I recently used a program called the Cheat Engine, and what it does is to indicate which process you want to work with from the list of currently running processes (usually used for PC games), and after you get one selected, you can start a search for existing values and track changes made to these values by sequentially scanning in your memory to help reduce the list of results to a single memory address for the corresponding thing you are trying to work with.
Once you find the memory address and its value that you were looking for, you can edit it and return it back to the program, which I find very interesting. I want to learn how to do work at a low level, and I read this question , which had an answer that I thought would put me on a great start:
from ctypes import *
from ctypes.wintypes import *
OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle
PROCESS_ALL_ACCESS = 0x1F0FFF
pid = 4044
address = 0x1000000
buffer = c_char_p("The data goes here")
bufferSize = len(buffer.value)
bytesRead = c_ulong(0)
processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
if ReadProcessMemory(processHandle, address, buffer, bufferSize, byref(bytesRead)):
print "Success:", buffer
else:
print "Failed."
CloseHandle(processHandle)
This is simple enough so that I can understand what they are doing, but in their code they use a hard memory address. The specific memory address is closer to my endpoint, not to the starting point.
, , script, ( - 0000000000000000-7ffffffffffffffff), , - , , , . .
, , , ctypes kernel32 - , python, , , PID script, . ?
, Cheat Engine, . 
- edit--
ctypes , kernel32, , , . , ,
" , C , .
. ?