这是我想要实现的目标;我挂钩了HttpSendRequest函数(在Xbox上它的XHttp)并尝试转储大小为0x1F0E的pcszHeaders中的证书。
现在问题;它似乎只写了4个字节,我甚至尝试分配额外的内存并将每个位设置为0以查看它是否是Headers的大小并且它继续只写4个字节。我已经能够远程转储pcszHeaders,因为我在调试时得到了地址,但我需要在运行时转储它。
我在调试时注意到的事情 - pcszHeaders的地址仅在本地人中显示,直到达到;
printf("XHttpSendRequest: %s\n", "Creating Certificate.bin...");
一旦到达printf(),地址就变为0x00000000(坏ptr),但它仍然正确写入了正确数据pcszHeaders的第一个字节,但仅此而已。
这是整个钩子;
BOOL XHTTP_SEND_REQUEST_HOOK(
HINTERNET hRequest,
const CHAR *pcszHeaders,
DWORD dwHeadersLength,
const VOID *lpOptional,
DWORD dwOptionalLength,
DWORD dwTotalLength,
DWORD_PTR dwContext)
{
if(pcszHeaders != XHTTP_NO_ADDITIONAL_HEADERS)
{
printf("XHttpSendRequest: %s\n", "Creating Certificate.bin...");
// Setup expansion
doMountPath("Hdd:", "\\Device\\Harddisk0\\Partition1");
//create our file
HANDLE fileHandle = CreateFile("Hdd:\\Certificate.bin", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
//does file exist?
if(GetLastError()!=ERROR_ALREADY_EXISTS
||fileHandle!=INVALID_HANDLE_VALUE)
{
printf("XHttpSendRequest: %s\n", "Writing to file...");
DWORD wfbr;
//write to our file
if(WriteFile(fileHandle, pcszHeaders, 0x2000, &wfbr, NULL))
{
printf("XHttpSendRequest: %s\n", "File written!");
printf("%s\n", "Request has ended.");
CloseHandle(fileHandle);
return XHttpSendRequest(hRequest, pcszHeaders, dwHeadersLength, lpOptional, dwOptionalLength, dwTotalLength, dwContext);
}
}
}
}
答案 0 :(得分:0)
pcszHeaders是char*指针。 sizeof(pcszHeaders)在32位应用中为4(在64位应用中为8)。您需要使用dwHeadersLength参数,它会告诉您pcszHeaders中有多少个字符。
此外,GetLastError()之后的CreateFile()检查错误。如果CreateFile()因ERROR_ALREADY_EXISTS以外的任何原因而失败,则表示您正在输入代码块,从而将数据写入无效的文件句柄。使用CREATE_NEW时,如果文件已存在,则CreateFile()会返回INVALID_HANDLE_VALUE。您无需检查GetLastError(),检查INVALID_HANDLE_VALUE本身就足够了。如果要覆盖现有文件,请改用CREATE_ALWAYS。
如果WriteFile()失败,您也会泄漏文件句柄。
如果您成功将标头写入文件,则表示只调用原始HttpSendRequest() 。如果没有标头,或者创建/写入失败,则不允许请求继续。那是你真正想要的吗?
请改为尝试:
BOOL XHTTP_SEND_REQUEST_HOOK(
HINTERNET hRequest,
const CHAR *pcszHeaders,
DWORD dwHeadersLength,
const VOID *lpOptional,
DWORD dwOptionalLength,
DWORD dwTotalLength,
DWORD_PTR dwContext)
{
if (pcszHeaders != XHTTP_NO_ADDITIONAL_HEADERS)
{
printf("XHttpSendRequest: Creating Certificate.bin...\n");
// Setup expansion
doMountPath("Hdd:", "\\Device\\Harddisk0\\Partition1");
//create our file
HANDLE fileHandle = CreateFile("Hdd:\\Certificate.bin", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
//is file open?
if (fileHandle != INVALID_HANDLE_VALUE)
{
printf("XHttpSendRequest: Writing to file...\n");
DWORD wfbr;
//write to our file
if (WriteFile(fileHandle, pcszHeaders, dwHeadersLength, &wfbr, NULL))
printf("XHttpSendRequest: File written!\n");
else
printf("XHttpSendRequest: Error writing to file: %u\n", GetLastError());
CloseHandle(fileHandle);
}
else
printf("XHttpSendRequest: Error creating file: %u\n", GetLastError());
}
printf("Request has ended.\n");
return XHttpSendRequest(hRequest, pcszHeaders, dwHeadersLength, lpOptional, dwOptionalLength, dwTotalLength, dwContext);
}
答案 1 :(得分:0)
最后问题已经解决了!
首先,我为要存储的数据创建了一个空数组。
CHAR xtoken[0x2000];
memset(xtoken, 0, 0x2000);
钩子的第一部分是存储标题数据。
DWORD bufferLength = dwHeadersLength;
memcpy(xtoken, pcszHeaders, bufferLength);
然后我将数据写入文件
WriteFile(fileHandle, (void*)&xtoken, bufferLength, &wfbr, NULL))
成功!我想问题是WriteFile()的参数2不正确。