关于PEiD 0.95在Win7 Ultimate x64下崩溃的解决

最终逼不得已还是安装了Win7 64位 旗舰版

在完成了虚拟机安装后，发现PEiD不能运行，无论兼容XP SP3还是管理员权限，一致崩溃

于是写了个程序加载PEiD的插件，主要演示DLL的加载、目录遍历和控制台程序颜色的控制，代码如下：

#ifdef UNICODE#pragma message("UNICODE defined!")#undef UNICODE#endif#include <Windows.h>#include <stdio.h>typedef int (__stdcall *PFNEnumFileCallback)(const char *lpPathName, const char *lpFileName);#define ENUM_CONTINUE0#define ENUM_ABORTED1int PrintWithColor(DWORD dwColor, const char *format, ...){HANDLE hConsole;CONSOLE_SCREEN_BUFFER_INFO csbi;union {DWORD dwColor1;DWORD dwError;};BOOL fResult, fChanged;va_list vl;int dwRet;hConsole = GetStdHandle(STD_OUTPUT_HANDLE);if(hConsole != NULL && hConsole != INVALID_HANDLE_VALUE){fChanged = FALSE;fResult = GetConsoleScreenBufferInfo(hConsole, &csbi);if(fResult != FALSE){dwColor1 = dwColor;fResult = SetConsoleTextAttribute(hConsole, dwColor1);if(fResult != FALSE){fChanged = TRUE;// mark as changed}}#ifdef _DEBUGdwError = GetLastError();#endif}va_start(vl, format);dwRet = vprintf(format, vl);va_end(vl);if(hConsole != NULL && hConsole != INVALID_HANDLE_VALUE){if(fChanged){dwColor1 = 0;// old colordwColor1 |= FOREGROUND_BLUE;dwColor1 |= FOREGROUND_GREEN;dwColor1 |= FOREGROUND_RED;dwColor1 |= FOREGROUND_INTENSITY;dwColor1 |= BACKGROUND_BLUE;dwColor1 |= BACKGROUND_GREEN;dwColor1 |= BACKGROUND_RED;dwColor1 |= BACKGROUND_INTENSITY;dwColor1 &= csbi.wAttributes;fResult = SetConsoleTextAttribute(hConsole, dwColor1);#ifdef _DEBUGif(fResult != FALSE){dwError = GetLastError();}#endif}//fResult = CloseHandle(hConsole);// do not closehConsole = NULL;}return dwRet;}void EnumFiles(const char * lpPath, PFNEnumFileCallback pfnEnumFileCallback){union {char szFind[MAX_PATH];char szFile[MAX_PATH];};WIN32_FIND_DATA wfd;HANDLE hFind;PrintWithColor(FOREGROUND_GREEN, "       Begin Path: %s\r\n", lpPath);strcpy(szFind, lpPath);strcat(szFind, "*.*");hFind = FindFirstFile(szFind, &wfd);if(INVALID_HANDLE_VALUE == hFind){return;}while(TRUE){if(wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY){if(wfd.cFileName[0] != '.'){strcpy(szFile, lpPath);strcat(szFile, wfd.cFileName);strcat(szFile, "\\");EnumFiles(szFile, pfnEnumFileCallback);// recurse}}else{strcpy(szFile, lpPath);strcat(szFile, wfd.cFileName);//strcat(szFile, "\r\n");//printf(szFile);if(pfnEnumFileCallback(szFile, wfd.cFileName) != ENUM_CONTINUE){printf("       EnumFiles::pfnEnumFileCallback() abort!\r\n");break;}}if(!FindNextFile(hFind, &wfd)){printf("       EnumFiles::FindNextFile() no more files!\r\n");break;}}FindClose(hFind);PrintWithColor(FOREGROUND_GREEN, "         End Path: %s\r\n", lpPath);}int __stdcall EnumProc(const char *lpPathName, const char *lpFileName){HMODULE hModule;union {char *szExt;long dwExt;};char *szFile;szExt = NULL;szFile = (char *)lpFileName;if(szFile){while(*szFile){if(*szFile == '.'){szExt = szFile;}szFile++;}if(szExt){szExt++;dwExt = *(long *)szExt;switch(dwExt){case 0x006c6c64:// dll\0case 0x006c6c44:// Dll\0case 0x006c4c64:// dLl\0case 0x006c4c44:// DLl\0case 0x004c6c64:// dlL\0case 0x004c6c44:// DlL\0case 0x004c4c64:// dLL\0case 0x004c4c44:// DLL\0printf("       Library: ");printf(lpFileName);hModule = LoadLibrary(lpPathName);if(hModule){printf(" loaded!\r\n");FreeLibrary(hModule);hModule = NULL;}else{//printf(" NOT loaded!\r\n");PrintWithColor(FOREGROUND_RED, " NOT loaded!\r\n");}break;default:break;}}}return ENUM_CONTINUE;}int main(int argc, char **argv){char *szPath = "D:\\Program Files\\Portable\\PEiD\\plugins\\";printf("USAGE: PEiD [path]\r\n");printf("  e.g. PEiD \"C:\\Program Files\\PEiD\\plugins\\\"\r\n");if(argc > 1){szPath = argv[1];}PrintWithColor(FOREGROUND_RED, "       using path: %s\r\n\r\n", szPath);EnumFiles(szPath, EnumProc);printf("\r\nPress any fucking key to continue...");getchar();return 0;}

运行后发现，FC.DLL提示需要rtl70.bpl，这个文件是根目录的，不过即使在根目录运行，也是无法加载：

其他无法加载的DLL列表为：

将这些带红色的文件都重命名为XXX.DLL.dat之后，还有两个文件导致崩溃，不过是OD发现的，分别是：

xInfo.DLL\[-=About PEiD =-]\UnreaL.DLL

一样重命名，之后PEiD运行正常。

此外，有两个插件出现异常，但是插件自己有错误捕捉，处理了异常，分别是：

和

 

doc end！

2016-01-15 06:31:40