解读 SetupOfflineStoreEnvironment

于 2016-12-13 21:53:07 发布
阅读量611 收藏
点赞数
分类专栏: WCP 操作系统相关 编程语言 系统维护
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/hadstj/article/details/53614315
版权
系统维护 同时被 3 个专栏收录
248 篇文章 0 订阅
订阅专栏
操作系统相关
179 篇文章 0 订阅
订阅专栏
WCP
86 篇文章 0 订阅
订阅专栏

解读 SetupOfflineStoreEnvironment

 

 

//----- (10120FFA)--------------------------------------------------------
int *__fastcallSetupOfflineStoreEnvironment(

// 是由 OFFLINE_STORE_CREATION_PARAMETERS 转换后的CNtStoreCreationParameters

int a1,

int *a2) // IRtlSystemIsolationLayer

{

  v31 = a1;
// OA
  v32 =20;
  v33 =0;
  v34 =64;
  v35 =0;
  v36 =0;
  v51 =0;
  v53 =a2;  //IRtlSystemIsolationLayer
  v2 =*a2;
  v3 =0;
  v4 =a1 + 28// LUNICODE_STRING,根目录,pszTargetWindowsDirectoryPath

// OpenFileSystemDirectory
  v5 =(*(int (__thiscall**)(int*, _DWORD, signed int, int,signed int, signed int, int *, _DWORD))(v2+ 8))(
         v53,
         0,
         1179785,
         v4,
         7,
         33,
         (int*)&v51, // IRtlFile
         0);
  if (v5 >= 0)
  {
    v52 =0;
    v7 =CreateOrOpenExistingDirectory(v51,(int)g_LUNICODE_STRING_WinSxS, (int)&v52);
    if (v7 >= 0)
    {
      v33 =g_LUNICODE_STRING_migration_dot_xml;
      v50 =0;
      v8 =v52;
      v9 =*v52;

// CreateNewFile
      v10 =(*(int (__thiscall**)(_DWORD*, signed int, signedint, int *, signedint, signed int, signed int, signed int,int *, int *))(v9 + 28))(
              v8,
              2,
              1179926,
              &v32,  // OA
              128,
              7,
              2,
              16480,
              &v50,    // IRtlFile
              &v42);
      if (v10 < 0
        ||v42 == 1
        &&(v11 =v50,

// SetContents
            v12 = *(int (__thiscall**)(int,_DWORD, const char *))(*(_DWORD *)v50 + 28),
            v10 = v12(v11, 0, ")"),
            v10 < 0) )
      {
        v6 =(int *)ConvertNtStatusToHResult(v10);
        v53 =v6;
      }
      else
      {
        v48 =0;
        v13 =CreateOrOpenExistingDirectory(v52,(int)g_LUNICODE_STRING_Manifests, (int)&v48);
        if ( v13 >= 0 )
        {
          v47 =0;
          v14 =CreateOrOpenExistingDirectory(v52,(int)g_LUNICODE_STRING_Catalogs, (int)&v47);
          if ( v14 >=0 )
          {

// 以下处理注册表
            v46 =0;
            v15 = v53; // a2, IRtlSIL
            v16 = *v53;

// OpenRegistryKey
            v17 =(*(int (__thiscall**)(int*, signed int, signedint, int *, int *, int *))(v16 + 20))(
                    v15,
                    2,
                    983103,
                   g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_SOFTWARE_bslash_Microsoft_bslash_Windows_bslash_CurrentVersion_bslash_,
                    &v46,
                    &v42);
            if (v17 >= 0)
            {
              v18 = *v15;
              v49 = 0;
              v19 = (*(int(__thiscall **)(int *,signed int, signed int, int *, int *,int *))(v18+ 20))(
                      v15,
                      2,
                      983103,
                     g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_COMPONENTS_bslash_,
                      &v49,
                      &v42);
              if ( v19 <0
                || (v19 = Windows::COM::VerifyOrWriteStoreVersion(
                            v49,
                            v15,
                            (Windows::COM *)*(_WORD *)(v31 + 184),
                            v28,
                            v29,
                            v30),
                    v19 < 0) )
              {
                v6 = (int*)ConvertNtStatusToHResult(v19);
                v53 = v6;
              }

// 如果这八个键不存在,就创建
              else
              {
                v37 = 0;
                v38 = 0;
                v39 = 0;
                v40 = 0;
                v41 = 0;
                v43 = 0;
                v44 = 0;
                v45 = 0;
                v53 = (int*)&v54;
                v54 = &v49;  // IRtlKey \Components
                v55 = &v45;
                v56 =g_LUNICODE_STRING_CanonicalData;
                v57 = &v45;
                v58 = &v40;
                v59 =g_LUNICODE_STRING_Deployments;
                v60 = &v45;
                v61 = &v38;
                v62 = g_LUNICODE_STRING_Catalogs;
                v63 = &v49;
                v64 = &v43;
                v65 =g_LUNICODE_STRING_DerivedData;
                v66 = &v43;
                v67 = &v41;
                v68 = g_LUNICODE_STRING_Components;
                v69 = &v46;
                v70 = &v44;
                v71 = g_LUNICODE_STRING_SideBySide;
                v72 = &v44;
                v73 = &v39;
                v74 = g_LUNICODE_STRING_Winners;
                v75 = &v44;
                v76 = &v37;
                v77 = g_LUNICODE_STRING_Configuration;
                v20 = (int*)&v54;
                while ( 1 )
                {
                  v33 = (int*)v20[2];
                  v21 = (int**)*v20;
                  v34 = 64;
                  v22 = *v21;
                  v23 = v20[1];
                  v24 = **v21;

// CreateNewKey
                  v25 = (*(int(__thiscall **)(int *,signed int, signed int, int *, signed int, int, int*))(v24+ 24))(
                          v22,
                          1,
                          131103,
                          &v32,
                          4,
                          v23,
                          &v42);

                  ++v3;
                  v20 =v53 + 3;
                  v53 += 3;

// 重复八次
                  if ( v3 == 8 )
                  {
                    Windows::AutoPointerBase<IRtlCdfStringTableEnumerator *,Windows::Auto<IRtlCdfStringTableEnumerator*>>::Close(&v39);
::Close(&v44);
::Close(&v37);
::Close(&v41);
::Close(&v43);
::Close(&v38);
::Close(&v40);
::Close(&v45);
::Close(&v49);
::Close(&v46);
::Close(&v47);
::Close(&v48);
::Close(&v50);
::Close(&v52);
::Close(&v51);
                    return 0;
                  }
                }
                v6 = (int*)ConvertNtStatusToHResult(v25);
                v53 = v6;
                ::Close(&v39);
                ::Close(&v44);
                ::Close(&v37);
                ::Close(&v41);
                ::Close(&v43);
                ::Close(&v38);
                ::Close(&v40);
                ::Close(&v45);
              }
              ::Close(&v49);
            }
            else
            {
              v6 = (int*)ConvertNtStatusToHResult(v17);
              v53 = v6;
            }
            ::Close(&v46);
          }
          else
          {
            v6 = (int *)ConvertNtStatusToHResult(v14);
            v53 = v6;
          }
          ::Close(&v47);
        }
        else
        {
          v6 =(int *)ConvertNtStatusToHResult(v13);
          v53 =v6;
        }
        ::Close(&v48);
      }
      ::Close(&v50);
    }
    else
    {
      v6 =(int *)ConvertNtStatusToHResult(v7);
      v53 =v6;
    }
    ::Close(&v52);
  }
  else
  {
    v6 =(int *)ConvertNtStatusToHResult(v5);
    v53 =v6;
  }
  ::Close(&v51);
  CBaseFrame<CVoidRaiseFrame>::ReportErrorPropagation(
    &v53,
    v27);
  return v6;
}

心想才事成
关注
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值