在我的应用程序中,我正在创建通过使用某种类型的缓冲区:
read<uint64_t>(address);
template<typename T>
inline T read(uint64_t address)
{
T buffer{ };
readbuffer(address, &buffer, sizeof(T));
return buffer;
}
我正在通过套接字将此缓冲区发送到虚拟机,然后该虚拟机使用GetCurrentProcessId()
查找当前进程,并将所需的数据写回到缓冲区的内存地址。
然后我返回该缓冲区,该缓冲区现在应该是内存地址。我遇到的这个问题最终是当我的代码到达执行return
语句的函数时,它触发了基于堆栈的缓冲区溢出,我不知道为什么。
更多信息:
uint32_t readbuffer(uint64_t address, PVOID buffer, size_t size)
{
if (address == 0)
return false;
printf("readbuffer: 0x%X 0x%X 0x%X\n", address, uintptr_t(buffer), size);
return copy_memory(cached_connection, cached_dwPID, address, GetCurrentProcessId(), uintptr_t(buffer), size);
}
。
static uint32_t copy_memory(
const SOCKET connection,
const uint32_t src_process_id,
const uintptr_t src_address,
const uint32_t dest_process_id,
const uintptr_t dest_address,
const size_t size)
{
Packet packet{ };
packet.header.magic = packet_magic;
packet.header.type = PacketType::packet_copy_memory;
auto& data = packet.data.copy_memory;
data.src_process_id = src_process_id;
data.src_address = uint64_t(src_address);
data.dest_process_id = dest_process_id;
data.dest_address = uint64_t(dest_address);
data.size = uint64_t(size);
//printf("src 0x%X dst 0x%X size 0x%X\n", data.src_address, data.dest_address, data.size);
uint64_t result = 0;
if (send_packet(connection, packet, result))
return uint32_t(result);
return 0;
}
从虚拟机:
process->Read(completion_packet.data.copy_memory.src_address, &buffer, completion_packet.data.copy_memory.size);
destProcess->Write(completion_packet.data.copy_memory.dest_address, buffer);
调用read / 1并崩溃的代码
FTransform GetBoneIndex(DWORD_PTR mesh, int index)
{
DWORD_PTR bonearray = memio->read<DWORD_PTR>(mesh + 0x410);
return memio->read<FTransform>(bonearray + (index * 0x30));
}
读/写方法
template<typename T>
T Read(uint64_t address)
{
T ret;
VMemRead(&ctx->process, proc.dirBase, (uint64_t)&ret, address, sizeof(T));
return ret;
}
template<typename T>
void Write(uint64_t address, const T& value)
{
VMemWrite(&ctx->process, proc.dirBase, (uint64_t)&value, address, sizeof(T));
}
我现在正在使用这些:
ssize_t WinProcess::Read(uint64_t address, void* buffer, size_t sz)
{
return VMemRead(&ctx->process, proc.dirBase, (uint64_t)buffer, address, sz);
}
ssize_t WinProcess::Write(uint64_t address, void* buffer, size_t sz)
{
return VMemWrite(&ctx->process, proc.dirBase, (uint64_t)buffer, address, sz);
}