| skipped 244 lines |
| 245 | 245 | | DWORD rdataLength; |
| 246 | 246 | | BYTE* textData = readSectionData((BYTE*)base, &rdataLength, ".text"); |
| 247 | 247 | | |
| 248 | | - | //适用于win7以上的系统,需要格外修改值 |
| | 248 | + | //适用于win7 server 08以上的系统,需要格外解锁 |
| 249 | 249 | | size_t addr = memFind(textData, lock_count_flag, (size_t)textData + rdataLength, sizeof(lock_count_flag)); |
| 250 | | - | |
| 251 | 250 | | if (addr != 0) |
| 252 | 251 | | { |
| 253 | 252 | | #ifdef _WIN64 |
| skipped 22 lines |
| 276 | 275 | | |
| 277 | 276 | | RtlLeaveCriticalSection((PRTL_CRITICAL_SECTION)Peb->LoaderLock); |
| 278 | 277 | | |
| 279 | | - | //win7 和 08以下系统没有LdrFastFailInLoaderCallout导出函数 |
| | 278 | + | //上面代码是解决使用LoadLibrary动态加载DLL的死锁,下面代码是解决静态导入的DLL的死锁问题 |
| | 279 | + | |
| | 280 | + | //win7 和 08以上系统可以通过LdrFastFailInLoaderCallout导出函数定位到标记位地址 |
| 280 | 281 | | size_t hookAddr = (size_t)GetProcAddress((HMODULE)hModule, "LdrFastFailInLoaderCallout"); |
| 281 | | - | |
| 282 | 282 | | if (hookAddr > 0) { |
| 283 | 283 | | #ifdef _WIN64 |
| 284 | 284 | | hookAddr = hookAddr + 0x18 + 5 + *(PDWORD)(hookAddr + 0x18); |
| skipped 2 lines |
| 287 | 287 | | #endif |
| 288 | 288 | | *(PDWORD)hookAddr = 2; |
| 289 | 289 | | } |
| 290 | | - | |
| | 290 | + | //win7 和 08以下系统没有LdrFastFailInLoaderCallout导出函数,需要搜索特征码定位到标记位地址 |
| 291 | 291 | | addr = memFind(textData, win7_lock_count_flag, (size_t)textData + rdataLength, sizeof(win7_lock_count_flag)); |
| 292 | 292 | | if (addr != 0) |
| 293 | 293 | | { |
| skipped 21 lines |
