it might help if you mention what you are trying to do. if it is forensics, there a bunch of python tools in that area. your problem may already have solutions you could use.
On October 7, 2017 3:00:25 PM MDT, Michael C <mysecretrobotfact...@gmail.com> wrote: >Hi all: > >I am working on a memory scanner, and the source code and output is as >following: > >Now, I know why my buffer from read process memory looks like values >such >as "67108864" ; it's because I read into the buffer entire chunk of >memory >at a time, because I fed read process memory this: "mbi.RegionSize" > >Now, how do I read for values such as doubles? >I am guessing I need to use a for loop to scan for small bits of memory >chunk >at a time. > >Is there a way to do it? > >Thanks! > > > > >>output starts > >buffer is: c_ulong(0) >buffer is: c_ulong(0) >buffer is: c_ulong(6385664) >buffer is: c_ulong(67108864) >buffer is: c_ulong(7761920) >buffer is: c_ulong(7798784) >buffer is: c_ulong(7872512) >buffer is: c_ulong(8007680) >buffer is: c_ulong(8044544) >buffer is: c_ulong(8069120) >buffer is: c_ulong(8216576) >buffer is: c_ulong(0) >buffer is: c_ulong(0) >buffer is: c_ulong(3976) >buffer is: c_ulong(0) >buffer is: c_ulong(0) >buffer is: c_ulong(1318755581) >buffer is: c_ulong(0) >buffer is: c_ulong(0) >buffer is: c_ulong(0) >buffer is: c_ulong(0) > >> code starts > >buffer = ctypes.c_uint() >nread = SIZE_T() > >start = ctypes.c_void_p(mbi.BaseAddress) > >ReadProcessMemory = Kernel32.ReadProcessMemory > >MEM_COMMIT = 0x00001000; >PAGE_READWRITE = 0x04; > >current_address = sysinfo.lpMinimumApplicationAddress >end_address = sysinfo.lpMaximumApplicationAddress > >while current_address < end_address: > Kernel32.VirtualQueryEx(Process, \ > current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) > > if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : > > if ReadProcessMemory(Process, current_address, >ctypes.byref(buffer), \ > ctypes.sizeof(buffer), ctypes.byref(nread)): > print('buffer is: ',buffer) > else: > raise ctypes.WinError(ctypes.get_last_error()) > > current_address += mbi.RegionSize >_______________________________________________ >Tutor maillist - Tutor@python.org >To unsubscribe or change subscription options: >https://mail.python.org/mailman/listinfo/tutor -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor