Python 如何获得流程';s的基址与MODULEENTRY32?
我希望在此示例中执行一些操作:。我和那个主题中的人有着相同的问题,因为作弊引擎提供的指针与进程本身的基址有关 我环顾四周,似乎最好的解决方案是使用ctypes和MODULEENTRY32来存储流程快照并分析其modBaseAddr 这是我目前的代码Python 如何获得流程';s的基址与MODULEENTRY32?,python,memory-address,base,cheat-engine,Python,Memory Address,Base,Cheat Engine,我希望在此示例中执行一些操作:。我和那个主题中的人有着相同的问题,因为作弊引擎提供的指针与进程本身的基址有关 我环顾四周,似乎最好的解决方案是使用ctypes和MODULEENTRY32来存储流程快照并分析其modBaseAddr 这是我目前的代码 import os.path, ctypes, ctypes.wintypes from ctypes import * from ctypes.wintypes import * PROCESS_QUERY_INFORMATION = (0x04
import os.path, ctypes, ctypes.wintypes
from ctypes import *
from ctypes.wintypes import *
PROCESS_QUERY_INFORMATION = (0x0400)
PROCESS_VM_OPERATION = (0x0008)
PROCESS_VM_READ = (0x0010)
PROCESS_VM_WRITE = (0x0020)
TH32CS_SNAPMODULE = (0x00000008)
CreateToolhelp32Snapshot= ctypes.windll.kernel32.CreateToolhelp32Snapshot
Process32First = ctypes.windll.kernel32.Process32First
Process32Next = ctypes.windll.kernel32.Process32Next
Module32First = ctypes.windll.kernel32.Module32First
Module32Next = ctypes.windll.kernel32.Module32Next
GetLastError = ctypes.windll.kernel32.GetLastError
OpenProcess = ctypes.windll.kernel32.OpenProcess
GetPriorityClass = ctypes.windll.kernel32.GetPriorityClass
CloseHandle = ctypes.windll.kernel32.CloseHandle
class MODULEENTRY32(Structure):
_fields_ = [ ( 'dwSize' , DWORD ) ,
( 'th32ModuleID' , DWORD ),
( 'th32ProcessID' , DWORD ),
( 'GlblcntUsage' , DWORD ),
( 'ProccntUsage' , DWORD ) ,
( 'modBaseAddr' , POINTER(BYTE)) ,
( 'modBaseSize' , DWORD ) ,
( 'hModule' , HMODULE ) ,
( 'szModule' , c_char * 256 ),
( 'szExePath' , c_char * 260 ) ]
def GetBaseAddr(ProcId, ProcName):
me32 = MODULEENTRY32()
me32.dwSize = sizeof(me32)
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, ProcId)
if GetLastError() != 0:
CloseHandle(hSnapshot)
print 'Handle Error %s' % WinError()
return 'Error'
else:
if Module32First(hSnapshot, byref(me32)):
if me32.szModule == ProcName:
CloseHandle(hSnapshot)
return id(me32.modBaseAddr)
else:
Module32Next(hSnapshot, byref(me32))
while int(GetLastError())!= 18:
if me32.szModule == ProcName:
CloseHandle(hSnapshot)
return id(me32.modBaseAddr)
else:
Module32Next(hSnapshot, byref(me32))
CloseHandle(hSnapshot)
print 'Couldn\'t find Process with name %s' % ProcName
else:
print 'Module32First is False %s' % WinError()
CloseHandle(hSnapshot)
def GetProcessIdByName( pName):
if pName.endswith('.exe'):
pass
else:
pName = pName+'.exe'
ProcessIds, BytesReturned = EnumProcesses()
for index in range(BytesReturned / ctypes.sizeof(ctypes.wintypes.DWORD)):
ProcessId = ProcessIds[index]
hProcess = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId)
if hProcess:
ImageFileName = (ctypes.c_char*MAX_PATH)()
if ctypes.windll.psapi.GetProcessImageFileNameA(hProcess, ImageFileName, MAX_PATH)>0:
filename = os.path.basename(ImageFileName.value)
if filename == pName:
return ProcessId
CloseHandle(hProcess)
def EnumProcesses():
count = 32
while True:
ProcessIds = (ctypes.wintypes.DWORD*count)()
cb = ctypes.sizeof(ProcessIds)
BytesReturned = ctypes.wintypes.DWORD()
if ctypes.windll.Psapi.EnumProcesses(ctypes.byref(ProcessIds), cb, ctypes.byref(BytesReturned)):
if BytesReturned.value<cb:
return ProcessIds, BytesReturned.value
break
else:
count *= 2
else:
return None
if __name__ == '__main__':
ProcId = GetProcessIdByName('RocketLeague.exe')
#print ProcId
print hex(GetBaseAddr(ProcId, 'RocketLeague.exe'))
#print hex(GetBaseAddr(8252,'RocketLeague.exe'))
导入os.path、ctypes、ctypes.wintypes
从ctypes导入*
从ctypes.wintypes导入*
进程查询信息=(0x0400)
进程\虚拟机\操作=(0x0008)
进程\虚拟机\读取=(0x0010)
进程虚拟机写入=(0x0020)
TH32CS_SNAPMODULE=(0x00000008)
CreateToolhelp32Snapshot=ctypes.windell.kernel32.CreateToolhelp32Snapshot
Process32First=ctypes.windell.kernel32.Process32First
Process32Next=ctypes.windell.kernel32.Process32Next
Module32First=ctypes.windell.kernel32.Module32First
Module32Next=ctypes.windell.kernel32.Module32Next
GetLastError=ctypes.windell.kernel32.GetLastError
OpenProcess=ctypes.windell.kernel32.OpenProcess
GetPriorityClass=ctypes.windell.kernel32.GetPriorityClass
CloseHandle=ctypes.windell.kernel32.CloseHandle
类MODULEENTRY32(结构):
_字段\=[('dwSize',DWORD),
('th32ModuleID',德沃德),
('th32ProcessID',DWORD),
(“GlblcntUsage”,德沃德),
('ProccntUsage',德沃德),
('modBaseAddr',指针(字节)),
(“modBaseSize”,德沃德),
('hModule',hModule),
('szModule',c_char*256),
('szexpath',c_char*260)]
def GetBaseAddr(ProcId,ProcName):
me32=MODULEENTRY32()
me32.dwSize=sizeof(me32)
hSnapshot=CreateToolhelp32Snapshot(TH32CS\u SNAPMODULE,ProcId)
如果GetLastError()!=0:
闭合手柄(hSnapshot)
打印“句柄错误%s”%WinError()
返回“错误”
其他:
如果模块32第一个(hSnapshot,byref(me32)):
如果me32.szModule==ProcName:
闭合手柄(hSnapshot)
返回id(me32.modBaseAddr)
其他:
模块32下一步(hSnapshot,byref(me32))
而int(GetLastError())!=18:
如果me32.szModule==ProcName:
闭合手柄(hSnapshot)
返回id(me32.modBaseAddr)
其他:
模块32下一步(hSnapshot,byref(me32))
闭合手柄(hSnapshot)
“打印”找不到名为%s“%ProcName”的进程
其他:
打印'Module32First'为假%s'%WinError()
闭合手柄(hSnapshot)
def GetProcessIdByName(pName):
如果pName.endswith('.exe'):
通过
其他:
pName=pName+'.exe'
ProcessId,BytesReturned=EnumProcesses()
对于范围内的索引(BytesReturned/ctypes.sizeof(ctypes.wintypes.DWORD)):
ProcessId=ProcessId[索引]
hProcess=ctypes.windell.kernel32.OpenProcess(进程查询信息,False,进程ID)
如果是HPProcess:
ImageFileName=(ctypes.c_char*MAX_PATH)()
如果ctypes.windell.psapi.GetProcessImageFileNameA(HPProcess,ImageFileName,MAX_PATH)>0:
filename=os.path.basename(ImageFileName.value)
如果filename==pName:
返回进程ID
CloseHandle(HPProcess)
def enumprocess():
计数=32
尽管如此:
ProcessID=(ctypes.wintypes.DWORD*count)()
cb=ctypes.sizeof(进程ID)
BytesReturned=ctypes.wintypes.DWORD()
如果ctypes.windell.Psapi.enumProcesss(ctypes.byref(ProcessId)、cb、ctypes.byref(BytesReturned)):
if BytesReturned.value澄清:MODULEENTRY32存储关于模块的信息,而不是进程的信息。当您使用TH32CS_SNAPMODULE调用时,您得到的是由进程加载的模块,而不是进程本身
您可以使用TH32CS\u SNAPPROCESS来获取结构形式的进程列表,其中还包含进程标识符,而不是将MODULEENTRY32与EnumProcesses结合使用
尽管您是具有管理员权限的用户,但也必须以管理员身份运行该进程
您还应该确保将MODULEENTRY32初始化为{0}以进行正确的错误处理,并且不会遇到返回值受未初始化内存的未定义行为影响的问题
我不知道您的问题的具体原因,但我为此使用了一个非常健壮的源代码,它可能是您当前使用的即插即用的替代方案,下面是重要的代码片段,但完整的源代码是可用的
def ListProcessModules(ProcessID):
hModuleSnap=c\u void\u p(0)
me32=MODULEENTRY32()
me32.dwSize=sizeof(MODULEENTRY32)
hModuleSnap=CreateToolhelp32Snapshot(TH32CS\u SNAPMODULE,ProcessID)
ret=模块32第一(hModuleSnap,指针(me32))
如果ret==0:
在Module32First[%d]'%GetLastError()上打印'ListProcessModules()错误
闭合手柄(hModuleSnap)
返回错误
而ret:
打印“模块名称:%s”%me32.szModule
打印“可执行文件=%s”%me32.szexpath
打印“进程ID=0x%08X”%me32.th32ProcessID
打印“参考计数(g)=0x%04X”%me32.glblcnt用法
打印“参考计数(p)=0x%04X”%me32.ProccntUsage
打印