文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >替换DLL got 0xC0000005:访问冲突执行位置0xFFFFFFF

替换DLL got 0xC0000005:访问冲突执行位置0xFFFFFFF
EN

Stack Overflow用户
提问于 2020-08-03 16:23:52
回答 1查看 920关注 0票数 3

我试图绕过不再需要的DLL,但我们没有源代码,因为它来自第三方公司,他们不再维护代码。我们有另一个解决方案来解决那个DLL。然而,不幸的是,对于我们的项目来说,这是一个巨大的编译工作,所以我现在几乎不可能在这么短的时间内重新编译整个项目。所以我想我也许可以做一个假的DLL,并把我自己的算法放在关键的函数中。但现在我得到的0XC000005违规,我无法解决它。

DLL是以这种方式加载和卸载的。它在资料里,我没有写。我只想让我的DLL发挥作用-绕过它。

代码语言:javascript
复制
DWORD WINAPI UnloadDLL(LPVOID Param)
{
    typedef void (WINAPI *WaitForFinish)();

    //  Param should be the address of the dllhandle, passed in from CheckAuthorization()
    HINSTANCE *dllhandle = (HINSTANCE*)Param;
    WaitForFinish WaitForFinish_ptr = 0;

    //  Attempt to load the function WaitForFinish().  If we cannot get this function,
    //  then this is a version of the DLL without any threads to wait on, so there's
    //  no need to return an error if it's missing.  We can just proceed to unload the
    //  DLL
    if ( (WaitForFinish_ptr = (WaitForFinish)GetProcAddress(*dllhandle, "WaitForFinish")) )
    {
        //  If it is there, then call WaitForFinish() to let all threads from
        //  CheckLicense() finish before we unload the DLL
        WaitForFinish_ptr();
    }

    //  Finally, unload the DLL
    FreeLibrary(*dllhandle);
    *dllhandle = 0;
    return 0;
}

int run() {
    int  UnloadDLLThreadID;
    HANDLE unloadhandle;
    HINSTANCE dllhandle;

    /* Loading library and run algorithm */
    typedef int (WINAPI *CheckPoint1)(long *ParmValue);
    CheckPoint1 CheckPoint1_ptr = 0;
    if (!(dllhandle = LoadLibrary("mydll.dll")))
    {
        MessageBox(0,"\n\n\n\n     mydll.dll is missing.               \n\n\n","ERROR",MB_OK|MB_ICONSTOP);
        ExitProcess(1);
    }

    if (!(CheckPoint1_ptr = (CheckPoint1)GetProcAddress(dllhandle, "CheckPoint1")))
    {
        FreeLibrary(dllhandle);
        dllhandle = 0;
        MessageBox(0,"\n\n\n\n      mydll.dll is missing or the wrong version.             \n\n\n","ERROR",MB_OK|MB_ICONSTOP);
        ExitProcess(1);
    }

    result = CheckPoint1_ptr(&ParmValue);

    /*
    Create a separate thread to call the function UnloadDLL, above.
    CheckPoint1 can spawn threads of its own, so we have to wait
    on those to finish before we can unload the DLL--otherwise the
    threads won't finish, and in worst case the entire program can
    hang.  To allow the rest of the program to run while we wait,
    we handle unloading the DLL in a separate thread.
    */
    unloadhandle = CreateThread(NULL, 0, UnloadDLL, &dllhandle, 0, &UnloadDLLThreadID);
    if( unloadhandle ){ CloseHandle(unloadhandle); }
}

所以在被黑的DLL中

In mydll.h

代码语言:javascript
复制
#ifdef MYDLL_EXPORTS
#define MYDLL_API __declspec(dllexport)
#else
#define MYDLL_API __declspec(dllimport)
#endif

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

extern "C" {
    
    MYDLL_API int CheckPoint1(long *parmValue); 
    MYDLL_API void WaitForFinish();
}

和mydll.c

代码语言:javascript
复制
#include "mydll.h"

extern "C" {    
    int CheckPoint1(long *parmValue)
    {   
        // Try to see if it's loaded
        char szMessage[250];
        strcpy_s(szMessage, "Loaded...");
        MessageBoxA(0, szMessage, "INFORMATION", MB_OK | MB_ICONINFORMATION);
        int result = 10000;
        return result;
    }

    void WaitForFinish() {
    // Try to see if it's loaded
        char szMessage[250];
        strcpy_s(szMessage, "Waiting...");
        MessageBoxA(0, szMessage, "INFORMATION", MB_OK | MB_ICONINFORMATION);
    }
}

上述DLL中的实现是我用于测试此解决方案的实现。它编译时没有任何错误。然后我用这个新的dll替换了旧的dll。dll已成功加载,我能够看到我的算法函数从弹出对话框中运行。然后程序崩溃(在我从弹出处单击"OK“后)。我在VC2017中使用了调试器,它告诉我

代码语言:javascript
复制
Exception thrown at 0xFFFFFFFF in mindcontrol.exe: 0xC0000005: Access violation executing location 0xFFFFFFFF.

调试日志如下所示

代码语言:javascript
复制
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ntdll.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\kernel32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\KernelBase.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\apphelp.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\AcLayers.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcrt.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\user32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\win32u.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\gdi32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\gdi32full.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcp_win.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ucrtbase.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\shell32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\shlwapi.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\oleaut32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\combase.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\rpcrt4.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\setupapi.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\cfgmgr32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\bcrypt.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\mpr.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sfc.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\winspool.drv'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sfc_os.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\AcGenral.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sechost.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ole32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\advapi32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\uxtheme.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\winmm.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\samcli.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msacm32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\version.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\userenv.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\dwmapi.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\urlmon.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sspicli.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\winmmbase.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\iertutil.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\SHCore.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\imm32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\comdlg32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msimg32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\oledlg.dll'. Symbols loaded.
'MindControl.exe' (Win32): Unloaded 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2\comctl32.dll'
'MindControl.exe' (Win32): Loaded 'C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.388_none_429cd6de8a9002ce\GdiPlus.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\oleacc.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\kernel.appcore.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\bcryptprimitives.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\riched32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\riched20.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\usp10.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msls31.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Program Files (x86)\MindControl\mydll.dll'. Symbols loaded.
The thread 0x7fec has exited with code 0 (0x0).
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msctf.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\TextInputFramework.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\CoreUIComponents.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\CoreMessaging.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ws2_32.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ntmarta.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\WinTypes.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\WinTypes.dll'. Symbols loaded.
'MindControl.exe' (Win32): Unloaded 'C:\Windows\SysWOW64\WinTypes.dll'
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\TextShaping.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\clbcatq.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\DataExchange.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\d3d11.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\dcomp.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\dxgi.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\twinapi.appcore.dll'. Cannot find or open the PDB file.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\WindowsCodecs.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ExplorerFrame.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\windows.storage.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\wldp.dll'. Symbols loaded.
'MindControl.exe' (Win32): Loaded 'C:\Windows\SysWOW64\propsys.dll'. Symbols loaded.
Exception thrown at 0xFFFFFFFF in MindControl.exe: 0xC0000005: Access violation executing location 0xFFFFFFFF.

The program '[32632] MindControl.exe' has exited with code 0 (0x0).

我猜是因为WaitForFinish()没有成功加载,因为我没有看到弹出窗口。其他原因可能是线程中的FreeLibary()调用。但不管怎样我都不知道怎么解决。有谁能帮我找出我哪里做错了,或者提出解决问题的建议?

谢谢你的帮助。

c
EN

回答 1

Stack Overflow用户

发布于 2020-08-03 17:32:30

我要把我在评论中所说的话写下来,因为在再看一遍之后,我大概90%肯定这就是问题所在。

您创建的库将导出定义为__cdecl

对DLL (CheckPoint1)的一个调用应该可以正常工作,因为您将其定义为:

代码语言:javascript
复制
typedef int (*CheckPoint1)(long *ParmValue);

您没有在该定义中指定调用约定,因此默认为__cdecl

但是,在另一个导出WaitForFinish中,您将其定义为:

代码语言:javascript
复制
typedef void (WINAPI *WaitForFinish)();

在这里,您将调用约定指定为WINAPI (也就是__stdcall)。

因此,要解决这个问题,只需将其更改为:

代码语言:javascript
复制
typedef void (*WaitForFinish)();

代码语言:javascript
复制
typedef void (__cdecl *WaitForFinish)();

两个人的意思是一样的。

如果您对这些调用约定的功能感兴趣,请看一看这篇文章

ETA:这可能是一个问题,它可能不是:

代码语言:javascript
复制
unloadhandle = CreateThread(NULL, 0, UnloadDLL, &dllhandle, 0, &UnloadDLLThreadID);
if( unloadhandle ){ CloseHandle(unloadhandle); }

通常,在关闭线程句柄之前,您应该等待线程完成。您可以通过使用WaitForSingleObject()来做到这一点。

票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/63233228

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档