16,471
社区成员
发帖
与我相关
我的任务
分享再提问请教
1.
BYTE bToken[9];
memset(bToken, 0, sizeof(bToken));
bToken[0] = COMMAND_CONTINUE; //
memcpy(bToken + 1, &FindFileData.nFileSizeHigh, 4);//FindFileData is WIN32_FIND_DATA
memcpy(bToken + 5, &FindFileData.nFileSizeLow, 4);
2.
LPBYTE bPacket = (LPBYTE)LocalAlloc(LPTR,nPacketSize);
memcpy(bPacket+ 1, file.GetBuffer(0), nPacketSize - 1); //file is CString,nPacketSize is length
LocalFree(bPacket);
3.
memset(bToken, 0, sizeof(bToken));
DWORD dwOffset = -1;
memcpy(bToken + 5, &dwOffset, 4);
4
memset(bToken, 0, sizeof(bToken));
memcpy(bToken + 1, &dwOffsetHigh, sizeof(dwOffsetHigh));//dwOffsetHigh is long .
memcpy(bToken + 5, &dwOffsetLow, sizeof(dwOffsetLow));
请问这些都有什么安全隐患呢?
运行的时候老实提示
T1.exe 中的 0x0065a7c0 处未处理的异常: 0xC0000005: 读取位置 0x01da0004 时发生访问冲突
在 MAP中发现 0x0065a7c0是 memcpy函数,
BYTE bToken[9];
memset(bToken, 0, sizeof(bToken));
bToken[0] = COMMAND_CONTINUE; //
memcpy(bToken + 1, &FindFileData.nFileSizeHigh, 4);//FindFileData is WIN32_FIND_DATA
memcpy(bToken + 5, &FindFileData.nFileSizeLow, 4);
2.
LPBYTE bPacket = (LPBYTE)LocalAlloc(LPTR,nPacketSize);
memcpy(bPacket+ 1, file.GetBuffer(0), nPacketSize - 1); //file is CString,nPacketSize is length
LocalFree(bPacket);
3.
memset(bToken, 0, sizeof(bToken));
DWORD dwOffset = -1;
memcpy(bToken + 5, &dwOffset, 4);
4
memset(bToken, 0, sizeof(bToken));
memcpy(bToken + 1, &dwOffsetHigh, sizeof(dwOffsetHigh));//dwOffsetHigh is long .
memcpy(bToken + 5, &dwOffsetLow, sizeof(dwOffsetLow));
请问这些都有什么安全隐患呢?
运行的时候老实提示
T1.exe 中的 0x0065a7c0 处未处理的异常: 0xC0000005: 读取位置 0x01da0004 时发生访问冲突
在 MAP中发现 0x0065a7c0是 memcpy函数,
...全文
