I am following some examples online such as this one: https://social.msdn.microsoft.com/Forums/vstudio/en-US/ce0cc398-2b96-4688-b8a4-b5f4c9ebc064/memory-searcher-with-virtualqueryex-and-readprocessmemory?forum=vclanguage
i think I got most of it right, so this following part is what I would like you to look at: DWORD read = 0; LPVOID buffer = 0 (ReadProcessMemory(hackProcess, (void*)start, &buffer, sizeof(int), &read) So, what's the Python equivalent statements for sizeof(int) ? On Sat, Oct 7, 2017 at 7:38 PM, Michael C <mysecretrobotfact...@gmail.com> wrote: > Oh I am trying to write my own memory scanner, because I thought the Cheat > Engine is pretty neat and I am just trying make one for myself. > > Onto the problem, I think what happens with Readprocessmemory is that > > BOOL WINAPI ReadProcessMemory( > _In_ HANDLE hProcess, > _In_ LPCVOID lpBaseAddress, _Out_ LPVOID lpBuffer, > _In_ SIZE_T nSize, > _Out_ SIZE_T *lpNumberOfBytesRead > ); > > > for LPVOID lpbuffer, it should be a > > buffer = ctypes.c_double > > because i am trying to search for a double. > However, the interpreter gives me this: > > ReadProcessMemory(Process, current_address, ctypes.byref(buffer), \ > TypeError: byref() argument must be a ctypes instance, not > '_ctypes.PyCSimpleType' > > > so I am using > buffer = ctypes.c_uint() > instead. It returns things like "c_ulong(2006549856)" , though. > > 2nd, I believe _In_ SIZE_T nSize, means I tell the interpreter to read > that much > data, which means I can use this parameter to get doubles, which is what I > want! > > However, I am using > > ctypes.sizeof(buffer) > > for it, so, I need either to change my buffer to a double, or to tell this > parameter to search for > doubles somehow. > > > Am I on the right track? > > > Thanks! > > > > On Sat, Oct 7, 2017 at 6:58 PM, Mats Wichmann <m...@wichmann.us> wrote: > >> it might help if you mention what you are trying to do. if it is >> forensics, there a bunch of python tools in that area. your problem may >> already have solutions you could use. >> >> On October 7, 2017 3:00:25 PM MDT, Michael C < >> mysecretrobotfact...@gmail.com> wrote: >> >Hi all: >> > >> >I am working on a memory scanner, and the source code and output is as >> >following: >> > >> >Now, I know why my buffer from read process memory looks like values >> >such >> >as "67108864" ; it's because I read into the buffer entire chunk of >> >memory >> >at a time, because I fed read process memory this: "mbi.RegionSize" >> > >> >Now, how do I read for values such as doubles? >> >I am guessing I need to use a for loop to scan for small bits of memory >> >chunk >> >at a time. >> > >> >Is there a way to do it? >> > >> >Thanks! >> > >> > >> > >> > >> >>output starts >> > >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(6385664) >> >buffer is: c_ulong(67108864) >> >buffer is: c_ulong(7761920) >> >buffer is: c_ulong(7798784) >> >buffer is: c_ulong(7872512) >> >buffer is: c_ulong(8007680) >> >buffer is: c_ulong(8044544) >> >buffer is: c_ulong(8069120) >> >buffer is: c_ulong(8216576) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(3976) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(1318755581) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(0) >> >buffer is: c_ulong(0) >> > >> >> code starts >> > >> >buffer = ctypes.c_uint() >> >nread = SIZE_T() >> > >> >start = ctypes.c_void_p(mbi.BaseAddress) >> > >> >ReadProcessMemory = Kernel32.ReadProcessMemory >> > >> >MEM_COMMIT = 0x00001000; >> >PAGE_READWRITE = 0x04; >> > >> >current_address = sysinfo.lpMinimumApplicationAddress >> >end_address = sysinfo.lpMaximumApplicationAddress >> > >> >while current_address < end_address: >> > Kernel32.VirtualQueryEx(Process, \ >> > current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) >> > >> > if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : >> > >> > if ReadProcessMemory(Process, current_address, >> >ctypes.byref(buffer), \ >> > ctypes.sizeof(buffer), ctypes.byref(nread)): >> > print('buffer is: ',buffer) >> > else: >> > raise ctypes.WinError(ctypes.get_last_error()) >> > >> > current_address += mbi.RegionSize >> >_______________________________________________ >> >Tutor maillist - Tutor@python.org >> >To unsubscribe or change subscription options: >> >https://mail.python.org/mailman/listinfo/tutor >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> _______________________________________________ >> Tutor maillist - Tutor@python.org >> To unsubscribe or change subscription options: >> https://mail.python.org/mailman/listinfo/tutor >> > > _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor