在Visual Studio中调试时,每次循环后循环变量(i)被神秘地重置为0(在不调试时工作)

本文关键字:循环 调试 工作 Visual Studio 变量 | 更新日期: 2023-09-27 17:50:38

我正在尝试从c#进程中读取一些内存。下面是我的辅助函数,用于从一系列偏移中获取指针地址,以及相关的其他函数:

    [DllImport("kernel32.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
    public static extern Int32 ReadProcessMemory(
        IntPtr hProcess,
        IntPtr lpBaseAddress,
        [In, Out] byte[] buffer,
        UInt32 size,
        out int lpNumberOfBytesRead);
    public static bool ReadProcessMemoryHelper(
        IntPtr hProcess,
        long lpBaseAddress,
        [In, Out] byte[] buffer,
        UInt32 size,
        out int lpNumberOfBytesRead)
    {
        return ReadProcessMemory(
            hProcess,
            new IntPtr(lpBaseAddress),
            buffer,
            size,
            out lpNumberOfBytesRead) != 0;
    }
    public long Pointer(params int[] Offsets)
    {
        long pointerAddress = _baseAddr;
        if (Offsets.Length > 1)
        {
            byte[] buff = new byte[4];
            for (int i = 0; i < Offsets.Length - 1; i++)
            {
                int bytesRead;
                var cur = pointerAddress;
                var offset = Offsets[i];
                var next = cur + offset;
                Console.WriteLine("i = {0}", i);
                Console.WriteLine("[{0}+{1}], {2}", cur.ToString("X"), offset.ToString("X"), next.ToString("X"));
                if (0 == cur)
                {
                    return 0;
                }
                var readProcess = ReadProcessMemoryHelper(
                    _process.Handle,
                    next,
                    buff,
                    4,
                    out bytesRead);
                if (readProcess)
                {
                    pointerAddress = BitConverter.ToUInt32(buff, 0);
                }
                else
                {
                    return 0;
                }
                Console.WriteLine("i = {0}", i);
            }
        }
        return pointerAddress + Offsets[Offsets.Length - 1];
    }

不可思议的是,在调用ReadProcessMemoryHelper之后,循环变量i变为0。这个循环只会因为最终无法从进程中读取内存而终止,返回0。

下面是一些输出示例:

i = 0
[170000+FB02F0], 11202F0
i = 0
i = 1
[11469240+1C], 1146925C
i = 0
i = 1
[12DCC690+1C], 12DCC6AC
i = 0
i = 1
[114673A0+1C], 114673BC
i = 0
i = 1
[10F2C830+1C], 10F2C84C
i = 0
i = 1
[111561E0+1C], 111561FC
i = 0
i = 1
[E972CAE+1C], E972CCA
i = 0
i = 1
[1302736E+1C], 1302738A
i = 0
i = 1
[3E49+1C], 3E65

也许更神秘。这只发生在调试器被连接的时候(谈论一个Heisenbug)。如果从命令行运行此命令,将得到以下(正确的)输出:

i = 0
[170000+FB02F0], 11202F0
i = 0
i = 1
[11469240+1C], 1146925C
i = 1
i = 2
[12DCC690+10], 12DCC6A0
i = 2
i = 3
[113E4430+130], 113E4560
i = 3
i = 4
[10F2CEF0+1C], 10F2CF0C
i = 4

我不知道这是怎么回事,它快把我逼疯了。

在Visual Studio中调试时,每次循环后循环变量(i)被神秘地重置为0(在不调试时工作)

我猜您的进程是64位的。如果是这种情况,那么互操作签名是不正确的,因为最后一个参数的大小,lpNumberOfBytesRead应该是64位而不是32位。

BOOL WINAPI ReadProcessMemory(
    _In_  HANDLE  hProcess,
    _In_  LPCVOID lpBaseAddress,
    _Out_ LPVOID  lpBuffer,
    _In_  SIZE_T  nSize,
    _Out_ SIZE_T  *lpNumberOfBytesRead);

#if defined(_WIN64)
typedef unsigned __int64 ULONG_PTR;
#else
typedef unsigned long ULONG_PTR;
#endif
typedef ULONG_PTR SIZE_T;

你可以想象这将如何导致堆栈损坏。由于您忽略了out参数,因此您可以在签名中使用IntPtr。

相关文章: