Re: [ctypes-users] [Tutor] ctypes wintypes
Brought to you by:
theller
Menu
▾
▴
Re: [ctypes-users] [Tutor] ctypes wintypes
|
From: eryk s. <er...@gm...> - 2017-10-06 21:54:42
|
On Fri, Oct 6, 2017 at 10:26 PM, Michael C
<mys...@gm...> wrote:
>
> base = mbi.BaseAddress
> buffer = ctypes.c_int32()
> buffer_pointer = ctypes.byref(buffer)
> ReadProcessMemory = Kernel32.ReadProcessMemory
>
> if ReadProcessMemory(Process, base, buffer_pointer, mbi.RegionSize, None):
> print('buffer is: ',buffer)
> else:
> raise ctypes.WinError(ctypes.get_last_error())
If you need to read RegionSize bytes, then you have to allocate a
buffer that's RegionSize bytes:
buffer = ctypes.create_string_buffer(mbi.RegionSize)
Or use a smaller buffer and loop until the total number of bytes read
is RegionSize.
Also, remember to check that the state is MEM_COMMIT. You cannot read
an address range that's free or reserved. It must be committed, i.e.
backed by physical storage.
|