获得清单文件的内置属性
/************************************************************************/
/*
获得清单文件的内置属性
第一个参数为文件名
第二个参数为属性序号,从 1 开始,到 32,已知的有下面的一些常用值:
1 assemblyIdentity name
2 publicKeyToken
3 version
4 language="zh-CN" 为空时,neutral
5 processorArchitecture="amd64"
6 type="driverUpdate"
7
8
9 versionScope="nonSxS"
*/
/************************************************************************/
LoadWcp();
WcpInitialize();
IRtlSystemIsolationLayerTearoff *pSystem = NULL;
RtlGetSystem(0, NULL, &pSystem);
LPWSTRpszPathIn = argv[2];
IRtlDefinitionIdentity* idi = NULL;
GetManifestId(pSystem, pszPathIn, &idi);
PLUNICODE_STRINGs = newLUNICODE_STRING();
CRtlDefinitionIdentity* di = (CRtlDefinitionIdentity*)(*(UINT_PTR*)&idi - 4 * sizeof(UINT_PTR));
ICRtlDefinitionIdentity* t;
t = (ICRtlDefinitionIdentity*)&di->vft1;
t->GetBuiltinAttribute (_wtoi(argv[3]), &s);
LPWSTRpszOut = L"";
if (s) {
ConvertLUnicodeStringToNullTerminatedString(s, &pszOut);
}
printf("%ws\n", pszOut);
return 0;
//----- (000000018010D0C0) ----------------------------------------------------
__int64 __fastcall CAttributeValueCollection::GetBuiltinAttribute(
CAttributeValueCollection *this,
unsigned int a2,
const struct_LUNICODE_STRING **a3)
{
v26 =C00000E5;
*a3= 0i64;
v3 =a3;
v4 =a2;
v5 =this;
if (!a2 ||a2 > 0x20) // a2 0 到 32
{
CBaseFrame<CVoidRaiseFrame>::SetInvalidParameter(&v26);
v25 =v6;
v22 ="base\\wcp\\identity\\attribute_value_collection.cpp";
v24 =v7;
v23 ="CAttributeValueCollection::GetBuiltinAttribute";
CBaseFrame<CVoidRaiseFrame>::ReportErrorOrigination(
&v26,
(__int64)&v22);
return v26;
}
v8 =*((_DWORD*)this+ 4);
v9 =(const structWindows::Identity::Rtl::PSEUDO_ARCH *)(unsigned __int8)(a2 - 1);
if (!_bittest(&v8, (unsignedint)v9))
goto LABEL_32;
v10 =v4 - 1;
if (!v10 )
{
v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 3);
goto LABEL_31;
}
v11 =v10 - 1;
if (!v11 )
{
v20 =(char *)this +208;
if (!*((_QWORD*)this+ 26) )
{
result =ConvertByteStringOnDemandWithResize(
(__int64)this +112,
(__int64)this +208);
LABEL_28:
if ((signed int)result <0 )
return result;
}
LABEL_29:
*v3= (conststruct _LUNICODE_STRING *)v20;
goto LABEL_32;
}
v12 =v11 - 1;
if (v12 )
{
v13 =v12 - 1;
if (!v13 )
{
v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 6);
goto LABEL_31;
}
v14 =v13 - 1;
if (v14 )
{
v15 =v14 - 1;
if (!v15 )
{
v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 8);
goto LABEL_31;
}
v16 =v15 - 2;
if (!v16 )
{
v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 9);
goto LABEL_31;
}
if (v16 == 1)
{
v17 =*((_DWORD*)this+ 20);
if ( !v17 )
{
v18 =(const struct _LUNICODE_STRING *)&g_LUNICODE_STRING_neutral;
goto LABEL_31;
}
if ( v17 == 1 )
{
v18 =(const struct _LUNICODE_STRING *)&g_LUNICODE_STRING_NonSxS;
LABEL_31:
*a3= v18;
goto LABEL_32;
}
}
else
{
Windows::ErrorHandling::CBaseFrame::BreakIn();
__debugbreak();
}
Windows::ErrorHandling::CBaseFrame::BreakIn();
__debugbreak();
LABEL_37:
Windows::ErrorHandling::CBaseFrame::BreakIn();
JUMPOUT(*(_QWORD *)&byte_18010D285);
}
v19 =id_GetProcessorArchitecture(
(CAttributeValueCollection*)((char*)this+ 56),
v9);
*v3= v19;
if (!v19 )
goto LABEL_37;
LABEL_32:
CBaseFrame<CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v26);
return v26;
}
v20 =(char *)this +232;
if (*((_QWORD*)this+ 29) )
goto LABEL_29;
if (*((_QWORD*)this+ 30) >=0x2Eui64
||(result =RtlReallocateLUnicodeString(0, 0x2Eui64, (__int64)this +232), (signed int)result>= 0) )
{
result =FormatFourPartVersion<_LUNICODE_STRING>(
(_WORD*)v5+ 20,
0i64,
v20,
(__int64)v5 + 232);
goto LABEL_28;
}
return result;
}
491
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
