{ "info": { "author": "David Kaplan <@depletionmode>", "author_email": "", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Win32 (MS Windows)", "License :: OSI Approved :: MIT License", "Operating System :: Microsoft :: Windows :: Windows 10", "Programming Language :: Python :: 3" ], "description": "===================================================\ndivination - Windows iospace and physmem inspection\n===================================================\n\n\n.. image:: https://img.shields.io/pypi/v/divination.svg\n :target: https://pypi.python.org/pypi/divination\n\nOverview\n--------\n\n*divination* is a python package that exposes a simple interface for transacting \nwith physical memory and IO space on Windows (10+). \n\nIO and physical memory regions are mapped into the usermode process and are \nread directly with the assistance of pywin32 memory primitives.\n\nThe module requires a resident kernel-mode driver.\n\nFeatures\n--------\n\n* Reading PCI configuration space\n* Reading MSRs (writing MSRs currently unimplemented)\n* Mapping and RW from/to IO regions\n* Mapping and RW from/to physical memory regions (currently unimplemented)\n\nDependencies\n------------\n\n* pywin32\n\nInstallation\n------------\n\nPython module\n^^^^^^^^^^^^^\n\nThe python module is available off PyPI:\n\n pip install divination\n\nKernel module\n^^^^^^^^^^^^^\n\nThe required KMDF driver can be built by installing VS, SDK + WDK and \nrunning msbuild under the `native/driver `_ directory from within the VS Developer \nCommand Prompt.\n\nPlease **do not (non-test-)sign** this kernel module; we do not want to further enable attackers!\nUnless a restrictive DeviceGuard policy is employed, enabling testsigning should be sufficient to allow the driver to run:\n\n bcdedit /set testsigning on ; shutdown -f -t 0 -r\n\nUsage\n-----\n\nThere are currently 3 classes available: PciDevice, Msr and MemoryObject. \nExamples follow for usage of each.\n\n* PciDevice(bus, device, function)\n\n >>> amd_lpc = PciDevice(0, 0x14, 3) # LPC Bridge @ D14F3\n >>> hexdump.hexdump(amd_lpc.read_cfg()) \n 00000000: 22 10 0E 79 0F 00 20 02 51 00 01 06 00 00 80 00 \"..y.. .Q.......\n 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 62 14 37 7C ............b.7|\n 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000040: 04 00 00 00 40 C0 03 20 07 FF 20 03 00 00 00 00 ....@.. .. .....\n 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000060: 00 00 00 00 40 16 00 0A 00 00 0F 00 00 FF FF FF ....@...........\n 00000070: 67 45 23 00 08 00 00 00 90 02 00 00 07 0A 00 00 gE#.............\n 00000080: 08 00 03 A8 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000090: E0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 000000A0: 02 00 C1 FE 2F 01 00 00 00 00 00 00 00 00 00 00 ..../...........\n 000000B0: 00 00 00 00 00 00 00 00 04 00 E9 3F 00 00 00 00 ...........?....\n 000000C0: 00 00 00 00 00 00 00 00 00 00 00 80 00 00 F7 FF ................\n 000000D0: 86 FF FD 08 42 00 00 00 00 00 00 00 00 00 00 00 ....B...........\n 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n\n* Msr(register)\n\n >>> amd_hwcr = Msr(0xc0010015)\n >>> hex(amd_hwcr.read()) \n '0x89000111'\n\n* MemoryObject(base_address, range, mem_type, alloc=False)\n\n >>> spi_bar = MemoryObject(0xfec10000, 0x100, MemoryType.IoSpace)\n >>> hexdump.hexdump(spi_bar[0:]) # MemoryObjects are sliceable and can be read from + written to\n 00000000: 05 21 CC 4F 00 00 00 00 00 00 00 00 6A 00 00 02 .!.O........j...\n 00000010: 06 20 04 04 06 04 9F 05 03 0B 0A 02 FF 98 06 02 . ..............\n 00000020: 13 07 33 10 08 20 20 20 0C 14 06 0E C0 54 C0 14 ..3.. .....T..\n 00000030: C0 14 08 46 03 00 00 00 FC FC FC FC FC 88 00 00 ...F............\n 00000040: 3B 6B BB EB 00 05 00 00 01 00 00 02 02 00 06 00 ;k..............\n 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00000080: 00 40 40 69 24 6A 4A 16 CA C5 EB 7B E2 95 09 4C .@@i$jJ....{...L\n 00000090: C8 AD 4A FC CB 1D 83 A9 C4 82 C1 D9 7E 35 F9 27 ..J.........~5.'\n 000000A0: 92 8A 43 4B 78 D3 6B 04 9C B8 AF 79 8C 68 C6 E8 ..CKx.k....y.h..\n 000000B0: 2E 24 04 68 F4 97 2A CC 83 74 C9 E2 17 C0 5A C7 .$.h..*..t....Z.\n 000000C0: C7 C7 C7 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n\nContributing\n------------\n\nAs you can tell, not all the planned functionality is implemented and I will \nfill in gaps as my personal needs arise.\nContributions are, of course, most welcome!\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/depletionmode/divination", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "divination", "package_url": "https://pypi.org/project/divination/", "platform": "", "project_url": "https://pypi.org/project/divination/", "project_urls": { "Homepage": "https://github.com/depletionmode/divination" }, "release_url": "https://pypi.org/project/divination/0.1.0/", "requires_dist": null, "requires_python": "", "summary": "Python module for iospace and physmem inspection on Windows", "version": "0.1.0" }, "last_serial": 5546988, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "69953694f14cad4597b541565a6543cb", "sha256": "fa8ca9ebb305466af9c80e0def7b8fba519bc25b832617e480e07953c6bfad45" }, "downloads": -1, "filename": "divination-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "69953694f14cad4597b541565a6543cb", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7082, "upload_time": "2019-07-17T17:41:33", "url": "https://files.pythonhosted.org/packages/d2/dc/0e5be33e536cfbdbba0c1a89f2e7eb3caa9ddb988beb8d350d88f6f59021/divination-0.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "306155f5173916092957cbcf5f8252ec", "sha256": "102204272b134bfdd42c5f12734cc5bab7ebdb90629834999912975cc35567a8" }, "downloads": -1, "filename": "divination-0.1.0.tar.gz", "has_sig": false, "md5_digest": "306155f5173916092957cbcf5f8252ec", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4678, "upload_time": "2019-07-17T17:41:36", "url": "https://files.pythonhosted.org/packages/0e/03/034467978ae6b8af1022c34e81b8ffa9366ec42ab67c42e56d0a8a5adb71/divination-0.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "69953694f14cad4597b541565a6543cb", "sha256": "fa8ca9ebb305466af9c80e0def7b8fba519bc25b832617e480e07953c6bfad45" }, "downloads": -1, "filename": "divination-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "69953694f14cad4597b541565a6543cb", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7082, "upload_time": "2019-07-17T17:41:33", "url": "https://files.pythonhosted.org/packages/d2/dc/0e5be33e536cfbdbba0c1a89f2e7eb3caa9ddb988beb8d350d88f6f59021/divination-0.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "306155f5173916092957cbcf5f8252ec", "sha256": "102204272b134bfdd42c5f12734cc5bab7ebdb90629834999912975cc35567a8" }, "downloads": -1, "filename": "divination-0.1.0.tar.gz", "has_sig": false, "md5_digest": "306155f5173916092957cbcf5f8252ec", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4678, "upload_time": "2019-07-17T17:41:36", "url": "https://files.pythonhosted.org/packages/0e/03/034467978ae6b8af1022c34e81b8ffa9366ec42ab67c42e56d0a8a5adb71/divination-0.1.0.tar.gz" } ] }