我想检测程序进程中的一些字符串。这是如何使用进程黑客来做到这一点:
查找进程 > RBM > 属性 > 内存 > 字符串按钮 > 最小长度:4 > > 确定 > 筛选 > > cheatname.cc > 查找 >
所以问题是,是否有可能通过Python以某种方式实现自动化。我已经尝试这样做了,但没有成功。
import psutil
import ctypes
import ctypes.wintypes
import time
# Define the process name
process_name = "gmod.exe"
# Define the byte pattern to search for
byte_pattern = b'exechack.cc'
# Set the interval for checking the game's memory
interval = 30
while True:
# Get the process ID of the game
pid = None
for proc in psutil.process_iter(['pid', 'name']):
if proc.info['name'] == process_name:
pid = proc.info['pid']
break
if pid:
# Open the process with read-only access
process_handle = ctypes.windll.kernel32.OpenProcess(0x10, False, pid)
# Define the memory address range to scan
start_address = ctypes.c_ulonglong(0)
end_address = ctypes.c_ulonglong(0x7FFFFFFFFFFFFF)
# Scan the process memory for the byte pattern
while start_address.value < end_address.value:
memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
result = ctypes.windll.kernel32.VirtualQueryEx(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(memory_info), ctypes.sizeof(memory_info))
if result == 0:
# Error occurred, break out of loop
break
start_address = ctypes.c_ulonglong(memory_info.BaseAddress + memory_info.RegionSize)
if memory_info.RegionSize == 0:
# Region size is zero, skip to the next region
continue
buffer = (ctypes.c_byte * memory_info.RegionSize)()
ctypes.windll.kernel32.ReadProcessMemory(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(buffer), ctypes.sizeof(buffer), None)
if byte_pattern in buffer:
print("Cheat code detected!")
break
# Close the process handle
ctypes.windll.kernel32.CloseHandle(process_handle)
# Wait for the interval before checking again
time.sleep(interval)
错误:
Exception has occurred: AttributeError
module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'
File "C:\Users\axsta\Desktop\ac.py", line 33, in <module>
memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
AttributeError: module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'
我希望程序找到进程本身并搜索我上面显示的所有内容。
网上我需要的信息很少,所以才来这里寻求帮助
我尝试更改不同的变量,处理库,但没有任何效果,我不知道问题是什么
您检查过androidMemoryTool吗? 如果您不想自己编写所有内容,请使用 androidMemoryTool 它的最新版本现在支持 windows 平台。
from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP
# Initialize the tool and set the speed_mode to off for Windows in this version only.
tool = AndroidMemoryTool(PKG="gmod.exe",TYPE=DataTypes.UTF_8)
# Search for a value in the entire memory.
values = tool.read_value("exechack.cc")
founded_offsets = values[0]
founded_values = values[1]
print(founded_values)
print(founded_offsets)