[Tutor] using while loop for read process memory

Michael C mysecretrobotfactory at gmail.com
Sun Oct 8 13:20:13 EDT 2017

Hi all:

I have the following code, and somehow I must have fed the read process
Memory incorrectly. what the code does is to check a region of memory to
whether or not it can be scanned.

mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT

If this is true,then it proceeds to scan the memory fro current_address to
current_address + mbi.RegionSize.

However, a strange thing happens: The loop runs twice successfully, and
then it

raise ctypes.WinError(ctypes.get_last_error())
OSError: [WinError 299] Only part of a ReadProcessMemory or
WriteProcessMemory request was completed.

Now, I know the problem is not with VirtualQueryEx, because if I comment out
the red part and just run VirtualQueryEx, it would actually skim through
all regions
without a single error.

The red part is the problem. I have tried to modify the loop.

Somehow, if I use this:

        index = current_address
        end = current_address + mbi.RegionSize - 7

Where the end is less by 7, the loop would not pop any error and it would
the loop

What did I do wrong?


>code starts

current_address = sysinfo.lpMinimumApplicationAddress
end_address = sysinfo.lpMaximumApplicationAddress

while current_address < end_address:
    Kernel32.VirtualQueryEx(Process, \
    current_address, ctypes.byref(mbi),ctypes.sizeof(mbi))

    if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT :
        print('This region can be scanned!')
        index = current_address
        end = current_address + mbi.RegionSize

        while index < end:
            if ReadProcessMemory(Process, index, ctypes.byref(buffer), \
                ## value comparison to be implemented.
                    raise ctypes.WinError(ctypes.get_last_error())

            index += 1

    current_address += mbi.RegionSize

More information about the Tutor mailing list