[Tutor] How do I scan memory for singles, doubles and so on?

2017-10-07 Thread Michael C
Hi all: I am working on a memory scanner, and the source code and output is as following: Now, I know why my buffer from read process memory looks like values such as "67108864" ; it's because I read into the buffer entire chunk of memory at a time, because I fed read process memory this:

Re: [Tutor] How do I scan memory for singles, doubles and so on?

2017-10-07 Thread Michael C
Or to put it better, I think, it's How do I set up ReadProcessMemory, so that it returns a double instead of 129819721. On Sat, Oct 7, 2017 at 2:00 PM, Michael C wrote: > Hi all: > > I am working on a memory scanner, and the source code and output is as >

Re: [Tutor] How do I scan memory for singles, doubles and so on?

2017-10-07 Thread Mats Wichmann
it might help if you mention what you are trying to do. if it is forensics, there a bunch of python tools in that area. your problem may already have solutions you could use. On October 7, 2017 3:00:25 PM MDT, Michael C wrote: >Hi all: > >I am working on a

Re: [Tutor] ctypes wintypes

2017-10-07 Thread Michael C
like this? buffer = ctypes.byref(ctypes.create_string_buffer(4)) On Fri, Oct 6, 2017 at 1:55 PM, eryk sun wrote: > On Fri, Oct 6, 2017 at 9:12 PM, Michael C > wrote: > > > > How do I create a buffer, or rather, is a buffer just a variable? >

Re: [Tutor] ctypes wintypes

2017-10-07 Thread Michael C
This is my updated version, it still doesn't work :( base = mbi.BaseAddress buffer = ctypes.c_int32() buffer_pointer = ctypes.byref(buffer) ReadProcessMemory = Kernel32.ReadProcessMemory if ReadProcessMemory(Process, base, buffer_pointer, mbi.RegionSize, None): print('buffer is:

Re: [Tutor] ctypes wintypes

2017-10-07 Thread Michael C
I think I pieced together what you have been helping me with, but this still raise a error I have been loosely following this guide: https://www.codeproject.com/articles/716227/csharp-how-to-scan-a-process-memory >code start. import ctypes from ctypes.wintypes import WORD, DWORD, LPVOID

Re: [Tutor] ctypes wintypes

2017-10-07 Thread Michael C
For this read process memory, if I am trying compose a LPCVOID lpBaseAddress, am I not making a variable that equals to mbi.BaseAddress, and then making a pointer pointing to it? start_address = mbi.BaseAddress LPCVOID = ctypes.byref(start_address) ? But I get this start =