12) ntdll!RtlpAddHeapToProcessList() 发现微软的猪头程序员不比Sun的少呢,去年因在SNMP编程文档中抱怨Sun的猪头程序 员,还被tt笑话,切。不过,话说回来,人家猪头程序员们正在领世界之风骚,咱想 猪头也没那资本。 -------------------------------------------------------------------------- /* * Create: scz 2003-11-30 22:00 */ extern RTL_CRITICAL_SECTION RtlpProcessHeapsListLock; extern HANDLE RtlpProcessHeapsListBuffer[]; /* * 以XP SP1中的ntdll.dll为逆向工程对象 */ void __stdcall RtlpAddHeapToProcessList ( PHEAP Heap ) { PTEB Teb; PHANDLE ProcessHeaps; PTEB UnusedTeb; RtlEnterCriticalSection( &RtlpProcessHeapsListLock ); __try { Teb = NtCurrentTeb(); if ( Teb->Peb->NumberOfHeaps == Teb->Peb->MaximumNumberOfHeaps ) { Teb->Peb->MaximumNumberOfHeaps *= 2; ProcessHeaps = ( PHANDLE )RtlAllocateHeap ( GetProcessHeap(), 0, sizeof( HANDLE ) * Teb->Peb->MaximumNumberOfHeaps ); if ( ( PHANDLE )NULL == ProcessHeaps ) { Teb->Peb->MaximumNumberOfHeaps = Teb->Peb->NumberOfHeaps; /* * 注意__leave的用法!!! */ __leave; } CopyMemory ( ProcessHeaps, Teb->Peb->ProcessHeaps, sizeof( HANDLE ) * Teb->Peb->NumberOfHeaps ); /* * RtlpProcessHeapsListBuffer是静态变量,非动态分配得到的空间, * 不得释放。 */ if ( RtlpProcessHeapsListBuffer != Teb->Peb->ProcessHeaps ) { /* * 我只能认为微软的程序员吃错药了 */ UnusedTeb = NtCurrentTeb(); RtlFreeHeap ( GetProcessHeap(), 0, Teb->Peb->ProcessHeaps ); } Teb->Peb->ProcessHeaps = ProcessHeaps; } Teb->Peb->ProcessHeaps[Teb->Peb->NumberOfHeaps] = Heap; Teb->Peb->NumberOfHeaps++; Heap->ProcessHeapsListIndex = ( WORD )Teb->Peb->NumberOfHeaps; } __finally { RtlLeaveCriticalSection( &RtlpProcessHeapsListLock ); } return; } /* end of RtlpAddHeapToProcessList */ --------------------------------------------------------------------------