[Tutor] ctypes wintypes

Fri Oct 6 14:26:41 EDT 2017

Hi Eryk Sun:

I started out with what you gave me:

>code starts
class SYSTEM_INFO(ctypes.Structure):
    """https://msdn.microsoft.com/en-us/library/ms724958"""
    class _U(ctypes.Union):
        class _S(ctypes.Structure):
            _fields_ = (('wProcessorArchitecture', WORD),
                        ('wReserved', WORD))
        _fields_ = (('dwOemId', DWORD), # obsolete
                    ('_s', _S))
        _anonymous_ = ('_s',)
    _fields_ = (('_u', _U),
                ('dwPageSize', DWORD),
                ('lpMinimumApplicationAddress', LPVOID),
                ('lpMaximumApplicationAddress', LPVOID),
                ('dwActiveProcessorMask',   DWORD_PTR),
                ('dwNumberOfProcessors',    DWORD),
                ('dwProcessorType',         DWORD),
                ('dwAllocationGranularity', DWORD),
                ('wProcessorLevel',    WORD),
                ('wProcessorRevision', WORD))
    _anonymous_ = ('_u',)

LPSYSTEM_INFO = ctypes.POINTER(SYSTEM_INFO)

> code ends

I am trying to acquire "lpMinimumApplicationAddress" and
"lpMaximumApplicationAddress" from system_info, so I did this,

>code
Kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
Kernel32.GetSystemInfo(LPSYSTEM_INFO)
print(LPLPSYSTEM_INFO.lpMinimumApplicationAddress)

>code ends

 and then it says

Traceback (most recent call last):
  File "C:/Users/AwesomeGuy/Google Drive/My life of hacking/SWTOR/mah
scanner/with_eryk_sun_s_help_peace by peace.py", line 55, in <module>
    Kernel32.GetSystemInfo(LPSYSTEM_INFO)
ctypes.ArgumentError: argument 1: <class 'TypeError'>: Don't know how to
convert parameter 1

thanks for reading!

On Thu, Oct 5, 2017 at 1:13 PM, eryk sun <eryksun at gmail.com> wrote:

> On Thu, Oct 5, 2017 at 8:27 PM, Michael C
> <mysecretrobotfactory at gmail.com> wrote:
> >
> > How do I see the values of each field? This doesn't work.
> >
> > print(PMEMORY_BASIC_INFORMATION.Protect)
>
> Create an instance of MEMORY_BASIC_INFORMATION and pass a pointer to
> it via byref(). For example, the following queries the region of
> memory of the VirtualQuery function itself.
>
>     kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
>
>     MEM_COMMIT = 0x1000
>     PAGE_EXECUTE_READ = 0x20
>     PAGE_EXECUTE_WRITECOPY = 0x80
>
>     VirtualQuery = kernel32.VirtualQuery
>     VirtualQuery.restype = SIZE_T
>     VirtualQuery.argtypes = (LPVOID, PMEMORY_BASIC_INFORMATION, SIZE_T)
>
>     mbi = MEMORY_BASIC_INFORMATION()
>     VirtualQuery(VirtualQuery, ctypes.byref(mbi), ctypes.sizeof(mbi))
>
>     >>> mbi.AllocationBase == kernel32._handle
>     True
>     >>> mbi.AllocationProtect == PAGE_EXECUTE_WRITECOPY
>     True
>     >>> mbi.BaseAddress
>     140703181352960
>     >>> mbi.RegionSize
>     364544
>     >>> mbi.State == MEM_COMMIT
>     True
>     >>> mbi.Protect ==  PAGE_EXECUTE_READ
>     True
>