python - VirtualAlloc からの Pydbg ダンプ メモリ

Question

http://securityxploded.com/automation-reversing-scripting.php#Pydbgから取得した次のコードを使用しています。

    # Author: Amit Malik


import sys
import pefile
import struct
from pydbg import *
from pydbg.defines import *


def ret_addr_handler(dbg):

    lpAddress = dbg.context.Eax                      # Get value returned by VirtualAlloc
    print " Returned Pointer: ",hex(int(lpAddress))

    return DBG_CONTINUE

def virtual_handler(dbg):

    print "****************"
    pdwSize = dbg.context.Esp + 8                   # 2nd argument to VirtualAlloc
    rdwSize = dbg.read_process_memory(pdwSize,4)
    dwSize  = struct.unpack("L",rdwSize)[0]
    dwSize  = int(dwSize)
    print "Allocation Size: ",hex(dwSize)

    pflAllocationType = dbg.context.Esp + 12          # 3rd argument to VirtualAlloc    
    rflAllocationType = dbg.read_process_memory(pflAllocationType,4)
    flAllocationType  = struct.unpack("L",rflAllocationType)[0] 
    flAllocationType  = int(flAllocationType)
    print "Allocation Type: ",hex(flAllocationType)

    pflProtect = dbg.context.Esp + 16                  # 4th Argument to VirtualAlloc   
    rflProtect = dbg.read_process_memory(pflProtect,4)
    flProtect  = struct.unpack("L",rflProtect)[0]   
    flProtect  = int(flProtect)
    print "Protection Type: ",hex(flProtect)

    pret_addr = dbg.context.Esp                        # Get return Address
    rret_addr = dbg.read_process_memory(pret_addr,4)
    ret_addr  = struct.unpack("L",rret_addr)[0]
    ret_addr  = int(ret_addr)
    dbg.bp_set(ret_addr,description="ret_addr breakpoint",restore = True,handler = ret_addr_handler)

    return DBG_CONTINUE

def entry_handler(dbg):

    virtual_addr = dbg.func_resolve("kernel32.dll","VirtualAlloc")   # Get VirtualAlloc address
    if virtual_addr:    
        dbg.bp_set(virtual_addr,description="Virtualalloc breakpoint",restore = True,handler = virtual_handler)

    return DBG_CONTINUE

def main():

    file = sys.argv[1]
    pe = pefile.PE(file)
    # get entry point 
    entry_addr = pe.OPTIONAL_HEADER.AddressOfEntryPoint + pe.OPTIONAL_HEADER.ImageBase 
    dbg = pydbg()          # get pydbg object
    dbg.load(file)
    dbg.bp_set(entry_addr,description="Entry point breakpoint",restore = True,handler = entry_handler)
    dbg.run()

if __name__ == '__main__':
    main()

私の質問は、VirtualAlloc が割り当てるメモリをどのように読み取ることができるかということです。read_process_memory を試しましたが、うまくいきませんでした。