We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent f5dd41a commit 036707fCopy full SHA for 036707f
βPython_Scripts/ReadProcessMemory.py
@@ -0,0 +1,22 @@
1
+from ctypes import *
2
+from ctypes.wintypes import *
3
+
4
+PROCESS_ID = 9476 # From TaskManager for Notepad.exe
5
+PROCESS_HEADER_ADDR = 0x7ff7b81e0000 # From SysInternals VMMap utility
6
7
+# read from addresses
8
+STRLEN = 255
9
10
+PROCESS_VM_READ = 0x0010
11
12
+k32 = WinDLL('kernel32')
13
+k32.OpenProcess.argtypes = DWORD,BOOL,DWORD
14
+k32.OpenProcess.restype = HANDLE
15
+k32.ReadProcessMemory.argtypes = HANDLE,LPVOID,LPVOID,c_size_t,POINTER(c_size_t)
16
+k32.ReadProcessMemory.restype = BOOL
17
18
+process = k32.OpenProcess(PROCESS_VM_READ, 0, PROCESS_ID)
19
+buf = create_string_buffer(STRLEN)
20
+s = c_size_t()
21
+if k32.ReadProcessMemory(process, PROCESS_HEADER_ADDR, buf, STRLEN, byref(s)):
22
+ print(s.value,buf.raw)
AltStyle γ«γγ£γ¦ε€ζγγγγγΌγΈ (->γͺγͺγΈγγ«) / γ’γγ¬γΉ: γ’γΌγ: γγγ©γ«γ ι³ε£°γγ©γ¦γΆ γ«γδ»γ ι θ²εθ»’ ζεζ‘倧 γ’γγ€γ«
0 commit comments