For training I decided to try to write a simple cheat. Because Cheats for CS: GO are very many guides, then the choice fell on her.

I try to connect to the DLL to modify the process memory. I found this code in Google:

pm = pymem.Pymem("csgo.exe") client = client = pymem.process.module_from_name(pm.process_id, "client_panorama.dll")

But the client is assigned the value None, while everything else works. Perhaps the reason is that the process is 32 bits, and the python is 64?

What are some ways to find the address of a process DLL by python?

Python version - 3.6, system - Windows 10 x64, pymem version is the latest from pip.

    1 answer 1

    I can not say anything about pymem, I have never used it, but I know that the memory of another process can be modified using ctypes :

    memchange.py

     import sys import ctypes import ctypes.wintypes as wintypes PROCESS_ALL_ACCESS = 0x1F0FFF kernel32 = ctypes.windll.kernel32 kernel32.OpenProcess.restype = wintypes.HANDLE kernel32.OpenProcess.argtypes = [ wintypes.DWORD, wintypes.BOOL, wintypes.DWORD ] kernel32.CloseHandle.restype = wintypes.BOOL kernel32.CloseHandle.argtypes = [ wintypes.HANDLE ] kernel32.WriteProcessMemory.restype = wintypes.BOOL kernel32.WriteProcessMemory.argtypes = [ wintypes.HANDLE, wintypes.LPVOID, wintypes.LPCVOID, ctypes.c_size_t, ctypes.POINTER(ctypes.c_size_t) ] pid = int(sys.argv[1]) addr = int(sys.argv[2], 16) val = 42 buf = (val).to_bytes(4, byteorder='little') buf_ptr = ctypes.c_char_p(buf) ph = kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, pid) kernel32.WriteProcessMemory(ph, addr, buf_ptr, len(buf), None) kernel32.CloseHandle(ph)

    For brevity, all checks are thrown out of the code.

    • Thank you very much! But can I have a couple more questions? 1. Is there an example of how to change the memory of the DLL, and not the main process? 2. Why is the variable PROCESS_ALL_ACCESS = 0x1F0FFF ? 3. For pid, you do not need to additionally receive the base address or something? - Alexey Petrodiy
    • 1. No different 2. To transfer it to WinAPI OpenProcess call 3. No - Sergey Gornostaev 2:46
    • I'll try your way, thanks! - Alexey Petrodiy