[Tutor] ctypes wintypes
eryk sun
eryksun at gmail.com
Fri Oct 6 15:03:48 EDT 2017
On Fri, Oct 6, 2017 at 7:43 PM, Michael C
<mysecretrobotfactory at gmail.com> wrote:
> Sorry but I dont understand this line:
>
> mbi = MEMORY_BASIC_INFORMATION()
>
> This creates a instance of the class?
Yes, and this allocates sizeof(MEMORY_BASIC_INFORMATION) bytes at
addressof(mbi), which you pass to a function by reference via
byref(mbi).
> Also, I thought with VirtualQueryEx, what you need for it
> is a handle, which I acquire from this
> Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,
> False, PID)
My example called VirtualQuery, not VirtualQueryEx. Internally
VirtualQuery calls VirtualQueryEx using the pseudo handle
(HANDLE)(-1), which refers to the current process.
> and then feed it to the function like so:
>
> VirtualQuery(Process, ctypes.byref(mbi), ctypes.sizeof(mbi))
>
> I know it doesn't work. But what are these lines for? They don't look like
> handle to me:
>
> VirtualQuery = kernel32.VirtualQuery
> VirtualQuery.restype = SIZE_T
> VirtualQuery.argtypes = (LPVOID, PMEMORY_BASIC_INFORMATION, SIZE_T)
In the above, I'm setting the function pointer's argtypes attribute to
the types of the 3 parameters that VirtualQuery takes: the target
address (i.e. LPVOID), a pointer to the buffer (i.e.
PMEMORY_BASIC_INFORMATION), and the size of the buffer (SIZE_T). This
is to allow ctypes to correctly check and convert arguments passed to
the function.
VirtualQueryEx has four parameters, starting with the handle to the
target process, hProcess. The remaining 3 are the same as
VirtualQuery.
More information about the Tutor
mailing list