[Tutor] windows specific: read process memory

[Michael C]

Hi all, I have a few questions about memory scanning!
The following code attempts to print out all addresses whose value is
int(-143)!

1. I am using a for loop to go through all the addresses! Is this the right
thing to do?
2. I feed the read process memory function with hex(i), correct?

3. I am a little bummed by what to put down for my buffer and buffer size,
is
what I did proper?

4. This is not in the code, but if I actually know the value I want in the
memory is
a Double, how do i modify my code to look at only doubles?

thanks all!

> code starts


User32 = ctypes.WinDLL('User32', use_last_error=True)
Kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
PROCESS_VM_READ = 0x0010
PID = 'given'


Process = Kernel32.OpenProcess(PROCESS_VM_READ, 0, PID)
ReadProcessMemory = Kernel32.ReadProcessMemory


buffer_size = 1000
buffer = ctypes.create_string_buffer(buffer_size)

# looking for the addresses where the values are -143, for example
# I used 10000000 as an abitrary number, I need to scan the entire
application
# memory space, but I am not sure how to acquire that value.

for i in range(1,10000000):
        if ReadProcessMemory(Process, hex(i), buffer, buffer_size, None):
            if float(buffer) == int(-143) :
                print(float(buffer))


print('Done.')