from ctypes import *
kernel32 = windll.kernel32
msvcrt = cdll.msvcrt
def func_resolve(dll, function):
handle = kernel32.GetModuleHandleA(dll)
error = kernel32.GetLastError()
print "%d: %s" % (error, FormatError(error))
address = kernel32.GetProcAddress(handle, function)
error = kernel32.GetLastError()
print "%d: %s" % (error, FormatError(error))
kernel32.CloseHandle(handle)
return address
msvcrt.printf("printf\n")
printf_address = func_resolve("msvcrt", "printf")
getmodulehandle_address = func_resolve("kernel32", "getmodulehandlea")
这是x64 python。只是试图获取一些功能的地址。我在那里使用printf只是为了确保msvcrt已加载。当我执行时,我得到了这个:
0: The operation completed successfully.
126: The specified module could not be found.
6: The handle is invalid.
127: The specified procedure could not be found.
printf
为什么我获得了msvcrt的句柄而不是kernel32的句柄?既然我有正确的句柄,为什么GetProcessAdress() printf失败?如果我用x86 python执行它,它适用于printf(kernel32仍然失败)。这是否意味着ctypes只加载32位dll?如果有的话有加载64位的方法吗?