CCSIExternalTransformerExecutor 初始化
pGetSystemStore可以返回CCSIExternalTransformerExecutor 对象。
pGetSystemStore(0, IID_ICSIExternalTransformerExecutor, &ppIStore);
ppIStore->QueryInterface(IID_IReferenceIdentity,&ppObj);
CCSIExternalTransformerExecutor *ets = (CCSIExternalTransformerExecutor*)(ppIStore - 2);
CComObjectBase *vf1 =(CComObjectBase *) ets->vft1;
ICSIExternalTransformerExecutor *vf2 = (ICSIExternalTransformerExecutor *)ets->vft2;
CSystemIsolationLayer *sil = (CSystemIsolationLayer *)&ets->sil;
vf2->Initialize(0, { 6 }, L"C:\\CSITEST\\system_volume\\Windows", L"HKCU\\CSITEST",0);
(Flags = {0}, ReferenceVersion = {1},ReferenceImage= {2}, FileStorage={3}, RegStorage={4})
//----- (100CABF0)--------------------------------------------------------
__int32 __stdcallWCP::COM::CCSIExternalTransformerExecutor::Initialize(
WCP::COM::CCSIExternalTransformerExecutor *this,
unsigned __int32 a2, 标志
unsigned __int64 a3, 版本
const unsigned__int16 *a4, pszTargetWindowsDirectoryPath
const unsigned__int16 *a5, pszRegistryRoot 不能确定
const unsigned__int16 *a6) 不确定
{
v6 =(int)a5;
v51 =this;
v52 =&a2;
v53 =(int *)a5;
v54 =a4;
v55 =a6;
v56 =a4;
v57 =a5;
v65 =-2147023537;
v77 =a3;
v66 =(__int64 *)&v77;
if ( !*((_DWORD *)this +2) ) // m_TargetSystem.IsValid()
{
// 出错
}
v9 =(HKEY *)((char *)this +16);
if (*((_DWORD*)this+ 4) ) // m_Impl.IsValid()
{
出错
}
if (!AutoPimplPtr<WCP::COM::CCSIExternalTransformerExecutor::Impl>::Allocate((WCP::COM::CCSIExternalTransformerExecutor::Impl**)this+ 4) ) // m_Impl.Allocate()
{
}
v10 =*v9;
*((_DWORD *)this +3) = a2;
*((_QWORD *)v10 + 14) = v77;
v11 =RtlGetSystem(0,0, (int*)*v9 +24);
Auto<_OFFLINE_STORE_CREATION_PARAMETERS>::Initialize((int)&v78);
v56 =0;
v57 =(_WORD *)v6;
v66 =0;
v12 =0;
v13 =AutoNullTerminatedString<COM::CLPWSTRTraits,Auto<unsigned short *>>::Assign<unsignedshort const *>(
(unsigned__int16 ***)&v66,
(signedint *)&v55);
v14 =a2;
if (!(a2& 8) )
{
v12 =1;
v56 =(const unsigned __int16 *)1;
v57 =(_WORD *)(a2 &8 &(unsigned __int8)v57);
}
v6 =4;
if (!(a2& 0x20) )
{
if (a2 & 8)
{
v58 =(const char *)v53;
v59 =(const char *)L"Rollback";
v67 =0;
v68 =0;
v69 =(char *)-1;
if (a2 & 4)
v15 =COM::Concat(v53, (int*)L"\\", (int*)L"Rollback", (void**)&v68);
else
v15 =HiveInfo::Create((HiveInfo *)&v67, (conststruct HiveDetails *)&v58);
// GetLoadedHiveKeyName( hive.FilePath,pszHiveMountLocation,(sizeof(pszHiveMountLocation)/sizeof((pszHiveMountLocation)[0])))
v17 = GetLoadedHiveKeyName((wchar_t*)&v97, v68, (constunsigned __int16 *)0x104, v49, v50);
v15 =WCP::COM::CRegistryKey::LoadKey(
(WCP::COM::CRegistryKey*)(*v9 +30),
*v9,
(constunsigned __int16 *)&v97,
(constunsigned __int16 *)v68,
(unsignedint)*v9);
v15 =COM::Concat((int *)L"HKEY_LOCAL_MACHINE", &g_RGWCH__bslash_, (int *)&v97,(void **)&v66);
v16 =(HiveInfo *)&v67;
HiveInfo::~HiveInfo((HiveInfo*)&v67);
v14 =a2;
}
else
{
v56 =(const unsigned __int16 *)(v12 | 4);
AutoPointerBase<unsigned short *,Auto<unsignedshort *>>::Close(&v66);
v14 =a2;
}
}
if (*((_QWORD*)*v9 +14) )
{
v74 =0;
v75 =0;
v76 =0;
if (*((_BYTE*)v51+ 12) & 0x40 )
{
v71 =80;
v72 =82;
v73 =L"\\Registry\\Machine\\$OFFLINE_RW$COMPONENTS";
v58 =(const char *)80;
v59 =(const char *)82;
v60 =L"\\Registry\\Machine\\$OFFLINE_RW$COMPONENTS";
v6 =(int)&v61;
goto LABEL_53;
}
v18 =RtlInitLUnicodeStringFromNullTerminatedString(v54,(int)&v71);
v19 =v71;
if (v71 >= 2)
{
do
{
if ( v73[(v19 >> 1) - 1] != 92 )
break;
v19 -=2;
}
while ( v19 >=2 );
v71 =v19;
}
v67 =0;
v68 =0;
v69 =0;
v58 =(const char *)54;
v59 =(const char *)56;
v60 =L"\\System32\\config\\COMPONENTS";
v20 =StringUtil::ConcatenateStrings<_LUNICODE_STRING,_LUNICODE_STRING>(
(int)&v71,
(int)&v58,
(int)&v67);
if (v20 < 0
||(v20 =StringUtil::EnsureNullTerminated<Auto<_LUNICODE_STRING>>((unsignedint *)&v67),
v20 <0) )
{
v65 =ConvertNtStatusToHResult(v20);
}
else
{
v97 =0;
memset(&Dst, 0,0x206u);
GetLoadedHiveKeyName( ComponentsHiveWin32Path.Buffer,HiveMountKey, (sizeof(HiveMountKey)/sizeof((HiveMountKey)[0])))
v21 = GetLoadedHiveKeyName((wchar_t*)&v97, v69, (constunsigned __int16 *)0x104, v49, v50);
v71 =0;
v72 =0;
v73 =0;
v58 =v67;
v59 =v68;
v60 =(const wchar_t *)v69;
v6 =(int)&v61;
v22 =RtlConvertWin32FilePathToNtFilePath((int)&v58,(const char **)&v71);
if (v22 >= 0)
{
v22 =RtlInitLUnicodeStringFromNullTerminatedString(&v97, (int)&v58);
if ( v22 >= 0 )
{
v22 =StringUtil::ConcatenateStrings<_LUNICODE_STRING,_LUNICODE_STRING>(
(int)g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_,
(int)&v58,
(int)&v74);
if ( v22 >=0 )
{
v23 = (AutoHive *)(*v9 +43);
v58 = v74;
v59 = v75;
v60 = v76;
v6 = (int)&v61;
v22 = AutoHive::Load(
v23,
0,
(const struct _LUNICODE_STRING *)&v58,
(const struct _LUNICODE_STRING *)&v71,
0);
if ( v22 >=0 )
{
AutoPODBase<_LUNICODE_STRING,Auto<_LUNICODE_STRING>>::Close((int)&v71);
AutoPODBase<_LUNICODE_STRING,Auto<_LUNICODE_STRING>>::Close((int)&v67);
LABEL_53:
v55 =0;
v24 = RtlGetSystem(0, 0, (int *)&v55);
if ( v24 >=0 )
{
v81 = &v91;
*(_DWORD *)&v91 =g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_COMPONENTS_bslash_[0];
v88 = 16;
v89 = 16;
v92 =g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_COMPONENTS_bslash_[1];
v90 = (int*)&v81;
v82 = 1;
v93 =g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_COMPONENTS_bslash_[2];
v6 = (int)&v97;
v58 = (constchar *)v55;
v59 = 0;
v60 = 0;
v62 = 1;
v61 = &v87;
v63 = 0;
v64 = 0;
v83 = 0;
v84 = 0;
v87 = 1;
v94 = v58;
v95 = v59;
v96 = v60;
v25 = (int*)(*v9 +49);
v24 =RtlGetSystem(0,&v58, v25);
if ( v24 >=0 )
{
::Close(&v55);
::Close((int)&v74);
v14 = a2;
v6 = 4;
goto LABEL_57;
}
}
v65 = ConvertNtStatusToHResult(v24);
::Close(&v55);
LABEL_33:
::Close((int)&v74);
goto LABEL_68;
}
}
}
}
v65 =ConvertNtStatusToHResult(v22);
::Close((int)&v71);
}
::Close((int)&v67);
goto LABEL_33;
}
LABEL_57:
v26 =(int)v56;
if (v14 & 4)
v26 =(unsigned int)v56 | 0x10;
v13 =(unsigned __int16 **)CreateNewPseudoWindows(v26,v57, v66, (int)&v78);
if (a2 & 2)
v6 =v79;
v27 =(int)v51;
v51 =0;
v80 =*(_DWORD*)(v27+ 4);
v6 |=0x10u;
v28 =*v9;
v79 =v6;
v48 =v28 + 1;
v13 =(unsigned __int16 **)(a2 & 4 ?
OpenExistingOfflineStore(
0,
(int)&v78,
(int)&_GUID_a817521b_2b43_489f_8b84_67aceeab24a8,
v48,
&v51) :
CreateNewOfflineStore(
0,
(int)&v78,
(int)&_GUID_a817521b_2b43_489f_8b84_67aceeab24a8,
v48,
&v51));
v29 =*v9;
v70 =0;
v30 =(_DWORD **)*((_DWORD *)v29 + 1);
v31 =*v30;
v32 =((int (__stdcall*)(_DWORD**, GUID *,int *))*v31)(v30, &_GUID_fe25822e_baa8_419a_b9e0_f194a3722a2b,&v70);
if (v32 < 0)
{
v33 =v70;
v65 =v32;
if (v70 )
{
v70 =0;
v34 =v33;
v35 =*(void(__stdcall **)(int))(*(_DWORD *)v33 + 8);
v35(v34);
}
goto LABEL_68;
}
v38 =*v9;
v39 =v70;
v40 =*(int(__stdcall **)(int))(*(_DWORD *)v70 + 12);
*((_DWORD *)v38 + 2) = v40(v39);
*(_DWORD *)*v9 = 1;
v41 =v70;
v65 =0;
v86 =1;
if (v70 )
{
v70 =0;
v42 =v41;
v43 =*(void(__stdcall **)(int))(*(_DWORD *)v41 + 8);
v43(v42);
}
::Close(&v66);
Auto<_OFFLINE_STORE_CREATION_PARAMETERS>::~Auto<_OFFLINE_STORE_CREATION_PARAMETERS>(&v78);
CEnterExitTracer<CSimpleHResultCarryingFrame,5>::~CEnterExitTracer<CSimpleHResultCarryingFrame,5>(
(int)&v85,
(int)v38);
return 0;
}
// 100037B8: using guessed type wchar_tasc_100037B8[2];
// 10009854: using guessed type intg_RGWCH__bslash_;
// 100098B8: using guessed type intg_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_[2];
// 100098C4: using guessed type wchar_tg_RGWCH_Rollback[9];
// 100098E4: using guessed type wchar_t g_RGWCH_HKEY_under_LOCAL_under_MACHINE[19];
// 10009D08: using guessed type intg_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_COMPONENTS_bslash_[2];
// 1000B6A0: using guessed type wchar_taRegistryMach_2[41];
// 1000B6F4: using guessed type wchar_t aSystem32Config[28];
// 100C1462: using guessed type int __thiscallAutoPointerBase<unsigned short *,Auto<unsigned short*>>::Close(_DWORD);
// 100C576B: using guessed type __int32 __thiscallAutoHive::Load(AutoHive *__hidden this, unsigned __int32, const struct_LUNICODE_STRING *, const struct _LUNICODE_STRING *, unsigned __int32 *);
// 100CA336: using guessed type __int32 __thiscallHiveInfo::Create(HiveInfo *__hidden this, const struct HiveDetails *);
// 101EF631: using guessed type __int32 __thiscallWCP::COM::CRegistryKey::LoadKey(WCP::COM::CRegistryKey *__hidden this, HKEY,const unsigned __int16 *, const unsigned __int16 *, bool);
//----- (000000018004AE80)----------------------------------------------------
__int64 __fastcallWindows::WCP::COM::CCSIExternalTransformerExecutor::Initialize(Windows::WCP::COM::CCSIExternalTransformerExecutor*this, int a2, __int64 a3, const unsigned __int16*a4, const unsigned __int16 *a5, constunsigned __int16 *a6)
{
v107 =(unsigned __int64)&v57^ _security_cookie;
v6 =this;
*(_DWORD *)&v71= a2;
v82 =a3;
v7 =a4;
v69 =a4;
v62 =a5;
v63 =a6;
v61 =&v82;
v75 =&v71;
v70 =-2147023537;
Windows::WCP::Rtl::MakeArmedEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,Windows::WCP::Rtl::FormattingAsHexadecimalOnlyImpl<unsigned long *> const *,_FOUR_PART_VERSION*,unsigned short const*,unsigned short const*,unsigned short const*>(
(__int64)&v96,
(structWindows::WCP::Rtl::_RTL_TRACING_FACILITY *)&v70,
(__int64)this -16,
(__int64)a4,
(int)v58,
v59,
v60,
(__int64*)&v75,
(__int64*)&v61,
(__int64*)&v69,
(__int64*)&v62,
(__int64*)&v63);
if (!*((_QWORD*)v6+ 2) )
{
v8 =315;
v9 ="m_TargetSystem.IsValid()";
LABEL_3:
v70 =ConvertNtStatusToHResult(-1073740758);
LABEL_46:
Windows::WCP::Rtl::CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,5>::~CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,5>((__int64)&v96);
LODWORD(v65) = v8;
*(_QWORD *)&v64= "base\\wcp\\componentstore\\com\\externaltransformerexecutor.cpp";
v66 =v9;
*((_QWORD*)&v64 + 1) ="Windows::WCP::COM::CCSIExternalTransformerExecutor::Initialize";
Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::ReportErrorOrigination(
&v70,
(Windows::ErrorHandling::COM*)&v64);
return (unsigned int)v70;
}
v10 =(signed __int64)v6 + 32;
if (*((_QWORD*)v6+ 4) )
{
v8 =316;
v9 ="!m_Impl.IsValid()";
goto LABEL_3;
}
if (!Windows::AutoPimplPtr<Windows::WCP::COM::CCSIExternalTransformerExecutor::Impl>::Allocate((__int64)v6 + 32) )
{
v8 =318;
v70 =-2147024882;
v9 ="m_Impl.Allocate()";
goto LABEL_46;
}
v11 =*(_QWORD*)v10;
*((_DWORD *)v6 + 6) = *(_DWORD *)&v71;
*(_QWORD *)(v11 + 208) = v82;
v12 =RtlGetSystem(0,0i64, (__int64 *)(*(_QWORD *)v10 + 176i64));
if (v12 < 0)
{
v70 =ConvertNtStatusToHResult(v12);
LABEL_73:
Windows::WCP::Rtl::CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,5>::~CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,5>((__int64)&v96);
Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CVoidRaiseFrame>::ReportErrorPropagation(&v70);
return (unsigned int)v70;
}
v90 =-1;
v83 =112i64;
_mm_store_si128((__m128i*)&v85, 0i64);
_mm_store_si128((__m128i*)&v86, 0i64);
_mm_store_si128((__m128i*)&v87, 0i64);
v13 =0i64;
_mm_store_si128((__m128i*)&v88, 0i64);
_mm_store_si128((__m128i*)&v89, 0i64);
v84 =0;
v91 =0i64;
v62 =0i64;
v14 =Windows::AutoNullTerminatedString<Windows::COM::CLPWSTRTraits,Windows::Auto<unsigned short *>>::Assign<unsignedshort const *>(
(Windows::COM**)&v62,
&v63);
if ((v14 &0x80000000) != 0 )
goto LABEL_11;
v16 =v71;
if (!(v71& 8) )
v13 =(_DWORD *)1;
if (!(v71& 0x20) )
{
if (v71 & 8)
{
v74 =-1;
*(_QWORD *)&v64= a5;
*((_QWORD *)&v64+ 1) = L"Rollback";
_mm_storeu_si128((__m128i *)&v72,0i64);
if (v16 & 4)
v17 =Windows::COM::Concat((void *)a5, L"\\", L"Rollback",(void **)&v73);
else
v17 =HiveInfo::Create((HiveInfo *)&v72, (conststruct HiveDetails *)&v64);
if (v17 < 0)
goto LABEL_19;
v20 =GetLoadedHiveKeyName(v73, (unsigned __int16 *)&v106, 0x104ui64);
if (v20 < 0)
{
v70 =v20;
v8 =364;
v9 ="GetLoadedHiveKeyName( hive.FilePath,pszHiveMountLocation, (sizeof(pszHiveMountLocation)/sizeof((pszHiveMou"
"ntLocation)[0])))";
HiveInfo::~HiveInfo((HiveInfo*)&v72, v21);
LABEL_45:
Windows::AutoPointerBase<unsigned short const *,Windows::Auto<unsignedshort const *>>::Close(
(Windows::COM**)&v62,
v22);
Windows::AutoPODBase<_OFFLINE_STORE_CREATION_PARAMETERS,Windows::Auto<_OFFLINE_STORE_CREATION_PARAMETERS>>::Close(
(__int64)&v83,
v30);
goto LABEL_46;
}
v17 =Windows::WCP::COM::CRegistryKey::LoadKey(
(PHKEY)(*(_QWORD *)v10 +216i64),
v21,
(constunsigned __int16 *)&v106,
v73,
(bool)v58);
if (v17 < 0)
{
LABEL_19:
v19 =(HiveInfo *)&v72;
LABEL_20:
v70 =v17;
HiveInfo::~HiveInfo(v19,v18);
goto LABEL_72;
}
v17 =Windows::COM::Concat(L"HKEY_LOCAL_MACHINE", &g_RGWCH__bslash_,&v106, (void**)&v62);
v19 =(HiveInfo *)&v72;
if (v17 < 0)
goto LABEL_20;
HiveInfo::~HiveInfo((HiveInfo*)&v72, v18);
}
else
{
v13 =(_DWORD *)((unsigned int)v13 | 4);
Windows::AutoPointerBase<unsigned short const *,Windows::Auto<unsignedshort const *>>::Close(
(Windows::COM**)&v62,
(constvoid *)4);
}
v16 =v71;
}
if (*(_QWORD*)(*(_QWORD *)v10 + 208i64) )
{
v23 =(*((_BYTE *)v6 + 24) & 0x40) == 0;
v72 =0i64;
v73 =0i64;
*(_QWORD *)&v74= 0i64;
if (!v23 )
{
v79 =80i64;
v81 =L"\\Registry\\Machine\\$OFFLINE_RW$COMPONENTS";
v24 =L"\\Registry\\Machine\\$OFFLINE_RW$COMPONENTS";
v80 =82i64;
v25 =*(_OWORD*)&v79;
goto LABEL_56;
}
v26 =RtlInitLUnicodeStringFromNullTerminatedString((__int64)v7, (__int64)&v79);
if (v26 < 0)
{
v70 =ConvertNtStatusToHResult(v26);
goto LABEL_34;
}
v27 =v79;
if (v79 >= 2)
{
do
{
if ( v81[(v27 >> 1) - 1] != 92 )
break;
v27 -=2i64;
}
while ( v27 >=2 );
v79 =v27;
}
v75 =0i64;
v65 =L"\\System32\\config\\COMPONENTS";
v76 =0i64;
v77 =0i64;
*(_QWORD *)&v64= 54i64;
*((_QWORD *)&v64+ 1) =56i64;
v28 =Windows::StringUtil::Rtl::ConcatenateStrings<_LUNICODE_STRING,_LUNICODE_STRING>(
(__int64)&v79,
(__int64)&v64,
(__int64)&v75);
if (v28 < 0
||(v28 =Windows::StringUtil::Rtl::EnsureNullTerminated<Windows::Auto<_LUNICODE_STRING>>((unsigned__int64 *)&v75),
v28 <0) )
{
v70 =ConvertNtStatusToHResult(v28);
}
else
{
*(_WORD *)&v106= 0;
memset_0(&v106 +2, 0, 0x206ui64);
v29 =GetLoadedHiveKeyName(v77, (unsigned __int16 *)&v106, 0x104ui64);
if (v29 < 0)
{
v70 =v29;
v8 =404;
v9 ="GetLoadedHiveKeyName(ComponentsHiveWin32Path.Buffer, HiveMountKey,(sizeof(HiveMountKey)/sizeof((HiveMountKey)[0])))";
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v75);
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v72);
goto LABEL_45;
}
v79 =0i64;
v64 =*(_OWORD*)&v75;
v80 =0i64;
v81 =0i64;
v65 =v77;
v31 =RtlConvertWin32FilePathToNtFilePath((__int64)&v64,&v79);
v32 =0;
if (v31 < 0)
v32 =v31;
if (v32 >= 0)
{
v33 =RtlInitLUnicodeStringFromNullTerminatedString((__int64)&v106,(__int64)&v64);
if ( v33 >= 0 )
{
v33 =Windows::StringUtil::Rtl::ConcatenateStrings<_LUNICODE_STRING,_LUNICODE_STRING>(
(__int64)&g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_,
(__int64)&v64,
(__int64)&v72);
if ( v33 >=0 )
{
v34 = (Windows::Rtl::AutoHive*)(*(_QWORD *)v10 + 312i64);
v65 = *(const wchar_t **)&v74;
v64 = *(_OWORD *)&v72;
v33 = Windows::Rtl::AutoHive::Load(
v34,
(const struct _LUNICODE_STRING *)&v64,
(const struct _LUNICODE_STRING *)&v79);
if ( v33 >=0 )
{
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v79);
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v75);
v24 = v65;
v25 = v64;
LABEL_56:
v63 = 0i64;
v35 = RtlGetSystem(0, 0i64, (__int64*)&v63);
if ( v35 >=0 )
{
v36 = *(_QWORD *)v10;
v92 = &v102;
v37 = 1;
*(_OWORD *)&v102 =g_LUNICODE_STRING__bslash_Registry_bslash_Machine_bslash_COMPONENTS_bslash_;
v76 = 1i64;
v103 = L"\\Registry\\Machine\\COMPONENTS\\";
v105 = v24;
v99 = 32i64;
v100 = 32i64;
v101 = &v92;
*(_QWORD *)&v64 =v63;
v75 = (char*)&v98;
v93 = 1i64;
v104 = v25;
v94 = 0i64;
_mm_storeu_si128((__m128i *)&v66,*(__m128i*)&v75);
v95 = 0i64;
LODWORD(v98) = 1;
*((_QWORD *)&v64 +1) = 0i64;
v67 = 0i64;
v65 = 0i64;
v68 = 0i64;
v35 = RtlGetSystem(0, (structWindows::WCP::Rtl::_RTL_TRACING_FACILITY *)&v64,(__int64 *)(v36 + 344));
if ( v35 >=0 )
{
Windows::AutoPointerBase<Windows::Cdf::Rtl::IRtlCdfUlongTableEnumerator*,Windows::Auto<Windows::Cdf::Rtl::IRtlCdfUlongTableEnumerator*>>::Close((int (__fastcall****)(_QWORD))&v63);
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v72);
v16 = v71;
goto LABEL_61;
}
}
v70 = ConvertNtStatusToHResult(v35);
Windows::AutoPointerBase<Windows::Cdf::Rtl::IRtlCdfUlongTableEnumerator*,Windows::Auto<Windows::Cdf::Rtl::IRtlCdfUlongTableEnumerator*>>::Close((int (__fastcall****)(_QWORD))&v63);
LABEL_34:
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v72);
goto LABEL_72;
}
}
}
v32 =v33;
}
v70 =ConvertNtStatusToHResult(v32);
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v79);
}
Windows::AutoPODBase<_LUNICODE_STRING,Windows::Auto<_LUNICODE_STRING>>::Close((__int64)&v75);
goto LABEL_34;
}
v37 =1;
LABEL_61:
if (v16 & 4)
v13 =(_DWORD *)((unsigned int)v13 | 0x10);
v14 =CreateNewPseudoWindows();
if ((v14 &0x80000000) != 0 )
goto LABEL_11;
v38 =v84;
v39 =*(_QWORD*)v10;
if (!(v71& 2) )
v38 =4;
v90 =*((_DWORD*)v6+ 2);
LODWORD(v63) = 0;
v84 =v38 | 0x10;
v58 =(__int64 *)&v63;
v40 =(_QWORD *)(v39 + 8);
v14 =v71 & 4? (unsignedint)OpenExistingOfflineStore(
(__int64)&v83,
0,
v13,
(__int64)&GUID_a817521b_2b43_489f_8b84_67aceeab24a8,
v40) : (unsignedint)CreateNewOfflineStore(
(__int64)&v83,
0,
v13,
(__int64)&GUID_a817521b_2b43_489f_8b84_67aceeab24a8,
v40);
if ((v14 &0x80000000) != 0 )
{
LABEL_11:
v70 =v14;
LABEL_72:
Windows::AutoPointerBase<unsigned short const *,Windows::Auto<unsignedshort const *>>::Close(
(Windows::COM**)&v62,
v15);
Windows::AutoPODBase<_OFFLINE_STORE_CREATION_PARAMETERS,Windows::Auto<_OFFLINE_STORE_CREATION_PARAMETERS>>::Close(
(__int64)&v83,
v47);
goto LABEL_73;
}
v41 =*(_QWORD*)v10;
v78 =0i64;
v42 =*(_QWORD***)(v41+ 8);
v43 =(int (__fastcall*)(_QWORD**, GUID *,__int64 *))**v42;
_guard_check_icall_fptr(**v42);
v44 =v43(v42, &GUID_fe25822e_baa8_419a_b9e0_f194a3722a2b,&v78);
if (v44 < 0)
{
v45 =v78;
v70 =v44;
if (v78 )
{
v78 =0i64;
v46 =*(void(__fastcall **)(__int64))(*(_QWORD *)v45 +16i64);
_guard_check_icall_fptr(*(_QWORD *)(*(_QWORD *)v45 +16i64));
v46(v45);
}
goto LABEL_72;
}
v49 =v78;
v50 =*(_QWORD*)v10;
v51 =*(int(__fastcall **)(__int64))(*(_QWORD *)v78 +24i64);
_guard_check_icall_fptr(*(_QWORD *)(*(_QWORD *)v78 +24i64));
LODWORD(v52) = v51(v49);
*(_QWORD *)(v50 + 16) = v52;
**(_DWORD **)v10 =v37;
v54 =v78;
v97 =v37;
v70 =0;
if (v78 )
{
v78 =0i64;
v55 =*(void(__fastcall **)(__int64))(*(_QWORD *)v54 +16i64);
_guard_check_icall_fptr(*(_QWORD *)(*(_QWORD *)v54 +16i64));
v55(v54);
}
Windows::AutoPointerBase<unsigned short const *,Windows::Auto<unsignedshort const *>>::Close(
(Windows::COM**)&v62,
v53);
Windows::AutoPODBase<_OFFLINE_STORE_CREATION_PARAMETERS,Windows::Auto<_OFFLINE_STORE_CREATION_PARAMETERS>>::Close(
(__int64)&v83,
v56);
Windows::WCP::Rtl::CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,5>::~CEnterExitTracer<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame,5>((__int64)&v96);
return 0i64;
}
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
