[python-win32] VirtualQueryEx/ReadProcessMemory

Tim Roberts timr at probo.com
Tue Oct 17 03:44:31 EDT 2017 

On Oct 16, 2017, at 4:39 PM, Michael C <mysecretrobotfactory at gmail.com> wrote:
> 
> >>>Did you acquire the SeDebugPrivilege before calling?
> 
> Eh, no. I don't know what that is! How do I get it?

https://www.programcreek.com/python/example/80627/win32con.TOKEN_ADJUST_PRIVILEGES <https://www.programcreek.com/python/example/80627/win32con.TOKEN_ADJUST_PRIVILEGES>


> >>>That's a screwed up way of doing it.  If you want buffers of 8 bytes,
> then make a buffer of 8 bytes.
> 
> So like this?
> 
> ReadProcessMemory(Process, i, ctypes.byref(buffer), 8, ctypes.byref(nread))

I would probably use ctypes.c_buffer to create the buffer.  You can experiment by reading your own process before you start reading other processes.


> Bummer... I thought with what I did, I was building a simple memory scanner.
> See, I thought with my ReadProcessMemory line I was retrieving values in the size of doubles.
> 
> I thought by doing what I did, by reading 8 bytes at a time, (the size of doubles) I was effectively looking for values in my memory. I thought a
> 
> for(start,end,8)
> 
> would give me all the values of doubles since I believed that doubles exist in the memory in the positions of   base, base+8, base+16, base+24, and so forth.

You would get the memory, 8 bytes at a time.  8-byte integers are often stored aligned on 8-byte boundaries, because it's slightly more efficient, but it's not required.  It depends on what you're looking for, which you still haven't told us.


> would achieve the same thing. I would store the address containing the doubles I want in a list() called hit_pool.  And then the incorrect values would be flushed out anyway, when I run a another run of comparing the address found with target value. like this
> 
> for n in hit_pool:
>         readprocessmemory(process, n,  ctypes.byref(buffer), 8, ctypes.byref(nread))

Well, you wouldn't pass your "hit_pool" values to ReadProcessMemory.  You would read the memory, then scan through it locally looking for your hit_pool.

However, you'e always going to be fighting the language.  This kind of low-level machine-dependent processing is always going to be much faster and easier to code in C or C++.
— 
Tim Roberts, timr at probo.com
Providenza & Boekelheide, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20171017/e4f44886/attachment-0001.html>

More information about the python-win32 mailing list