python读取其它进程的字符串信息或注册码

(编辑:jimmy 日期: 2024/12/23 浏览:2)


写下自己的收获。如有不当,请大家指正,谢谢!
如有违规,请管理修正,谢谢!
自己写的简单的弹窗程序,测试获取弹窗的内容:
python读取其它进程的字符串信息或注册码
od找弹窗字符串内容位置:
python读取其它进程的字符串信息或注册码
进程pid:
python读取其它进程的字符串信息或注册码
以下是代码:
呵呵呵,主要参照网上大神的例子,修改修改而成:
在Thonny+win7中测试成功……
[Python] 纯文本查看 复制代码
import ctypes from ctypes import wintypes kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) ERROR_PARTIAL_COPY = 0x012B PROCESS_VM_READ = 0x0010 SIZE_T = ctypes.c_size_t PSIZE_T = ctypes.POINTER(SIZE_T) def _check_zero(result, func, args):     if not result:      raise ctypes.WinError(ctypes.get_last_error())     return args kernel32.OpenProcess.errcheck = _check_zero kernel32.OpenProcess.restype = wintypes.HANDLE kernel32.OpenProcess.argtypes = (    wintypes.DWORD, # _In_ dwDesiredAccess     wintypes.BOOL, # _In_ bInheritHandle     wintypes.DWORD) # _In_ dwProcessId kernel32.ReadProcessMemory.errcheck = _check_zero kernel32.ReadProcessMemory.argtypes = (    wintypes.HANDLE, # _In_ hProcess     wintypes.LPCVOID, # _In_ lpBaseAddress     wintypes.LPVOID, # _Out_ lpBuffer     SIZE_T,   # _In_ nSize     PSIZE_T)   # _Out_ lpNumberOfBytesRead kernel32.CloseHandle.argtypes = (wintypes.HANDLE,)exe_pid=int(input('请输入程序PID:'))buf = (ctypes.c_char * 21)() nread = SIZE_T() hProcess = kernel32.OpenProcess(PROCESS_VM_READ, False, exe_pid) kernel32.ReadProcessMemory(hProcess, 0x4031B0, buf, 21, ctypes.byref(nread)) kernel32.CloseHandle(hProcess)str_byte=bytes(buf)str_ok=str(str_byte,'gbk')str_utf=str_ok.encode('utf-8')print('gbk:',str_ok)print('utf-8:',str_utf.decode('utf-8'))

运行变量:
python读取其它进程的字符串信息或注册码
成功图:
python读取其它进程的字符串信息或注册码
不得不感叹,Python这东西能干的事真多……
附件含源代码和测试程序,密码:52pojie
python读取其它进程的字符串信息或注册码52pojie.zip2021-4-7 13:31 上传点击文件名下载附件