Oh I am trying to write my own memory scanner, because I thought the Cheat Engine is pretty neat and I am just trying make one for myself.
Onto the problem, I think what happens with Readprocessmemory is that BOOL WINAPI ReadProcessMemory( _In_ HANDLE hProcess, _In_ LPCVOID lpBaseAddress, _Out_ LPVOID lpBuffer, _In_ SIZE_T nSize, _Out_ SIZE_T *lpNumberOfBytesRead ); for LPVOID lpbuffer, it should be a buffer = ctypes.c_double because i am trying to search for a double. However, the interpreter gives me this: ReadProcessMemory(Process, current_address, ctypes.byref(buffer), \ TypeError: byref() argument must be a ctypes instance, not '_ctypes.PyCSimpleType' so I am using buffer = ctypes.c_uint() instead. It returns things like "c_ulong(2006549856)" , though. 2nd, I believe _In_ SIZE_T nSize, means I tell the interpreter to read that much data, which means I can use this parameter to get doubles, which is what I want! However, I am using ctypes.sizeof(buffer) for it, so, I need either to change my buffer to a double, or to tell this parameter to search for doubles somehow. Am I on the right track? Thanks! On Sat, Oct 7, 2017 at 6:58 PM, Mats Wichmann <m...@wichmann.us> wrote: > it might help if you mention what you are trying to do. if it is > forensics, there a bunch of python tools in that area. your problem may > already have solutions you could use. > > On October 7, 2017 3:00:25 PM MDT, Michael C <mysecretrobotfactory@gmail. > com> wrote: > >Hi all: > > > >I am working on a memory scanner, and the source code and output is as > >following: > > > >Now, I know why my buffer from read process memory looks like values > >such > >as "67108864" ; it's because I read into the buffer entire chunk of > >memory > >at a time, because I fed read process memory this: "mbi.RegionSize" > > > >Now, how do I read for values such as doubles? > >I am guessing I need to use a for loop to scan for small bits of memory > >chunk > >at a time. > > > >Is there a way to do it? > > > >Thanks! > > > > > > > > > >>output starts > > > >buffer is: c_ulong(0) > >buffer is: c_ulong(0) > >buffer is: c_ulong(6385664) > >buffer is: c_ulong(67108864) > >buffer is: c_ulong(7761920) > >buffer is: c_ulong(7798784) > >buffer is: c_ulong(7872512) > >buffer is: c_ulong(8007680) > >buffer is: c_ulong(8044544) > >buffer is: c_ulong(8069120) > >buffer is: c_ulong(8216576) > >buffer is: c_ulong(0) > >buffer is: c_ulong(0) > >buffer is: c_ulong(3976) > >buffer is: c_ulong(0) > >buffer is: c_ulong(0) > >buffer is: c_ulong(1318755581) > >buffer is: c_ulong(0) > >buffer is: c_ulong(0) > >buffer is: c_ulong(0) > >buffer is: c_ulong(0) > > > >> code starts > > > >buffer = ctypes.c_uint() > >nread = SIZE_T() > > > >start = ctypes.c_void_p(mbi.BaseAddress) > > > >ReadProcessMemory = Kernel32.ReadProcessMemory > > > >MEM_COMMIT = 0x00001000; > >PAGE_READWRITE = 0x04; > > > >current_address = sysinfo.lpMinimumApplicationAddress > >end_address = sysinfo.lpMaximumApplicationAddress > > > >while current_address < end_address: > > Kernel32.VirtualQueryEx(Process, \ > > current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) > > > > if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : > > > > if ReadProcessMemory(Process, current_address, > >ctypes.byref(buffer), \ > > ctypes.sizeof(buffer), ctypes.byref(nread)): > > print('buffer is: ',buffer) > > else: > > raise ctypes.WinError(ctypes.get_last_error()) > > > > current_address += mbi.RegionSize > >_______________________________________________ > >Tutor maillist - Tutor@python.org > >To unsubscribe or change subscription options: > >https://mail.python.org/mailman/listinfo/tutor > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > _______________________________________________ > Tutor maillist - Tutor@python.org > To unsubscribe or change subscription options: > https://mail.python.org/mailman/listinfo/tutor > _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor