关于PEiD 0.95在Win7 Ultimate x64下崩溃的解决

最终逼不得已还是安装了Win7 64位 旗舰版

在完成了虚拟机安装后，发现PEiD不能运行，无论兼容XP SP3还是管理员权限，一致崩溃

于是写了个程序加载PEiD的插件，主要演示DLL的加载、目录遍历和控制台程序颜色的控制，代码如下：

#ifdef UNICODE
#pragma message("UNICODE defined!")
#undef UNICODE
#endif
#include <Windows.h>
#include <stdio.h>

typedef int (__stdcall *PFNEnumFileCallback)(const char *lpPathName, const char *lpFileName);

#define ENUM_CONTINUE		0
#define ENUM_ABORTED		1


int PrintWithColor(DWORD dwColor, const char *format, ...)
{
	HANDLE hConsole;
	CONSOLE_SCREEN_BUFFER_INFO csbi;
	union {
		DWORD dwColor1;
		DWORD dwError;
	};
	BOOL fResult, fChanged;

	va_list vl;
	int dwRet;

	hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
	if(hConsole != NULL && hConsole != INVALID_HANDLE_VALUE)
	{
		fChanged = FALSE;
		fResult = GetConsoleScreenBufferInfo(hConsole, &csbi);
		if(fResult != FALSE)
		{
			dwColor1 = dwColor;
			fResult = SetConsoleTextAttribute(hConsole, dwColor1);
			if(fResult != FALSE)
			{
				fChanged = TRUE;	// mark as changed
			}
		}
#ifdef _DEBUG
		dwError = GetLastError();
#endif
	}

	va_start(vl, format);
	dwRet = vprintf(format, vl);
	va_end(vl);

	if(hConsole != NULL && hConsole != INVALID_HANDLE_VALUE)
	{
		if(fChanged)
		{
			dwColor1 = 0;		// old color
			dwColor1 |= FOREGROUND_BLUE;
			dwColor1 |= FOREGROUND_GREEN;
			dwColor1 |= FOREGROUND_RED;
			dwColor1 |= FOREGROUND_INTENSITY;
			dwColor1 |= BACKGROUND_BLUE;
			dwColor1 |= BACKGROUND_GREEN;
			dwColor1 |= BACKGROUND_RED;
			dwColor1 |= BACKGROUND_INTENSITY;
			dwColor1 &= csbi.wAttributes;
			fResult = SetConsoleTextAttribute(hConsole, dwColor1);
#ifdef _DEBUG
			if(fResult != FALSE)
			{
				dwError = GetLastError();
			}
#endif
		}
		//fResult = CloseHandle(hConsole);	// do not close
		hConsole = NULL;
	}

	return dwRet;
}

void EnumFiles(const char * lpPath, PFNEnumFileCallback pfnEnumFileCallback)
{
	union {
		char szFind[MAX_PATH];
		char szFile[MAX_PATH];
	};
	WIN32_FIND_DATA wfd;
	HANDLE hFind;

	PrintWithColor(FOREGROUND_GREEN, "       Begin Path: %s\r\n", lpPath);

	strcpy(szFind, lpPath);
	strcat(szFind, "*.*");
	hFind = FindFirstFile(szFind, &wfd);
	if(INVALID_HANDLE_VALUE == hFind)
	{
		return;
	}

	while(TRUE)
	{
		if(wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
		{
			if(wfd.cFileName[0] != '.')
			{
				strcpy(szFile, lpPath);
				strcat(szFile, wfd.cFileName);
				strcat(szFile, "\\");
				EnumFiles(szFile, pfnEnumFileCallback);	// recurse
			}
		}else
		{
			strcpy(szFile, lpPath);
			strcat(szFile, wfd.cFileName);
			//strcat(szFile, "\r\n");
			//printf(szFile);
			if(pfnEnumFileCallback(szFile, wfd.cFileName) != ENUM_CONTINUE)
			{
				printf("       EnumFiles::pfnEnumFileCallback() abort!\r\n");
				break;
			}
		}
		if(!FindNextFile(hFind, &wfd))
		{
			printf("       EnumFiles::FindNextFile() no more files!\r\n");
			break;
		}
	}
	FindClose(hFind);

	PrintWithColor(FOREGROUND_GREEN, "         End Path: %s\r\n", lpPath);
}

int __stdcall EnumProc(const char *lpPathName, const char *lpFileName)
{
	HMODULE hModule;

	union {
		char *szExt;
		long dwExt;
	};
	char *szFile;

	szExt = NULL;
	szFile = (char *)lpFileName;
	if(szFile)
	{
		while(*szFile)
		{
			if(*szFile == '.')
			{
				szExt = szFile;
			}
			szFile++;
		}
		if(szExt)
		{
			szExt++;
			dwExt = *(long *)szExt;
			switch(dwExt){
			case 0x006c6c64:	// dll\0
			case 0x006c6c44:	// Dll\0
			case 0x006c4c64:	// dLl\0
			case 0x006c4c44:	// DLl\0
			case 0x004c6c64:	// dlL\0
			case 0x004c6c44:	// DlL\0
			case 0x004c4c64:	// dLL\0
			case 0x004c4c44:	// DLL\0
				printf("       Library: ");
				printf(lpFileName);
				hModule = LoadLibrary(lpPathName);
				if(hModule)
				{
					printf(" loaded!\r\n");
					FreeLibrary(hModule);
					hModule = NULL;
				}else
				{
					//printf(" NOT loaded!\r\n");
					PrintWithColor(FOREGROUND_RED, " NOT loaded!\r\n");
				}
				break;
			default:
				break;
			}
		}
	}
	return ENUM_CONTINUE;
}

int main(int argc, char **argv)
{
	char *szPath = "D:\\Program Files\\Portable\\PEiD\\plugins\\";

	printf("USAGE: PEiD [path]\r\n");
	printf("  e.g. PEiD \"C:\\Program Files\\PEiD\\plugins\\\"\r\n");
	if(argc > 1)
	{
		szPath = argv[1];
	}
	PrintWithColor(FOREGROUND_RED, "       using path: %s\r\n\r\n", szPath);
	EnumFiles(szPath, EnumProc);

	printf("\r\nPress any fucking key to continue...");
	getchar();
	return 0;
}

运行后发现，FC.DLL提示需要rtl70.bpl，这个文件是根目录的，不过即使在根目录运行，也是无法加载：

其他无法加载的DLL列表为：

将这些带红色的文件都重命名为XXX.DLL.dat之后，还有两个文件导致崩溃，不过是OD发现的，分别是：

xInfo.DLL
\[-=About PEiD =-]\UnreaL.DLL

一样重命名，之后PEiD运行正常。

此外，有两个插件出现异常，但是插件自己有错误捕捉，处理了异常，分别是：

和

 

doc end！

2016-01-15 06:31:40