Python: Writing memory of a process

Question

So I've been having some problems with editing process memory. The way I usually do it is manual using process hacker 2, it's used for looking at all sorts of processes on your pc, and is VERY useful for finding what programs you've launched, no matter the extention.

And that is what I want to prevent. I want to hide the fact that I've ran some exe's by writing over the strings that popup when looking for them in for example: explorer.exe, -s DPS (svchost.exe), etc...).

You might need to download process hacker 2 to find out what I mean, but if you already know, please respond.

So far my attempts of making it work have been unsuccesful, and I'm starting to lose hope that it's even possible.

Answer 1

You can use Memorpy

import memorpy, psutil

cheat_name = "autoclicker.exe" #this is the string we are looking for inside svchost.exe's memory
pids = []

for proc in psutil.process_iter():
    if proc.name() == "svchost.exe":
        pids.append(proc.pid) #we loop through every process to find svchost

for pid in pids:
    mw = memorpy.MemWorker(pid=pid)
    l = [x for x in mw.mem_search(cheat_name)]
    print l
    for string in l:
        string.write(' '*len(cheat_name)*2) #here we replace the cheat's name with spaces
        print "Deleted some strings!"

It basically loops through every svchost.exe, searches for cheat_name and replaces it with spaces. Note: Memorpy only supports python 2.x. You also have to run the program as administrator.