獲得清單檔案的内置屬性

獲得清單檔案的内置屬性

LoadWcp();

WcpInitialize();

IRtlSystemIsolationLayerTearoff  *pSystem = NULL;

RtlGetSystem(0, NULL, &pSystem);

LPWSTRpszPathIn = argv[2];

IRtlDefinitionIdentity* idi = NULL;

GetManifestId(pSystem, pszPathIn, &idi);

PLUNICODE_STRINGs = newLUNICODE_STRING();

CRtlDefinitionIdentity* di = (CRtlDefinitionIdentity*)(*(UINT_PTR*)&idi - 4 * sizeof(UINT_PTR));

ICRtlDefinitionIdentity* t;

t = (ICRtlDefinitionIdentity*)&di->vft1;

t->GetBuiltinAttribute (_wtoi(argv[3]), &s);

LPWSTRpszOut = L"";

if (s) {

    ConvertLUnicodeStringToNullTerminatedString(s, &pszOut);

}

printf("%ws\n", pszOut);

return 0;

//----- (000000018010D0C0) ----------------------------------------------------

__int64 __fastcall CAttributeValueCollection::GetBuiltinAttribute(

CAttributeValueCollection *this,

unsigned int a2,

const struct_LUNICODE_STRING **a3)

{

  v26 =C00000E5;

  *a3= 0i64;

  v3 =a3;

  v4 =a2;

  v5 =this;

  if (!a2 ||a2 > 0x20)  // a2 0 到 32

  {

    CBaseFrame<CVoidRaiseFrame>::SetInvalidParameter(&v26);

    v25 =v6;

    v22 ="base\\wcp\\identity\\attribute_value_collection.cpp";

    v24 =v7;

    v23 ="CAttributeValueCollection::GetBuiltinAttribute";

    CBaseFrame<CVoidRaiseFrame>::ReportErrorOrigination(

      &v26,

      (__int64)&v22);

    return v26;

  }

  v8 =*((_DWORD*)this+ 4);

  v9 =(const structWindows::Identity::Rtl::PSEUDO_ARCH *)(unsigned __int8)(a2 - 1);

  if (!_bittest(&v8, (unsignedint)v9))

    goto LABEL_32;

  v10 =v4 - 1;

  if (!v10 )

  {

    v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 3);

    goto LABEL_31;

  }

  v11 =v10 - 1;

  if (!v11 )

  {

    v20 =(char *)this +208;

    if (!*((_QWORD*)this+ 26) )

    {

      result =ConvertByteStringOnDemandWithResize(

                 (__int64)this +112,

                 (__int64)this +208);

LABEL_28:

      if ((signed int)result <0 )

        return result;

    }

LABEL_29:

    *v3= (conststruct _LUNICODE_STRING *)v20;

    goto LABEL_32;

  }

  v12 =v11 - 1;

  if (v12 )

  {

    v13 =v12 - 1;

    if (!v13 )

    {

      v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 6);

      goto LABEL_31;

    }

    v14 =v13 - 1;

    if (v14 )

    {

      v15 =v14 - 1;

      if (!v15 )

      {

        v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 8);

        goto LABEL_31;

      }

      v16 =v15 - 2;

      if (!v16 )

      {

        v18 =(const struct _LUNICODE_STRING *)*((_QWORD *)this+ 9);

        goto LABEL_31;

      }

      if (v16 == 1)

      {

        v17 =*((_DWORD*)this+ 20);

        if ( !v17 )

        {

          v18 =(const struct _LUNICODE_STRING *)&g_LUNICODE_STRING_neutral;

          goto LABEL_31;

        }

        if ( v17 == 1 )

        {

          v18 =(const struct _LUNICODE_STRING *)&g_LUNICODE_STRING_NonSxS;

LABEL_31:

          *a3= v18;

          goto LABEL_32;

        }

      }

      else

      {

       Windows::ErrorHandling::CBaseFrame::BreakIn();

        __debugbreak();

      }

     Windows::ErrorHandling::CBaseFrame::BreakIn();

      __debugbreak();

LABEL_37:

     Windows::ErrorHandling::CBaseFrame::BreakIn();

      JUMPOUT(*(_QWORD *)&byte_18010D285);

    }

    v19 =id_GetProcessorArchitecture(

            (CAttributeValueCollection*)((char*)this+ 56),

            v9);

    *v3= v19;

    if (!v19 )

      goto LABEL_37;

LABEL_32:

    CBaseFrame<CSimpleHResultCarryingFrame>::SetCanonicalSuccess(&v26);

    return v26;

  }

  v20 =(char *)this +232;

  if (*((_QWORD*)this+ 29) )

    goto LABEL_29;

  if (*((_QWORD*)this+ 30) >=0x2Eui64

    ||(result =RtlReallocateLUnicodeString(0, 0x2Eui64, (__int64)this +232), (signed int)result>= 0) )

  {

    result =FormatFourPartVersion<_LUNICODE_STRING>(

               (_WORD*)v5+ 20,

               0i64,

               v20,

               (__int64)v5 + 232);

    goto LABEL_28;

  }

  return result;

}