Re: [Tutor] using while loop for read process memory

[Steven D'Aprano]

I have no idea about ctypes or Windows, but it seems to me that you are 
creating a rod for your own back by using a while loop here. Why use a 
primitive, low-level looping construct when Python gives you much better 
tools?

My *guess* is that somewhere you are miscalcuating when to stop, and 
trying to read beyond the valid region.

Your code uses nested while loops. But since you already know the 
beginning and end of the loop, that is much better written as 
for-loops (and will be faster too).

It's not clear to me how much memory you expect to be reading at a time. 
I *guess* that you read blocks of memory the size of mbi at a time. If 
your memory is:

    abcdefghijklmnopqrstuvwxyz...

and mbi is (lets say) *six* chars long, then you want to read:

    abcdef
    ghijkl
    mnopqr
    stuvwx
    yz...

Then, within each mbi-sized block, if each buffer is (say) *two* chars 
long, you want to read:

    ab
    cd
    ef

Is that right? If not, you will have to adjust the following to better 
suit your intention.


# Untested, as I don't run Windows.
blocksize = ctypes.sizeof(mbi)
buffer_blocksize = ctypes.sizeof(buffer)
for current_address in range(
            sysinfo.lpMinimumApplicationAddress,
            sysinfo.lpMaximumApplicationAddress,
            blocksize
            ):
    # process the current address here
    Kernel32.VirtualQueryEx(
                Process,
                current_address, 
                ctypes.byref(mbi),
                blocksize
                )
    # Note that there's no need for a backslash \ to continue
    # lines inside open brackets and parentheses; by 
    # convention such lines are indented extra to allow them
    # to stand out. Feel free to make it a bit more compact if
    # you prefer it that way.
    if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT:
        print('This region can be scanned!')  # which region?
        for index in range(
                    current_address, 
                    current_address + mbi.RegionSize,
                    buffer_blocksize
                    ):
            if ReadProcessMemory(
                        Process, 
                        index, 
                        ctypes.byref(buffer),
                        buffer_blocksize,
                        ctypes.byref(nread)
                        ):
                ## FIXME implement value comparison
                pass
            else:
                raise ctypes.WinError(ctypes.get_last_error())



Hope this helps.



-- 
Steve
_______________________________________________
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor