(编辑:jimmy 日期: 2024/10/30 浏览:2)
import ctypes from ctypes import wintypes kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) ERROR_PARTIAL_COPY = 0x012B PROCESS_VM_READ = 0x0010 SIZE_T = ctypes.c_size_t PSIZE_T = ctypes.POINTER(SIZE_T) def _check_zero(result, func, args): if not result: raise ctypes.WinError(ctypes.get_last_error()) return args kernel32.OpenProcess.errcheck = _check_zero kernel32.OpenProcess.restype = wintypes.HANDLE kernel32.OpenProcess.argtypes = ( wintypes.DWORD, # _In_ dwDesiredAccess wintypes.BOOL, # _In_ bInheritHandle wintypes.DWORD) # _In_ dwProcessId kernel32.ReadProcessMemory.errcheck = _check_zero kernel32.ReadProcessMemory.argtypes = ( wintypes.HANDLE, # _In_ hProcess wintypes.LPCVOID, # _In_ lpBaseAddress wintypes.LPVOID, # _Out_ lpBuffer SIZE_T, # _In_ nSize PSIZE_T) # _Out_ lpNumberOfBytesRead kernel32.CloseHandle.argtypes = (wintypes.HANDLE,)exe_pid=int(input('请输入程序PID:'))buf = (ctypes.c_char * 21)() nread = SIZE_T() hProcess = kernel32.OpenProcess(PROCESS_VM_READ, False, exe_pid) kernel32.ReadProcessMemory(hProcess, 0x4031B0, buf, 21, ctypes.byref(nread)) kernel32.CloseHandle(hProcess)str_byte=bytes(buf)str_ok=str(str_byte,'gbk')str_utf=str_ok.encode('utf-8')print('gbk:',str_ok)print('utf-8:',str_utf.decode('utf-8'))