Hi all, I am working on my own memory scanner. It uses Windows API, VirtualQueryEX and ReadProcessMemory. I am not sure I put down the following properly:
I am sure Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, PID) ran properly, because it didn't return a 0. Then it's VirtualQueryEx: current_address = sysinfo.lpMinimumApplicationAddress end_address = sysinfo.lpMaximumApplicationAddress while current_address < end_address: Kernel32.VirtualQueryEx(Process, \ current_address, ctypes.byref(mbi),ctypes.sizeof(mbi)) if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT : print('This region can be scanned!') current_address += mbi.RegionSize Now, I think it run fine as well, because it didn't return 0 at all. Just to make sure, in the end of scanning for a region, I use current_address += mbi.RegionSize instead of current_address += mbi.RegionSize + 1 , Right? Lastly, ReadProcessMemory: 1st Question: The setup. buffer = ctypes.c_double() nread = SIZE_T() ReadProcessMemory(Process, i, ctypes.byref(buffer), ctypes.sizeof(buffer), ctypes.byref(nread)) I used ctypes.c_double() to determine the size of the buffer, so does this mean that the value I retrieve would be doubles? As in, I know I want to scan for double values, therefore what I do is what I did here, ask ReadProcessMemory to read 8 bytes at a time? Lastly, I don't understand this part about the memory: if I used VirtualQueryEx to find out if a region of memory is ok to scan, and it says it's ok, are the values in the region arranged like this: short,int,double,long,char, double, short in as in, random? I am asking this because, if it's random, then I'd have to run ReadProcessMemory by increasing the value of of my loop by ONE (1) at a time, like this for i in range(start_of_region, end_of_region, 1): ReadProcessMemory(Process, i, ctypes.byref(buffer), ctypes.sizeof(buffer), ctypes.byref(nread)) Is that correct? Thanks all! this is my scanner's full code : https://pastebin.com/bdq0afT0
_______________________________________________ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32