How can I read the memory of another process in Python in Windows?
Question
I'm trying to write a Python script that reads a series of memory locations of a particular process.
How can I do this in Python?
I'll be using Windows if it matters. I have the processes PID that I'm attempting to read/edit.
Am I going to have to revert to calling ReadProcessMemory() and using ctypes?
3 answers
solution1
28 2009-11-25 04:44:59
I didn't see anything in the standard python libraries but I found an example using ctypes like you suggested on another site:
from ctypes import *
from ctypes.wintypes import *
OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle
PROCESS_ALL_ACCESS = 0x1F0FFF
pid = 4044 # I assume you have this from somewhere.
address = 0x1000000 # Likewise; for illustration I'll get the .exe header.
buffer = c_char_p("The data goes here")
bufferSize = len(buffer.value)
bytesRead = c_ulong(0)
processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
if ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead)):
print "Success:", buffer
else:
print "Failed."
CloseHandle(processHandle)
solution2
0 2009-11-25 04:45:20
Yes, ctypes (or win32all ) and ReadProcessMemory are exactly the way to go. Were you looking for something extra/different? What, in particular?
solution3
-5 2009-11-25 05:50:34
See http://www.windowsreference.com/windows-xp/dos-commands-and-equivalent-linux-commands/
You can use tasklist.exe to list processes, then scrape the results. Then use taskkill.exe (or tstskill.exe) to end them.
But ctypes and kernal32 is probably safer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.