1

I want to detect some strings in programm process. Here is, how to do it using process hacker:

Find process > RBM > Properties > Memory > Strings button > Minimum length: 4 > enter image description here > OK > Filter > enter image description here > cheatname.cc > Find > enter image description here

So the question is, is it possible to somehow automate through python. I already tried to do this, but it didn't work.

import psutil
import ctypes
import ctypes.wintypes
import time

# Define the process name
process_name = "gmod.exe"

# Define the byte pattern to search for
byte_pattern = b'exechack.cc'

# Set the interval for checking the game's memory
interval = 30

while True:
    # Get the process ID of the game
    pid = None
    for proc in psutil.process_iter(['pid', 'name']):
        if proc.info['name'] == process_name:
            pid = proc.info['pid']
            break

    if pid:
        # Open the process with read-only access
        process_handle = ctypes.windll.kernel32.OpenProcess(0x10, False, pid)

        # Define the memory address range to scan
        start_address = ctypes.c_ulonglong(0)
        end_address = ctypes.c_ulonglong(0x7FFFFFFFFFFFFF)

        # Scan the process memory for the byte pattern
        while start_address.value < end_address.value:
            memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
            result = ctypes.windll.kernel32.VirtualQueryEx(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(memory_info), ctypes.sizeof(memory_info))
            if result == 0:
                # Error occurred, break out of loop
                break
            start_address = ctypes.c_ulonglong(memory_info.BaseAddress + memory_info.RegionSize)
            if memory_info.RegionSize == 0:
                # Region size is zero, skip to the next region
                continue
            buffer = (ctypes.c_byte * memory_info.RegionSize)()
            ctypes.windll.kernel32.ReadProcessMemory(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(buffer), ctypes.sizeof(buffer), None)
            if byte_pattern in buffer:
                print("Cheat code detected!")
                break

        # Close the process handle
        ctypes.windll.kernel32.CloseHandle(process_handle)

    # Wait for the interval before checking again
    time.sleep(interval)

Error:

Exception has occurred: AttributeError
module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'
  File "C:\Users\axsta\Desktop\ac.py", line 33, in <module>
    memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
AttributeError: module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'

I want the program to find the process itself and search for everything that I showed above.

Useful info: Process Image type: 64 bit steam screenshot.

There is very little information on the Internet that I need, so I came here to ask for help

I tried to change different variables, deal with libraries, but nothing worked, I don't know what the problem is

Stanislav
  • 13
  • 3
  • 1
    You'll need to define the MEMORY_BASIC_INFORMATION structure yourself. See [this answer](https://stackoverflow.com/a/73009749/235698) for an example. – Mark Tolonen Mar 24 '23 at 23:20

0 Answers0