[Tutor] ctypes wintypes

eryk sun eryksun at gmail.com
Fri Oct 6 17:53:54 EDT 2017

On Fri, Oct 6, 2017 at 10:26 PM, Michael C
<mysecretrobotfactory at gmail.com> wrote:
> base = mbi.BaseAddress
> buffer = ctypes.c_int32()
> buffer_pointer = ctypes.byref(buffer)
> ReadProcessMemory = Kernel32.ReadProcessMemory
> if ReadProcessMemory(Process, base, buffer_pointer, mbi.RegionSize, None):
>         print('buffer is: ',buffer)
> else:
>         raise ctypes.WinError(ctypes.get_last_error())

If you need to read RegionSize bytes, then you have to allocate a
buffer that's RegionSize bytes:

    buffer = ctypes.create_string_buffer(mbi.RegionSize)

Or use a smaller buffer and loop until the total number of bytes read
is RegionSize.

Also, remember to check that the state is MEM_COMMIT. You cannot read
an address range that's free or reserved. It must be committed, i.e.
backed by physical storage.

More information about the Tutor mailing list