关于PEiD 0.95在Win7 Ultimate x64下崩溃的解决
最终逼不得已还是安装了Win7 64位 旗舰版
在完成了虚拟机安装后,发现PEiD不能运行,无论兼容XP SP3还是管理员权限,一致崩溃
于是写了个程序加载PEiD的插件,主要演示DLL的加载、目录遍历和控制台程序颜色的控制,代码如下:
#ifdef UNICODE
#pragma message("UNICODE defined!")
#undef UNICODE
#endif
#include <Windows.h>
#include <stdio.h>
typedef int (__stdcall *PFNEnumFileCallback)(const char *lpPathName, const char *lpFileName);
#define ENUM_CONTINUE 0
#define ENUM_ABORTED 1
int PrintWithColor(DWORD dwColor, const char *format, ...)
{
HANDLE hConsole;
CONSOLE_SCREEN_BUFFER_INFO csbi;
union {
DWORD dwColor1;
DWORD dwError;
};
BOOL fResult, fChanged;
va_list vl;
int dwRet;
hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
if(hConsole != NULL && hConsole != INVALID_HANDLE_VALUE)
{
fChanged = FALSE;
fResult = GetConsoleScreenBufferInfo(hConsole, &csbi);
if(fResult != FALSE)
{
dwColor1 = dwColor;
fResult = SetConsoleTextAttribute(hConsole, dwColor1);
if(fResult != FALSE)
{
fChanged = TRUE; // mark as changed
}
}
#ifdef _DEBUG
dwError = GetLastError();
#endif
}
va_start(vl, format);
dwRet = vprintf(format, vl);
va_end(vl);
if(hConsole != NULL && hConsole != INVALID_HANDLE_VALUE)
{
if(fChanged)
{
dwColor1 = 0; // old color
dwColor1 |= FOREGROUND_BLUE;
dwColor1 |= FOREGROUND_GREEN;
dwColor1 |= FOREGROUND_RED;
dwColor1 |= FOREGROUND_INTENSITY;
dwColor1 |= BACKGROUND_BLUE;
dwColor1 |= BACKGROUND_GREEN;
dwColor1 |= BACKGROUND_RED;
dwColor1 |= BACKGROUND_INTENSITY;
dwColor1 &= csbi.wAttributes;
fResult = SetConsoleTextAttribute(hConsole, dwColor1);
#ifdef _DEBUG
if(fResult != FALSE)
{
dwError = GetLastError();
}
#endif
}
//fResult = CloseHandle(hConsole); // do not close
hConsole = NULL;
}
return dwRet;
}
void EnumFiles(const char * lpPath, PFNEnumFileCallback pfnEnumFileCallback)
{
union {
char szFind[MAX_PATH];
char szFile[MAX_PATH];
};
WIN32_FIND_DATA wfd;
HANDLE hFind;
PrintWithColor(FOREGROUND_GREEN, " Begin Path: %s\r\n", lpPath);
strcpy(szFind, lpPath);
strcat(szFind, "*.*");
hFind = FindFirstFile(szFind, &wfd);
if(INVALID_HANDLE_VALUE == hFind)
{
return;
}
while(TRUE)
{
if(wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
if(wfd.cFileName[0] != '.')
{
strcpy(szFile, lpPath);
strcat(szFile, wfd.cFileName);
strcat(szFile, "\\");
EnumFiles(szFile, pfnEnumFileCallback); // recurse
}
}else
{
strcpy(szFile, lpPath);
strcat(szFile, wfd.cFileName);
//strcat(szFile, "\r\n");
//printf(szFile);
if(pfnEnumFileCallback(szFile, wfd.cFileName) != ENUM_CONTINUE)
{
printf(" EnumFiles::pfnEnumFileCallback() abort!\r\n");
break;
}
}
if(!FindNextFile(hFind, &wfd))
{
printf(" EnumFiles::FindNextFile() no more files!\r\n");
break;
}
}
FindClose(hFind);
PrintWithColor(FOREGROUND_GREEN, " End Path: %s\r\n", lpPath);
}
int __stdcall EnumProc(const char *lpPathName, const char *lpFileName)
{
HMODULE hModule;
union {
char *szExt;
long dwExt;
};
char *szFile;
szExt = NULL;
szFile = (char *)lpFileName;
if(szFile)
{
while(*szFile)
{
if(*szFile == '.')
{
szExt = szFile;
}
szFile++;
}
if(szExt)
{
szExt++;
dwExt = *(long *)szExt;
switch(dwExt){
case 0x006c6c64: // dll\0
case 0x006c6c44: // Dll\0
case 0x006c4c64: // dLl\0
case 0x006c4c44: // DLl\0
case 0x004c6c64: // dlL\0
case 0x004c6c44: // DlL\0
case 0x004c4c64: // dLL\0
case 0x004c4c44: // DLL\0
printf(" Library: ");
printf(lpFileName);
hModule = LoadLibrary(lpPathName);
if(hModule)
{
printf(" loaded!\r\n");
FreeLibrary(hModule);
hModule = NULL;
}else
{
//printf(" NOT loaded!\r\n");
PrintWithColor(FOREGROUND_RED, " NOT loaded!\r\n");
}
break;
default:
break;
}
}
}
return ENUM_CONTINUE;
}
int main(int argc, char **argv)
{
char *szPath = "D:\\Program Files\\Portable\\PEiD\\plugins\\";
printf("USAGE: PEiD [path]\r\n");
printf(" e.g. PEiD \"C:\\Program Files\\PEiD\\plugins\\\"\r\n");
if(argc > 1)
{
szPath = argv[1];
}
PrintWithColor(FOREGROUND_RED, " using path: %s\r\n\r\n", szPath);
EnumFiles(szPath, EnumProc);
printf("\r\nPress any fucking key to continue...");
getchar();
return 0;
}
运行后发现,FC.DLL提示需要rtl70.bpl,这个文件是根目录的,不过即使在根目录运行,也是无法加载:
其他无法加载的DLL列表为:
将这些带红色的文件都重命名为XXX.DLL.dat之后,还有两个文件导致崩溃,不过是OD发现的,分别是:
xInfo.DLL \[-=About PEiD =-]\UnreaL.DLL
一样重命名,之后PEiD运行正常。
此外,有两个插件出现异常,但是插件自己有错误捕捉,处理了异常,分别是:
和
doc end!
2016-01-15 06:31:40