今天,我试图解析来自我用于与驱动程序通信的外部dll的一些输出。我可以以intPtr的形式从in中获取输出,但是当我想将其复制到字节数组中时。我得到System.AccessViolationException
。什么可能是造成这种探查的原因?我该如何解决?
// dllmain.h
extern "C"
{
__declspec(dllexport) uintptr_t __stdcall FindProcess(HANDLE driver, const char* image_name, uintptr_t& virtual_size_out, uintptr_t& directory_base_out);
__declspec(dllexport) bool __stdcall ReadVirtualMemory(HANDLE driver, uintptr_t pml4, uintptr_t address, LPVOID output, unsigned long size);
__declspec(dllexport) bool __stdcall WriteVirtualMemory(HANDLE driver, uintptr_t pml4, uintptr_t address, LPVOID data, unsigned long size);
__declspec(dllexport) HANDLE __stdcall GetDriverHandle();
}
// Bridge.cs
[DllImport("DriverBridge.dll", CallingConvention = CallingConvention.StdCall)]
public static extern bool ReadVirtualMemory(IntPtr driver, UIntPtr pml4, UIntPtr address, ref IntPtr output, uint size);
// Program.cs
Int64 tempsize = sizeof(Int64);
byte[] buffer = new byte[tempsize];
IntPtr temp = IntPtr.Zero;
Bridge.ReadVirtualMemory(GlobalVars.DriverHandle, GlobalVars.pml4, new UIntPtr(GlobalVars.BaseAddress.ToUInt64() + processed), ref temp, (uint) tempsize);
// + temp 0x0000000300905a4d System.IntPtr
Marshal.Copy(temp, buffer, 0, (int)tempsize); // Causing System.AccessViolationException