Skip to content

Latest commit

 

History

History
82 lines (78 loc) · 2.84 KB

200311302200.txt.md

File metadata and controls

82 lines (78 loc) · 2.84 KB
  1. ntdll!RtlpAddHeapToProcessList()

发现微软的猪头程序员不比Sun的少呢,去年因在SNMP编程文档中抱怨Sun的猪头程序 员,还被tt笑话,切。不过,话说回来,人家猪头程序员们正在领世界之风骚,咱想 猪头也没那资本。


/*

  • Create: scz 2003-11-30 22:00 */ extern RTL_CRITICAL_SECTION RtlpProcessHeapsListLock; extern HANDLE RtlpProcessHeapsListBuffer[];

/*

  • 以XP SP1中的ntdll.dll为逆向工程对象 */ void __stdcall RtlpAddHeapToProcessList ( PHEAP Heap ) { PTEB Teb; PHANDLE ProcessHeaps; PTEB UnusedTeb;

    RtlEnterCriticalSection( &RtlpProcessHeapsListLock ); __try { Teb = NtCurrentTeb(); if ( Teb->Peb->NumberOfHeaps == Teb->Peb->MaximumNumberOfHeaps ) { Teb->Peb->MaximumNumberOfHeaps = 2; ProcessHeaps = ( PHANDLE )RtlAllocateHeap ( GetProcessHeap(), 0, sizeof( HANDLE ) * Teb->Peb->MaximumNumberOfHeaps ); if ( ( PHANDLE )NULL == ProcessHeaps ) { Teb->Peb->MaximumNumberOfHeaps = Teb->Peb->NumberOfHeaps; / * 注意__leave的用法!!! / __leave; } CopyMemory ( ProcessHeaps, Teb->Peb->ProcessHeaps, sizeof( HANDLE ) * Teb->Peb->NumberOfHeaps ); / * RtlpProcessHeapsListBuffer是静态变量,非动态分配得到的空间, * 不得释放。 / if ( RtlpProcessHeapsListBuffer != Teb->Peb->ProcessHeaps ) { / * 我只能认为微软的程序员吃错药了 / UnusedTeb = NtCurrentTeb(); RtlFreeHeap ( GetProcessHeap(), 0, Teb->Peb->ProcessHeaps ); } Teb->Peb->ProcessHeaps = ProcessHeaps; } Teb->Peb->ProcessHeaps[Teb->Peb->NumberOfHeaps] = Heap; Teb->Peb->NumberOfHeaps++; Heap->ProcessHeapsListIndex = ( WORD )Teb->Peb->NumberOfHeaps; } __finally { RtlLeaveCriticalSection( &RtlpProcessHeapsListLock ); } return; } / end of RtlpAddHeapToProcessList */