I'm trying to write a Python script that reads a series of memory locations of a particular process.
How can I do this in Python?
I'll be using Windows if it matters. I have the processes PID that I'm attempting to read/edit.
Am I going to have to revert to calling ReadProcessMemory() and using ctypes?
I didn't see anything in the standard python libraries but I found an example using ctypes like you suggested on another site:
from ctypes import *
from ctypes.wintypes import *
OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle
PROCESS_ALL_ACCESS = 0x1F0FFF
pid = 4044 # I assume you have this from somewhere.
address = 0x1000000 # Likewise; for illustration I'll get the .exe header.
buffer = c_char_p("The data goes here")
bufferSize = len(buffer.value)
bytesRead = c_ulong(0)
processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
if ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead)):
print "Success:", buffer
else:
print "Failed."
CloseHandle(processHandle)
'the data goes here'Yes, ctypes (or win32all) and ReadProcessMemory are exactly the way to go. Were you looking for something extra/different? What, in particular?
See http://www.windowsreference.com/windows-xp/dos-commands-and-equivalent-linux-commands/
You can use tasklist.exe to list processes, then scrape the results. Then use taskkill.exe (or tstskill.exe) to end them.
But ctypes and kernal32 is probably safer.
