{ "info": { "author": "Chad Gosselin", "author_email": "", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "Intended Audience :: Science/Research", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: Microsoft :: Windows", "Programming Language :: Python :: 3.6", "Topic :: Security" ], "description": "# Invade\n\n![Invade](https://i.imgur.com/nGSXlnr.jpg \"Invade\")\n\nInvade is a Python 3 library for interacting with Windows processes. Common uses: software security and malware research, reverse engineering, and PoCs.\n\n[https://github.com/cgio/invade](https://github.com/cgio/invade)\n\n[https://pypi.org/project/invade](https://pypi.org/project/invade)\n\n\n**There are four classes in main.py:**\n\n* **Me:** for operating environment info\n* **Scout:** for process discovery\n* **Target:** for target process info\n* **Tool:** for main operation\n\n**Common use case overview:**\n\n1. Create an instance of Me and check the operating environment for compatibility.\n2. Use Scout to get a list of active processes and the desired PID (process identifier).\n3. Instantiate Target using the PID obtained by Scout.\n4. Check Target instance properties for information about the target process.\n5. Interact with the target process using Tool methods.\n\nAnother common use case is Invade's relatively fast byte pattern search with wildcard support. Operation is similar to [IDA's](https://www.hex-rays.com) \"sequence of bytes\" search. Use Tool.search_file_pattern() to search through a file on disk.\n\nTool.memory_read_pointers() is also useful. With it, you can read through a series of dynamically allocated memory pointers in another process. The method accepts a string containing a start address and relative pointers with common arithmetic operators.\n\n**Refer to main.py for additional information and usage instructions.**\n\n**Refer to RELEASE.md for release notes.**\n\n## Installation\nPython 3.6+ is required\n\n`pip install invade`\n\nInstall Keystone for Python. See [Python module for Windows - Binaries](http://www.keystone-engine.org/download/).\n\nInstall Capstone for Python. See [Python module for Windows - Binaries](https://www.capstone-engine.org/download.html).\n\n## Files\nInside /invade:\n* **main.py:** contains all main code and classes\n* **winapi.py:** contains Windows API code\n* **version.py:** contains version information\n\n## Example Projects\n* [invade_debug_32](https://github.com/cgio/invade_debug_32): Windows x86 32-bit non-attaching debug tool\n* [invade_keepass](https://github.com/cgio/invade_keepass): KeePass password exfiltration\n\n## Authors\nChad Gosselin ([https://github.com/cgio](https://github.com/cgio))\n\n## Credits\nThank you to the following projects:\n\n* [Keystone](https://github.com/keystone-engine/keystone): assembler framework\n* [Capstone](https://github.com/aquynh/capstone): disassembler framework\n* [Cuckoo Sandbox](https://github.com/cuckoosandbox/cuckoo): malware analysis framework\n* [pefile](https://github.com/erocarrera/pefile): PE file framework\n\n## License\nThis project is licensed under the MIT License. See [LICENSE.md](LICENSE.md) for details. This project is for educational purposes only. Use at your own risk.\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/cgio/invade", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "invade", "package_url": "https://pypi.org/project/invade/", "platform": "", "project_url": "https://pypi.org/project/invade/", "project_urls": { "Homepage": "https://github.com/cgio/invade" }, "release_url": "https://pypi.org/project/invade/0.0.6/", "requires_dist": [ "pefile" ], "requires_python": ">=3.6", "summary": "A library for interacting with Windows process memory", "version": "0.0.6" }, "last_serial": 4286035, "releases": { "0.0.4": [ { "comment_text": "", "digests": { "md5": "dbdfb7fed66756a93b5b12c6983020bc", "sha256": "fcdc6f7f0dcb87304c2c63aaaa21c5d6ce42999399af3404536ec8d71703d1c2" }, "downloads": -1, "filename": "invade-0.0.4-py3-none-any.whl", "has_sig": false, "md5_digest": "dbdfb7fed66756a93b5b12c6983020bc", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 17347, "upload_time": "2018-07-15T21:41:14", "url": "https://files.pythonhosted.org/packages/21/d0/0a92d00820183210df087cf8d55a6f3bb4cbe73f117b855dc3f37fe8b3a7/invade-0.0.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "82f65c9fb48753f14b109a8c2ca16c5f", "sha256": "c6bb722f18367c8432e4d36fd0e952c1e49fdbe85f3327fff98a9ba9c32f5dd3" }, "downloads": -1, "filename": "invade-0.0.4.tar.gz", "has_sig": false, "md5_digest": "82f65c9fb48753f14b109a8c2ca16c5f", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 17742, "upload_time": "2018-07-15T21:41:15", "url": "https://files.pythonhosted.org/packages/df/c1/8904f2d5a49014ff250efabb5b05c0d7a319f1da441973d6973908322105/invade-0.0.4.tar.gz" } ], "0.0.5": [ { "comment_text": "", "digests": { "md5": "49c2b6dc6bbc1dfd5ec56e0a091e1402", "sha256": "9937dcad69e1575a60c58de4f72d3949e3c0496fe7d300d593114aa8c601d931" }, "downloads": -1, "filename": "invade-0.0.5-py3-none-any.whl", "has_sig": false, "md5_digest": "49c2b6dc6bbc1dfd5ec56e0a091e1402", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 17495, "upload_time": "2018-07-17T20:05:06", "url": "https://files.pythonhosted.org/packages/a6/7a/6dd14e2b163d40e3aaad854110a1745669081bf15d1f4b332f007e983c5c/invade-0.0.5-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7f8079ac84997f68f71f500ee6e339bc", "sha256": "9f1742ef0e840215defa3d9db0d1b51339b7f1eaefa8bb2d9bb625a0fd9123ea" }, "downloads": -1, "filename": "invade-0.0.5.tar.gz", "has_sig": false, "md5_digest": "7f8079ac84997f68f71f500ee6e339bc", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 17982, "upload_time": "2018-07-17T20:05:07", "url": "https://files.pythonhosted.org/packages/70/a7/c9c7b3acbfaa69093586ea9d87e1fe6ccb501a1a1ecb222950c2d0db85d6/invade-0.0.5.tar.gz" } ], "0.0.6": [ { "comment_text": "", "digests": { "md5": "e9df3556a11bc11ef304bd148c46a113", "sha256": "30be5051437ad1aa1c862f90f1ef9d600f1df40f7a83885c4130237480552219" }, "downloads": -1, "filename": "invade-0.0.6-py3-none-any.whl", "has_sig": false, "md5_digest": "e9df3556a11bc11ef304bd148c46a113", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 18072, "upload_time": "2018-09-18T21:30:09", "url": "https://files.pythonhosted.org/packages/a1/fc/cb8afcb2ed3e18f3d200be7ef545bc47f5b5fdfb9345b9bcf4a9a5dc13e2/invade-0.0.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7a391340ece49707932dd9e11ac370a3", "sha256": "fc3db82101398926afa051bb25d2edbc9490d59af88001b19560ecf7ca9571e1" }, "downloads": -1, "filename": "invade-0.0.6.tar.gz", "has_sig": false, "md5_digest": "7a391340ece49707932dd9e11ac370a3", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 18554, "upload_time": "2018-09-18T21:30:10", "url": "https://files.pythonhosted.org/packages/6a/d4/40d842cda4159956e0dd17edc68c808f7c59c1169938c640c9a8c9037767/invade-0.0.6.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e9df3556a11bc11ef304bd148c46a113", "sha256": "30be5051437ad1aa1c862f90f1ef9d600f1df40f7a83885c4130237480552219" }, "downloads": -1, "filename": "invade-0.0.6-py3-none-any.whl", "has_sig": false, "md5_digest": "e9df3556a11bc11ef304bd148c46a113", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 18072, "upload_time": "2018-09-18T21:30:09", "url": "https://files.pythonhosted.org/packages/a1/fc/cb8afcb2ed3e18f3d200be7ef545bc47f5b5fdfb9345b9bcf4a9a5dc13e2/invade-0.0.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7a391340ece49707932dd9e11ac370a3", "sha256": "fc3db82101398926afa051bb25d2edbc9490d59af88001b19560ecf7ca9571e1" }, "downloads": -1, "filename": "invade-0.0.6.tar.gz", "has_sig": false, "md5_digest": "7a391340ece49707932dd9e11ac370a3", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 18554, "upload_time": "2018-09-18T21:30:10", "url": "https://files.pythonhosted.org/packages/6a/d4/40d842cda4159956e0dd17edc68c808f7c59c1169938c640c9a8c9037767/invade-0.0.6.tar.gz" } ] }