kernel32.dll的ReadProcessMemory函数似乎返回Unicode.
kernel32 = ctypes.windll.kernel32
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_READ = 0x0010
pid = int(raw_input("Enter PID: "))
hproc = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ, False, pid)
lpbaseaddr = 16799644
read_buff = ctypes.create_string_buffer(4)
bytread = ctypes.c_ulong(0)
kernel32.ReadProcessMemory(hproc, lpbaseaddr, read_buff,
4, ctypes.byref(bytread))
print read_buff.raw #i also tried read_buff.value
我知道该地址的值是80,因为我使用了作弊引擎使其成为80.该print read_buff行返回
P.如果我使用作弊引擎创建该地址81的值并运行我的程序,则返回该值Q.我一直在乱搞并unichr(80)返回P并unichr(81)返回Q.显然存在问题create_string_buff.我应该使用字节缓冲区还是整数缓冲区,我该怎么做?使用unichr()一些值的作品,但说地址值800,unichr(800)显然是行不通的.我在寻找read_buff返回50或60或800等