Python 64位,Ctypes ReadProcessMemory ERROR_PARTIAL_COPY,Windows 7 64位

时间:2013-03-04 17:04:00

标签: python windows-7 64-bit readprocessmemory

我的例子基于“Gray Hat Python”一书(http://expect-us.net/files/Gray%20Hat%20Python%20=rwt911=.pdf

有一个小例子应用printf_loop:

from ctypes import *
import time

msvcrt = cdll.msvcrt
counter = 0

while True:
    msvcrt.printf("Loop iteration %d!\n" % counter)
    time.sleep(2)
    counter += 1

现在我正在尝试获取此应用程序中使用的printf的地址。但是我的ReadProcessMemory调用总是返回ERROR_PARTIAL_COPY。

def read_process_memory(self, address, length):
    data = ""
    read_buff = create_string_buffer(length)
    count = c_ulong(0)
    if not kernel32.ReadProcessMemory(self.h_process, address, read_buff, length, byref(count)):
        print "[*] Error Code: 0x%08x" % kernel32.GetLastError()
        print read_buff.raw
        return False
    else:
        data += read_buff.raw
        return data

我在以下函数中获取地址,其中dll ='msvcrt.dll'和function ='printf':

 def func_resolve(self, dll, function):
    handle = c_void_p()
    kernel32.GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, dll, byref(handle))
    address = kernel32.GetProcAddress(handle, function)
    kernel32.CloseHandle(handle)

    return address

你有什么建议我无法阅读内存吗?

0 个答案:

没有答案
相关问题
最新问题