0
我正在做一些數據包轉換補丁。 我的dll注入中文遊戲,鉤住recv,偵聽數據包並翻譯中文收到的字符串。 我是編碼和編碼和編碼......直到我發現我應該如何寫在buf超過數據包長度?是否有可能在輸入緩衝區中寫入超過預期的功能? (沒有堆棧溢出)
int __stdcall Hooked_recv(SOCKET s, char *buf, int len, int flags)
{
h_recv.PreHook();
int ret_val = recv(s, buf, len, flags);
//ret_val is the number of bytes received. Ok, I can increase it, but...
//what to do with buf? Sure I can write there as much as no access violation appears.
//but I need a safe way.
//I guess if I do buf = new char[NEW_SIZE] then caller will fail to read buf because of pointer changed?
//what could I do to make received packet longer?
//I no want to reverse exe and increase buffer in hex editor. at least for now.
h_recv.PostHook();
return ret_val;
}
我不知道buf大小。我所能做的就是填充它直到訪問違規。也許有一些方法可以掃描整個進程內存的buf指針並修改它? – Kosmos
len的目的是告訴你可以放入緩衝區的字節數。 –
但buf帶有預定義的大小。 ppls聲明瞭一些char * buf [1024]並將其傳遞給recv函數。只有在recv被調用後,他們才知道實際接收了多少字節。 buf大小從不改變。 – Kosmos