memcpy导致程序崩溃，请帮忙找下原因

xxsnihao 2021-01-04 05:32:53





void CServerDlg::OnClientRecive(CONNID dwConnID, DWORD dwCommand, const BYTE* pData, int iLength)

{



	try{

		switch (dwCommand)

		{

		case 99999:

			{

				char *buff = new char[iLength+1];

				memset(buff, 0, iLength +1);

				memcpy(buff, pData, iLength);



				SoftCloseByNickname(buff);

				delete [] buff;

				break;

			}

		case CMD_ASK_PWD: 

			{

				//InsertLog("收到密钥请求");

				//AfxMessageBox("收到密钥请求");

				//生成密钥

				string pwd = GenerateRandPwd();

				tagClientPwd *pClientPwd = new tagClientPwd;

				::memset(pClientPwd->szPwd, 0, 17);

				pClientPwd->connId = dwConnID;

				strcpy(pClientPwd->szPwd, pwd.c_str());

				m_ptrClientPwd.AddTail(pClientPwd);



				//发送密钥

				std::string encoded_data = base64_encode(reinterpret_cast<const unsigned char*>(pwd.c_str()), pwd.size());

				m_ClientServer.Send(dwConnID, CMD_PWD_RESULT, (BYTE*)encoded_data.c_str(), encoded_data.size());		

			} 

			break;

		case CMD_FIND_WINDOW_TITLE:			

			{

				//AfxMessageBox("找到窗口！");

				tagHackToolCheck *buff = new tagHackToolCheck();

				::memset(buff, 0, sizeof(tagHackToolCheck));

				memcpy(buff, pData, iLength);



				SYSTEMTIME str;

				GetLocalTime(&str);

				CString time;

				time.Format("wglog\\窗口-%d-%d-%d.txt",str.wYear,str.wMonth,str.wDay);



				FILE *fp = fopen(time, "at+");

				if (fp)

				{

					SYSTEMTIME st;

					GetLocalTime(&st);



					CString output;

					output.Format("%d-%d-%d %d:%d:%d [%s] 使用外挂-> %s \n", st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,buff->nickname,buff->flag);



					fputs(output.GetBuffer(0), fp);

					fclose(fp);





					//m_editCtrl += CString("\n") + output;

					//UpdateData( FALSE );



					SoftCloseByNickname(buff->nickname);

					ClearHeartInfo(buff->nickname);



				}



				delete buff;

				break;

			}

		case CMD_FIND_PROCESS:

			{

				tagHackToolCheck *buff = new tagHackToolCheck();

				::memset(buff, 0, sizeof(tagHackToolCheck));

				memcpy(buff, pData, iLength);



				SYSTEMTIME str;

				GetLocalTime(&str);

				CString time;

				time.Format("wglog\\进程-%d-%d-%d.txt",str.wYear,str.wMonth,str.wDay);



				FILE *fp = fopen(time, "at+");

				if (fp)

				{

					SYSTEMTIME st;

					GetLocalTime(&st);



					CString output;

					output.Format("%d-%d-%d %d:%d:%d [%s] 使用外挂-> %s \n", st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,buff->nickname,buff->flag);



					//m_editCtrl += CString("\n") + output;

					//UpdateData( FALSE );







					fputs(output.GetBuffer(0), fp);

					fclose(fp);



					SoftCloseByNickname(buff->nickname);

					ClearHeartInfo(buff->nickname);

				}



				delete buff;

				break;

			}



//这里是加密窗口关键词 有问题 先注释

/*

		case CMD_ASK_WINDOW_KEYWORDS:

			{

				string pwd = "";

				POSITION pos = m_ptrClientPwd.GetHeadPosition();

				while (pos != NULL)

				{

					POSITION temp = pos;

					tagClientPwd* pInfo = (tagClientPwd*)m_ptrClientPwd.GetNext(pos);

					if (pInfo != NULL)

					{

						if (pInfo->connId == dwConnID)

						{

							pwd = pInfo->szPwd;

							break;

						}

					}

				}

				if (pwd.empty())

				{

					return;

				}





				string windowKeywords;

				FILE* fp = fopen("window.txt", "r");

				if (fp)

				{	

					char line[128];

					memset(line, 0, 128);

					while(!feof(fp))

					{



						fgets(line, 128, fp);

						if (line[strlen(line)-1] == '\n'){

							line[strlen(line)-1] = '\0';

						}

						if (line[strlen(line)-1] == '\r'){

							line[strlen(line)-1] = '\0';

						}

						windowKeywords += line + string(",");

					}

					fclose(fp);				

				}





				windowKeywords[windowKeywords.size()-1] = '\0';





				//m_editCtrl += CString("\n窗口关键字：") + windowKeywords.c_str();

				//UpdateData( FALSE );



				//CString str; 

				//str.Format("%d", windowKeywords.size());

				//AfxMessageBox(str);





				AES aes((unsigned char*)pwd.c_str());

				char *buff = new char[1024];

				::memset(buff, 0, 1024);

				memcpy(buff, (char*)windowKeywords.c_str(), windowKeywords.size());	

				buff = (char *)aes.encode(buff, 1024);

				std::string encoded_data = base64_encode(reinterpret_cast<const unsigned char*>(buff), 1024);



				//AfxMessageBox(encoded_data.c_str());







				byte * sendbuff = new byte[encoded_data.size()+1];

				memset(sendbuff, 0,encoded_data.size()+1);

				memcpy(sendbuff, encoded_data.c_str(), encoded_data.size());

				m_ClientServer.Send(dwConnID, CMD_WINDOW_DATA, sendbuff, encoded_data.size());



				//BOOL bRet = m_ClientServer.Send(dwConnID, CMD_WINDOW_DATA, sendbuff, windowKeywords.size());

				//if (!bRet)

				//{

				//	AfxMessageBox("窗口关键字发送失败！");

				//}

				delete [] sendbuff;

				delete [] buff;



				break;

			}

			*/

		case CMD_ASK_WINDOW_KEYWORDS:

			{

				string windowKeywords;

				FILE* fp = fopen("window.txt", "r");

				if (fp)

				{	

					char line[128];

					memset(line, 0, 128);

					while(!feof(fp))

					{



						fgets(line, 128, fp);

						if (line[strlen(line)-1] == '\n'){

							line[strlen(line)-1] = '\0';

						}

						if (line[strlen(line)-1] == '\r'){

							line[strlen(line)-1] = '\0';

						}

						windowKeywords += line + string(",");

					}

					fclose(fp);				

				}





				windowKeywords[windowKeywords.size()-1] = '\0';





				//m_editCtrl += CString("\n窗口关键字：") + windowKeywords.c_str();

				//UpdateData( FALSE );



				windowKeywords = base64_encode((unsigned char *)windowKeywords.c_str(), windowKeywords.length());//加密







				byte * sendbuff = new byte[windowKeywords.size()];

				memset(sendbuff, 0,windowKeywords.size());

				memcpy(sendbuff, windowKeywords.c_str(), windowKeywords.size());

				m_ClientServer.Send(dwConnID, CMD_WINDOW_DATA, sendbuff, windowKeywords.size());



				//BOOL bRet = m_ClientServer.Send(dwConnID, CMD_WINDOW_DATA, sendbuff, windowKeywords.size());

				//if (!bRet)

				//{

				//	AfxMessageBox("窗口关键字发送失败！");

				//}

				delete [] sendbuff;



				break;

			}



		case  CMD_ASK_PROCESS_KEYWORDS:

			{

				string processKeywords;





				FILE* fp = fopen("process.txt", "r");

				if (fp)

				{				

					char line[128];

					memset(line, 0, 128);

					while(!feof(fp))

					{



						fgets(line, 128, fp);

						if (line[strlen(line)-1] == '\n'){

							line[strlen(line)-1] = '\0';

						}

						if (line[strlen(line)-1] == '\r'){

							line[strlen(line)-1] = '\0';

						}

						processKeywords += line + string(",");

					}

					fclose(fp);				

				}



				processKeywords[processKeywords.size()-1] = '\0';



				//m_editCtrl += CString("\n进程关键字：") + processKeywords.c_str();

				//UpdateData( FALSE );



				processKeywords = base64_encode((unsigned char *)processKeywords.c_str(), processKeywords.length());//加密





				byte * sendbuff = new byte[processKeywords.size()];

				memset(sendbuff, 0, processKeywords.size());

				memcpy(sendbuff, processKeywords.c_str(), processKeywords.size());

				m_ClientServer.Send(dwConnID, CMD_PROCESS_DATA, sendbuff, processKeywords.size());



				delete [] sendbuff;

				break;

			}

		case CMD_ASK_DLL_KEYWORDS:

			{

				string dllKeywords;





				FILE* fp = fopen("dll.txt", "r");

				if (fp)

				{				

					char line[128];

					memset(line, 0, 128);

					while(!feof(fp))

					{



						fgets(line, 128, fp);

						if (line[strlen(line)-1] == '\n'){

							line[strlen(line)-1] = '\0';

						}

						if (line[strlen(line)-1] == '\r'){

							line[strlen(line)-1] = '\0';

						}

						dllKeywords += line + string(",");

					}

					fclose(fp);				

				}



				dllKeywords[dllKeywords.size()-1] = '\0';



				//m_editCtrl += CString("\n进程关键字：") + processKeywords.c_str();

				//UpdateData( FALSE );



				dllKeywords = base64_encode((unsigned char *)dllKeywords.c_str(), dllKeywords.length());//加密





				byte * sendbuff = new byte[dllKeywords.size()];

				memset(sendbuff, 0, dllKeywords.size());

				memcpy(sendbuff, dllKeywords.c_str(), dllKeywords.size());

				m_ClientServer.Send(dwConnID, CMD_DLL_DATA, sendbuff, dllKeywords.size());



				delete [] sendbuff;



				break;



			}

		case CMD_FIND_DLLINJECT:

			{

				tagDllInjectCheckReult *buff = new tagDllInjectCheckReult();

				::memset(buff, 0, sizeof(tagDllInjectCheckReult));

				memcpy(buff, pData, iLength);



				SYSTEMTIME str;

				GetLocalTime(&str);

				CString time;

				time.Format("wglog\\DLL-%d-%d-%d.txt",str.wYear,str.wMonth,str.wDay);



				FILE *fp = fopen(time, "at+");

				if (fp)

				{

					SYSTEMTIME st;

					GetLocalTime(&st);



					CString output;

					output.Format("%d-%d-%d %d:%d:%d [%s] 使用DLL注入-> %s \n", st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,buff->nickname,buff->dllPath);



					//m_editCtrl += CString("\n") + output;

					//UpdateData( FALSE );







					fputs(output.GetBuffer(0), fp);

					fclose(fp);



					SoftCloseByNickname(buff->nickname);

					ClearHeartInfo(buff->nickname);

				}



				delete buff;

				break;



			}

		case CMD_HEARTBEAT:

			{

				//	AfxMessageBox("收到心跳包");

				//	InsertLog("收到心跳包");

				string pwd = "";

				POSITION pos = m_ptrClientPwd.GetHeadPosition();

				while (pos != NULL)

				{

					POSITION temp = pos;

					tagClientPwd* pInfo = (tagClientPwd*)m_ptrClientPwd.GetNext(pos);

					if (pInfo != NULL)

					{

						if (pInfo->connId == dwConnID)

						{

							pwd = pInfo->szPwd;

							break;

						}

					}

				}

				if (pwd.empty())

				{

					return;

				}



				// 加密数据

				char *pPwdData = new char[iLength-128+1];

				memset(pPwdData, 0, iLength-128+1);

				memcpy(pPwdData, pData, iLength-128);



				pPwdData[iLength-128] = '\0';



				// 角色名

				char *pNickname = new char[128];

				memset(pNickname, 0, 128);

				memcpy(pNickname, pData+iLength-128, 128);







				// 校验心跳包

				AES aes((unsigned char*)pwd.c_str());

				char *buff = new char[1024];

				::memset(buff, 0, 1024);

				memcpy(buff, (char*)pwd.c_str(), pwd.size());		

				buff = (char *)aes.encode(buff, 1024);

				std::string encoded_data = base64_encode(reinterpret_cast<const unsigned char*>(buff), 1024);





				if (CString(pPwdData).Trim() == CString(encoded_data.c_str()).Trim())

				{			

					POSITION pos = m_ptrClientHeartLog.GetHeadPosition()