[Tutor] How do I scan memory for singles, doubles and so on?
Michael C
mysecretrobotfactory at gmail.com
Sat Oct 7 17:00:25 EDT 2017
Hi all:
I am working on a memory scanner, and the source code and output is as
following:
Now, I know why my buffer from read process memory looks like values such
as "67108864" ; it's because I read into the buffer entire chunk of memory
at a time, because I fed read process memory this: "mbi.RegionSize"
Now, how do I read for values such as doubles?
I am guessing I need to use a for loop to scan for small bits of memory
chunk
at a time.
Is there a way to do it?
Thanks!
>output starts
buffer is: c_ulong(0)
buffer is: c_ulong(0)
buffer is: c_ulong(6385664)
buffer is: c_ulong(67108864)
buffer is: c_ulong(7761920)
buffer is: c_ulong(7798784)
buffer is: c_ulong(7872512)
buffer is: c_ulong(8007680)
buffer is: c_ulong(8044544)
buffer is: c_ulong(8069120)
buffer is: c_ulong(8216576)
buffer is: c_ulong(0)
buffer is: c_ulong(0)
buffer is: c_ulong(3976)
buffer is: c_ulong(0)
buffer is: c_ulong(0)
buffer is: c_ulong(1318755581)
buffer is: c_ulong(0)
buffer is: c_ulong(0)
buffer is: c_ulong(0)
buffer is: c_ulong(0)
> code starts
buffer = ctypes.c_uint()
nread = SIZE_T()
start = ctypes.c_void_p(mbi.BaseAddress)
ReadProcessMemory = Kernel32.ReadProcessMemory
MEM_COMMIT = 0x00001000;
PAGE_READWRITE = 0x04;
current_address = sysinfo.lpMinimumApplicationAddress
end_address = sysinfo.lpMaximumApplicationAddress
while current_address < end_address:
Kernel32.VirtualQueryEx(Process, \
current_address, ctypes.byref(mbi),ctypes.sizeof(mbi))
if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT :
if ReadProcessMemory(Process, current_address,
ctypes.byref(buffer), \
ctypes.sizeof(buffer), ctypes.byref(nread)):
print('buffer is: ',buffer)
else:
raise ctypes.WinError(ctypes.get_last_error())
current_address += mbi.RegionSize
More information about the Tutor
mailing list