search

srounet / Pymem

A python library for windows, providing the needed functions to start working on your own with memory editing.
MIT License
303 stars 45 forks source link

pymem.exception.WinAPIError: Windows api error, error_code: 87 #117

Open xaoyaoo opened 7 months ago

xaoyaoo commented 7 months ago

Based on the provided error message, it seems that there is an issue with the pymem library while running the wxdump info command. The specific error is pymem.exception.WinAPIError: Windows api error, error_code: 87.

pywxdump#29

Your Environment

  1. Python version: 3.8.6
  2. Operating system version: Microsoft Windows [Version 6.1.7601]
  3. PyMem version: Unknown

Expected behavior Please provide a clear and concise description of what you expected to happen.

Traceback

File "c:\users\zittziai\appdata\local\programs\python\python38\lib\runpy.py", line 194, in _run_module_as_main
    return run_code(code, main_globals, None,
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\runpy.py", line 87, in run_code
    exec(code, run_globals)
  File "C:\Users\zittziai\AppData\Local\Programs\Python\Python38\Scripts\wxdump.exe_main.py", line 7, in <module>
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pywxdump\command.py", line 356, in console_run
    modes[args.mode].run(args)
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pywxdump\command.py", line 62, in run
    result = read_info(version_list, True) # 读取微信信息
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pywxdump\wx_info\get_wx_info.py", line 99, in read_info
    tmp_rd['wxid'] = get_info_wxid(Handle, 64)
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pywxdump\wx_info\get_wx_info.py", line 29, in get_info_wxid
    addrs = pymem.pattern.pattern_scan_all(pm.process_handle, b'wxid', return_multiple=True)
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pymem\pattern.py", line 162, in pattern_scan_all
    next_region, page_found = scan_pattern_page(
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pymem\pattern.py", line 54, in scan_pattern_page
    mbi = pymem.memory.virtual_query(handle, address)
  File "c:\users\zittziai\appdata\local\programs\python\python38\lib\site-packages\pymem\memory.py", line 1119, in virtual_query
    raise pymem.exception.WinAPIError(error_code)
pymem.exception.WinAPIError: Windows api error, error_code: 87

Additional context If there is any additional information or context about the problem, please provide it here.

    pm = pymem.Pymem("WeChat.exe")
    addrs = pymem.pattern.pattern_scan_all(pm.process_handle, b'wxid_', return_multiple=True)
xaoyaoo commented 7 months ago 
mbi = pymem.ressources.structure.MEMORY_BASIC_INFORMATION()
pymem.ressources.kernel32.SetLastError(0)
pymem.ressources.kernel32.VirtualQueryEx(handle, address, ctypes.byref(mbi), ctypes.sizeof(mbi))
error_code = ctypes.windll.kernel32.GetLastError()

The error occurs in pymem\memory.py.

Windows API error code 87 typically indicates an "invalid parameter" error.

https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-

ERROR_INVALID_PARAMETER
87 (0x57) 87 (0x57)
The parameter is incorrect.
StarrFox commented 7 months ago

what's your windows version and python version (including bitness in both) I see it's in the original message

the issue is probably that the api was different in that old version of windows

SnowMeteors commented 7 months ago

~what's your windows version and python version (including bitness in both)~ I see it's in the original message

the issue is probably that the api was different in that old version of windows

not different in that old version of windows。 the pymem.memory.virtual_query(handle, address) fail , throw error。so in pattern_scan_all The repaired code is as follows

def pattern_scan_all(handle, pattern, *, return_multiple=False):
    next_region = 0

    found = []
    user_space_limit = 0x7FFFFFFF0000 if sys.maxsize > 2 ** 32 else 0x7fff0000
    while next_region < user_space_limit:
        try:
            next_region, page_found = pymem.pattern.scan_pattern_page(handle, next_region, pattern,
                                                                      return_multiple=return_multiple)
        except:
            return found

        if not return_multiple and page_found:
            return page_found

        if page_found:
            found += page_found

    if not return_multiple:
        return None

    return found
xaoyaoo commented 7 months ago

~what's your windows version and python version (including bitness in both)~ I see it's in the original message您的 Windows 版本和 Python 版本是什么(包括两者中的位数) 我看到它在原始消息中 the issue is probably that the api was different in that old version of windows问题可能是 API 在旧版本的 Windows 中有所不同

not different in that old version of windows。在那个旧版本的Windows中并没有什么不同。 the pymem.memory.virtual_query(handle, address) fail , throw error。so in pattern_scan_all The repaired code is as followspymem.memory.virtual_query(handle, address)失败,抛出错误。所以在pattern_scan_all修复后的代码如下

def pattern_scan_all(handle, pattern, *, return_multiple=False):
    next_region = 0

    found = []
    user_space_limit = 0x7FFFFFFF0000 if sys.maxsize > 2 ** 32 else 0x7fff0000
    while next_region < user_space_limit:
        try:
            next_region, page_found = pymem.pattern.scan_pattern_page(handle, next_region, pattern,
                                                                      return_multiple=return_multiple)
        except:
            return found

        if not return_multiple and page_found:
            return page_found

        if page_found:
            found += page_found

    if not return_multiple:
        return None

    return found

I think we can only use this for now, and what needs to be solved is the problem of parameter errors.