[ctypes-users] python memory scanner - is it ok to ask you guys about it?
Brought to you by:
theller
Menu
▾
▴
[ctypes-users] python memory scanner - is it ok to ask you guys about it?
|
From: Michael C <mys...@gm...> - 2016-11-29 02:26:07
|
I have this code here I am working on. Right now it has 3 problems and then I still don't know if it works: what type of buffer should I create? buff = ctypes.create_string_buffer(4) I am not sure what sort of buffer ReadProcessMemory expect, and LPVOID, from MSDN, https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553(v=vs.85).aspx doens't ring a bell for me. 2ndly, what's the number I should use here? addresses_list = range(????,????,???) I am not sure how memory spaces are named, does each program get its own memory space? So do I put down 99999999? 3rdly, I believe I configured unpack incorrectly, as I don't understand what sort of parameters to give because I don't understand how the memory works. Basically my goal is to write a memory scanner so I'd better understand how memories work. import ctypes from ctypes import wintypes as w from struct import * from time import * import datetime import sys import time PID = 15872 OpenProcess = ctypes.windll.kernel32.OpenProcess OpenProcess.argtypes = [w.DWORD,w.BOOL,w.DWORD] OpenProcess.restype = w.HANDLE ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory ReadProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID, ctypes.c_size_t,ctypes.POINTER(ctypes.c_size_t)] ReadProcessMemory.restype = w.BOOL PROCESS_QUERY_INFORMATION = 0x0400 PROCESS_VM_READ = 0x0010 ph = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,False,int(PID)) #program handle #this is a problem: what type of buffer should I create? buff = ctypes.create_string_buffer(4) bufferSize = ctypes.sizeof(buff) bytesRead = ctypes.c_size_t(bufferSize) # what's the number I should use here? #addresses_list = range(0x99999999999) address = 0x4000000 addresses_list = range(address,0x9000000,0x4) for i in addresses_list: ReadProcessMemory(ph, ctypes.c_void_p(i), buff, bufferSize, ctypes.byref(bytesRead)) # I am uncertain how to configure unpack print(buff) value = unpack('I', buff)[0] if value == int(64953): print(i) |
