[Tutor] How do I scan memory for singles, doubles and so on?

Michael C mysecretrobotfactory at gmail.com
Sat Oct 7 17:10:40 EDT 2017 

Or to put it better, I think, it's

How do I set up ReadProcessMemory, so that it returns a double instead of
129819721.

On Sat, Oct 7, 2017 at 2:00 PM, Michael C <mysecretrobotfactory at gmail.com>
wrote:

> Hi all:
>
> I am working on a memory scanner, and the source code and output is as
> following:
>
> Now, I know why my buffer from read process memory looks like values such
> as "67108864" ; it's because I read into the buffer entire chunk of memory
> at a time, because I fed read process memory this:  "mbi.RegionSize"
>
> Now, how do I read for values such as doubles?
> I am guessing I need to use a for loop to scan for small bits of memory
> chunk
> at a time.
>
> Is there a way to do it?
>
> Thanks!
>
>
>
>
> >output starts
>
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(6385664)
> buffer is:  c_ulong(67108864)
> buffer is:  c_ulong(7761920)
> buffer is:  c_ulong(7798784)
> buffer is:  c_ulong(7872512)
> buffer is:  c_ulong(8007680)
> buffer is:  c_ulong(8044544)
> buffer is:  c_ulong(8069120)
> buffer is:  c_ulong(8216576)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(3976)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(1318755581)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(0)
> buffer is:  c_ulong(0)
>
> > code starts
>
> buffer = ctypes.c_uint()
> nread = SIZE_T()
>
> start = ctypes.c_void_p(mbi.BaseAddress)
>
> ReadProcessMemory = Kernel32.ReadProcessMemory
>
> MEM_COMMIT = 0x00001000;
> PAGE_READWRITE = 0x04;
>
> current_address = sysinfo.lpMinimumApplicationAddress
> end_address = sysinfo.lpMaximumApplicationAddress
>
> while current_address < end_address:
>     Kernel32.VirtualQueryEx(Process, \
>     current_address, ctypes.byref(mbi),ctypes.sizeof(mbi))
>
>     if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT :
>
>         if ReadProcessMemory(Process, current_address,
> ctypes.byref(buffer), \
>                              ctypes.sizeof(buffer), ctypes.byref(nread)):
>                 print('buffer is: ',buffer)
>         else:
>                 raise ctypes.WinError(ctypes.get_last_error())
>
>     current_address += mbi.RegionSize
>
>

More information about the Tutor mailing list