Hi all: I am working on a memory scanner, and the source code and output is as following:
Now, I know why my buffer from read process memory looks like values such as "67108864" ; it's because I read into the buffer entire chunk of memory at a time, because I fed read process memory this: "mbi.RegionSize" Now, how do I read for values such as doubles? I am guessing I need to use a for loop to scan for small bits of memory chunk at a time. Is there a way to do it? Thanks! >output starts buffer is: c_ulong(0) buffer is: c_ulong(0) buffer is: c_ulong(6385664) buffer is: c_ulong(67108864) buffer is: c_ulong(7761920) buffer is: c_ulong(7798784) buffer is: c_ulong(7872512) buffer is: c_ulong(8007680) buffer is: c_ulong(8044544) buffer is: c_ulong(8069120) buffer is: c_ulong(8216576) buffer is: c_ulong(0) buffer is: c_ulong(0) buffer is: c_ulong(3976) buffer is: c_ulong(0) buffer is: c_ulong(0) buffer is: c_ulong(1318755581) buffer is: c_ulong(0) buffer is: c_ulong(0) buffer is: c_ulong(0) buffer is: c_ulong(0) > code starts buffer = ctypes.c_uint() nread = SIZE_T() start = ctypes.c_void_p(mbi.BaseAddress) ReadProcessMemory = Kernel32.ReadProcessMemory MEM_COMMIT = 0x00001000; PAGE_READWRITE = 0x04; current_address = sysinfo.lpMinimumApplicationAddress end_address = sysinfo.lpMaximumApplicationAddress while current_address < end_address: Kernel32.VirtualQueryEx(Process, \ current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : if ReadProcessMemory(Process, current_address, ctypes.byref(buffer), \ ctypes.sizeof(buffer), ctypes.byref(nread)): print('buffer is: ',buffer) else: raise ctypes.WinError(ctypes.get_last_error()) current_address += mbi.RegionSize _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor