VirtualAlloc和Python -访问冲突

Question

非常简单的python脚本给了我一个访问冲突，我就是不知道为什么。

import ctypes

def Test():
     data = bytearray( "\xDE\xAD\xBE\xEF\x0B\xAD\xC0\xDE", 'utf-16' )
     dataLen = len( data )

     try :
        ptr = ctypes.windll.kernel32.VirtualAlloc( ctypes.c_int( 0 ),
                                                   ctypes.c_int( dataLen ),
                                                   ctypes.c_int( 0x3000 ),
                                                   ctypes.c_int( 0x40 ) )

        buf = ( ctypes.c_char * dataLen ).from_buffer( data )

        ctypes.windll.kernel32.RtlMoveMemory( ctypes.c_int( ptr ),
                                              buf,
                                              ctypes.c_int( dataLen ) )
     except Exception as e :
        print( e )
        exit(-1)

错误：

Traceback (most recent call last):
  File "c:\vs17\...\ptvsd_launcher.py", line 119, in <module>
    vspd.debug(filename, port_num, debug_id, debug_options, run_as)
  File "c:\vs17\...\ptvsd\debugger.py", line 37, in debug
    run(address, filename, *args, **kwargs)
  File "c:\vs17\...\ptvsd\_local.py", line 64, in run_file
    run(argv, addr, **kwargs)
  File "c:\vs17\...\ptvsd\_local.py", line 125, in _run
    _pydevd.main()
  File "c:\vs17\..\ptvsd\_vendored\pydevd\pydevd.py", line 1752, in main
    globals = debugger.run(setup['file'], None, None, is_module)
  File "c:\vs17\...\ptvsd\_vendored\pydevd\pydevd.py", line 1099, in run
    return self._exec(is_module, entry_point_fn, module_name, file, globals, locals)
  File "c:\vs17\...\ptvsd\_vendored\pydevd\pydevd.py", line 1106, in _exec
    pydev_imports.execfile(file, globals, locals)  # execute the script
  File "c:\vs17\...\ptvsd\_vendored\pydevd\_pydev_imps\_pydev_execfile.py", line 25, in execfile
    exec(compile(contents+"\n", file, 'exec'), glob, loc)
  File "D:\Dev\Python\VirtualAlloc_Testing\VirtualAlloc_Testing.py", line 31, in <module>
    main()
  File "D:\Dev\Python\VirtualAlloc_Testing\VirtualAlloc_Testing.py", line 29, in main
    Test()
  File "D:\Dev\Python\VirtualAlloc_Testing\VirtualAlloc_Testing.py", line 19, in Test
    ctypes.c_int( dataLen ) )
OSError: exception: access violation writing 0x00000000212F0000

Answer 1

遇到同样的问题。对我来说，原因是错误的VirtualAlloc restype大小，定义为32位的值。

实际上，ctype函数不是原型化的，并且返回C默认类型：c_int。在Windows上，c_int是c_long的别名，它是一个带符号的32位整数。因此，当系统分配的内存块超过x32限制时，VirtualAlloc返回的地址将被削减。

例如，在您的示例中，VirtualAlloc可以返回0000001A212F0000，但是只有较低的部分0x212F0000被用作ptr的值。

在使用前添加下一行：

ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_void_p

关于RtlCopyMemory.argtypes也是如此。

ctypes.windll.kernel32.RtlCopyMemory.argtypes = ( ctypes.c_void_p, ctypes.c_void_p, ctypes.c_size_t ) 

效果很好