1

I'm trying to read process memory using Python but there is something wrong idk what. print statements give 0,0,299. The answer given here is incomplete Function ReadProcessMemory keeps returning ERROR_PARTIAL_COPY

import ctypes
from ctypes import *
from ctypes.wintypes import *
import psutil
import sys
from ctypes import wintypes

PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_OPERATION = 0x0008
PROCESS_VM_READ = 0x0010
PROCESS_VM_WRITE = 0x0020
desired_access = (PROCESS_QUERY_INFORMATION|
              PROCESS_VM_OPERATION|
              PROCESS_VM_READ|
              PROCESS_VM_WRITE)

process = windll.kernel32.OpenProcess(desired_access,0,5816)
rPM = ctypes.WinDLL('kernel32',use_last_error=True).ReadProcessMemory
rPM.argtypes =    [wintypes.HANDLE,wintypes.LPCVOID,wintypes.LPVOID,ctypes.c_size_t,ctypes.POINTER   (ctypes.c_size_t)]
rPM.restype = wintypes.BOOL

ReadBuffer = ctypes.c_uint()
lpBuffer = ctypes.byref(ReadBuffer)
nSize = ctypes.sizeof(ReadBuffer)
lpNumberOfBytesRead = ctypes.c_ulong(0)
x = rPM(process, hex(2305324751792),lpBuffer,nSize,lpNumberOfBytesRead)

print(ReadBuffer.value)
print(x)
print(ctypes.get_last_error())
halfer
  • 19,824
  • 17
  • 99
  • 186
Satyam_jay
  • 149
  • 1
  • 9
  • You're not checking for errors, for starters. `ctypes` DLL calls don't raise excepions if the api fn fails unless you call it through a wrapper that checks GetLastError or whatever for you. – ivan_pozdeev Jun 02 '18 at 07:29

0 Answers0