Created
November 27, 2020 19:16
-
-
Save Auscitte/7eca2748b90224bb885f2c671e7cfd19 to your computer and use it in GitHub Desktop.
basesrv::ServerDllInitialization() decompiled by retdec plugin for radare2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Address range: 0x180004f72 - 0x180004f77 | |
| int64_t function_180004f72(void) { | |
| // 0x180004f72 | |
| int64_t result; // 0x180004f72 | |
| return result; | |
| } | |
| // Address range: 0x180004f77 - 0x180004f8a | |
| int64_t function_180004f77(void) { | |
| // 0x180004f77 | |
| return RtlDeleteCriticalSection(&g56); | |
| } | |
| // Address range: 0x180004d06 - 0x180004d16 | |
| int64_t function_180004d06(void) { | |
| int64_t result = (int64_t)g46; // 0x180004d06 | |
| int64_t v1; // 0x180004d06 | |
| *(int32_t *)(result + 54) = (int32_t)v1; | |
| return result; | |
| } | |
| // Address range: 0x180004d16 - 0x180004d27 | |
| int64_t function_180004d16(void) { | |
| int64_t result = (int64_t)g46; // 0x180004d16 | |
| int64_t v1; // 0x180004d16 | |
| *(int16_t *)(result + 58) = (int16_t)v1; | |
| return result; | |
| } | |
| // Address range: 0x180004d27 - 0x180004dcf | |
| int64_t function_180004d27(void) { | |
| // 0x180004d27 | |
| int64_t v1; // 0x180004d27 | |
| int64_t * v2 = (int64_t *)(v1 - 16); // 0x180004d27 | |
| int64_t v3 = *v2; // 0x180004d27 | |
| int64_t v4; // 0x180004d27 | |
| if ((int32_t)NtQueryValueKey(v3, (int64_t)L"$&", 2, v1 + 128, (int32_t)v4, (int32_t *)(v1 + 48)) < 0) { | |
| // 0x180004dbf | |
| return NtClose((int64_t *)*v2); | |
| } | |
| int32_t v5 = (int32_t)*(int64_t *)(v1 + 132); // 0x180004d5e | |
| if (v5 == 4) { | |
| int32_t v6 = *(int32_t *)(v1 + 140); // 0x180004d63 | |
| int64_t v7; // 0x180004d27 | |
| *(char *)((int64_t)g46 + 2392) = (char)(v6 != (int32_t)v7); | |
| // 0x180004dbf | |
| return NtClose((int64_t *)*v2); | |
| } | |
| if (v5 != 1) { | |
| // 0x180004dbf | |
| return NtClose((int64_t *)*v2); | |
| } | |
| int16_t * v8 = (int16_t *)(v1 + 140); // 0x180004d8f | |
| if (_wcsicmp(v8, L"yes") == 0) { | |
| // 0x180004db1 | |
| *(char *)((int64_t)g46 + 2392) = 1; | |
| // 0x180004dbf | |
| return NtClose((int64_t *)*v2); | |
| } | |
| // 0x180004d99 | |
| if (_wcsicmp(v8, (int16_t *)&g16) != 0) { | |
| // 0x180004dbf | |
| return NtClose((int64_t *)*v2); | |
| } | |
| // 0x180004db1 | |
| *(char *)((int64_t)g46 + 2392) = 1; | |
| // 0x180004dbf | |
| return NtClose((int64_t *)*v2); | |
| } | |
| // Address range: 0x180004e4c - 0x180004edd | |
| int64_t function_180004e4c(void) { | |
| // 0x180004e4c | |
| int64_t v1; // 0x180004e4c | |
| int16_t * v2 = (int16_t *)(v1 + 2464); // 0x180004e6a | |
| swprintf_s(v2, 256, L"%ws\\%ld\\BaseNamedObjects"); | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)(v1 + 72), v2); | |
| int32_t v3 = 48; // bp+96, 0x180004e85 | |
| *(int64_t *)(v1 - 120) = 0; | |
| int64_t * v4 = (int64_t *)(v1 - 112); // 0x180004eba | |
| NtCreateSymbolicLinkObject(v4, 0xf0001, (int64_t *)&v3, L"\"$"); | |
| NtClose((int64_t *)*v4); | |
| return g47; | |
| } | |
| // Address range: 0x180004edd - 0x180004f2c | |
| int64_t function_180004edd(void) { | |
| int32_t v1 = 48; // bp+96, 0x180004ef0 | |
| int64_t v2; // 0x180004edd | |
| *(int64_t *)(v2 - 120) = 0; | |
| int64_t v3 = NtCreateDirectoryObject(&g55, 0xf000f, (int64_t *)&v1); // 0x180004f1b | |
| int64_t result = v3; // 0x180004f25 | |
| if ((int32_t)v3 < 0) { | |
| result = function_180004f77(); | |
| } | |
| // 0x180004f27 | |
| return result; | |
| } | |
| // Address range: 0x180004f2c - 0x180004f33 | |
| int64_t function_180004f2c(int64_t a1) { | |
| // 0x180004f2c | |
| int64_t result; // 0x180004f2c | |
| return result; | |
| } | |
| // Address range: 0x180004dcf - 0x180004e2b | |
| int64_t function_180004dcf(void) { | |
| int64_t v1 = RtlAllocateHeap(g38, (int64_t)(uint32_t)g39, 40); // 0x180004de2 | |
| int64_t v2; // 0x180004dcf | |
| *(int64_t *)(v2 + 8) = v1; | |
| int64_t v3 = v1; // 0x180004df2 | |
| if (v1 == 0) { | |
| v3 = function_180004f72(); | |
| } | |
| // 0x180004df8 | |
| if ((int32_t)RtlCreateSecurityDescriptor(v3, 1) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180004e10 | |
| return v2 - 56; | |
| } | |
| // Address range: 0x180004e2b - 0x180004e4c | |
| int64_t function_180004e2b(int64_t a1, int64_t a2, int64_t a3, int64_t a4) { | |
| // 0x180004e2b | |
| int64_t v1; // 0x180004e2b | |
| int64_t v2 = *(int64_t *)(v1 - 56); // 0x180004e2b | |
| int64_t v3; // 0x180004e2b | |
| int64_t v4 = RtlSetDaclSecurityDescriptor(v3, (int64_t *)(a2 & -256 | 1), v2, 0); // 0x180004e37 | |
| int64_t result = v4; // 0x180004e41 | |
| if ((int32_t)v4 < 0) { | |
| result = function_180004f77(); | |
| } | |
| // 0x180004e47 | |
| return result; | |
| } | |
| // Address range: 0x180001680 - 0x180004f8a | |
| void BASESRV_dll_ServerDllInitialization(int64_t arg1) { | |
| int32_t v1 = 4; // bp-3488, 0x1800016aa | |
| int128_t v2 = 0; // bp-3640, 0x1800016b1 | |
| int32_t v3 = *(int32_t *)(__readgsqword(96) + 704); // 0x1800016e6 | |
| g47 = v3; | |
| g60 = RtlGetCurrentServiceSessionId(v3); | |
| g38 = *(int64_t *)(__readgsqword(96) + 48); | |
| int64_t v4 = RtlCreateTagHeap(); // 0x180001738 | |
| int64_t * v5 = (int64_t *)(arg1 + 96); // 0x18000173e | |
| g40 = *v5; | |
| g39 = v4; | |
| int64_t v6 = RtlCreateTagHeap(); // 0x18000175f | |
| *(int32_t *)(arg1 + 32) = 0; | |
| g41 = v6; | |
| *(int64_t *)(arg1 + 40) = (int64_t)&g5; | |
| *(int64_t *)(arg1 + 48) = (int64_t)&g15; | |
| *(int64_t *)(arg1 + 72) = 0x180003eb0; | |
| *(int64_t *)(arg1 + 80) = 0x180003cf0; | |
| *(int32_t *)(arg1 + 36) = 29; | |
| *(int32_t *)(arg1 + 64) = 8; | |
| if ((int32_t)RtlInitializeCriticalSection(&g56) < 0) { | |
| // 0x18000233d | |
| pdb___security_check_cookie((int32_t)g17); | |
| return; | |
| } | |
| int64_t v7 = 0x3200000; // bp-3560, 0x1800017f1 | |
| int64_t v8; // bp-3464, 0x180001680 | |
| RtlExpandEnvironmentStrings_U(0, &g4, &v7, 0, 0x3200000, &v8); | |
| int64_t v9 = v7 % 0x10000; // 0x18000180c | |
| if ((int16_t)v7 >= 800) { | |
| v9 = function_180004f72(); | |
| } | |
| uint64_t v10 = v9 & 0xfffe; // 0x180001815 | |
| if (v10 >= 800) { | |
| // 0x1800023ec | |
| pdb___report_rangecheckfailure(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| __asm_int3(); | |
| return; | |
| } | |
| // 0x180001822 | |
| int64_t var_30h_2; // bp-3592, 0x180001680 | |
| int64_t v11 = &var_30h_2; // 0x180001688 | |
| *(int16_t *)(v11 + 128 + v10) = 0; | |
| if ((char)RtlCreateUnicodeString(&g42, &v8) == 0) { | |
| function_180004f72(); | |
| } | |
| // 0x180001847 | |
| wcscat_s((int16_t *)&v8, 400, L"\\system32"); | |
| if ((char)RtlCreateUnicodeString(&g44, &v8) == 0) { | |
| function_180004f72(); | |
| } | |
| // 0x18000187c | |
| int64_t v12; // bp-2664, 0x180001680 | |
| if (g47 == g60) { | |
| // 0x18000236a | |
| wcscpy_s((int16_t *)&v12, 256, L"\\BaseNamedObjects"); | |
| } else { | |
| // 0x18000189a | |
| swprintf_s((int16_t *)&v12, 256, L"%ws\\%ld\\BaseNamedObjects"); | |
| } | |
| // 0x1800018b2 | |
| int64_t v13; // bp-1640, 0x180001680 | |
| swprintf_s((int16_t *)&v13, 256, L"%ws\\%ld\\AppContainerNamedObjects"); | |
| int64_t v14; // bp-2152, 0x180001680 | |
| pdb_RtlStringCchPrintfW((int64_t)&v14, 256, (int64_t)L"%ws\\%ld\\BaseNamedObjects", (int64_t)L"\\Sessions"); | |
| int64_t var_dd0h; // bp-3696, 0x180001680 | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&var_dd0h, (int16_t *)&v12); | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&v2, (int16_t *)&v14); | |
| int64_t v15; // bp-3624, 0x180001680 | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&v15, (int16_t *)&v13); | |
| int64_t v16 = RtlAllocateHeap(g40, (int64_t)g41, 2920); // 0x18000194b | |
| g46 = (int128_t *)v16; | |
| int64_t v17 = v16; // 0x18000195b | |
| if (v16 == 0) { | |
| v17 = function_180004f72(); | |
| } | |
| int64_t v18 = v17; | |
| *v5 = v18; | |
| *(int64_t *)(v18 + 2896) = v18; | |
| *(int32_t *)(v18 + 2864) = -1; | |
| *(int32_t *)(v18 + 2872) = 0; | |
| if (NtQuerySystemInformation(3, (int64_t *)(v18 + 320), 48, NULL) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x18000199f | |
| __asm_movups_1(*g46, __asm_movups(*(int128_t *)&g42)); | |
| uint16_t v19 = *(int16_t *)&g43; // 0x1800019bd | |
| int64_t v20 = RtlAllocateHeap(g40, (int64_t)g41, (int64_t)v19); // 0x1800019c5 | |
| int64_t v21 = v20; // 0x1800019d1 | |
| if (v20 == 0) { | |
| v21 = function_180004f72(); | |
| } | |
| int64_t v22 = (int64_t)g46; // 0x1800019d7 | |
| uint16_t v23 = *(int16_t *)&g43; // 0x1800019e1 | |
| int64_t * v24 = (int64_t *)(v22 + 8); // 0x1800019e9 | |
| memcpy((int64_t *)v21, (int64_t *)*v24, (int32_t)v23); | |
| *v24 = v20; | |
| __asm_movups_1(*(int128_t *)(v22 + 16), __asm_movups(*(int128_t *)&g44)); | |
| uint16_t v25 = *(int16_t *)&g45; // 0x180001a0e | |
| int64_t v26 = RtlAllocateHeap(g40, (int64_t)g41, (int64_t)v25); // 0x180001a16 | |
| int64_t v27 = v26; // 0x180001a22 | |
| if (v26 == 0) { | |
| v27 = function_180004f72(); | |
| } | |
| int64_t v28 = (int64_t)g46; // 0x180001a28 | |
| uint16_t v29 = *(int16_t *)&g45; // 0x180001a32 | |
| int64_t * v30 = (int64_t *)(v28 + 24); // 0x180001a3a | |
| memcpy((int64_t *)v27, (int64_t *)*v30, (int32_t)v29); | |
| *v30 = v26; | |
| *(int64_t *)(v28 + 2408) = 0; | |
| *(int32_t *)(v28 + 2400) = 0; | |
| __asm_movups_1(*(int128_t *)(v28 + 32), __asm_movups((int128_t)var_dd0h)); | |
| *(int16_t *)(v28 + 34) = (int16_t)var_dd0h + 2; | |
| int64_t v31 = RtlAllocateHeap(g40, (int64_t)g41, var_dd0h % 0x10000 + 2); // 0x180001a7f | |
| int64_t v32 = v31; // 0x180001a8b | |
| if (v31 == 0) { | |
| v32 = function_180004f72(); | |
| } | |
| int64_t v33 = (int64_t)g46; // 0x180001a91 | |
| uint16_t v34 = *(int16_t *)(v33 + 34); // 0x180001a9b | |
| int64_t * v35 = (int64_t *)(v33 + 40); // 0x180001aa0 | |
| memcpy((int64_t *)v32, (int64_t *)*v35, (int32_t)v34); | |
| *v35 = v31; | |
| __asm_movups_1(*(int128_t *)(v33 + 2880), __asm_movups((int128_t)v15)); | |
| *(int16_t *)(v33 + 2882) = (int16_t)v15 + 2; | |
| int64_t v36 = RtlAllocateHeap(g40, (int64_t)g41, v15 % 0x10000 + 2); // 0x180001add | |
| int64_t v37 = v36; // 0x180001ae9 | |
| if (v36 == 0) { | |
| v37 = function_180004f72(); | |
| } | |
| int64_t v38 = (int64_t)g46; // 0x180001aef | |
| uint16_t v39 = *(int16_t *)(v38 + 2882); // 0x180001af9 | |
| int64_t * v40 = (int64_t *)(v38 + 2888); // 0x180001b01 | |
| memcpy((int64_t *)v37, (int64_t *)*v40, (int32_t)v39); | |
| *v40 = v36; | |
| int128_t v41 = __asm_movups(0); // 0x180001b21 | |
| __asm_movups_1(*(int128_t *)(v38 + 2904), v41); | |
| *(int16_t *)(v38 + 2906) = (int16_t)v2 + 2; | |
| int64_t v42 = RtlAllocateHeap(g40, (int64_t)g41, (int64_t)v2 % 0x10000 + 2); // 0x180001b44 | |
| int64_t v43 = v42; // 0x180001b50 | |
| if (v42 == 0) { | |
| v43 = function_180004f72(); | |
| } | |
| int64_t v44 = (int64_t)g46; // 0x180001b56 | |
| uint16_t v45 = *(int16_t *)(v44 + 2906); // 0x180001b60 | |
| int64_t * v46 = (int64_t *)(v44 + 2912); // 0x180001b68 | |
| memcpy((int64_t *)v43, (int64_t *)*v46, (int32_t)v45); | |
| *v46 = v42; | |
| *(char *)(v44 + 2416) = 0; | |
| int64_t v47; // bp-2864, 0x180001680 | |
| g49 = (int16_t *)&v47; | |
| *(int32_t *)&g48 = 0xc80000; | |
| if ((int32_t)RtlQueryRegistryValuesEx(3, &g14, &g3, 0, 0) < 0) { | |
| function_180004d06(); | |
| } | |
| int64_t v48 = (int64_t)g46; // 0x180001bc9 | |
| *(int16_t *)(v48 + 54) = g50; | |
| *(int16_t *)(v48 + 56) = g51; | |
| if ((int32_t)RtlQueryRegistryValuesEx(3, &g14, &g2, 0, 0) < 0) { | |
| function_180004d16(); | |
| } | |
| uint16_t v49 = *(int16_t *)&g48; // 0x180001c07 | |
| wcsncpy_s((int16_t *)((int64_t)g46 + 58), 128, g49, (int32_t)(v49 / 2)); | |
| if ((int32_t)RtlInitUnicodeStringEx(&g48, 0) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001c48 | |
| if (NtQuerySystemInformation(0, &g58, 64, NULL) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001c68 | |
| pdb_BaseSrvInitializeIniFileMappings(); | |
| if (((int32_t)&g71 & (int32_t)&g71) < 0) { | |
| function_180004f77(); | |
| } | |
| int128_t v50 = __asm_xorps(v41, v41); // 0x180001c83 | |
| *(char *)((int64_t)g46 + 2392) = 0; | |
| int64_t Handle = 48; // bp-3752, 0x180001ca2 | |
| int128_t v51; // 0x180001680 | |
| __asm_movdqu(v51, v50); | |
| int64_t var_20h; // bp-3608, 0x180001680 | |
| int64_t v52 = NtOpenKey((int64_t)&var_20h, 0x20019, (int64_t)&Handle); // 0x180001cbc | |
| if ((int32_t)v52 >= 0) { | |
| function_180004d27(); | |
| } | |
| // 0x180001cca | |
| *(char *)((int64_t)g46 + 2393) = 0; | |
| RtlQueryRegistryValuesEx(2, (int64_t *)L"Session Manager\\NamespaceSeparation", &g1, 0, 0); | |
| int64_t v53 = RtlAllocateHeap(g38, (int64_t)g39, 1024); // 0x180001d0b | |
| int64_t v54 = v53; // 0x180001d17 | |
| if (v53 == 0) { | |
| v54 = function_180004f72(); | |
| } | |
| // 0x180001d1d | |
| if ((int32_t)RtlCreateSecurityDescriptor(v54, 1) < 0) { | |
| function_180004f77(); | |
| } | |
| int64_t v55 = RtlAllocateHeap(g38, (int64_t)g39, 40); // 0x180001d48 | |
| int64_t v56 = v55; // 0x180001d54 | |
| if (v55 == 0) { | |
| v56 = function_180004f72(); | |
| } | |
| // 0x180001d5a | |
| if ((int32_t)RtlCreateSecurityDescriptor(v56, 1) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001d72 | |
| if (g68 != 0) { | |
| function_180004dcf(); | |
| } | |
| // 0x180001d7f | |
| int32_t v57; // bp-3664, 0x180001680 | |
| int64_t var_10h; // bp-3656, 0x180001680 | |
| int64_t var_28h_2; // bp-3600, 0x180001680 | |
| pdb_CreateBaseAcls((int64_t)&var_10h, v11, (int64_t)&var_28h_2, (int64_t)&v57, 0); | |
| if (((int32_t)&g71 & (int32_t)&g71) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001da3 | |
| int64_t v58; // bp-3839, 0x180001680 | |
| if ((int32_t)RtlSetDaclSecurityDescriptor(v53, &v58, var_10h, 0) < 0) { | |
| function_180004f77(); | |
| } | |
| int64_t v59 = v57; // 0x180001dbf | |
| if ((int32_t)RtlSetSaclSecurityDescriptor(v53, &v58, v59, 0) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001dde | |
| if ((int32_t)RtlSetDaclSecurityDescriptor(v55, &v58, var_28h_2, 0) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001dfd | |
| if (g68 != 0) { | |
| function_180004e2b(v55, (int64_t)&v58, var_28h_2, 0); | |
| } | |
| // 0x180001e0a | |
| Handle = 48; | |
| if ((int32_t)NtCreateDirectoryObject(&g52, 0xf000f, &Handle) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001e4f | |
| Handle = 48; | |
| if ((int32_t)NtCreateDirectoryObject(&g54, 0xf000f, &Handle) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001e94 | |
| if (g47 == g60) { | |
| // 0x18000237c | |
| if ((int32_t)NtSetInformationObject(g52, 5, 0, 0) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x18000239d | |
| if (g47 != 0) { | |
| // 0x1800023ab | |
| function_180004e4c(); | |
| return; | |
| } | |
| } | |
| // 0x180001ea6 | |
| if (g68 != 0) { | |
| function_180004edd(); | |
| } | |
| // 0x180001eb5 | |
| int64_t var_28h; // bp-3680, 0x180001680 | |
| if (NtQueryInformationProcess((int64_t *)-1, 28, &var_28h, 4, NULL) < 0) { | |
| function_180004f33(-1); | |
| } | |
| // 0x180001edd | |
| if ((int32_t)var_28h == 0) { | |
| function_180004f2c(-1); | |
| } | |
| // 0x180001ee7 | |
| *(char *)((int64_t)g46 + 2868) = 1; | |
| if ((int32_t)RtlInitializeCriticalSectionAndSpinCount(&g59, 0x80000000) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001f17 | |
| Handle = 48; | |
| int64_t var_40h; // bp-3704, 0x180001680 | |
| if ((int32_t)NtCreateSymbolicLinkObject(&var_40h, 0xf0001, &Handle, L"\"$") < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001f68 | |
| if (g47 == g60) { | |
| // 0x1800023b0 | |
| NtClose((int64_t *)var_40h); | |
| } | |
| // 0x180001f7a | |
| int64_t var_68h; // bp-3536, 0x180001680 | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&var_68h, (int16_t *)&v12); | |
| Handle = 48; | |
| int64_t v60 = NtCreateSymbolicLinkObject(&var_40h, 0xf0001, &Handle, (int16_t *)&var_68h); // 0x180001fc9 | |
| if ((int32_t)v60 < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180001fd9 | |
| if (g47 == g60) { | |
| // 0x1800023bf | |
| NtClose((int64_t *)var_40h); | |
| } | |
| // 0x180001feb | |
| Handle = 48; | |
| int64_t v61 = NtCreateSymbolicLinkObject(&var_40h, 0xf0001, &Handle, (int16_t *)&v15); // 0x180002029 | |
| if ((int32_t)v61 < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x180002039 | |
| if (g47 == g60) { | |
| // 0x1800023ce | |
| NtClose((int64_t *)var_40h); | |
| } | |
| // 0x18000204b | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&var_dd0h, L"Session"); | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&var_68h, L"\\Sessions\\BNOLINKS"); | |
| Handle = 48; | |
| int64_t v62 = NtCreateSymbolicLinkObject(&var_40h, 0xf0001, &Handle, (int16_t *)&var_68h); // 0x1800020a8 | |
| if ((int32_t)v62 < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x1800020b8 | |
| if (g47 == g60) { | |
| // 0x1800023dd | |
| NtClose((int64_t *)var_40h); | |
| } | |
| // 0x1800020ca | |
| RtlInitUnicodeString((struct _UNICODE_STRING *)&var_dd0h, L"Restricted"); | |
| if ((int32_t)RtlSetDaclSecurityDescriptor(v53, (int64_t *)((int64_t)L"Restricted" & -256 || 1), var_30h_2, 0) < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x1800020fa | |
| Handle = 48; | |
| if ((int32_t)NtCreateDirectoryObject(&g53, 0xf000f, &Handle) < 0) { | |
| function_180004f77(); | |
| } | |
| int64_t v63 = *(int64_t *)(v55 + 32); // 0x180002146 | |
| int64_t var_20h_2; // bp-3672, 0x180001680 | |
| int64_t v64 = RtlGetAce(v63, 0, &var_20h_2); // 0x180002157 | |
| int64_t v65 = v59; // 0x18000215f | |
| if ((int32_t)v64 >= 0) { | |
| int64_t v66 = var_20h_2 + 4; // 0x18000216c | |
| *(int16_t *)v66 = 0; | |
| int64_t v67 = &v1; | |
| int32_t v68 = 4; | |
| int32_t * v69; // 0x180002362 | |
| if ((*(int32_t *)v66 % 0x10000 & v68) == v68) { | |
| // 0x18000235b | |
| v69 = (int32_t *)(var_20h_2 + 4); | |
| *v69 = *v69 | *(int32_t *)(v67 + 4); | |
| } | |
| int64_t v70 = v67 + 8; // 0x18000218a | |
| int32_t v71 = *(int32_t *)v70; // 0x18000218a | |
| while (v71 != 0) { | |
| // 0x18000217a | |
| v67 = v70; | |
| v68 = v71; | |
| if ((*(int32_t *)v66 % 0x10000 & v68) == v68) { | |
| // 0x18000235b | |
| v69 = (int32_t *)(var_20h_2 + 4); | |
| *v69 = *v69 | *(int32_t *)(v67 + 4); | |
| } | |
| // 0x18000218a | |
| v70 = v67 + 8; | |
| v71 = *(int32_t *)v70; | |
| } | |
| int64_t v72 = 1; // 0x180002195 | |
| int64_t v73 = RtlGetAce(v63, (int32_t)v72, &var_20h_2); // 0x1800021a0 | |
| int64_t v74 = v72 & 0xffffffff; // 0x1800021a8 | |
| while ((int32_t)v73 >= 0) { | |
| // 0x180002164 | |
| v66 = var_20h_2 + 4; | |
| *(int16_t *)v66 = 0; | |
| v67 = &v1; | |
| v68 = 4; | |
| if ((*(int32_t *)v66 % 0x10000 & v68) == v68) { | |
| // 0x18000235b | |
| v69 = (int32_t *)(var_20h_2 + 4); | |
| *v69 = *v69 | *(int32_t *)(v67 + 4); | |
| } | |
| // 0x18000218a | |
| v70 = v67 + 8; | |
| v71 = *(int32_t *)v70; | |
| while (v71 != 0) { | |
| // 0x18000217a | |
| v67 = v70; | |
| v68 = v71; | |
| if ((*(int32_t *)v66 % 0x10000 & v68) == v68) { | |
| // 0x18000235b | |
| v69 = (int32_t *)(var_20h_2 + 4); | |
| *v69 = *v69 | *(int32_t *)(v67 + 4); | |
| } | |
| // 0x18000218a | |
| v70 = v67 + 8; | |
| v71 = *(int32_t *)v70; | |
| } | |
| // 0x180002195 | |
| v72 = v74 + 1; | |
| v73 = RtlGetAce(v63, (int32_t)v72, &var_20h_2); | |
| v74 = v72 & 0xffffffff; | |
| } | |
| // 0x1800021aa | |
| v65 = v57; | |
| } | |
| int32_t v75 = 0x2240000; // bp-3576, 0x1800021b5 | |
| RtlAppendUnicodeToString(&v75, L"\\Device\\NamedPipe"); | |
| RtlAppendUnicodeStringToString(&v75, &v15); | |
| Handle = 48; | |
| int64_t v76; // bp-3504, 0x180001680 | |
| int32_t v77 = NtCreateFile((int64_t **)&g57, 0x1f01ff, (struct _OBJECT_ATTRIBUTES *)&Handle, (struct _IO_STATUS_BLOCK *)&v76, NULL, 128, 3, 2, 1, NULL, 0); // 0x18000224a | |
| if (v77 < 0) { | |
| function_180004f77(); | |
| } | |
| // 0x18000225a | |
| RtlFreeHeap(g38, 0, var_10h); | |
| RtlFreeHeap(g38, 0, var_30h_2); | |
| RtlFreeHeap(g38, 0, var_28h_2); | |
| RtlFreeHeap(g38, 0, v65); | |
| RtlFreeHeap(g38, 0, v53); | |
| RtlFreeHeap(g38, 0, v55); | |
| RtlInitializeCriticalSection(&g35); | |
| RtlInitializeCriticalSection(&g36); | |
| if ((int32_t)RtlInitializeCriticalSection(&g31) >= 0) { | |
| // 0x180002313 | |
| g32 = (int64_t)g46 + 376; | |
| } | |
| // 0x18000233d | |
| pdb___security_check_cookie((int32_t)g17); | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What the heck is this? The answer is here.