问题
Ive got the following code:
import subprocess
from ctypes import *
#-Part where I get the PID and declare all variables-#
OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, PID)
ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead))
All this is working flawless, but since some processes uses a so called BaseAddress or StartAddress. And in my case the size of this BaseAddress is random from time to time.
As suggested here I tried using the following code:
BaseAddress = win32api.GetModuleHandle(None)
All it does is giving the same hex value over and over again, even though I for sure know that my BaseAddress have changed.
Screenshot from the linked thread showing what Im looking for (where the left part is the baseaddress):
回答1:
I did manage to find a solution for python 3.5 32-bit and 64 bit.
For 32 bit I used psutil and pymem (as already suggested on this question).:
import psutil
import pymem
my_pid = None
for pid in pids:
ps = psutil.Process(pid)
# find process by .exe name, but note that there might be more instances of solitaire.exe
if "solitaire.exe" in ps.name():
my_pid = ps.pid
print( "%s running with pid: %d" % (ps.name(), ps.pid) )
base_address = pymem.process.base_address(pid)
For 64 bit pymem was not working. I found suggestions using win32api.GetModuleHandle(fileName) but it required win32api.LoadLibrary(fileName) which was not using an already running process.
Therefore I found this suboptimal solution, since this returns a whole list of possibilities:
import win32process
import win32api
# first get pid, see the 32-bit solution
PROCESS_ALL_ACCESS = 0x1F0FFF
processHandle = win32api.OpenProcess(PROCESS_ALL_ACCESS, False, my_pid)
modules = win32process.EnumProcessModules(processHandle)
processHandle.close()
base_addr = modules[0] # for me it worked to select the first item in list...
回答2:
See How to enumerate modules in python 64bit for some good code to use. You are looking for 'modBaseAddr'.
For more info on tagMODULEENTRY32, see http://msdn.microsoft.com/en-us/library/windows/desktop/ms684225(v=vs.85).aspx
You could also use pymem ('obsolete' project but still works) with the following code (you want modBaseAddr):
for m in self.listModules():
if m.szModule==szModule:
print m.szModule, m.szExePath, m.modBaseAddr
来源:https://stackoverflow.com/questions/14027459/finding-the-baseaddress-of-a-running-process