18) kernel32!HeapDestroy() 用IDA Pro逆向英文版XP SP1的kernel32!HeapDestroy: -------------------------------------------------------------------------- 77E78916 ; Attributes: bp-based frame 77E78916 77E78916 ; __stdcall HeapDestroy(x) 77E78916 public _HeapDestroy@4 77E78916 _HeapDestroy@4 proc near 77E78916 77E78916 hHeap= dword ptr 8 77E78916 77E78916 push ebp 77E78917 mov ebp, esp 77E78919 push [ebp+hHeap] 77E7891C call ds:__imp__RtlDestroyHeap@4 ; RtlDestroyHeap( hHeap ); 77E7891C 77E78922 test eax, eax ; Logical Compare 77E78924 jnz HeapDestroy_0 ; Jump if Not Zero (ZF=0) 77E78924 77E7892A inc eax ; return( TRUE ); 77E7892B 77E7892B HeapDestroy_exit: 77E7892B pop ebp 77E7892C retn 4 ; Return Near from Procedure 77E7892C 77E7892C _HeapDestroy@4 endp 77E9DA50 HeapDestroy_0: ; ERROR_INVALID_HANDLE 77E9DA50 push 6 ; The handle is invalid. 77E9DA52 call _SetLastError@4 ; SetLastError( ERROR_INVALID_HANDLE ); 77E9DA52 77E9DA57 xor eax, eax ; return( FALSE ); 77E9DA59 jmp HeapDestroy_exit ; Jump -------------------------------------------------------------------------- 下面是C风格的伪代码: -------------------------------------------------------------------------- /* * 以XP SP1中的kernel32.dll为逆向工程对象 * * If the function succeeds, the return value is nonzero. If the function * fails, the return value is zero. To get extended error information, * call GetLastError. */ BOOL WINAPI HeapDestroy ( HANDLE hHeap // 第01形参,[EBP+0x008],handle to heap ) { BOOL ret; /* * kernel32!HeapDestroy()就是对ntdll!RtlDestroyHeap()的简单封装 */ if ( NULL != RtlDestroyHeap( hHeap ) ) { /* * 失败 */ SetLastError( ERROR_INVALID_HANDLE ); ret = FALSE; } else { /* * 成功 */ ret = TRUE; } return( ret ); } /* end of HeapDestroy */ --------------------------------------------------------------------------