Python Process Memory Detecting

Question

I want to detect some strings in programm process. Here is, how to do it using process hacker:

Find process > RBM > Properties > Memory > Strings button > Minimum length: 4 > enter image description here > OK > Filter > enter image description here > cheatname.cc > Find > enter image description here

So the question is, is it possible to somehow automate through python. I already tried to do this, but it didn't work.

import psutil
import ctypes
import ctypes.wintypes
import time

# Define the process name
process_name = "gmod.exe"

# Define the byte pattern to search for
byte_pattern = b'exechack.cc'

# Set the interval for checking the game's memory
interval = 30

while True:
    # Get the process ID of the game
    pid = None
    for proc in psutil.process_iter(['pid', 'name']):
        if proc.info['name'] == process_name:
            pid = proc.info['pid']
            break

    if pid:
        # Open the process with read-only access
        process_handle = ctypes.windll.kernel32.OpenProcess(0x10, False, pid)

        # Define the memory address range to scan
        start_address = ctypes.c_ulonglong(0)
        end_address = ctypes.c_ulonglong(0x7FFFFFFFFFFFFF)

        # Scan the process memory for the byte pattern
        while start_address.value < end_address.value:
            memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
            result = ctypes.windll.kernel32.VirtualQueryEx(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(memory_info), ctypes.sizeof(memory_info))
            if result == 0:
                # Error occurred, break out of loop
                break
            start_address = ctypes.c_ulonglong(memory_info.BaseAddress + memory_info.RegionSize)
            if memory_info.RegionSize == 0:
                # Region size is zero, skip to the next region
                continue
            buffer = (ctypes.c_byte * memory_info.RegionSize)()
            ctypes.windll.kernel32.ReadProcessMemory(process_handle, ctypes.c_ulonglong(start_address.value), ctypes.byref(buffer), ctypes.sizeof(buffer), None)
            if byte_pattern in buffer:
                print("Cheat code detected!")
                break

        # Close the process handle
        ctypes.windll.kernel32.CloseHandle(process_handle)

    # Wait for the interval before checking again
    time.sleep(interval)

Error:

Exception has occurred: AttributeError
module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'
  File "C:\Users\axsta\Desktop\ac.py", line 33, in <module>
    memory_info = ctypes.wintypes.MEMORY_BASIC_INFORMATION()
AttributeError: module 'ctypes.wintypes' has no attribute 'MEMORY_BASIC_INFORMATION'

I want the program to find the process itself and search for everything that I showed above.

Useful info: Process Image type: 64 bit steam screenshot.

There is very little information on the Internet that I need, so I came here to ask for help

I tried to change different variables, deal with libraries, but nothing worked, I don't know what the problem is

Answer 1

Did you check androidMemoryTool? If you don't want to write everything by yourself use androidMemoryTool it's latest version support windows platform now.

from androidMemoryTool import AndroidMemoryTool, DataTypes, PMAP

# Initialize the tool and set the speed_mode to off for Windows in this version only.
tool = AndroidMemoryTool(PKG="gmod.exe",TYPE=DataTypes.UTF_8)
# Search for a value in the entire memory.
values = tool.read_value("exechack.cc")
founded_offsets = values[0]
founded_values = values[1]
print(founded_values)
print(founded_offsets)