故事总由八哥开始!今天稣看到一个 buggy 的 API 声明:
1 |
但是经历过 OutputDebugString 逆向的稣十分淡定地推测,这一定是故意的!毕竟,微软为了兼容性,啥都干得出来。
稣的逆向经验:一般 API 都是 A 的版本调用 W,而 OutputDebugString 是例外,OutputDebugStringW 调用 OutputDebugStringA。
找到 Raymond Chen 写的《A brief history of the GetEnvironmentStrings functions》。原来,这个 API 早在 Windows NT 3.1 时就烙下八哥!
The GetEnvironmentStrings function has a long and troubled history.
The first bit of confusion is that the day it was introduced in Windows NT 3.1, it was exported funny. The UNICODE version was exported under the name GetEnvironmentStringsW, but the ANSI version was exported under the name GetEnvironmentStrings without the usual A suffix.
A mistake we have been living with for over two decades.
大家可以不必担心相关的可能问题,因为现代的 Windows 会同时导出 GetEnvironmentStrings 和 GetEnvironmentStringsA。