ReadProcessMemory 返回更大的缓冲区(C、Windows)

发布于 2024-08-03 06:38:29 字数 849 浏览 10 评论 0原文

我正在尝试使用以下代码读取进程内存:

void readdata(HANDLE phandle, LPCVOID paddress, SIZE_T datasize)
{
    char *buff;
    SIZE_T dataread;
    BOOL b = FALSE;

    buff = (char *) malloc (datasize);

    b = ReadProcessMemory(phandle, paddress, (LPVOID)buff, datasize, &dataread); 
    if(!b)
    {
        printf("error reading memory, err = %d\n", GetLastError());
        return;
    }

    printf("Data Read             = %d\n", dataread);
    printf("Len of actual buffer  = %d\n", strlen(buff));
    printf("Data = %s\n", buff);

    free(buff);
    return;
}

现在,phandle 和 paddress 是已知的,因为我使用了 WriteProcessMemory。我从那里得到了价值观。数据大小也是已知的。

该功能工作正常,但以下情况除外。 ReadProcessMemory() 返回 dataread = 41 (这是正确的,我将 41 传递给 datasize),但 buff 的实际长度是 49。当我打印 buff 时,我得到了我的字符串 + 一些垃圾。

我做错了什么?

代码表示赞赏。

谢谢!

I'm trying to read a process memory using the following code:

void readdata(HANDLE phandle, LPCVOID paddress, SIZE_T datasize)
{
    char *buff;
    SIZE_T dataread;
    BOOL b = FALSE;

    buff = (char *) malloc (datasize);

    b = ReadProcessMemory(phandle, paddress, (LPVOID)buff, datasize, &dataread); 
    if(!b)
    {
        printf("error reading memory, err = %d\n", GetLastError());
        return;
    }

    printf("Data Read             = %d\n", dataread);
    printf("Len of actual buffer  = %d\n", strlen(buff));
    printf("Data = %s\n", buff);

    free(buff);
    return;
}

Now, phandle and paddress are known becuase I used WriteProcessMemory. I have the values from there. datasize is also known.

The function works ok, except for the following. ReadProcessMemory() returns dataread = 41 (which is correct, I passed 41 to datasize) but the actual length of the buff is 49. when I print buff i get my string + some garbage.

What am I doing wrong?

code is appreciated.

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

拥醉 2024-08-10 06:38:29

字符串末尾的 '\0' 可能不会被复制,无论是在写入时从缓冲区中复制出来,还是在读取时复制到缓冲区中。因此, printf() 只会从字符串的开头开始打印,直到看到“\0”,这可能位于许多垃圾字符之后。

The '\0' at the end of your string is likely not being copied, either out of your buffer when you write, or into your buffer when you read. As a result, printf() is just going to print from the beginning of your string until it sees a '\0', which may be after a number of garbage characters.

浮世清欢 2024-08-10 06:38:29

你知道你读取的数据是一个字符串吗? IE。它是空终止的吗?如果不是,那么使用 strlen() 肯定是不可靠的。

Do you know that the data you read is a string? Ie. that it's null terminated? If not then using strlen() is guaranteed to be unreliable.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文