这是WinAPI ^{}的ctypes包装。它需要读取进程ID、基址和大小(以字节为单位)。它返回从目标进程读取的字节字符串。在
{{{else>如果整个地址范围^为false,则该错误^为false。如果allow_partial为真,则返回的字节字符串可能小于请求的字节数。在
c类型定义import ctypes
from ctypes import wintypes
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
ERROR_PARTIAL_COPY = 0x012B
PROCESS_VM_READ = 0x0010
SIZE_T = ctypes.c_size_t
PSIZE_T = ctypes.POINTER(SIZE_T)
def _check_zero(result, func, args):
if not result:
raise ctypes.WinError(ctypes.get_last_error())
return args
kernel32.OpenProcess.errcheck = _check_zero
kernel32.OpenProcess.restype = wintypes.HANDLE
kernel32.OpenProcess.argtypes = (
wintypes.DWORD, # _In_ dwDesiredAccess
wintypes.BOOL, # _In_ bInheritHandle
wintypes.DWORD) # _In_ dwProcessId
kernel32.ReadProcessMemory.errcheck = _check_zero
kernel32.ReadProcessMemory.argtypes = (
wintypes.HANDLE, # _In_ hProcess
wintypes.LPCVOID, # _In_ lpBaseAddress
wintypes.LPVOID, # _Out_ lpBuffer
SIZE_T, # _In_ nSize
PSIZE_T) # _Out_ lpNumberOfBytesRead
kernel32.CloseHandle.argtypes = (wintypes.HANDLE,)
功能
^{pr2}$
示例if __name__ == '__main__':
import os
buf = ctypes.create_string_buffer(b'eggs and spam')
pid = os.getpid()
address = ctypes.addressof(buf)
size = len(buf.value)
value = read_process_memory(pid, address, size)
assert value == buf.value