Winapi 为什么我的线程winsock服务器赢了';不要撞车? 我已经实现了一个C++ Winsock(Win 32),它使用了 StrucP命令崩溃。套接字本身在线程中实例化。但是,当我将strcpy放入recv循环中时,它似乎没有崩溃
我知道编译器没有什么问题,因为用strcpy编写一个编译器会崩溃,我认为它与recv有关,因为它会在进程上启动一个块 下面是服务器的完整代码,我试图实现的崩溃形式是strcpy(a,“AAAA…”)代码>在正常情况下它应该崩溃,但在这里它不会。我想知道为什么Winapi 为什么我的线程winsock服务器赢了';不要撞车? 我已经实现了一个C++ Winsock(Win 32),它使用了 StrucP命令崩溃。套接字本身在线程中实例化。但是,当我将strcpy放入recv循环中时,它似乎没有崩溃,winapi,winsock,serversocket,buffer-overflow,Winapi,Winsock,Serversocket,Buffer Overflow,我知道编译器没有什么问题,因为用strcpy编写一个编译器会崩溃,我认为它与recv有关,因为它会在进程上启动一个块 下面是服务器的完整代码,我试图实现的崩溃形式是strcpy(a,“AAAA…”)在正常情况下它应该崩溃,但在这里它不会。我想知道为什么 #define WIN32_LEAN_AND_MEAN #include<windows.h> #include<winsock2.h> #include<stdlib.h> #include<stdio
#define WIN32_LEAN_AND_MEAN
#include<windows.h>
#include<winsock2.h>
#include<stdlib.h>
#include<stdio.h>
#include<ws2tcpip.h>
#include <iostream.h>
#include <conio.h>
#define DEFAULT_PORT "1133"
#define DEFAULT_BUFLEN 512
struct thread_data
{
int m_id;
thread_data(int id) : m_id(id){}
};
char a[10];
DWORD WINAPI ServerThread (LPVOID pParam){
WSADATA wsaData;
struct addrinfo *result =NULL;
struct addrinfo hints;
SOCKET ListenSocket = INVALID_SOCKET;
do{
ZeroMemory(&hints, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = AI_PASSIVE;
int iResult;
iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
iResult = getaddrinfo(NULL,DEFAULT_PORT,&hints, &result);
if (iResult != 0 ){
printf("get addrinfo failed with error %d\n", iResult);
WSACleanup();
return 1;
} //end if
ListenSocket = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
if (ListenSocket ==0){
printf("socket creation failed with error %d\n", WSAGetLastError());
}
//bind socket
iResult= bind( ListenSocket , result->ai_addr, (int)result->ai_addrlen);
if(iResult == SOCKET_ERROR){
printf("bind failed with error %d\n", WSAGetLastError());
freeaddrinfo(result);
closesocket(ListenSocket);
WSACleanup();
return 1;
}
printf ("initializing socket\n ");
iResult= listen(ListenSocket,SOMAXCONN);
if (iResult== SOCKET_ERROR){
printf("listen failed with %d\n",WSAGetLastError());
closesocket(ListenSocket);
WSACleanup();
return 1;
}
SOCKET client ;
sockaddr_in from;
int fromlen=sizeof(from);
char temp[1024];
char temp_to_send[1024];
char temp_to_send_vuln[512];
printf("accepting client request\n");
client=accept(ListenSocket, (struct sockaddr*) &from, &fromlen);
printf("accepted socket\n");
iResult =1;
int iSendResult =1;
char c;
//start receiving from client
while( (iResult = recv(client,temp,1024,0 )) > 0 ){
c = temp[0];
temp[iResult] = '\0';
if(c!=13)
strcat(temp_to_send,temp);
//if enter is hit echo sent data to client
if(c ==13 ){
printf("sending %s \n",temp_to_send);
//I WANT TO CRASH THE PGORAM HERE!!
strcpy(a,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
strcat(temp_to_send_vuln,temp_to_send);
strcat(temp_to_send_vuln,"\r\n");
iSendResult = send(client,temp_to_send,strlen(temp_to_send),0);
//if user types "exit" the client socket would terminate
if (strcmp(temp_to_send,"exit") ==0){
printf("exit entered\n");
closesocket(client);
WSACleanup();
break;
}
re-initialize variables for next input
temp[0] = '\0';
temp_to_send[0] = '\0';
}//end if(ch ==13)
}//end recv
printf("termination of socket with error %d and buffer length is ", WSAGetLastError());
printf("client said %s\n", temp) ;
if (iResult == SOCKET_ERROR){
printf("receiving failed with error %d",WSAGetLastError());
}
if (iSendResult == SOCKET_ERROR){
printf("seding failed with error %d", WSAGetLastError());
closesocket(client);
WSACleanup();
exit(1);
}
} while(1);
closesocket(ListenSocket);
WSACleanup();
printf("program ended\n");
return 0;
}
//the main function that calls the thread
int main(void)
{
//create thread here
CreateThread(NULL, 0 ,ServerThread, new thread_data(0), 0,0);
//terminate program when escape character is hit
while(_getch()!=27);
return 0;
}
#定义WIN32_LEAN_和_MEAN
#包括
#包括
#包括
#包括
#包括
#包括
#包括
#定义默认_端口“1133”
#定义默认值\u BUFLEN 512
结构线程数据
{
国际货币基金组织;
线程数据(int-id):m\u-id(id){}
};
chara[10];
DWORD WINAPI服务器线程(LPVOID pParam){
WSADATA WSADATA;
struct addrinfo*result=NULL;
结构addrinfo提示;
套接字ListenSocket=无效的\u套接字;
做{
零内存(&提示,sizeof(提示));
hits.ai_family=AF_INET;
hits.ai_socktype=SOCK_流;
hits.ai_protocol=IPPROTO_TCP;
hits.ai_flags=ai_被动;
国际结果;
iResult=WSAStartup(MAKEWORD(2,2)和wsaData);
iResult=getaddrinfo(NULL、默认端口、提示和结果);
如果(iResult!=0){
printf(“获取addrinfo失败,错误为%d\n”,iResult);
WSACleanup();
返回1;
}//如果结束,则结束
ListenSocket=socket(结果->ai_族,结果->ai_socktype,结果->ai_协议);
如果(ListenSocket==0){
printf(“套接字创建失败,错误为%d\n”,WSAGetLastError());
}
//绑定套接字
iResult=bind(ListenSocket,result->ai_addr,(int)result->ai_addrlen);
if(iResult==SOCKET\u错误){
printf(“绑定失败,错误为%d\n”,WSAGetLastError());
freeaddrinfo(结果);
闭合插座(ListenSocket);
WSACleanup();
返回1;
}
printf(“初始化套接字\n”);
iResult=侦听(ListenSocket,SOMAXCONN);
if(iResult==套接字\u错误){
printf(“侦听失败,错误为%d\n”,WSAGetLastError());
闭合插座(ListenSocket);
WSACleanup();
返回1;
}
套接字客户端;
sockaddr_从中输入;
int-fromlen=sizeof(from);
字符温度[1024];
字符临时发送[1024];
char temp_to_send_vuln[512];
printf(“接受客户端请求”);
client=accept(ListenSocket,(struct sockaddr*)&from和fromlen);
printf(“接受的套接字\n”);
iResult=1;
int-iSendResult=1;
字符c;
//开始从客户端接收
而((iResult=recv(客户端,临时,1024,0))>0){
c=温度[0];
临时[iResult]='\0';
如果(c!=13)
strcat(临时发送,临时发送);
//如果按enter键,则回显将数据发送到客户端
如果(c==13){
printf(“发送%s\n”,临时发送到发送);
//我想在这里撞坏PGORAM!!
标准副本(a,“aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;
strcat(临时发送,临时发送);
strcat(临时发送到vuln,“\r\n”);
iSendResult=send(客户端,临时发送,strlen(临时发送),0);
//如果用户输入“exit”,客户端套接字将终止
如果(strcmp(临时发送,“退出”)==0){
printf(“已输入退出\n”);
closesocket(客户端);
WSACleanup();
打破
}
为下一个输入重新初始化变量
温度[0]='\0';
临时发送[0]='\0';
}//如果(ch==13)结束
}//结束记录
printf(“套接字终止,错误为%d,缓冲区长度为”,WSAGetLastError());
printf(“客户说%s\n”,临时);
if(iResult==SOCKET\u错误){
printf(“接收失败,错误为%d”,WSAGetLastError());
}
if(iSendResult==套接字错误){
printf(“seding失败,错误为%d”,WSAGetLastError());
closesocket(客户端);
WSACleanup();
出口(1);
}
}而(1),;
闭合插座(ListenSocket);
WSACleanup();
printf(“程序结束\n”);
返回0;
}
//调用线程的主函数
内部主(空)
{
//在这里创建线程
CreateThread(NULL,0,ServerThread,新线程数据(0),0,0);
//当转义字符被击中时终止程序
而(_getch()!=27);
返回0;
}
您的strcpy()
调用只是在全局内存中破坏一个,然后是在它之后发生的任何事情;它是否会崩溃还不确定。如果你真的想崩溃,只需调用strcpy(NULL,“随便什么”)如果你真的想强制崩溃,只需直接抛出你自己的异常,而不是试图将RTL连贯起来抛出一个异常。谢谢你的回复,但我实际上是在模拟缓冲区溢出。。。。strcpy怎么把“a”搞糟了?实际上是把“a”后面的东西搞糟了。你的问题是,它没有定义这是否是你拥有的内存。如果你想要一个操作系统异常,你需要写一个你肯定不会拥有的地方,比如NULL。好的,我明白了,所以我需要找到一种方法来生成访问内存冲突,谢谢。我能在你那里找到工作吗?我擅长这个。