Metadata-Version: 2.1
Name: invade
Version: 0.0.4
Summary: A toolkit for interacting with Windows process memory
Home-page: https://github.com/cgio/invade
Author: Chad Gosselin
License: UNKNOWN
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3.6
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Operating System :: Microsoft :: Windows
Classifier: Topic :: Security
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Science/Research
Requires-Python: >=3.6
Description-Content-Type: text/markdown
Requires-Dist: pefile

# Invade

![Invade](https://i.imgur.com/nGSXlnr.jpg "Invade")

Invade is a Python 3 toolkit for interacting with the memory of Windows processes. Common uses include demonstrating software vulnerability proof of concepts, testing data exfiltration, software interoperability, malware research, aiding with debugging and reverse engineering, and computer game modifications.

[https://github.com/cgio/invade](https://github.com/cgio/invade)

**There are four main classes inside main.py:**

* **Me:** Contains information about the operating environment.
* **Scout:** Contains information about active processes.
* **Target:** Contains information about the target process.
* **Tool:** Contains common and miscellaneous methods.

**Common use case overview:**

1. Create an instance of Me and check the operating environment for compatibility.
2. Use Scout to get a list of active processes and the desired PID (process identifier).
3. Instantiate Target using the PID obtained by Scout.
4. Check Target instance properties for information about the target process.
5. Interact with the target process using Tool methods.

Another common use case is Invade's fast (for Python at least) byte pattern search with wildcard support. Operation is similar to [IDA's](https://www.hex-rays.com) "sequence of bytes" search. Use Tool.search_file_pattern() to search through a file on disk.

Tool.memory_read_pointers() is another useful method. With it, you can read through a series of dynamically allocated memory pointers in another process. The method accepts a string containing a start address and relative pointers with common arithmetic operators.

Static methods are frequently used to increase versatility.

**Refer to main.py for additional information and usage instructions.**

## Installation
Python 3.6+ is required

`pip install invade`

Keystone Engine for Python must be installed separately. Use the desired installer under [Python module for Windows - Binaries](http://www.keystone-engine.org/download/).

## Credits
Thanks to authors and contributors of the following projects:
* [Python](https://www.python.org/downloads) for Windows
* [Keystone Engine](https://github.com/keystone-engine/keystone) (used to translate assembly into opcodes; often for injection or comparative purposes)
* [Cuckoo Sandbox](https://github.com/cuckoosandbox/cuckoo) (debug privilege granting code has been adapted)
* [pefile](https://github.com/erocarrera/pefile) (used for gathering information about PE files)

## Examples
See [TODO](https://example.com) for an example of KeePass password exfiltration.

## Authors
* **Chad Gosselin** - [https://github.com/cgio](https://github.com/cgio)

## License
This project is licensed under the MIT License. See the [LICENSE.md](LICENSE.md) file for details.

