如何在 Windows 中读取 Python 中另一个进程的内存? [英] How can I read the memory of another process in Python in Windows?

问题描述

我正在尝试编写一个 Python 脚本来读取特定进程的一系列内存位置.

I'm trying to write a Python script that reads a series of memory locations of a particular process.

如何在 Python 中执行此操作?

How can I do this in Python?

如果重要的话，我会使用 Windows.我有我试图读取/编辑的进程 PID.

I'll be using Windows if it matters. I have the processes PID that I'm attempting to read/edit.

我是否必须恢复调用 ReadProcessMemory() 并使用 ctypes?

Am I going to have to revert to calling ReadProcessMemory() and using ctypes?

推荐答案

我在标准 python 库中没有看到任何东西，但我在另一个站点上找到了一个使用 ctypes 的示例:

I didn't see anything in the standard python libraries but I found an example using ctypes like you suggested on another site:

from ctypes import *
from ctypes.wintypes import *

OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle

PROCESS_ALL_ACCESS = 0x1F0FFF

pid = 4044   # I assume you have this from somewhere.
address = 0x1000000  # Likewise; for illustration I'll get the .exe header.

buffer = c_char_p("The data goes here")
bufferSize = len(buffer.value)
bytesRead = c_ulong(0)

processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
if ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead)):
    print "Success:", buffer
else:
    print "Failed."

CloseHandle(processHandle)

这篇关于如何在 Windows 中读取 Python 中另一个进程的内存?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！