Python CreateFile 找不到物理内存
我正在尝试访问 Windows 2000 系统的物理内存(尝试在不使用内存转储工具的情况下执行此操作)。我的理解是,我需要使用 CreateFile 函数创建句柄来执行此操作。我使用了旧版本的 win32dd 来帮助我解决这个问题。网络上的其他文档指出我使用“\Device\PhysicalMemory”或“\\.\PhysicalMemory”。不幸的是,我每次都遇到相同的错误。
Traceback (most recent call last):
File "testHandles.py", line 101, in (module)
File "testHandles.py", line 72, in createFileHandle
pywintypes.error: (3, 'CreateFile', 'The system cannot find the path specified.')
实际上,每次运行 \\.\PhysicalMemory == 3 和 \Device\PhysicalMemory == 2 返回的错误号是不同的。对 pywin32、win32file、createfile、pyhandle 和 pywintypes 的审查没有产生有关不同返回值的信息。
这是我的代码。我正在使用 py2exe 使其在 Windows 2000 上运行(是的,它编译成功)。我意识到我可能也有 DeviceIoControl 的问题,但现在我专注于 CreateFile。
# testHandles.py
import ctypes
import socket
import struct
import sys
import win32file
import pywintypes
def createFileHandle():
outLoc = pywintypes.Unicode("C:\\Documents and Settings\\Administrator\\My Documents\\pymemdump_dotPM.dd")
handleLoc = pywintypes.Unicode("\\\\.\\PhysicalMemory")
#handleLoc = pywintypes.Unicode("\\Device\\PhysicalMemory")
placeHolder = 0
BytesReturned = 0
# Device = CreateFile(L"\\\\.\\win32dd", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
# CreateFile(fileName, desiredAccess , shareMode , attributes , creationDisposition , flagsAndAttributes , hTemplateFile )
#hMemHandle = win32file.CreateFile(handleLoc, GENERIC_ALL, SHARE_READ, None, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, None)
hMemHandle = win32file.CreateFile(handleLoc, win32file.GENERIC_READ, win32file.FILE_SHARE_READ, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_NORMAL, None)
print "hMemHandle: %s" % hMemHandle
if (hMemHandle == NO_ERROR):
print "Could not build hMemHandle"
sys.exit()
# We send destination path to the driver.
#if (!DeviceIoControl(hMemHandle, 0x19880922, outLoc, (ULONG)(wcslen(outLoc) + 1) * sizeof(TCHAR), NULL, 0, &BytesReturned, NULL))
if (ctypes.windll.Kernel32.DeviceIoControl(hMemHandle, 0x19880922, outLoc, 5, NULL, 0, BytesReturned, NULL)):
print "Error: DeviceIoControl(), Cannot send IOCTL.\n"
else:
print "[win32dd] Physical memory dumped. You can now check %s.\n" % outLoc
# Dump memory
createFileHandle()
谢谢你, 剖面图
I am trying to access the Physical Memory of a Windows 2000 system (trying to do this without a memory dumping tool). My understanding is that I need to do this using the CreateFile function to create a handle. I have used an older version of win32dd to help me through this. Other documentation on the web points me to using either "\Device\PhysicalMemory" or "\\.\PhysicalMemory". Unfortunately, I get the same error for each.
Traceback (most recent call last):
File "testHandles.py", line 101, in (module)
File "testHandles.py", line 72, in createFileHandle
pywintypes.error: (3, 'CreateFile', 'The system cannot find the path specified.')
Actually, the error number returned is different for each run \\.\PhysicalMemory == 3 and \Device\PhysicalMemory == 2. Review of pywin32, win32file, createfile, pyhandle, and pywintypes did not produce information as to the different return values.
Here is my code. I am using py2exe to get this working on Windows 2000 (and yes it compiles successfully). I realize that I might also have a problem with DeviceIoControl but right now I am concentrating on CreateFile.
# testHandles.py
import ctypes
import socket
import struct
import sys
import win32file
import pywintypes
def createFileHandle():
outLoc = pywintypes.Unicode("C:\\Documents and Settings\\Administrator\\My Documents\\pymemdump_dotPM.dd")
handleLoc = pywintypes.Unicode("\\\\.\\PhysicalMemory")
#handleLoc = pywintypes.Unicode("\\Device\\PhysicalMemory")
placeHolder = 0
BytesReturned = 0
# Device = CreateFile(L"\\\\.\\win32dd", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
# CreateFile(fileName, desiredAccess , shareMode , attributes , creationDisposition , flagsAndAttributes , hTemplateFile )
#hMemHandle = win32file.CreateFile(handleLoc, GENERIC_ALL, SHARE_READ, None, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, None)
hMemHandle = win32file.CreateFile(handleLoc, win32file.GENERIC_READ, win32file.FILE_SHARE_READ, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_NORMAL, None)
print "hMemHandle: %s" % hMemHandle
if (hMemHandle == NO_ERROR):
print "Could not build hMemHandle"
sys.exit()
# We send destination path to the driver.
#if (!DeviceIoControl(hMemHandle, 0x19880922, outLoc, (ULONG)(wcslen(outLoc) + 1) * sizeof(TCHAR), NULL, 0, &BytesReturned, NULL))
if (ctypes.windll.Kernel32.DeviceIoControl(hMemHandle, 0x19880922, outLoc, 5, NULL, 0, BytesReturned, NULL)):
print "Error: DeviceIoControl(), Cannot send IOCTL.\n"
else:
print "[win32dd] Physical memory dumped. You can now check %s.\n" % outLoc
# Dump memory
createFileHandle()
Thank you,
Cutaway
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不相信在 Windows 中从用户模式访问物理内存对象是可能的。作为您的 win32dd 链接< /a> 建议,您需要从内核模式执行此操作。
I don't believe it's possible to access the physical memory object from user mode land in Windows. As your win32dd link suggests, you will need to do it from kernel mode.