[Tutor] ctypes wintypes
mysecretrobotfactory at gmail.com
Fri Oct 6 16:12:32 EDT 2017
How do I create a buffer, or rather, is a buffer just a variable?
How do I create a pointer to it?
This code ran fine (thanks to you, Eryk, I now know about how to work
until when I ran the read process memory part.
I think I am not feeding the function properly.
Please look at the red part of this code
>code starts here
mbi = MEMORY_BASIC_INFORMATION()
print('VirtualQueryEx ran properly?',Kernel32.VirtualQueryEx(Process, \
print('mbi.Protect: ', mbi.Protect)
buffer = ctypes.create_string_buffer(4)
bufferSize = (ctypes.sizeof(buffer))
ReadProcessMemory = Kernel32.ReadProcessMemory
if ReadProcessMemory(Process, ctypes.byref(mbi), buffer, bufferSize, None):
print('buffer is: ',buffer)
print('something is wrong')
On Fri, Oct 6, 2017 at 12:03 PM, eryk sun <eryksun at gmail.com> wrote:
> On Fri, Oct 6, 2017 at 7:43 PM, Michael C
> <mysecretrobotfactory at gmail.com> wrote:
> > Sorry but I dont understand this line:
> > mbi = MEMORY_BASIC_INFORMATION()
> > This creates a instance of the class?
> Yes, and this allocates sizeof(MEMORY_BASIC_INFORMATION) bytes at
> addressof(mbi), which you pass to a function by reference via
> > Also, I thought with VirtualQueryEx, what you need for it
> > is a handle, which I acquire from this
> > Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_
> > False, PID)
> My example called VirtualQuery, not VirtualQueryEx. Internally
> VirtualQuery calls VirtualQueryEx using the pseudo handle
> (HANDLE)(-1), which refers to the current process.
> > and then feed it to the function like so:
> > VirtualQuery(Process, ctypes.byref(mbi), ctypes.sizeof(mbi))
> > I know it doesn't work. But what are these lines for? They don't look
> > handle to me:
> > VirtualQuery = kernel32.VirtualQuery
> > VirtualQuery.restype = SIZE_T
> > VirtualQuery.argtypes = (LPVOID, PMEMORY_BASIC_INFORMATION, SIZE_T)
> In the above, I'm setting the function pointer's argtypes attribute to
> the types of the 3 parameters that VirtualQuery takes: the target
> address (i.e. LPVOID), a pointer to the buffer (i.e.
> PMEMORY_BASIC_INFORMATION), and the size of the buffer (SIZE_T). This
> is to allow ctypes to correctly check and convert arguments passed to
> the function.
> VirtualQueryEx has four parameters, starting with the handle to the
> target process, hProcess. The remaining 3 are the same as
More information about the Tutor