[英]Why is a wchar_t* variable being clobbered?
I'm working with the following piece of code. 我正在使用以下代码。 DLLName is of type
wchar_t*
, and it's being set early on in my program. DLLName的类型为
wchar_t*
,并且在我的程序的早期进行了设置。 Before i reach this point in my code, DLLName is a valid path to a DLL, like L"C:\\\\Windows\\\\System32\\\\advapi32.dll"
在代码中达到这一点之前,DLLName是DLL的有效路径,例如
L"C:\\\\Windows\\\\System32\\\\advapi32.dll"
wprintf(L"Location: %s\n", DLLName);
HMODULE hDLL = LoadLibraryW(DLLName);
What happens when my code reaches wprintf
? 当我的代码到达
wprintf
时会发生什么? The value of DLLName is not printed. 不会显示DLLName的值。 In fact, DLLName is now a blank string,
L""
! 实际上,DLLName现在是一个空白字符串
L""
! Which causes the call to LoadLibraryW()
to fail. 这将导致对
LoadLibraryW()
的调用失败。
Weird. 奇怪的。 I comment out
wprintf
. 我注释掉
wprintf
。 When the debugger reaches the LoadLibraryW()
, DLLName is the correct wide string with the path to my DLL. 当调试器到达
LoadLibraryW()
,DLLName是带有我的DLL路径的正确的宽字符串。 After LoadLibraryW()
, the value of DLLName is L"\\x4"
, and the call failed. 在
LoadLibraryW()
,DLLName的值为L"\\x4"
,并且调用失败。
What's going on here? 这里发生了什么? I am clueless on how to debug this.
我对调试方法一无所知。
EDIT: All of my code 编辑:我所有的代码
BOOL FindOriginalCOMServer(wchar_t* GUID, wchar_t** DLLName)
{
HKEY hKey;
HKEY hCLSIDKey;
wchar_t name[MAX_PATH];
DWORD nameLength = MAX_PATH;
wprintf(L"[*] Beginning search for GUID %s\n", GUID);
LONG lResult = RegOpenKeyExW(HKEY_LOCAL_MACHINE, (LPCWSTR)L"SOFTWARE\\Classes\\CLSID", 0, KEY_READ, &hKey);
if (lResult != ERROR_SUCCESS) {
wprintf(L"[-] Error getting CLSID path\n");
return FALSE;
}
// Make sure HKLM\Software\Classes\CLSID\{GUID} exists
lResult = RegOpenKeyExW(hKey, GUID, 0, KEY_READ, &hCLSIDKey);
if (lResult != ERROR_SUCCESS) {
wprintf(L"[-] Error getting GUID path\n");
RegCloseKey(hKey);
return FALSE;
}
// Read the value of HKLM's InProcServer32
lResult = RegGetValueW(hCLSIDKey, (LPCWSTR)L"InProcServer32", NULL, RRF_RT_ANY, NULL, (PVOID)&name, &nameLength);
if (lResult != ERROR_SUCCESS) {
wprintf(L"[-] Error getting InProcServer32 value: %d\n", lResult);
RegCloseKey(hKey);
RegCloseKey(hCLSIDKey);
return FALSE;
}
*DLLName = name;
return TRUE;
}
Then: 然后:
wchar_t* DLLName = new wchar_t[MAX_PATH];
if (!FindOriginalCOMServer((wchar_t*)lplpsz, &DLLName))
{
wprintf(L"[-] Couldn't find original COM server\n");
return S_FALSE;
}
wprintf("[+] Found original COM server: %s\n", DLLName);
HMODULE hDLL = LoadLibraryW(DLLName);
DLLName
will point to a local char array in FindOriginalCOMServer
, which will no longer exist once that function returns. DLLName
将指向FindOriginalCOMServer
的本地char数组,一旦该函数返回,该数组将不再存在。
You should pass DLLName
to FindOriginalCOMServer()
as a wchar_t*
(one pointer, not two) then get rid of name
and work with DLLName
directly. 您应该将
DLLName
作为wchar_t*
(一个指针,而不是两个指针FindOriginalCOMServer()
传递给FindOriginalCOMServer()
,然后删除name
并直接使用DLLName
。 Or, you could use wcscpy_s()
to copy the string from name
to DLLName
. 或者,您可以使用
wcscpy_s()
将字符串从name
复制到DLLName
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.