CreateWindows

CreateWindows

int CreateWindows()
{

    cout << endl;
    cout << "调用 CreateWindows" << endl;

    //unsigned short const *
    //struct Windows::Rtl::IRtlDirectory *
    //struct _OFFLINE_STORE_CREATION_PARAMETERS *
    //class Windows::WCP::COM::CRegistryKeys *
    //unsigned long

    int pfb = 0x101249BB;
    int pfn = (int)phWCP - 0x10000000 + pfb;

    typedef int(__fastcall * fnCreateWindows)(char *, int*, int*, int*, int);

    fnCreateWindows g_fnCreateWindows;
    g_fnCreateWindows = (fnCreateWindows)pfn;


    g_fnCreateWindows = (fnCreateWindows)pfn;
    int result = -1;

    char* a = "d:\\temp\\";
    int b = 0;
    int c = 0;
    int d = 0;
    int e = 0;



    result = g_fnCreateWindows(a, &b, &c, &d, e);
    cout << "result:" << result << endl;

    cout << "调用 CreateWindows 结束" << endl;;
    cout << endl;;

    return result;
}


2562A60: using guessed type int g_LUNICODE_STRING__bslash_Windows[2];
25E02AD: using guessed type _DWORD __stdcall Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CVoidRaiseFrame>::ReportErrorPropagation(_DWORD);
25E02B9: using guessed type int Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetInvalidParameter(void);
25E1DA7: using guessed type int __thiscall Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetCanonicalSuccess(_DWORD);
25E3AA2: using guessed type int __stdcall Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::ReportErrorOrigination(_DWORD);
2608D56: using guessed type int __thiscall `anonymous namespace'::RemoveTrailingSlash(_DWORD);
2671F8A: using guessed type int __fastcall `anonymous namespace'::CreateImportantFiles(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD);
26726A6: using guessed type _DWORD __stdcall `anonymous namespace'::CreateImportantRegKeys(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD);
267D260: using guessed type int __fastcall RtlAppendLUnicodeStringToLUnicodeString(_DWORD, _DWORD);
267D810: using guessed type int __fastcall RtlDuplicateNullTerminatedStringToLUnicodeString(_DWORD, _DWORD);
278A7AF: using guessed type _DWORD __stdcall Windows::WCP::Implementation::Rtl::PrivilegeAcquisition::Acquire(_DWORD);
2674A56: using existing software breakpoint as temporary breakpoint
2674A67: using existing software breakpoint as temporary breakpoint
25E3ABA: using guessed type _DWORD __stdcall Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(_DWORD);
2631135: using guessed type int __thiscall Windows::Rtl::AutoHandleBase<Windows::Rtl::AutoHandleDefaultTraits<void *>,Windows::Rtl::AutoFileHandle>::Close(_DWORD);
Flushing buffers, please wait...ok
25E3ABA: using guessed type _DWORD __stdcall Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(_DWORD);
PDBSRC: loading symbols for 'E:\FSharp\CallWCP\Debug\CallWCP.exe'...
PDB: using load address B30000
Debugger: process has exited (exit code -1)
25DF27D: using guessed type int __thiscall Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close(_DWORD);
25E02AD: using guessed type _DWORD __stdcall Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CVoidRaiseFrame>::ReportErrorPropagation(_DWORD);
25E02C0: using guessed type int __thiscall Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetInvalidParameter_NullPointer(_DWORD);
25E3AA2: using guessed type int __thiscall Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::ReportErrorOrigination(_DWORD, _DWORD);
25E5886: using guessed type int __thiscall Windows::WCP::Rtl::CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,4>::~CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,4>(_DWORD);
25E5998: using guessed type _DWORD __cdecl Windows::WCP::Rtl::CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,4>::Arm(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, char);
25E5B3D: using guessed type int __thiscall Windows::Rtl::AutoBlob<Windows::Auto<_LBLOB>>::Close(_DWORD);
25E5E19: using guessed type int __fastcall ParseManifestFromXML(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD);
261DB71: using guessed type int __thiscall Windows::WCP::Rtl::CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,6>::ShouldArm(_DWORD);
2641410: using guessed type _DWORD __stdcall RtlGetSystem(_DWORD);
27385AE: using guessed type int __fastcall Windows::COM::ConvertPathIn(_DWORD, _DWORD);
27671D7: using guessed type int __thiscall Windows::AutoPointerBase<Windows::Cdf::Rtl::IRtlCdfStringTableEnumerator *,Windows::Auto<Windows::Cdf::Rtl::IRtlCdfStringTableEnumerator *>>::Close(_DWORD);
27D05E8: using guessed type int (__thiscall *__guard_check_icall_fptr)(_DWORD);