So basically I wish to write a byte array to a file, however the program crashes.
Unhandled exception at 0x7766DEE1 (KernelBase.dll) in append.exe: 0xC0000005: Access violation writing location 0x00000000.
BYTE *image ;
BYTE *bigMem;
#define REASONABLY_LARGE_BUFFER 16777216
file = CreateFile(fileName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
fileSize = GetFileSize(file, NULL);
bigMem = (BYTE *)HeapCreate(NULL, REASONABLY_LARGE_BUFFER, 0);
image = (BYTE *)HeapAlloc(bigMem, HEAP_ZERO_MEMORY, fileSize);
if (bigMem == NULL || image == NULL){
printf("Allocation failed");
return EXIT_FAILURE;
}
printf("We are writing to the file %p, with data location %p, and filesize %d\n", file, image, fileSize);
LPDWORD at = 0;
WriteFile(file, image, fileSize, at, NULL);
That print says:
We are writing to the file 00000038, with data location 02451590, and filesize 161169
The argument passed to WriteFile used to store the number of bytes written (at) can only be null if the argument for the overlapped structure is not null. I suggest changing at to be a DWORD and pass a pointer to it.
DWORD at;
WriteFile(file, image, fileSize, &at, NULL);
Related
So I'm trying to write a sequence of zeroes from a file offset until the end of the file, here is my code:
HANDLE hFile = CreateFileA((LPCSTR)"hello.txt", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile < 0) return -1;
DWORD fileSize = GetFileSize(hFile, NULL);
DWORD offset = 0x13d4;
DWORD check = NULL;
DWORD pos = SetFilePointer(hFile, offset, 0, FILE_BEGIN);
BYTE* zeroes = new BYTE[fileSize-offset];
ZeroMemory((PVOID)zeroes, fileSize-offset);
WriteFile(hFile, (PVOID)&zeroes, fileSize-offset, &check, NULL);
printf("Wrote %d bytes at %x\n", check, pos);
if(check < fileSize-offset)
{
printf("[+] An error occured while trying to patch the file.");
return EXIT_FAILURE;
}
CloseHandle(hFile);
Now I checked my fileSize is correct, the file offset (pos) is the same as offset, my file Handle is valid, the number of bytes written stored in check is equal to the the zeroes buffer length and the last error is 0. However, when I check my file in hex mode it did not add any zeroes at the end.
Any ideas?
Thanks in advance
The line
WriteFile(hFile, (PVOID)&zeroes, fileSize-offset, &check, NULL);
is wrong. You are writing data in the pointer variable zeroes itself, not what is pointed at by the variable. Typically the pointer has only 4 or 8 bytes, so it may cause out-of-range access if the file is large enough.
Remove & before zeros to have it write contents of the buffer pointed at by zeroes.
WriteFile(hFile, (PVOID)zeroes, fileSize-offset, &check, NULL);
This question already has answers here:
Crash when calling ReadFile after LockFileEx
(2 answers)
Closed 5 years ago.
So i'm trying to Read a file into a file buffer by using ReadFile, but every time it throws this exception
I don't understand why it has an access violation for writing, the file does exist, and I can see the file handle, buffer and file size in the Visual Studio autos watch
int main()
{
LPCSTR Dll = "C:\\Test.dll";
HANDLE hFile = CreateFileA(Dll, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL); // Open the DLL
DWORD FileSize = GetFileSize(hFile, NULL);
PVOID FileBuffer = VirtualAlloc(NULL, FileSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
// Read the file
ReadFile(hFile, FileBuffer, FileSize, NULL, NULL);
return 0;
}
The documentation says about the last two parameters:
lpNumberOfBytesRead [out, optional]
A pointer to the variable that receives the number of bytes read when using a synchronous hFile parameter. ReadFile sets this value to zero before doing any work or error checking. Use NULL for this parameter if this is an asynchronous operation to avoid potentially erroneous results.
This parameter can be NULL only when the lpOverlapped parameter is not NULL.
So you should call it with a pointer to a valid target to write to, instead of NULL:
DWORD outSize = 0;
ReadFile(hFile, FileBuffer, FileSize, &outSize, NULL);
Here's what I'm trying to achieve; I'm hooking onto the HttpSendRequest function (on Xbox it's XHttp) and trying dump the certificate that's in pcszHeaders which has the size of 0x1F0E.
Now the problem; it only seems to write 4 bytes, I've even tried allocating extra memory and setting each bit to 0 to see if it's the size of Headers and it continues to only write 4 bytes. I've been able to dump pcszHeaders remotely because I got the address whilst debugging but I need to dump it at run-time.
Something I notice whilst debugging - The address of pcszHeaders only shows in locals until it reaches;
printf("XHttpSendRequest: %s\n", "Creating Certificate.bin...");
Once it reaches the printf() above the address changes to 0x00000000 (bad ptr) but it still writes the first byte of correct data of pcszHeaders correctly but nothing more.
Here is the entire hook;
BOOL XHTTP_SEND_REQUEST_HOOK(
HINTERNET hRequest,
const CHAR *pcszHeaders,
DWORD dwHeadersLength,
const VOID *lpOptional,
DWORD dwOptionalLength,
DWORD dwTotalLength,
DWORD_PTR dwContext)
{
if(pcszHeaders != XHTTP_NO_ADDITIONAL_HEADERS)
{
printf("XHttpSendRequest: %s\n", "Creating Certificate.bin...");
// Setup expansion
doMountPath("Hdd:", "\\Device\\Harddisk0\\Partition1");
//create our file
HANDLE fileHandle = CreateFile("Hdd:\\Certificate.bin", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
//does file exist?
if(GetLastError()!=ERROR_ALREADY_EXISTS
||fileHandle!=INVALID_HANDLE_VALUE)
{
printf("XHttpSendRequest: %s\n", "Writing to file...");
DWORD wfbr;
//write to our file
if(WriteFile(fileHandle, pcszHeaders, 0x2000, &wfbr, NULL))
{
printf("XHttpSendRequest: %s\n", "File written!");
printf("%s\n", "Request has ended.");
CloseHandle(fileHandle);
return XHttpSendRequest(hRequest, pcszHeaders, dwHeadersLength, lpOptional, dwOptionalLength, dwTotalLength, dwContext);
}
}
}
}
EDIT: I've changed the code slightly and I've copied pcszHeaders data into another section of memory that I've created and my pointers seems to have all the correct data and I've tried Writing it to file and it still only writes 4 bytes. I've even used sizeof() instead of hard-coded 0x2000.
pcszHeaders is a char* pointer. sizeof(pcszHeaders) is 4 in a 32bit app (8 in a 64bit app). You need to use the dwHeadersLength parameter instead, which tells you how many characters are in pcszHeaders.
Also, your GetLastError() check after CreateFile() is wrong. If CreateFile() fails for any reason other than ERROR_ALREADY_EXISTS, you are entering the code block and thus writing data to an invalid file handle. When using CREATE_NEW, CreateFile() returns INVALID_HANDLE_VALUE if the file already exists. You don't need to check GetLastError() for that, checking for INVALID_HANDLE_VALUE by itself is enough. If you want to overwrite the existing file, use CREATE_ALWAYS instead.
You are also leaking the file handle if WriteFile() fails.
And you are calling the original HttpSendRequest() only if you successfully write headers to your file. If there are no headers, or the create/write fails, you are not allowing the request to proceed. Is that what you really want?
Try this instead:
BOOL XHTTP_SEND_REQUEST_HOOK(
HINTERNET hRequest,
const CHAR *pcszHeaders,
DWORD dwHeadersLength,
const VOID *lpOptional,
DWORD dwOptionalLength,
DWORD dwTotalLength,
DWORD_PTR dwContext)
{
if (pcszHeaders != XHTTP_NO_ADDITIONAL_HEADERS)
{
printf("XHttpSendRequest: Creating Certificate.bin...\n");
// Setup expansion
doMountPath("Hdd:", "\\Device\\Harddisk0\\Partition1");
//create our file
HANDLE fileHandle = CreateFile("Hdd:\\Certificate.bin", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
//is file open?
if (fileHandle != INVALID_HANDLE_VALUE)
{
printf("XHttpSendRequest: Writing to file...\n");
DWORD wfbr;
//write to our file
if (WriteFile(fileHandle, pcszHeaders, dwHeadersLength, &wfbr, NULL))
printf("XHttpSendRequest: File written!\n");
else
printf("XHttpSendRequest: Error writing to file: %u\n", GetLastError());
CloseHandle(fileHandle);
}
else
printf("XHttpSendRequest: Error creating file: %u\n", GetLastError());
}
printf("Request has ended.\n");
return XHttpSendRequest(hRequest, pcszHeaders, dwHeadersLength, lpOptional, dwOptionalLength, dwTotalLength, dwContext);
}
Finally the problem has been solved!
First I created an empty array for the data to be stored.
CHAR xtoken[0x2000];
memset(xtoken, 0, 0x2000);
The first part of the hook is to store the header data.
DWORD bufferLength = dwHeadersLength;
memcpy(xtoken, pcszHeaders, bufferLength);
I then write the data to file
WriteFile(fileHandle, (void*)&xtoken, bufferLength, &wfbr, NULL))
Success! I guess the problem was that parameter 2 of WriteFile() was incorrect.
Everytime this function is called the old text data is lost?? Tell me how to maintain previous data and appending new data.
This function is called 10 times:
void WriteEvent(LPWSTR pRenderedContent)
{
HANDLE hFile;
DWORD dwBytesToWrite = ((DWORD)wcslen(pRenderedContent)*2);
DWORD dwBytesWritten = 0;
BOOL bErrorFlag = FALSE;
printf("\n");
hFile = CreateFile(L"D:\\EventsLog.txt", FILE_ALL_ACCESS, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("Terminal failure: Unable to open file \"EventsLog.txt\" for write.\n");
return;
}
printf("Writing %d bytes to EventsLog.txt.\n", dwBytesToWrite);
bErrorFlag = WriteFile(
hFile, // open file handle
pRenderedContent, // start of data to write
dwBytesToWrite, // number of bytes to write
&dwBytesWritten, // number of bytes that were written
NULL); // no overlapped structure
if (FALSE == bErrorFlag)
{
printf("Terminal failure: Unable to write to file.\n");
}
else
{
if (dwBytesWritten != dwBytesToWrite)
{
printf("Error: dwBytesWritten != dwBytesToWrite\n");
}
else
{
printf("Wrote %d bytes to EventsLog.txt successfully.\n",dwBytesWritten);
}
}
CloseHandle(hFile);
}
You should pass FILE_APPEND_DATA as the dwDesiredAccess to CreateFile, as documented under File Access Rights Constants (see sample code at Appending One File to Another File). While this opens the file using the correct access rights, your code is still responsible for setting the file pointer. This is necessary, because:
Each time a file is opened, the system places the file pointer at the beginning of the file, which is offset zero.
The file pointer can be set using the SetFilePointer API after opening the file:
hFile = CreateFile( L"D:\\EventsLog.txt", FILE_APPEND_DATA, 0x0, nullptr,
OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr );
if ( hFile == INVALID_HANDLE_VALUE ) {
printf( "Terminal failure: Unable to open file \"EventsLog.txt\" for write.\n" );
return;
}
// Set the file pointer to the end-of-file:
DWORD dwMoved = ::SetFilePointer( hFile, 0l, nullptr, FILE_END );
if ( dwMoved == INVALID_SET_FILE_POINTER ) {
printf( "Terminal failure: Unable to set file pointer to end-of-file.\n" );
return;
}
printf("Writing %d bytes to EventsLog.txt.\n", dwBytesToWrite);
bErrorFlag = WriteFile( // ...
Unrelated to your question, the calculation of dwBytesToWrite should not use magic numbers. Instead of * 2 you should probably write * sizeof(*pRenderedContent). The parameter to WriteEvent should be constant as well:
WriteEvent(LPCWSTR pRenderedContent)
The parameter for appending data to a file is FILE_APPEND_DATA instead of FILE_ALL_ACCESS in the CreateFile function.
Here is an example: http://msdn.microsoft.com/en-us/library/windows/desktop/aa363778(v=vs.85).aspx
I'm trying to parse a text file with a win32 program in c++. Is there a simple method of reading a text file line by line? My text file consists of strings that I would like to store in a char array(const char* cArray[67]). Here is what I have so far. I am using CreateFile and ReadFile. I get an access violation error(0x000003e6) from readfile:
CDECK::CDECK():filename(".\\Deck/list.txt")
{
LPVOID data = NULL;
hFile = CreateFileA(filename, GENERIC_READ,FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile == INVALID_HANDLE_VALUE)
MessageBox(NULL, L"Failed to CreateFile - 'hFile'", L"CDECK::CDECK()", MB_OK);
DWORD fileSize = GetFileSize(hFile, &fileSize);
DWORD read = -1;
if(!ReadFile(hFile, data, fileSize, &read, NULL))
{
DWORD err = GetLastError();
MessageBox(NULL, L"Failed to ReadFile - 'hFile'", L"CDECK::CDECK()", MB_OK);
}
return;
}
Is there a simple method of reading a text file line by line?
Yes:
{
std::ifstream hFile(filename);
std::vector<std::string> lines;
std::string line;
while(std::getline(hFile, line))
lines.push_back(line);
return lines;
}
Consider this code:
LPVOID data = NULL;
if(!ReadFile(hFile, data, fileSize, &read, NULL))
Here data is null, and the following argument is the size of the entire file. You are supposed to allocate a buffer, and then pass a pointer to such buffer and its size to it. There is where the ReadFile function will write the readed bytes.
Here is a simple way of getting it to work with a statically sized buffer:
char data[4096] = {};
if(!ReadFile(hFile, static_cast< LPVOID >( &data ), 4096, &read, NULL))
Your problem is that you are reading the bytes of the file, to read the string you need to alloc a string location using SysAllocStringByteLen and then use the ReadFile
You forgot to allocate a buffer space before reading your data :
LPVOID data = NULL;
Before reading you must allocate a fileSize buffer space :
data = malloc(fileSize);
And probably must also declare your data variable as char* instead of void*