[Tutor] ctypes wintypes
Michael C
mysecretrobotfactory at gmail.com
Fri Oct 6 18:05:42 EDT 2017
For this read process memory, if I am trying compose a LPCVOID
lpBaseAddress, am I not making a variable that equals to mbi.BaseAddress,
and then making a pointer pointing to it?
start_address = mbi.BaseAddress
LPCVOID = ctypes.byref(start_address)
?
But I get this
start = ctypes.byref(mbi.BaseAddress)
TypeError: byref() argument must be a ctypes instance, not 'int'
On Fri, Oct 6, 2017 at 2:53 PM, eryk sun <eryksun at gmail.com> wrote:
> On Fri, Oct 6, 2017 at 10:26 PM, Michael C
> <mysecretrobotfactory at gmail.com> wrote:
> >
> > base = mbi.BaseAddress
> > buffer = ctypes.c_int32()
> > buffer_pointer = ctypes.byref(buffer)
> > ReadProcessMemory = Kernel32.ReadProcessMemory
> >
> > if ReadProcessMemory(Process, base, buffer_pointer, mbi.RegionSize,
> None):
> > print('buffer is: ',buffer)
> > else:
> > raise ctypes.WinError(ctypes.get_last_error())
>
> If you need to read RegionSize bytes, then you have to allocate a
> buffer that's RegionSize bytes:
>
> buffer = ctypes.create_string_buffer(mbi.RegionSize)
>
> Or use a smaller buffer and loop until the total number of bytes read
> is RegionSize.
>
> Also, remember to check that the state is MEM_COMMIT. You cannot read
> an address range that's free or reserved. It must be committed, i.e.
> backed by physical storage.
>
More information about the Tutor
mailing list