解读 TiWorkerCoreInitialize

解读 TiWorkerCoreInitialize

调用 CbsCoreInitialize，传递进去的函数地址就是在这里确定的。

//----- (0041BDC2)--------------------------------------------------------

int __thiscall TiWorkerCoreInitialize(void*this)

{

  v1 =0;

  v32 =this;

  v33 =0;

  v35 =0;

  lpLibFileName = 0;

  ppMalloc =0;

  if (vhCoreModule )

  {

    v2 =-2147023649;

    CBSWdsLog(0x4000000, -2147023649, 1, "Trusted Installer core already initialized.");

    goto LABEL_102;

  }

  if (vpfnCbsCoreInitialize )

    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",573, (int)"!vpfnCbsCoreInitialize");

  if (vpfnCbsCoreStartupProcessing )

    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",574, (int)"!vpfnCbsCoreStartupProcessing");

  if (vpfnCbsCoreEnsureNoStartupProcessing )

    CbsUtil_Assert(

      (int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",

      575,

      (int)"!vpfnCbsCoreEnsureNoStartupProcessing");

  if (vpfnCbsCoreShutdownProcessing )

    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",576, (int)"!vpfnCbsCoreShutdownProcessing");

  if (vpfnCbsCoreFinalize )

    CbsUtil_Assert((int)"onecore\\base\\cbs\\tiworker\\tiworkercore.cpp",577, (int)"!vpfnCbsCoreFinalize");

  v2 =PathGetModulePath(&v33);

  if (v2 < 0)

  {

    CBSWdsLog(0x4000000, v2, 1, "Failed to find servicing stack directory.");

    goto LABEL_102;

  }

  v3 =SczAllocConcat2Sz((int *)&lpLibFileName, (size_t)v33, (size_t)L"\\cbscore.dll");

  v2 =v3;

  if (v3 < 0)

  {

    CBSWdsLog(0x4000000, v3, 1, "Failed to allocate full path to Core DLL.");

    v1 =(char *)lpLibFileName;

    goto LABEL_102;

  }

  v1 =(char *)lpLibFileName;

  v4 =LoadLibraryW(lpLibFileName);

  vhCoreModule = v4;

  if (!v4 )

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to load Core DLL from path: %S";

LABEL_24:

    v29 =v5;

LABEL_25:

    CBSWdsLog(0x4000000, v29, 1,v30, v31);

    goto LABEL_102;

  }

  vpfnCbsCoreInitialize = GetProcAddress(v4,"CbsCoreInitialize");

  if (!vpfnCbsCoreInitialize )

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to locate 'CbsCoreInitialize' method inCore DLL: %S";

    goto LABEL_24;

  }

  vpfnCbsCoreLoadComponentStore = GetProcAddress(vhCoreModule,"CbsCoreLoadComponentStore");

  if (!vpfnCbsCoreLoadComponentStore )

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to locate 'CbsCoreLoadComponentStore'method in Core DLL: %S";

    goto LABEL_24;

  }

  vpfnCbsCoreStartupProcessing = GetProcAddress(vhCoreModule,"CbsCoreStartupProcessing");

  if (!vpfnCbsCoreStartupProcessing )

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to locate 'CbsCoreStartupProcessing'method in Core DLL: %S";

    goto LABEL_24;

  }

  vpfnCbsCoreEnsureNoStartupProcessing = GetProcAddress(vhCoreModule,"CbsCoreEnsureNoStartupProcessing");

  if (!vpfnCbsCoreEnsureNoStartupProcessing)

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to locate'CbsCoreEnsureNoStartupProcessing' method in Core DLL: %S";

    goto LABEL_24;

  }

  vpfnCbsCoreShutdownProcessing = GetProcAddress(vhCoreModule,"CbsCoreShutdownProcessing");

  if (!vpfnCbsCoreShutdownProcessing )

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to locate 'CbsCoreShutdownProcessing'method in Core DLL: %S";

    goto LABEL_24;

  }

  vpfnCbsCoreFinalize = GetProcAddress(vhCoreModule,"CbsCoreFinalize");

  if (!vpfnCbsCoreFinalize )

  {

    v5 =GetLastError();

    if (v5 > 0)

      v5 =(unsigned __int16)v5 | 0x80070000;

    v2 =v5;

    if (v5 >= 0)

    {

      v2 =0x80004005;

      v5 =0x80004005;

    }

    v31 =v1;

    v30 ="Failed to locate 'CbsCoreFinalize' method inCore DLL: %S";

    goto LABEL_24;

  }

  vpfnCbsCoreServiceIdleProcessing = GetProcAddress(vhCoreModule,"CbsCoreServiceIdleProcessing");

  if (!vpfnCbsCoreServiceIdleProcessing )

    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCoreServiceIdleProcessing' method in Core DLL: %S", v1);

  vpfnCbsCoreSetState = GetProcAddress(vhCoreModule,"CbsCoreSetState");

  if (!vpfnCbsCoreSetState )

  {

    v31 =v1;

    v2 =0x800F0800;

    v30 ="Warning: Failed to locate 'CbsCoreSetState'method in Core DLL: %S";

LABEL_66:

    v29 =v2;

    goto LABEL_25;

  }

  vpfnCbsCorePrepareShutdownProcessing = GetProcAddress(vhCoreModule,"CbsCorePrepareShutdownProcessing");

  if (!vpfnCbsCorePrepareShutdownProcessing)

    CBSWdsLog(

      0x4000000,

      0,

      0,

      "Warning:Failed to locate 'CbsCorePrepareShutdownProcessing' method in Core DLL:%S",

      v1);

  vpfnCbsCoreFinalizeShutdownProcessing = GetProcAddress(vhCoreModule,"CbsCoreFinalizeShutdownProcessing");

  if (!vpfnCbsCoreFinalizeShutdownProcessing)

    CBSWdsLog(

      0x4000000,

      0,

      0,

      "Warning:Failed to locate 'CbsCoreFinalizeShutdownProcessing' method in Core DLL:%S",

      v1);

  vpfnCbsCoreSetRebootInProgressFlag = GetProcAddress(vhCoreModule,"SetRebootInProgressFlag");

  if (!vpfnCbsCoreSetRebootInProgressFlag )

    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'SetRebootInProgressFlag' method in Core DLL: %S", v1);

  vpfnCbsCreateSessionNotifyInitialize = GetProcAddress(vhCoreModule,"CbsCreateSessionNotifyInitialize");

  if (!vpfnCbsCreateSessionNotifyInitialize)

    CBSWdsLog(

      0x4000000,

      0,

      0,

      "Warning:Failed to locate 'CbsCreateSessionNotifyInitialize' method in Core DLL:%S",

      v1);

  vpfnCbsCreateSessionNotify = GetProcAddress(vhCoreModule,"CbsCreateSessionNotify");

  if (!vpfnCbsCreateSessionNotify )

    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCreateSessionNotify' method in Core DLL: %S", v1);

  vpfnCbsCreateSessionNotifyFinalize = GetProcAddress(vhCoreModule,"CbsCreateSessionNotifyFinalize");

  if (!vpfnCbsCreateSessionNotifyFinalize )

    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCreateSessionNotifyFinalize' method in Core DLL: %S", v1);

  vpfnCbsCoreStopIdleProcessing = GetProcAddress(vhCoreModule,"CbsCoreStopIdleProcessing");

  if (!vpfnCbsCoreStopIdleProcessing )

    CBSWdsLog(0x4000000, 0, 0, "Warning: Failed tolocate 'CbsCoreStopIdleProcessing' method in Core DLL: %S", v1);

  v2 =CoGetMalloc(1u, &ppMalloc);

  if (v2 >= 0)

  {

    v6 =(int (__stdcall*)(signedint, _DWORD))vpfnCbsCoreSetState;

    __guard_check_icall_fptr(vpfnCbsCoreSetState);

    v2 =v6(8, 0);

    if (v2 >= 0)

    {

      v7 =(int (__stdcall*)(LPMALLOC,signed int (__stdcall *)(int), void (__stdcall*)(),int (__stdcall *)(), int(__stdcall *)(), BOOL (__stdcall*)(),int (__stdcall *)(), structIClassFactory **))vpfnCbsCoreInitialize;

      v8 =ppMalloc;

      __guard_check_icall_fptr(vpfnCbsCoreInitialize);

      v2 =v7(

             v8,

             TiWorkerCoreLockProcess,

             TiWorkerCoreUnlockProcess,

             TiWorkerCoreInstanceCreated,

            TiWorkerCoreInstanceDestroyed,

            TiWorkerCoreRequireShutdownNow,

            TiWorkerCoreRequireShutdownProcessing,

             &v35);

      if (v2 < 0)

      {

        v31 =v1;

        v30 ="Failed to initialize the Core DLL: %S";

        goto LABEL_66;

      }

      if (v32 )

      {

        lpLibFileName = 0;

        GetOsSafeBootMode(&lpLibFileName);

        v9 =(void (__stdcall*)(int))vpfnCbsCoreEnsureNoStartupProcessing;

        v10 =(unsigned int)lpLibFileName >0;

        __guard_check_icall_fptr(vpfnCbsCoreEnsureNoStartupProcessing);

        v9(v10);

      }

      v11 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;

      __guard_check_icall_fptr(vpfnCbsCoreSetState);

      v12 =v11(1,TiWorkerCoreRevokeShutdownProcessing);

      if (v12 < 0)

        CBSWdsLog(

          0x4000000,

          v12,

          1,

          "Failedto supply callback for revoking shutdown processing; assuming it is notsupported.");

      v13 =(int (__stdcall*)(_DWORD,int (__stdcall *)()))vpfnCbsCoreSetState;

      __guard_check_icall_fptr(vpfnCbsCoreSetState);

      v14 =v13(0,TiWorkerCoreRequireReboot);

      if (v14 < 0)

        CBSWdsLog(

          0x4000000,

          v14,

          1,

          "Ignoringfailure to set reboot callback; assuming reboot indication is notsupported.");

      v15 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;

      __guard_check_icall_fptr(vpfnCbsCoreSetState);

      v16 =v15(3,TiWorkerCoreIsRebootRequired);

      if (v16 < 0)

        CBSWdsLog(

          0x4000000,

          v16,

          1,

          "Ignoringfailure to set is reboot required callback; assuming it is not supported.");

      v17 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;

      __guard_check_icall_fptr(vpfnCbsCoreSetState);

      v18 =v17(4,TiWorkerCoreAnticipateShutdownProcessingNeeded);

      if (v18 < 0)

        CBSWdsLog(

          0x4000000,

          v18,

          1,

          "Ignoringfailure to set is anticipate shutdown processing needed callback; assuming itis not supported.");

      v19 =(int (__stdcall*)(signedint, int (__stdcall *)()))vpfnCbsCoreSetState;

      __guard_check_icall_fptr(vpfnCbsCoreSetState);

      v20 =v19(5,TiWorkerCoreRegisterWinlogonNotification);

      if (v20 < 0)

        CBSWdsLog(

          0x4000000,

          v20,

          1,

          "Failedto supply callback for registering winlogon notifications; assuming it is notsupported.");

      v21 =(int (__stdcall*)(signedint, int (__stdcall *)(int)))vpfnCbsCoreSetState;

      __guard_check_icall_fptr(vpfnCbsCoreSetState);

      v22 =v21(6,TiWorkerCoreUnregisterWinlogonNotification);

      if (v22 < 0)

        CBSWdsLog(

          0x4000000,

          v22,

          1,

          "Failedto supply callback for unregistering winlogon notifications; assuming it is notsupported.");

      v23 =v35;

      v2 =0;

      v35 =0;

      vpCbsSessionClassFactory = v23;

    }

    else

    {

      CBSWdsLog(0x4000000, v2, 1, "Failed to set online servicing state.");

    }

  }

  else

  {

    CBSWdsLog(0x4000000, v2, 1, "Failed to get task allocator for TrustedInstaller.");

  }

LABEL_102:

  if (v35 )

  {

    v24 =(int)v35;

    v25 =v35->lpVtbl->Release;

    __guard_check_icall_fptr(v35->lpVtbl->Release);

    v25((IClassFactory*)v24);

  }

  if (ppMalloc )

  {

    v26 =ppMalloc;

    v27 =ppMalloc->lpVtbl->Release;

    __guard_check_icall_fptr(ppMalloc->lpVtbl->Release);

    v27(v26);

  }

  if (v2 < 0&& vhCoreModule )

  {

    vhCoreModule = 0;

    vpfnCbsCoreInitialize = 0;

    vpfnCbsCoreStartupProcessing = 0;

    vpfnCbsCoreEnsureNoStartupProcessing = 0;

    vpfnCbsCoreShutdownProcessing = 0;

    vpfnCbsCoreFinalize = 0;

    vpfnCbsCorePrepareShutdownProcessing = 0;

    vpfnCbsCoreFinalizeShutdownProcessing= 0;

  }

  if (v1 )

    SczFree(v1);

  if (v33 )

    SczFree(v33);

  return v2;

}

// 401CC4: using guessed type wchar_taCbscore_dll[13];

// 41B700: using guessed type int __stdcallTiWorkerCoreUnregisterWinlogonNotification(int);

// 41E97B: using guessed type intCBSWdsLog(_DWORD, _DWORD, _DWORD, const char *, ...);

// 42C440: using guessed type struct IClassFactory*vpCbsSessionClassFactory;

// 42D148: using guessed type _DWORD __stdcallGetOsSafeBootMode(_DWORD);

// 42D1DC: using guessed type int (__thiscall*__guard_check_icall_fptr)(_DWORD);