SizeOfImage成员导致程序崩溃 [英] SizeOfImage member causing program crash
问题描述
我试图寻找程序中的BYTE模式,但由于某种原因,当我分配值从 MINFO.SizeOfImage
到 ModuleSize
它导致程序i注入DLL到崩溃。
DWORD FindPattern(const BYTE * Pattern,SIZE_T PatternSize )
{
DWORD ModuleBase =(DWORD)GetModuleHandle(NULL);
DWORD ModuleSize = 0;
MODULEINFO MINFO;
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());
if(hProcess)
{
GetModuleInformation(hProcess,GetModuleHandle(NULL),& MINFO,sizeof(MODULEINFO));
CloseHandle(hProcess);
ModuleSize = MINFO.SizeOfImage;
}
else
return 0;
for(int i = 0; i {
if(memcmp((void *)(ModuleBase + i),Pattern,PatternSize)= = 0)
return ModuleBase + i;
}
return 0;
}
您的代码工作正常我编译并注入。我甚至测试它对我目前使用的FindPattern。我没有得到任何错误。我的代码& yours
bool比较(const BYTE * pData,const BYTE * bMask,const char * szMask)
{
for(; * szMask; ++ szMask,++ pData,++ bMask)
if(* szMask =='x'&& * pData!= * bMask)return 0;
return(* szMask)== NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE * bMask,char * szMask)
{
for(DWORD i = 0; i if(Compare((BYTE *)(dwAddress + i),bMask,szMask))return(DWORD)(dwAddress + i);
return 0;
}
然后当我通过它运行
uint8 DecryptNeedle [] = {0x56,0x8B,0x74,0x24,0x08,0x89,0x71,0x10,
0x0F,0xB6,0x16,0x0F, 0xB6,0x46,0x01,0x03,
0xC2,0x8B,0x51,0x28,0x25,0xFF,0x00,0x00,0
0x00,0x89,0x41,0x04,0x0F,0xB6,0x04,0x10}。
char DecryptMask [] =xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
DWORD addrDecrypt = FindPattern(dwModuleStartAddr,0xA000,DecryptNeedle,DecryptMask)
DWORD decrypt2 = YourFindPattern(DecryptNeedle,32);
输出是完全相同的。
我会仔细检查你的注入代码,并检查whatelse是否会导致错误。此外,请进行快速错误检查
if(hProcess)
{
if(!GetModuleInformation(hProcess ,GetModuleHandle(NULL),& MINFO,sizeof(MODULEINFO)));
{
//错误
}
CloseHandle(hProcess);
ModuleSize = MINFO.SizeOfImage;
}
Im trying to look for BYTE patterns in programs but for some reason when i assign the value to from MINFO.SizeOfImage
to ModuleSize
it causes the program i injected the DLL into to crash.
DWORD FindPattern(const BYTE* Pattern,SIZE_T PatternSize)
{
DWORD ModuleBase = (DWORD)GetModuleHandle(NULL);
DWORD ModuleSize = 0;
MODULEINFO MINFO;
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());
if(hProcess)
{
GetModuleInformation(hProcess,GetModuleHandle(NULL),&MINFO,sizeof(MODULEINFO));
CloseHandle(hProcess);
ModuleSize = MINFO.SizeOfImage;
}
else
return 0;
for(int i = 0;i < ModuleSize;i++)
{
if(memcmp((void*)(ModuleBase + i),Pattern,PatternSize) == 0)
return ModuleBase + i;
}
return 0;
}
You code worked just fine when i compiled it and injected. I even tested it against the current FindPattern i am using. I didnt get any errors. Heres my code & yours
bool Compare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask) return 0;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (Compare((BYTE*)(dwAddress+i),bMask,szMask)) return (DWORD)(dwAddress+i);
return 0;
}
And then when i run this through it
uint8 DecryptNeedle[] = {0x56, 0x8B, 0x74, 0x24, 0x08, 0x89, 0x71, 0x10,
0x0F, 0xB6, 0x16, 0x0F, 0xB6, 0x46, 0x01, 0x03,
0xC2, 0x8B, 0x51, 0x28, 0x25, 0xFF, 0x00, 0x00,
0x00, 0x89, 0x41, 0x04, 0x0F, 0xB6, 0x04, 0x10};
char DecryptMask[] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
DWORD addrDecrypt = FindPattern(dwModuleStartAddr, 0xA000, DecryptNeedle, DecryptMask);
DWORD decrypt2 = YourFindPattern(DecryptNeedle, 32);
output is identical in both.
I would double check your injection code, and check whatelse could be causing the error. Also, do a quick error check
if(hProcess)
{
if(!GetModuleInformation(hProcess,GetModuleHandle(NULL),&MINFO,sizeof(MODULEINFO)));
{
//error
}
CloseHandle(hProcess);
ModuleSize = MINFO.SizeOfImage;
}
这篇关于SizeOfImage成员导致程序崩溃的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!