Created
November 27, 2020 18:52
-
-
Save Auscitte/abb58edfec0116b473aa6810bb07e655 to your computer and use it in GitHub Desktop.
basesrv::ServerDllInitialization() decompiled by ghidra plugin for radare2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// WARNING: Could not reconcile some variable overlaps | |
// WARNING: Unknown calling convention yet parameter storage is locked | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function ServerDllInitialization failed, args may be | |
// inaccurate. | |
// WARNING: [r2ghidra] Var arg_10h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Var arg_18h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Var arg_20h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.RtlStringCchPrintfW failed, args may be | |
// inaccurate. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.memcpy failed, args may be inaccurate. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.BaseSrvInitializeIniFileMappings failed, args | |
// may be inaccurate. | |
// WARNING: [r2ghidra] Var arg_8h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.CreateBaseAcls failed, args may be inaccurate. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.__security_check_cookie failed, args may be | |
// inaccurate. | |
// WARNING: [r2ghidra] Var arg_0h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.__report_rangecheckfailure failed, args may be | |
// inaccurate. | |
void ServerDllInitialization(int64_t arg2, int64_t arg4, int64_t arg1) | |
{ | |
uint32_t uVar1; | |
undefined8 uVar2; | |
code *pcVar3; | |
undefined8 uVar4; | |
uint32_t uVar5; | |
char cVar6; | |
int32_t iVar7; | |
int32_t iVar8; | |
uint32_t uVar9; | |
uint32_t *puVar10; | |
int64_t iVar11; | |
uint64_t arg1_00; | |
uint64_t uVar12; | |
uint64_t uVar13; | |
undefined4 *puVar14; | |
undefined4 uVar15; | |
int64_t arg2_00; | |
int64_t in_GS_OFFSET; | |
undefined auStack3848 [32]; | |
undefined8 uStack3816; | |
undefined8 uStack3808; | |
undefined4 uStack3800; | |
undefined4 uStack3792; | |
undefined4 uStack3784; | |
undefined8 uStack3776; | |
undefined4 uStack3768; | |
undefined4 auStack3752 [2]; | |
undefined8 uStack3744; | |
undefined8 *puStack3736; | |
undefined4 uStack3728; | |
undefined auStack3720 [16]; | |
undefined8 uStack3704; | |
undefined8 uStack3696; | |
uint32_t uStack3688; | |
uint32_t uStack3684; | |
int32_t aiStack3680 [2]; | |
int64_t iStack3672; | |
undefined8 uStack3664; | |
undefined8 uStack3656; | |
int64_t iStack3648; | |
undefined8 uStack3640; | |
undefined8 uStack3632; | |
undefined8 uStack3624; | |
uint32_t uStack3616; | |
uint32_t uStack3612; | |
undefined8 uStack3608; | |
undefined8 uStack3600; | |
undefined8 uStack3592; | |
uint64_t uStack3584; | |
undefined8 uStack3576; | |
undefined *puStack3568; | |
undefined4 auStack3560 [2]; | |
undefined2 *puStack3552; | |
undefined auStack3544 [8]; | |
undefined auStack3536 [16]; | |
undefined8 auStack3520 [2]; | |
undefined auStack3504 [16]; | |
undefined4 uStack3488; | |
uint32_t auStack3484 [2]; | |
undefined8 uStack3476; | |
undefined2 auStack3464 [2]; | |
int32_t iStack3460; | |
int32_t aiStack3452 [147]; | |
undefined auStack2864 [200]; | |
undefined auStack2664 [512]; | |
undefined auStack2152 [512]; | |
undefined auStack1640 [512]; | |
undefined auStack1128 [512]; | |
undefined auStack616 [560]; | |
uint64_t uStack56; | |
uStack56 = _pdb.__security_cookie ^ (uint64_t)auStack3848; | |
uStack3488 = 4; | |
uStack3640 = 0; | |
uVar13 = 0; | |
uStack3632 = 0; | |
arg2_00 = 0xc0; | |
auStack3484[0] = 0x100002; | |
auStack3484[1] = 8; | |
uStack3476 = 0x100004; | |
_pdb.SessionId = *(uint32_t *)(*(int64_t *)(in_GS_OFFSET + 0x60) + 0x2c0); | |
uStack3584 = 0; | |
iStack3648 = 0; | |
_pdb.ServiceSessionId = (*_RtlGetCurrentServiceSessionId)(); | |
if (_pdb.SessionId == _pdb.ServiceSessionId) { | |
arg2_00 = 0xd0; | |
} | |
_pdb.BaseSrvHeap = *(undefined8 *)(*(int64_t *)(in_GS_OFFSET + 0x60) + 0x30); | |
_pdb.BaseSrvTag = | |
(*_RtlCreateTagHeap) | |
(_pdb.BaseSrvHeap, 0, "B", | |
pdb.___C__1CC_HBLFFKMG___AAT__AAM__AAP__AA__AA__AAV__AAD__AAM__AA__AA__AAS__AAX__AAS__AA__AA__AAA__AAP__AAP__AA__AA__AA__AA | |
); | |
_pdb.BaseSrvSharedHeap = *(undefined8 *)(arg4 + 0x60); | |
_pdb.BaseSrvSharedTag = (*_RtlCreateTagHeap)(_pdb.BaseSrvSharedHeap, 0, "B", "I"); | |
*(undefined4 *)(arg4 + 0x20) = 0; | |
*(code **)(arg4 + 0x28) = pdb.BaseServerApiDispatchTable; | |
*(code **)(arg4 + 0x30) = pdb.BaseServerApiServerValidTable; | |
*(code **)(arg4 + 0x48) = pdb.BaseClientConnectRoutine; | |
*(code **)(arg4 + 0x50) = pdb.BaseClientDisconnectRoutine; | |
*(undefined4 *)(arg4 + 0x24) = 0x1d; | |
*(undefined4 *)(arg4 + 0x40) = 8; | |
iVar7 = (*_RtlInitializeCriticalSection)(pdb.BaseSrvDosDeviceCritSec); | |
if (iVar7 < 0) goto code_r0x00018000233d; | |
puStack3552 = auStack3464; | |
auStack3560[0] = 0x3200000; | |
(*_RtlExpandEnvironmentStrings_U)(0, pdb.UnexpandedSystemRootString, auStack3560, 0); | |
if ((uint16_t)auStack3560[0] < 800) { | |
if (799 < ((uint64_t)(uint16_t)auStack3560[0] & 0xfffffffffffffffe)) { | |
pdb.__report_rangecheckfailure(); | |
pcVar3 = (code *)swi(3); | |
(*pcVar3)(); | |
return; | |
} | |
*(undefined2 *)((int64_t)auStack3464 + ((uint64_t)(uint16_t)auStack3560[0] & 0xfffffffffffffffe)) = 0; | |
cVar6 = (*_RtlCreateUnicodeString)(pdb.BaseSrvWindowsDirectory, auStack3464); | |
if (cVar6 != '\0') { | |
(*_wcscat_s)(auStack3464, 400, "\\"); | |
cVar6 = (*_RtlCreateUnicodeString)(pdb.BaseSrvWindowsSystemDirectory, auStack3464); | |
if (cVar6 != '\0') { | |
if (_pdb.SessionId == _pdb.ServiceSessionId) { | |
(*_wcscpy_s)(auStack2664, 0x100, "\\"); | |
} else { | |
uStack3816 = (int64_t *)((uint64_t)uStack3816 & 0xffffffff00000000 | (uint64_t)_pdb.SessionId); | |
(*_swprintf_s)(auStack2664, 0x100, "%", "\\"); | |
} | |
uStack3816 = (int64_t *)((uint64_t)uStack3816 & 0xffffffff00000000 | (uint64_t)_pdb.SessionId); | |
(*_swprintf_s)(auStack1640, 0x100, "%", "\\"); | |
uStack3816 = (int64_t *)((uint64_t)uStack3816 & 0xffffffff00000000 | (uint64_t)_pdb.SessionId); | |
pdb.RtlStringCchPrintfW((int64_t)"%", (int64_t)"\\", arg2_00, arg1, 0x100, (int64_t)auStack2152); | |
(*_RtlInitUnicodeString)(&uStack3696, auStack2664); | |
(*_RtlInitUnicodeString)(&uStack3640, auStack2152); | |
(*_RtlInitUnicodeString)(&uStack3624, auStack1640); | |
puVar10 = (uint32_t *)(*_RtlAllocateHeap)(_pdb.BaseSrvSharedHeap, _pdb.BaseSrvSharedTag, 0xb68); | |
_pdb.BaseSrvpStaticServerData = puVar10; | |
if (puVar10 != (uint32_t *)0x0) { | |
*(uint32_t **)(arg4 + 0x60) = puVar10; | |
*(uint32_t **)(puVar10 + 0x2d4) = puVar10; | |
puVar10[0x2cc] = 0xffffffff; | |
puVar10[0x2ce] = 0; | |
iVar7 = (*_NtQuerySystemInformation)(3, puVar10 + 0x50, 0x30); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
uVar5 = *(uint32_t *)0x18001093c; | |
uVar9 = *(uint32_t *)0x180010938; | |
uVar1 = *(uint32_t *)0x180010934; | |
uVar15 = _pdb.BaseSrvSharedTag; | |
uVar4 = _pdb.BaseSrvSharedHeap; | |
if (-1 < iVar7) { | |
*_pdb.BaseSrvpStaticServerData = _pdb.BaseSrvWindowsDirectory; | |
puVar10[1] = uVar1; | |
puVar10[2] = uVar9; | |
puVar10[3] = uVar5; | |
iVar11 = (*_RtlAllocateHeap)(uVar4, uVar15, _pdb.BaseSrvWindowsDirectory >> 0x10); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
if (iVar11 != 0) { | |
pdb.memcpy(iVar11, *(undefined8 *)(_pdb.BaseSrvpStaticServerData + 2), | |
_pdb.BaseSrvWindowsDirectory >> 0x10); | |
uVar15 = _pdb.BaseSrvSharedTag; | |
uVar4 = _pdb.BaseSrvSharedHeap; | |
*(int64_t *)(puVar10 + 2) = iVar11; | |
uVar5 = *(uint32_t *)0x18001094c; | |
uVar9 = *(uint32_t *)0x180010948; | |
uVar1 = *(uint32_t *)0x180010944; | |
puVar10[4] = _pdb.BaseSrvWindowsSystemDirectory; | |
puVar10[5] = uVar1; | |
puVar10[6] = uVar9; | |
puVar10[7] = uVar5; | |
iVar11 = (*_RtlAllocateHeap)(uVar4, uVar15, _pdb.BaseSrvWindowsSystemDirectory >> 0x10); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
if (iVar11 != 0) { | |
pdb.memcpy(iVar11, *(undefined8 *)(_pdb.BaseSrvpStaticServerData + 6), | |
_pdb.BaseSrvWindowsSystemDirectory >> 0x10); | |
uVar15 = _pdb.BaseSrvSharedTag; | |
uVar4 = _pdb.BaseSrvSharedHeap; | |
*(int64_t *)(puVar10 + 6) = iVar11; | |
*(undefined8 *)(puVar10 + 0x25a) = 0; | |
puVar10[600] = 0; | |
puVar10[8] = (uint32_t)uStack3696; | |
puVar10[9] = uStack3696._4_4_; | |
puVar10[10] = uStack3688; | |
puVar10[0xb] = uStack3684; | |
*(uint16_t *)((int64_t)puVar10 + 0x22) = (uint16_t)uStack3696 + 2; | |
iVar11 = (*_RtlAllocateHeap)(uVar4, uVar15, (uint64_t)(uint16_t)uStack3696 + 2); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
if (iVar11 != 0) { | |
pdb.memcpy(iVar11, *(undefined8 *)(_pdb.BaseSrvpStaticServerData + 10), | |
*(undefined2 *)((int64_t)_pdb.BaseSrvpStaticServerData + 0x22)); | |
uVar15 = _pdb.BaseSrvSharedTag; | |
uVar4 = _pdb.BaseSrvSharedHeap; | |
*(int64_t *)(puVar10 + 10) = iVar11; | |
puVar10[0x2d0] = (uint32_t)uStack3624; | |
puVar10[0x2d1] = uStack3624._4_4_; | |
puVar10[0x2d2] = uStack3616; | |
puVar10[0x2d3] = uStack3612; | |
*(uint16_t *)((int64_t)puVar10 + 0xb42) = (uint16_t)uStack3624 + 2; | |
iVar11 = (*_RtlAllocateHeap)(uVar4, uVar15, (uint64_t)(uint16_t)uStack3624 + 2); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
if (iVar11 != 0) { | |
pdb.memcpy(iVar11, *(undefined8 *)(_pdb.BaseSrvpStaticServerData + 0x2d2), | |
*(undefined2 *)((int64_t)_pdb.BaseSrvpStaticServerData + 0xb42)); | |
uVar15 = _pdb.BaseSrvSharedTag; | |
uVar4 = _pdb.BaseSrvSharedHeap; | |
*(int64_t *)(puVar10 + 0x2d2) = iVar11; | |
puVar10[0x2d6] = (uint32_t)uStack3640; | |
puVar10[0x2d7] = uStack3640._4_4_; | |
puVar10[0x2d8] = (uint32_t)uStack3632; | |
puVar10[0x2d9] = uStack3632._4_4_; | |
*(int16_t *)((int64_t)puVar10 + 0xb5a) = (int16_t)uStack3640 + 2; | |
iVar11 = (*_RtlAllocateHeap)(uVar4, uVar15, (uStack3640 & 0xffff) + 2); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
if (iVar11 != 0) { | |
pdb.memcpy(iVar11, *(undefined8 *)(_pdb.BaseSrvpStaticServerData + 0x2d8), | |
*(undefined2 *)((int64_t)_pdb.BaseSrvpStaticServerData + 0xb5a)); | |
*(int64_t *)(puVar10 + 0x2d8) = iVar11; | |
*(undefined **)0x180010968 = auStack2864; | |
*(undefined *)(puVar10 + 0x25c) = 0; | |
_pdb.BaseSrvCSDString = 0xc80000; | |
uStack3816 = (int64_t *)0x0; | |
iVar7 = (*_RtlQueryRegistryValuesEx) | |
(3, pdb.___C__11LOCGONAA___AA__AA, | |
pdb.BaseServerRegistryConfigurationTable1); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
if (iVar7 < 0) { | |
*(undefined4 *)((int64_t)_pdb.BaseSrvpStaticServerData + 0x36) = 0; | |
} else { | |
*(undefined2 *)((int64_t)_pdb.BaseSrvpStaticServerData + 0x36) = | |
_pdb.BaseSrvCSDNumber; | |
*(undefined2 *)(puVar10 + 0xe) = *(undefined2 *)0x180010972; | |
} | |
uStack3816 = (int64_t *)0x0; | |
iVar7 = (*_RtlQueryRegistryValuesEx) | |
(3, pdb.___C__11LOCGONAA___AA__AA, | |
pdb.BaseServerRegistryConfigurationTable); | |
if (iVar7 < 0) { | |
*(undefined2 *)((int64_t)_pdb.BaseSrvpStaticServerData + 0x3a) = 0; | |
} else { | |
(*_wcsncpy_s)((int64_t)_pdb.BaseSrvpStaticServerData + 0x3a, 0x80, | |
*(undefined **)0x180010968, | |
(_pdb.BaseSrvCSDString & 0xffff) >> 1); | |
} | |
iVar7 = (*_RtlInitUnicodeStringEx)(pdb.BaseSrvCSDString, 0); | |
if (((-1 < iVar7) && | |
(iVar7 = (*_NtQuerySystemInformation)(0, pdb.SysInfo, 0x40), -1 < iVar7) | |
) && (iVar7 = pdb.BaseSrvInitializeIniFileMappings(arg2_00, iVar11), | |
-1 < iVar7)) { | |
*(undefined *)(_pdb.BaseSrvpStaticServerData + 0x256) = 0; | |
puStack3736 = (undefined8 *)0x18000c0e8; | |
auStack3752[0] = 0x30; | |
uStack3744 = 0; | |
uStack3728 = 0x40; | |
auStack3720 = ZEXT816(0); | |
iVar7 = (*_NtOpenKey)(&uStack3608, 0x20019, auStack3752); | |
if (-1 < iVar7) { | |
uStack3808 = auStack3544; | |
uStack3816 = (int64_t *)CONCAT44(uStack3816._4_4_, 800); | |
iVar7 = (*_NtQueryValueKey)(uStack3608, 0x18000c968, 2, auStack3464) | |
; | |
if (-1 < iVar7) { | |
if (iStack3460 == 4) { | |
*(bool *)(_pdb.BaseSrvpStaticServerData + 0x256) = | |
aiStack3452[0] != 0; | |
} else { | |
if ((iStack3460 == 1) && | |
((iVar7 = (*__wcsicmp)(aiStack3452, | |
pdb.___C__17IHBDLLG___AAy__AAe__AAs__AA__AA), iVar7 == 0 || | |
(iVar7 = (*__wcsicmp)(aiStack3452, | |
pdb.___C__13JGCMLPCH___AA1__AA__AA), | |
iVar7 == 0)))) { | |
*(undefined *)(_pdb.BaseSrvpStaticServerData + 0x256) = | |
1; | |
} | |
} | |
} | |
(*_NtClose)(uStack3608); | |
} | |
uStack3816 = (int64_t *)0x0; | |
*(undefined *)((int64_t)_pdb.BaseSrvpStaticServerData + 0x959) = 0; | |
(*_RtlQueryRegistryValuesEx)(2, "S", pdb.BnoRegistryConfigurationTable); | |
arg1_00 = (*_RtlAllocateHeap)(_pdb.BaseSrvHeap, _pdb.BaseSrvTag, 0x400); | |
if (((arg1_00 != 0) && | |
(iVar7 = (*_RtlCreateSecurityDescriptor)(arg1_00, 1), -1 < iVar7)) | |
&& ((uVar12 = (*_RtlAllocateHeap)(_pdb.BaseSrvHeap, _pdb.BaseSrvTag, | |
0x28), uVar12 != 0 && | |
(iVar7 = (*_RtlCreateSecurityDescriptor)(uVar12, 1), -1 < iVar7)) | |
)) { | |
if (_pdb.InteractiveUserNameSpaceSeparation == 0) { | |
code_r0x000180001d7f: | |
uStack3816 = (int64_t *)0x0; | |
} else { | |
uVar13 = (*_RtlAllocateHeap)(_pdb.BaseSrvHeap, _pdb.BaseSrvTag, | |
0x28); | |
uStack3584 = uVar13; | |
if ((uVar13 == 0) || | |
(iVar7 = (*_RtlCreateSecurityDescriptor)(uVar13, 1), | |
iVar7 < 0)) goto code_r0x000180004f77; | |
if (_pdb.InteractiveUserNameSpaceSeparation == 0) | |
goto code_r0x000180001d7f; | |
uStack3816 = &iStack3648; | |
} | |
iVar7 = pdb.CreateBaseAcls(arg2_00, arg1_00, (int64_t)&uStack3592, | |
(int64_t)&uStack3656, | |
(int64_t)&uStack3664, | |
(int64_t)&uStack3600); | |
if (((((-1 < iVar7) && | |
(iVar7 = (*_RtlSetDaclSecurityDescriptor) | |
(arg1_00, 1, uStack3656, 0), | |
uVar4 = uStack3664, -1 < iVar7)) && | |
(iVar7 = (*_RtlSetSaclSecurityDescriptor) | |
(arg1_00, 1, uStack3664, 0), -1 < iVar7)) && | |
(iVar7 = (*_RtlSetDaclSecurityDescriptor) | |
(uVar12, 1, uStack3600, 0), -1 < iVar7)) && | |
((_pdb.InteractiveUserNameSpaceSeparation == 0 || | |
(iVar7 = (*_RtlSetDaclSecurityDescriptor) | |
(uVar13, 1, iStack3648, 0), -1 < iVar7)))) { | |
auStack3752[0] = 0x30; | |
uStack3744 = 0; | |
puStack3736 = &uStack3696; | |
uVar15 = (undefined4)arg2_00; | |
auStack3720 = ZEXT816(arg1_00); | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateDirectoryObject) | |
(pdb.BaseSrvNamedObjectDirectory, 0xf000f, | |
auStack3752); | |
if (-1 < iVar7) { | |
auStack3752[0] = 0x30; | |
uStack3744 = 0; | |
puStack3736 = &uStack3624; | |
auStack3720 = CONCAT88(SUB168(auStack3720 >> 0x40, 0), | |
uVar12) & | |
(undefined [16])0xffffffffffffffff; | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateDirectoryObject) | |
(pdb.BaseSrvLowBoxObjectDirectory, 0xf000f | |
, auStack3752); | |
if (-1 < iVar7) { | |
if (_pdb.SessionId == _pdb.ServiceSessionId) { | |
iVar7 = (*_NtSetInformationObject) | |
(_pdb.BaseSrvNamedObjectDirectory | |
, 5, 0); | |
if (iVar7 < 0) goto code_r0x000180004f77; | |
if (_pdb.SessionId != 0) { | |
uStack3816 = (int64_t *) | |
((uint64_t)uStack3816 & | |
0xffffffff00000000 | | |
(uint64_t)_pdb.SessionId); | |
(*_swprintf_s)(auStack1128, 0x100, "%", "\\"); | |
(*_RtlInitUnicodeString) | |
(auStack3520, auStack1128); | |
puStack3736 = auStack3520; | |
auStack3752[0] = 0x30; | |
uStack3744 = 0; | |
auStack3720 = ZEXT816(arg1_00); | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateSymbolicLinkObject) | |
(&uStack3704, 0xf0001, | |
auStack3752, 0x18000c020); | |
if (iVar7 < 0) goto code_r0x00018000233d; | |
(*_NtClose)(); | |
} | |
} | |
if ((_pdb.InteractiveUserNameSpaceSeparation != 0) && | |
(_pdb.SessionId == 0)) { | |
puStack3736 = &uStack3640; | |
auStack3752[0] = 0x30; | |
auStack3720 = ZEXT816(uVar13); | |
uStack3744 = 0; | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateDirectoryObject) | |
(pdb.BaseSrvUserObjectDirectory, | |
0xf000f, auStack3752); | |
if (iVar7 < 0) goto code_r0x000180004f77; | |
} | |
uStack3816 = (int64_t *)0x0; | |
iVar7 = (*_NtQueryInformationProcess) | |
(0xffffffffffffffff, 0x1c, aiStack3680 | |
); | |
if (iVar7 < 0) { | |
*(undefined *) | |
(_pdb.BaseSrvpStaticServerData + 0x2cd) = 0; | |
} else { | |
*(bool *)(_pdb.BaseSrvpStaticServerData + 0x2cd) = | |
aiStack3680[0] != 0; | |
} | |
if ((iVar7 < 0 || aiStack3680[0] == 0) || | |
(iVar7 = (*_RtlInitializeCriticalSectionAndSpinCount) | |
(pdb.BaseSrvDDDBSMCritSec, | |
0x80000000), -1 < iVar7)) { | |
uStack3744 = _pdb.BaseSrvNamedObjectDirectory; | |
auStack3752[0] = 0x30; | |
puStack3736 = (undefined8 *)0x18000c030; | |
auStack3720 = ZEXT816(arg1_00); | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateSymbolicLinkObject) | |
(&uStack3704, 0xf0001, auStack3752 | |
, 0x18000c020); | |
if (-1 < iVar7) { | |
if (_pdb.SessionId == _pdb.ServiceSessionId) { | |
(*_NtClose)(uStack3704); | |
} | |
(*_RtlInitUnicodeString) | |
(auStack3536, auStack2664); | |
uStack3744 = _pdb.BaseSrvNamedObjectDirectory; | |
auStack3752[0] = 0x30; | |
puStack3736 = (undefined8 *)0x18000c010; | |
auStack3720 = ZEXT816(arg1_00); | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateSymbolicLinkObject) | |
(&uStack3704, 0xf0001, | |
auStack3752, auStack3536); | |
if (-1 < iVar7) { | |
if (_pdb.SessionId == _pdb.ServiceSessionId) | |
{ | |
(*_NtClose)(uStack3704); | |
} | |
uStack3744 = | |
_pdb.BaseSrvNamedObjectDirectory; | |
auStack3752[0] = 0x30; | |
puStack3736 = (undefined8 *)0x18000c000; | |
auStack3720 = ZEXT816(arg1_00); | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateSymbolicLinkObject) | |
(&uStack3704, 0xf0001, auStack3752, | |
&uStack3624); | |
if (-1 < iVar7) { | |
if (_pdb.SessionId == _pdb.ServiceSessionId) { | |
(*_NtClose)(uStack3704); | |
} | |
(*_RtlInitUnicodeString)(&uStack3696, "S"); | |
(*_RtlInitUnicodeString)(auStack3536, "\\"); | |
uStack3744 = _pdb.BaseSrvNamedObjectDirectory; | |
puStack3736 = &uStack3696; | |
auStack3752[0] = 0x30; | |
auStack3720 = ZEXT816(arg1_00); | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateSymbolicLinkObject) | |
(&uStack3704, 0xf0001, auStack3752, | |
auStack3536); | |
if (-1 < iVar7) { | |
if (_pdb.SessionId == _pdb.ServiceSessionId) { | |
(*_NtClose)(uStack3704); | |
} | |
(*_RtlInitUnicodeString)(&uStack3696, "R"); | |
iVar7 = (*_RtlSetDaclSecurityDescriptor) | |
(arg1_00, 1, uStack3592, 0); | |
if (-1 < iVar7) { | |
uStack3744 = _pdb.BaseSrvNamedObjectDirectory; | |
puStack3736 = &uStack3696; | |
auStack3752[0] = 0x30; | |
auStack3720 = CONCAT88(SUB168(auStack3720 >> | |
0x40, 0), arg1_00) | |
& (undefined [16]) | |
0xffffffffffffffff; | |
uStack3728 = uVar15; | |
iVar7 = (*_NtCreateDirectoryObject) | |
( | |
pdb.BaseSrvRestrictedObjectDirectory, 0xf000f, auStack3752); | |
if (-1 < iVar7) { | |
uVar2 = *(undefined8 *)(uVar12 + 0x20); | |
iVar7 = 0; | |
iVar8 = (*_RtlGetAce)(uVar2, 0); | |
while (-1 < iVar8) { | |
puVar14 = &uStack3488; | |
uVar1 = *(uint32_t *)(iStack3672 + 4); | |
*(undefined2 *)(iStack3672 + 4) = 0; | |
uVar9 = 4; | |
do { | |
if (uVar9 == (uVar1 & uVar9 & 0xffff)) { | |
*(uint32_t *)(iStack3672 + 4) = | |
*(uint32_t *)(iStack3672 + 4) | | |
puVar14[1]; | |
} | |
uVar9 = puVar14[2]; | |
puVar14 = puVar14 + 2; | |
} while (uVar9 != 0); | |
iVar7 = iVar7 + 1; | |
iVar8 = (*_RtlGetAce)(uVar2, iVar7); | |
uVar4 = uStack3664; | |
} | |
puStack3568 = auStack616; | |
uStack3576._0_4_ = 0x2240000; | |
(*_RtlAppendUnicodeToString)(&uStack3576, "\\"); | |
(*_RtlAppendUnicodeStringToString) | |
(&uStack3576, &uStack3624); | |
uStack3768 = 0; | |
puStack3736 = &uStack3576; | |
uStack3776 = 0; | |
uStack3784 = 1; | |
uStack3792 = 2; | |
uStack3800 = 3; | |
uStack3808 = (undefined *) | |
CONCAT44(uStack3808._4_4_, 0x80); | |
uStack3816 = (int64_t *)0x0; | |
auStack3752[0] = 0x30; | |
uStack3744 = 0; | |
uStack3728 = 0x40; | |
auStack3720 = ZEXT816(uVar12); | |
iVar7 = (*_NtCreateFile)(pdb.BaseSrvLowBoxPipePrefix, | |
0x1f01ff, auStack3752, | |
auStack3504); | |
if (-1 < iVar7) { | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0, uStack3656); | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0, uStack3592); | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0, uStack3600); | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0, uVar4); | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0, arg1_00); | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0, uVar12); | |
if (iStack3648 != 0) { | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0); | |
} | |
if (uStack3584 != 0) { | |
(*_RtlFreeHeap)(_pdb.BaseSrvHeap, 0); | |
} | |
(*_RtlInitializeCriticalSection) | |
(pdb.BaseSrvVDMCriticalSection); | |
(*_RtlInitializeCriticalSection) | |
(pdb.BaseSrvVDMNTVDMCplCriticalSection); | |
puVar10 = _pdb.BaseSrvpStaticServerData; | |
iVar7 = (*_RtlInitializeCriticalSection) | |
(pdb.NlsCacheCriticalSection); | |
if (-1 < iVar7) { | |
_pdb.pNlsRegUserInfo = puVar10 + 0x5e; | |
} | |
goto code_r0x00018000233d; | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
code_r0x000180004f77: | |
(*_RtlDeleteCriticalSection)(pdb.BaseSrvDosDeviceCritSec); | |
code_r0x00018000233d: | |
pdb.__security_check_cookie((uint32_t)uStack56 ^ (int32_t)*(BADSPACEBASE **)0x20 - 0xf08U); | |
return; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What the heck is this? The answer is here.