SizeOfImage 成员导致程序崩溃-C/C++问题

SizeOfImage member causing program crash(SizeOfImage 成员导致程序崩溃)

本文介绍了SizeOfImage 成员导致程序崩溃的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我试图在程序中查找 BYTE 模式，但由于某种原因，当我将值分配给从 MINFO.SizeOfImage 到 ModuleSize 时，它会导致我注入 DLL 的程序进入崩溃.

Im trying to look for BYTE patterns in programs but for some reason when i assign the value to from MINFO.SizeOfImage to ModuleSize it causes the program i injected the DLL into to crash.

DWORD FindPattern(const BYTE* Pattern,SIZE_T PatternSize)
{
    DWORD ModuleBase = (DWORD)GetModuleHandle(NULL);
    DWORD ModuleSize = 0;
    MODULEINFO MINFO;
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());

    if(hProcess)
    {
        GetModuleInformation(hProcess,GetModuleHandle(NULL),&MINFO,sizeof(MODULEINFO));
        CloseHandle(hProcess);
        ModuleSize = MINFO.SizeOfImage;
    }
    else
        return 0;

    for(int i = 0;i < ModuleSize;i++)
    {
        if(memcmp((void*)(ModuleBase + i),Pattern,PatternSize) == 0)
            return ModuleBase + i;
    }
    return 0;
}

推荐答案

当我编译并注入时，您的代码运行良好.我什至针对我正在使用的当前 FindPattern 对其进行了测试.我没有收到任何错误.这是我的代码&你的

You code worked just fine when i compiled it and injected. I even tested it against the current FindPattern i am using. I didnt get any errors. Heres my code & yours

bool Compare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask)   return 0;
    return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask)
{
    for(DWORD i=0; i<dwLen; i++)
        if (Compare((BYTE*)(dwAddress+i),bMask,szMask))  return (DWORD)(dwAddress+i);
    return 0;
}

然后当我运行它时

uint8 DecryptNeedle[] = {0x56, 0x8B, 0x74, 0x24, 0x08, 0x89, 0x71, 0x10, 
                 0x0F, 0xB6, 0x16, 0x0F, 0xB6, 0x46, 0x01, 0x03, 
                 0xC2, 0x8B, 0x51, 0x28, 0x25, 0xFF, 0x00, 0x00, 
                 0x00, 0x89, 0x41, 0x04, 0x0F, 0xB6, 0x04, 0x10};
char DecryptMask[] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

DWORD addrDecrypt       = FindPattern(dwModuleStartAddr, 0xA000, DecryptNeedle, DecryptMask);
DWORD decrypt2 = YourFindPattern(DecryptNeedle, 32);

两者的输出相同.

我会仔细检查您的注入代码，并检查可能导致错误的其他原因.另外，做一个快速的错误检查

I would double check your injection code, and check whatelse could be causing the error. Also, do a quick error check

    if(hProcess)
    {
        if(!GetModuleInformation(hProcess,GetModuleHandle(NULL),&MINFO,sizeof(MODULEINFO)));
        {
              //error
        }
        CloseHandle(hProcess);
        ModuleSize = MINFO.SizeOfImage;
    }

这篇关于SizeOfImage 成员导致程序崩溃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！