生成组件散列值

散列值在修复组件故障时，非常重要。
第一个散列值从组件的名称上可以知道，只有通过对应的第二个散列值，才能找到组件族和胜出的注册表值。

真正生成字符串的函数可能是：
CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat
这里是调用 CRtlDefinitionIdentity::GeneratePseudoKeys，生成散列值。
但是，也可能并不需要这样做。

IRtlSystemIsolationLayerTearoff  *pSystem = NULL;RtlGetSystem(0, NULL, &pSystem);LPWSTR pszPathIn = L"C:\\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_zh-cn_e3e124965f8d9d70.manifest";IRtlDefinitionIdentity* idi = NULL;GetManifestId(pSystem, pszPathIn, &idi);CRtlDefinitionIdentity* di = (CRtlDefinitionIdentity*)(*(UINT_PTR*)&idi - 4 * sizeof(UINT_PTR));ICRtlDefinitionIdentity* t;t = (ICRtlDefinitionIdentity*)&di->vft1;INT64 a1=0, a2=0, a3=0;LUNICODE_STRING fileName, ntFileName;t->GeneratePseudoKeys( &a1, &a2, &a3);将产生三个散列值：e3e124965f8d9d70f593f441a3428c441cbdc1b39c881471第一个用于生成这个文件名，如果不是分发清单文件，还用于生成 winsxs 下的组件目录，以及注册表中 HKEY_LOCAL_MACHINE\Components\DerivedData\Components\ amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_zh-cn_e3e124965f8d9d70 项；第二个散列值已知的只用于注册表，有两处：HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\6.3.9600.18384 (winblue_ltsb.160621-0600)\ComponentFamilies\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_zh-cn_f593f441a3428c44HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_zh-cn_f593f441a3428c44第三个散列值尚不知道用于何处。//----- (000000018010A050) ----------------------------------------------------__int64 __fastcall CRtlDefinitionIdentity::GeneratePseudoKeys(CRtlDefinitionIdentity *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){  return CAttributeValueCollection::GeneratePseudoKeys(           *((CAttributeValueCollection **)this + 2),           a2,           a3,           a4);}//----- (000000018010CFB8) ----------------------------------------------------__int64 __fastcall CAttributeValueCollection::GeneratePseudoKeys(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){  *a2 = 0i64;  v4 = a4;  *a3 = 0i64;  v5 = a3;  *a4 = 0i64;  v6 = a2;  v11 = 0i64;  v7 = this;  v12 = 0i64;  v13 = 0i64;  v8 = (*(_BYTE *)this & 2) == 0;  v14 = -1073741595;  if ( v8 )  {    result = CAttributeValueCollection::CalculateKeysForBuiltinAttributes(               this,               &v11,               &v12,               &v13);    if ( (signed int)result < 0 )      return result;    v10 = v11;    *(_DWORD *)v7 |= 2u;    *((_QWORD *)v7 + 38) = v10;    *((_QWORD *)v7 + 39) = v12;    *((_QWORD *)v7 + 40) = v13;  }  *v6 = *((_QWORD *)v7 + 38);  *v5 = *((_QWORD *)v7 + 39);  *v4 = *((_QWORD *)v7 + 40);  Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v14);  return v14;}//----- (000000018010C760) ----------------------------------------------------__int64 __fastcall CAttributeValueCollection::CalculateKeysForBuiltinAttributes(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){// 清零  *a2 = 0i64;  *a3 = 0i64;  *a4 = 0i64;  v4 = 0i64;  v5 = a3;  v6 = a2;  v7 = (*((_BYTE *)this + 16) & 1) == 0;  v8 = this;  v20 = a4;  v21 = -1073741595;  if ( !v7 )  {    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_name,               *((Windows::Identity::Rtl **)this + 3),               (unsigned __int64 *)&v17);    if ( (signed int)result < 0 )      return result;    v4 = v17;  }  if ( *((_BYTE *)v8 + 16) & 8 )  {    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_culture,               *((Windows::Identity::Rtl **)v8 + 6),               (unsigned __int64 *)&v17);    if ( (signed int)result < 0 )      return result;    v4 = v17 + 8589934583i64 * v4;  }  if ( *((_BYTE *)v8 + 16) & 0x80 )  {    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_typeName,               *((Windows::Identity::Rtl **)v8 + 9),               (unsigned __int64 *)&v17);    if ( (signed int)result < 0 )      return result;    v4 = v17 + 8589934583i64 * v4;  }  if ( *((_BYTE *)v8 + 16) & 0x20 )  {    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_Type,               *((Windows::Identity::Rtl **)v8 + 8),               (unsigned __int64 *)&v17);    if ( (signed int)result < 0 )      return result;    v4 = v17 + 8589934583i64 * v4;  }  v10 = v4;  v11 = v4;版本if ( *((_BYTE *)v8 + 16) & 4 )  {    v18 = 0i64;    v19 = 46i64;    result = Windows::WCP::Implementation::Rtl::FormatFourPartVersion<_LUNICODE_STRING>(               (_WORD *)v8 + 20,               0i64,               (_QWORD *)v4,               (__int64)&v18);    if ( (signed int)result < 0 )      return result;    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_version,               (Windows::Identity::Rtl *)&v18,               (unsigned __int64 *)&v17);    if ( (signed int)result < 0 )      return result;    v12 = 8589934583i64 * v4;    v4 = v17 + 8589934583i64 * v4;    result = Windows::WCP::Implementation::Rtl::FormatFourPartVersion<_LUNICODE_STRING>(               (_WORD *)v8 + 20,               (Windows::WCP::Implementation::Rtl *)0xC,               (_QWORD *)v11,               (__int64)&v18);    if ( (signed int)result < 0 )      return result;    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_version,               (Windows::Identity::Rtl *)&v18,               (unsigned __int64 *)&v17);    if ( (signed int)result < 0 )      return result;    v11 = v12 + v17;  }  if ( !(*((_BYTE *)v8 + 16) & 2) )    goto LABEL_24;  if ( *((_QWORD *)v8 + 26)    || (result = ConvertByteStringOnDemandWithResize(                   (__int64)v8 + 112,                   (__int64)v8 + 208),        (signed int)result >= 0) )  {    result = `anonymous namespace'::HashNameAndValue(               (Windows::Identity::Rtl *)&g_LUNICODE_STRING_PublicKeyToken,               (CAttributeValueCollection *)((char *)v8 + 208),               (unsigned __int64 *)&v17);    if ( (signed int)result >= 0 )    {      v4 = v17 + 8589934583i64 * v4;      v11 = v17 + 8589934583i64 * v11;      v10 = v17 + 8589934583i64 * v10;LABEL_24:      if ( *((_BYTE *)v8 + 16) & 0x10 )      {        v13 = id_GetProcessorArchitecture(                (CAttributeValueCollection *)((char *)v8 + 56),                (const struct Windows::Identity::Rtl::PSEUDO_ARCH *)a2);        if ( !v13 )        {          if ( !Windows::Identity::Rtl::PSEUDO_ARCH::operator==(                  (__int64)v8 + 56,                  (Windows::Identity::Rtl::PSEUDO_ARCH *)&unk_1802F9784) )          {            Windows::ErrorHandling::CBaseFrame::BreakIn();            __debugbreak();            goto LABEL_40;          }          v13 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_data;        }        result = `anonymous namespace'::HashNameAndValue(                   (Windows::Identity::Rtl *)&g_LUNICODE_STRING_processorArchitecture,                   v13,                   (unsigned __int64 *)&v17);        if ( (signed int)result < 0 )          return result;        v4 = v17 + 8589934583i64 * v4;        v11 = v17 + 8589934583i64 * v11;        v10 = v17 + 8589934583i64 * v10;      }      if ( !(*((_DWORD *)v8 + 4) & 0x100) )      {LABEL_37:        v16 = v20;        *v6 = v4;        *v5 = v10;        *v16 = v11;        Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v21);        return v21;      }      v14 = *((_DWORD *)v8 + 20);      if ( !v14 )      {        v15 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_neutral;        goto LABEL_35;      }      if ( v14 == 1 )      {        v15 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_NonSxS;LABEL_35:        result = `anonymous namespace'::HashNameAndValue(                   (Windows::Identity::Rtl *)&g_LUNICODE_STRING_versionScope,                   v15,                   (unsigned __int64 *)&v17);        if ( (signed int)result < 0 )          return result;        v4 = v17 + 8589934583i64 * v4;        v11 = v17 + 8589934583i64 * v11;        v10 = v17 + 8589934583i64 * v10;        goto LABEL_37;      }LABEL_40:      Windows::ErrorHandling::CBaseFrame::BreakIn();      JUMPOUT(*(_QWORD *)&byte_18010CA6F);    }  }  return result;} ConvertByteStringOnDemandWithResize(                   (char *)v8 + 112,                   (char *)v8 + 208可能是把 (char *)v8 + 112 的值转换成字符串，放到 (char *)v8 + 208即， +14 和 +26 //----- (000000018010FFE4) ----------------------------------------------------const struct _LUNICODE_STRING *__fastcall id_GetProcessorArchitecture(Windows::Identity::Rtl::Implementation *this, const struct Windows::Identity::Rtl::PSEUDO_ARCH *a2){  Windows::Identity::Rtl::Implementation *v2; // rdi@1  __int64 *v3; // rbx@1  __int64 v4; // r11@2  v2 = this;  v3 = (__int64 *)&off_1802B1628;  while ( !Windows::Identity::Rtl::operator==(*v3, (__int64)v2) )  {    v3 += 2;    if ( v4 == 11 )      return 0i64;  }  return (const struct _LUNICODE_STRING *)*(&off_1802B1620 + 2 * v4);}返回值的类型为：_LUNICODE_STRING //----- (00000001800FDFA0) ----------------------------------------------------signed __int64 __fastcall Windows::Identity::Rtl::PSEUDO_ARCH::GetLegacyArchitecture(Windows::Identity::Rtl::PSEUDO_ARCH *this){  __int16 v1; // ax@1  signed __int64 result; // rax@2  v1 = *((_WORD *)this + 1);  if ( v1 == -1 )    return *(_WORD *)this;  if ( *(_WORD *)this != 9 || v1 )  {    if ( *(_WORD *)this == v1 )      return *(_WORD *)this;    result = 0xFFFFi64;  }  else  {    result = 10i64;  }  return result;}结果都不对。 //----- (101675CF) --------------------------------------------------------int __thiscall CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat(CRtlIdentityBase *this, unsigned __int32 a2, struct _LUNICODE_STRING *a3){  unsigned __int32 v3; // ebx@3  unsigned __int64 v4; // rax@5  int v5; // esi@5  char v6; // cl@10  unsigned __int8 v7; // al@10  struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v8; // ebx@10  int *v9; // eax@11  Windows::WCP::Implementation::Rtl *v10; // eax@18  unsigned __int64 v11; // rax@25  int *v12; // ecx@25  int v13; // ecx@30  unsigned __int8 *v14; // eax@37  char v15; // dl@39  char v16; // al@39  int v17; // eax@41  unsigned __int8 *v18; // eax@44  int *v19; // ecx@47  int *v20; // ecx@55  int *v21; // ecx@63  int *v22; // eax@65  Windows::WCP::Implementation::Rtl *v23; // eax@72  struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v24; // ecx@72  CRtlIdentityBase *v26; // [sp+Ch] [bp-34h]@1  struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v27[2]; // [sp+10h] [bp-30h]@3  char v28; // [sp+1Ch] [bp-24h]@10  char v29; // [sp+1Dh] [bp-23h]@10  char v30; // [sp+1Eh] [bp-22h]@10  char v31; // [sp+1Fh] [bp-21h]@10  const char *v32; // [sp+20h] [bp-20h]@8  const char *v33; // [sp+24h] [bp-1Ch]@8  unsigned __int64 v34; // [sp+28h] [bp-18h]@8  unsigned __int64 v35; // [sp+30h] [bp-10h]@1  unsigned __int32 v36; // [sp+48h] [bp+8h]@10  v26 = this;  HIDWORD(v35) = 0xC00000E5;  if ( a3 )    *(_DWORD *)a3 = 0;  v3 = a2;  v27[1] = 0;  if ( a2 & 0xFFFFFFF0 )    goto LABEL_25;  if ( !a3 )  {Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer((char *)&v35 + 4);    v5 = HIDWORD(v35);LABEL_8:    v34 = v4;    v32 = "base\\wcp\\identity\\id_baseidentity.cpp";    v33 = "CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat";Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(      (int *)&v35 + 1,      (int)&v32);    return v5;  }  if ( *((_DWORD *)a3 + 1) < 0x8Cu )  {    v5 = 0xC0000023;    LODWORD(v4) = 602;    HIDWORD(v4) = "BufferOut->MaximumLength >= (140)";    HIDWORD(v35) = 0xC0000023;    goto LABEL_8;  }  v5 = CAttributeValueCollection::GetBuiltinAttributes(*((CAttributeValueCollection **)this + 2),         0,         &v27[1]);  if ( v5 < 0 )    return v5;  v30 = 0;  v6 = a2 & 1;  v29 = ((unsigned __int8)a2 >> 1) & 1;  v7 = a2;  LOBYTE(v3) = ((unsigned __int8)a2 >> 3) & 1;  v36 = v3;  v8 = v27[1];  v31 = v6;  v28 = (v7 >> 2) & 1;  if ( *((_BYTE *)v27[1] + 8) & 0x10 )  {    v9 = (int *)id_GetProcessorArchitecture((char *)v27[1] + 36);    goto LABEL_15;  }  if ( !v6 )  {    v9 = g_LUNICODE_STRING_none;LABEL_15:    if ( !v9 )      goto LABEL_17;    goto LABEL_16;  }  v9 = g_LUNICODE_STRING__star_;  v30 = 1;LABEL_16:  v5 = RtlAppendLUnicodeStringToLUnicodeString((int)v9, (int)a3);  if ( v5 < 0 )    return v5;LABEL_17:  if ( *((_BYTE *)v8 + 8) & 0x80 )  {    v10 = (Windows::WCP::Implementation::Rtl *)*((_DWORD *)v8 + 11);  }  else  {    if ( !(_BYTE)v36 || !(*((_BYTE *)v8 + 4) & 0x80) )      goto LABEL_24;    v10 = (Windows::WCP::Implementation::Rtl *)g_LUNICODE_STRING_Neutral;  }  if ( v10 )  {    v5 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)(           v10,           0x10u);    if ( v5 < 0 )      return v5;  }LABEL_24:  if ( !(*((_BYTE *)v8 + 8) & 1) )  {LABEL_25:    Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer((char *)&v35 + 4);    v34 = v11;    v32 = "base\\wcp\\identity\\id_baseidentity.cpp";    v33 = "CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat";    Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(      v12,      (int)&v32);    return HIDWORD(v35);  }  if ( *((_DWORD *)v8 + 3) )  {    v5 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)(           *((Windows::WCP::Implementation::Rtl **)v8 + 3),           0x28u);    if ( v5 < 0 )      return v5;  }  if ( *((_BYTE *)v8 + 8) & 2 )  {    v5 = Windows::WCP::Implementation::Rtl::AppendCharacter((int)a3, 95);// 95 即 下划线    if ( v5 < 0 )      return v5;    v13 = *((_DWORD *)v8 + 4);    LODWORD(v34) = *(_DWORD *)(v13 + 8);    HIDWORD(v34) = *(_DWORD *)v13;    Windows::WCP::Implementation::Rtl::FormatBytesIntoString(      0,      (int)&v34,      RtlEncodeUtf16LE,      *((_DWORD *)a3 + 2) + *(_DWORD *)a3,      *((_DWORD *)a3 + 2) + *((_DWORD *)a3 + 1),      (int)&v27[1]);    *(_DWORD *)a3 = (char *)v27[1] - *((_DWORD *)a3 + 2);  }  else  {    if ( (_BYTE)v36 && *((_BYTE *)v8 + 4) & 2 )    {      v19 = g_LUNICODE_STRING__under_neutral;    }    else if ( v31 )    {      v30 = 1;      v19 = g_LUNICODE_STRING__under__star_;    }    else    {      v19 = g_LUNICODE_STRING__under_none;    }    v5 = RtlAppendLUnicodeStringToLUnicodeString((int)v19, (int)a3);    if ( v5 < 0 )      return v5;  }  if ( *((_BYTE *)v8 + 8) & 4 )  {    if ( v29 )    {LABEL_39:      v15 = v31;      v16 = v36;      goto LABEL_40;    }    v27[1] = 0;    if ( v28 )      v27[1] = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)12;    if ( *(_DWORD *)a3 )    {      v5 = RtlAppendUcsCharacterToLUnicodeString(0, 95, (int)a3);      if ( v5 < 0 )        return v5;    }    v14 = Windows::WCP::Implementation::Rtl::AppendFourPartVersion<_LUNICODE_STRING>(            (struct _RTL_UCSCHAR_ENCODER_RETURN_VALUE (__fastcall __high *)(unsigned __int32, unsigned __int8 *, unsigned __int8 *))v27[1],            (_WORD *)v8 + 12,            (int)a3);LABEL_38:    v5 = (int)v14;    if ( (signed int)v14 < 0 )      return v5;    goto LABEL_39;  }  v16 = v36;  if ( (_BYTE)v36 && *((_BYTE *)v8 + 4) & 4 )  {    v20 = g_LUNICODE_STRING__under_neutral;LABEL_60:    v14 = (unsigned __int8 *)RtlAppendLUnicodeStringToLUnicodeString((int)v20, (int)a3);    goto LABEL_38;  }  v15 = v31;  if ( v31 )  {    v30 = 1;    v20 = g_LUNICODE_STRING__under__star_;  }  else  {    v20 = g_LUNICODE_STRING__under_none;  }  if ( !v29 )    goto LABEL_60;LABEL_40:  if ( *((_BYTE *)v8 + 8) & 8 )  {    v17 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)(            *((Windows::WCP::Implementation::Rtl **)v8 + 8),            8u);  }  else  {    if ( v16 && *((_BYTE *)v8 + 4) & 8 )    {      v21 = g_LUNICODE_STRING__under_neutral;    }    else    {      if ( v15 )      {        v22 = g_LUNICODE_STRING__under__star_;        v30 = 1;      }      else      {        v22 = g_LUNICODE_STRING__under_none;      }      v21 = v22;    }    v17 = RtlAppendLUnicodeStringToLUnicodeString((int)v21, (int)a3);  }  v5 = v17;  if ( v17 < 0 )    return v5;  if ( v30 )  {    v18 = (unsigned __int8 *)RtlAppendLUnicodeStringToLUnicodeString((int)g_LUNICODE_STRING__under__star_, (int)a3);  }  else  {    v34 = 0i64;    v27[0] = 0;    v27[1] = 0;    v35 = 0i64;    v5 = Windows::WCP::Implementation::Rtl::AppendCharacter((int)a3, 95);    if ( v5 < 0 )      return v5;    v5 = CAttributeValueCollection::GeneratePseudoKeys(           *((CAttributeValueCollection **)v26 + 2),           &v34,           (unsigned __int64 *)v27,           &v35);    if ( v5 < 0 )      return v5;    if ( v29 )    {      v23 = v27[0];      v24 = v27[1];    }    else if ( v28 )    {      v24 = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)HIDWORD(v35);      v23 = (Windows::WCP::Implementation::Rtl *)v35;    }    else    {      v24 = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)HIDWORD(v34);      v23 = (Windows::WCP::Implementation::Rtl *)v34;    }    v18 = Windows::WCP::Implementation::Rtl::AppendNumberToBuffer<unsigned __int64,_LUNICODE_STRING>(            (int)a3,            v23,            (int)v24);  }  v5 = (int)v18;  if ( (signed int)v18 < 0 )    return v5;  if ( *(_DWORD *)a3 > 0x134u )    __debugbreak();  return 0;}// 10009794: using guessed type int g_LUNICODE_STRING_none[2];// 100152E0: using guessed type int g_LUNICODE_STRING_Neutral[2];// 1003D4D8: using guessed type int g_LUNICODE_STRING__star_[2];// 1005D470: using guessed type int g_LUNICODE_STRING__under_none[2];// 1005D47C: using guessed type int g_LUNICODE_STRING__under_neutral[2];// 1005D488: using guessed type int g_LUNICODE_STRING__under__star_[2];// 1023A41C: using guessed type __int32 Windows::WCP::Implementation::Rtl::SanitizeAndAppend(Windows::WCP::Implementation::Rtl *__hidden this, unsigned __int16, struct _LUNICODE_STRING *, const struct _LUNICODE_STRING *, unsigned __int32); //----- (1016CCBF) --------------------------------------------------------__int32 __thiscall CAttributeValueCollection::GeneratePseudoKeys(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4){  CAttributeValueCollection *v4; // esi@1  unsigned __int64 *v5; // ecx@1  bool v6; // zf@1  __int32 result; // eax@2  int v8; // eax@3  int v9; // [sp+10h] [bp-28h]@1  int v10; // [sp+14h] [bp-24h]@1  int v11; // [sp+18h] [bp-20h]@1  int v12; // [sp+1Ch] [bp-1Ch]@1  int v13; // [sp+20h] [bp-18h]@1  int v14; // [sp+24h] [bp-14h]@1  unsigned __int64 *v15; // [sp+2Ch] [bp-Ch]@1  int v16; // [sp+30h] [bp-8h]@1  v16 = 0xC00000E5;  v4 = this;  v5 = a4;  v15 = a4;  v9 = 0;  *a2 = 0i64;  *a3 = 0i64;  *a4 = 0i64;  v6 = (*(_BYTE *)v4 & 2) == 0;  v10 = 0;  v11 = 0;  v12 = 0;  v13 = 0;  v14 = 0;  if ( v6 )  {    result = CAttributeValueCollection::CalculateKeysForBuiltinAttributes(               v4,               (unsigned __int64 *)&v9,               (unsigned __int64 *)&v11,               (unsigned __int64 *)&v13);    if ( result < 0 )      return result;    v8 = v9;    *(_DWORD *)v4 |= 2u;    v5 = v15;    *((_DWORD *)v4 + 44) = v8;    *((_DWORD *)v4 + 45) = v10;    *((_DWORD *)v4 + 46) = v11;    *((_DWORD *)v4 + 47) = v12;    *((_DWORD *)v4 + 48) = v13;    *((_DWORD *)v4 + 49) = v14;  }  *a2 = *((_QWORD *)v4 + 22);  *a3 = *((_QWORD *)v4 + 23);  *(_DWORD *)v5 = *((_DWORD *)v4 + 48);  *((_DWORD *)v5 + 1) = *((_DWORD *)v4 + 49);//  *a4 = *((_QWORD *)v4 + 24);Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetCanonicalSuccess(&v16);  return v16;} //----- (10169865) --------------------------------------------------------int __thiscall CRtlIdentityBase::CRtlIdentityBase(CRtlIdentityBase *this){  int v1; // ecx@1  int result; // eax@1  IRtlInternalIdentity::IRtlInternalIdentity(this);  *(_DWORD *)v1 = &CRtlIdentityBase::`vftable';  result = v1;  *(_BYTE *)(v1 + 4) = 0;  *(_DWORD *)(v1 + 8) = 0;  return result;} //----- (101698F7) --------------------------------------------------------IRtlInternalIdentity *__thiscall IRtlInternalIdentity::IRtlInternalIdentity(IRtlInternalIdentity *this){  *(_DWORD *)this = &IRtlInternalIdentity::`vftable';  return this;} (CRtlDefinitionIdentity *)operator new((void *)0x18);//----- (101697EE) --------------------------------------------------------CRtlDefinitionIdentity *__thiscall CRtlDefinitionIdentity::CRtlDefinitionIdentity(CRtlDefinitionIdentity *this){  CRtlDefinitionIdentity *v1; // edi@1  struct Windows::Rtl::CRtlTrackTypeDescription *v2; // ebx@1  void (__thiscall *v3)(struct Windows::Rtl::CRtlTrackTypeDescription *, const char *, signed int, signed int, signed int); // esi@2  v1 = this;  CRtlIdentityBase::CRtlIdentityBase(this);  v2 = Windows::Rtl::g_pTrackTypeDescription;  *(_DWORD *)v1 = &Windows::Rtl::CRtlRefCountedObjectBase<CRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseImplementedInterface<CRtlIdentityBase,IRtlInternalIdentity>,Windows::Identity::Rtl::IRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseInterfaceCast<Windows::Identity::Rtl::IRtlBaseIdentity,IRtlInternalIdentity>,Windows::Rtl::Detail::CRtlRefCountedObjectBaseNoInterface>::`vftable';  *((_DWORD *)v1 + 3) = 1;  *((_DWORD *)v1 + 4) = &Windows::COM::CComObjectInterfaceTearOffBase<Windows::ServicingAPI::CCSITransactionAnalysis,ICSIInventory>::`vftable';  *(_DWORD *)v1 = &CRtlDefinitionIdentity::`vftable'{for `Windows::Rtl::CRtlRefCountedObjectBase<CRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseImplementedInterface<CRtlIdentityBase,IRtlInternalIdentity>,Windows::Identity::Rtl::IRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseInterfaceCast<Windows::Identity::Rtl::IRtlBaseIdentity,IRtlInternalIdentity>,Windows::Rtl::Detail::CRtlRefCountedObjectBaseNoInterface>'};  *((_DWORD *)v1 + 4) = &CRtlDefinitionIdentity::`vftable'{for `Windows::Identity::Rtl::IRtlDefinitionIdentity'};  if ( v2 )  {    v3 = *(void (__thiscall **)(struct Windows::Rtl::CRtlTrackTypeDescription *, const char *, signed int, signed int, signed int))(*(_DWORD *)v2 + 8);    __guard_check_icall_fptr(*(_DWORD *)(*(_DWORD *)v2 + 8));    v3(v2, "CRtlDefinitionIdentity", 14, 24, 1);  }  return v1;}