tags:

views:

46

answers:

2
Q: 

python ctypes.create_string_buffer help!!!!

hey all, i have been scanning the net for answers to this question for days now and im still making no progress so i beg for your help oh mighty guru's of computer wisdom :)

my problem is my readprocessmemory function is returning unicode.. here is my code

kernel32 = ctypes.windll.kernel32
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_READ = 0x0010

pid = int(raw_input("Enter PID: "))
hproc = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ, False, pid)
lpbaseaddr = 16799644
read_buff = ctypes.create_string_buffer(4)
bytread = ctypes.c_ulong(0)
kernel32.ReadProcessMemory(hproc, lpbaseaddr, read_buff,
                               4, ctypes.byref(bytread))
print read_buff.raw #i also tried read_buff.value

ok thats my code.. i know the value at that address is 50 because i used cheat engine to make it 80 :) my program's print read_buff returns "P".. if i make the value of that address 81 with cheat engine and run my program it returns the value "Q". i been messing around and unichr(80) returns P and unichr(81) returns Q. there is obviously a problem with create_string_buff. should i be using a byte buffer or integer buffer and how would i do that? using unichr() works for a few valeus but say the address value is 800. unichr(800) obviously wont work.. PLS HELP!!!!! im looking for the read_buff to return 50 or 60 or 800 etc

A: 

sorry.. i know the value is 80 not 50

james  2010-10-29 23:58:47
You should edit your question, not "answer" with a correction :)
Mark Tolonen  2010-10-30 03:42:31
lol sorry mark im new to this site.. i hope this is the right place to post this... ok so i been doing more messing around and i found something strange.. in the python shell i type something = ctypes.create_string_buffer(4) now if i type something.raw and press enter the shell will print '\x00\x00\x00\x00'.. if i type print something.raw it prints four rectangles? why does print change the value of my something variable? using print i want the output to be '\x00\x00\x00\x00'?
james  2010-10-30 08:48:10
That's a new question, so it should be asked as one, then people can get reputation for it (don't forget to except an answer for this one as well). Anyway, to do what you want, use `print repr(s)`, which displays non-printable characters in `\x##` format.
Mark Tolonen  2010-10-30 14:22:13
k thats it then :) problem solved. thanks mark you been a great help :) i clicked the tick so you should get reputation.. anyway, thanks again
james  2010-10-30 17:11:18
A: 

It is not returning Unicode, but four bytes as a string (probably '\x80\x00\x00\x00') Pass a pointer to an integer not a string buffer:

read_buff = ctypes.c_uint()
kernel32.ReadProcessMemory(hproc, lpbaseaddr, ctypes.byref(read_buff),
                           ctypes.sizeof(read_buff), ctypes.byref(bytread))
print read_buff.value
Mark Tolonen  2010-10-30 03:52:19
thank you so much mark it worked perfectly, thats exactly the answer i was looking for :) one last question tho, the read_buff = ctypes.c_uint() will that hold any size variable? unlike the string buffer where i had to specify 4 bytes long etc.. thanks again for the fast reply
james  2010-10-30 10:11:41
ok one last question.. say i wanted to return that byte string. eg "\x80\x00\x00\x00". what pointer would i use then?
james  2010-10-30 12:30:43
No, `c_uint` is 4 bytes in size, `ctypes.sizeof` returns the size. `print repr(read_buff.raw)` will display the string in escaped format.
Mark Tolonen  2010-10-30 14:26:16
ok so at the moment heres what ive done..
james  2010-10-30 15:23:19
read_buff = ctypes.create_string buffer
james  2010-10-30 15:23:34
sigh every time i push enter it sends... anyway.. heres my code.. read_buff = ctypes.create_string_buffer(4) print repr(read_buff.raw) this returns "\x90\x00\x00\x00" for example. then using the struct module i go struct.unpack("i", "\x90\x00\x00\x00") and it gives me the integer i want :) but now how do i get the string version? say for example at that address the value could be an int or a str of a word and i want to try both possible options to see which might contain the value im looking for... thanks
james  2010-10-30 15:27:05
If it is a string just use create_string_buffer like you were using, and `print read_buff.value`.
Mark Tolonen  2010-10-30 17:58:24

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python