为什么会破坏wchar_t *变量?
[英]Why is a wchar_t* variable being clobbered?
问题描述
I'm working with the following piece of code. 
我正在使用以下代码。 DLLName is of type wchar_t* , and it's being set early on in my program. DLLName的类型为wchar_t* ,并且在我的程序的早期进行了设置。 Before i reach this point in my code, DLLName is a valid path to a DLL, like L"C:\\\\Windows\\\\System32\\\\advapi32.dll" 在代码中达到这一点之前,DLLName是DLL的有效路径,例如L"C:\\\\Windows\\\\System32\\\\advapi32.dll"
wprintf(L"Location: %s\n", DLLName);
HMODULE hDLL = LoadLibraryW(DLLName);
What happens when my code reaches wprintf ? 当我的代码到达wprintf时会发生什么? The value of DLLName is not printed. 不会显示DLLName的值。 In fact, DLLName is now a blank string, L"" ! 实际上,DLLName现在是一个空白字符串L"" ! Which causes the call to LoadLibraryW() to fail. 这将导致对LoadLibraryW()的调用失败。
Weird. 奇怪的。 I comment out wprintf . 我注释掉wprintf 。 When the debugger reaches the LoadLibraryW() , DLLName is the correct wide string with the path to my DLL. 当调试器到达LoadLibraryW() ,DLLName是带有我的DLL路径的正确的宽字符串。 After LoadLibraryW() , the value of DLLName is L"\\x4" , and the call failed. 在LoadLibraryW() ,DLLName的值为L"\\x4" ,并且调用失败。
What's going on here? 这里发生了什么? I am clueless on how to debug this. 我对调试方法一无所知。
EDIT: All of my code 编辑:我所有的代码
BOOL FindOriginalCOMServer(wchar_t* GUID, wchar_t** DLLName)
{
HKEY hKey;
HKEY hCLSIDKey;
wchar_t name[MAX_PATH];
DWORD nameLength = MAX_PATH;
wprintf(L"[*] Beginning search for GUID %s\n", GUID);
LONG lResult = RegOpenKeyExW(HKEY_LOCAL_MACHINE, (LPCWSTR)L"SOFTWARE\\Classes\\CLSID", 0, KEY_READ, &hKey);
if (lResult != ERROR_SUCCESS) {
wprintf(L"[-] Error getting CLSID path\n");
return FALSE;
}
// Make sure HKLM\Software\Classes\CLSID\{GUID} exists
lResult = RegOpenKeyExW(hKey, GUID, 0, KEY_READ, &hCLSIDKey);
if (lResult != ERROR_SUCCESS) {
wprintf(L"[-] Error getting GUID path\n");
RegCloseKey(hKey);
return FALSE;
}
// Read the value of HKLM's InProcServer32
lResult = RegGetValueW(hCLSIDKey, (LPCWSTR)L"InProcServer32", NULL, RRF_RT_ANY, NULL, (PVOID)&name, &nameLength);
if (lResult != ERROR_SUCCESS) {
wprintf(L"[-] Error getting InProcServer32 value: %d\n", lResult);
RegCloseKey(hKey);
RegCloseKey(hCLSIDKey);
return FALSE;
}
*DLLName = name;
return TRUE;
}
Then: 然后:
wchar_t* DLLName = new wchar_t[MAX_PATH];
if (!FindOriginalCOMServer((wchar_t*)lplpsz, &DLLName))
{
wprintf(L"[-] Couldn't find original COM server\n");
return S_FALSE;
}
wprintf("[+] Found original COM server: %s\n", DLLName);
HMODULE hDLL = LoadLibraryW(DLLName);
1 个解决方案
解决方案1
4 已采纳 2019-09-05 18:37:40
DLLName will point to a local char array in FindOriginalCOMServer , which will no longer exist once that function returns. DLLName将指向FindOriginalCOMServer的本地char数组,一旦该函数返回,该数组将不再存在。
You should pass DLLName to FindOriginalCOMServer() as a wchar_t* (one pointer, not two) then get rid of name and work with DLLName directly. 您应该将DLLName作为wchar_t* (一个指针,而不是两个指针FindOriginalCOMServer()传递给FindOriginalCOMServer() ,然后删除name并直接使用DLLName 。 Or, you could use wcscpy_s() to copy the string from name to DLLName . 或者,您可以使用wcscpy_s()将字符串从name复制到DLLName 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.