update: I should have put down buffer = ctypes.c_double() instead of buffer = ctypes.c_double.
Sorry all On Sat, Oct 7, 2017 at 8:18 PM, Michael C <mysecretrobotfact...@gmail.com> wrote: > I am following some examples online such as this one: > https://social.msdn.microsoft.com/Forums/vstudio/en-US/ > ce0cc398-2b96-4688-b8a4-b5f4c9ebc064/memory-searcher- > with-virtualqueryex-and-readprocessmemory?forum=vclanguage > > > i think I got most of it right, so this following part is what I would > like you to look at: > > DWORD read = 0; > LPVOID buffer = 0 > > (ReadProcessMemory(hackProcess, (void*)start, &buffer, sizeof(int), &read) > > > So, what's the Python equivalent statements for sizeof(int) ? > > > > > > > On Sat, Oct 7, 2017 at 7:38 PM, Michael C <mysecretrobotfact...@gmail.com> > wrote: > >> Oh I am trying to write my own memory scanner, because I thought the >> Cheat Engine is pretty neat and I am just trying make one for myself. >> >> Onto the problem, I think what happens with Readprocessmemory is that >> >> BOOL WINAPI ReadProcessMemory( >> _In_ HANDLE hProcess, >> _In_ LPCVOID lpBaseAddress, _Out_ LPVOID lpBuffer, >> _In_ SIZE_T nSize, >> _Out_ SIZE_T *lpNumberOfBytesRead >> ); >> >> >> for LPVOID lpbuffer, it should be a >> >> buffer = ctypes.c_double >> >> because i am trying to search for a double. >> However, the interpreter gives me this: >> >> ReadProcessMemory(Process, current_address, ctypes.byref(buffer), \ >> TypeError: byref() argument must be a ctypes instance, not >> '_ctypes.PyCSimpleType' >> >> >> so I am using >> buffer = ctypes.c_uint() >> instead. It returns things like "c_ulong(2006549856)" , though. >> >> 2nd, I believe _In_ SIZE_T nSize, means I tell the interpreter to >> read that much >> data, which means I can use this parameter to get doubles, which is what >> I want! >> >> However, I am using >> >> ctypes.sizeof(buffer) >> >> for it, so, I need either to change my buffer to a double, or to tell >> this parameter to search for >> doubles somehow. >> >> >> Am I on the right track? >> >> >> Thanks! >> >> >> >> On Sat, Oct 7, 2017 at 6:58 PM, Mats Wichmann <m...@wichmann.us> wrote: >> >>> it might help if you mention what you are trying to do. if it is >>> forensics, there a bunch of python tools in that area. your problem may >>> already have solutions you could use. >>> >>> On October 7, 2017 3:00:25 PM MDT, Michael C < >>> mysecretrobotfact...@gmail.com> wrote: >>> >Hi all: >>> > >>> >I am working on a memory scanner, and the source code and output is as >>> >following: >>> > >>> >Now, I know why my buffer from read process memory looks like values >>> >such >>> >as "67108864" ; it's because I read into the buffer entire chunk of >>> >memory >>> >at a time, because I fed read process memory this: "mbi.RegionSize" >>> > >>> >Now, how do I read for values such as doubles? >>> >I am guessing I need to use a for loop to scan for small bits of memory >>> >chunk >>> >at a time. >>> > >>> >Is there a way to do it? >>> > >>> >Thanks! >>> > >>> > >>> > >>> > >>> >>output starts >>> > >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(6385664) >>> >buffer is: c_ulong(67108864) >>> >buffer is: c_ulong(7761920) >>> >buffer is: c_ulong(7798784) >>> >buffer is: c_ulong(7872512) >>> >buffer is: c_ulong(8007680) >>> >buffer is: c_ulong(8044544) >>> >buffer is: c_ulong(8069120) >>> >buffer is: c_ulong(8216576) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(3976) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(1318755581) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(0) >>> >buffer is: c_ulong(0) >>> > >>> >> code starts >>> > >>> >buffer = ctypes.c_uint() >>> >nread = SIZE_T() >>> > >>> >start = ctypes.c_void_p(mbi.BaseAddress) >>> > >>> >ReadProcessMemory = Kernel32.ReadProcessMemory >>> > >>> >MEM_COMMIT = 0x00001000; >>> >PAGE_READWRITE = 0x04; >>> > >>> >current_address = sysinfo.lpMinimumApplicationAddress >>> >end_address = sysinfo.lpMaximumApplicationAddress >>> > >>> >while current_address < end_address: >>> > Kernel32.VirtualQueryEx(Process, \ >>> > current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) >>> > >>> > if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : >>> > >>> > if ReadProcessMemory(Process, current_address, >>> >ctypes.byref(buffer), \ >>> > ctypes.sizeof(buffer), ctypes.byref(nread)): >>> > print('buffer is: ',buffer) >>> > else: >>> > raise ctypes.WinError(ctypes.get_last_error()) >>> > >>> > current_address += mbi.RegionSize >>> >_______________________________________________ >>> >Tutor maillist - Tutor@python.org >>> >To unsubscribe or change subscription options: >>> >https://mail.python.org/mailman/listinfo/tutor >>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my brevity. >>> _______________________________________________ >>> Tutor maillist - Tutor@python.org >>> To unsubscribe or change subscription options: >>> https://mail.python.org/mailman/listinfo/tutor >>> >> >> > _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
