解读 RtlGetSystem
2016-10-16 22:18
127 查看
解读 RtlGetSystem
a2 = 0 时,调用出错: 0x5D5D573E (wcp.dll)处(位于 CallWCP.exe 中)引发的异常: 0xC0000005: 读取位置 0xCCCCCCCC 时发生访问冲突。 0x5D5D573E 的值: Windows::Rtl::SystemImplementation::CreateFilesystemProviderStack( unsigned long, class Windows::Rtl::SystemImplementation::IRtlFileSystemProvider *, struct Windows::Vector<struct Windows::Rtl::SYSTEM_LAYER> const &, class Windows::Auto<class Windows::Rtl::SystemImplementation::IRtlFileSystemProvider *> *,bool *) 5D5D572C jbe Windows::Rtl::SystemImplementation::CreateFilesystemProviderStack+3F9h (5D5D5A54h) 5D5D5732 mov eax,ebx 5D5D5734 mov dword ptr [ebp-12Ch],ebx 5D5D573A mov ecx,dword ptr [ecx] 5D5D573C add ecx,eax 5D5D573E mov eax,dword ptr [ecx] [ecx] 的值就是:0xCCCCCCCC,未定义。 把 a2 赋值 NULL,就可以了。 把 a3 设为一个地址: UINT_PTR* pv = (UINT_PTR*)CoTaskMemAlloc(4); pv = 0x00e25688 *pv = 0x00e340c8 *(LPVOID**)pv=0x5c7542f4 const Windows::Rtl::CRtlTearoffObject<class Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff>::`vftable'{for `Windows::Rtl::IRtlSystemIsolationLayer'}} +0: Windows::Rtl::CRtlTearoffObject<class Windows::Rtl::CRtlInnerObjectTearoffImpl<class Windows::Rtl::SystemImplementation::CSystemIsolationLayer> >::Release(void) +4: Windows::Rtl::CRtlTearoffObject<class Windows::Rtl::CRtlInnerObjectTearoffImpl<class Windows::Rtl::SystemImplementation::CSystemIsolationLayer> >::CreateInterface( struct _GUID const &, class Windows::Auto<struct Windows::Rtl::IRtlObject *> *) +8: Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff::OpenFilesystemDirectory( unsigned long, unsigned long, struct _LUNICODE_STRING const &, unsigned long, unsigned long, class Windows::Auto<struct Windows::Rtl::IRtlDirectory *> *, unsigned long *) +12 : Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff::OpenFilesystemFile( unsigned long, unsigned long, struct _LUNICODE_STRING const &, unsigned long, unsigned long, class Windows::Auto<struct Windows::Rtl::IRtlFile *> *, unsigned long *) +16: Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff::DeleteFilesystemFile( unsigned long, struct _LUNICODE_STRING const &, unsigned long *) + 20: Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff::OpenRegistryKey( unsigned long, unsigned long, struct _LUNICODE_STRING const &, class Windows::Auto<struct Windows::Rtl::IRtlKey *> *, unsigned long *) +24: Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff::TransferFile( unsigned long, unsigned long, struct Windows::Rtl::IRtlDirectory *, struct _LUNICODE_STRING const &, struct Windows::Rtl::IRtlDirectory *, struct _LUNICODE_STRING const &, unsigned long *) 释放时,用了两种: Windows::AutoPointerBase<Windows::Cdf::Rtl::IRtlCdfStringTableEnumerator *,Windows::Auto<Windows::Cdf::Rtl::IRtlCdfStringTableEnumerator *>>::Close(&v55); Windows::Auto<Windows::Rtl::IRtlSystemIsolationLayer *>::~Auto<Windows::Rtl::IRtlSystemIsolationLayer *>(&v148); 后面的这个类型可能更靠谱,因为在函数的定义中,就是这样类型转换的: v4 = (struct Windows::Rtl::SystemImplementation::IRtlFileSystemProvider *)a3;
相关文章推荐
- 解读 RtlGetVersion
- Xmanager Failed to get the installation date from the system registry
- getSystemservice()原理
- 解读RtlCreateServiceSid
- 转:找不到方法 system.Windows.forms.openfiledialog.get_safefileName()
- org.apache.poi.poifs.filesystem.POIFSFileSystem.getRoot()
- System Error Codes(GetLastError )6000-----15999
- context.getSystemService的简单说明
- System.currentTimeMillis,getTimeInMillis与new Date().getTime获取当前时间戳耗时比较
- System.currentTimeMillis,getTimeInMillis与new Date().getTime获取当前时间戳耗时比较
- getSystemService() 的API列表
- getSystemService
- Android getSystemService()的API
- GetSystemMetrics()函数的用法
- Androidの系统服务之getSystemService
- getSystemService原理
- System class 源码解读
- About GetSystemDirectoryA
- className.class.getResourceAsStream()与ClassLoader.getSystemResourceAsStream() 的区别
- awk+system+getline