将内存地址从指针(字节)类型转换为十六进制

2024-03-29 13:20:19 发布

您现在位置:Python中文网/ 问答频道 /正文

我试图找到进程process.exe中使用的render.dll的基址。我已经修改了代码in this question,我能够得到一个基址render.dll的结果。在

from ctypes import *
from ctypes.wintypes import *
import psutil


class MODULEENTRY32(Structure):
    _fields_ = [( 'dwSize', DWORD),
                ( 'th32ModuleID', DWORD),
                ( 'th32ProcessID', DWORD),
                ( 'GlblcntUsage', DWORD),
                ( 'ProccntUsage', DWORD),
                ( 'modBaseAddr', POINTER(BYTE)),
                ( 'modBaseSize', DWORD),
                ( 'hModule', HMODULE),
                ( 'szModule', c_char * 256),
                ( 'szExePath', c_char * 260)]


CreateToolhelp32Snapshot = windll.kernel32.CreateToolhelp32Snapshot
Module32First = windll.kernel32.Module32First
Module32Next = windll.kernel32.Module32Next
CloseHandle = windll.kernel32.CloseHandle
TH32CS_SNAPMODULE = 0x00000008
TH32CS_SNAPMODULE32 = 0x00000010


def getpid(processname):
    for proc in psutil.process_iter():
        if str(processname) in str(proc.name):
            return proc.pid


def GetModuleByName(name):
    snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE32 | TH32CS_SNAPMODULE, getpid('process.exe'))

    entry = MODULEENTRY32()
    entry.dwSize = sizeof(MODULEENTRY32)

    if Module32First(snapshot, pointer(entry)):
            while Module32Next(snapshot, entry):
                if entry.szModule == name:
                    CloseHandle(snapshot)
                    return entry.modBaseAddr
    CloseHandle(snapshot)
    return None

baseAddr = GetModuleByName('render.dll')
print baseAddr

结果是<__main__.LP_c_byte object at 0x00000000023C9348>。我知道这与结果是POINTER(BYTE)类型有关,但是我不确定如何从这个类型得到一个普通的十六进制内存地址,我可以用它来读取这个位置的进程内存。在


Tags: inimportsnapshotrenderprocessdllentrywindll