18) kernel32!HeapDestroy()

用IDA Pro逆向英文版XP SP1的kernel32!HeapDestroy:

77E78916 ; Attributes: bp-based frame 77E78916 77E78916 ; __stdcall HeapDestroy(x) 77E78916 public _HeapDestroy@4 77E78916 _HeapDestroy@4 proc near 77E78916 77E78916 hHeap= dword ptr 8 77E78916 77E78916 push ebp 77E78917 mov ebp, esp 77E78919 push [ebp+hHeap] 77E7891C call ds:__imp__RtlDestroyHeap@4 ; RtlDestroyHeap( hHeap ); 77E7891C 77E78922 test eax, eax ; Logical Compare 77E78924 jnz HeapDestroy_0 ; Jump if Not Zero (ZF=0) 77E78924 77E7892A inc eax ; return( TRUE ); 77E7892B 77E7892B HeapDestroy_exit: 77E7892B pop ebp 77E7892C retn 4 ; Return Near from Procedure 77E7892C 77E7892C _HeapDestroy@4 endp

77E9DA50 HeapDestroy_0: ; ERROR_INVALID_HANDLE 77E9DA50 push 6 ; The handle is invalid. 77E9DA52 call _SetLastError@4 ; SetLastError( ERROR_INVALID_HANDLE ); 77E9DA52 77E9DA57 xor eax, eax ; return( FALSE ); 77E9DA59 jmp HeapDestroy_exit ; Jump

下面是C风格的伪代码:

/ * 以XP SP1中的kernel32.dll为逆向工程对象 * * If the function succeeds, the return value is nonzero. If the function * fails, the return value is zero. To get extended error information, * call GetLastError. / BOOL WINAPI HeapDestroy ( HANDLE hHeap // 第01形参，[EBP+0x008]，handle to heap ) { BOOL ret;

/*
 * kernel32!HeapDestroy()就是对ntdll!RtlDestroyHeap()的简单封装
 */
if ( NULL != RtlDestroyHeap( hHeap ) )
{
    /*
     * 失败
     */
    SetLastError( ERROR_INVALID_HANDLE );
    ret = FALSE;
}
else
{
    /*
     * 成功
     */
    ret = TRUE;
}
return( ret );

18) kernel32!HeapDestroy()

} / end of HeapDestroy /