|
|
论坛的代码,好像有问题,很多控件按钮点击不了。
今天我在使用CR3读写内存时发现,会出现以下错误。
检查了下调用代码没问题,是不是在切换CR3后出现的问题呢?速度慢时不会蓝屏,所以我没有调试到异常。
如果是用keattchprocess来读写没问题。
刚入门的小白,希望大神们不要介意。
蓝屏代码
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff5010f5c9a98, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff803c6d3d730, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
NTSTATUS KReadWriteProcessMemoryCR3(_In_ PEPROCESS Process, _In_ PVOID Address, _In_ UINT32 Length, _Inout_ PVOID Buffer, _In_ BOOLEAN IsWrite)
{
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
ULONG64 pDTB = 0, OldCr3 = 0;
PVOID pDTBBaseAddr = (PVOID)((UCHAR*)Process + DIRECTORY_TABLE_BASE_OFFSET);
if (!MmIsAddressValid(pDTBBaseAddr))
{
return ntStatus;
}
pDTB = Get64bitValue(pDTBBaseAddr);
if (pDTB == 0)
{
return ntStatus;
}
//Record old cr3 and set new cr3
_disable();//禁止中断
OldCr3 = __readcr3();
__writecr3(pDTB);
_enable();
if (MmIsAddressValid(Address) && MmIsAddressValid(Buffer)) {//检查page fault
__try {
if (IsWrite)
{
RtlCopyMemory(Address, Buffer, Length);
}
else
{
RtlCopyMemory(Buffer, Address, Length);
}
ntStatus = STATUS_SUCCESS;
}
__except (1) {
if (IsWrite)
{
KdPrint(("windbg>>>write error %p\n", Address));
}
else
{
KdPrint(("windbg>>>read error %p\n", Address));
}
}
}
else
{
KdPrint(("windbg>>>MmIsAddressValid error %p\n", Address));
}
////Restore old cr3
_disable();
__writecr3(OldCr3);
_enable();
return ntStatus;
} |
|
发表于 2019-5-25 00:13:31
楼主