解读 AcquireTxnFunctions
来源:互联网 发布:网络写作软件哪个好 编辑:程序博客网 时间:2024/05/22 12:16
解读 AcquireTxnFunctions
返回两个函数的地址:g_pfnGetCurrentTransactiong_pfnSetCurrentTransaction和这些地址是否存在的标志:g_fTxnFunctionsAcquired在 TxCaptureAndRelease::Set 中调用。这两个函数来自 ntdll.dll,是干什么的呢?RtlGetCurrentTransactionRtlSetCurrentTransaction//----- (100E4267) --------------------------------------------------------void *__fastcall `anonymous namespace'::AcquireTxnFunctions(_DWORD *a1, _DWORD *a2){ _DWORD *v2; // ebx@1 const char *v3; // edi@1 bool v4; // zf@1 void *v5; // esi@2 signed int v6; // eax@3 NTSTATUS v7; // eax@4 NTSTATUS v8; // eax@7 _DWORD *v10; // ecx@15 char v11; // [sp+Ch] [bp-28h]@14 _DWORD *v12; // [sp+10h] [bp-24h]@1 const char *v13; // [sp+14h] [bp-20h]@10 const char *v14; // [sp+18h] [bp-1Ch]@10 int v15; // [sp+1Ch] [bp-18h]@10 const char *v16; // [sp+20h] [bp-14h]@10 PVOID ProcedureAddress; // [sp+24h] [bp-10h]@4 PVOID v18; // [sp+28h] [bp-Ch]@7 PVOID ModuleImageBase; // [sp+2Ch] [bp-8h]@2 v2 = a1; v3 = 0; v12 = a2; v4 = `anonymous namespace'::g_fTxnFunctionsAcquired == 0; *a1 = 0; *a2 = 0; if ( v4 ) { v5 = (void *)LdrGetDllHandle(0, 0, &g_UNICODE_STRING_ntdll_dot_dll, &ModuleImageBase); if ( (signed int)v5 < 0 ) { v6 = 258; v3 = "LdrGetDllHandle( 0, 0, &g_UNICODE_STRING_ntdll_dot_dll, &Ntdll)";LABEL_10: ModuleImageBase = v5; v15 = v6; v13 = "base\\wcp\\sil\\merged\\ntu\\ntsystem.cpp"; v14 = "`anonymous-namespace'::AcquireTxnFunctions"; v16 = v3; Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination( (int *)&ModuleImageBase, (int)&v13); return v5; } v7 = LdrGetProcedureAddress(ModuleImageBase, &g_ANSI_STRING_RtlSetCurrentTransaction, 0, &ProcedureAddress); v5 = (void *)v7; if ( v7 < 0 && v7 != -1073741511 ) { v6 = 267; goto LABEL_10; } v8 = LdrGetProcedureAddress(ModuleImageBase, &g_ANSI_STRING_RtlGetCurrentTransaction, 0, &v18); v5 = (void *)v8; if ( v8 < 0 && v8 != -1073741511 ) { v6 = 276; goto LABEL_10; } if ( ProcedureAddress ) { if ( v18 ) { `anonymous namespace'::g_pfnSetCurrentTransaction = (int)ProcedureAddress; `anonymous namespace'::g_pfnGetCurrentTransaction = (int)v18; } } _InterlockedOr((volatile signed __int32 *)&v11, 0); `anonymous namespace'::g_fTxnFunctionsAcquired = 1; } _InterlockedOr((volatile signed __int32 *)&v11, 0); v10 = v12; *v2 = `anonymous namespace'::g_pfnSetCurrentTransaction; *v10 = `anonymous namespace'::g_pfnGetCurrentTransaction; return 0;}// 1003E94C: using guessed type int g_UNICODE_STRING_ntdll_dot_dll;// 1027D608: using guessed type int `anonymous namespace'::g_pfnGetCurrentTransaction;// 1027D60C: using guessed type int `anonymous namespace'::g_pfnSetCurrentTransaction;// 1027FB8C: using guessed type char `anonymous namespace'::g_fTxnFunctionsAcquired;//----- (0000000180071EE0) ----------------------------------------------------__int64 __fastcall TxCaptureAndRelease::Set(TxCaptureAndRelease *this){ bool v1; // zf@1 TxCaptureAndRelease *v2; // rdi@1 char *v3; // rbx@3 __int64 result; // rax@4 int (*v5)(void); // rbx@5 __int64 v6; // rax@5 int (__fastcall *v7)(_QWORD); // rbx@6 unsigned int v8; // [sp+20h] [bp-18h]@1 v1 = *((_BYTE *)this + 8) == 0; v2 = this; v8 = -1073741595; if ( !v1 || !*(_QWORD *)this ) goto LABEL_8; v3 = (char *)this + 24; if ( *((_QWORD *)this + 3) || (result = `anonymous namespace'::AcquireTxnFunctions((_QWORD *)this + 2, v3), (signed int)result >= 0) ) { v5 = *(int (**)(void))v3; _guard_check_icall_fptr(v5); LODWORD(v6) = v5(); if ( (unsigned __int64)(v6 - 1) <= 0xFFFFFFFFFFFFFFFDui64 ) { Windows::ErrorHandling::CBaseFrame::BreakIn(); __debugbreak(); } else { v7 = (int (__fastcall *)(_QWORD))*((_QWORD *)v2 + 2); _guard_check_icall_fptr(*((_QWORD *)v2 + 2)); if ( v7(*(_QWORD *)v2) ) { *((_BYTE *)v2 + 8) = 1;LABEL_8: Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v8); return v8; } } Windows::ErrorHandling::CBaseFrame::BreakIn(); JUMPOUT(*(_QWORD *)&byte_180071F8C); } return result;}
0 0
- 解读 AcquireTxnFunctions
- 解读
- 解读数据?解读“人”!
- 解读数据?解读“人”!
- 解读P2P
- 解读深圳
- 解读睡眠
- Makefile解读
- Irda解读
- 解读防火墙
- sizeof解读
- 解读防火墙
- 解读防火墙
- 解读Makefile
- 事务解读
- Makefile解读
- 解读NTFS
- 解读CMVision
- 6. ZigZag Conversion
- <第四章>Node 学习笔记 |> QueryString 参数处理小利器<|
- 搭建Maven私服
- php 按元素值获取最佳元素组合
- poj2135 Farm Tour -最小费用流
- 解读 AcquireTxnFunctions
- Work Application 2016 笔试 编程题
- 与美国同事协作软件开发的感受
- java 对象的理解
- Xcode8 环境变量设置 避免打出一堆信息
- C#编程实现阶乘算法
- CodeForces 722C. Destroying Array(逆向思维)
- ADC_RegularChannelConfig 的参数 Rank的含义
- C#——基于委托与事件的多线程通信(同样适用于非UI线程间通信)