我不小心伤害系统文件或个人文件与Visual Studio 2012 [英] Can I accidentally harm system files or personal files with Visual Studio 2012

问题描述

我在这个问题上的认识不足表示歉意，但对我来说是非常重要的，所以至少我会试试看。
我使用的Windows 7旗舰版的Visual Studio 2012的前preSS，
我已经写了一些很基本的一个愚蠢的计划，以实践在C语言结构。不幸的是，我写的方法之一，有一个错误的条件停下来，它进入一个无限循环，它超过给定的数组边界的差了一截。我将添加code以下但在code不是我最关心的寿，我设法已经修复它，我只是想知道如果我能伤害我的系统还是我的个人文件（视频，照片，办公文件等）给定的方法，因为当我试图运行此code，一个可怕的事情发生了，我的电脑开始哔不休每0.5秒，我便无法做什么能阻止的是，程序是在无限循环并且我设法阻止这种乐趣只使用Ctrl + Alt + Del键，我写了codeS之前崩溃很多次，但I'ts确保在第一时间我的电脑strated声蜂鸣声。我希望专家能帮助我在这一个。非常感谢。

在无限循环，导致所有的问题的方法是printArrHero

 ＃包括LT＆;＆stdio.h中GT;
＃包括LT＆;＆string.h中GT;
结构日期{    INT日，月，年;}的typedef date_s;结构超级英雄{    CHAR名称[30];    双动力，速度快;    date_s生日;}的typedef sp_s;
无效printInfo（sp_s英雄）{    的printf（超级英雄信息：\\ n名称：[％S] \\ n，hero.name）;    的printf（电源：[％.2lf] \\ n，hero.power）;    的printf（速度：[％.2lf] \\ n，hero.speed）;    的printf（生日：[％D /％D /％D]。\\ n \\ n，hero.birthday.day，hero.birthday.month，hero.birthday.year）;}
无效addHero（ARR sp_s []，INT * K，sp_s newHero）{    ARR [* K] = newHero;
    （* K）++;
    的printf（！\\ nSuccess一个新的超级英雄添加\\ n）;
}无效printArrHero（ARR sp_s []）{    INT J = 0;    而（ARR [J]！= NULL）{        输出（[＃％d个]≥＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT;＆GT; \\ N，J + 1）;        （ARR [J]）printInfo;        J ++;
    }
}无效的主要（）{    sp_s myHeros [100];
    sp_s newHero;    INT I = -1;
    INT K = 0;    而（ⅰ！= 0）{//菜单循环
        的printf（欢迎到我的游戏\\ n）;
        的printf（添加英雄preSS 1 \\ n）;
        输出（要找到你最强的英雄preSS 2 \\ n）;
        输出（要找到你最快的英雄preSS 3 \\ n）;
        的printf（可以看到所有你英雄榜4的\\ n）;
        的printf（退出preSS 0 \\ n）;
        scanf函数（％d个，＆安培; I）        开关（ⅰ）{
        情况下0：
            打破;        情况1：
            的printf（请输入＃％d个英雄特点：\\ n名称：中，k + 1）;
            scanf函数（％S，＆安培; newHero.name）;
            的printf（电源）;
            scanf函数（％LF，＆安培; newHero.power）;
            的printf（速度）;
            scanf函数（％LF，＆安培; newHero.speed）;
            的printf（出生日期[XX / XX / XX]（格式）：）;
            scanf函数（％D /％D /％D，＆安培; newHero.birthday.day，＆安培; newHero.birthday.month，＆安培; newHero.birthday.year）;            addHero（myHeros，＆安培; K，newHero）; //现在，当我collecten做一个新的英雄所需要的所有信息可以发送到FUNC谓把它在#K地方数组中
            打破;        案例2：            打破;
        案例3：            打破;        情况4：
            printArrHero（myHeros）;
            打破;        } //开关的情况下END    } //而菜单循环
} //主
 

解决方案

  

如果我能伤害我的个人文件（视频，照片，办公文件等）

Windows程序在当前用户的上下文中运行，并且可以执行当前用户的任何动作。这意味着它可以编辑和删除您的个人文件。

通常一个程序去流氓，那就需要有其内的活动。其中删除文件的程序，可以更容易地启动意外删除的文件。
一个程序，编辑文件，可以使狡猾的编辑。

这是不是一个pre-必要的，因为一旦它停止执行你的设计之外，什么事情都可能发生。

  

如果我可能会损害我的系统？

对于要伤害你的系统，你将需要以管理员身份运行。这使该方案做其中adminstator可以做任何行动的能力，其中可能包括严重损害到您的计算机。

有一个进一步的阶段，这是里面有机器的完全控制，系统，比在管理员了。

是否有可能？

虽然是可能的，这是不太可能。现代计划的可能性，他们崩溃之前，他们比他们目前正在打开其他损坏的文件，但有些事是可以做，以使损伤小，有可能或较为有限。

• 如果您有显著文件的用户，然后再考虑切换到不同的账户进行开发。这将圈定的损害而造成错误程序会导致。




• 确保你不使用用户访问保护运行关闭。这限制了你的程序来管理你的机器的能力。



• 考虑另一种平台，树莓丕，或英特尔计算棒提供可以被重新修建，如果出问题便宜的平台。

  

在这种情况下，会发生什么？

假设它陷在一个循环中，不正确读取数据（可能scanf（）的返回0）。

该数组会随着所有100个元素填满，然后开始破坏堆栈。

有2似是而非的内存布局（窗口的x86 / x86-64的）。

  + --------- +
|返回|
|从|
|主要|
+ --------- +
|英雄[99] |
+ --------- +
|英雄[98] |
+ --------- +
|英雄[97] |
+ --------- +
| ... |
 

和

  + --------- +
|返回|
|从|
|主要|
+ --------- +
| K |
+ --------- +
|英雄[99] |
+ --------- +
|英雄[98] |
+ --------- +
|英雄[97] |
+ --------- +
| ... |
 

在第一种情况下，阵列越过运行，返回地址被修改。有内置到正常编译（安全Cookie），这将检测到这个code，其结果是崩溃坏的东西发生之前。

在第二种情况下，对变量k的存储器获取与所述阵列的一个写覆盖。然后，这将k以一些古怪的地方，随机存储器会被改写。这可能会破坏程序的数据，但最有可能在非天然K（0-99外）首次尝试将导致崩溃。

在可能发生的故障是你打印出一个控制code如蜂鸣 - 导致奇怪的行为，并与你看到的一致 - 我不认为有什么不好的事情对你

。

I do apologize for the lack of knowledge in this matter but it is very important for me, so at least I'll give it a try. I am using Visual Studio 2012 express on Windows 7 ultimate, I have written some very basic a silly program to practice structures in the C language. Unfortunately, one of the methods that I've written had a wrong condition to stop and it goes to an infinite loop and the worse part it exceeds the given array boundaries. I will add the code below BUT THE CODE IS NOT my main concern tho,I managed to fix it already, I only wish to know if I could harm my system or my personal files (videos, photos, office files etc.) with the given method because when I've tried to run this code, a scary thing happened, my pc started to "Beep" endlessly every 0.5 second and I could't do nothing to stop that, the program was on infinite loop and it I managed to stop this "fun" only with Ctrl + Alt + Del. I had written codes that crashed many times before, but I'ts sure the first time my pc strated to sound beeps. I hope an expert can help me out on this one. Many thanks.

The method with the infinite loop that cause all the problem is "printArrHero":

#include<stdio.h>  
#include<string.h>


struct Date{

    int day, month, year;

} typedef date_s;

struct Superhero{

    char name[30];

    double power, speed;

    date_s birthday;

} typedef sp_s;


void printInfo(sp_s hero){

    printf("Super hero info:\nName:  [%s]\n" , hero.name);

    printf("Power: [%.2lf]\n" , hero.power);

    printf("Speed: [%.2lf]\n" , hero.speed);

    printf("Birthday: [%d/%d/%d]\n\n" , hero.birthday.day, hero.birthday.month, hero.birthday.year );

}


void addHero (sp_s arr[], int *k, sp_s newHero){

    arr[*k] = newHero;
    (*k)++;
    printf("\nSuccess! a new superhero is added.\n"); 
}

void printArrHero (sp_s arr[]){

    int j=0;

    while ( arr[j] != NULL ){

        printf("[#%d]>>>>>>>>>>>>>>>>>>\n" , j+1); 

        printInfo( arr[j] );

        j++;
    }


}

void main(){

    sp_s myHeros[100];
    sp_s newHero;

    int i = -1;
    int k = 0;

    while (i != 0){ // menu loop
        printf("Welcome to my game!\n"); 
        printf("To add a hero press 1\n");
        printf("To find you're strongest hero press 2\n");
        printf("To find you're fastest hero press 3\n");
        printf("To see all of you're heroes list 4\n");
        printf("To exit press 0\n");
        scanf("%d" , &i);

        switch (i){
        case 0:
            break;

        case 1:
            printf("Please enter the #%d hero characteristics:\nName: " , k+1);
            scanf("%s" , &newHero.name);
            printf("Power: ");
            scanf("%lf" , &newHero.power);
            printf("Speed: ");
            scanf("%lf" , &newHero.speed);
            printf("Birth date [xx/xx/xx](format): ");
            scanf("%d/%d/%d" , &newHero.birthday.day, &newHero.birthday.month, &newHero.birthday.year);

            addHero(myHeros, &k, newHero); // now when I collecten all the info needed to make a new hero lets send it to the func tht puts it in the #k place in the array
            break;

        case 2:

            break;
        case 3:

            break;

        case 4:
            printArrHero(myHeros);
            break;

        } // END of switch-case

    } // while menu loop


} // main

解决方案

if I could harm my personal files (videos, photos, office files etc.)

Windows programs run in the context of the current user, and can perform any action of the current user. This means it could edit and delete your personal files.

Generally for a program to go rogue, it would need to have the activity within it. A program which deletes files, can more easily start accidentally deleting files. A program which edits files can make dodgy edits.

This is not a pre-requisite, as once it stops executing outside of your design, anything could happen.

if I could harm my system?

For your system to be harmed, you would need to be running as administrator. That gives the program the ability to do any action which an adminstator could do, which could include serious damage to your machine.

There is one further stage, which is system, which has complete control on the machine, more than an administator.

Is it likely?

Whilst it is possible, it is not very likely. The likelihood for modern programs is they crash before they corrupt files other than they are currently opening, however there are things which you can do to make the damage less-likely or more limited.

• If you have significant files for your user, then consider switching to a different account for development. This would ring-fence the damage an errant program would cause.

• Ensure you don't run with User-access-protection turned off. This limits your programs ability to administrate your machine.

• Consider an alternative platform, the raspberry-pi, or Intel compute stick offer a cheap platform which can be re-built if things go wrong.

What happens in this case?

Assuming it gets stuck in a loop, without properly reading data (probably scanf() returning 0).

The array gets filled up with all 100 elements, and then starts corrupting the stack.

There are 2 plausible memory layouts (windows x86/x86-64).

+---------+
| return  |
|   from  |
| main    |
+---------+
|hero[99] |
+---------+
|hero[98] |
+---------+
|hero[97] |
+---------+
| ...     |

and

+---------+
| return  |
|   from  |
| main    |
+---------+
|  k      |
+---------+
|hero[99] |
+---------+
|hero[98] |
+---------+
|hero[97] |
+---------+
| ...     |

In the first case, the array gets over-run, and the return address is modified. There is code built into normal compiles (security cookie), which would detect this, and the result is a crash before bad stuff happens.

In the second case, the memory for variable k gets overwritten with one of the array writes. This then sends k to some kooky place, and random memory is overwritten. This could corrupt the program data, but most likely the first attempt at non-natural k (outside of 0-99) would result in a crash.

The likely failure was that you printed out a control code such as a beep - that causes strange behavior, and is consistent with what you saw - I don't think anything bad happened for you.

这篇关于我不小心伤害系统文件或个人文件与Visual Studio 2012的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！