Hi all:
I am working on a memory scanner, and the source code and output is as
following:
Now, I know why my buffer from read process memory looks like values such
as "67108864" ; it's because I read into the buffer entire chunk of memory
at a time, because I fed read process memory this:
Or to put it better, I think, it's
How do I set up ReadProcessMemory, so that it returns a double instead of
129819721.
On Sat, Oct 7, 2017 at 2:00 PM, Michael C
wrote:
> Hi all:
>
> I am working on a memory scanner, and the source code and output is as
>
it might help if you mention what you are trying to do. if it is forensics,
there a bunch of python tools in that area. your problem may already have
solutions you could use.
On October 7, 2017 3:00:25 PM MDT, Michael C
wrote:
>Hi all:
>
>I am working on a
like this?
buffer = ctypes.byref(ctypes.create_string_buffer(4))
On Fri, Oct 6, 2017 at 1:55 PM, eryk sun wrote:
> On Fri, Oct 6, 2017 at 9:12 PM, Michael C
> wrote:
> >
> > How do I create a buffer, or rather, is a buffer just a variable?
>
This is my updated version, it still doesn't work :(
base = mbi.BaseAddress
buffer = ctypes.c_int32()
buffer_pointer = ctypes.byref(buffer)
ReadProcessMemory = Kernel32.ReadProcessMemory
if ReadProcessMemory(Process, base, buffer_pointer, mbi.RegionSize, None):
print('buffer is:
I think I pieced together what you have been helping me with, but this
still raise a error
I have been loosely following this guide:
https://www.codeproject.com/articles/716227/csharp-how-to-scan-a-process-memory
>code start.
import ctypes
from ctypes.wintypes import WORD, DWORD, LPVOID
For this read process memory, if I am trying compose a LPCVOID
lpBaseAddress, am I not making a variable that equals to mbi.BaseAddress,
and then making a pointer pointing to it?
start_address = mbi.BaseAddress
LPCVOID = ctypes.byref(start_address)
?
But I get this
start =