Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import ctypes
- import ctypes.wintypes
- kernel32 = ctypes.wintypes.windll.kernel32
- # Various access flag definitions:
- class Access:
- DELETE = 0x00010000
- READ_CONTROL= 0x00020000
- SYNCHRONIZE = 0x00100000
- WRITE_DAC = 0x00040000
- WRITE_OWNER = 0x00080000
- PROCESS_VM_WRITE = 0x0020
- PROCESS_VM_READ = 0x0010
- PROCESS_VM_OPERATION = 0x0008
- PROCESS_TERMINATE = 0x0001
- PROCESS_SUSPEND_RESUME = 0x0800
- PROCESS_SET_QUOTA = 0x0100
- PROCESS_SET_INFORMATION = 0x0200
- PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
- PROCESS_QUERY_INFORMATION = 0x0400
- PROCESS_DUP_HANDLE = 0x0040
- PROCESS_CREATE_THREAD = 0x0002
- PROCESS_CREATE_PROCESS = 0x0080
- def read_process_mem(pid, address, size):
- """Read memory of the specified process ID."""
- buf = ctypes.create_string_buffer(size)
- gotBytes = ctypes.c_ulong(0)
- h = kernel32.OpenProcess(Access.PROCESS_VM_READ, False, pid)
- try:
- if kernel32.ReadProcessMemory(h, address, buf, size, ctypes.byref(gotBytes)):
- return buf
- else:
- # TODO: report appropriate error GetLastError
- raise Exception("Failed to access process memory.")
- finally:
- kernel32.CloseHandle(h)
Add Comment
Please, Sign In to add comment