生成组件散列值
来源:互联网 发布:淘宝网套装女装 编辑:程序博客网 时间:2024/06/05 10:41
生成组件散列值
散列值在修复组件故障时,非常重要。
第一个散列值从组件的名称上可以知道,只有通过对应的第二个散列值,才能找到组件族和胜出的注册表值。
真正生成字符串的函数可能是:
CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat
这里是调用 CRtlDefinitionIdentity::GeneratePseudoKeys,生成散列值。
但是,也可能并不需要这样做。
IRtlSystemIsolationLayerTearoff *pSystem = NULL;RtlGetSystem(0, NULL, &pSystem);LPWSTR pszPathIn = L"C:\\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_zh-cn_e3e124965f8d9d70.manifest";IRtlDefinitionIdentity* idi = NULL;GetManifestId(pSystem, pszPathIn, &idi);CRtlDefinitionIdentity* di = (CRtlDefinitionIdentity*)(*(UINT_PTR*)&idi - 4 * sizeof(UINT_PTR));ICRtlDefinitionIdentity* t;t = (ICRtlDefinitionIdentity*)&di->vft1;INT64 a1=0, a2=0, a3=0;LUNICODE_STRING fileName, ntFileName;t->GeneratePseudoKeys( &a1, &a2, &a3);将产生三个散列值:e3e124965f8d9d70f593f441a3428c441cbdc1b39c881471第一个用于生成这个文件名,如果不是分发清单文件,还用于生成 winsxs 下的组件目录,以及注册表中 HKEY_LOCAL_MACHINE\Components\DerivedData\Components\ amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_zh-cn_e3e124965f8d9d70 项;第二个散列值已知的只用于注册表,有两处:HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\6.3.9600.18384 (winblue_ltsb.160621-0600)\ComponentFamilies\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_zh-cn_f593f441a3428c44HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_zh-cn_f593f441a3428c44第三个散列值尚不知道用于何处。//----- (000000018010A050) ----------------------------------------------------__int64 __fastcall CRtlDefinitionIdentity::GeneratePseudoKeys(CRtlDefinitionIdentity *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){ return CAttributeValueCollection::GeneratePseudoKeys( *((CAttributeValueCollection **)this + 2), a2, a3, a4);}//----- (000000018010CFB8) ----------------------------------------------------__int64 __fastcall CAttributeValueCollection::GeneratePseudoKeys(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){ *a2 = 0i64; v4 = a4; *a3 = 0i64; v5 = a3; *a4 = 0i64; v6 = a2; v11 = 0i64; v7 = this; v12 = 0i64; v13 = 0i64; v8 = (*(_BYTE *)this & 2) == 0; v14 = -1073741595; if ( v8 ) { result = CAttributeValueCollection::CalculateKeysForBuiltinAttributes( this, &v11, &v12, &v13); if ( (signed int)result < 0 ) return result; v10 = v11; *(_DWORD *)v7 |= 2u; *((_QWORD *)v7 + 38) = v10; *((_QWORD *)v7 + 39) = v12; *((_QWORD *)v7 + 40) = v13; } *v6 = *((_QWORD *)v7 + 38); *v5 = *((_QWORD *)v7 + 39); *v4 = *((_QWORD *)v7 + 40); Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v14); return v14;}//----- (000000018010C760) ----------------------------------------------------__int64 __fastcall CAttributeValueCollection::CalculateKeysForBuiltinAttributes(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){// 清零 *a2 = 0i64; *a3 = 0i64; *a4 = 0i64; v4 = 0i64; v5 = a3; v6 = a2; v7 = (*((_BYTE *)this + 16) & 1) == 0; v8 = this; v20 = a4; v21 = -1073741595; if ( !v7 ) { result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_name, *((Windows::Identity::Rtl **)this + 3), (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v4 = v17; } if ( *((_BYTE *)v8 + 16) & 8 ) { result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_culture, *((Windows::Identity::Rtl **)v8 + 6), (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v4 = v17 + 8589934583i64 * v4; } if ( *((_BYTE *)v8 + 16) & 0x80 ) { result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_typeName, *((Windows::Identity::Rtl **)v8 + 9), (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v4 = v17 + 8589934583i64 * v4; } if ( *((_BYTE *)v8 + 16) & 0x20 ) { result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_Type, *((Windows::Identity::Rtl **)v8 + 8), (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v4 = v17 + 8589934583i64 * v4; } v10 = v4; v11 = v4;版本if ( *((_BYTE *)v8 + 16) & 4 ) { v18 = 0i64; v19 = 46i64; result = Windows::WCP::Implementation::Rtl::FormatFourPartVersion<_LUNICODE_STRING>( (_WORD *)v8 + 20, 0i64, (_QWORD *)v4, (__int64)&v18); if ( (signed int)result < 0 ) return result; result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_version, (Windows::Identity::Rtl *)&v18, (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v12 = 8589934583i64 * v4; v4 = v17 + 8589934583i64 * v4; result = Windows::WCP::Implementation::Rtl::FormatFourPartVersion<_LUNICODE_STRING>( (_WORD *)v8 + 20, (Windows::WCP::Implementation::Rtl *)0xC, (_QWORD *)v11, (__int64)&v18); if ( (signed int)result < 0 ) return result; result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_version, (Windows::Identity::Rtl *)&v18, (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v11 = v12 + v17; } if ( !(*((_BYTE *)v8 + 16) & 2) ) goto LABEL_24; if ( *((_QWORD *)v8 + 26) || (result = ConvertByteStringOnDemandWithResize( (__int64)v8 + 112, (__int64)v8 + 208), (signed int)result >= 0) ) { result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_PublicKeyToken, (CAttributeValueCollection *)((char *)v8 + 208), (unsigned __int64 *)&v17); if ( (signed int)result >= 0 ) { v4 = v17 + 8589934583i64 * v4; v11 = v17 + 8589934583i64 * v11; v10 = v17 + 8589934583i64 * v10;LABEL_24: if ( *((_BYTE *)v8 + 16) & 0x10 ) { v13 = id_GetProcessorArchitecture( (CAttributeValueCollection *)((char *)v8 + 56), (const struct Windows::Identity::Rtl::PSEUDO_ARCH *)a2); if ( !v13 ) { if ( !Windows::Identity::Rtl::PSEUDO_ARCH::operator==( (__int64)v8 + 56, (Windows::Identity::Rtl::PSEUDO_ARCH *)&unk_1802F9784) ) { Windows::ErrorHandling::CBaseFrame::BreakIn(); __debugbreak(); goto LABEL_40; } v13 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_data; } result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_processorArchitecture, v13, (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v4 = v17 + 8589934583i64 * v4; v11 = v17 + 8589934583i64 * v11; v10 = v17 + 8589934583i64 * v10; } if ( !(*((_DWORD *)v8 + 4) & 0x100) ) {LABEL_37: v16 = v20; *v6 = v4; *v5 = v10; *v16 = v11; Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v21); return v21; } v14 = *((_DWORD *)v8 + 20); if ( !v14 ) { v15 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_neutral; goto LABEL_35; } if ( v14 == 1 ) { v15 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_NonSxS;LABEL_35: result = `anonymous namespace'::HashNameAndValue( (Windows::Identity::Rtl *)&g_LUNICODE_STRING_versionScope, v15, (unsigned __int64 *)&v17); if ( (signed int)result < 0 ) return result; v4 = v17 + 8589934583i64 * v4; v11 = v17 + 8589934583i64 * v11; v10 = v17 + 8589934583i64 * v10; goto LABEL_37; }LABEL_40: Windows::ErrorHandling::CBaseFrame::BreakIn(); JUMPOUT(*(_QWORD *)&byte_18010CA6F); } } return result;} ConvertByteStringOnDemandWithResize( (char *)v8 + 112, (char *)v8 + 208可能是把 (char *)v8 + 112 的值转换成字符串,放到 (char *)v8 + 208即, +14 和 +26 //----- (000000018010FFE4) ----------------------------------------------------const struct _LUNICODE_STRING *__fastcall id_GetProcessorArchitecture(Windows::Identity::Rtl::Implementation *this, const struct Windows::Identity::Rtl::PSEUDO_ARCH *a2){ Windows::Identity::Rtl::Implementation *v2; // rdi@1 __int64 *v3; // rbx@1 __int64 v4; // r11@2 v2 = this; v3 = (__int64 *)&off_1802B1628; while ( !Windows::Identity::Rtl::operator==(*v3, (__int64)v2) ) { v3 += 2; if ( v4 == 11 ) return 0i64; } return (const struct _LUNICODE_STRING *)*(&off_1802B1620 + 2 * v4);}返回值的类型为:_LUNICODE_STRING //----- (00000001800FDFA0) ----------------------------------------------------signed __int64 __fastcall Windows::Identity::Rtl::PSEUDO_ARCH::GetLegacyArchitecture(Windows::Identity::Rtl::PSEUDO_ARCH *this){ __int16 v1; // ax@1 signed __int64 result; // rax@2 v1 = *((_WORD *)this + 1); if ( v1 == -1 ) return *(_WORD *)this; if ( *(_WORD *)this != 9 || v1 ) { if ( *(_WORD *)this == v1 ) return *(_WORD *)this; result = 0xFFFFi64; } else { result = 10i64; } return result;}结果都不对。 //----- (101675CF) --------------------------------------------------------int __thiscall CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat(CRtlIdentityBase *this, unsigned __int32 a2, struct _LUNICODE_STRING *a3){ unsigned __int32 v3; // ebx@3 unsigned __int64 v4; // rax@5 int v5; // esi@5 char v6; // cl@10 unsigned __int8 v7; // al@10 struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v8; // ebx@10 int *v9; // eax@11 Windows::WCP::Implementation::Rtl *v10; // eax@18 unsigned __int64 v11; // rax@25 int *v12; // ecx@25 int v13; // ecx@30 unsigned __int8 *v14; // eax@37 char v15; // dl@39 char v16; // al@39 int v17; // eax@41 unsigned __int8 *v18; // eax@44 int *v19; // ecx@47 int *v20; // ecx@55 int *v21; // ecx@63 int *v22; // eax@65 Windows::WCP::Implementation::Rtl *v23; // eax@72 struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v24; // ecx@72 CRtlIdentityBase *v26; // [sp+Ch] [bp-34h]@1 struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v27[2]; // [sp+10h] [bp-30h]@3 char v28; // [sp+1Ch] [bp-24h]@10 char v29; // [sp+1Dh] [bp-23h]@10 char v30; // [sp+1Eh] [bp-22h]@10 char v31; // [sp+1Fh] [bp-21h]@10 const char *v32; // [sp+20h] [bp-20h]@8 const char *v33; // [sp+24h] [bp-1Ch]@8 unsigned __int64 v34; // [sp+28h] [bp-18h]@8 unsigned __int64 v35; // [sp+30h] [bp-10h]@1 unsigned __int32 v36; // [sp+48h] [bp+8h]@10 v26 = this; HIDWORD(v35) = 0xC00000E5; if ( a3 ) *(_DWORD *)a3 = 0; v3 = a2; v27[1] = 0; if ( a2 & 0xFFFFFFF0 ) goto LABEL_25; if ( !a3 ) {Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer((char *)&v35 + 4); v5 = HIDWORD(v35);LABEL_8: v34 = v4; v32 = "base\\wcp\\identity\\id_baseidentity.cpp"; v33 = "CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat";Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination( (int *)&v35 + 1, (int)&v32); return v5; } if ( *((_DWORD *)a3 + 1) < 0x8Cu ) { v5 = 0xC0000023; LODWORD(v4) = 602; HIDWORD(v4) = "BufferOut->MaximumLength >= (140)"; HIDWORD(v35) = 0xC0000023; goto LABEL_8; } v5 = CAttributeValueCollection::GetBuiltinAttributes(*((CAttributeValueCollection **)this + 2), 0, &v27[1]); if ( v5 < 0 ) return v5; v30 = 0; v6 = a2 & 1; v29 = ((unsigned __int8)a2 >> 1) & 1; v7 = a2; LOBYTE(v3) = ((unsigned __int8)a2 >> 3) & 1; v36 = v3; v8 = v27[1]; v31 = v6; v28 = (v7 >> 2) & 1; if ( *((_BYTE *)v27[1] + 8) & 0x10 ) { v9 = (int *)id_GetProcessorArchitecture((char *)v27[1] + 36); goto LABEL_15; } if ( !v6 ) { v9 = g_LUNICODE_STRING_none;LABEL_15: if ( !v9 ) goto LABEL_17; goto LABEL_16; } v9 = g_LUNICODE_STRING__star_; v30 = 1;LABEL_16: v5 = RtlAppendLUnicodeStringToLUnicodeString((int)v9, (int)a3); if ( v5 < 0 ) return v5;LABEL_17: if ( *((_BYTE *)v8 + 8) & 0x80 ) { v10 = (Windows::WCP::Implementation::Rtl *)*((_DWORD *)v8 + 11); } else { if ( !(_BYTE)v36 || !(*((_BYTE *)v8 + 4) & 0x80) ) goto LABEL_24; v10 = (Windows::WCP::Implementation::Rtl *)g_LUNICODE_STRING_Neutral; } if ( v10 ) { v5 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)( v10, 0x10u); if ( v5 < 0 ) return v5; }LABEL_24: if ( !(*((_BYTE *)v8 + 8) & 1) ) {LABEL_25: Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer((char *)&v35 + 4); v34 = v11; v32 = "base\\wcp\\identity\\id_baseidentity.cpp"; v33 = "CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat"; Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination( v12, (int)&v32); return HIDWORD(v35); } if ( *((_DWORD *)v8 + 3) ) { v5 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)( *((Windows::WCP::Implementation::Rtl **)v8 + 3), 0x28u); if ( v5 < 0 ) return v5; } if ( *((_BYTE *)v8 + 8) & 2 ) { v5 = Windows::WCP::Implementation::Rtl::AppendCharacter((int)a3, 95);// 95 即 下划线 if ( v5 < 0 ) return v5; v13 = *((_DWORD *)v8 + 4); LODWORD(v34) = *(_DWORD *)(v13 + 8); HIDWORD(v34) = *(_DWORD *)v13; Windows::WCP::Implementation::Rtl::FormatBytesIntoString( 0, (int)&v34, RtlEncodeUtf16LE, *((_DWORD *)a3 + 2) + *(_DWORD *)a3, *((_DWORD *)a3 + 2) + *((_DWORD *)a3 + 1), (int)&v27[1]); *(_DWORD *)a3 = (char *)v27[1] - *((_DWORD *)a3 + 2); } else { if ( (_BYTE)v36 && *((_BYTE *)v8 + 4) & 2 ) { v19 = g_LUNICODE_STRING__under_neutral; } else if ( v31 ) { v30 = 1; v19 = g_LUNICODE_STRING__under__star_; } else { v19 = g_LUNICODE_STRING__under_none; } v5 = RtlAppendLUnicodeStringToLUnicodeString((int)v19, (int)a3); if ( v5 < 0 ) return v5; } if ( *((_BYTE *)v8 + 8) & 4 ) { if ( v29 ) {LABEL_39: v15 = v31; v16 = v36; goto LABEL_40; } v27[1] = 0; if ( v28 ) v27[1] = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)12; if ( *(_DWORD *)a3 ) { v5 = RtlAppendUcsCharacterToLUnicodeString(0, 95, (int)a3); if ( v5 < 0 ) return v5; } v14 = Windows::WCP::Implementation::Rtl::AppendFourPartVersion<_LUNICODE_STRING>( (struct _RTL_UCSCHAR_ENCODER_RETURN_VALUE (__fastcall __high *)(unsigned __int32, unsigned __int8 *, unsigned __int8 *))v27[1], (_WORD *)v8 + 12, (int)a3);LABEL_38: v5 = (int)v14; if ( (signed int)v14 < 0 ) return v5; goto LABEL_39; } v16 = v36; if ( (_BYTE)v36 && *((_BYTE *)v8 + 4) & 4 ) { v20 = g_LUNICODE_STRING__under_neutral;LABEL_60: v14 = (unsigned __int8 *)RtlAppendLUnicodeStringToLUnicodeString((int)v20, (int)a3); goto LABEL_38; } v15 = v31; if ( v31 ) { v30 = 1; v20 = g_LUNICODE_STRING__under__star_; } else { v20 = g_LUNICODE_STRING__under_none; } if ( !v29 ) goto LABEL_60;LABEL_40: if ( *((_BYTE *)v8 + 8) & 8 ) { v17 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)( *((Windows::WCP::Implementation::Rtl **)v8 + 8), 8u); } else { if ( v16 && *((_BYTE *)v8 + 4) & 8 ) { v21 = g_LUNICODE_STRING__under_neutral; } else { if ( v15 ) { v22 = g_LUNICODE_STRING__under__star_; v30 = 1; } else { v22 = g_LUNICODE_STRING__under_none; } v21 = v22; } v17 = RtlAppendLUnicodeStringToLUnicodeString((int)v21, (int)a3); } v5 = v17; if ( v17 < 0 ) return v5; if ( v30 ) { v18 = (unsigned __int8 *)RtlAppendLUnicodeStringToLUnicodeString((int)g_LUNICODE_STRING__under__star_, (int)a3); } else { v34 = 0i64; v27[0] = 0; v27[1] = 0; v35 = 0i64; v5 = Windows::WCP::Implementation::Rtl::AppendCharacter((int)a3, 95); if ( v5 < 0 ) return v5; v5 = CAttributeValueCollection::GeneratePseudoKeys( *((CAttributeValueCollection **)v26 + 2), &v34, (unsigned __int64 *)v27, &v35); if ( v5 < 0 ) return v5; if ( v29 ) { v23 = v27[0]; v24 = v27[1]; } else if ( v28 ) { v24 = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)HIDWORD(v35); v23 = (Windows::WCP::Implementation::Rtl *)v35; } else { v24 = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)HIDWORD(v34); v23 = (Windows::WCP::Implementation::Rtl *)v34; } v18 = Windows::WCP::Implementation::Rtl::AppendNumberToBuffer<unsigned __int64,_LUNICODE_STRING>( (int)a3, v23, (int)v24); } v5 = (int)v18; if ( (signed int)v18 < 0 ) return v5; if ( *(_DWORD *)a3 > 0x134u ) __debugbreak(); return 0;}// 10009794: using guessed type int g_LUNICODE_STRING_none[2];// 100152E0: using guessed type int g_LUNICODE_STRING_Neutral[2];// 1003D4D8: using guessed type int g_LUNICODE_STRING__star_[2];// 1005D470: using guessed type int g_LUNICODE_STRING__under_none[2];// 1005D47C: using guessed type int g_LUNICODE_STRING__under_neutral[2];// 1005D488: using guessed type int g_LUNICODE_STRING__under__star_[2];// 1023A41C: using guessed type __int32 Windows::WCP::Implementation::Rtl::SanitizeAndAppend(Windows::WCP::Implementation::Rtl *__hidden this, unsigned __int16, struct _LUNICODE_STRING *, const struct _LUNICODE_STRING *, unsigned __int32); //----- (1016CCBF) --------------------------------------------------------__int32 __thiscall CAttributeValueCollection::GeneratePseudoKeys(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){ CAttributeValueCollection *v4; // esi@1 unsigned __int64 *v5; // ecx@1 bool v6; // zf@1 __int32 result; // eax@2 int v8; // eax@3 int v9; // [sp+10h] [bp-28h]@1 int v10; // [sp+14h] [bp-24h]@1 int v11; // [sp+18h] [bp-20h]@1 int v12; // [sp+1Ch] [bp-1Ch]@1 int v13; // [sp+20h] [bp-18h]@1 int v14; // [sp+24h] [bp-14h]@1 unsigned __int64 *v15; // [sp+2Ch] [bp-Ch]@1 int v16; // [sp+30h] [bp-8h]@1 v16 = 0xC00000E5; v4 = this; v5 = a4; v15 = a4; v9 = 0; *a2 = 0i64; *a3 = 0i64; *a4 = 0i64; v6 = (*(_BYTE *)v4 & 2) == 0; v10 = 0; v11 = 0; v12 = 0; v13 = 0; v14 = 0; if ( v6 ) { result = CAttributeValueCollection::CalculateKeysForBuiltinAttributes( v4, (unsigned __int64 *)&v9, (unsigned __int64 *)&v11, (unsigned __int64 *)&v13); if ( result < 0 ) return result; v8 = v9; *(_DWORD *)v4 |= 2u; v5 = v15; *((_DWORD *)v4 + 44) = v8; *((_DWORD *)v4 + 45) = v10; *((_DWORD *)v4 + 46) = v11; *((_DWORD *)v4 + 47) = v12; *((_DWORD *)v4 + 48) = v13; *((_DWORD *)v4 + 49) = v14; } *a2 = *((_QWORD *)v4 + 22); *a3 = *((_QWORD *)v4 + 23); *(_DWORD *)v5 = *((_DWORD *)v4 + 48); *((_DWORD *)v5 + 1) = *((_DWORD *)v4 + 49);// *a4 = *((_QWORD *)v4 + 24);Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetCanonicalSuccess(&v16); return v16;} //----- (10169865) --------------------------------------------------------int __thiscall CRtlIdentityBase::CRtlIdentityBase(CRtlIdentityBase *this){ int v1; // ecx@1 int result; // eax@1 IRtlInternalIdentity::IRtlInternalIdentity(this); *(_DWORD *)v1 = &CRtlIdentityBase::`vftable'; result = v1; *(_BYTE *)(v1 + 4) = 0; *(_DWORD *)(v1 + 8) = 0; return result;} //----- (101698F7) --------------------------------------------------------IRtlInternalIdentity *__thiscall IRtlInternalIdentity::IRtlInternalIdentity(IRtlInternalIdentity *this){ *(_DWORD *)this = &IRtlInternalIdentity::`vftable'; return this;} (CRtlDefinitionIdentity *)operator new((void *)0x18);//----- (101697EE) --------------------------------------------------------CRtlDefinitionIdentity *__thiscall CRtlDefinitionIdentity::CRtlDefinitionIdentity(CRtlDefinitionIdentity *this){ CRtlDefinitionIdentity *v1; // edi@1 struct Windows::Rtl::CRtlTrackTypeDescription *v2; // ebx@1 void (__thiscall *v3)(struct Windows::Rtl::CRtlTrackTypeDescription *, const char *, signed int, signed int, signed int); // esi@2 v1 = this; CRtlIdentityBase::CRtlIdentityBase(this); v2 = Windows::Rtl::g_pTrackTypeDescription; *(_DWORD *)v1 = &Windows::Rtl::CRtlRefCountedObjectBase<CRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseImplementedInterface<CRtlIdentityBase,IRtlInternalIdentity>,Windows::Identity::Rtl::IRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseInterfaceCast<Windows::Identity::Rtl::IRtlBaseIdentity,IRtlInternalIdentity>,Windows::Rtl::Detail::CRtlRefCountedObjectBaseNoInterface>::`vftable'; *((_DWORD *)v1 + 3) = 1; *((_DWORD *)v1 + 4) = &Windows::COM::CComObjectInterfaceTearOffBase<Windows::ServicingAPI::CCSITransactionAnalysis,ICSIInventory>::`vftable'; *(_DWORD *)v1 = &CRtlDefinitionIdentity::`vftable'{for `Windows::Rtl::CRtlRefCountedObjectBase<CRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseImplementedInterface<CRtlIdentityBase,IRtlInternalIdentity>,Windows::Identity::Rtl::IRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseInterfaceCast<Windows::Identity::Rtl::IRtlBaseIdentity,IRtlInternalIdentity>,Windows::Rtl::Detail::CRtlRefCountedObjectBaseNoInterface>'}; *((_DWORD *)v1 + 4) = &CRtlDefinitionIdentity::`vftable'{for `Windows::Identity::Rtl::IRtlDefinitionIdentity'}; if ( v2 ) { v3 = *(void (__thiscall **)(struct Windows::Rtl::CRtlTrackTypeDescription *, const char *, signed int, signed int, signed int))(*(_DWORD *)v2 + 8); __guard_check_icall_fptr(*(_DWORD *)(*(_DWORD *)v2 + 8)); v3(v2, "CRtlDefinitionIdentity", 14, 24, 1); } return v1;}
0 0
- 生成组件散列值
- 生成组件
- c#生成com+组件
- 无组件生成缩略图
- 无组件生成缩略图
- JSF动态生成组件
- [flex2]动态生成组件
- JSF动态生成组件
- matlab 生成com组件
- 自定义组件(xib生成)
- OWC组件生成柱状图
- Android动态生成组件
- Java动态生成组件
- React生成组件类
- 组件编写1-----使用JQ生成组件
- 组件编写2-----执行方法生成组件
- 组件编写3-----对象生成组件
- Asp无组件生成缩略图
- js && and || ISAPI Rewrite
- 一个很给力的程序,表白用的。
- ASP.NET大学时代项目设计报告二
- 三个案例带你看懂LayoutInflater中inflate方法两个参数和三个参数的区别
- thinkphp 获取当前url
- 生成组件散列值
- Android中的Service:Binder,Messenger,AIDL(2)
- java--基本类型和字符串之间进行转换
- zookeeper3.4.6配置
- 充实的一天(shell编程)
- 理解事务——原子性、一致性、隔离性和持久性
- 利用msfvenom渗透win7
- C语言strtod函数DEMO
- JZOJ4883. 灵知的太阳信仰