News : OneByteRadar - pymem python package.

Today, I found this GitHub project about how to write to exe files with python programming language

The author say:

CS:GO radar hack achieved by patching one byte of game memory. Written in Python 3.

I don't test it, but good to know how can use these python modules.

The pymem Python library that allows you to interact with the memory of running Windows processes.

• Reading and writing memory values of other processes
• Scanning memory for byte patterns
• Allocating and freeing memory inside another process
• Accessing modules (DLLs) loaded by a process
• This is often used in game hacking, automation, or debugging tools.

NOTE: I used artificial intelligence to write this simple example, it is more productive in programs with more complex syntax, but the basics of programming must be known...

Let's see one example with edge browser open:

import pymem
import pymem.process
import re

# Open the Edge process (make sure it's running)
pm = pymem.Pymem("msedge.exe")

# Get the main module of the process
module = pymem.process.module_from_name(pm.process_handle, "msedge.exe")
base = module.lpBaseOfDll
size = module.SizeOfImage

# Read the module's memory
data = pm.read_bytes(base, size)

# Search for a test pattern (generic example)
pattern = re.search(rb'\x48\x89\x5C\x24\x08\x57\x48\x83', data)

if pattern:
    address = base + pattern.start()
    print(f"Pattern found at: {hex(address)}")

    # Read 8 bytes from the found address
    raw = pm.read_bytes(address, 8)
    print("Raw bytes:", raw)

    # Interpret the bytes as a little-endian integer
    value = int.from_bytes(raw, byteorder='little')
    print("Integer value:", value)

    # Write a new value (e.g., 12345678)
    new_value = (12345678).to_bytes(8, byteorder='little')
    pm.write_bytes(address, new_value, 8)
    print("Value overwritten with 12345678.")

else:
    print("Pattern not found.")

# Close the process handle
pm.close_process()

What is that patern:

pattern = re.search(rb'\x48\x89\x5C\x24\x08\x57\x48\x83', data)

These bytes correspond to x86-64 assembly instructions. For example:

48 89 5C 24 08 → mov [rsp+8], rbx
57 → push rdi
48 83 → the start of an instruction like add/sub/cmp with a 64-bit operand

This sequence is typical for the prologue of a function in compiled C++ code — saving registers to the stack.

This is a simple example, you don't see anything in edge because is just one search and one overwritten:

python pymem_exemple_002.py
Pattern found at: 0x7ff7180cb3d5
Raw bytes: b'H\x89\\$\x08WH\x83'
Integer value: 9459906709773125960
Value overwritten with 12345678.

You replaced those 8 bytes with the integer 12345678, encoded as: 4E 61 BC 00 00 00 00 00 (in hex)

This corrupts the original instruction, which may crash Edge or cause undefined behavior.

Not crash, maybe my edge browser use protections (ASLR, DEP, CFG) that can make modification unstable.

--------

1. ASLR (Address Space Layout Randomization)

2. DEP (Data Execution Prevention)

3. CFG (Control Flow Guard)

Python 3.13.0 : Script for python modules then installs them - updated with fix.

This script scans a folder full of .py files Python scripts, identifies all the external modules they import, filters out built-in ones, writes the installable ones to a requirements.txt file, and then installs them using pip—in parallel threads for speed.

I use the copilot and some comments are into my language, but I tested and works well:

NOTE: I updated with detection python modules based "from" and another issue: check if python module is instaled and step over that python module ...

This script will try to install many python modules, I can update to be better with these issues:

...some modules are default , some scripts are from another area, see Blender 3D with bpy python modules, some packages comes with same modules, this can be soleved with defined lists with unique items.

import subprocess
import sys
import os
import shutil
import importlib.util
import re
import concurrent.futures
from typing import List, Tuple, Set

class ModuleManager:
    def __init__(self):
        self.modules: Set[str] = set()
        self.pip_path = self._get_pip_path()

    def _get_pip_path(self) -> str:
        possible_path = os.path.join(sys.exec_prefix, "Scripts", "pip.exe")
        return shutil.which("pip") or (possible_path if os.path.exists(possible_path) else None)

    def extract_imports_from_file(self, file_path: str) -> List[Tuple[str, str]]:
        imports = []
        try:
            with open(file_path, 'r', encoding='utf-8') as file:
                for line in file:
                    # Detect 'import module'
                    import_match = re.match(r'^\s*import\s+([a-zA-Z0-9_]+)(\s+as\s+.*)?$', line)
                    if import_match:
                        module = import_match.group(1)
                        imports.append((module, line.strip()))
                        continue
                    
                    # Detect 'from module import ...'
                    from_match = re.match(r'^\s*from\s+([a-zA-Z0-9_]+)\s+import\s+.*$', line)
                    if from_match:
                        module = from_match.group(1)
                        imports.append((module, line.strip()))
        except FileNotFoundError:
            print(f"❌ Fișierul {file_path} nu a fost găsit.")
        except Exception as e:
            print(f"❌ Eroare la citirea fișierului {file_path}: {e}")
        return imports

    def scan_directory_for_py_files(self, directory: str = '.') -> List[str]:
        py_files = []
        for root, _, files in os.walk(directory):
            for file in files:
                if file.endswith('.py'):
                    py_files.append(os.path.join(root, file))
        return py_files

    def collect_unique_modules(self, directory: str = '.') -> None:
        py_files = self.scan_directory_for_py_files(directory)
        all_imports = []
        with concurrent.futures.ThreadPoolExecutor() as executor:
            future_to_file = {executor.submit(self.extract_imports_from_file, file_path): file_path for file_path in py_files}
            for future in concurrent.futures.as_completed(future_to_file):
                imports = future.result()
                all_imports.extend(imports)
        
        for module, _ in all_imports:
            self.modules.add(module)

    def is_module_installed(self, module: str) -> bool:
        return importlib.util.find_spec(module) is not None

    def run_pip_install(self, module: str) -> bool:
        if not self.pip_path:
            print(f"❌ Nu am găsit pip pentru {module}.")
            return False
        try:
            subprocess.check_call([self.pip_path, "install", module])
            print(f"✅ Pachetul {module} a fost instalat cu succes.")
            return True
        except subprocess.CalledProcessError as e:
            print(f"❌ Eroare la instalarea pachetului {module}: {e}")
            return False

    def check_and_install_modules(self) -> None:
        def process_module(module):
            print(f"\n🔎 Verific dacă {module} este instalat...")
            if self.is_module_installed(module):
                print(f"✅ {module} este deja instalat.")
            else:
                print(f"📦 Instalez {module}...")
                self.run_pip_install(module)
                # Re-verifică după instalare
                if self.is_module_installed(module):
                    print(f"✅ {module} funcționează acum.")
                else:
                    print(f"❌ {module} nu funcționează după instalare.")

        with concurrent.futures.ThreadPoolExecutor() as executor:
            executor.map(process_module, self.modules)

def main():
    print("🔍 Verific pip...")
    manager = ModuleManager()
    if manager.pip_path:
        print(f"✅ Pip este disponibil la: {manager.pip_path}")
    else:
        print("⚠️ Pip nu este disponibil.")
        return

    directory = sys.argv[1] if len(sys.argv) > 1 else '.'
    print(f"\n📜 Scanez directorul {directory} pentru fișiere .py...")
    manager.collect_unique_modules(directory)
    
    if not manager.modules:
        print("⚠️ Nu s-au găsit module în importuri.")
        return
    
    print(f"\nModule unice detectate: {', '.join(manager.modules)}")
    manager.check_and_install_modules()

if __name__ == "__main__":
    main()

Python Qt6 : Use regular expression with PyQt6.

Today I tested a python source code with PyQt6.

This source code let you to clean the text by HTML tags and regular expression in realtime.

If you want to parse in realtime then check the Realtime and add the regular expresion in editbox.

This is the result:

This is the source code I used to parse realtime regular expresion on editbox

from PyQt6.QtWidgets import QApplication, QMainWindow, QTextEdit, QVBoxLayout, QHBoxLayout, QWidget, QPushButton, QCheckBox, QLineEdit, QLabel
from PyQt6.QtGui import QTextDocument
from PyQt6.QtCore import Qt
import re

class MainWindow(QMainWindow):
    def __init__(self):
        super().__init__()

        self.setWindowTitle("HTML Cleaner")

        self.text_edit = QTextEdit()
        self.clean_button = QPushButton("Clean HTML")
        self.transform_div_checkbox = QCheckBox("Transform 
 tags")
        self.realtime_checkbox = QCheckBox("Realtime")
        self.regex_edit = QLineEdit()
        self.regex_edit.setPlaceholderText("Enter regex pattern")
        self.regex_edit.setEnabled(False)  # Dezactivăm inițial

        top_layout = QHBoxLayout()
        top_layout.addWidget(self.clean_button)
        top_layout.addWidget(self.transform_div_checkbox)
        top_layout.addWidget(QLabel("Regex:"))
        top_layout.addWidget(self.regex_edit)
        top_layout.addWidget(self.realtime_checkbox)

        main_layout = QVBoxLayout()
        main_layout.addLayout(top_layout)
        main_layout.addWidget(self.text_edit)

        container = QWidget()
        container.setLayout(main_layout)
        self.setCentralWidget(container)

        self.clean_button.clicked.connect(self.clean_html)
        self.realtime_checkbox.stateChanged.connect(self.toggle_realtime)
        self.regex_edit.textChanged.connect(self.realtime_update)

    def clean_html(self):
        html_text = self.text_edit.toPlainText()
        clean_text = self.remove_html_tags(html_text)
        self.text_edit.setPlainText(clean_text)

    def remove_html_tags(self, text):
        # Remove CSS
        text = re.sub(r'.*?', '', text, flags=re.DOTALL)
        # Remove JavaScript
        text = re.sub(r'.*?', '', text, flags=re.DOTALL)
        # Remove HTML comments
        text = re.sub(r'', '', text, flags=re.DOTALL)
        # Transform 
 tags if checkbox is checked
        if self.transform_div_checkbox.isChecked():
            text = re.sub(r']*>', '
', text)
        # Remove HTML tags but keep content
        clean = re.compile('<.*?>')
        text = re.sub(clean, '', text)
        # Remove empty lines
        text = re.sub(r'\n\s*\n', '\n', text)
        return text

    def toggle_realtime(self):
        if self.realtime_checkbox.isChecked():
            self.regex_edit.setEnabled(True)  # Activăm editbox-ul
            self.text_edit.textChanged.connect(self.realtime_update)
        else:
            self.regex_edit.setEnabled(False)  # Dezactivăm editbox-ul
            self.text_edit.textChanged.disconnect(self.realtime_update)

    def realtime_update(self):
        if self.realtime_checkbox.isChecked():
            html_text = self.text_edit.toPlainText()
            regex_pattern = self.regex_edit.text()
            if regex_pattern:
                try:
                    html_text = re.sub(regex_pattern, '', html_text)
                except re.error:
                    pass  # Ignore regex errors
            self.text_edit.blockSignals(True)
            self.text_edit.setPlainText(html_text)
            self.text_edit.blockSignals(False)

app = QApplication([])
window = MainWindow()
window.show()
app.exec()