Hi all:
How do I create a buffer, or rather, is a buffer just a variable?
How do I create a pointer to it?
This code ran fine (thanks to you, Eryk, I now know about how to work
VirtualQueryEx work)
until when I ran the read process memory part.
I think I am not feeding the function properly.
Please look at the red part of this code
Thanks!
>code starts here
mbi = MEMORY_BASIC_INFORMATION()
sysinfo.lpMinimumApplicationAddress
print('VirtualQueryEx ran properly?',Kernel32.VirtualQueryEx(Process, \
sysinfo.lpMinimumApplicationAddress,
ctypes.byref(mbi),ctypes.sizeof(mbi)))
print('')
print('mbi start')
print('mbi.BaseAddress: ',mbi.BaseAddress)
print('mbi.AllocationBase: ',mbi.AllocationBase)
print('mbi.AllocationProtect: ',mbi.AllocationProtect)
print('mbi.RegionSize: ',mbi.RegionSize)
print('mbi.State: ',mbi.State)
print('mbi.Protect: ', mbi.Protect)
print('mbi.Type: ',mbi.Type)
buffer = ctypes.create_string_buffer(4)
bufferSize = (ctypes.sizeof(buffer))
ReadProcessMemory = Kernel32.ReadProcessMemory
if ReadProcessMemory(Process, ctypes.byref(mbi), buffer, bufferSize, None):
print('buffer is: ',buffer)
else:
print('something is wrong')
On Fri, Oct 6, 2017 at 12:03 PM, eryk sun <eryk...@gmail.com> wrote:
> On Fri, Oct 6, 2017 at 7:43 PM, Michael C
> <mysecretrobotfact...@gmail.com> wrote:
> > Sorry but I dont understand this line:
> >
> > mbi = MEMORY_BASIC_INFORMATION()
> >
> > This creates a instance of the class?
>
> Yes, and this allocates sizeof(MEMORY_BASIC_INFORMATION) bytes at
> addressof(mbi), which you pass to a function by reference via
> byref(mbi).
>
> > Also, I thought with VirtualQueryEx, what you need for it
> > is a handle, which I acquire from this
> > Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_
> READ,
> > False, PID)
>
> My example called VirtualQuery, not VirtualQueryEx. Internally
> VirtualQuery calls VirtualQueryEx using the pseudo handle
> (HANDLE)(-1), which refers to the current process.
>
> > and then feed it to the function like so:
> >
> > VirtualQuery(Process, ctypes.byref(mbi), ctypes.sizeof(mbi))
> >
> > I know it doesn't work. But what are these lines for? They don't look
> like
> > handle to me:
> >
> > VirtualQuery = kernel32.VirtualQuery
> > VirtualQuery.restype = SIZE_T
> > VirtualQuery.argtypes = (LPVOID, PMEMORY_BASIC_INFORMATION, SIZE_T)
>
> In the above, I'm setting the function pointer's argtypes attribute to
> the types of the 3 parameters that VirtualQuery takes: the target
> address (i.e. LPVOID), a pointer to the buffer (i.e.
> PMEMORY_BASIC_INFORMATION), and the size of the buffer (SIZE_T). This
> is to allow ctypes to correctly check and convert arguments passed to
> the function.
>
> VirtualQueryEx has four parameters, starting with the handle to the
> target process, hProcess. The remaining 3 are the same as
> VirtualQuery.
>
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor
