StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1216456
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2009-08-01T11:49:49.733
FavoriteCount
0
LastActivityDate
2009-08-01T11:55:30.207
LastEditDate
2009-08-01T11:55:30.207
LastEditorUserId
148920
OwnerUserId
148920
ParentId
1013828
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
It is possible to implement the entire process in one of the languages listed but a compiled language would be better for memory scanning (speed considerations if nothing else). There is a dll (with source) called SigScan available that, while tailored for a specific game, could probably be modified to suite your needs with minimal effort. Building on Brian's correct answer here's a quick and dirty example of using a dll to get your address from within python. This is, of course, specific to the DLLs implementation. "Module name" would generally be the dll name as displayed in Cheat Engines "Enumerate DLLs and Symbols" dialog. With Brian's example as a guideline and <a href="http://msdn.microsoft.com/en-us/library/ms681674%28VS.85%29.aspx" rel="nofollow noreferrer" title="MSDN">MSDN</a> you could easily extend this with your own WriteProcessMemory method. <pre><code>import win32defines import win32process import win32gui from ctypes import * SigScan = cdll.SigScan kernel32 = windll.kernel32 addresses = {"Value1" : {"sigArg1" : "b0015ec390518b4c24088d4424005068", "sigArg2" : 36, "address" : None, "size" : 32 }, "Value2" :{"sigArg1" : "3b05XXXXXXXX741285c0", "sigArg2" : None, "address" : None, "size" : 32 } } def read_process_mem(pid, address, size): """Read memory of the specified process ID.""" buf = create_string_buffer(size) gotBytes = c_ulong(0) h = kernel32.OpenProcess(win32defines.PROCESS_VM_READ, False, pid) try: if kernel32.ReadProcessMemory(h, address, buf, size, byref(gotBytes)): return buf else: # TODO: report appropriate error GetLastError raise Exception("Failed to access process memory.") finally: kernel32.CloseHandle(h) if __name__ == "__main__": pid, id = None, None ## HWND hwnd = win32gui.FindWindowEx(0, 0, 0, "Window Name here") ## pid pid = win32process.GetWindowThreadProcessId(hwnd)[-1] ## Initialize the sigscan dll SigScan.InitializeSigScan(pid, "Module Name") ## Find all the addresses registered for key in addresses.keys(): addresses[key]["address"] = SigScan.SigScan(addresses[key]["sigArg1"], addresses[key]["sigArg2"]) ## Allow the scanner to clean up SigScan.FinalizeSigScan() for key in addresses.keys(): if addresses[key]["address"] != None: print repr(read_process_mem(pid, addresses[key]["address"], addresses[key]["size"]).raw)</code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to write a Perl, Python, or Ruby program to change the memory of another process on Windows?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USPmc
UserOwnerUserId
1. USPmc
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.