Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from ctypes import create_string_buffer, c_ulong, byref, windll
- from subprocess import check_output
- import psutil, struct
- PROCNAME = "OUTLOOK.EXE"
- for proc in psutil.process_iter():
- if proc.name() == PROCNAME:
- pid = proc.pid
- print(pid)
- class Memory(object):
- def __init__(self, pid):
- self.process = windll.kernel32.OpenProcess(0x1F0FFF, 0, pid)
- self.readTypes = {
- 'float': self.readFloat,
- 'int': self.readInt,
- 'string': self.readString,
- }
- def readInt(self, address):
- string = self.readBytes(address, 4)
- number = struct.unpack('<I',string)[0]
- return number
- def readFloat(self, address):
- string = self.readBytes(address, 4)
- number = struct.unpack('<f',string)[0]
- return number
- def readOffset(self, address, T):
- try:
- if type(address) == list:
- ret = 0
- for a in address:
- ret = ret + a
- ret = self.readTypes[T](ret)
- return ret
- else:
- return self.readTypes[T](address)
- except KeyError:
- raise Exception("Unsupported Type")
- def readString(self, address, bytes=50):
- buffer = self.readBytes(address, bytes)
- i = buffer.find(b'\x00')
- if i != -1:
- return buffer[:i]
- else:
- return buffer
- def readBytes(self, address, bytes=4):
- ReadProcessMemory = windll.kernel32.ReadProcessMemory
- buffer = create_string_buffer(bytes)
- bytesRead = c_ulong(0)
- bufferSize = bytes
- ReadProcessMemory(self.process, address, buffer, bufferSize, byref(bytesRead))
- string = buffer.raw
- return string
- x = Memory(pid)
- print(x.readInt(0x00A2C06D))
- print(x.readBytes(0x00A2C06E))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
