Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/c/55.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C PowerShell尝试读取或写入受保护的内存_C_Powershell_Memory_Memory Management - Fatal编程技术网
Fatal编程技术网
  • c/
  • C PowerShell尝试读取或写入受保护的内存

C PowerShell尝试读取或写入受保护的内存

c powershell memory memory-management

C PowerShell尝试读取或写入受保护的内存,c,powershell,memory,memory-management,C,Powershell,Memory,Memory Management,我一点也不喜欢PowerShell,但我知道如何使用C。在使用VritualAlloc()分配内存并使用memset()对其进行写入后,我遇到了一个错误 另外,为了与x86兼容,我在SysWOW64上运行这个。如果架构是x64,它将重新启动PS1并从SysWOW64执行它 相关代码: $code = @" [DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSi

我一点也不喜欢PowerShell,但我知道如何使用C。在使用VritualAlloc()分配内存并使用memset()对其进行写入后,我遇到了一个错误

另外,为了与x86兼容,我在SysWOW64上运行这个。如果架构是x64,它将重新启动PS1并从SysWOW64执行它

相关代码:

$code = @"
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("msvcrt.dll")]
public static extern IntPtr memset(IntPtr dest, uint src, uint count);
"@
$win = Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru
$size = 100;

$vptr=$win::VirtualAlloc(0,0x1000,$size,0x40)
#0x1000 = MEM_COMMIT, 0x40 = PAGE_EXECUE_READWRITE

$win::memset([IntPtr]$vptr, 0x00, 1)
我收到的错误信息:

Unhandled Exception: System.AccessViolationException: Attempted to read or write protected\
memory. This is often an indication that other memory is corrupt.
相关“bcdedit”信息:

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {dda7e6ba-e18d-11e3-b50a-ecf4bb7add72}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {dda7e6c4-e18d-11e3-b50a-ecf4bb7add72}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \windows
resumeobject            {dda7e6ba-e18d-11e3-b50a-ecf4bb7add72}
nx                      AlwaysOn
bootmenupolicy          Standard
vga                     No
quietboot               Yes
bootlog                 No
sos                     No
这与DEP/NX有关吗?我现在不能简单地重新启动我的机器。

它不应该是
$win::VirtualAlloc(0,$size,0x1000,0x40)
?一开始我是这么想的,但现在不行了。即使为了安全起见我做了
$win::VirtualAlloc(0,0x1000,0x1000,0x40)
,我也会得到同样的错误。我的想法是它与DEP有关,但我无法知道。我在Windows 10机器上测试了它,NX设置为OptIn。相同的结果似乎我可以使用
[System.Runtime.InteropServices.marshall]:Copy()
函数和
VirtualAlloc([IntPtr]0,$size,0x3000,0x40)
执行此操作。稍后当我得到一个有效的概念证明时,我会更新这篇文章。