本帖最后由 无闻无问 于 2021-4-7 13:58 编辑
写下自己的收获。如有不当,请大家指正,谢谢!
如有违规,请管理修正,谢谢!
自己写的简单的弹窗程序,测试获取弹窗的内容:
od找弹窗字符串内容位置:
进程pid:
以下是代码:
呵呵呵,主要参照网上大神的例子,修改修改而成:
在Thonny+win7中测试成功……
[Python] 纯文本查看 复制代码 import ctypes
from ctypes import wintypes
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
ERROR_PARTIAL_COPY = 0x012B
PROCESS_VM_READ = 0x0010
SIZE_T = ctypes.c_size_t
PSIZE_T = ctypes.POINTER(SIZE_T)
def _check_zero(result, func, args):
if not result:
raise ctypes.WinError(ctypes.get_last_error())
return args
kernel32.OpenProcess.errcheck = _check_zero
kernel32.OpenProcess.restype = wintypes.HANDLE
kernel32.OpenProcess.argtypes = (
wintypes.DWORD, # _In_ dwDesiredAccess
wintypes.BOOL, # _In_ bInheritHandle
wintypes.DWORD) # _In_ dwProcessId
kernel32.ReadProcessMemory.errcheck = _check_zero
kernel32.ReadProcessMemory.argtypes = (
wintypes.HANDLE, # _In_ hProcess
wintypes.LPCVOID, # _In_ lpBaseAddress
wintypes.LPVOID, # _Out_ lpBuffer
SIZE_T, # _In_ nSize
PSIZE_T) # _Out_ lpNumberOfBytesRead
kernel32.CloseHandle.argtypes = (wintypes.HANDLE,)
exe_pid=int(input('请输入程序PID:'))
buf = (ctypes.c_char * 21)()
nread = SIZE_T()
hProcess = kernel32.OpenProcess(PROCESS_VM_READ, False, exe_pid)
kernel32.ReadProcessMemory(hProcess, 0x4031B0, buf, 21, ctypes.byref(nread))
kernel32.CloseHandle(hProcess)
str_byte=bytes(buf)
str_ok=str(str_byte,'gbk')
str_utf=str_ok.encode('utf-8')
print('gbk:',str_ok)
print('utf-8:',str_utf.decode('utf-8'))
运行变量:
成功图:
不得不感叹,Python这东西能干的事真多……
附件含源代码和测试程序,密码:52pojie
52pojie.zip
(7.1 KB, 下载次数: 64)
| 
[复制链接]
发表于 2021-4-7 13:38
