COM接口应用和引起的User breakpoint called from code at 0x7c92120e

最新推荐文章于 2022-11-15 16:54:22 发布
最新推荐文章于 2022-11-15 16:54:22 发布
阅读量1.6k 收藏 1
点赞数
CC 4.0 BY-SA版权
分类专栏: VC++6.0开发资料库 文章标签: user c
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/PerfectToday/article/details/6774339
本文探讨了在使用COM接口时遇到的Userbreakpoint错误,分析了错误原因并提供了解决方案。通过实例展示了如何正确地管理和释放COM接口资源,避免崩溃问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

COM接口应用和引起的User breakpoint called from code at 0x7c92120e
第一:在一个基类中,我定义了一个接口ISelf,使用过程中通过其它接口的某个函数返回了ISelf接口;
释放时,我调用.Release();
第二:最近系统引起崩溃,我就怀疑到这个接口上,于是我在基类的构造函数中为ISelf接口分配了内存,
m_ISelf = (ISelf*)CoTaskMemAlloc(sizeof(ISelf));
在析构函数中做了一个释放动作:
m_ISelf.Release();
CoTaskMemFree(m_ISelf); //执行到它,就会弹出一个 "Mircrosof Visual C++" “User breakpoint called from code at 0x7c92120e”
第三:后来我又把申请和释放去掉了,导致崩溃不是这方面的错
操作系统学习笔记(6)--启动盘制作
马如林的IT博客
05-23 1603
启动盘 ; This macro is used to calculate padding needed; to ensure that the boot sector is exactly 512 bytes; in size. The argument is the desired offset to be; padded to.%macro PadFromStart
未解决:自行打包cpio格式的Ramdisk,与编译成功生成的kernel.bin,deviceTree一起打包成image.ub,不能正常启动kernel的问题???
DIAN的博客
06-14 2063
使用开发板Z-turn Board,编译工具Petalinux,启动kernel相关打印: 非正常启动kernel: ## Loading kernel from FIT Image at 01000000 ... Using 'conf@system-top.dtb' configuration Verifying Hash Integrity ... OK Trying 'k...
User breakpoint called from code at 0x7c92120e
miaoshengwu Blog
10-20 5190
在分配内存时用到了new[ ],而在释放内存时却用的是delete,虽然程序执行没有什么大问题,只是在调试的时候总是跳出一些断点(这些个断点我没有设置),显示的内容都 是:User breakpoint called from code at 0x7c92120e,这个地址可能根据每次调试的不一样,在call stack窗口中显示NTDLL!7c92120e,当我每次点击断点跳出的对话框上的确定按
User breakpoint called from code at 0x7c92120e .
ayw_hehe的专栏
12-06 1517
在分配内存时用到了new[ ],而在释放内存时却用的是delete,虽然程序执行没有什么大问题,只是在调试的时候总是跳出一些断点(这些个断点我没有设置),显示的内容都是:User breakpoint called from code at 0x7c92120e,这个地址可能根据每次调试的不一样,在call stack窗口中显示NTDLL!7c92120e,当我每次点击断点跳出的对话框上的确定按钮
User breakpoint called from code at ***
汉尼拔勇闯天涯
01-04 760
new,delete,User breakpoint called
费解的NTDLL断点
08-01 423
  处理在NTDll中意外的用户断点很久没有写东西了,这次是为了完善很久很久以前写的一个培训ppt(VC的使用与调试技巧),才想起来写点东西的。下面的文章参考了http://www.debuginfo.com/tips/userbpntdll.html,但不是翻译,偶英语太烂了。我们在调试程序的过程中,有时会突然的显示一个对话框,上面显示这样一条信息: User breakpoin
#include <stdio.h> // 添加printf支持 #include <windows.h> BOOL SetBreakPoint(PVOID pFuncAddr); BOOL ClearBreakPoint(PVOID pFuncAddr); BOOL InstallVEHHook(PVECTORED_EXCEPTION_HANDLER Handler); VOID UnInstallVEHHook(); typedef int (WINAPI* PFN_MessageBox)( HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ); int WINAPI My_MessageBox( HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ); LONG WINAPI VectoredHandler1(struct _EXCEPTION_POINTERS* ExceptionInfo); LONG WINAPI VectoredHandler2(struct _EXCEPTION_POINTERS* ExceptionInfo); LONG WINAPI VectoredHandler3(struct _EXCEPTION_POINTERS* ExceptionInfo); VOID ShowMsgBox(LPCTSTR lpMsg); ULONG_PTR InitTrampolineFun(); PFN_MessageBox g_OriginalMessageBoxA; PVOID g_AddrofMessageBoxA = 0; PVOID g_hVector; BYTE g_OldCode[16] = { 0 }; int main(int argc, char* argv[]) { HMODULE hUser32 = LoadLibrary("user32.dll"); g_AddrofMessageBoxA = (PVOID)GetProcAddress(hUser32, "MessageBoxA"); printf("Address of MessageBoxA = 0x%p\n", g_AddrofMessageBoxA); g_OriginalMessageBoxA = (PFN_MessageBox)InitTrampolineFun(); //跳过开头的Hook printf("Addr of VectoredHandler1 = 0x%p\n", VectoredHandler1); printf("Addr of VectoredHandler2 = 0x%p\n", VectoredHandler2); printf("Addr of VectoredHandler3 = 0x%p\n", VectoredHandler3); //选择安装一个进行测试 InstallVEHHook(VectoredHandler1); //设置断点 SetBreakPoint(g_AddrofMessageBoxA); //call ShowMsgBox("VEH Hook Test."); printf("All Finished!\n"); ClearBreakPoint(g_AddrofMessageBoxA); UnInstallVEHHook(); ShowMsgBox("Hook Cleared"); return 0; } VOID ShowMsgBox(LPCTSTR lpMsg) { MessageBoxA(NULL, lpMsg, "Test", MB_OK); } ULONG_PTR InitTrampolineFun() { ULONG_PTR uResult = 0; PBYTE pFun = NULL; #ifdef _WIN64 //x64需要申请shellcode /* USER32!MessageBoxA: 00000000`779412b8 4883ec38 sub rsp,38h 00000000`779412bc 4533db xor r11d,r11d 00000000`779412bf 44391d760e0200 cmp dword ptr [USER32!gapfnScSendMessage+0x927c (00000000`7796213c)],r11d */ pFun = (PBYTE)VirtualAlloc(NULL, 128, MEM_COMMIT, PAGE_EXECUTE_READWRITE); uResult = (ULONG_PTR)pFun; memset(pFun, 0, 128); memcpy(pFun, (PVOID)g_AddrofMessageBoxA, 4); //拷贝第一条指令,4字节,推荐使用反汇编引擎来实际计算 pFun += 4; //下一条指令构造为jmp [xxxxxx] pFun[0] = 0xFF; pFun[1] = 0x25; *(ULONG_PTR*)(pFun + 6) = (ULONG_PTR)g_AddrofMessageBoxA + 4; //跳回到原函数加4的地方 #else //x86,第一条指令是mov edi,edi,直接跳过即可 uResult = (ULONG_PTR)g_AddrofMessageBoxA + 2; #endif return uResult; } //处理方式,修改参数并返回原函数继续执行 LONG WINAPI VectoredHandler1( struct _EXCEPTION_POINTERS* ExceptionInfo ) { const char* szNewMsg = "[VectoredHandler1] Hacked by pediy.com"; LONG lResult = EXCEPTION_CONTINUE_SEARCH; PEXCEPTION_RECORD pExceptionRecord; PCONTEXT pContextRecord; int ret = 0; pExceptionRecord = ExceptionInfo->ExceptionRecord; pContextRecord = ExceptionInfo->ContextRecord; ULONG_PTR* uESP = 0; printf("Exception Address = %p\n", pExceptionRecord->ExceptionAddress); if (pExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT && pExceptionRecord->ExceptionAddress == g_AddrofMessageBoxA) { #ifdef _WIN64 //x64上前四个参数依次为RCX,RDX,R8,R9 //修改第二个参数,即LpMsg printf("lpText = 0x%p %s\n", pContextRecord->Rdx, (char*)pContextRecord->Rdx); pContextRecord->Rdx = (ULONG_PTR)szNewMsg; pContextRecord->Rip = (ULONG_PTR)g_OriginalMessageBoxA; //跳到Trampoline继续执行 #else /* 0012FF70 0040105A /CALL 到 MessageBoxA 来自 VEHHook.00401054 0012FF74 00000000 |hOwner = NULL 0012FF78 00407030 |Text = "VEH Hook" 0012FF7C 0040703C |Title = "Test" 0012FF80 00000000 \Style = MB_OK|MB_APPLMODAL 0012FF84 00401225 返回到 VEHHook.<ModuleEntryPoint>+0B4 来自 VEHHook.00401000 */ printf("ESP = 0x%p\n", pContextRecord->Esp); uESP = (ULONG_PTR*)pContextRecord->Esp; //取中断时的ESP uESP[2] = (ULONG_PTR)szNewMsg; //修改栈中的参数 pContextRecord->Eip = (ULONG_PTR)g_OriginalMessageBoxA; //跳过函数开头 #endif lResult = EXCEPTION_CONTINUE_EXECUTION; } return lResult; } //处理方式:直接调用原函数并替原函数返回 LONG WINAPI VectoredHandler2( struct _EXCEPTION_POINTERS* ExceptionInfo ) { const char* szNewMsg = "[VectoredHandler2] Hacked by pediy.com"; LONG lResult = EXCEPTION_CONTINUE_SEARCH; PEXCEPTION_RECORD pExceptionRecord; PCONTEXT pContextRecord; int ret = 0; pExceptionRecord = ExceptionInfo->ExceptionRecord; pContextRecord = ExceptionInfo->ContextRecord; ULONG_PTR* uESP = 0; if (pExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT && pExceptionRecord->ExceptionAddress == g_AddrofMessageBoxA) { #ifdef _WIN64 //x64上前四个参数依次为RCX,RDX,R8,R9 printf("RSP = 0x%p\n", pContextRecord->Rsp); uESP = (ULONG_PTR*)pContextRecord->Rsp; printf("Return Address = 0x%p\n", uESP[0]); ret = g_OriginalMessageBoxA((HWND)pContextRecord->Rcx, szNewMsg, (LPCTSTR)pContextRecord->R8, (int)pContextRecord->R9); printf("ret = %d\n", ret); //修正RSP pContextRecord->Rsp += sizeof(ULONG_PTR);//参数在寄存器中,栈中无参数,仅需跳过返回地址 //直接返回到调用者处 pContextRecord->Rip = uESP[0];//设置EIP为返回地址 #else /* 0012FF70 0040105A /CALL 到 MessageBoxA 来自 VEHHook.00401054 0012FF74 00000000 |hOwner = NULL 0012FF78 00407030 |Text = "VEH Hook" 0012FF7C 0040703C |Title = "Test" 0012FF80 00000000 \Style = MB_OK|MB_APPLMODAL 0012FF84 00401225 返回到 VEHHook.<ModuleEntryPoint>+0B4 来自 VEHHook.00401000 */ printf("ESP = 0x%p\n", pContextRecord->Esp); uESP = (ULONG_PTR*)pContextRecord->Esp; ret = g_OriginalMessageBoxA((HWND)uESP[1], szNewMsg, (LPCTSTR)uESP[3], (int)uESP[4]); printf("ret = %d\n", ret); //直接返回到调用者处 pContextRecord->Eip = uESP[0];//设置EIP为返回地址 pContextRecord->Esp += (4 + 1) * sizeof(ULONG_PTR); //4为参数个数,1为返回地址 #endif lResult = EXCEPTION_CONTINUE_EXECUTION; } return lResult; } //处理方式:直接返回,相当于过滤掉 LONG WINAPI VectoredHandler3( struct _EXCEPTION_POINTERS* ExceptionInfo ) { LONG lResult = EXCEPTION_CONTINUE_SEARCH; PEXCEPTION_RECORD pExceptionRecord = ExceptionInfo->ExceptionRecord; PCONTEXT pContextRecord = ExceptionInfo->ContextRecord; ULONG_PTR* uESP = 0; if (pExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT && pExceptionRecord->ExceptionAddress == g_AddrofMessageBoxA) { /* 0012FF70 0040105A /CALL 到 MessageBoxA 来自 VEHHook.00401054 0012FF74 00000000 |hOwner = NULL 0012FF78 00407030 |Text = "VEH Hook" 0012FF7C 0040703C |Title = "Test" 0012FF80 00000000 \Style = MB_OK|MB_APPLMODAL 0012FF84 00401225 返回到 VEHHook.<ModuleEntryPoint>+0B4 来自 VEHHook.00401000 */ //直接返回到调用者处 #ifdef _WIN64 printf("RSP = 0x%p\n", pContextRecord->Rsp); uESP = (ULONG_PTR*)pContextRecord->Rsp; pContextRecord->Rip = uESP[0];//设置EIP为返回地址 pContextRecord->Rsp += sizeof(ULONG_PTR); //将压入栈内的参数返回地址清理掉,4为参数个数,1为返回地址 #else printf("ESP = 0x%X\n", pContextRecord->Esp); uESP = (ULONG_PTR*)pContextRecord->Esp; pContextRecord->Eip = uESP[0];//设置EIP为返回地址 pContextRecord->Esp += (4 + 1) * sizeof(ULONG_PTR); //将压入栈内的参数返回地址清理掉,4为参数个数,1为返回地址 #endif lResult = EXCEPTION_CONTINUE_EXECUTION; } return lResult; } BOOL InstallVEHHook(PVECTORED_EXCEPTION_HANDLER Handler) { printf("Current Handler Address = 0x%p\n", Handler); g_hVector = AddVectoredExceptionHandler(1, Handler); return g_hVector != NULL; } VOID UnInstallVEHHook() { RemoveVectoredExceptionHandler(g_hVector); } /* 0:000> u user32!messageboxA USER32!MessageBoxA: 77d507ea 8bff mov edi,edi 77d507ec 55 push ebp 77d507ed 8bec mov ebp,esp */ BOOL SetBreakPoint(PVOID pFuncAddr) { DWORD dwCnt = 0; BYTE* pTarget = (BYTE*)pFuncAddr; g_OldCode[0] = *pTarget; printf("Original Fun Head Code = 0x%02X\n", g_OldCode[0]); //修改内存页的属性 DWORD dwOLD; MEMORY_BASIC_INFORMATION mbi; VirtualQuery(pTarget, &mbi, sizeof(mbi)); VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &dwOLD); //写入int3 *pTarget = 0xCC; //恢复内存页的属性 VirtualProtect(mbi.BaseAddress, mbi.RegionSize, dwOLD, 0); return TRUE; } BOOL ClearBreakPoint(PVOID pFuncAddr) { BYTE* pTarget = (BYTE*)pFuncAddr; //修改内存页的属性 DWORD dwOLD; MEMORY_BASIC_INFORMATION mbi; VirtualQuery(pTarget, &mbi, sizeof(mbi)); VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &dwOLD); *pTarget = g_OldCode[0]; //恢复内存页的属性 VirtualProtect(mbi.BaseAddress, mbi.RegionSize, dwOLD, 0); return TRUE; } int WINAPI My_MessageBox( HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ) { char newMsg[400]; char newCation[] = "标题被我改了!"; int result; if (lpText) { ZeroMemory(newMsg, 400); lstrcpy(newMsg, lpText); lstrcat(newMsg, "\n\tMessage Box hacked by pediy.com"); } printf("有人调用MessageBox...\n"); result = g_OriginalMessageBoxA(hWnd, newMsg, newCation, uType); return result; }系统版本是win10 10240
最新发布
07-25
为了保持一致,我们应当将所有字符串操作都明确为ANSI(使用`char``LPCSTR`)或者Unicode(使用`wchar_t``LPCWSTR`)。由于`printf`是ANSI的,而且我们使用了`MessageBoxA`,所以建议全部使用ANSI。 问题在于...
#include "stdafx.h" #include <windows.h> BOOL SetBreakPoint(PVOID pFuncAddr); BOOL ClearBreakPoint(PVOID pFuncAddr); BOOL InstallVEHHook(PVECTORED_EXCEPTION_HANDLER Handler); VOID UnInstallVEHHook(); typedef int (WINAPI* PFN_MessageBox)( HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ); int WINAPI My_MessageBox( HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ); LONG WINAPI VectoredHandler1(struct _EXCEPTION_POINTERS* ExceptionInfo); LONG WINAPI VectoredHandler2(struct _EXCEPTION_POINTERS* ExceptionInfo); LONG WINAPI VectoredHandler3(struct _EXCEPTION_POINTERS* ExceptionInfo); VOID ShowMsgBox(LPCTSTR lpMsg); ULONG_PTR InitTrampolineFun(); PFN_MessageBox g_OriginalMessageBoxA; PVOID g_AddrofMessageBoxA = 0; PVOID g_hVector; BYTE g_OldCode[16] = { 0 }; int main(int argc, char* argv[]) { HMODULE hUser32 = LoadLibrary("user32.dll"); g_AddrofMessageBoxA = (PVOID)GetProcAddress(hUser32, "MessageBoxA"); printf("Address of MessageBoxA = 0x%p\n", g_AddrofMessageBoxA); g_OriginalMessageBoxA = (PFN_MessageBox)InitTrampolineFun(); //跳过开头的Hook printf("Addr of VectoredHandler1 = 0x%p\n", VectoredHandler1); printf("Addr of VectoredHandler2 = 0x%p\n", VectoredHandler2); printf("Addr of VectoredHandler3 = 0x%p\n", VectoredHandler3); //选择安装一个进行测试 InstallVEHHook(VectoredHandler1); //设置断点 SetBreakPoint(g_AddrofMessageBoxA); //call ShowMsgBox("VEH Hook Test."); printf("All Finished!\n"); ClearBreakPoint(g_AddrofMessageBoxA); UnInstallVEHHook(); ShowMsgBox("Hook Cleared"); return 0; } VOID ShowMsgBox(LPCTSTR lpMsg) { MessageBoxA(NULL, lpMsg, "Test", MB_OK); } ULONG_PTR InitTrampolineFun() { ULONG_PTR uResult = 0; PBYTE pFun = NULL; #ifdef _WIN64 //x64需要申请shellcode /* USER32!MessageBoxA: 00000000`779412b8 4883ec38 sub rsp,38h 00000000`779412bc 4533db xor r11d,r11d 00000000`779412bf 44391d760e0200 cmp dword ptr [USER32!gapfnScSendMessage+0x927c (00000000`7796213c)],r11d */ pFun = (PBYTE)VirtualAlloc(NULL, 128, MEM_COMMIT, PAGE_EXECUTE_READWRITE); uResult = (ULONG_PTR)pFun; memset(pFun, 0, 128); memcpy(pFun, (PVOID)g_AddrofMessageBoxA, 4); //拷贝第一条指令,4字节,推荐使用反汇编引擎来实际计算 pFun += 4; //下一条指令构造为jmp [xxxxxx] pFun[0] = 0xFF; pFun[1] = 0x25; *(ULONG_PTR*)(pFun + 6) = (ULONG_PTR)g_AddrofMessageBoxA + 4; //跳回到原函数加4的地方 #else //x86,第一条指令是mov edi,edi,直接跳过即可 uResult = (ULONG_PTR)g_AddrofMessageBoxA + 2; #endif return uResult; } //处理方式,修改参数并返回原函数继续执行 LONG WINAPI VectoredHandler1( struct _EXCEPTION_POINTERS* ExceptionInfo ) { char* szNewMsg = "[VectoredHandler1] Hacked by pediy.com"; LONG lResult = EXCEPTION_CONTINUE_SEARCH; PEXCEPTION_RECORD pExceptionRecord; PCONTEXT pContextRecord; int ret = 0; pExceptionRecord = ExceptionInfo->ExceptionRecord; pContextRecord = ExceptionInfo->ContextRecord; ULONG_PTR* uESP = 0; printf("Exception Address = %p\n", pExceptionRecord->ExceptionAddress); if (pExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT && pExceptionRecord->ExceptionAddress == g_AddrofMessageBoxA) { #ifdef _WIN64 //x64上前四个参数依次为RCX,RDX,R8,R9 //修改第二个参数,即LpMsg printf("lpText = 0x%p %s\n", pContextRecord->Rdx, (char*)pContextRecord->Rdx); pContextRecord->Rdx = (ULONG_PTR)szNewMsg; pContextRecord->Rip = (ULONG_PTR)g_OriginalMessageBoxA; //跳到Trampoline继续执行 #else /* 0012FF70 0040105A /CALL 到 MessageBoxA 来自 VEHHook.00401054 0012FF74 00000000 |hOwner = NULL 0012FF78 00407030 |Text = "VEH Hook" 0012FF7C 0040703C |Title = "Test" 0012FF80 00000000 \Style = MB_OK|MB_APPLMODAL 0012FF84 00401225 返回到 VEHHook.<ModuleEntryPoint>+0B4 来自 VEHHook.00401000 */ printf("ESP = 0x%p\n", pContextRecord->Esp); uESP = (ULONG_PTR*)pContextRecord->Esp; //取中断时的ESP uESP[2] = (ULONG_PTR)szNewMsg; //修改栈中的参数 pContextRecord->Eip = (ULONG_PTR)g_OriginalMessageBoxA; //跳过函数开头 #endif lResult = EXCEPTION_CONTINUE_EXECUTION; } return lResult; } //处理方式:直接调用原函数并替原函数返回 LONG WINAPI VectoredHandler2( struct _EXCEPTION_POINTERS* ExceptionInfo ) { char* szNewMsg = "[VectoredHandler2] Hacked by pediy.com"; LONG lResult = EXCEPTION_CONTINUE_SEARCH; PEXCEPTION_RECORD pExceptionRecord; PCONTEXT pContextRecord; int ret = 0; pExceptionRecord = ExceptionInfo->ExceptionRecord; pContextRecord = ExceptionInfo->ContextRecord; ULONG_PTR* uESP = 0; if (pExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT && pExceptionRecord->ExceptionAddress == g_AddrofMessageBoxA) { #ifdef _WIN64 //x64上前四个参数依次为RCX,RDX,R8,R9 printf("RSP = 0x%p\n", pContextRecord->Rsp); uESP = (ULONG_PTR*)pContextRecord->Rsp; printf("Return Address = 0x%p\n", uESP[0]); ret = g_OriginalMessageBoxA((HWND)pContextRecord->Rcx, szNewMsg, (LPCTSTR)pContextRecord->R8, (int)pContextRecord->R9); printf("ret = %d\n", ret); //修正RSP pContextRecord->Rsp += sizeof(ULONG_PTR);//参数在寄存器中,栈中无参数,仅需跳过返回地址 //直接返回到调用者处 pContextRecord->Rip = uESP[0];//设置EIP为返回地址 #else /* 0012FF70 0040105A /CALL 到 MessageBoxA 来自 VEHHook.00401054 0012FF74 00000000 |hOwner = NULL 0012FF78 00407030 |Text = "VEH Hook" 0012FF7C 0040703C |Title = "Test" 0012FF80 00000000 \Style = MB_OK|MB_APPLMODAL 0012FF84 00401225 返回到 VEHHook.<ModuleEntryPoint>+0B4 来自 VEHHook.00401000 */ printf("ESP = 0x%p\n", pContextRecord->Esp); uESP = (ULONG_PTR*)pContextRecord->Esp; ret = g_OriginalMessageBoxA((HWND)uESP[1], szNewMsg, (LPCTSTR)uESP[3], (int)uESP[4]); printf("ret = %d\n", ret); //直接返回到调用者处 pContextRecord->Eip = uESP[0];//设置EIP为返回地址 pContextRecord->Esp += (4 + 1) * sizeof(ULONG_PTR); //4为参数个数,1为返回地址 #endif lResult = EXCEPTION_CONTINUE_EXECUTION; } return lResult; } //处理方式:直接返回,相当于过滤掉 LONG WINAPI VectoredHandler3( struct _EXCEPTION_POINTERS* ExceptionInfo ) { LONG lResult = EXCEPTION_CONTINUE_SEARCH; PEXCEPTION_RECORD pExceptionRecord = ExceptionInfo->ExceptionRecord; PCONTEXT pContextRecord = ExceptionInfo->ContextRecord; ULONG_PTR* uESP = 0; if (pExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT && pExceptionRecord->ExceptionAddress == g_AddrofMessageBoxA) { /* 0012FF70 0040105A /CALL 到 MessageBoxA 来自 VEHHook.00401054 0012FF74 00000000 |hOwner = NULL 0012FF78 00407030 |Text = "VEH Hook" 0012FF7C 0040703C |Title = "Test" 0012FF80 00000000 \Style = MB_OK|MB_APPLMODAL 0012FF84 00401225 返回到 VEHHook.<ModuleEntryPoint>+0B4 来自 VEHHook.00401000 */ //直接返回到调用者处 #ifdef _WIN64 printf("RSP = 0x%p\n", pContextRecord->Rsp); uESP = (ULONG_PTR*)pContextRecord->Rsp; pContextRecord->Rip = uESP[0];//设置EIP为返回地址 pContextRecord->Rsp += sizeof(ULONG_PTR); //将压入栈内的参数返回地址清理掉,4为参数个数,1为返回地址 #else printf("ESP = 0x%X\n", pContextRecord->Esp); uESP = (ULONG_PTR*)pContextRecord->Esp; pContextRecord->Eip = uESP[0];//设置EIP为返回地址 pContextRecord->Esp += (4 + 1) * sizeof(ULONG_PTR); //将压入栈内的参数返回地址清理掉,4为参数个数,1为返回地址 #endif lResult = EXCEPTION_CONTINUE_EXECUTION; } return lResult; } BOOL InstallVEHHook(PVECTORED_EXCEPTION_HANDLER Handler) { printf("Current Handler Address = 0x%p\n", Handler); g_hVector = AddVectoredExceptionHandler(1, Handler); return g_hVector != NULL; } VOID UnInstallVEHHook() { RemoveVectoredExceptionHandler(g_hVector); } /* 0:000> u user32!messageboxA USER32!MessageBoxA: 77d507ea 8bff mov edi,edi 77d507ec 55 push ebp 77d507ed 8bec mov ebp,esp */ BOOL SetBreakPoint(PVOID pFuncAddr) { DWORD dwCnt = 0; BYTE* pTarget = (BYTE*)pFuncAddr; g_OldCode[0] = *pTarget; printf("Original Fun Head Code = 0x%02X\n", g_OldCode[0]); //修改内存页的属性 DWORD dwOLD; MEMORY_BASIC_INFORMATION mbi; VirtualQuery(pTarget, &mbi, sizeof(mbi)); VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &dwOLD); //写入int3 *pTarget = 0xCC; //恢复内存页的属性 VirtualProtect(mbi.BaseAddress, mbi.RegionSize, dwOLD, 0); return TRUE; } BOOL ClearBreakPoint(PVOID pFuncAddr) { BYTE* pTarget = (BYTE*)pFuncAddr; //修改内存页的属性 DWORD dwOLD; MEMORY_BASIC_INFORMATION mbi; VirtualQuery(pTarget, &mbi, sizeof(mbi)); VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &dwOLD); *pTarget = g_OldCode[0]; //恢复内存页的属性 VirtualProtect(mbi.BaseAddress, mbi.RegionSize, dwOLD, 0); return TRUE; } int WINAPI My_MessageBox( HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ) { char newMsg[400]; char newCation[] = "标题被我改了!"; int result; if (lpText) { ZeroMemory(newMsg, 400); lstrcpy(newMsg, lpText); lstrcat(newMsg, "\n\tMessage Box hacked by pediy.com"); } printf("有人调用MessageBox...\n"); result = g_OriginalMessageBoxA(hWnd, newMsg, newCation, uType); return result; }严重性 代码 说明 项目 文件 行 禁止显示状态 详细信息 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 41 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 116 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 166 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 225 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 243 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 267 错误(活动) E0020 未定义标识符 "printf" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 314 错误 C1083 无法打开包括文件: “stdafx.h”: No such file or directory veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 3 错误(活动) E1696 无法打开 源 文件 "stdafx.h" veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 3 错误(活动) E0167 "LPCTSTR" (aka "const WCHAR *") 类型的实参与 "LPCSTR" (aka "const CHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 68 错误(活动) E0167 "const char *" 类型的实参与 "LPCWSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 39 错误(活动) E0167 "const char *" 类型的实参与 "LPCWSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 312 错误(活动) E0167 "const char *" 类型的实参与 "LPCTSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 55 错误(活动) E0167 "const char *" 类型的实参与 "LPCTSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 62 错误(活动) E0144 "const char *" 类型的值不能用于初始化 "char *" 类型的实体 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 108 错误(活动) E0144 "const char *" 类型的值不能用于初始化 "char *" 类型的实体 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 152 错误(活动) E0167 "char *" 类型的实参与 "LPWSTR" (aka "wchar_t *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 311 错误(活动) E0167 "char *" 类型的实参与 "LPWSTR" (aka "wchar_t *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 312 错误(活动) E0167 "char *" 类型的实参与 "LPCTSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 169 错误(活动) E0167 "char *" 类型的实参与 "LPCTSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 315 错误(活动) E0167 "char *" 类型的实参与 "LPCTSTR" (aka "const WCHAR *") 类型的形参不兼容 veh hook C:\Users\17116\source\repos\veh hook\veh hook\源.cpp 315
07-25
printf("MessageBox called...\n"); result = g_OriginalMessageBoxA(hWnd, newMsg, newCation, uType); return result; } ``` ### 关键修复点说明 1. **字符集统一**: ```cpp // 所有字符串参数改为LPCSTR ...
ovs dpdk debug
lingshengxiyou的博客
11-15 1306
ovs的action类型如下,使用nla_type()函数获取nl_type的值,入口处理函数为do_execute_actions()。,#endif};OVS_ACTION_ATTR_OUTPUT:获取port号,调用do_output()发送报文到该port;OVS_ACTION_ATTR_USERSPACE:调用output_userspace()发送到用户态;
WIN10使用VC6.0单步调试报错的问题
Any_Howe的博客
02-18 1335
过程中报了两类错误: 1.First-chance exception in 程序名.exe (OLE32.DLL): 0xC0000005: Access Violation 2.Administrator privileges required for ole remote procedure call debugging :this feature will not work 对于第二个错误,很多人给出的解决办法是将VC6改为管理员权限启动,但是莫名其妙的无法打开网络映射位置。 参考第一个
user breakpoint called from code at 0x******
凤凰木
10-10 3924
在调试程序中遇到提示“user  breakpoint  called  from  code  at  0x......(地址)”时,这并不一定是因没用户设置了断点的关系,而是因为系统执行了一个硬编码断点操作(hard  codebreakpoint  instruction)。     例如在Windows  NT下当正被调试的应用程序获得焦点时,如果F12键按下,则Windows  N
user breakpoint called from code at 0x...
bird67的专栏
11-07 2030
处理在NTDll中意外的用户断点很久没有写东西了,这次是为了完善很久很久以前写的一个培训ppt(VC的使用与调试技巧),才想起来写点东西的。下面的文章参考了http://www.debuginfo.com/tips/userbpntdll.html,但不是翻译,偶英语太烂了。我们在调试程序的过程中,有时会突然的显示一个对话框,上面显示这样一条信息:User breakpoint calle
不要放过User breakpoint called from code at [0x77000000]
铭星的专栏
08-12 4433
不要放过User breakpoint called from code at [0x77000000] Mindon 2009-8-12 摘编自www.diybl.com 作者:匿名 User breakpoint called from code at 0x7740240f 已解决 尊重原创  VC调试程序时,程序报出“User breakpoint called from
MFC重现"User Breakpoint called from code at"错误——CString在多线程中容易导致的问题
chunfengdeyiding的专栏
02-10 3047
一重现该错误 由于最近在一个项目中总是会莫名其妙的出现"User Breakpoint called from code at"错误,该错误不是每次运行的时候都出现,而是是不是会出现(Debug下),有时候10分钟,有时候则几个小时。这到底是由什么引起的呢? 由于每次运行的时候,都是与CString类相关,而且又是在多线程编程模式下,于是,就想复制该情况,重现该错误。我是这么做的。 VC6
GDI内存泄露小结
xingziweiyi的专栏
04-27 1222
GDI内存泄露 在windows编程中遇见内存泄露是很郁闷的一件事情,在编程时养成良好的编程习惯可以有效的避免内存泄露问题。当出现了0x80000003引用........0x7c92120e时,程序内存产生错误,有可能是内存泄露 一、new、delete、malloc 导致的内存泄露 二、GDI内存泄露: 一)避免内存泄露 1.Create出来的GDI对象,一定要用DeleteObje
Visual c++ Call Stack窗口调试 跟踪“内存不能为读”的错误
DOS5GW的专栏
09-07 1712
Call Stack窗口用于观看函数运行时的参数类型、参数值信息。当程序处于调试阶段时,Call Stack窗口会将当前代码所在的函数显示在窗口的上方,其后是调用该函数的上级函数,直到WinMain()函数入口。 比如程序会在执行一段时间后出现“内存xxx不能为读”的错误,如果在VC调试模式下执行程序,会出现Access   Violation的警告,VC会自动断点到当前执行的函数,也就是产生Access   Violation异常的那个函数,然后这时打开Call Stack,可以看到函数的调用顺序及参数
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值