egk*_*mor 3 .net c# powershell winapi
我需要使用 PowerShell 从 Win 32 API 中的 Imagehlp.dll 调用 MapFileAndCheckSumA 函数。我尝试遵循一些类似的在线教程,例如: https: //devblogs.microsoft.com/scripting/use-powershell-to-interact-with-the-windows-api-part-1/ 我尝试过使用 Add-Type cmdlet 在 PowerShell 中编译 C# 代码。我写的代码如下。
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class Imagehlp
{
[DllImport("imagehlp.dll", CharSet=CharSet.Auto)]
public static extern bool MapFileAndCheckSumA(
[MarshalAs(UnmanagedType.LPStr)] string Filename,
UIntPtr HeaderSum,
UIntPtr CheckSum);
}
"@
$x = [UIntPtr]::new(5)
$y = [UIntPtr]::new(5)
[Imagehlp]::MapFileAndCheckSumA("C:\Program Files\Internet Explorer\iexplore.exe", $x,$y)
但是,当我执行代码的最后一行时,出现以下异常。
Unhandled Exception: System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
at Imagehlp.MapFileAndCheckSumA(String Filename, UIntPtr HeaderSum, UIntPtr CheckSum)
at CallSite.Target(Closure , CallSite , Type , String , Object , Object )
at System.Dynamic.UpdateDelegates.UpdateAndExecute4[T0,T1,T2,T3,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2, T3 arg3)
at System.Management.Automation.Interpreter.DynamicInstruction`5.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(CommandProcessorBase commandRequestingUpstreamCommandsToStop)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
我在网上搜索了该异常,我猜测这是由代码的 C# 部分引起的编译错误。网上的解决方案说我必须从我正在使用的 IDE 更改编译设置,但我对 PowerShell 和 C# 相当陌生,因此,我不知道如何使其工作。你能帮我么?
所有的问题都与此有关:
CharSet.Auto,该函数不应该还有A或W后缀,这就是Auto你的作用。CharSet.Auto,使用UnmanagedType.LPStr是错误的,因为它总是将字符串封送为 ANSI。MapFileAndCheckSum记录为返回 a DWORD,而不是 a BOOL。这一点尤其重要,因为成功的值是0,它映射到False,而1(“无法打开文件”)映射到True。HeaderSum和CheckSum是指向输出值的值的指针DWORD,应编组为out int, not IntPtr。更正后的签名:
[DllImport("imagehlp.dll", CharSet = CharSet.Auto)]
public static extern int MapFileAndCheckSum(string Filename, out int HeaderSum, out int CheckSum);
然后可以在 PowerShell 中调用它,如下所示:
[int] $headerSum = 0;
[int] $checkSum = 0;
$result = [Imagehlp]::MapFileAndCheckSum(
"C:\Program Files\Internet Explorer\iexplore.exe",
[ref] $headerSum,
[ref] $checkSum
)
if ($result -ne 0) {
Write-Error "Error: $result"
}
$headerSum, $checkSum