Skip to content

17) ntdll!RtlpFindEntry()

/ * ntdll.dll中定义的全局变量 / extern BYTE RtlpBitsClearLow[];

PLIST_ENTRY NTAPI RtlpFindEntry ( Heap, Size ) { ListEntry; FreeEntry; Cache; Entries; Index; FreeEntryList; p; value; Teb; i;

ListEntry   = &Heap->FreeLists[0];
if ( ListEntry == ListEntry->Blink )
{
    goto RtlpFindEntry_exit;
}
FreeEntry   = ( ListEntry->Blink - 8 );
if ( FreeEntry->Entry.Size < Size )
{
    goto RtlpFindEntry_exit;
}
FreeEntry   = ( ListEntry->Flink - 8 );
if ( Size <= FreeEntry->Entry.Size )
{
    ListEntry = ListEntry->Flink;
    goto RtlpFindEntry_exit;
}
Cache       = Heap->Cache;
Entries     = Cache->Entries;
Index       = Size - 128;
if ( Index >= Entries )
{
    Index = Entries - 1;
}
if ( Index == ( Entries - 1 ) )
{
    FreeEntryList = &Cache->FreeEntryArray[Index]->List;
    while ( ListEntry != FreeEntryList )
    {
        FreeEntry       = ( FreeEntryList - 8 );
        if ( FreeEntry->Entry.Size >= Size )
        {
            ListEntry = FreeEntryList;
            goto RtlpFindEntry_exit;
        }
        FreeEntryList   = FreeEntryList->Flink;
    }  /* end of while */
}
p           = ( PDWORD )&Cache->Bitmap[ Index / 8 ];
value       = ~( 1 << ( Size & 0x0000001F ) - 1 ) & *p;
if ( 0 == value )
{
    while ( ( Index / 32 ) <= ( Entries / 32 - 1 ) )
    {
        value   = *++p;
        Index  += 32;
        if ( 0 != value )
        {
            break;
        }
    }  /* end of while */
    if ( 0 == value )
    {
        Teb         = NtCurrentTeb();
        DbgPrint
        (
            "HEAP[%wZ]: ",
            ( ( PLDR_MODULE )Teb->Peb->Ldr->InLoadOrderModuleList.Flink )->BaseDllName
        );
        DbgPrint
        (
            "Index not found into the bitmap %08lx\n",
            Size
        );
        ListEntry   = &Heap->FreeLists[0];
        goto RtlpFindEntry_exit;
    }
}
if ( 0 != ( value & 0x0000FFFF ) )
{
    if ( 0 != ( value & 0x000000FF ) )
    {
        i   = ( int )RtlpBitsClearLow[ value & 0x000000FF ];
    }
    else
    {
        i   = ( int )RtlpBitsClearLow[ ( value & 0x0000FF00 ) >> 8 ] + 8;
    }
}
else
{
    if ( 0 != ( value & 0x00FF0000 ) )
    {
        i   = ( int )RtlpBitsClearLow[ ( value & 0x00FF0000 ) >> 16 ] + 16;
    }
    else
    {
        i   = ( int )RtlpBitsClearLow[ value >> 24 ] + 24;
    }
}
Index      += ( DWORD )i;
ListEntry   = &Cache->FreeEntryArray[Index]->List;

RtlpFindEntry_exit:

return( ListEntry );

} / end of RtlpFindEntry /