ctypes-users Mailing List for ctypes (Page 5)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Shouldn't I use VirtualQueryEX to find out these values?

        ph = kernel32.GetCurrentProcess()
        source_array = (wintypes.DWORD * 10)(*range(10))
        base_address = ctypes.addressof(source_array)
        block_size = ctypes.sizeof(source_array)

On Sat, Dec 10, 2016 at 11:44 AM, Michael C <mys...@gm...>
wrote:

> what does this do?
>
> source_array = (wintypes.DWORD * 10)(*range(10))
>
> On Sat, Dec 10, 2016 at 11:40 AM, Michael C <mysecretrobotfactory@gmail.
> com> wrote:
>
>> How do I tell it to scan for double?
>> Also, how do I specify the target process?
>>
>> Thax
>>
>> On Sat, Dec 10, 2016 at 6:30 AM, eryk sun <er...@gm...> wrote:
>>
>>> On Sat, Dec 10, 2016 at 12:12 AM, Michael C
>>> <mys...@gm...> wrote:
>>> > Here is my entire current work in progress:
>>> >
>>> > #import modules
>>> > import ctypes
>>> > import time
>>>
>>> [snip]
>>>
>>> Here's a working example for ReadProcessMemory.
>>>
>>>     import ctypes
>>>     from ctypes import wintypes
>>>
>>>     kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
>>>
>>>     PROCESS_VM_READ           = 0x0010
>>>     PROCESS_QUERY_INFORMATION = 0x0400
>>>
>>>     if not hasattr(wintypes, 'SIZE_T'):
>>>         wintypes.SIZE_T = ctypes.c_size_t
>>>
>>>     if not hasattr(wintypes, 'PSIZE_T'):
>>>         wintypes.PSIZE_T = ctypes.POINTER(wintypes.SIZE_T)
>>>
>>>     def _check_zero(result, func, args):
>>>         """ Check for zero or NULL return value. """
>>>         if not result:
>>>             raise ctypes.WinError(ctypes.get_last_error())
>>>         return args
>>>
>>>     # https://msdn.microsoft.com/en-us/library/ms683179
>>>     kernel32.GetCurrentProcess.restype = wintypes.HANDLE
>>>
>>>     # https://msdn.microsoft.com/en-us/library/ms684320
>>>     kernel32.OpenProcess.errcheck = _check_zero
>>>     kernel32.OpenProcess.restype = wintypes.HANDLE
>>>
>>>     # https://msdn.microsoft.com/en-us/library/ms680553
>>>     kernel32.ReadProcessMemory.errcheck = _check_zero
>>>     kernel32.ReadProcessMemory.argtypes = (
>>>         wintypes.HANDLE,  # _In_  hProcess
>>>         wintypes.LPCVOID, # _In_  lpBaseAddress
>>>         wintypes.LPVOID,  # _Out_ lpBuffer
>>>         wintypes.SIZE_T,  # _In_  nSize
>>>         wintypes.PSIZE_T) # _Out_ lpNumberOfBytesRead
>>>
>>>     if __name__ == '__main__':
>>>         import sys
>>>
>>>         if len(sys.argv) == 4:
>>>             ph = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION |
>>>                     PROCESS_VM_READ, False, int(sys.argv[1]))
>>>             base_address = int(sys.argv[2])
>>>             block_size  = int(sys.argv[3])
>>>         elif len(sys.argv) == 1:
>>>             ph = kernel32.GetCurrentProcess()
>>>             source_array = (wintypes.DWORD * 10)(*range(10))
>>>             base_address = ctypes.addressof(source_array)
>>>             block_size = ctypes.sizeof(source_array)
>>>         else:
>>>             sys.exit('Usage: %s pid base_address block_size' %
>>> sys.argv[0])
>>>
>>>         address_list = range(base_address, base_address + block_size,
>>>                              ctypes.sizeof(wintypes.DWORD))
>>>         data = wintypes.DWORD()
>>>
>>>         for address in address_list:
>>>             kernel32.ReadProcessMemory(ph, address, ctypes.byref(data),
>>>                 ctypes.sizeof(data), None)
>>>             print('%x: %d' % (address, data.value))
>>>
>>> This script defaults to a demo that reads an array of DWORD values
>>> from its own process. You can also provide it the PID, base address,
>>> and block size to read from another process. You could extend this
>>> with another option to configure the type of data read (e.g. char,
>>> float) based on simple ctypes format codes, e.g. "L" for a DWORD,
>>> where "L" is the value of `wintypes.DWORD._type_`. Or instead follow
>>> WinDbg conventions (e.g. db, dw, dd).
>>>
>>> Note that I assign an errcheck function for the OpenProcess and
>>> ReadProcessMemory function pointers. In this case both use the same
>>> _check_zero function, which raises an OSError (or WindowsError in 2.x)
>>> when the call fails. Idiomatic Python programming uses exceptions for
>>> error handling and resource management (i.e. try/except/finally). Get
>>> the error code from the exception's `winerror` attribute when handling
>>> it. Here's the complete list of WinAPI error codes:
>>>
>>> https://msdn.microsoft.com/en-us/library/ms681381
>>>
>>
>>
>

2003	Jan (3)	Feb (97)	Mar (38)	Apr (50)	May (68)	Jun (67)	Jul (184)	Aug (58)	Sep (30)	Oct (40)	Nov (41)	Dec (53)
2004	Jan (81)	Feb (48)	Mar (35)	Apr (85)	May (47)	Jun (56)	Jul (60)	Aug (103)	Sep (46)	Oct (39)	Nov (19)	Dec (50)
2005	Jan (36)	Feb (65)	Mar (119)	Apr (132)	May (93)	Jun (71)	Jul (42)	Aug (69)	Sep (41)	Oct (61)	Nov (31)	Dec (42)
2006	Jan (59)	Feb (112)	Mar (60)	Apr (64)	May (116)	Jun (128)	Jul (68)	Aug (92)	Sep (58)	Oct (91)	Nov (73)	Dec (52)
2007	Jan (37)	Feb (59)	Mar (26)	Apr (30)	May (37)	Jun (25)	Jul (20)	Aug (54)	Sep (68)	Oct (16)	Nov (34)	Dec (34)
2008	Jan (72)	Feb (40)	Mar (25)	Apr (54)	May (61)	Jun (22)	Jul (41)	Aug (26)	Sep (26)	Oct (66)	Nov (42)	Dec (58)
2009	Jan (100)	Feb (48)	Mar (20)	Apr (13)	May (10)	Jun (33)	Jul (9)	Aug	Sep (17)	Oct (9)	Nov (4)	Dec (64)
2010	Jan (18)	Feb (8)	Mar (37)	Apr (14)	May (9)	Jun (21)	Jul (1)	Aug (18)	Sep (12)	Oct (8)	Nov (4)	Dec (4)
2011	Jan (31)	Feb (3)	Mar (6)	Apr (1)	May (10)	Jun (9)	Jul (16)	Aug (5)	Sep (1)	Oct (5)	Nov (1)	Dec (11)
2012	Jan (4)	Feb (8)	Mar (14)	Apr (1)	May (2)	Jun (1)	Jul	Aug (10)	Sep (5)	Oct	Nov (4)	Dec (2)
2013	Jan (2)	Feb	Mar (1)	Apr	May (4)	Jun	Jul (3)	Aug (5)	Sep (12)	Oct	Nov	Dec (3)
2014	Jan	Feb	Mar	Apr (4)	May	Jun (4)	Jul	Aug	Sep (5)	Oct	Nov	Dec (2)
2015	Jan	Feb	Mar (5)	Apr	May	Jun	Jul	Aug (3)	Sep	Oct (7)	Nov	Dec (2)
2016	Jan (3)	Feb (6)	Mar (3)	Apr	May	Jun (9)	Jul (2)	Aug (2)	Sep	Oct	Nov (28)	Dec (31)
2017	Jan	Feb	Mar	Apr (10)	May (28)	Jun (2)	Jul (3)	Aug (2)	Sep (4)	Oct (31)	Nov (2)	Dec
2018	Jan	Feb (1)	Mar (1)	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

ctypes-users Mailing List for ctypes (Page 5)

ctypes-users — Discussion forum for ctypes users