In [19]:
import pymem
from pymem.pattern import pattern_scan_all
target_process = "javaw.exe"  # Define the name of the process
pm = pymem.Pymem(target_process)

In [2]:
def analyze_shellcode(battle_instance_data, chunk_size):
    if chunk_size != 4:
        raise ValueError("This function only accepts chunks of size 4")

    chunks = [
        battle_instance_data[i : i + chunk_size]
        for i in range(0, len(battle_instance_data), chunk_size)
    ]  # split into each chunk

    print("==========================")
    for i, chunk in enumerate(chunks):
        hex_values = [hex(byte)[2:].zfill(2).upper() for byte in chunk]

        # Convert each byte to decimal
        dec1_values = [str(byte).rjust(3, " ") for byte in chunk]

        # Convert each 2 bytes to decimal and hexadecimal
        dec2_values = [
            str(int.from_bytes(chunk[j : j + 2], "little")).rjust(5, " ")
            for j in range(0, len(chunk), 2)
        ]
        hex2_values = [
            hex(int.from_bytes(chunk[j : j + 2], "little"))[2:]
            .zfill(4)
            .upper()
            .rjust(5, " ")
            for j in range(0, len(chunk), 2)
        ]

        # Convert 4 bytes to hexadecimal
        hex4_value = hex(int.from_bytes(chunk, "little"))[2:].zfill(8).upper()

        print(
            f"Position {str(i*chunk_size).zfill(2)}: 1-byte DEC: {' '.join(dec1_values)} 2-byte DEC: {' '.join(dec2_values)} 2-byte HEX: {' '.join(hex2_values)} 4-byte HEX: {hex4_value} RAW: {' '.join(hex_values)}"
        )

In [20]:
battle_instance_data = pm.read_bytes(4033880840, 256)

In [21]:
battle_instance_data = pm.read_bytes(4033880840, 256)
analyze_shellcode(battle_instance_data, 4)

Position 00: 1-byte DEC:   1   0   0   0 2-byte DEC:     1     0 2-byte HEX:  0001  0000 4-byte HEX: 00000001 RAW: 01 00 00 00
Position 04: 1-byte DEC:   0   0   0   0 2-byte DEC:     0     0 2-byte HEX:  0000  0000 4-byte HEX: 00000000 RAW: 00 00 00 00
Position 08: 1-byte DEC:  20  70  10  32 2-byte DEC: 17940  8202 2-byte HEX:  4614  200A 4-byte HEX: 200A4614 RAW: 14 46 0A 20
Position 12: 1-byte DEC:   0   0   0   0 2-byte DEC:     0     0 2-byte HEX:  0000  0000 4-byte HEX: 00000000 RAW: 00 00 00 00
Position 16: 1-byte DEC:  79  16  82 121 2-byte DEC:  4175 31058 2-byte HEX:  104F  7952 4-byte HEX: 7952104F RAW: 4F 10 52 79
Position 20: 1-byte DEC: 136   1   0   0 2-byte DEC:   392     0 2-byte HEX:  0188  0000 4-byte HEX: 00000188 RAW: 88 01 00 00
Position 24: 1-byte DEC:   1   0   0   0 2-byte DEC:     1     0 2-byte HEX:  0001  0000 4-byte HEX: 00000001 RAW: 01 00 00 00
Position 28: 1-byte DEC:   1   1   0   0 2-byte DEC:   257     0 2-byte HEX:  0101  0000 4-byte HEX: 00000101 R

In [22]:
battle_instance_data = pm.read_bytes(4033880840, 256)
analyze_shellcode(battle_instance_data, 4)

Position 00: 1-byte DEC:  67  86  41 239 2-byte DEC: 22083 61225 2-byte HEX:  5643  EF29 4-byte HEX: EF295643 RAW: 43 56 29 EF
Position 04: 1-byte DEC:   0   0   0   0 2-byte DEC:     0     0 2-byte HEX:  0000  0000 4-byte HEX: 00000000 RAW: 00 00 00 00
Position 08: 1-byte DEC:  20  70  10  32 2-byte DEC: 17940  8202 2-byte HEX:  4614  200A 4-byte HEX: 200A4614 RAW: 14 46 0A 20
Position 12: 1-byte DEC:   0   0   0   0 2-byte DEC:     0     0 2-byte HEX:  0000  0000 4-byte HEX: 00000000 RAW: 00 00 00 00
Position 16: 1-byte DEC:  79  16  82 121 2-byte DEC:  4175 31058 2-byte HEX:  104F  7952 4-byte HEX: 7952104F RAW: 4F 10 52 79
Position 20: 1-byte DEC: 136   1   0   0 2-byte DEC:   392     0 2-byte HEX:  0188  0000 4-byte HEX: 00000188 RAW: 88 01 00 00
Position 24: 1-byte DEC:   1   0   0   0 2-byte DEC:     1     0 2-byte HEX:  0001  0000 4-byte HEX: 00000001 RAW: 01 00 00 00
Position 28: 1-byte DEC:   1   1   0   0 2-byte DEC:   257     0 2-byte HEX:  0101  0000 4-byte HEX: 00000101 R