12) ntdll!RtlpAddHeapToProcessList()
发现微软的猪头程序员不比Sun的少呢,去年因在SNMP编程文档中抱怨Sun的猪头程序 员,还被tt笑话,切。不过,话说回来,人家猪头程序员们正在领世界之风骚,咱想 猪头也没那资本。
/ * Create: scz 2003-11-30 22:00 / extern RTL_CRITICAL_SECTION RtlpProcessHeapsListLock; extern HANDLE RtlpProcessHeapsListBuffer[];
/ * 以XP SP1中的ntdll.dll为逆向工程对象 / void __stdcall RtlpAddHeapToProcessList ( PHEAP Heap ) { PTEB Teb; PHANDLE ProcessHeaps; PTEB UnusedTeb;
RtlEnterCriticalSection( &RtlpProcessHeapsListLock );
__try
{
Teb = NtCurrentTeb();
if ( Teb->Peb->NumberOfHeaps == Teb->Peb->MaximumNumberOfHeaps )
{
Teb->Peb->MaximumNumberOfHeaps *= 2;
ProcessHeaps = ( PHANDLE )RtlAllocateHeap
(
GetProcessHeap(),
0,
sizeof( HANDLE ) * Teb->Peb->MaximumNumberOfHeaps
);
if ( ( PHANDLE )NULL == ProcessHeaps )
{
Teb->Peb->MaximumNumberOfHeaps = Teb->Peb->NumberOfHeaps;
/*
* 注意__leave的用法!!!
*/
__leave;
}
CopyMemory
(
ProcessHeaps,
Teb->Peb->ProcessHeaps,
sizeof( HANDLE ) * Teb->Peb->NumberOfHeaps
);
/*
* RtlpProcessHeapsListBuffer是静态变量,非动态分配得到的空间,
* 不得释放。
*/
if ( RtlpProcessHeapsListBuffer != Teb->Peb->ProcessHeaps )
{
/*
* 我只能认为微软的程序员吃错药了
*/
UnusedTeb = NtCurrentTeb();
RtlFreeHeap
(
GetProcessHeap(),
0,
Teb->Peb->ProcessHeaps
);
}
Teb->Peb->ProcessHeaps = ProcessHeaps;
}
Teb->Peb->ProcessHeaps[Teb->Peb->NumberOfHeaps] = Heap;
Teb->Peb->NumberOfHeaps++;
Heap->ProcessHeapsListIndex = ( WORD )Teb->Peb->NumberOfHeaps;
}
__finally
{
RtlLeaveCriticalSection( &RtlpProcessHeapsListLock );
}
return;