Buffer Overflow in C++ while reading virtual memory

0

I've got a program which is reading processes virtual memory and some registers for some data, then making amendments to it.

Here I pass the contents of eax register to my function (this seems to work fine, but I thought it might demonstrate what types of data are being involved)

    case EXCEPTION_SINGLE_STEP:   // EXCEPTION_SINGLE_STEP = 0x80000004
                    bl_flag = TRUE;
                    memset((void *)&context, 0, 0x2CC);
                    context.ContextFlags = 0x10017;
                    thread = OpenThread(0x1FFFFF, 0, debug_event.dwThreadId);
                    GetThreadContext(thread, &context);
                    context.Eip = context.Eip + 1;

//                  sub_FD4BF0((HANDLE)(*((DWORD *)(lpThreadParameter))), context.Eax);
                    StringToHtml((HANDLE)(dwArray[0]), context.Eax);

                    SetThreadContext(thread, &context);
                    CloseHandle(thread);
                    break;



void StringToHtml(HANDLE hProcess, DWORD address)
{
    WCHAR buff[0x100];
    WCHAR html[0x100];
    DWORD oldProt = 0, real = 0;
    int len = 0;

    VirtualProtectEx(hProcess, (LPVOID)address, 0x200, PAGE_READWRITE, &oldProt);
    ReadProcessMemory(hProcess, (LPCVOID)address, (LPVOID)buff, 0x200, &real);

    len = wcslen(buff);
    int k = 0, j = 0;

    wprintf(L"Found out chat string : \"%s\" \n", buff);

    for (int pp = 0; pp < 0x100; pp++)
        html[pp] = NULL;   
    while(j < len)
    {

        if (buff[j] == L'&')
        {
            if (wcsncmp((const WCHAR *)(buff + j + 1), L"lt;", 3) == 0)
            {
                //html[k] = L'<';
                html[k] = L'<font color="#00FF10">';
                k++;
                j = j + 4;
                continue;
            }

I am aware this is an incomplete function snippet. However the issue is arriving at my for loop here.

for (int pp = 0; pp < 0x100; pp++)

If i enter more than 256 characters (I at first thought this would be enough) then it crashes. I have clearly missed something obvious as I tried doing pp < len which I thought would use the buffer size, however, I still get the same crash.

How can I read the total size of the string entered in the chat into the loop and make it iterate over the WHOLE thing. Or at the very least catch this error?

c++
debugging
virtual-memory
asked on Stack Overflow Jan 27, 2017 by heidi sievert • edited Sep 4, 2018 by Flimzy

1 Answer

0

Did you change the size of html and buffer according to the max of your for loop? Maybe that is already the solution.

answered on Stack Overflow Jan 27, 2017 by Aeonos

User contributions licensed under CC BY-SA 3.0