Re: [ctypes-users] [Tutor] ctypes wintypes
Brought to you by:
theller
From: eryk s. <er...@gm...> - 2017-10-06 21:54:42
|
On Fri, Oct 6, 2017 at 10:26 PM, Michael C <mys...@gm...> wrote: > > base = mbi.BaseAddress > buffer = ctypes.c_int32() > buffer_pointer = ctypes.byref(buffer) > ReadProcessMemory = Kernel32.ReadProcessMemory > > if ReadProcessMemory(Process, base, buffer_pointer, mbi.RegionSize, None): > print('buffer is: ',buffer) > else: > raise ctypes.WinError(ctypes.get_last_error()) If you need to read RegionSize bytes, then you have to allocate a buffer that's RegionSize bytes: buffer = ctypes.create_string_buffer(mbi.RegionSize) Or use a smaller buffer and loop until the total number of bytes read is RegionSize. Also, remember to check that the state is MEM_COMMIT. You cannot read an address range that's free or reserved. It must be committed, i.e. backed by physical storage. |