我正在尝试编写一个Python脚本来读取特定进程的一系列内存位置.
我怎么能用Python做到这一点?
如果重要的话我会使用Windows.我有我正在尝试读取/编辑的进程PID.
我是否必须恢复调用ReadProcessMemory()并使用ctypes?
Kin*_*tor 24
我在标准的python库中没有看到任何内容,但我发现了一个使用ctypes的例子,就像你在另一个网站上建议的那样:
from ctypes import *
from ctypes.wintypes import *
OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle
PROCESS_ALL_ACCESS = 0x1F0FFF
pid = 4044 # I assume you have this from somewhere.
address = 0x1000000 # Likewise; for illustration I'll get the .exe header.
buffer = c_char_p("The data goes here")
bufferSize = len(buffer.value)
bytesRead = c_ulong(0)
processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
if ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead)):
print "Success:", buffer
else:
print "Failed."
CloseHandle(processHandle)
| 归档时间: |
|
| 查看次数: |
24868 次 |
| 最近记录: |