[python-win32] VirtualQueryEx/ReadProcessMemory
Tim Roberts
timr at probo.com
Tue Oct 17 03:28:46 EDT 2017
On Oct 16, 2017, at 5:06 PM, Michael C <mysecretrobotfactory at gmail.com> wrote:
>
> Supposed by using Openprocess and VirtualQueryEx, I have the locations of all the memory the application is using, wouldn't this to be true?
>
> Say, a 8 byte data is somewhere in the region i am scanning. Ok, I know by scanning it like this
> for n in range(start,end,1)
>
> will read into another variable and mostly nothing, but unless a variable, that is, one number, can be truncated and exist in multiple locations like this
>
> double = 12345678
You keep using the word "double". A "double" is a floating-point number. Are you actually referring to an 8-byte integer?
> 123 is at x001
> 45 is at x005
> 678 is at x010
>
> unless a number can be broken up like that, wouldn't I, while use the silly 'increment by one' approach, actually luck out and get that value in it's actual position?
I can't tell what your x001 notation is trying to say. If you have the decimal value 12345678 stored somewhere in memory in a 64-bit value, the consecutive bytes in memory will look like this:
4E 61 BC 00 00 00 00 00
If you actually mean the floating point value 12345678.0, it will be stored in 8 bytes like this:
00 00 00 c0 29 8c 67 41
It will take you forever to search another process 8 bytes at a time. You're probably going to want to fetch a page at a time and scan the page locally.
—
Tim Roberts, timr at probo.com
Providenza & Boekelheide, Inc.
More information about the python-win32
mailing list