17

I'm trying to write a Python script that reads a series of memory locations of a particular process.

How can I do this in Python?

I'll be using Windows if it matters. I have the processes PID that I'm attempting to read/edit.

Am I going to have to revert to calling ReadProcessMemory() and using ctypes?

Filet-O-Fish
  • 171
  • 1
  • 1
  • 4

3 Answers3

27

I didn't see anything in the standard python libraries but I found an example using ctypes like you suggested on another site:

from ctypes import *
from ctypes.wintypes import *

OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle

PROCESS_ALL_ACCESS = 0x1F0FFF

pid = 4044   # I assume you have this from somewhere.
address = 0x1000000  # Likewise; for illustration I'll get the .exe header.

buffer = c_char_p("The data goes here")
bufferSize = len(buffer.value)
bytesRead = c_ulong(0)

processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
if ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead)):
    print "Success:", buffer
else:
    print "Failed."

CloseHandle(processHandle)
KingNestor
  • 65,976
  • 51
  • 121
  • 152
0

Yes, ctypes (or win32all) and ReadProcessMemory are exactly the way to go. Were you looking for something extra/different? What, in particular?

Alex Martelli
  • 854,459
  • 170
  • 1,222
  • 1,395
  • may be he want to do ArtMoney clone :P – YOU Nov 25 '09 at 04:48
  • I suppose I was looking for something in the Python libraries that was essentially a wrapper for this in an attempt to avoid using ctypes. Thanks for the info! – Filet-O-Fish Nov 25 '09 at 04:49
-7

See http://www.windowsreference.com/windows-xp/dos-commands-and-equivalent-linux-commands/

You can use tasklist.exe to list processes, then scrape the results. Then use taskkill.exe (or tstskill.exe) to end them.

But ctypes and kernal32 is probably safer.

wisty
  • 6,981
  • 1
  • 30
  • 29