Source: softwareengineering.stackexchange.com --- Sunday, October 08, 2017
I trying to write a Python Windows Memory Scanner, that finds the addresses of a specific value. The complete code is at the bottom, and I'll explain how it works. First, System info is called, and the values of sysinfo.lpMinimumApplicationAddress sysinfo.lpMaximumApplicationAddress are obtained, so I can feed it to my loop which has VirtualQueryEx() Kernel32.OpenProcess is used to be fed to ReadMemoryProcess. Then finally, A loop is used to get VirtualQueryEx() to return base address to scan and it's mbi.RegionSize. And then: I have the following code, and somehow I must have fed the read process Memory incorrectly. what the code does is to check a region of memory to see whether or not it can be scanned. mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT If this is true,then it proceeds to scan the memory fro current_address to current_address + mbi.RegionSize. However, a strange thing happens: The loop runs twice successfully, and then it pops: raise ctypes.WinError(ctypes.get_last_error()) OSError: [WinError 299] Only part of a ReadProcessMemory or WriteProcessMemory request was completed. Now, I know the problem is not with VirtualQueryEx, because if I comment out the red part and just run VirtualQueryEx, it would actually skim through all regions without a single error. Somehow, if I use this: index = current_address end = current_address + mbi.RegionSize - 7 Where the end is less by 7, the loop would not pop any er ...
from Windows http://ift.tt/2g2jvdo
No comments:
Post a Comment