-
-
[求助]R3下关于调用Native Api问题
-
2009-8-21 15:10
5181
-
BYTE lpBuffer[1024] = {0};
_asm
{
push ebp
mov ebp, esp
push 0
push 20
push lpBuffer
push 0x00401000
push 0xFFFFFFFF
mov eax, 0xBA
mov edx, esp
int 0x2e
add esp, 0x14
mov esp, ebp
pop ebp
}
for(int i = 0; i < 20; i ++)
{
printf("%02X ", (BYTE)lpBuffer[i]);
}
为什么上面的方法调用NtReadVirtualMemory 读不到数据 而下面的方法可以正确读到数据?
typedef int (__stdcall *__NtReadVirtualMemory)(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesReaded OPTIONAL
);
__NtReadVirtualMemory pFun = (__NtReadVirtualMemory)GetProcAddress(LoadLibrary("ntdll"), "NtReadVirtualMemory");
if(pFun)
{
BYTE lpBuffer[1024] = {0};
pFun(GetCurrentProcess(), (PVOID)0x00401000, lpBuffer, 20, NULL);
for(int i = 0; i < 20; i ++)
{
printf("%02X ", (BYTE)lpBuffer[i]);
}
}
请知道的兄弟指点一下。。。
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
