Stack Memory
ASHMEM Ashmen Ashmen Memory
V_video Video Video memory range
B_Bad Bad Bad Memory (dangerous)
CODE_SYSTEM Code system Code system memory (dangerous)

Contributor


Support and Contact Information

If you require any assistance or have questions, please feel free to reach out to me through the following channels:

I have also established a dedicated Discord group for more interactive communication:

  • Discord Server: https://discord.gg/RMNcqzmt9f

Buy Me a coffee

If you'd like to show your support and appreciation for my work, you can buy me a coffee using the following payment option:

Payoneer: [email protected]

Your support is greatly appreciated and helps me continue providing valuable assistance and resources. Thank you for your consideration.