[Tutor] How do I scan memory for singles, doubles and so on?
Michael C
mysecretrobotfactory at gmail.com
Sat Oct 7 22:38:55 EDT 2017
Oh I am trying to write my own memory scanner, because I thought the Cheat
Engine is pretty neat and I am just trying make one for myself.
Onto the problem, I think what happens with Readprocessmemory is that
BOOL WINAPI ReadProcessMemory(
_In_ HANDLE hProcess,
_In_ LPCVOID lpBaseAddress, _Out_ LPVOID lpBuffer,
_In_ SIZE_T nSize,
_Out_ SIZE_T *lpNumberOfBytesRead
);
for LPVOID lpbuffer, it should be a
buffer = ctypes.c_double
because i am trying to search for a double.
However, the interpreter gives me this:
ReadProcessMemory(Process, current_address, ctypes.byref(buffer), \
TypeError: byref() argument must be a ctypes instance, not
'_ctypes.PyCSimpleType'
so I am using
buffer = ctypes.c_uint()
instead. It returns things like "c_ulong(2006549856)" , though.
2nd, I believe _In_ SIZE_T nSize, means I tell the interpreter to read
that much
data, which means I can use this parameter to get doubles, which is what I
want!
However, I am using
ctypes.sizeof(buffer)
for it, so, I need either to change my buffer to a double, or to tell this
parameter to search for
doubles somehow.
Am I on the right track?
Thanks!
On Sat, Oct 7, 2017 at 6:58 PM, Mats Wichmann <mats at wichmann.us> wrote:
> it might help if you mention what you are trying to do. if it is
> forensics, there a bunch of python tools in that area. your problem may
> already have solutions you could use.
>
> On October 7, 2017 3:00:25 PM MDT, Michael C <mysecretrobotfactory at gmail.
> com> wrote:
> >Hi all:
> >
> >I am working on a memory scanner, and the source code and output is as
> >following:
> >
> >Now, I know why my buffer from read process memory looks like values
> >such
> >as "67108864" ; it's because I read into the buffer entire chunk of
> >memory
> >at a time, because I fed read process memory this: "mbi.RegionSize"
> >
> >Now, how do I read for values such as doubles?
> >I am guessing I need to use a for loop to scan for small bits of memory
> >chunk
> >at a time.
> >
> >Is there a way to do it?
> >
> >Thanks!
> >
> >
> >
> >
> >>output starts
> >
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(6385664)
> >buffer is: c_ulong(67108864)
> >buffer is: c_ulong(7761920)
> >buffer is: c_ulong(7798784)
> >buffer is: c_ulong(7872512)
> >buffer is: c_ulong(8007680)
> >buffer is: c_ulong(8044544)
> >buffer is: c_ulong(8069120)
> >buffer is: c_ulong(8216576)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(3976)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(1318755581)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(0)
> >buffer is: c_ulong(0)
> >
> >> code starts
> >
> >buffer = ctypes.c_uint()
> >nread = SIZE_T()
> >
> >start = ctypes.c_void_p(mbi.BaseAddress)
> >
> >ReadProcessMemory = Kernel32.ReadProcessMemory
> >
> >MEM_COMMIT = 0x00001000;
> >PAGE_READWRITE = 0x04;
> >
> >current_address = sysinfo.lpMinimumApplicationAddress
> >end_address = sysinfo.lpMaximumApplicationAddress
> >
> >while current_address < end_address:
> > Kernel32.VirtualQueryEx(Process, \
> > current_address, ctypes.byref(mbi),ctypes.sizeof(mbi))
> >
> > if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT :
> >
> > if ReadProcessMemory(Process, current_address,
> >ctypes.byref(buffer), \
> > ctypes.sizeof(buffer), ctypes.byref(nread)):
> > print('buffer is: ',buffer)
> > else:
> > raise ctypes.WinError(ctypes.get_last_error())
> >
> > current_address += mbi.RegionSize
> >_______________________________________________
> >Tutor maillist - Tutor at python.org
> >To unsubscribe or change subscription options:
> >https://mail.python.org/mailman/listinfo/tutor
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> Tutor maillist - Tutor at python.org
> To unsubscribe or change subscription options:
> https://mail.python.org/mailman/listinfo/tutor
>
More information about the Tutor
mailing list