所以,我想知道为什么我不能为自己做memcpy。这是可行的代码并获得正确的结果:
unsigned int VTableAddress = FindPattern( VTABLE_PATTERN, VTABLE_MASK );
unsigned int *p_VTable = NULL;
WriteMemory( &p_VTable, ( void* ) ( VTableAddress + 2 ), 4 );
//....
void D3DX9Interface::WriteMemory( void *address, void *bytes, int byteSize )
{
DWORD NewProtection;
VirtualProtect( address, byteSize, PAGE_EXECUTE_READWRITE, &NewProtection );
memcpy( address, bytes, byteSize );
VirtualProtect( address, byteSize, NewProtection, &NewProtection );
}
因此,根据我的理解,WriteMemory基本上为内存地址设置了读/写保护,然后简单地将字节复制到地址中。要了解事情是如何运作的,我已经尝试使用此代码:
//Get the address of the vtable
unsigned int VTableAddress = FindPattern( VTABLE_PATTERN, VTABLE_MASK );
unsigned int *p_VTable = NULL;
CopyWithRWPrivileges( p_VTable, (unsigned int*)( VTableAddress + 2 ) );
//...
void D3DX9Interface::CopyWithRWPrivileges( unsigned int *p_Destination, unsigned int *p_Source )
{
DWORD Protection( 0 );
VirtualProtect( reinterpret_cast< LPVOID >( p_Destination ), 4, PAGE_EXECUTE_READWRITE, &Protection );
p_Destination = p_Source;
VirtualProtect( reinterpret_cast< LPVOID >( p_Destination ), 4, Protection, &Protection );
}
但由于某种原因,最后一个代码给了我一个NULL指针。但为什么?
答案 0 :(得分:0)
在UnholySheep的帮助下,我找到了解决问题的方法。首先,指针被复制而不是作为引用指针传递。第二,p_Source也需要作为指针处理,所以使用这段代码它可以正常工作:
void D3DX9Interface::CopyWithRWPrivileges( unsigned int *&p_Destination, unsigned int *p_Source )
{
DWORD Protection( 0 );
VirtualProtect( reinterpret_cast< LPVOID >( p_Destination ), 4, PAGE_EXECUTE_READWRITE, &Protection );
p_Destination = *(unsigned int**) p_Source;
VirtualProtect( reinterpret_cast< LPVOID >( p_Destination ), 4, Protection, &Protection );
}