解读 TiWorkerCoreInitialize

解读 TiWorkerCoreInitialize

 

调用 CbsCoreInitialize，传递进去的函数地址就是在这里确定的。

 

 

//----- (0041BDC2)--------------------------------------------------------
int __thiscall TiWorkerCoreInitialize(void*this)
{

  v1 =0;
  v32 =this;
  v33 =0;
  v35 =0;
  lpLibFileName = 0;
  ppMalloc =0;
  if (vhCoreModule )
  {
    v2 =-2147023649;
    CBSWdsLog(0x4000000, -2147023649, 1, "Trusted Installer core already initialized.");
    goto LABEL_102;
  }
  if (vpfnCbsCoreInitialize )
    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",573, (int)"!vpfnCbsCoreInitialize");
  if (vpfnCbsCoreStartupProcessing )
    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",574, (int)"!vpfnCbsCoreStartupProcessing");
  if (vpfnCbsCoreEnsureNoStartupProcessing )
    CbsUtil_Assert(
      (int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",
      575,
      (int)"!vpfnCbsCoreEnsureNoStartupProcessing");
  if (vpfnCbsCoreShutdownProcessing )
    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",576, (int)"!vpfnCbsCoreShutdownProcessing");
  if (vpfnCbsCoreFinalize )
    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",577, (int)"!vpfnCbsCoreFinalize");
  v2 =PathGetModulePath(&v33);
  if (v2 < 0)
  {
    CBSWdsLog(0x4000000, v2, 1, "Failed to find servicing stack directory.");
    goto LABEL_102;
  }
  v3 =SczAllocConcat2Sz((int *)&lpLibFileName, (size_t)v33, (size_t)L"\\cbscore.dll");
  v2 =v3;
  if (v3 < 0)
  {
    CBSWdsLog(0x4000000, v3, 1, "Failed to allocate full path to Core DLL.");
    v1 =(char *)lpLibFileName;
    goto LABEL_102;
  }
  v1 =(char *)lpLibFileName;
  v4 =LoadLibraryW(lpLibFileName);
  vhCoreModule = v4;
  if (!v4 )
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to load Core DLL from path: %S";
LABEL_24:
    v29 =v5;
LABEL_25:
    CBSWdsLog(0x4000000, v29, 1,v30, v31);
    goto LABEL_102;
  }
  vpfnCbsCoreInitialize = GetProcAddress(v4,"CbsCoreInitialize");
  if (!vpfnCbsCoreInitialize )
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to locate 'CbsCoreInitialize' method inCore DLL: %S";
    goto LABEL_24;
  }
  vpfnCbsCoreLoadComponentStore = GetProcAddress(vhCoreModule,"CbsCoreLoadComponentStore");
  if (!vpfnCbsCoreLoadComponentStore )
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to locate 'CbsCoreLoadComponentStore'method in Core DLL: %S";
    goto LABEL_24;
  }
  vpfnCbsCoreStartupProcessing = GetProcAddress(vhCoreModule,"CbsCoreStartupProcessing");
  if (!vpfnCbsCoreStartupProcessing )
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to locate 'CbsCoreStartupProcessing'method in Core DLL: %S";
    goto LABEL_24;
  }
  vpfnCbsCoreEnsureNoStartupProcessing = GetProcAddress(vhCoreModule,"CbsCoreEnsureNoStartupProcessing");
  if (!vpfnCbsCoreEnsureNoStartupProcessing)
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to locate'CbsCoreEnsureNoStartupProcessing' method in Core DLL: %S";
    goto LABEL_24;
  }
  vpfnCbsCoreShutdownProcessing = GetProcAddress(vhCoreModule,"CbsCoreShutdownProcessing");
  if (!vpfnCbsCoreShutdownProcessing )
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to locate 'CbsCoreShutdownProcessing'method in Core DLL: %S";
    goto LABEL_24;
  }
  vpfnCbsCoreFinalize = GetProcAddress(vhCoreModule,"CbsCoreFinalize");
  if (!vpfnCbsCoreFinalize )
  {
    v5 =GetLastError();
    if (v5 > 0)
      v5 =(unsigned __int16)v5 | 0x80070000;
    v2 =v5;
    if (v5 >= 0)
    {
      v2 =0x80004005;
      v5 =0x80004005;
    }
    v31 =v1;
    v30 ="Failed to locate 'CbsCoreFinalize' method inCore DLL: %S";
    goto LABEL_24;
  }
  vpfnCbsCoreServiceIdleProcessing = GetProcAddress(vhCoreModule,"CbsCoreServiceIdleProcessing");
  if (!vpfnCbsCoreServiceIdleProcessing )
    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCoreServiceIdleProcessing' method in Core DLL: %S", v1);
  vpfnCbsCoreSetState = GetProcAddress(vhCoreModule,"CbsCoreSetState");
  if (!vpfnCbsCoreSetState )
  {
    v31 =v1;
    v2 =0x800F0800;
    v30 ="Warning: Failed to locate 'CbsCoreSetState'method in Core DLL: %S";
LABEL_66:
    v29 =v2;
    goto LABEL_25;
  }
  vpfnCbsCorePrepareShutdownProcessing = GetProcAddress(vhCoreModule,"CbsCorePrepareShutdownProcessing");
  if (!vpfnCbsCorePrepareShutdownProcessing)
    CBSWdsLog(
      0x4000000,
      0,
      0,
      "Warning:Failed to locate 'CbsCorePrepareShutdownProcessing' method in Core DLL:%S",
      v1);
  vpfnCbsCoreFinalizeShutdownProcessing = GetProcAddress(vhCoreModule,"CbsCoreFinalizeShutdownProcessing");
  if (!vpfnCbsCoreFinalizeShutdownProcessing)
    CBSWdsLog(
      0x4000000,
      0,
      0,
      "Warning:Failed to locate 'CbsCoreFinalizeShutdownProcessing' method in Core DLL:%S",
      v1);
  vpfnCbsCoreSetRebootInProgressFlag = GetProcAddress(vhCoreModule,"SetRebootInProgressFlag");
  if (!vpfnCbsCoreSetRebootInProgressFlag )
    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'SetRebootInProgressFlag' method in Core DLL: %S", v1);
  vpfnCbsCreateSessionNotifyInitialize = GetProcAddress(vhCoreModule,"CbsCreateSessionNotifyInitialize");
  if (!vpfnCbsCreateSessionNotifyInitialize)
    CBSWdsLog(
      0x4000000,
      0,
      0,
      "Warning:Failed to locate 'CbsCreateSessionNotifyInitialize' method in Core DLL:%S",
      v1);
  vpfnCbsCreateSessionNotify = GetProcAddress(vhCoreModule,"CbsCreateSessionNotify");
  if (!vpfnCbsCreateSessionNotify )
    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCreateSessionNotify' method in Core DLL: %S", v1);
  vpfnCbsCreateSessionNotifyFinalize = GetProcAddress(vhCoreModule,"CbsCreateSessionNotifyFinalize");
  if (!vpfnCbsCreateSessionNotifyFinalize )
    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCreateSessionNotifyFinalize' method in Core DLL: %S", v1);
  vpfnCbsCoreStopIdleProcessing = GetProcAddress(vhCoreModule,"CbsCoreStopIdleProcessing");
  if (!vpfnCbsCoreStopIdleProcessing )
    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCoreStopIdleProcessing' method in Core DLL: %S", v1);
  v2 =CoGetMalloc(1u, &ppMalloc);
  if (v2 >= 0)
  {
    v6 =(int (__stdcall*)(signedint, _DWORD))vpfnCbsCoreSetState;
    __guard_check_icall_fptr(vpfnCbsCoreSetState);
    v2 =v6(8, 0);
    if (v2 >= 0)
    {
      v7 =(int (__stdcall*)(LPMALLOC,signed int (__stdcall *)(int), void (__stdcall*)(),int (__stdcall *)(), int(__stdcall *)(), BOOL (__stdcall*)(),int (__stdcall *)(), structIClassFactory **))vpfnCbsCoreInitialize;
      v8 =ppMalloc;
      __guard_check_icall_fptr(vpfnCbsCoreInitialize);
      v2 =v7(
             v8,
             TiWorkerCoreLockProcess,
             TiWorkerCoreUnlockProcess,
             TiWorkerCoreInstanceCreated,
            TiWorkerCoreInstanceDestroyed,
            TiWorkerCoreRequireShutdownNow,
            TiWorkerCoreRequireShutdownProcessing,
             &v35);
      if (v2 < 0)
      {
        v31 =v1;
        v30 ="Failed to initialize the Core DLL: %S";
        goto LABEL_66;
      }
      if (v32 )
      {
        lpLibFileName = 0;
        GetOsSafeBootMode(&lpLibFileName);
        v9 =(void (__stdcall*)(int))vpfnCbsCoreEnsureNoStartupProcessing;
        v10 =(unsigned int)lpLibFileName >0;
        __guard_check_icall_fptr(vpfnCbsCoreEnsureNoStartupProcessing);
        v9(v10);
      }
      v11 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;
      __guard_check_icall_fptr(vpfnCbsCoreSetState);
      v12 =v11(1,TiWorkerCoreRevokeShutdownProcessing);
      if (v12 < 0)
        CBSWdsLog(
          0x4000000,
          v12,
          1,
          "Failedto supply callback for revoking shutdown processing; assuming it is notsupported.");
      v13 =(int (__stdcall*)(_DWORD,int (__stdcall *)()))vpfnCbsCoreSetState;
      __guard_check_icall_fptr(vpfnCbsCoreSetState);
      v14 =v13(0,TiWorkerCoreRequireReboot);
      if (v14 < 0)
        CBSWdsLog(
          0x4000000,
          v14,
          1,
          "Ignoringfailure to set reboot callback; assuming reboot indication is notsupported.");
      v15 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;
      __guard_check_icall_fptr(vpfnCbsCoreSetState);
      v16 =v15(3,TiWorkerCoreIsRebootRequired);
      if (v16 < 0)
        CBSWdsLog(
          0x4000000,
          v16,
          1,
          "Ignoringfailure to set is reboot required callback; assuming it is not supported.");
      v17 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;
      __guard_check_icall_fptr(vpfnCbsCoreSetState);
      v18 =v17(4,TiWorkerCoreAnticipateShutdownProcessingNeeded);
      if (v18 < 0)
        CBSWdsLog(
          0x4000000,
          v18,
          1,
          "Ignoringfailure to set is anticipate shutdown processing needed callback; assuming itis not supported.");
      v19 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;
      __guard_check_icall_fptr(vpfnCbsCoreSetState);
      v20 =v19(5,TiWorkerCoreRegisterWinlogonNotification);
      if (v20 < 0)
        CBSWdsLog(
          0x4000000,
          v20,
          1,
          "Failedto supply callback for registering winlogon notifications; assuming it is notsupported.");
      v21 =(int (__stdcall*)(signedint, int (__stdcall *)(int)))vpfnCbsCoreSetState;
      __guard_check_icall_fptr(vpfnCbsCoreSetState);
      v22 =v21(6,TiWorkerCoreUnregisterWinlogonNotification);
      if (v22 < 0)
        CBSWdsLog(
          0x4000000,
          v22,
          1,
          "Failedto supply callback for unregistering winlogon notifications; assuming it is notsupported.");
      v23 =v35;
      v2 =0;
      v35 =0;
      vpCbsSessionClassFactory = v23;
    }
    else
    {
      CBSWdsLog(0x4000000, v2, 1, "Failed to set online servicing state.");
    }
  }
  else
  {
    CBSWdsLog(0x4000000, v2, 1, "Failed to get task allocator for TrustedInstaller.");
  }
LABEL_102:
  if (v35 )
  {
    v24 =(int)v35;
    v25 =v35->lpVtbl->Release;
    __guard_check_icall_fptr(v35->lpVtbl->Release);
    v25((IClassFactory*)v24);
  }
  if (ppMalloc )
  {
    v26 =ppMalloc;
    v27 =ppMalloc->lpVtbl->Release;
    __guard_check_icall_fptr(ppMalloc->lpVtbl->Release);
    v27(v26);
  }
  if (v2 < 0&& vhCoreModule )
  {
    vhCoreModule = 0;
    vpfnCbsCoreInitialize = 0;
    vpfnCbsCoreStartupProcessing = 0;
    vpfnCbsCoreEnsureNoStartupProcessing = 0;
    vpfnCbsCoreShutdownProcessing = 0;
    vpfnCbsCoreFinalize = 0;
    vpfnCbsCorePrepareShutdownProcessing = 0;
    vpfnCbsCoreFinalizeShutdownProcessing= 0;
  }
  if (v1 )
    SczFree(v1);
  if (v33 )
    SczFree(v33);
  return v2;
}
// 401CC4: using guessed type wchar_taCbscore_dll[13];
// 41B700: using guessed type int __stdcallTiWorkerCoreUnregisterWinlogonNotification(int);
// 41E97B: using guessed type intCBSWdsLog(_DWORD, _DWORD, _DWORD, const char *, ...);
// 42C440: using guessed type struct IClassFactory*vpCbsSessionClassFactory;
// 42D148: using guessed type _DWORD __stdcallGetOsSafeBootMode(_DWORD);
// 42D1DC: using guessed type int (__thiscall*__guard_check_icall_fptr)(_DWORD);