Python 3 compatibility fixes

[matslindh]

This set of patches makes the basic functionality of memorpy work under python 3 on Windows. I've not tested it with python 2 - so there probably needs to be a few extra try/catch-es or a dependency on six.

As the platform I had this need on is Windows, I haven't tested the Linux (or other OS-es) compatibility either.

Consider this a starting PR that can be updated with other patches to make memorpy both 2 and 3 compliant.

[AlessandroZ]

I'm interested about this PR as well because I'm trying to update all my tools to python3 (but keeping the portability to python 2).

I think this PR should work in python 2 as well except for the line 108 and 109. I had the same problem that I solved like that.

Thanks for the merge :)

[matslindh]

@AlessandroZ If you have a patch I can apply I can make it part of the PR (.. or if you have commit access you can push it directly to my branch).

[AlessandroZ]

• Import sys
• Get python version used
• Where you removed the ord() function to work with python 3, call (like this - use another name if you want) a custom function which keeps the ord function for python 2 version like this one.
• Do exactly the same thing for the ch function here where nothing is done if python 2 is used otherwise ch is called:

def char(byte):
	if python_version == 2:
		return byte
	else:
		return chr(byte)

Should be ok like that.

[Strangemother]

I can't state if this is a complete fix for py3, but all the changes here look good and relative to python 3 changes.

*Edit:

So I ran the code from matslindh/memorpy and I get an error when running the given example. Probably a bit more byte coding needed somewhere:

(env3) XX\memorpy>python
Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:54:40) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import memorpy
>>> from memorpy import *
>>> mw = MemWorker(pid=11644)
>>> l=[x for x in mw.umem_search("cheese")]
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 1, in <listcomp>
  File "XX\memorpy\memorpy\MemWorker.py", line 68, in umem_search
    for _, i in self.mem_search(str(regex), ftype='re'):
  File "XX\memorpy\memorpy\MemWorker.py", line 221, in mem_search
    for res in func(b, value, offset):
  File "XX\memorpy\memorpy\MemWorker.py", line 94, in parse_re_function
    for res in regex.finditer(b):
TypeError: cannot use a string pattern on a bytes-like object
>>>

Python 2.7 works as expected:

$>python
Python 2.7.11rc1 (v2.7.11rc1:82dd9545bd93, Nov 21 2015, 23:25:27) [MSC v.1500 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import memorpy
>>> from  memorpy import *
>>> mw = MemWorker(pid=11644)
>>> l=[x for x in mw.umem_search("cheese")]
>>> l
[<Addr: 0x0027CCFE>]
>>>

[AlessandroZ]

Change here and here to:

for res in func(b.decode('latin'), value, offset):
    yield res

If you put decode() or decode('utf-8'), you could have lots of decoding error problems. 'latin' is safer.

[matslindh]

@AlessandroZ It'd be great if you could submit a patch with your discoveries; I don't have the time right now to hunt down each line based on your descriptions. If you're already modifying the code, clone the PR and include the patch here and I'll add it to the PR (if you don't have maintainer access - in that case you can push directly to my branch).

[IsmailAlaouiAbdellaoui]

I did the change @AlessandroZ suggested from matslindh/memorpy, then I have the following error :

File "D:/test.py", line 64, in <module>
  mw=MemWorker(pid=8808)

File "D:\Users\Miniconda3\lib\site-packages\memorpy-1.7-py3.6.egg\memorpy\MemWorker.py", line 35, in __init__
  self.process = Process.Process(name=name, pid=pid, debug=debug)

AttributeError: type object 'WinProcess' has no attribute 'Process'

Can someone point me out to a fully functional Python 3 repo ?

[Strangemother]

Process.Process isn't valid. It should be multiprocessing.Process

[IsmailAlaouiAbdellaoui]

Ok I actually got it running. Thanks btw. But then I have another issue. When I write this code :

mw=MemWorker(pid=6008)
lo=Locator(mw)
lo.feed(4) #line where error is detected

The following error is returned :

  File "D:\Users\Miniconda3\lib\site-packages\memorpy-1.7-py3.6.egg\memorpy\MemWorker.py", line 128, in parse_any_function
    index = b.find(value)

TypeError: must be str, not bytes

[ghost]

any updates/fixes?

[matslindh]

I'm guessing you're gonna have to get it further yourself; I currently have no interest in pursuing it further as our use case is currently inactive.

[ghost]

bummer, this would have been a great tool for analyzing malware

[matslindh]

My comment was in relation to this specific PR - the library itself might be moving forward (although it seems rather abandoned based on when it was last updated).