<p>清单<a href="https://docs.python.org/3/library/ctypes.html#module-ctypes" rel="nofollow noreferrer">[Python 3.Docs]: ctypes - A foreign function library for Python</a>。在</p>
<p>有很多问题(除了缺少一些信息的问题):</p>
<ul>
<li><p>当使用<em>ctypes</em>函数(例如<code>ctypes.addressof</code>)时,应该考虑它们对<strong><em>ctypes</em></strong>(而不是Python</em>)类型进行操作。因此,<em>number</em>必须转换为<em>ctypes</em>类型(应该适合其值)。从指针的值创建指针会导致灾难</p></li>
<li><p>通常,导入当前名称空间中的所有内容不是一个好主意(<a href="https://stackoverflow.com/questions/55722260/what-is-the-reason-for-using-a-wildcard-import/55722824#55722824">[SO]: What is the reason for using a wildcard import? (@CristiFati's answer)</a>)</p></li>
<li><p>您的<a href="https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory" rel="nofollow noreferrer">[MS.Docs]: WriteProcessMemory function</a>定义有点错误(不重要),但最好使用现有别名(为了可读性起见)</p></li>
</ul>
<p>这是一个工作变体。在</p>
<p><em>代码00.py</em>:</p>
<pre class="lang-py prettyprint-override"><code>#!/usr/bin/env python3
import sys
import ctypes
from ctypes import wintypes
def main():
kernel32 = ctypes.WinDLL("kernel32.dll")
GetCurrentProcess = kernel32.GetCurrentProcess
GetCurrentProcess.argtypes = []
GetCurrentProcess.restype = wintypes.HANDLE
WriteProcessMemory = kernel32.WriteProcessMemory
WriteProcessMemory.argtypes = [wintypes.HANDLE, wintypes.LPVOID, wintypes.LPCVOID, ctypes.c_size_t, ctypes.POINTER(ctypes.c_size_t)]
WriteProcessMemory.restypes = wintypes.BOOL
buf = ctypes.create_string_buffer(b"0123456789")
print("Buffer INITIAL contents: [{0:}]".format(buf.value))
number = ctypes.c_ulonglong(0x4847464544434241) # 8 bytes: ASCII codes H .. A
address = ctypes.addressof(buf) # Mimic your address - which is the above buffer's
bytes_to_write = ctypes.sizeof(number)
bytes_written = ctypes.c_size_t(0)
print("Attempting to write ({0:d} bytes) number {1:d} (0x{2:016X}) to address {3:} (0x{4:016X}) ...".format(bytes_to_write, number.value, number.value, address, address))
res = WriteProcessMemory(GetCurrentProcess(), address, ctypes.addressof(number), bytes_to_write, ctypes.byref(bytes_written))
if res:
print("Wrote {0:d} bytes".format(bytes_written.value))
print("Buffer FINAL contents: [{0:}]".format(buf.value))
if __name__ == "__main__":
print("Python {0:s} {1:d}bit on {2:s}\n".format(" ".join(item.strip() for item in sys.version.split("\n")), 64 if sys.maxsize > 0x100000000 else 32, sys.platform))
main()
print("\nDone.")
</code></pre>
<p><strong>输出</strong>:</p>
<blockquote>
<pre class="lang-bat prettyprint-override"><code>[cfati@CFATI-5510-0:e:\Work\Dev\StackOverflow\q057768711]> "e:\Work\Dev\VEnvs\py_064_03.07.03_test0\Scripts\python.exe" code00.py
Python 3.7.3 (v3.7.3:ef4ec6ed12, Mar 25 2019, 22:22:05) [MSC v.1916 64 bit (AMD64)] 64bit on win32
Buffer INITIAL contents: [b'0123456789']
Attempting to write (8 bytes) number 5208208757389214273 (0x4847464544434241) to address 1807564046992 (0x000001A4DB368290) ...
Wrote 8 bytes
Buffer FINAL contents: [b'ABCDEFGH89']
Done.
</code></pre>
</blockquote>
<p><strong>注意事项</strong>:</p>
<ul>
<li>如图所示,指定地址的内存内容已成功写入</li>
<li>唯一“不正常”的事情是这个数字有<em>ASCII</em>代码<strong><em>['H'…'一个']</em></strong>,但在缓冲区中它们显示为相反的。那是因为我的电脑是小端。如果你想看一看,我在<a href="https://stackoverflow.com/questions/37990060/python-struct-pack-behavior/38003729#38003729">[SO]: Python struct.pack() behavior (@CristiFati's answer)</a>中讨论过这个主题</li>
</ul>