search

srounet / Pymem

A python library for windows, providing the needed functions to start working on your own with memory editing.
MIT License
305 stars 46 forks source link

UnicodeDecodeError raised on process_from_name #18

Closed rishubil closed 3 years ago

rishubil commented 4 years ago

I'm using this library in my project called TrickyTowersUtils. Just before, some user of my project reported the following error message:

Traceback (most recent call last):
  File "observer.py", line 100, in <module>
  File "site-packages\pymem__init.py", line 45, in init
  File "site-packages\pymem__init.py", line 194, in open_process_from_name
  File "site-packages\pymem\process.py", line 243, in process_from_name
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc7 in position 0: invalid continuation byte

Perhaps an error occurred while decoding the user's process name.

srounet commented 4 years ago

Yeah, looking at the code it points towards:

for process in processes:
    if name in process.szExeFile.decode('utf-8').lower():
        return process

The ProcessEntry32 structure reference szExeFile as a c_char:

class ProcessEntry32(ctypes.Structure):
    """Describes an entry from a list of the processes residing in the system address space when a snapshot was taken.
    https://msdn.microsoft.com/en-us/library/windows/desktop/ms684839(v=vs.85).aspx
    """
    _fields_ = [
        ( 'dwSize' , ctypes.c_ulong ) ,
        ( 'cntUsage' , ctypes.c_ulong) ,
        ( 'th32ProcessID' , ctypes.c_ulong) ,
        ( 'th32DefaultHeapID' , ctypes.POINTER(ctypes.c_ulong) ) ,
        ( 'th32ModuleID' , ctypes.c_ulong) ,
        ( 'cntThreads' , ctypes.c_ulong) ,
        ( 'th32ParentProcessID' , ctypes.c_ulong) ,
        ( 'pcPriClassBase' , ctypes.c_ulong) ,
        ( 'dwFlags' , ctypes.c_ulong) ,
        ( 'szExeFile' , ctypes.c_char * ctypes.wintypes.MAX_PATH )
    ]

From as far as I can remember the ProcessEntry32 will return the szExeFile as bytes when the given string to compare against is of type str, so in order to compare them we have to decode the szExeFile to compare strings against strings.

It depends on the version of Python you are using then, is it Python3 ? I'm testing pymem only against:

rishubil commented 4 years ago

I am using Python 3.7 as defined in the project's Pipfile. The user who reported the error used an x64 binary created with pyinstaller.

Since most users use the same x64 binaries but the same problem has never been reported, I think this is an issue that only occurs in certain environments.

The user who reported this issue said that the problem was with a "public" computer, not his or her own computer, and did not accurately describe the environment in which the problem occurred.

So, unfortunately, I don't currently have detailed information about the environment in which the problem occurred. I can only guess that bytes of szExeFile can use encodings other than utf-8 in certain environments.

Maybe we'll have to wait for the same error again to get more information.

srounet commented 4 years ago

Alright, let s wait for more context. I ll let this open so google can eventually index this more easily and point other users to it.

srounet commented 3 years ago

closing because it s outdated by now.