python读取其它进程的字符串信息或注册码
(编辑:jimmy 日期: 2024/11/14 浏览:3 次 )
写下自己的收获。如有不当,请大家指正,谢谢!
如有违规,请管理修正,谢谢!
自己写的简单的弹窗程序,测试获取弹窗的内容:
od找弹窗字符串内容位置:
进程pid:
以下是代码:
呵呵呵,主要参照网上大神的例子,修改修改而成:
在Thonny+win7中测试成功……
[Python] 纯文本查看 复制代码
import ctypes from ctypes import wintypes kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) ERROR_PARTIAL_COPY = 0x012B PROCESS_VM_READ = 0x0010 SIZE_T = ctypes.c_size_t PSIZE_T = ctypes.POINTER(SIZE_T) def _check_zero(result, func, args): if not result: raise ctypes.WinError(ctypes.get_last_error()) return args kernel32.OpenProcess.errcheck = _check_zero kernel32.OpenProcess.restype = wintypes.HANDLE kernel32.OpenProcess.argtypes = ( wintypes.DWORD, # _In_ dwDesiredAccess wintypes.BOOL, # _In_ bInheritHandle wintypes.DWORD) # _In_ dwProcessId kernel32.ReadProcessMemory.errcheck = _check_zero kernel32.ReadProcessMemory.argtypes = ( wintypes.HANDLE, # _In_ hProcess wintypes.LPCVOID, # _In_ lpBaseAddress wintypes.LPVOID, # _Out_ lpBuffer SIZE_T, # _In_ nSize PSIZE_T) # _Out_ lpNumberOfBytesRead kernel32.CloseHandle.argtypes = (wintypes.HANDLE,)exe_pid=int(input('请输入程序PID:'))buf = (ctypes.c_char * 21)() nread = SIZE_T() hProcess = kernel32.OpenProcess(PROCESS_VM_READ, False, exe_pid) kernel32.ReadProcessMemory(hProcess, 0x4031B0, buf, 21, ctypes.byref(nread)) kernel32.CloseHandle(hProcess)str_byte=bytes(buf)str_ok=str(str_byte,'gbk')str_utf=str_ok.encode('utf-8')print('gbk:',str_ok)print('utf-8:',str_utf.decode('utf-8'))
运行变量:
成功图:
不得不感叹,Python这东西能干的事真多……
附件含源代码和测试程序,密码:52pojie
52pojie.zip2021-4-7 13:31 上传点击文件名下载附件
下一篇:某七加速器最新版破解思路