ReadProcessMemory 返回更大的缓冲区（C、Windows）

发布于 2024-08-03 06:38:29 字数 849 浏览 3 评论 0原文

我正在尝试使用以下代码读取进程内存：

void readdata(HANDLE phandle, LPCVOID paddress, SIZE_T datasize)
{
    char *buff;
    SIZE_T dataread;
    BOOL b = FALSE;

    buff = (char *) malloc (datasize);

    b = ReadProcessMemory(phandle, paddress, (LPVOID)buff, datasize, &dataread); 
    if(!b)
    {
        printf("error reading memory, err = %d\n", GetLastError());
        return;
    }

    printf("Data Read             = %d\n", dataread);
    printf("Len of actual buffer  = %d\n", strlen(buff));
    printf("Data = %s\n", buff);

    free(buff);
    return;
}

现在，phandle 和 paddress 是已知的，因为我使用了 WriteProcessMemory。我从那里得到了价值观。数据大小也是已知的。

该功能工作正常，但以下情况除外。 ReadProcessMemory() 返回 dataread = 41 （这是正确的，我将 41 传递给 datasize），但 buff 的实际长度是 49。当我打印 buff 时，我得到了我的字符串 + 一些垃圾。

我做错了什么？

代码表示赞赏。

谢谢！

原文

I'm trying to read a process memory using the following code:

void readdata(HANDLE phandle, LPCVOID paddress, SIZE_T datasize)
{
    char *buff;
    SIZE_T dataread;
    BOOL b = FALSE;

    buff = (char *) malloc (datasize);

    b = ReadProcessMemory(phandle, paddress, (LPVOID)buff, datasize, &dataread); 
    if(!b)
    {
        printf("error reading memory, err = %d\n", GetLastError());
        return;
    }

    printf("Data Read             = %d\n", dataread);
    printf("Len of actual buffer  = %d\n", strlen(buff));
    printf("Data = %s\n", buff);

    free(buff);
    return;
}

Now, phandle and paddress are known becuase I used WriteProcessMemory. I have the values from there. datasize is also known.

The function works ok, except for the following. ReadProcessMemory() returns dataread = 41 (which is correct, I passed 41 to datasize) but the actual length of the buff is 49. when I print buff i get my string + some garbage.

What am I doing wrong?

code is appreciated.

Thanks!

分享到QQ

分享到微博