我正在尝试创建一个内存扫描仪。类似于作弊引擎。但仅用于提取信息。 我知道如何获取pid（在本例中为“notepad.exe”）。但是我不知道如何知道哪个特定的地址属于我正在扫描的程序。 试图寻找例子。我可以看到有人从一点到另一点，它试图扫描每个地址。但是它太慢了。然后我尝试创建一个批量大小（扫描一部分内存，而不是逐个扫描每个地址）。问题是尺寸是否太短。仍然需要很长时间。如果时间太长，可能会丢失许多属于该程序的地址。因为ReadMemoryScan的结果在第一个地址中为假，但在下一个地址中可能为真。这是我的例子

import ctypes as c
from ctypes import wintypes as w
import psutil
from sys import stdout
write = stdout.write
import numpy as np

def get_client_pid(process_name):
    pid = None
    for proc in psutil.process_iter():
        if proc.name() == process_name:
            pid = int(proc.pid)
            print(f"Found '{process_name}' PID = ", pid,f" hex_value = {hex(pid)}")
            break    

    if pid == None:
        print('Program Not found')
    return pid

pid = get_client_pid("notepad.exe")

if pid == None:
    sys.exit()

k32 = c.WinDLL('kernel32', use_last_error=True)
OpenProcess = k32.OpenProcess
OpenProcess.argtypes = [w.DWORD,w.BOOL,w.DWORD]
OpenProcess.restype = w.HANDLE
ReadProcessMemory = k32.ReadProcessMemory
ReadProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID,c.c_size_t,c.POINTER(c.c_size_t)]
ReadProcessMemory.restype = w.BOOL
GetLastError = k32.GetLastError
GetLastError.argtypes = None
GetLastError.restype = w.DWORD
CloseHandle = k32.CloseHandle
CloseHandle.argtypes = [w.HANDLE]
CloseHandle.restype = w.BOOL

processHandle = OpenProcess(0x10, False, int(pid))

# addr = 0x0FFFFFFFFFFF

data = c.c_ulonglong()
bytesRead = c.c_ulonglong()

start = 0x000000000000
end =   0x7fffffffffff
batch_size = 2**13
MemoryData = np.zeros(batch_size, 'l')
Size = MemoryData.itemsize*MemoryData.size
index = 0
Data_address = []
for c_adress in range(start,end,batch_size):

    result = ReadProcessMemory(processHandle,c.c_void_p(c_adress), MemoryData.ctypes.data, 
                            Size, c.byref(bytesRead))
    if result: # Save adress
        Data_address.extend(list(range(c_adress,c_adress+batch_size)))


e = GetLastError()
CloseHandle(processHandle)

我决定从0x000000000000到0x7fffffffffff，因为作弊引擎扫描这个大小。我对这种关于记忆扫描的事情还是个乞丐。也许我可以做一些事情来提高效率