Python 进程内存检测

问题描述 投票:0回答:1

我想检测程序进程中的一些字符串。这是如何使用进程黑客来做到这一点:

查找进程 > RBM > 属性 > 内存 > 字符串按钮 > 最小长度:4 > enter image description here > 确定 > 筛选 > enter image description here > cheatname.cc > 查找 > enter image description here

所以问题是,是否有可能通过Python以某种方式实现自动化。我已经尝试这样做了,但没有成功。

import psutil
import ctypes
import ctypes.wintypes
import time

# Define the process name
process_name = "gmod.exe"

# Define the byte pattern to search for
byte_pattern = b'exechack.cc'

# Set the interval for checking the game's memory
interval = 30

while True:
    # Get the process ID of the game
    pid = None
    for proc in psutil.process_iter(['pid', 'name']):
        if proc.info['name'] == process_name:
            pid = proc.info['pid']
            break

    if pid:
        # Open the process with read-only access
        process_handle = ctypes.windll.kernel32.OpenProcess(0x10, False, pid)

        # Define the memory address range to scan
        start_address = ctypes.c_ulonglong(0)
        end_address = ctypes.c_ulonglong(0x7FFFFFFFFFFFFF)

        # Scan the process memory for the byte pattern
        while start_address.value < end_address.value:
            memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
            result = ctypes.windll.kernel32.VirtualQueryEx(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(memory_info), ctypes.sizeof(memory_info))
            if result == 0:
                # Error occurred, break out of loop
                break
            start_address = ctypes.c_ulonglong(memory_info.BaseAddress + memory_info.RegionSize)
            if memory_info.RegionSize == 0:
                # Region size is zero, skip to the next region
                continue
            buffer = (ctypes.c_byte * memory_info.RegionSize)()
            ctypes.windll.kernel32.ReadProcessMemory(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(buffer), ctypes.sizeof(buffer), None)
            if byte_pattern in buffer:
                print("Cheat code detected!")
                break

        # Close the process handle
        ctypes.windll.kernel32.CloseHandle(process_handle)

    # Wait for the interval before checking again
    time.sleep(interval)

错误:

Exception has occurred: AttributeError
module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'
  File "C:\Users\axsta\Desktop\ac.py", line 33, in <module>
    memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
AttributeError: module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'

我希望程序找到进程本身并搜索我上面显示的所有内容。

有用信息:Process图像类型:64位steam screenshot

网上我需要的信息很少,所以才来这里寻求帮助

我尝试更改不同的变量,处理库,但没有任何效果,我不知道问题是什么

python process garrys-mod anti-cheat
1个回答
0
投票

您检查过androidMemoryTool吗? 如果您不想自己编写所有内容,请使用 androidMemoryTool 它的最新版本现在支持 windows 平台。

from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

# Initialize the tool and set the speed_mode to off for Windows in this version only.
tool = AndroidMemoryTool(PKG="gmod.exe",TYPE=DataTypes.UTF_8)
# Search for a value in the entire memory.
values = tool.read_value("exechack.cc")
founded_offsets = values[0]
founded_values = values[1]
print(founded_values)
print(founded_offsets)
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.