[Tutor] ctypes wintypes
eryk sun
eryksun at gmail.com
Thu Oct 5 16:13:11 EDT 2017
On Thu, Oct 5, 2017 at 8:27 PM, Michael C
<mysecretrobotfactory at gmail.com> wrote:
>
> How do I see the values of each field? This doesn't work.
>
> print(PMEMORY_BASIC_INFORMATION.Protect)
Create an instance of MEMORY_BASIC_INFORMATION and pass a pointer to
it via byref(). For example, the following queries the region of
memory of the VirtualQuery function itself.
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
MEM_COMMIT = 0x1000
PAGE_EXECUTE_READ = 0x20
PAGE_EXECUTE_WRITECOPY = 0x80
VirtualQuery = kernel32.VirtualQuery
VirtualQuery.restype = SIZE_T
VirtualQuery.argtypes = (LPVOID, PMEMORY_BASIC_INFORMATION, SIZE_T)
mbi = MEMORY_BASIC_INFORMATION()
VirtualQuery(VirtualQuery, ctypes.byref(mbi), ctypes.sizeof(mbi))
>>> mbi.AllocationBase == kernel32._handle
True
>>> mbi.AllocationProtect == PAGE_EXECUTE_WRITECOPY
True
>>> mbi.BaseAddress
140703181352960
>>> mbi.RegionSize
364544
>>> mbi.State == MEM_COMMIT
True
>>> mbi.Protect == PAGE_EXECUTE_READ
True
More information about the Tutor
mailing list