test.py (Отобразить)
CODE:
import ctypes as c
from ctypes import wintypes as w
from ctypes import *
from subprocess import getoutput
process_info = getoutput('wmic process where "name like \'%{}%\'" get Processid'.format('kibor.exe')) # name process kibor.exe
pid = int(process_info.split()[1])
print('pid: {}'.format(pid))
k32 = c.windll.kernel32
OpenProcess = k32.OpenProcess
OpenProcess.argtypes = [w.DWORD,w.BOOL,w.DWORD]
OpenProcess.restype = w.HANDLE
ReadProcessMemory = k32.ReadProcessMemory
ReadProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID,c.c_size_t,c.POINTER(c.c_size_t)]
ReadProcessMemory.restype = w.BOOL
WriteProcessMemory = k32.WriteProcessMemory
WriteProcessMemory.argtypes = [w.HANDLE,w.LPVOID,w.LPCVOID,c.c_size_t,c.POINTER(c.c_size_t)]
WriteProcessMemory.restype = w.BOOL
GetLastError = k32.GetLastError
GetLastError.argtypes = None
GetLastError.restype = w.DWORD
CloseHandle = k32.CloseHandle
CloseHandle.argtypes = [w.HANDLE]
CloseHandle.restype = w.BOOL
processHandle_r = OpenProcess(0x10, False, pid)
e = GetLastError()
print('processHandle_read: {}, err code: {}'.format(processHandle_r,e))
processHandle_w = OpenProcess(0x20|0x0008, False, pid)
e = GetLastError()
print('processHandle_write: {}, err code: {}'.format(processHandle_w,e))
bytesRead = c.c_ulong()
f = open('pointer.txt')
read_pointer = f.read()
f.close()
print('read_pointer: {}'.format(read_pointer))
addr = int(read_pointer)
string_read = c.c_ulong()
# прочитать указатель
result_read = ReadProcessMemory(processHandle_r, addr, c.byref(string_read), 4, c.byref(bytesRead))
e = GetLastError()
print('result read: {}, err code: {}, string_read: {}'.format(result_read,e,string_read.value))
addr = string_read.value
string_write = b"bbb"
size_string = len(string_write)
# записать строку
result_write = WriteProcessMemory(processHandle_w, addr, string_write, size_string, c.byref(bytesRead))
e = GetLastError()
print('result write_string: {}, err code: {}'.format(result_write,e))
# записать null(bytes(0)) в конец строки
result_write_null = WriteProcessMemory(processHandle_w, addr+size_string, bytes(0), 1, c.byref(bytesRead))
e = GetLastError()
print('result write_null: {}, err code: {}'.format(result_write_null,e))
CloseHandle(processHandle_r)
CloseHandle(processHandle_w)
import ctypes as c
from ctypes import wintypes as w
from ctypes import *
from subprocess import getoutput
process_info = getoutput('wmic process where "name like \'%{}%\'" get Processid'.format('kibor.exe')) # name process kibor.exe
pid = int(process_info.split()[1])
print('pid: {}'.format(pid))
k32 = c.windll.kernel32
OpenProcess = k32.OpenProcess
OpenProcess.argtypes = [w.DWORD,w.BOOL,w.DWORD]
OpenProcess.restype = w.HANDLE
ReadProcessMemory = k32.ReadProcessMemory
ReadProcessMemory.argtypes = [w.HANDLE,w.LPCVOID,w.LPVOID,c.c_size_t,c.POINTER(c.c_size_t)]
ReadProcessMemory.restype = w.BOOL
WriteProcessMemory = k32.WriteProcessMemory
WriteProcessMemory.argtypes = [w.HANDLE,w.LPVOID,w.LPCVOID,c.c_size_t,c.POINTER(c.c_size_t)]
WriteProcessMemory.restype = w.BOOL
GetLastError = k32.GetLastError
GetLastError.argtypes = None
GetLastError.restype = w.DWORD
CloseHandle = k32.CloseHandle
CloseHandle.argtypes = [w.HANDLE]
CloseHandle.restype = w.BOOL
processHandle_r = OpenProcess(0x10, False, pid)
e = GetLastError()
print('processHandle_read: {}, err code: {}'.format(processHandle_r,e))
processHandle_w = OpenProcess(0x20|0x0008, False, pid)
e = GetLastError()
print('processHandle_write: {}, err code: {}'.format(processHandle_w,e))
bytesRead = c.c_ulong()
f = open('pointer.txt')
read_pointer = f.read()
f.close()
print('read_pointer: {}'.format(read_pointer))
addr = int(read_pointer)
string_read = c.c_ulong()
# прочитать указатель
result_read = ReadProcessMemory(processHandle_r, addr, c.byref(string_read), 4, c.byref(bytesRead))
e = GetLastError()
print('result read: {}, err code: {}, string_read: {}'.format(result_read,e,string_read.value))
addr = string_read.value
string_write = b"bbb"
size_string = len(string_write)
# записать строку
result_write = WriteProcessMemory(processHandle_w, addr, string_write, size_string, c.byref(bytesRead))
e = GetLastError()
print('result write_string: {}, err code: {}'.format(result_write,e))
# записать null(bytes(0)) в конец строки
result_write_null = WriteProcessMemory(processHandle_w, addr+size_string, bytes(0), 1, c.byref(bytesRead))
e = GetLastError()
print('result write_null: {}, err code: {}'.format(result_write_null,e))
CloseHandle(processHandle_r)
CloseHandle(processHandle_w)