生成元件散列值
散列值在修複元件故障時,非常重要。
第一個散列值從元件的名稱上可以知道,隻有通過對應的第二個散列值,才能找到元件族和勝出的系統資料庫值。
真正生成字元串的函數可能是:
CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat
這裡是調用 CRtlDefinitionIdentity::GeneratePseudoKeys,生成散列值。
但是,也可能并不需要這樣做。
IRtlSystemIsolationLayerTearoff *pSystem = NULL;
RtlGetSystem(, NULL, &pSystem);
LPWSTR pszPathIn = L"C:\\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_zh-cn_e3e124965f8d9d70.manifest";
IRtlDefinitionIdentity* idi = NULL;
GetManifestId(pSystem, pszPathIn, &idi);
CRtlDefinitionIdentity* di = (CRtlDefinitionIdentity*)(*(UINT_PTR*)&idi - * sizeof(UINT_PTR));
ICRtlDefinitionIdentity* t;
t = (ICRtlDefinitionIdentity*)&di->vft1;
INT64 a1=, a2=, a3=;
LUNICODE_STRING fileName, ntFileName;
t->GeneratePseudoKeys( &a1, &a2, &a3);
将産生三個散列值:
e3e124965f8d9d7
f593f441a3428c44
cbdc1b39c881471
第一個用于生成這個檔案名,如果不是分發清單檔案,還用于生成 winsxs 下的元件目錄,以及系統資料庫中 HKEY_LOCAL_MACHINE\Components\DerivedData\Components\ amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_6..zh-cn_e3e124965f8d9d7 項;
第二個散列值已知的隻用于系統資料庫,有兩處:
HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\. (winblue_ltsb.-)\ComponentFamilies\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_zh-cn_f593f441a3428c44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-w..oyment-languagepack_31bf3856ad364e35_zh-cn_f593f441a3428c44
第三個散列值尚不知道用于何處。
//----- (8010A05) ----------------------------------------------------
__int64 __fastcall CRtlDefinitionIdentity::GeneratePseudoKeys(CRtlDefinitionIdentity *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4)
{
return CAttributeValueCollection::GeneratePseudoKeys(
*((CAttributeValueCollection **)this + ),
a2,
a3,
a4);
}
//----- (8010CFB8) ----------------------------------------------------
__int64 __fastcall CAttributeValueCollection::GeneratePseudoKeys(CAttributeValueCollection *this, unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4)
{
*a2 = 0i64;
v4 = a4;
*a3 = 0i64;
v5 = a3;
*a4 = 0i64;
v6 = a2;
v11 = 0i64;
v7 = this;
v12 = 0i64;
v13 = 0i64;
v8 = (*(_BYTE *)this & ) == ;
v14 = -;
if ( v8 )
{
result = CAttributeValueCollection::CalculateKeysForBuiltinAttributes(
this,
&v11,
&v12,
&v13);
if ( (signed int)result < )
return result;
v1 = v11;
*(_DWORD *)v7 |= u;
*((_QWORD *)v7 + ) = v1;
*((_QWORD *)v7 + ) = v12;
*((_QWORD *)v7 + ) = v13;
}
*v6 = *((_QWORD *)v7 + );
*v5 = *((_QWORD *)v7 + );
*v4 = *((_QWORD *)v7 + );
Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v14);
return v14;
}
//----- (8010C76) ----------------------------------------------------
__int64 __fastcall CAttributeValueCollection::CalculateKeysForBuiltinAttributes(
CAttributeValueCollection *this,
unsigned __int64 *a2,
unsigned __int64 *a3,
unsigned __int64 *a4)
{
// 清零
*a2 = 0i64;
*a3 = 0i64;
*a4 = 0i64;
v4 = 0i64;
v5 = a3;
v6 = a2;
v7 = (*((_BYTE *)this + ) & ) == ;
v8 = this;
v2 = a4;
v21 = -;
if ( !v7 )
{
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_name,
*((Windows::Identity::Rtl **)this + 3),
(unsigned __int64 *)&v17);
if ( (signed int)result < 0 )
return result;
v4 = v17;
}
if ( *((_BYTE *)v8 + 16) & 8 )
{
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_culture,
*((Windows::Identity::Rtl **)v8 + 6),
(unsigned __int64 *)&v17);
if ( (signed int)result < 0 )
return result;
v4 = v17 + 8589934583i64 * v4;
}
if ( *((_BYTE *)v8 + 16) & 0x80 )
{
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_typeName,
*((Windows::Identity::Rtl **)v8 + ),
(unsigned __int64 *)&v17);
if ( (signed int)result < )
return result;
v4 = v17 + i64 * v4;
}
if ( *((_BYTE *)v8 + ) & )
{
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_Type,
*((Windows::Identity::Rtl **)v8 + 8),
(unsigned __int64 *)&v17);
if ( (signed int)result < 0 )
return result;
v4 = v17 + 8589934583i64 * v4;
}
v10 = v4;
v11 = v4;
版本
if ( *((_BYTE *)v8 + 16) & 4 )
{
v18 = 0i64;
v19 = 46i64;
result = Windows::WCP::Implementation::Rtl::FormatFourPartVersion<_LUNICODE_STRING>(
(_WORD *)v8 + 20,
0i64,
(_QWORD *)v4,
(__int64)&v18);
if ( (signed int)result < 0 )
return result;
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_version,
(Windows::Identity::Rtl *)&v18,
(unsigned __int64 *)&v17);
if ( (signed int)result < 0 )
return result;
v12 = 8589934583i64 * v4;
v4 = v17 + 8589934583i64 * v4;
result = Windows::WCP::Implementation::Rtl::FormatFourPartVersion<_LUNICODE_STRING>(
(_WORD *)v8 + 20,
(Windows::WCP::Implementation::Rtl *)0xC,
(_QWORD *)v11,
(__int64)&v18);
if ( (signed int)result < 0 )
return result;
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_version,
(Windows::Identity::Rtl *)&v18,
(unsigned __int64 *)&v17);
if ( (signed int)result < )
return result;
v11 = v12 + v17;
}
if ( !(*((_BYTE *)v8 + ) & ) )
goto LABEL_24;
if ( *((_QWORD *)v8 + )
|| (result = ConvertByteStringOnDemandWithResize(
(__int64)v8 + ,
(__int64)v8 + ),
(signed int)result >= ) )
{
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_PublicKeyToken,
(CAttributeValueCollection *)((char *)v8 + 208),
(unsigned __int64 *)&v17);
if ( (signed int)result >= 0 )
{
v4 = v17 + 8589934583i64 * v4;
v11 = v17 + 8589934583i64 * v11;
v10 = v17 + 8589934583i64 * v10;
LABEL_24:
if ( *((_BYTE *)v8 + 16) & 0x10 )
{
v13 = id_GetProcessorArchitecture(
(CAttributeValueCollection *)((char *)v8 + 56),
(const struct Windows::Identity::Rtl::PSEUDO_ARCH *)a2);
if ( !v13 )
{
if ( !Windows::Identity::Rtl::PSEUDO_ARCH::operator==(
(__int64)v8 + 56,
(Windows::Identity::Rtl::PSEUDO_ARCH *)&unk_1802F9784) )
{
Windows::ErrorHandling::CBaseFrame::BreakIn();
__debugbreak();
goto LABEL_40;
}
v13 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_data;
}
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_processorArchitecture,
v13,
(unsigned __int64 *)&v17);
if ( (signed int)result < 0 )
return result;
v4 = v17 + 8589934583i64 * v4;
v11 = v17 + 8589934583i64 * v11;
v10 = v17 + 8589934583i64 * v10;
}
if ( !(*((_DWORD *)v8 + 4) & 0x100) )
{
LABEL_37:
v16 = v20;
*v6 = v4;
*v5 = v10;
*v16 = v11;
Windows::ErrorHandling::COM::CBaseFrame<Windows::ErrorHandling::COM::CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v21);
return v21;
}
v14 = *((_DWORD *)v8 + 20);
if ( !v14 )
{
v15 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_neutral;
goto LABEL_35;
}
if ( v14 == 1 )
{
v15 = (Windows::Identity::Rtl *)&g_LUNICODE_STRING_NonSxS;
LABEL_35:
result = `anonymous namespace'::HashNameAndValue(
(Windows::Identity::Rtl *)&g_LUNICODE_STRING_versionScope,
v15,
(unsigned __int64 *)&v17);
if ( (signed int)result < )
return result;
v4 = v17 + i64 * v4;
v11 = v17 + i64 * v11;
v1 = v17 + i64 * v1;
goto LABEL_37;
}
LABEL_4:
Windows::ErrorHandling::CBaseFrame::BreakIn();
JUMPOUT(*(_QWORD *)&byte_18010CA6F);
}
}
return result;
}
ConvertByteStringOnDemandWithResize(
(char *)v8 + ,
(char *)v8 +
可能是把 (char *)v8 + 的值轉換成字元串,放到 (char *)v8 +
即, + 和 +
//----- (8010FFE4) ----------------------------------------------------
const struct _LUNICODE_STRING *__fastcall
id_GetProcessorArchitecture(
Windows::Identity::Rtl::Implementation *this,
const struct Windows::Identity::Rtl::PSEUDO_ARCH *a2)
{
Windows::Identity::Rtl::Implementation *v2; // rdi@1
__int64 *v3; // rbx@1
__int64 v4; // r11@2
v2 = this;
v3 = (__int64 *)&off_1802B1628;
while ( !Windows::Identity::Rtl::operator==(*v3, (__int64)v2) )
{
v3 += ;
if ( v4 == )
return 0i64;
}
return (const struct _LUNICODE_STRING *)*(&off_1802B162 + * v4);
}
傳回值的類型為:_LUNICODE_STRING
//----- (800FDFA) ----------------------------------------------------
signed __int64 __fastcall
Windows::Identity::Rtl::PSEUDO_ARCH::GetLegacyArchitecture(
Windows::Identity::Rtl::PSEUDO_ARCH *this)
{
__int16 v1; // ax@1
signed __int64 result; // rax@2
v1 = *((_WORD *)this + );
if ( v1 == - )
return *(_WORD *)this;
if ( *(_WORD *)this != || v1 )
{
if ( *(_WORD *)this == v1 )
return *(_WORD *)this;
result = i64;
}
else
{
result = i64;
}
return result;
}
結果都不對。
//----- (CF) --------------------------------------------------------
int __thiscall
CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat(
CRtlIdentityBase *this,
unsigned __int32 a2,
struct _LUNICODE_STRING *a3)
{
unsigned __int32 v3; // ebx@3
unsigned __int64 v4; // rax@5
int v5; // esi@5
char v6; // cl@10
unsigned __int8 v7; // al@10
struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v8; // ebx@10
int *v9; // eax@11
Windows::WCP::Implementation::Rtl *v10; // eax@18
unsigned __int64 v11; // rax@25
int *v12; // ecx@25
int v13; // ecx@30
unsigned __int8 *v14; // eax@37
char v15; // dl@39
char v16; // al@39
int v17; // eax@41
unsigned __int8 *v18; // eax@44
int *v19; // ecx@47
int *v20; // ecx@55
int *v21; // ecx@63
int *v22; // eax@65
Windows::WCP::Implementation::Rtl *v23; // eax@72
struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v24; // ecx@72
CRtlIdentityBase *v26; // [sp+Ch] [bp-h]@1
struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *v27[]; // [sp+h] [bp-h]@3
char v28; // [sp+Ch] [bp-h]@10
char v29; // [sp+Dh] [bp-h]@10
char v3; // [sp+Eh] [bp-h]@10
char v31; // [sp+Fh] [bp-h]@10
const char *v32; // [sp+h] [bp-h]@8
const char *v33; // [sp+h] [bp-Ch]@8
unsigned __int64 v34; // [sp+h] [bp-h]@8
unsigned __int64 v35; // [sp+h] [bp-h]@1
unsigned __int32 v36; // [sp+h] [bp+h]@10
v26 = this;
HIDWORD(v35) = ;
if ( a3 )
*(_DWORD *)a3 = ;
v3 = a2;
v27[] = ;
if ( a2 & )
goto LABEL_25;
if ( !a3 )
{
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer((char *)&v35 + );
v5 = HIDWORD(v35);
LABEL_8:
v34 = v4;
v32 = "base\\wcp\\identity\\id_baseidentity.cpp";
v33 =
"CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat";
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(
(int *)&v35 + ,
(int)&v32);
return v5;
}
if ( *((_DWORD *)a3 + ) < u )
{
v5 = ;
LODWORD(v4) = ;
HIDWORD(v4) = "BufferOut->MaximumLength >= (140)";
HIDWORD(v35) = ;
goto LABEL_8;
}
v5 =
CAttributeValueCollection::GetBuiltinAttributes(
*((CAttributeValueCollection **)this + ),
,
&v27[]);
if ( v5 < )
return v5;
v3 = ;
v6 = a2 & ;
v29 = ((unsigned __int8)a2 >> ) & ;
v7 = a2;
LOBYTE(v3) = ((unsigned __int8)a2 >> ) & ;
v36 = v3;
v8 = v27[];
v31 = v6;
v28 = (v7 >> ) & ;
if ( *((_BYTE *)v27[] + ) & )
{
v9 =
(int *)id_GetProcessorArchitecture(
(char *)v27[] + );
goto LABEL_15;
}
if ( !v6 )
{
v9 = g_LUNICODE_STRING_none;
LABEL_15:
if ( !v9 )
goto LABEL_17;
goto LABEL_16;
}
v9 = g_LUNICODE_STRING__star;
v3 = ;
LABEL_16:
v5 = RtlAppendLUnicodeStringToLUnicodeString((int)v9, (int)a3);
if ( v5 < )
return v5;
LABEL_17:
if ( *((_BYTE *)v8 + ) & )
{
v1 = (Windows::WCP::Implementation::Rtl *)*((_DWORD *)v8 + );
}
else
{
if ( !(_BYTE)v36 || !(*((_BYTE *)v8 + ) & ) )
goto LABEL_24;
v1 = (Windows::WCP::Implementation::Rtl *)g_LUNICODE_STRING_Neutral;
}
if ( v1 )
{
v5 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)(
v1,
u);
if ( v5 < )
return v5;
}
LABEL_24:
if ( !(*((_BYTE *)v8 + ) & ) )
{
LABEL_25:
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer((char *)&v35 + );
v34 = v11;
v32 = "base\\wcp\\identity\\id_baseidentity.cpp";
v33 = "CRtlIdentityBase::GenerateKeyFormIntoBuffer_LHFormat";
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(
v12,
(int)&v32);
return HIDWORD(v35);
}
if ( *((_DWORD *)v8 + ) )
{
v5 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)(
*((Windows::WCP::Implementation::Rtl **)v8 + ),
u);
if ( v5 < )
return v5;
}
if ( *((_BYTE *)v8 + ) & )
{
v5 = Windows::WCP::Implementation::Rtl::AppendCharacter((int)a3, );
// 即 下劃線
if ( v5 < )
return v5;
v13 = *((_DWORD *)v8 + );
LODWORD(v34) = *(_DWORD *)(v13 + );
HIDWORD(v34) = *(_DWORD *)v13;
Windows::WCP::Implementation::Rtl::FormatBytesIntoString(
,
(int)&v34,
RtlEncodeUtf16LE,
*((_DWORD *)a3 + ) + *(_DWORD *)a3,
*((_DWORD *)a3 + ) + *((_DWORD *)a3 + ),
(int)&v27[]);
*(_DWORD *)a3 = (char *)v27[] - *((_DWORD *)a3 + );
}
else
{
if ( (_BYTE)v36 && *((_BYTE *)v8 + ) & )
{
v19 = g_LUNICODE_STRING__under_neutral;
}
else if ( v31 )
{
v3 = ;
v19 = g_LUNICODE_STRING__under__star;
}
else
{
v19 = g_LUNICODE_STRING__under_none;
}
v5 = RtlAppendLUnicodeStringToLUnicodeString((int)v19, (int)a3);
if ( v5 < )
return v5;
}
if ( *((_BYTE *)v8 + ) & )
{
if ( v29 )
{
LABEL_39:
v15 = v31;
v16 = v36;
goto LABEL_4;
}
v27[] = ;
if ( v28 )
v27[] = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *);
if ( *(_DWORD *)a3 )
{
v5 = RtlAppendUcsCharacterToLUnicodeString(, , (int)a3);
if ( v5 < )
return v5;
}
v14 = Windows::WCP::Implementation::Rtl::AppendFourPartVersion<_LUNICODE_STRING>(
(
struct _RTL_UCSCHAR_ENCODER_RETURN_VALUE (
__fastcall __high *)(unsigned __int32, unsigned __int8 *, unsigned __int8 *))v27[],
(_WORD *)v8 + ,
(int)a3);
LABEL_38:
v5 = (int)v14;
if ( (signed int)v14 < )
return v5;
goto LABEL_39;
}
v16 = v36;
if ( (_BYTE)v36 && *((_BYTE *)v8 + ) & )
{
v2 = g_LUNICODE_STRING__under_neutral;
LABEL_6:
v14 = (unsigned __int8 *)
RtlAppendLUnicodeStringToLUnicodeString((int)v2, (int)a3);
goto LABEL_38;
}
v15 = v31;
if ( v31 )
{
v3 = ;
v2 = g_LUNICODE_STRING__under__star;
}
else
{
v2 = g_LUNICODE_STRING__under_none;
}
if ( !v29 )
goto LABEL_6;
LABEL_4:
if ( *((_BYTE *)v8 + ) & )
{
v17 = ((__int32 (__cdecl *)(Windows::WCP::Implementation::Rtl *, unsigned __int16))Windows::WCP::Implementation::Rtl::SanitizeAndAppend)(
*((Windows::WCP::Implementation::Rtl **)v8 + ),
u);
}
else
{
if ( v16 && *((_BYTE *)v8 + ) & )
{
v21 = g_LUNICODE_STRING__under_neutral;
}
else
{
if ( v15 )
{
v22 = g_LUNICODE_STRING__under__star;
v3 = ;
}
else
{
v22 = g_LUNICODE_STRING__under_none;
}
v21 = v22;
}
v17 = RtlAppendLUnicodeStringToLUnicodeString((int)v21, (int)a3);
}
v5 = v17;
if ( v17 < )
return v5;
if ( v3 )
{
v18 = (unsigned __int8 *)RtlAppendLUnicodeStringToLUnicodeString((int)g_LUNICODE_STRING__under__star, (int)a3);
}
else
{
v34 = 0i64;
v27[] = ;
v27[] = ;
v35 = 0i64;
v5 = Windows::WCP::Implementation::Rtl::AppendCharacter((int)a3, );
if ( v5 < )
return v5;
v5 = CAttributeValueCollection::GeneratePseudoKeys(
*((CAttributeValueCollection **)v26 + ),
&v34,
(unsigned __int64 *)v27,
&v35);
if ( v5 < )
return v5;
if ( v29 )
{
v23 = v27[];
v24 = v27[];
}
else if ( v28 )
{
v24 = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)HIDWORD(v35);
v23 = (Windows::WCP::Implementation::Rtl *)v35;
}
else
{
v24 = (struct Windows::Identity::Rtl::BUILTIN_ATTRIBUTES *)HIDWORD(v34);
v23 = (Windows::WCP::Implementation::Rtl *)v34;
}
v18 = Windows::WCP::Implementation::Rtl::AppendNumberToBuffer<unsigned __int64,_LUNICODE_STRING>(
(int)a3,
v23,
(int)v24);
}
v5 = (int)v18;
if ( (signed int)v18 < )
return v5;
if ( *(_DWORD *)a3 > u )
__debugbreak();
return ;
}
// : using guessed type int g_LUNICODE_STRING_none[];
// E: using guessed type int g_LUNICODE_STRING_Neutral[];
// D4D8: using guessed type int g_LUNICODE_STRING__star[];
// D47: using guessed type int g_LUNICODE_STRING__under_none[];
// D47C: using guessed type int g_LUNICODE_STRING__under_neutral[];
// D488: using guessed type int g_LUNICODE_STRING__under__star[];
// A41C: using guessed type __int32 Windows::WCP::Implementation::Rtl::SanitizeAndAppend(Windows::WCP::Implementation::Rtl *__hidden this, unsigned __int16, struct _LUNICODE_STRING *, const struct _LUNICODE_STRING *, unsigned __int32);
//----- (CCBF) --------------------------------------------------------
__int32 __thiscall
CAttributeValueCollection::GeneratePseudoKeys(
CAttributeValueCollection *this,
unsigned __int64 *a2, unsigned __int64 *a3, unsigned __int64 *a4)
{
CAttributeValueCollection *v4; // esi@1
unsigned __int64 *v5; // ecx@1
bool v6; // zf@1
__int32 result; // eax@2
int v8; // eax@3
int v9; // [sp+h] [bp-h]@1
int v1; // [sp+h] [bp-h]@1
int v11; // [sp+h] [bp-h]@1
int v12; // [sp+Ch] [bp-Ch]@1
int v13; // [sp+h] [bp-h]@1
int v14; // [sp+h] [bp-h]@1
unsigned __int64 *v15; // [sp+Ch] [bp-Ch]@1
int v16; // [sp+h] [bp-h]@1
v16 = ;
v4 = this;
v5 = a4;
v15 = a4;
v9 = ;
*a2 = 0i64;
*a3 = 0i64;
*a4 = 0i64;
v6 = (*(_BYTE *)v4 & ) == ;
v1 = ;
v11 = ;
v12 = ;
v13 = ;
v14 = ;
if ( v6 )
{
result =
CAttributeValueCollection::CalculateKeysForBuiltinAttributes(
v4,
(unsigned __int64 *)&v9,
(unsigned __int64 *)&v11,
(unsigned __int64 *)&v13);
if ( result < )
return result;
v8 = v9;
*(_DWORD *)v4 |= u;
v5 = v15;
*((_DWORD *)v4 + ) = v8;
*((_DWORD *)v4 + ) = v1;
*((_DWORD *)v4 + ) = v11;
*((_DWORD *)v4 + ) = v12;
*((_DWORD *)v4 + ) = v13;
*((_DWORD *)v4 + ) = v14;
}
*a2 = *((_QWORD *)v4 + );
*a3 = *((_QWORD *)v4 + );
*(_DWORD *)v5 = *((_DWORD *)v4 + );
*((_DWORD *)v5 + ) = *((_DWORD *)v4 + );
// *a4 = *((_QWORD *)v4 + );
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetCanonicalSuccess(&v16);
return v16;
}
//----- () --------------------------------------------------------
int __thiscall
CRtlIdentityBase::CRtlIdentityBase(CRtlIdentityBase *this)
{
int v1; // ecx@1
int result; // eax@1
IRtlInternalIdentity::IRtlInternalIdentity(this);
*(_DWORD *)v1 =
&CRtlIdentityBase::`vftable';
result = v1;
*(_BYTE *)(v1 + 4) = 0;
*(_DWORD *)(v1 + 8) = 0;
return result;
}
//----- (101698F7) --------------------------------------------------------
IRtlInternalIdentity *__thiscall IRtlInternalIdentity::IRtlInternalIdentity(IRtlInternalIdentity *this)
{
*(_DWORD *)this = &IRtlInternalIdentity::`vftable';
return this;
}
(CRtlDefinitionIdentity *)operator new((void *)0x18);
//----- (101697EE) --------------------------------------------------------
CRtlDefinitionIdentity *__thiscall CRtlDefinitionIdentity::CRtlDefinitionIdentity(CRtlDefinitionIdentity *this)
{
CRtlDefinitionIdentity *v1; // [email protected]
struct Windows::Rtl::CRtlTrackTypeDescription *v2; // [email protected]
void (__thiscall *v3)(struct Windows::Rtl::CRtlTrackTypeDescription *, const char *, signed int, signed int, signed int); // [email protected]
v1 = this;
CRtlIdentityBase::CRtlIdentityBase(this);
v2 = Windows::Rtl::g_pTrackTypeDescription;
*(_DWORD *)v1 = &Windows::Rtl::CRtlRefCountedObjectBase<CRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseImplementedInterface<CRtlIdentityBase,IRtlInternalIdentity>,Windows::Identity::Rtl::IRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseInterfaceCast<Windows::Identity::Rtl::IRtlBaseIdentity,IRtlInternalIdentity>,Windows::Rtl::Detail::CRtlRefCountedObjectBaseNoInterface>::`vftable';
*((_DWORD *)v1 + ) = ;
*((_DWORD *)v1 + ) = &Windows::COM::CComObjectInterfaceTearOffBase<Windows::ServicingAPI::CCSITransactionAnalysis,ICSIInventory>::`vftable';
*(_DWORD *)v1 = &CRtlDefinitionIdentity::`vftable'{for `Windows::Rtl::CRtlRefCountedObjectBase<CRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseImplementedInterface<CRtlIdentityBase,IRtlInternalIdentity>,Windows::Identity::Rtl::IRtlDefinitionIdentity,Windows::Rtl::CRtlRefCountedObjectBaseInterfaceCast<Windows::Identity::Rtl::IRtlBaseIdentity,IRtlInternalIdentity>,Windows::Rtl::Detail::CRtlRefCountedObjectBaseNoInterface>'};
*((_DWORD *)v1 + ) = &CRtlDefinitionIdentity::`vftable'{for `Windows::Identity::Rtl::IRtlDefinitionIdentity'};
if ( v2 )
{
v3 = *(void (__thiscall **)(struct Windows::Rtl::CRtlTrackTypeDescription *, const char *, signed int, signed int, signed int))(*(_DWORD *)v2 + 8);
__guard_check_icall_fptr(*(_DWORD *)(*(_DWORD *)v2 + 8));
v3(v2, "CRtlDefinitionIdentity", 14, 24, 1);
}
return v1;
}