封装的DLL,LR调用出现内存溢出的错误!!急
lr脚本:
#include "globals.h"
char strsend[]="\x02\x01\x63\x10\x00\x10\x51\x51\x51\x41\x41\x41\x41\x30\x30\x30\x30\x30\x30\x31\x31\x32\x11\x00\x01\x01\x17\x00\x01\x00\x30\x00\x01\x00\x31\x00\x01\x00\x32\x00\x01\x00\x33\x00\x01\x00\x34\x00\x01\x00\x35\x00\x01\x00\x36\x00\x01\x00\x37\x00\x01\x64\x39\x00\x08\x00\x00\x00\x00\x00\x00\x12\x34\x60\x00\x07\x21\x11\x11\x11\x11\x11\x12\x62\x00\x07\x21\x11\x11\x11\x11\x11\x12\x64\x00\x07\x21\x11\x11\x11\x11\x11\x12\x66\x00\x07\x00\x00\x00\x00\x00\x00\x00\x68\x00\x07\x21\x11\x11\x11\x11\x11\x12\x6A\x00\x07\x00\x00\x00\x00\x00\x00\x00\x6C\x00\x07\x21\x11\x11\x11\x11\x11\x12\x6E\x00\x07\x00\x00\x00\x00\x00\x00\x00\x70\x00\x07\x21\x11\x11\x11\x11\x11\x12\x72\x00\x07\x00\x00\x00\x00\x00\x00\x00\x74\x00\x07\x21\x11\x11\x11\x11\x11\x12\x76\x00\x07\x00\x00\x00\x00\x00\x00\x00\x80\x00\x5C\x73\x79\x73\x20\x20\x20\xCF\xB5\xCD\xB3\xD3\xA6\xD3\xC3\x20\x20\x20\x20\x20\x20\x20\x20\x20\x09\x11\x14\x00\x00\x00\x00\x20\x09\x11\x16\x10\x22\x29\x00\x20\x09\x11\x14\x00\x00\x00\x00\x62\x6F\x63\x6F\x6D\x20\xBD\xBB\xCD\xA8\xD2\xF8\xD0\xD0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x09\x11\x14\x00\x00\x00\x00\x20\x09\x11\x16\x10\x26\x04\x00\x20\x09\x11\x14\x00\x00\x00\x00\xA0\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA2\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA4\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA6\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA8\x00\x07\x21\x11\x11\x11\x11\x11\x12\xAA\x00\x07\x21\x11\x11\x11\x11\x11\x12\xAC\x00\x07\x21\x11\x11\x11\x11\x11\x12\x03\x4e\x22\x20\xd9";
memcpy();
//char str[364];
//char sts[470];
//char buf[470];
//char buf [4096];
char stsend[364];
char stresive[470];
Action()
{
lr_load_dll("Cms_Interface_Dll.dll");
printf("strsend=%d,strtiaoshi=%02x",sizeof(strsend),strsend[6]);
lr_message("strsend is %02x",strsend[20]);
lr_message("stresive is %02x",stresive[6]);
//Cms_dll_Initialization2();
//Cms_dll_Initialization1();
Cms_dll_Initialization(sizeof(strsend)-1,strsend,sizeof(stresive)-1,stresive);
printf("stresive =%d,ststiaoshi=%02x",sizeof(stresive),stresive[9]);
lr_message("stresive is %02x",stresive[5]);
return 0;
}
加载的dll为Cms_Interface_Dll.dll,报错信息如下:
Virtual User Script started
Starting action vuser_init.
Ending action vuser_init.
Running Vuser...
Starting iteration 1.
Starting action Action.
strsend is 31
stresive is 00
Action.c(21): Error: C interpreter run time error: Action.c (21): Error -- memory violation : Exception ACCESS_VIOLATION received.
Action.c(21): Notify: CCI trace: Action.c(21): Cms_dll_Initialization(363, 0x00ab5714, 469, 0x00ad0dcc "")
.
Action.c(21): Notify: CCI trace: Compiled_code(0): Action()
.
Ending Vuser...
Starting action vuser_end.
Ending action vuser_end.
Vuser Terminated.
DLL封装的代码 :
Cms_interface.def文件:
LIBRARY "Cms_Interface_Dll " ;
DESCRIPTION ' Cms_Interface_Dll is Windows Dynamic Link Library' ;
EXPORTS Cms_dll_Initialization @1 ;
Cms_interface_Dll.cpp文件:
#include "Cms_interface_Dll.h"
int Cms_dll_Initialization( int lenth, char* strecho,int lon,char * resive )
{
int ret;
//int icount;
SSL_CTX* ctx;
SSL_METHOD *meth;
WSADATA wsaData;//建立原始的TCP连接
SOCKET client_socket;
struct sockaddr_in addr_server;
SSL* ssl;//TCP连接已经建立,执行Client SSL /
X509* server_certificate;
char* str;
//char *ciphers="DHE-DSS-AES128-SHA";
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_client_method();
ctx = SSL_CTX_new (meth);
printf("size=%d,t=%02x\n",sizeof(str),strecho[6]);
/*if (!ctx)
{
ERR_print_errors_fp(stderr);
std::cout<<"SSL_CTX_new error."<<std::endl;
return -1;
}*/
SSL_CTX_set_options(ctx,SSL_OP_ALL);
ret = SSL_CTX_load_verify_locations(ctx, cert_path, NULL);
if (ret == 0)
{
SSL_CTX_free(ctx);
}
SSL_CTX_set_cipher_list(ctx,"DHE-RSA-AES128-SHA");//加密过程
/**//////////////////////// // 建立原始的TCP连接 //
/**////////////////////////
ret = WSAStartup( MAKEWORD(2, 2), &wsaData );
/*if ( ret != 0 ) {
std::cout<<"WSAStartup error."<<std::endl;
return -1;
}*/
client_socket = socket (AF_INET, SOCK_STREAM, 0);
/*if( client_socket == INVALID_SOCKET )
{
std::cout<<"socket error."<<std::endl;
return -1;
}*/
memset (&addr_server, 0, sizeof(addr_server));
addr_server.sin_family= AF_INET;
addr_server.sin_addr.S_un.S_addr = inet_addr(SERVER_IP);
addr_server.sin_port= htons (SERVER_PORT);
ret = connect(client_socket, (struct sockaddr*) &addr_server, sizeof(addr_server));
/*if( client_socket == SOCKET_ERROR )
{
std::cout<<"connect error."<<std::endl;
return -1;
}*/
/**//////////////////////////////////////
// TCP连接已经建立,执行Client SSL //
/**//////////////////////////////////////+
ssl = SSL_new (ctx);
if( ssl ==NULL)
{ std::cout<<"SSL_new error."<<std::endl;
return -1;
}
SSL_set_fd (ssl, client_socket);
ret = SSL_connect (ssl);
if( ret == -1 )
{
std::cout<<"SSL_accept error."<<std::endl;
return -2;
}
// 接下来的获取密码和获取服务器端证书的两部是可选的,不会影响数据交换
// 获取cipher
std::cout<<"SSL connection using: "<<SSL_get_cipher(ssl)<<std::endl;
// 获取服务器端的证书
server_certificate = SSL_get_peer_certificate (ssl);
if( server_certificate != NULL ) {
std::cout<<"Server certificate:"<<server_certificate<<std::endl;
str = X509_NAME_oneline (X509_get_subject_name (server_certificate),0,0);
if( str == NULL ) {
std::cout<<"X509_NAME_oneline error."<<std::endl;
} else {
std::cout<<"subject: "<<str<<std::endl;
OPENSSL_free (str);
}
str = X509_NAME_oneline (X509_get_issuer_name (server_certificate),0,0);
if( str == NULL )
{
std::cout<<"X509_NAME_oneline error."<<std::endl;
}
else
{
std::cout<<"issuer: "<<str<<std::endl;
OPENSSL_free (str);
}
X509_free (server_certificate);
}
else {
std::cout<<"Server does not have certificate. we sould Esc!"<<std::endl;
return 3;
}
/**/////////////////
// 数据交换 //
/**/////////////////
//char strecho[]="\x02\x01\x63\x10\x00\x10\x51\x51\x51\x41\x41\x41\x41\x30\x30\x30\x30\x30\x30\x31\x31\x32\x11\x00\x01\x01\x17\x00\x01\x00\x30\x00\x01\x00\x31\x00\x01\x00\x32\x00\x01\x00\x33\x00\x01\x00\x34\x00\x01\x00\x35\x00\x01\x00\x36\x00\x01\x00\x37\x00\x01\x64\x39\x00\x08\x00\x00\x00\x00\x00\x00\x12\x34\x60\x00\x07\x21\x11\x11\x11\x11\x11\x12\x62\x00\x07\x21\x11\x11\x11\x11\x11\x12\x64\x00\x07\x21\x11\x11\x11\x11\x11\x12\x66\x00\x07\x00\x00\x00\x00\x00\x00\x00\x68\x00\x07\x21\x11\x11\x11\x11\x11\x12\x6A\x00\x07\x00\x00\x00\x00\x00\x00\x00\x6C\x00\x07\x21\x11\x11\x11\x11\x11\x12\x6E\x00\x07\x00\x00\x00\x00\x00\x00\x00\x70\x00\x07\x21\x11\x11\x11\x11\x11\x12\x72\x00\x07\x00\x00\x00\x00\x00\x00\x00\x74\x00\x07\x21\x11\x11\x11\x11\x11\x12\x76\x00\x07\x00\x00\x00\x00\x00\x00\x00\x80\x00\x5C\x73\x79\x73\x20\x20\x20\xCF\xB5\xCD\xB3\xD3\xA6\xD3\xC3\x20\x20\x20\x20\x20\x20\x20\x20\x20\x09\x11\x14\x00\x00\x00\x00\x20\x09\x11\x16\x10\x22\x29\x00\x20\x09\x11\x14\x00\x00\x00\x00\x62\x6F\x63\x6F\x6D\x20\xBD\xBB\xCD\xA8\xD2\xF8\xD0\xD0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x09\x11\x14\x00\x00\x00\x00\x20\x09\x11\x16\x10\x26\x04\x00\x20\x09\x11\x14\x00\x00\x00\x00\xA0\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA2\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA4\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA6\x00\x07\x21\x11\x11\x11\x11\x11\x12\xA8\x00\x07\x21\x11\x11\x11\x11\x11\x12\xAA\x00\x07\x21\x11\x11\x11\x11\x11\x12\xAC\x00\x07\x21\x11\x11\x11\x11\x11\x12\x03\x4e\x22\x20\xd9";
std::cout << "Sizeof() == " << lenth << std::endl;
ret=SSL_write(ssl,strecho,lenth-1);
// ret = SSL_write (ssl, "Hello World!", strlen("Hello World!"));
if( ret == -1 ) {
std::cout<<"SSL_write error."<<std::endl;
return -4;
}
memset(buf,0,sizeof(buf));
ret = SSL_read (ssl, buf, sizeof(buf) - 1);
if( ret == -1 )
{
std::cout<<"SSL_read error."<<std::endl;
return -1;
}
// printf("%02x\n%",buf[2]);
// memcpy(sts,buf,470);
// for(icount=0;icount<50;icount++)
// {
// printf("%02x%02x%02x%02x\n%",sts[icount*4],sts[1+icount*4],sts[2+icount*4],sts[icount*4+3]);
//printf("%02x\n%",sts);
//}
buf[ret] = '\0';
SSL_shutdown(ssl); /**//* send SSL/TLS close_notify */
/**//////////////
// Cleanup //
//////////////
closesocket(client_socket);
SSL_free (ssl);
SSL_CTX_free (ctx);
WSACleanup();
return 0;
}
Cms_interface_Dll.h文件:
#include <openssl/rsa.h> /**//* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <iostream>
#include <winsock2.h>
#pragma comment( lib, "ws2_32.lib" )
#pragma comment( lib, "libeay32.lib" )
#pragma comment( lib, "ssleay32.lib" )
#define SERVER_IP "192.168.100.154"
#define SERVER_PORT 33450
#define cert_path "certs/cert.pem"
char buf [4096];
char stsend[600];
char stresive[600];
请问谁知道这个是什么问题,应该是dll的问题,但是没有定位到到底是哪里越界访问了程序外的堆栈???
请高手指教,万分感谢!