Re: [python-win32] Question about Python script

[Tim Roberts]

Schoeni, Yann wrote:
>  
>
> I don’t see anything about color depth in the script, do you think I
> should define it somewhere ?
>
>  
>
> I did this to check that everything was correct before the image was
> draw :
>
>  
>
> bmp = Image.open (file_name)
>
> print(bmp.mode)
>
>  
>
> The return value is : RGB
>
> In the PIL documentation I’ve found : RGB (3x8-bit pixels, true color)
>
>  
>
> Which means 24-bits depth, correct ?
>

Correct.


> Now I need to create the device context as a 24-bits.
>
>  
>
>
>   i've done some research but, I didn’t find how to set the depth
>   color manually ..
>
>
>    
>
>
>   If I do :
>
>
>    
>
>
>   NUMCOLORS = 0
>
>
>    
>
>
>   hDC = win32.CreateDC()
>
>
>   hDC.CreatePrinterDC (printer_name)
>
>
> colorDepth = hDC.GetDeviceCaps(NUMCOLORS)
>
> print("colorDepth : ", colorDepth);
>
>  
>
> The return value is : colorDepth : 1539
>

Where did you get "NUMCOLORS = 0"?  That's wrong:

/* Device Parameters for GetDeviceCaps() */
#define DRIVERVERSION 0 /* Device driver version    */
#define TECHNOLOGY    2 /* Device classification    */
#define HORZSIZE  4 /* Horizontal size in millimeters   */
#define VERTSIZE  6 /* Vertical size in millimeters */
#define HORZRES   8 /* Horizontal width in pixels   */
#define VERTRES   10    /* Vertical height in pixels    */
#define BITSPIXEL 12    /* Number of bits per pixel */
#define PLANES    14    /* Number of planes */
#define NUMBRUSHES    16    /* Number of brushes the device has */
#define NUMPENS   18    /* Number of pens the device has    */
#define NUMMARKERS    20    /* Number of markers the device has */
#define NUMFONTS  22    /* Number of fonts the device has   */
#define NUMCOLORS 24    /* Number of colors the device supports */
etc

So, your 1539 result says that the driver's version is 0x0603.  You
don't need to hardcode these numbers at all.  Most Windows constants are
in win32con.  Plus, the important number is BITSPIXEL.  If that is 8,
then you can look at NUMCOLORS.  If it is not 8, then NUMCOLORS is not
meaningful.
 import win32con
 print( hDC.GetDeviceCaps(win32con.BITSPIXEL))
 print( hDC.GetDeviceCaps(win32con.NUMCOLORS))

-- 
Tim Roberts, t...@probo.com
Providenza & Boekelheide, Inc.

___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32

Re: [python-win32] VirtualQueryEx/ReadProcessMemory

[Tim Roberts]

On Oct 16, 2017, at 4:39 PM, Michael C  wrote:
> 
> >>>Did you acquire the SeDebugPrivilege before calling?
> 
> Eh, no. I don't know what that is! How do I get it?

https://www.programcreek.com/python/example/80627/win32con.TOKEN_ADJUST_PRIVILEGES
 



> >>>That's a screwed up way of doing it.  If you want buffers of 8 bytes,
> then make a buffer of 8 bytes.
> 
> So like this?
> 
> ReadProcessMemory(Process, i, ctypes.byref(buffer), 8, ctypes.byref(nread))

I would probably use ctypes.c_buffer to create the buffer.  You can experiment 
by reading your own process before you start reading other processes.


> Bummer... I thought with what I did, I was building a simple memory scanner.
> See, I thought with my ReadProcessMemory line I was retrieving values in the 
> size of doubles.
> 
> I thought by doing what I did, by reading 8 bytes at a time, (the size of 
> doubles) I was effectively looking for values in my memory. I thought a
> 
> for(start,end,8)
> 
> would give me all the values of doubles since I believed that doubles exist 
> in the memory in the positions of   base, base+8, base+16, base+24, and so 
> forth.

You would get the memory, 8 bytes at a time.  8-byte integers are often stored 
aligned on 8-byte boundaries, because it's slightly more efficient, but it's 
not required.  It depends on what you're looking for, which you still haven't 
told us.


> would achieve the same thing. I would store the address containing the 
> doubles I want in a list() called hit_pool.  And then the incorrect values 
> would be flushed out anyway, when I run a another run of comparing the 
> address found with target value. like this
> 
> for n in hit_pool:
> readprocessmemory(process, n,  ctypes.byref(buffer), 8, 
> ctypes.byref(nread))

Well, you wouldn't pass your "hit_pool" values to ReadProcessMemory.  You would 
read the memory, then scan through it locally looking for your hit_pool.

However, you'e always going to be fighting the language.  This kind of 
low-level machine-dependent processing is always going to be much faster and 
easier to code in C or C++.
— 
Tim Roberts, t...@probo.com
Providenza & Boekelheide, Inc.

___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32

Re: [python-win32] VirtualQueryEx/ReadProcessMemory

[Tim Roberts]

On Oct 16, 2017, at 5:06 PM, Michael C  wrote:
> 
> Supposed by using Openprocess and VirtualQueryEx, I have the locations of all 
> the memory the application is using, wouldn't this to be true?
> 
> Say, a 8 byte data is somewhere in the region i am scanning. Ok, I know by 
> scanning it like this
> for n in range(start,end,1)
> 
> will read into another variable and mostly nothing, but unless a variable, 
> that is, one number, can be truncated and exist in multiple locations like 
> this
> 
> double = 12345678

You keep using the word "double".  A "double" is a floating-point number.  Are 
you actually referring to an 8-byte integer?


> 123 is at x001
> 45 is at x005
> 678 is at x010
> 
> unless a number can be broken up like that, wouldn't I, while use the silly 
> 'increment by one' approach,  actually luck out and get that value in it's 
> actual position?

I can't tell what your x001 notation is trying to say.  If you have the decimal 
value 12345678 stored somewhere in memory in a 64-bit value, the consecutive 
bytes in memory will look like this:
   4E 61 BC 00 00 00 00 00

If you actually mean the floating point value 12345678.0, it will be stored in 
8 bytes like this:
  00 00 00 c0 29 8c 67 41

It will take you forever to search another process 8 bytes at a time.  You're 
probably going to want to fetch a page at a time and scan the page locally.
— 
Tim Roberts, t...@probo.com
Providenza & Boekelheide, Inc.

___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32