From Yann.Schoeni at moutier.ch Fri Oct 6 06:51:52 2017 From: Yann.Schoeni at moutier.ch (Schoeni, Yann) Date: Fri, 6 Oct 2017 10:51:52 +0000 Subject: [python-win32] Question about Python script Message-ID: <5304531adbb3421882fce95c2c56c074@moutier.ch> Hello, I've recently start to work with Python. I'm developing a managment software for a swimming pool, this software needs to print stuff directly from the website. I'm using Ajax request and shell exec to call a Python script which launch the print job. The script to print an image works fine with a standard printer but, I've to print on a card printer (FARGO-DTC1250e). When I launch a print job from the website, the python script launch the job on the printer, that's ok. The probleme is that I have a substantial quality deterioration .. The image printed on the card looks bad. I first thought it was because of the DPI which was incorrectly configurated but I've type : printer_dpi = hDC.GetDeviceCaps (LOGPIXELSX), hDC.GetDeviceCaps (LOGPIXELSY) And I get (300, 300) which is correct. I'm sure the problem is about the Python script, I've tried to start the print job directly from Windows, the image quality is perfect. I don't know anymore where to search, eventually when the script draw the image ? In this part of the code ? dib = ImageWin.Dib (bmp) scaled_width, scaled_height = [int (scale * i) for i in bmp.size] x1 = int ((printer_size[0] - scaled_width) / 2) y1 = int ((printer_size[1] - scaled_height) / 2) x2 = x1 + scaled_width y2 = y1 + scaled_height dib.draw (hDC.GetHandleOutput (), (x1, y1, x2, y2)) I hope you'll have the time to help me. Best wishes :) Yann Schoeni Municipalit? de Moutier Apprenti informaticien T?l. +41 (0)32 494 11 69 Mob. +41 (0)79 827 30 86 E-mail yann.schoeni at moutier.ch -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Fri Oct 6 16:24:44 2017 From: timr at probo.com (Tim Roberts) Date: Fri, 6 Oct 2017 13:24:44 -0700 Subject: [python-win32] Question about Python script In-Reply-To: <5304531adbb3421882fce95c2c56c074@moutier.ch> References: <5304531adbb3421882fce95c2c56c074@moutier.ch> Message-ID: <6928e1eb-9199-7813-45c9-5ca67cae22ec@probo.com> Schoeni, Yann wrote: > > I?ve recently start to work with Python. > > ? > > I?m developing a managment software for a swimming pool, this software > needs to print stuff directly from the website. > > ? > > I?m using Ajax request and shell exec to call a Python script which > launch the print job. > Now, do you understand that this will print on the machine where the web server runs, NOT the web browser?? Many people, when they click on a "print" button, expect it to print on their local machine, where they clicked.? Since you have already had results, I assume you are aware of this. > The script to print an image works fine with a standard printer but, > I?ve to print on a card printer (FARGO-DTC1250^e ). > > ? > > When I launch a print job from the website, the python script launch > the job on the printer, that?s ok. > > ? > > The probleme is that I have a substantial quality deterioration ..The > image printed on the card looks bad. > Can you show us an example? Do you see the whole image, approximately scaled, but at poor resolution?? Have you tried doing other graphics to see if it really is a pixel count issue?? Like, if you draw a rectangle 100x100 pixels, does it really appear to be 1/3"? > I?m sure the problem is about the Python script, I?ve tried to start > the print job directly from Windows, the image quality is perfect. > When you say "start the print job directly from Windows", what do you mean?? Do you mean, through some mechanism other than the Python script? > ? > > I don?t know anymore where to search, eventually when the script draw > the image?? In this part of the code?? > > ? > > dib = ImageWin.Dib (bmp) > scaled_width, scaled_height = [int (scale * i) fori inbmp.size] > x1 = int ((printer_size[0]- scaled_width) / 2) > y1 = int ((printer_size[1]- scaled_height) / 2) > x2 = x1 + scaled_width > y2 = y1 + scaled_height > dib.draw (hDC.GetHandleOutput (), (x1, y1, x2, y2)) > This is probably relying on the printer's driver to do the image resizing, and many printer drivers don't do a good job.? You may need to scale the image using other PIL features and send a correctly-sized bitmap to the printer. -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From mc at mclaveau.com Sat Oct 7 03:52:58 2017 From: mc at mclaveau.com (mc@mclaveau) Date: Sat, 7 Oct 2017 09:52:58 +0200 Subject: [python-win32] Question about Python script In-Reply-To: <5304531adbb3421882fce95c2c56c074@moutier.ch> References: <5304531adbb3421882fce95c2c56c074@moutier.ch> Message-ID: <80b41830-8393-4020-eec7-a09f82a1c855@mclaveau.com> Le 06/10/2017 ? 12:51, Schoeni, Yann a ?crit?: > > Hello, > > I?ve recently start to work with Python. > > I?m developing a managment software for a swimming pool, this software > needs to print stuff directly from the website. > > I?m using Ajax request and shell exec to call a Python script which > launch the print job. > > The script to print an image works fine with a standard printer but, > I?ve to print on a card printer (FARGO-DTC1250^e ). > > When I launch a print job from the website, the python script launch > the job on the printer, that?s ok. > > The probleme is that I have a substantial quality deterioration ..The > image printed on the card looks bad. > > I first thought it was because of the DPI which was incorrectly > configurated but?I?ve type?: > > printer_dpi = hDC.GetDeviceCaps (LOGPIXELSX), hDC.GetDeviceCaps > (LOGPIXELSY) > > And I get (300, 300) which is correct. > > I?m sure the problem is about the Python script, I?ve tried to start > the print job directly from Windows, the image quality is perfect. > > I don?t know anymore where to search, eventually when the script draw > the image?? In this part of the code?? > > dib = ImageWin.Dib (bmp) > scaled_width, scaled_height = [int (scale * i) fori inbmp.size] > x1 = int ((printer_size[0]- scaled_width) / 2) > y1 = int ((printer_size[1]- scaled_height) / 2) > x2 = x1 + scaled_width > y2 = y1 + scaled_height > dib.draw (hDC.GetHandleOutput (), (x1, y1, x2, y2)) > > I hope you?ll have the time to help me. > > Best wishes J > > ** > > *Yann Schoeni* > > *Municipalit? de Moutier * > > Apprenti informaticien > > T?l. +41 (0)32 494 11 69 > > Mob. +41 (0)79?827 30 86 > > E-mail yann.schoeni at moutier.ch > > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 Bonjour ! Ce qui me g?ne un peu, ce sont les SCALE pour impression. Surtout que la d?finition (r?solution) de l'image peut alors changer. Je vous sugg?re d'utiliser une imprimante PDF (comme doPDF ou PDFcreator) pour mettre au point le script, puis de changer d'imprimante lorsque tout fonctionnera correctement. Une autre id?e de solution, c'est de cr?er un PDF (par exemple avec ReportLAB PDF toolkit), puis de l'imprimer ? la vol?e. Il est aussi possible de piloter Word. @-salutations -- -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sign-styloplume.GIF Type: image/gif Size: 9129 bytes Desc: not available URL: From damien at dcpendleton.plus.com Sun Oct 8 10:43:45 2017 From: damien at dcpendleton.plus.com (Damien Sykes-Lindley) Date: Sun, 8 Oct 2017 15:43:45 +0100 Subject: [python-win32] Multiple versions of Python Message-ID: <74F34C9D2F234B4EADD89810EB75F2A3@Psycheman> Hi, Is there any documentation I need to look at if I intend to use Python 2 and 3 on the same Windows machine? Specifically, how to switch versions, how to install things with Pip without causing conflicts etc. I can find such notes describing its use on a Linux system, but nothing for Windows. I understand they can at least coexist on the same machine without issues (thanks to different pathnames etc), but beyond that I haven?t a clue. Cheers. Damien. -------------- next part -------------- An HTML attachment was scrubbed... URL: From denis.akhiyarov at gmail.com Sun Oct 8 11:02:29 2017 From: denis.akhiyarov at gmail.com (Denis Akhiyarov) Date: Sun, 8 Oct 2017 10:02:29 -0500 Subject: [python-win32] Multiple versions of Python In-Reply-To: <74F34C9D2F234B4EADD89810EB75F2A3@Psycheman> References: <74F34C9D2F234B4EADD89810EB75F2A3@Psycheman> Message-ID: This is pywin32 mailing list, but generally you can use virtualenv or conda environments to manage your multiple Python versions from the command-line. Note that PTVS provides convenient ways to add multiple environments to the same Python project from Visual Studio user interface. In essence all these tools rely on "shadowing" the inactive Python paths by prepending active Python paths to the %PATH% environment variable. On Sun, Oct 8, 2017 at 9:43 AM, Damien Sykes-Lindley < damien at dcpendleton.plus.com> wrote: > Hi, > Is there any documentation I need to look at if I intend to use Python 2 > and 3 on the same Windows machine? Specifically, how to switch versions, > how to install things with Pip without causing conflicts etc. > I can find such notes describing its use on a Linux system, but nothing > for Windows. > I understand they can at least coexist on the same machine without issues > (thanks to different pathnames etc), but beyond that I haven?t a clue. > Cheers. > Damien. > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vernondcole at gmail.com Sun Oct 8 12:43:40 2017 From: vernondcole at gmail.com (Vernon D. Cole) Date: Sun, 8 Oct 2017 10:43:40 -0600 Subject: [python-win32] Multiple versions of Python In-Reply-To: References: <74F34C9D2F234B4EADD89810EB75F2A3@Psycheman> Message-ID: Damine: The answer provided by Denis was correct, but is most helpful only in environments where you are developing projects with different prerequisite requirements. For that, you will want to use the Python virtual environment package, aided by virtualenvwrappor. I also highly recommend PyCharm which has built-in support for both. If you already have a license for Visual Studio, PTVS works too. But in the general case, you may not need all that. The tool to do what you ask is built in an ships with all recent versions of Python3 for windows. It is the excellent Python louncher for Windows. You install all the versions of Python you want side-by-side in the normal manner. If you are running Jython or IronPython you will need to edit a configuration file, but for any version of CPython, it just works. If I recall correctly (I am typing this from my Ubuntu machine) the command to run pip for your Python 2.6 installation would be... > py 2.6 -m pip install romanclass On Sun, Oct 8, 2017 at 9:02 AM, Denis Akhiyarov wrote: > This is pywin32 mailing list, but generally you can use virtualenv or > conda environments to manage your multiple Python versions from the > command-line. Note that PTVS provides convenient ways to add multiple > environments to the same Python project from Visual Studio user interface. > In essence all these tools rely on "shadowing" the inactive Python paths > by prepending active Python paths to the %PATH% environment variable. > > On Sun, Oct 8, 2017 at 9:43 AM, Damien Sykes-Lindley < > damien at dcpendleton.plus.com> wrote: > >> Hi, >> Is there any documentation I need to look at if I intend to use Python 2 >> and 3 on the same Windows machine? Specifically, how to switch versions, >> how to install things with Pip without causing conflicts etc. >> I can find such notes describing its use on a Linux system, but nothing >> for Windows. >> I understand they can at least coexist on the same machine without issues >> (thanks to different pathnames etc), but beyond that I haven?t a clue. >> Cheers. >> Damien. >> >> _______________________________________________ >> python-win32 mailing list >> python-win32 at python.org >> https://mail.python.org/mailman/listinfo/python-win32 >> >> > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mhammond at skippinet.com.au Mon Oct 9 02:51:34 2017 From: mhammond at skippinet.com.au (Mark Hammond) Date: Mon, 9 Oct 2017 17:51:34 +1100 Subject: [python-win32] Moving pywin32 source from Sourceforge to Github Message-ID: Hi all, Sourceforge appears to be in its death throes, and with Python moving to git/github I've decided to do the same. I hope that this might encourage more contributors, particularly for better supporting PyPi/pip, creating wheels etc. Effective immediately, the new repo for pywin32 is https://github.com/mhammond/pywin32. At some stage I will cleanup the old HG repo (eg, possibly create a final checkin which removes all files and adds a readme pointer to github) and I'll move the existing relevant issues from sourceforge to github - although I looked briefly at "importing" all the old issues I don't think there's enough value in keeping some of the ancient issues around in github - they will still be available in sourceforge. I haven't yet decided what to do about distributing binaries, but it's likely I'll also use github for that and move the old binaries from sourceforge - but for now, all binaries are still available on sourceforge. Note also that I'm about to leave on a 4 week vacation, so most of this will not happen until I'm back, but I wanted to make this announcement before I left so any potential contributors can get started. Cheers, Mark From mail at timgolden.me.uk Mon Oct 9 04:55:09 2017 From: mail at timgolden.me.uk (Tim Golden) Date: Mon, 9 Oct 2017 09:55:09 +0100 Subject: [python-win32] Moving pywin32 source from Sourceforge to Github In-Reply-To: References: Message-ID: <45934bd5-e9db-9d6f-e903-e158257e05a8@timgolden.me.uk> On 09/10/2017 07:51, Mark Hammond wrote: > Hi all, > Sourceforge appears to be in its death throes, and with Python moving > to git/github I've decided to do the same. I hope that this might > encourage more contributors, particularly for better supporting > PyPi/pip, creating wheels etc. > > Effective immediately, the new repo for pywin32 is > https://github.com/mhammond/pywin32. > > At some stage I will cleanup the old HG repo (eg, possibly create a > final checkin which removes all files and adds a readme pointer to > github) and I'll move the existing relevant issues from sourceforge to > github - although I looked briefly at "importing" all the old issues I > don't think there's enough value in keeping some of the ancient issues > around in github - they will still be available in sourceforge. > > I haven't yet decided what to do about distributing binaries, but it's > likely I'll also use github for that and move the old binaries from > sourceforge - but for now, all binaries are still available on sourceforge. > > Note also that I'm about to leave on a 4 week vacation, so most of this > will not happen until I'm back, but I wanted to make this announcement > before I left so any potential contributors can get started. Thanks, Mark. I think that's good news overall. I don't know that it's been a showstopper, but SF has been a bit of a pain to navigate and use for some while now. Shame, but there it is. TJG PS The archives for this list appear to have stalled; I'll ping the postmaster From mysecretrobotfactory at gmail.com Mon Oct 16 15:55:01 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Mon, 16 Oct 2017 12:55:01 -0700 Subject: [python-win32] VirtualQueryEx/ReadProcessMemory Message-ID: Hi all, I am working on my own memory scanner. It uses Windows API, VirtualQueryEX and ReadProcessMemory. I am not sure I put down the following properly: I am sure Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, PID) ran properly, because it didn't return a 0. Then it's VirtualQueryEx: current_address = sysinfo.lpMinimumApplicationAddress end_address = sysinfo.lpMaximumApplicationAddress while current_address < end_address: Kernel32.VirtualQueryEx(Process, \ current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : print('This region can be scanned!') current_address += mbi.RegionSize Now, I think it run fine as well, because it didn't return 0 at all. Just to make sure, in the end of scanning for a region, I use current_address += mbi.RegionSize instead of current_address += mbi.RegionSize + 1 , Right? Lastly, ReadProcessMemory: 1st Question: The setup. buffer = ctypes.c_double() nread = SIZE_T() ReadProcessMemory(Process, i, ctypes.byref(buffer), ctypes.sizeof(buffer), ctypes.byref(nread)) I used ctypes.c_double() to determine the size of the buffer, so does this mean that the value I retrieve would be doubles? As in, I know I want to scan for double values, therefore what I do is what I did here, ask ReadProcessMemory to read 8 bytes at a time? Lastly, I don't understand this part about the memory: if I used VirtualQueryEx to find out if a region of memory is ok to scan, and it says it's ok, are the values in the region arranged like this: short,int,double,long,char, double, short in as in, random? I am asking this because, if it's random, then I'd have to run ReadProcessMemory by increasing the value of of my loop by ONE (1) at a time, like this for i in range(start_of_region, end_of_region, 1): ReadProcessMemory(Process, i, ctypes.byref(buffer), ctypes.sizeof(buffer), ctypes.byref(nread)) Is that correct? Thanks all! this is my scanner's full code : https://pastebin.com/bdq0afT0 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jclayt3 at gmail.com Sat Oct 14 07:18:30 2017 From: jclayt3 at gmail.com (Josh Clayton) Date: Sat, 14 Oct 2017 07:18:30 -0400 Subject: [python-win32] PyWin32 API Message-ID: To Whom it May Concern, I've been reading the documentation and had a question. How would I create a custom tag in the details tab of a file then set it, and read it? If creating it is not possible, would it then be possible just set an already existing tag and then read it? My end goal is to try and metatag a large group of files to avoid having to open them to read them. I'd rather just use a script to blast through 10,000 files and understand what files are in my folder structure. Thanks. Josh Clayton -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Mon Oct 16 17:54:22 2017 From: timr at probo.com (Tim Roberts) Date: Mon, 16 Oct 2017 14:54:22 -0700 Subject: [python-win32] VirtualQueryEx/ReadProcessMemory In-Reply-To: References: Message-ID: Michael C wrote: > > I am working on my own memory scanner. It uses Windows API, VirtualQueryEX > and ReadProcessMemory. I am not sure I put down the following properly: > > I am sure? > > Process = > Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, > PID) > > ran properly, because it didn't return a 0. Did you acquire the SeDebugPrivilege before calling? > Lastly, ReadProcessMemory: > > 1st Question: The setup. > > ? ? buffer = ctypes.c_double() > ? ? nread = SIZE_T() > > ReadProcessMemory(Process, i, ctypes.byref(buffer), > ctypes.sizeof(buffer), ctypes.byref(nread)) > > > I used ctypes.c_double() to determine the size of the buffer, so does > this mean > that the value I retrieve would be doubles? As in, I know I want to > scan for double > values, therefore what I do is what I did here, ask ReadProcessMemory to? > read 8 bytes at a time? That's a screwed up way of doing it.? If you want buffers of 8 bytes, then make a buffer of 8 bytes. > Lastly, I don't understand this part about the memory: > > if I used VirtualQueryEx to find out if a region of memory is ok to > scan, and it > says it's ok, are the values in the region arranged like this: > > short,int,double,long,char, double, short in > > as in, random? I have no idea what you're asking.? What you get back from ReadProcessMemory is an untyped set of bytes.? There is no way to find out anything about the type.? It might be strings, it might be machine code, it might be header info, it might be floats, it might be images.? It could be ANYTHING. > I am asking this because, if it's random, then I'd have to run > ReadProcessMemory > ?by increasing? the value of of my loop by ONE (1) at a time, like this? > > for i in range(start_of_region, end_of_region, 1): > ? ? ? ReadProcessMemory(Process, i, ctypes.byref(buffer), > ctypes.sizeof(buffer),? ? ? ? ? ? ?ctypes.byref(nread)) > > Is that correct? No.? What are you hoping to learn here? -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From mysecretrobotfactory at gmail.com Mon Oct 16 19:39:50 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Mon, 16 Oct 2017 16:39:50 -0700 Subject: [python-win32] VirtualQueryEx/ReadProcessMemory In-Reply-To: References: Message-ID: >>>Did you acquire the SeDebugPrivilege before calling? Eh, no. I don't know what that is! How do I get it? >>>That's a screwed up way of doing it. If you want buffers of 8 bytes, then make a buffer of 8 bytes. So like this? ReadProcessMemory(Process, i, ctypes.byref(buffer), 8, ctypes.byref(nread)) >>> I have no idea what you're asking. What you get back from ReadProcessMemory is an untyped set of bytes. There is no way to find out anything about the type. It might be strings, it might be machine code, it might be header info, it might be floats, it might be images. It could be ANYTHING. No. What are you hoping to learn here? Bummer... I thought with what I did, I was building a simple memory scanner. See, I thought with my ReadProcessMemory line I was retrieving values in the size of doubles. I thought by doing what I did, by reading 8 bytes at a time, (the size of doubles) I was effectively looking for values in my memory. I thought a for(start,end,8) would give me all the values of doubles since I believed that doubles exist in the memory in the positions of base, base+8, base+16, base+24, and so forth. failing that, at least for(start,end,1) would achieve the same thing. I would store the address containing the doubles I want in a list() called hit_pool. And then the incorrect values would be flushed out anyway, when I run a another run of comparing the address found with target value. like this for n in hit_pool: readprocessmemory(process, n, ctypes.byref(buffer), 8, ctypes.byref(nread)) Since the way I am reading the memory is not correct, could you tell me the correct way to do it? Thanks! On Mon, Oct 16, 2017 at 2:54 PM, Tim Roberts wrote: > Michael C wrote: > > > > I am working on my own memory scanner. It uses Windows API, > VirtualQueryEX > > and ReadProcessMemory. I am not sure I put down the following properly: > > > > I am sure > > > > Process = > > Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, > > PID) > > > > ran properly, because it didn't return a 0. > > Did you acquire the SeDebugPrivilege before calling? > > > Lastly, ReadProcessMemory: > > > > 1st Question: The setup. > > > > buffer = ctypes.c_double() > > nread = SIZE_T() > > > > ReadProcessMemory(Process, i, ctypes.byref(buffer), > > ctypes.sizeof(buffer), ctypes.byref(nread)) > > > > > > I used ctypes.c_double() to determine the size of the buffer, so does > > this mean > > that the value I retrieve would be doubles? As in, I know I want to > > scan for double > > values, therefore what I do is what I did here, ask ReadProcessMemory to > > read 8 bytes at a time? > > That's a screwed up way of doing it. If you want buffers of 8 bytes, > then make a buffer of 8 bytes. > > > > Lastly, I don't understand this part about the memory: > > > > if I used VirtualQueryEx to find out if a region of memory is ok to > > scan, and it > > says it's ok, are the values in the region arranged like this: > > > > short,int,double,long,char, double, short in > > > > as in, random? > > I have no idea what you're asking. What you get back from > ReadProcessMemory is an untyped set of bytes. There is no way to find > out anything about the type. It might be strings, it might be machine > code, it might be header info, it might be floats, it might be images. > It could be ANYTHING. > > > > I am asking this because, if it's random, then I'd have to run > > ReadProcessMemory > > by increasing the value of of my loop by ONE (1) at a time, like this > > > > for i in range(start_of_region, end_of_region, 1): > > ReadProcessMemory(Process, i, ctypes.byref(buffer), > > ctypes.sizeof(buffer), ctypes.byref(nread)) > > > > Is that correct? > > No. What are you hoping to learn here? > > -- > Tim Roberts, timr at probo.com > Providenza & Boekelheide, Inc. > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mysecretrobotfactory at gmail.com Mon Oct 16 20:06:09 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Mon, 16 Oct 2017 17:06:09 -0700 Subject: [python-win32] VirtualQueryEx/ReadProcessMemory In-Reply-To: References: Message-ID: I have a question Supposed by using Openprocess and VirtualQueryEx, I have the locations of all the memory the application is using, wouldn't this to be true? Say, a 8 byte data is somewhere in the region i am scanning. Ok, I know by scanning it like this for n in range(start,end,1) will read into another variable and mostly nothing, but unless a variable, that is, one number, can be truncated and exist in multiple locations like this double = 12345678 123 is at x001 45 is at x005 678 is at x010 unless a number can be broken up like that, wouldn't I, while use the silly 'increment by one' approach, actually luck out and get that value in it's actual position? On Mon, Oct 16, 2017 at 4:39 PM, Michael C wrote: > >>>Did you acquire the SeDebugPrivilege before calling? > > Eh, no. I don't know what that is! How do I get it? > > > > >>>That's a screwed up way of doing it. If you want buffers of 8 bytes, > then make a buffer of 8 bytes. > > So like this? > > ReadProcessMemory(Process, i, ctypes.byref(buffer), 8, ctypes.byref(nread)) > > >>> > I have no idea what you're asking. What you get back from > ReadProcessMemory is an untyped set of bytes. There is no way to find > out anything about the type. It might be strings, it might be machine > code, it might be header info, it might be floats, it might be images. > It could be ANYTHING. > No. What are you hoping to learn here? > > > Bummer... I thought with what I did, I was building a simple memory > scanner. > See, I thought with my ReadProcessMemory line I was retrieving values in > the size of doubles. > > I thought by doing what I did, by reading 8 bytes at a time, (the size of > doubles) I was effectively looking for values in my memory. I thought a > > for(start,end,8) > > would give me all the values of doubles since I believed that doubles > exist in the memory in the positions of base, base+8, base+16, base+24, > and so forth. > > failing that, at least > > for(start,end,1) > > would achieve the same thing. I would store the address containing the > doubles I want in a list() called hit_pool. And then the incorrect values > would be flushed out anyway, when I run a another run of comparing the > address found with target value. like this > > for n in hit_pool: > readprocessmemory(process, n, ctypes.byref(buffer), 8, > ctypes.byref(nread)) > > > > Since the way I am reading the memory is not correct, could you tell me > the correct way to do it? > > > Thanks! > > > > > > > > > > On Mon, Oct 16, 2017 at 2:54 PM, Tim Roberts wrote: > >> Michael C wrote: >> > >> > I am working on my own memory scanner. It uses Windows API, >> VirtualQueryEX >> > and ReadProcessMemory. I am not sure I put down the following properly: >> > >> > I am sure >> > >> > Process = >> > Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, >> > PID) >> > >> > ran properly, because it didn't return a 0. >> >> Did you acquire the SeDebugPrivilege before calling? >> >> > Lastly, ReadProcessMemory: >> > >> > 1st Question: The setup. >> > >> > buffer = ctypes.c_double() >> > nread = SIZE_T() >> > >> > ReadProcessMemory(Process, i, ctypes.byref(buffer), >> > ctypes.sizeof(buffer), ctypes.byref(nread)) >> > >> > >> > I used ctypes.c_double() to determine the size of the buffer, so does >> > this mean >> > that the value I retrieve would be doubles? As in, I know I want to >> > scan for double >> > values, therefore what I do is what I did here, ask ReadProcessMemory >> to >> > read 8 bytes at a time? >> >> That's a screwed up way of doing it. If you want buffers of 8 bytes, >> then make a buffer of 8 bytes. >> >> >> > Lastly, I don't understand this part about the memory: >> > >> > if I used VirtualQueryEx to find out if a region of memory is ok to >> > scan, and it >> > says it's ok, are the values in the region arranged like this: >> > >> > short,int,double,long,char, double, short in >> > >> > as in, random? >> >> I have no idea what you're asking. What you get back from >> ReadProcessMemory is an untyped set of bytes. There is no way to find >> out anything about the type. It might be strings, it might be machine >> code, it might be header info, it might be floats, it might be images. >> It could be ANYTHING. >> >> >> > I am asking this because, if it's random, then I'd have to run >> > ReadProcessMemory >> > by increasing the value of of my loop by ONE (1) at a time, like this >> > >> > for i in range(start_of_region, end_of_region, 1): >> > ReadProcessMemory(Process, i, ctypes.byref(buffer), >> > ctypes.sizeof(buffer), ctypes.byref(nread)) >> > >> > Is that correct? >> >> No. What are you hoping to learn here? >> >> -- >> Tim Roberts, timr at probo.com >> Providenza & Boekelheide, Inc. >> >> _______________________________________________ >> python-win32 mailing list >> python-win32 at python.org >> https://mail.python.org/mailman/listinfo/python-win32 >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Tue Oct 17 03:28:46 2017 From: timr at probo.com (Tim Roberts) Date: Tue, 17 Oct 2017 00:28:46 -0700 Subject: [python-win32] VirtualQueryEx/ReadProcessMemory In-Reply-To: References: Message-ID: <2AFABC66-78E3-482B-B152-F574C887871B@probo.com> On Oct 16, 2017, at 5:06 PM, Michael C wrote: > > Supposed by using Openprocess and VirtualQueryEx, I have the locations of all the memory the application is using, wouldn't this to be true? > > Say, a 8 byte data is somewhere in the region i am scanning. Ok, I know by scanning it like this > for n in range(start,end,1) > > will read into another variable and mostly nothing, but unless a variable, that is, one number, can be truncated and exist in multiple locations like this > > double = 12345678 You keep using the word "double". A "double" is a floating-point number. Are you actually referring to an 8-byte integer? > 123 is at x001 > 45 is at x005 > 678 is at x010 > > unless a number can be broken up like that, wouldn't I, while use the silly 'increment by one' approach, actually luck out and get that value in it's actual position? I can't tell what your x001 notation is trying to say. If you have the decimal value 12345678 stored somewhere in memory in a 64-bit value, the consecutive bytes in memory will look like this: 4E 61 BC 00 00 00 00 00 If you actually mean the floating point value 12345678.0, it will be stored in 8 bytes like this: 00 00 00 c0 29 8c 67 41 It will take you forever to search another process 8 bytes at a time. You're probably going to want to fetch a page at a time and scan the page locally. ? Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From timr at probo.com Tue Oct 17 03:44:31 2017 From: timr at probo.com (Tim Roberts) Date: Tue, 17 Oct 2017 00:44:31 -0700 Subject: [python-win32] VirtualQueryEx/ReadProcessMemory In-Reply-To: References: Message-ID: <671DCFCC-9B88-4B87-BB47-01787B4EBF26@probo.com> On Oct 16, 2017, at 4:39 PM, Michael C wrote: > > >>>Did you acquire the SeDebugPrivilege before calling? > > Eh, no. I don't know what that is! How do I get it? https://www.programcreek.com/python/example/80627/win32con.TOKEN_ADJUST_PRIVILEGES > >>>That's a screwed up way of doing it. If you want buffers of 8 bytes, > then make a buffer of 8 bytes. > > So like this? > > ReadProcessMemory(Process, i, ctypes.byref(buffer), 8, ctypes.byref(nread)) I would probably use ctypes.c_buffer to create the buffer. You can experiment by reading your own process before you start reading other processes. > Bummer... I thought with what I did, I was building a simple memory scanner. > See, I thought with my ReadProcessMemory line I was retrieving values in the size of doubles. > > I thought by doing what I did, by reading 8 bytes at a time, (the size of doubles) I was effectively looking for values in my memory. I thought a > > for(start,end,8) > > would give me all the values of doubles since I believed that doubles exist in the memory in the positions of base, base+8, base+16, base+24, and so forth. You would get the memory, 8 bytes at a time. 8-byte integers are often stored aligned on 8-byte boundaries, because it's slightly more efficient, but it's not required. It depends on what you're looking for, which you still haven't told us. > would achieve the same thing. I would store the address containing the doubles I want in a list() called hit_pool. And then the incorrect values would be flushed out anyway, when I run a another run of comparing the address found with target value. like this > > for n in hit_pool: > readprocessmemory(process, n, ctypes.byref(buffer), 8, ctypes.byref(nread)) Well, you wouldn't pass your "hit_pool" values to ReadProcessMemory. You would read the memory, then scan through it locally looking for your hit_pool. However, you'e always going to be fighting the language. This kind of low-level machine-dependent processing is always going to be much faster and easier to code in C or C++. ? Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Tue Oct 17 12:52:56 2017 From: timr at probo.com (Tim Roberts) Date: Tue, 17 Oct 2017 09:52:56 -0700 Subject: [python-win32] Question about Python script In-Reply-To: <6d030ddfd0324410a94c49072d0aad0b@moutier.ch> References: <66d1cf4ee2884a8894c0377f9c525a07@moutier.ch> <0d8286c7-1e22-f988-9b89-ab4bfc532ea8@probo.com> <6d030ddfd0324410a94c49072d0aad0b@moutier.ch> Message-ID: Schoeni, Yann wrote: > ? > > I don?t see anything about color depth in the script, do you think I > should define it somewhere?? > > ? > > I did this?to check that everything was correct before the image was > draw?: > > ? > > bmp = Image.open (file_name) > > print(bmp.mode) > > ? > > The return value is?: RGB > > In the PIL documentation I?ve found?: RGB?(3x8-bit pixels, true color) > > ? > > Which means 24-bits depth, correct?? > Correct. > Now I need to create the device context as a 24-bits. > > ? > > > i've done some research but, I didn?t find how to set the depth > color manually .. > > > ? > > > If I do?: > > > ? > > > NUMCOLORS = 0 > > > ? > > > hDC = win32.CreateDC() > > > hDC.CreatePrinterDC (printer_name) > > > colorDepth = hDC.GetDeviceCaps(NUMCOLORS) > > print("colorDepth : ", colorDepth); > > ? > > The return value is?: colorDepth?: 1539 > Where did you get "NUMCOLORS = 0"?? That's wrong: /* Device Parameters for GetDeviceCaps() */ #define DRIVERVERSION 0???? /* Device driver version??????????????????? */ #define TECHNOLOGY??? 2???? /* Device classification??????????????????? */ #define HORZSIZE????? 4???? /* Horizontal size in millimeters?????????? */ #define VERTSIZE????? 6???? /* Vertical size in millimeters???????????? */ #define HORZRES?????? 8???? /* Horizontal width in pixels?????????????? */ #define VERTRES?????? 10??? /* Vertical height in pixels??????????????? */ #define BITSPIXEL???? 12??? /* Number of bits per pixel???????????????? */ #define PLANES??????? 14??? /* Number of planes???????????????????????? */ #define NUMBRUSHES??? 16??? /* Number of brushes the device has???????? */ #define NUMPENS?????? 18??? /* Number of pens the device has??????????? */ #define NUMMARKERS??? 20??? /* Number of markers the device has???????? */ #define NUMFONTS????? 22??? /* Number of fonts the device has?????????? */ #define NUMCOLORS???? 24??? /* Number of colors the device supports???? */ etc So, your 1539 result says that the driver's version is 0x0603.? You don't need to hardcode these numbers at all.? Most Windows constants are in win32con.? Plus, the important number is BITSPIXEL.? If that is 8, then you can look at NUMCOLORS.? If it is not 8, then NUMCOLORS is not meaningful. ???? import win32con ???? print( hDC.GetDeviceCaps(win32con.BITSPIXEL)) ???? print( hDC.GetDeviceCaps(win32con.NUMCOLORS)) -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From forsridhar at gmail.com Wed Oct 18 03:44:12 2017 From: forsridhar at gmail.com (sridhar vr) Date: Wed, 18 Oct 2017 13:14:12 +0530 Subject: [python-win32] XLSM to CSV/XLS conversion Message-ID: Hi, Anyone can tell me, how I can convert XLSM to CSV/XLS using python. Best Sridhar -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Wed Oct 18 12:21:56 2017 From: timr at probo.com (Tim Roberts) Date: Wed, 18 Oct 2017 09:21:56 -0700 Subject: [python-win32] XLSM to CSV/XLS conversion In-Reply-To: References: Message-ID: sridhar vr wrote: > > Anyone can tell me, how I can convert XLSM to CSV/XLS using python. Not sure what you mean by CSV/XLS.? It's quite useful to convert XLSX to CSV, but I don't know why you'd want to automate XLSX to XLS conversion. For XLSX to CSV, there are two basic paths.? One is to use COM to control Excel itself, load the file, and do the save.? That's not too many lines of code, but it requires that you have Excel installed, and it takes time to launch the app. The other path is to use one of the existing Python packages to read Excel files directly. like openpyxl.? Check the list here: ??? http://www.python-excel.org/ -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From j.orponen at 4teamwork.ch Wed Oct 18 14:24:16 2017 From: j.orponen at 4teamwork.ch (Joni Orponen) Date: Wed, 18 Oct 2017 20:24:16 +0200 Subject: [python-win32] XLSM to CSV/XLS conversion In-Reply-To: References: Message-ID: On Wed, Oct 18, 2017 at 9:44 AM, sridhar vr wrote: > > Anyone can tell me, how I can convert XLSM to CSV/XLS using python. > I'm assuming you actually specifically mean XLSM. An Excel application dispatch object will have what you seek for evaluating in-cell VBA and the rest is just wrangling with security settings and following MSDN documentation. -- Joni Orponen -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Thu Oct 19 19:58:57 2017 From: timr at probo.com (Tim Roberts) Date: Thu, 19 Oct 2017 16:58:57 -0700 Subject: [python-win32] PyWin32 API In-Reply-To: References: Message-ID: Josh Clayton wrote: > > I've been reading the documentation and had a question.? > > How would I create a custom tag in the details tab of a file then set > it, and read it? > > If creating it is not possible, would it then be possible just set an > already existing tag and then read it? My end goal is to try and > metatag a large group of files to avoid having to open them to read > them.? I'd rather just use a script to blast through 10,000 files and > understand what files are in my folder structure. The answer is quite complicated. The Details tab in Explorer is exposing whatever metadata the underlying file format supports.? If you look at a JPG, for example, the JPG format has the ability to add "tags".? If you change the tag list while you're looking at that tab, Windows modifies the file to add that to the tag list in the JPG file.? Similar, a Word document supports metadata like "DocTitle" and "Author", and Explorer understand the Word file format and how to modify it.? There is no generic "hidden store" for these properties. You can get access to these properties using the Shell object model.? Theoretically, this should do it, but this returned "None" for all of the properties I tried.? I wish you luck.? If Tim Golden is listening, he may have a better idea. Note that the Shell.NameSpace API is one of the very few places in Windows where the path MUST be specified with backslashes.? It will not accept forward slashes. from win32com.client import Dispatch shell = Dispatch("Shell.Application") y = shell.NameSpace(r"c:\tmp\pvt") print( y.Title ) for z in y.Items(): ??? print( z.Path ) ??? print( z.ExtendedProperty("Author"), ??????????? z.ExtendedProperty("Date"), ??????????? z.ExtendedProperty("Tags")) -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From mysecretrobotfactory at gmail.com Thu Oct 19 20:50:53 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Thu, 19 Oct 2017 17:50:53 -0700 Subject: [python-win32] PyWin32 API In-Reply-To: References: Message-ID: I am wrestling with my life right now, but I'll post more hopefully by tomorrow. Also, I am trying to write my own 'Cheat Engine' or just a memory scanner in general, I am just looking for simple values such as a int or a double. Thanks for reponding! On Thu, Oct 19, 2017 at 4:58 PM, Tim Roberts wrote: > Josh Clayton wrote: > > > > I've been reading the documentation and had a question. > > > > How would I create a custom tag in the details tab of a file then set > > it, and read it? > > > > If creating it is not possible, would it then be possible just set an > > already existing tag and then read it? My end goal is to try and > > metatag a large group of files to avoid having to open them to read > > them. I'd rather just use a script to blast through 10,000 files and > > understand what files are in my folder structure. > > The answer is quite complicated. > > The Details tab in Explorer is exposing whatever metadata the underlying > file format supports. If you look at a JPG, for example, the JPG format > has the ability to add "tags". If you change the tag list while you're > looking at that tab, Windows modifies the file to add that to the tag > list in the JPG file. Similar, a Word document supports metadata like > "DocTitle" and "Author", and Explorer understand the Word file format > and how to modify it. There is no generic "hidden store" for these > properties. > > You can get access to these properties using the Shell object model. > Theoretically, this should do it, but this returned "None" for all of > the properties I tried. I wish you luck. If Tim Golden is listening, > he may have a better idea. > > Note that the Shell.NameSpace API is one of the very few places in > Windows where the path MUST be specified with backslashes. It will not > accept forward slashes. > > from win32com.client import Dispatch > shell = Dispatch("Shell.Application") > y = shell.NameSpace(r"c:\tmp\pvt") > print( y.Title ) > for z in y.Items(): > print( z.Path ) > print( z.ExtendedProperty("Author"), > z.ExtendedProperty("Date"), > z.ExtendedProperty("Tags")) > > -- > Tim Roberts, timr at probo.com > Providenza & Boekelheide, Inc. > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Fri Oct 20 14:16:02 2017 From: timr at probo.com (Tim Roberts) Date: Fri, 20 Oct 2017 11:16:02 -0700 Subject: [python-win32] PyWin32 API In-Reply-To: References: Message-ID: <047fd200-fbfa-59db-57b9-b2a83b5fa9a1@probo.com> Michael C wrote: > > I am wrestling with my life right now, but I'll post more hopefully by > tomorrow. > > Also, I am trying to write my own 'Cheat Engine' or just a memory > scanner in general,? > I am just looking for simple values such as a int or a double. Wrong thread. Here is C++ code that does what you asked, based on a StackExchange article that was trying to cheat on games by increasing the money level.? This one scans my gvim editor process looking for the "cpp" extension.? It finds several hundred occurrences: ??? https://pastebin.com/BbyrXxsf It's possible to convert that to Python, but you're using ctypes so much that you're basically writing C code in Python.? Further, Python doesn't worry about representations in memory.? If you're searching for a specific floating point value, then you need to know exactly how it was stored, bit for bit.? Is it single precision?? Double precision?? Scaled integer?? Are you sure? And if you do find the value, you can't change it unless you're sure it's not a false positive.? You're likely to find any 4-byte random value somewhere in a process, perhaps even as bytes of machine code.? You don't want to change it unless you're sure it's a numeric constant and not, say, a pointer. -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From mysecretrobotfactory at gmail.com Fri Oct 20 14:18:49 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Fri, 20 Oct 2017 11:18:49 -0700 Subject: [python-win32] PyWin32 API In-Reply-To: <047fd200-fbfa-59db-57b9-b2a83b5fa9a1@probo.com> References: <047fd200-fbfa-59db-57b9-b2a83b5fa9a1@probo.com> Message-ID: oops! Ok, I'll take a look, thanks! On Fri, Oct 20, 2017 at 11:16 AM, Tim Roberts wrote: > Michael C wrote: > > > > I am wrestling with my life right now, but I'll post more hopefully by > > tomorrow. > > > > Also, I am trying to write my own 'Cheat Engine' or just a memory > > scanner in general, > > I am just looking for simple values such as a int or a double. > > Wrong thread. > > Here is C++ code that does what you asked, based on a StackExchange > article that was trying to cheat on games by increasing the money > level. This one scans my gvim editor process looking for the "cpp" > extension. It finds several hundred occurrences: > https://pastebin.com/BbyrXxsf > > It's possible to convert that to Python, but you're using ctypes so much > that you're basically writing C code in Python. Further, Python doesn't > worry about representations in memory. If you're searching for a > specific floating point value, then you need to know exactly how it was > stored, bit for bit. Is it single precision? Double precision? Scaled > integer? Are you sure? > > And if you do find the value, you can't change it unless you're sure > it's not a false positive. You're likely to find any 4-byte random > value somewhere in a process, perhaps even as bytes of machine code. > You don't want to change it unless you're sure it's a numeric constant > and not, say, a pointer. > > -- > Tim Roberts, timr at probo.com > Providenza & Boekelheide, Inc. > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mysecretrobotfactory at gmail.com Fri Oct 20 15:54:24 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Fri, 20 Oct 2017 12:54:24 -0700 Subject: [python-win32] Quest for memory scanner Message-ID: Hello Tim, everyone: I actually have a semi-working scanner, but I can't figure out why it doesn't return nearly as many addresses as Cheat Engine does.(for scan run #1) Let's say I am scanning the Calculator that comes with Windows. Please have a look! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- import ctypes from ctypes.wintypes import WORD, DWORD, LPVOID import psutil import sys def main(): PID = int(input('enter PID')) target_value = int(input('new scan value')) # a simple list to contain all the addresses the code finds. hit_pool = list() # calls the function to scan the application's memory, and then returns # the addresses found to contain the target value, back into the list. hit_pool = First_scan(hit_pool, target_value, PID) # prints all the addresses to take a look. print(hit_pool) # calls the second scan function by passing it the hit_pool, and then # scan for the value present in the address, compare it with the new # target value, if they are differnt, the address is removed. while target_value != -999: target_value = int(input('new scan value')) hit_pool = Second_scan(hit_pool, target_value, PID) print('done.') ##print(hit_pool) def First_scan(hit_pool, target_value, PID): ############################################################### ############################################################### ############################################################### ## I think this part works properly! ############################################################### ############################################################### PVOID = LPVOID SIZE_T = ctypes.c_size_t # https://msdn.microsoft.com/en-us/library/aa383751#DWORD_PTR if ctypes.sizeof(ctypes.c_void_p) == ctypes.sizeof(ctypes.c_ulonglong): DWORD_PTR = ctypes.c_ulonglong elif ctypes.sizeof(ctypes.c_void_p) == ctypes.sizeof(ctypes.c_ulong): DWORD_PTR = ctypes.c_ulong class SYSTEM_INFO(ctypes.Structure): """https://msdn.microsoft.com/en-us/library/ms724958""" class _U(ctypes.Union): class _S(ctypes.Structure): _fields_ = (('wProcessorArchitecture', WORD), ('wReserved', WORD)) _fields_ = (('dwOemId', DWORD), # obsolete ('_s', _S)) _anonymous_ = ('_s',) _fields_ = (('_u', _U), ('dwPageSize', DWORD), ('lpMinimumApplicationAddress', LPVOID), ('lpMaximumApplicationAddress', LPVOID), ('dwActiveProcessorMask', DWORD_PTR), ('dwNumberOfProcessors', DWORD), ('dwProcessorType', DWORD), ('dwAllocationGranularity', DWORD), ('wProcessorLevel', WORD), ('wProcessorRevision', WORD)) _anonymous_ = ('_u',) LPSYSTEM_INFO = ctypes.POINTER(SYSTEM_INFO) Kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) Kernel32.GetSystemInfo.restype = None Kernel32.GetSystemInfo.argtypes = (LPSYSTEM_INFO,) sysinfo = SYSTEM_INFO() Kernel32.GetSystemInfo(ctypes.byref(sysinfo)) PROCESS_QUERY_INFORMATION = 0x0400 PROCESS_VM_READ = 0x0010 Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, PID) print('process:', Process) class MEMORY_BASIC_INFORMATION(ctypes.Structure): """https://msdn.microsoft.com/en-us/library/aa366775""" _fields_ = (('BaseAddress', PVOID), ('AllocationBase', PVOID), ('AllocationProtect', DWORD), ('RegionSize', SIZE_T), ('State', DWORD), ('Protect', DWORD), ('Type', DWORD)) mbi = MEMORY_BASIC_INFORMATION() print('VirtualQueryEx ran properly?',Kernel32.VirtualQueryEx(Process, \ sysinfo.lpMinimumApplicationAddress, ctypes.byref(mbi),ctypes.sizeof(mbi))) ############################################################### ############################################################### ############################################################### ## I think the following part has a bug ############################################################### ############################################################### ReadProcessMemory = Kernel32.ReadProcessMemory ## MEM_COMMIT = 0x00001000; PAGE_READWRITE = 0x04; ####### ####### ####### ####### IMPORTANT! I know I am supposed to initiate buffer ####### with something, but I can't work out what to put ####### down! buffer = ctypes.c_double() nread = SIZE_T() ####### ####### ####### ####### ##start = ctypes.c_void_p(mbi.BaseAddress) current_address = sysinfo.lpMinimumApplicationAddress end_address = sysinfo.lpMaximumApplicationAddress ####### ####### ####### ####### This is where the real memory scanning happens! # this variable keeps track of how many addresses have been found! hit_count = 0 while current_address < end_address: #### this line figures out if this chunk of memory can be scanned! Kernel32.VirtualQueryEx(Process, \ current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) #### this line figures out if this chunk of memory can be scanned! if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : print('This region can be scanned!') index = current_address end = current_address + mbi.RegionSize - 7 #### finally, the scanning part! for address in range(index, end, 1): if ReadProcessMemory(Process, address, ctypes.byref(buffer), \ ctypes.sizeof(buffer), ctypes.byref(nread)): #### compares the values to the target value #### I haven't worked out how to 'round' if buffer.value < (target_value + 1) and \ buffer.value > (target_value - 1): print(buffer, buffer.value, address, 'hit:', hit_count) hit_count += 1 #### add the address to the list! hit_pool.append(i) else: print('else happend.') input('program pause because ReadProcessMemory happened.') current_address += mbi.RegionSize print(hit_count) return hit_pool def Second_scan(hit_pool, target_value, PID): ############################################################### ############################################################### ############################################################### ## I think this part works properly! ############################################################### ############################################################### PVOID = LPVOID SIZE_T = ctypes.c_size_t # https://msdn.microsoft.com/en-us/library/aa383751#DWORD_PTR if ctypes.sizeof(ctypes.c_void_p) == ctypes.sizeof(ctypes.c_ulonglong): DWORD_PTR = ctypes.c_ulonglong elif ctypes.sizeof(ctypes.c_void_p) == ctypes.sizeof(ctypes.c_ulong): DWORD_PTR = ctypes.c_ulong class SYSTEM_INFO(ctypes.Structure): """https://msdn.microsoft.com/en-us/library/ms724958""" class _U(ctypes.Union): class _S(ctypes.Structure): _fields_ = (('wProcessorArchitecture', WORD), ('wReserved', WORD)) _fields_ = (('dwOemId', DWORD), # obsolete ('_s', _S)) _anonymous_ = ('_s',) _fields_ = (('_u', _U), ('dwPageSize', DWORD), ('lpMinimumApplicationAddress', LPVOID), ('lpMaximumApplicationAddress', LPVOID), ('dwActiveProcessorMask', DWORD_PTR), ('dwNumberOfProcessors', DWORD), ('dwProcessorType', DWORD), ('dwAllocationGranularity', DWORD), ('wProcessorLevel', WORD), ('wProcessorRevision', WORD)) _anonymous_ = ('_u',) LPSYSTEM_INFO = ctypes.POINTER(SYSTEM_INFO) Kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) Kernel32.GetSystemInfo.restype = None Kernel32.GetSystemInfo.argtypes = (LPSYSTEM_INFO,) sysinfo = SYSTEM_INFO() Kernel32.GetSystemInfo(ctypes.byref(sysinfo)) PROCESS_QUERY_INFORMATION = 0x0400 PROCESS_VM_READ = 0x0010 Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, PID) print('process:', Process) class MEMORY_BASIC_INFORMATION(ctypes.Structure): """https://msdn.microsoft.com/en-us/library/aa366775""" _fields_ = (('BaseAddress', PVOID), ('AllocationBase', PVOID), ('AllocationProtect', DWORD), ('RegionSize', SIZE_T), ('State', DWORD), ('Protect', DWORD), ('Type', DWORD)) mbi = MEMORY_BASIC_INFORMATION() print('VirtualQueryEx ran properly?',Kernel32.VirtualQueryEx(Process, \ sysinfo.lpMinimumApplicationAddress, ctypes.byref(mbi),ctypes.sizeof(mbi))) ############################################################### ############################################################### ############################################################### ## I think the following part has a bug ############################################################### ############################################################### ReadProcessMemory = Kernel32.ReadProcessMemory MEM_COMMIT = 0x00001000; PAGE_READWRITE = 0x04; ####### ####### ####### ####### IMPORTANT! I know I am supposed to initiate buffer ####### with something, but I can't work out what to put ####### down! buffer = ctypes.c_double() nread = SIZE_T() ####### ####### ####### ####### hit_count = 0 hit_pool_2 = list() for address in hit_pool: Kernel32.VirtualQueryEx(Process, \ address, ctypes.byref(mbi),ctypes.sizeof(mbi)) if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : print('This region can be scanned!') if ReadProcessMemory(Process, address, ctypes.byref(buffer), \ ctypes.sizeof(buffer), ctypes.byref(nread)): if buffer.value < (target_value + 1) and \ buffer.value > (target_value - 1): print(i,'OVERKILL!!!') hit_pool_2.append(address) else: print('else happend.') input('program pause because ReadProcessMemory happened.') else: '2nd run VirtualQueryEx error' hit_pool = hit_pool_2 print('Hit_pool', hit_pool) return hit_pool_2 main() From mysecretrobotfactory at gmail.com Fri Oct 20 17:16:01 2017 From: mysecretrobotfactory at gmail.com (Michael C) Date: Fri, 20 Oct 2017 14:16:01 -0700 Subject: [python-win32] Quest for memory scanner In-Reply-To: References: Message-ID: Oh I forgot to mention what sort of advise/help I am looking for. First, my target value to scan for is the amount gold/money in Fallout 2. Ok, the first_scan function caught plenty of the right values, but once I run second_scan to compare the addresses of those correct values, none of the addresses survived even one pass. I think this could be a reason: 1) somehow when I ran VirtualQueryEx, not all qualifying region were returned. I can prove that my code has this problem: I run Calculator from Window Accessory and then type 400, and '=' My code actually returns *zero* regions to be scanned. So I am definitely not getting all of them with my fallout 2, and *ANY* with the calculator. P.S. Tim, I tried to use buffer = ctypes.c_buffer to create my buffer, and it hasn't returned a problem. but I don't know what the difference is, perhaps you could point me to something? Thanks On Fri, Oct 20, 2017 at 12:54 PM, Michael C wrote: > Hello Tim, everyone: > > I actually have a semi-working scanner, but I can't figure out why it > doesn't return > nearly as many addresses as Cheat Engine does.(for scan run #1) Let's say > I am scanning the Calculator that comes with Windows. > > Please have a look! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Sat Oct 21 03:38:14 2017 From: timr at probo.com (Tim Roberts) Date: Sat, 21 Oct 2017 00:38:14 -0700 Subject: [python-win32] Quest for memory scanner In-Reply-To: References: Message-ID: <394EF526-9564-433F-8A7A-6D616430032B@probo.com> On Oct 20, 2017, at 12:54 PM, Michael C wrote: > > Hello Tim, everyone: > > I actually have a semi-working scanner, but I can't figure out why it doesn't return > nearly as many addresses as Cheat Engine does.(for scan run #1) Let's say I am scanning the Calculator that comes with Windows. The Windows calculator uses an arbitrary-precision math library to store its numbers. It does not store them as double-precision floats. You are only looking at PAGE_READWRITE memory. Processes also have read-only memory that you can scan, but not change. When I suggested using a buffer, what I meant is that you should allocate a buffer of about a megabyte, then read a megabyte at a time from the other process, and scan through that memory in your code. That's much faster than making millions and millions of kernel calls. You may not be aware of what goes on behind the scenes when you do ReadProcessMemory. At any given time, only one process at a time (per CPU) can have its memory space in the page tables, and if it's not in the page tables, it can't be accessed. Thus, when you call ReadProcessMemory, the kernel has to switch to that other process as if it were going to start running, load its page tables, copy the memory into kernel space, switch back to your process and load its page tables, copy the data back to you, then start you running again. That's a lot of overhead. ? Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From jclayt3 at gmail.com Fri Oct 20 10:58:21 2017 From: jclayt3 at gmail.com (Josh Clayton) Date: Fri, 20 Oct 2017 10:58:21 -0400 Subject: [python-win32] PyWin32 API In-Reply-To: References: Message-ID: Just following up since I have not heard back. Virus-free. www.avast.com <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Sat, Oct 14, 2017 at 7:18 AM, Josh Clayton wrote: > To Whom it May Concern, > > I've been reading the documentation and had a question. > > How would I create a custom tag in the details tab of a file then set it, > and read it? > > If creating it is not possible, would it then be possible just set an > already existing tag and then read it? My end goal is to try and metatag a > large group of files to avoid having to open them to read them. I'd rather > just use a script to blast through 10,000 files and understand what files > are in my folder structure. > > Thanks. > > Josh Clayton > -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Sun Oct 22 15:07:10 2017 From: timr at probo.com (Tim Roberts) Date: Sun, 22 Oct 2017 12:07:10 -0700 Subject: [python-win32] PyWin32 API In-Reply-To: References: Message-ID: On Oct 20, 2017, at 7:58 AM, Josh Clayton wrote: > > Just following up since I have not heard back. Heard back on what? I sent a long and detailed message on Thursday including demonstration code. ? Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. From henk.zevenhuizen at gmail.com Tue Oct 31 09:16:45 2017 From: henk.zevenhuizen at gmail.com (Henk Zevenhuizen) Date: Tue, 31 Oct 2017 14:16:45 +0100 Subject: [python-win32] os.remove not deleting a file Message-ID: Hi there, This is my first mail to this list and i have a huge problem. my os.remove(filename) is not working. i am running python27 32 bits on a windows 10 64 bits machine My piece of code (with debugging statements): raw_input('before...') print 73, (os.path.join(VERWERKTDIR, orgname)) if os.path.isfile(os.path.join(VERWERKTDIR, orgname)): os.remove(os.path.join(VERWERKTDIR, orgname)) raw_input('after...') print 'file removed' else: print 'no file present'' if there is a file to be removed i can see the print 'file removed' however the file is still there when i get the message : 'before' i can delete the file through windows explorer and with CTRL-Z i can restore the file then i press to continue the raw_input('before...') Then i get the message: "after", the file is still there and i cannot delete the through windows explorer (permission denied) the only way to delete the file is killing python I don't have the slightest idea where to look Has anyone any idea ?? thanks in advance Henk Zevenhuizen Holland -------------- next part -------------- An HTML attachment was scrubbed... URL: From pbychikhin at yahoo.com Tue Oct 31 11:13:39 2017 From: pbychikhin at yahoo.com (Pavel Bychikhin) Date: Tue, 31 Oct 2017 17:13:39 +0200 Subject: [python-win32] pythonservice.exe doesn't register Message-ID: Dear Community, I'm trying to register pythonservice.exe as it's said in the PyWin32 documentation, but getting errors: C:\Program Files\Python35\Lib\site-packages\win32>pythonservice.exe /register Registering the Python Service Manager... Registration failed as sys.winver is not available or not a string I'm using Python 3.5.3 amd64 on Windows 10, pywin32 distribution is pywin32-221.win-amd64-py3.5. Is something wrong with my OS, Python or PyWin32? Thanks in advance -- Best regards, Pavel From pbychikhin at yahoo.com Tue Oct 31 17:50:18 2017 From: pbychikhin at yahoo.com (Pavel Bychikhin) Date: Tue, 31 Oct 2017 23:50:18 +0200 Subject: [python-win32] pythonservice.exe doesn't register In-Reply-To: References: Message-ID: <41ad3e46-665a-4fb1-16bb-81aa8255d76f@yahoo.com> I wrote a simple service and it works. Registration doesn't seem to be needed. Sorry for silly question Best regards, Pavel Bychikhin -------- Original Message -------- *Subject: *pythonservice.exe doesn't register *From: *Pavel Bychikhin *To: *python-win32 at python.org *Date: *10/31/2017 5:13 PM > Dear Community, > > I'm trying to register pythonservice.exe as it's said in the PyWin32 > documentation, but getting errors: > > C:\Program Files\Python35\Lib\site-packages\win32>pythonservice.exe > /register > Registering the Python Service Manager... > Registration failed as sys.winver is not available or not a string > > I'm using Python 3.5.3 amd64 on Windows 10, pywin32 distribution is > pywin32-221.win-amd64-py3.5. > > Is something wrong with my OS, Python or PyWin32? > > Thanks in advance > -------------- next part -------------- An HTML attachment was scrubbed... URL: