搜索记忆

时间:2016-11-28 22:12:34

标签: python python-3.x memory

我试图找出如何使用python.ctypes.windll扫描我的目标内存中的特定值的地址,如int n = 1232!我宣布了所有参数,但不知何故程序运行但不起作用。请看看!

#import modules
import ctypes
from ctypes import wintypes as w
from struct import *
from time import *
import datetime
import sys
import time

# PID of the target process whose to be scanned.
PID = 1234

#All the following is to set up some parameters to feed to
#Openprocess
#https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx
#and
#ReadProcessMemory
#https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553(v=vs.85).aspx
# and I am not sure I got it all right, please take a look
OpenProcess = ctypes.windll.kernel32.OpenProcess
OpenProcess.argtypes = [w.DWORD,w.BOOL,w.DWORD]
OpenProcess.restype = w.HANDLE
ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory
ReadProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID,
                              ctypes.c_size_t,ctypes.POINTER(ctypes.c_size_t)]
ReadProcessMemory.restype = w.BOOL

PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_READ = 0x0010


#Finally, acquire a handle from OpenProcess.
ph = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,False,int(PID))


#The following is to set up the parametes to feed to ReadProcessMemory.
#ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory!
#https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553(v=vs.85).aspx
#This part is problematic, since I am using python.ctypes so what I declare
#here could be error-prone
data = ctypes.create_string_buffer(4)
bufferSize = ctypes.sizeof(data)
bytesRead = ctypes.c_size_t(bufferSize)


#The range of memory space to be scanned through. I don't understand what are
#the appropriate values because I am only beginning to learn about memory
#scanning.
#Doesn't each process get its own memory space? Therefore do I simply give it
#0x000000 to 0xFFFFFF ?
address = 0x4000000
addresses_list = range(address,0x9000000,0x4)


#This is the part where the scanning takes place.
for i in addresses_list:
    ReadProcessMemory(ph, ctypes.c_void_p(i), data, bufferSize,
                      ctypes.byref(bytesRead))
    #Each i from the loop returns things like 0xNNNNNN, right?
    #somehow, that's not what I get.

    #Here, the value to be looked for: If looking for a number that is 1234,
    # make value == 1234
    if value == int(1234):
        #print the hit address.
        print(i)

0 个答案:

没有答案
相关问题
最新问题