Created
November 27, 2020 19:27
-
-
Save Auscitte/d844d82f30890fbb59a542b5fd6c15b7 to your computer and use it in GitHub Desktop.
basesrv::ServerDllInitialization() decompiled with r2dec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* r2dec pseudo code output */ | |
/* /home/ubuntu/basesrv.dll @ 0x180001680 */ | |
#include <stdint.h> | |
int64_t ServerDllInitialization (int64_t arg_10h, int64_t arg_18h, int64_t arg_20h, int64_t arg1, int64_t arg2, int64_t arg4) { | |
int64_t var_ee8h; | |
int64_t var_ee0h; | |
int64_t var_ea8h; | |
int64_t var_ea0h; | |
int64_t var_e98h; | |
int64_t var_e90h; | |
rdi = arg1; | |
rsi = arg2; | |
rcx = arg4; | |
rbp = rsp - 0xde0; | |
rax = *(pdb.__security_cookie); | |
rax ^= rsp; | |
*((rbp + 0xdd0)) = rax; | |
eax = 0; | |
*((rbp + 0x68)) = 4; | |
*((rbp - 0x30)) = rax; | |
r12d = 0; | |
*((rbp - 0x28)) = rax; | |
rbx = rcx; | |
rax = *(gs:0x60); | |
esi = 0xc0; | |
*((rbp + 0x6c)) = 0x100002; | |
r15d = r12d; | |
*((rbp + 0x70)) = 8; | |
*((rbp + 0x74)) = 0x100004; | |
ecx = *((rax + 0x2c0)); | |
*(pdb.SessionId) = ecx; | |
*((rbp + 8)) = r12; | |
*((rbp - 0x38)) = r12; | |
eax = uint64_t (*RtlGetCurrentServiceSessionId)(void, void, void, void) (r15, r12, rsi, rbx); | |
ecx = 0xd0; | |
*(pdb.ServiceSessionId) = eax; | |
r9 = pdb____C__1CC_HBLFFKMG___AAT__AAM__AAP__AA__AA__AAV__AAD__AAM__AA__AA__AAS__AAX__AAS__AA__AA__AAA__AAP__AAP__AA__AA__AA__AA; | |
rax = *(gs:0x60); | |
r8 = "BASESRV!"; | |
if (*(pdb.SessionId) == eax) { | |
esi = ecx; | |
} | |
edx = 0; | |
rcx = *((rax + 0x30)); | |
*(pdb.BaseSrvHeap) = rcx; | |
eax = uint64_t (*RtlCreateTagHeap)() (); | |
rcx = *((rbx + 0x60)); | |
r9 = "INIT"; | |
r8 = "BASESHR!"; | |
*(pdb.BaseSrvSharedHeap) = rcx; | |
edx = 0; | |
*(pdb.BaseSrvTag) = eax; | |
eax = uint64_t (*RtlCreateTagHeap)() (); | |
rcx = pdb_BaseSrvDosDeviceCritSec; | |
*((rbx + 0x20)) = r12d; | |
*(pdb.BaseSrvSharedTag) = eax; | |
rax = pdb_BaseServerApiDispatchTable; | |
*((rbx + 0x28)) = rax; | |
rax = pdb_BaseServerApiServerValidTable; | |
*((rbx + 0x30)) = rax; | |
rax = pdb_BaseClientConnectRoutine; | |
*((rbx + 0x48)) = rax; | |
rax = pdb_BaseClientDisconnectRoutine; | |
*((rbx + 0x50)) = rax; | |
*((rbx + 0x24)) = 0x1d; | |
*((rbx + 0x40)) = 8; | |
eax = uint64_t (*RtlInitializeCriticalSection)() (); | |
if (eax < 0) { | |
goto label_18; | |
} | |
arg_10h = rdi; | |
rax = rbp + 0x80; | |
arg_18h = r13; | |
r8 = rbp + 0x20; | |
*((rsp + 0xf28)) = r14; | |
rdx = pdb_UnexpandedSystemRootString; | |
r9d = 0; | |
*((rbp + 0x28)) = rax; | |
ecx = 0; | |
*((rbp + 0x20)) = 0x3200000; | |
r14d = 0x320; | |
uint64_t (*RtlExpandEnvironmentStrings_U)() (); | |
eax = *((rbp + 0x20)); | |
if (ax >= r14w) { | |
goto label_19; | |
} | |
eax = (int32_t) ax; | |
rax &= 0xfffffffffffffffe; | |
if (rax >= r14) { | |
goto label_20; | |
} | |
rdx = rbp + 0x80; | |
*((rbp + rax + 0x80)) = r12w; | |
rcx = pdb_BaseSrvWindowsDirectory; | |
al = uint64_t (*RtlCreateUnicodeString)() (); | |
if (al == 0) { | |
goto label_19; | |
} | |
r8 = "\\system32"; | |
edx = 0x190; | |
rcx = rbp + 0x80; | |
uint64_t (*wcscat_s)() (); | |
rdx = rbp + 0x80; | |
rcx = pdb_BaseSrvWindowsSystemDirectory; | |
al = uint64_t (*RtlCreateUnicodeString)() (); | |
if (al == 0) { | |
goto label_19; | |
} | |
eax = *(pdb.SessionId); | |
rcx = rbp + 0x3a0; | |
edx = 0x100; | |
if (eax == *(pdb.ServiceSessionId)) { | |
goto label_21; | |
} | |
r9 = "\\Sessions"; | |
r8 = "%ws\\%ld\\BaseNamedObjects"; | |
swprintf_s (eax); | |
do { | |
eax = *(pdb.SessionId); | |
r9 = "\\Sessions"; | |
r8 = "%ws\\%ld\\AppContainerNamedObjects"; | |
edx = 0x100; | |
rcx = rbp + 0x7a0; | |
swprintf_s (eax); | |
eax = *(pdb.SessionId); | |
var_ee8h = eax; | |
pdb_RtlStringCchPrintfW (rdi, rsi, 0x100, rbp + 0x5a0, "%ws\\%ld\\BaseNamedObjects", "\\Sessions"); | |
rdx = rbp + 0x3a0; | |
rcx = rbp - 0x68; | |
uint64_t (*RtlInitUnicodeString)() (); | |
rdx = rbp + 0x5a0; | |
rcx = rbp - 0x30; | |
uint64_t (*RtlInitUnicodeString)() (); | |
rdx = rbp + 0x7a0; | |
rcx = rbp - 0x20; | |
uint64_t (*RtlInitUnicodeString)() (); | |
edx = *(pdb.BaseSrvSharedTag); | |
r8d = 0xb68; | |
rcx = *(pdb.BaseSrvSharedHeap); | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
*(pdb.BaseSrvpStaticServerData) = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
*((rbx + 0x60)) = rax; | |
rdx = rax + 0x140; | |
r9d = 0; | |
*((rax + 0xb50)) = rax; | |
*((rax + 0xb30)) = 0xffffffff; | |
*((rax + 0xb38)) = r12d; | |
ecx = r9 + 3; | |
r8d = r9 + 0x30; | |
eax = uint64_t (*NtQuerySystemInformation)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
rax = *(pdb.BaseSrvpStaticServerData); | |
__asm ("movups xmm0, xmmword [pdb.BaseSrvWindowsDirectory]"); | |
edx = *(pdb.BaseSrvSharedTag); | |
rcx = *(pdb.BaseSrvSharedHeap); | |
__asm ("movups xmmword [rax], xmm0"); | |
r8d = *(0x180010932); | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
rdi = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
rbx = *(pdb.BaseSrvpStaticServerData); | |
rcx = rax; | |
r8d = *(0x180010932); | |
rdx = *((rbx + 8)); | |
pdb_memcpy (); | |
edx = *(pdb.BaseSrvSharedTag); | |
rcx = *(pdb.BaseSrvSharedHeap); | |
*((rbx + 8)) = rdi; | |
__asm ("movups xmm0, xmmword [pdb.BaseSrvWindowsSystemDirectory]"); | |
__asm ("movups xmmword [rbx + 0x10], xmm0"); | |
r8d = *(0x180010942); | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
rdi = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
rbx = *(pdb.BaseSrvpStaticServerData); | |
rcx = rax; | |
r8d = *(0x180010942); | |
rdx = *((rbx + 0x18)); | |
pdb_memcpy (); | |
edx = *(pdb.BaseSrvSharedTag); | |
rcx = *(pdb.BaseSrvSharedHeap); | |
*((rbx + 0x18)) = rdi; | |
*((rbx + 0x968)) = r12; | |
*((rbx + 0x960)) = r12d; | |
__asm ("movups xmm0, xmmword [rbp - 0x68]"); | |
__asm ("movups xmmword [rbx + 0x20], xmm0"); | |
eax = *((rbp - 0x68)); | |
ax += 2; | |
*((rbx + 0x22)) = ax; | |
r8d = *((rbp - 0x68)); | |
r8 += 2; | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
rdi = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
rbx = *(pdb.BaseSrvpStaticServerData); | |
rcx = rax; | |
r8d = *((rbx + 0x22)); | |
rdx = *((rbx + 0x28)); | |
pdb_memcpy (); | |
edx = *(pdb.BaseSrvSharedTag); | |
rcx = *(pdb.BaseSrvSharedHeap); | |
*((rbx + 0x28)) = rdi; | |
__asm ("movups xmm0, xmmword [rbp - 0x20]"); | |
__asm ("movups xmmword [rbx + 0xb40], xmm0"); | |
eax = *((rbp - 0x20)); | |
ax += 2; | |
*((rbx + 0xb42)) = ax; | |
r8d = *((rbp - 0x20)); | |
r8 += 2; | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
rdi = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
rbx = *(pdb.BaseSrvpStaticServerData); | |
rcx = rax; | |
r8d = *((rbx + 0xb42)); | |
rdx = *((rbx + 0xb48)); | |
pdb_memcpy (); | |
edx = *(pdb.BaseSrvSharedTag); | |
rcx = *(pdb.BaseSrvSharedHeap); | |
*((rbx + 0xb48)) = rdi; | |
__asm ("movups xmm0, xmmword [rbp - 0x30]"); | |
__asm ("movups xmmword [rbx + 0xb58], xmm0"); | |
eax = *((rbp - 0x30)); | |
ax += 2; | |
*((rbx + 0xb5a)) = ax; | |
r8d = *((rbp - 0x30)); | |
r8 += 2; | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
rdi = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
rbx = *(pdb.BaseSrvpStaticServerData); | |
rcx = rax; | |
r8d = *((rbx + 0xb5a)); | |
rdx = *((rbx + 0xb60)); | |
pdb_memcpy (); | |
*((rbx + 0xb60)) = rdi; | |
rax = rbp + 0x2d8; | |
*((rbx + 0x970)) = r12b; | |
r8 = pdb_BaseServerRegistryConfigurationTable1; | |
r9d = 0; | |
*(0x180010968) = rax; | |
rdx = pdb____C__11LOCGONAA___AA__AA; | |
*(pdb.BaseSrvCSDString) = 0xc80000; | |
ecx = r9 + 3; | |
eax = uint64_t (*RtlQueryRegistryValuesEx)(void) (r12); | |
if (eax < 0) { | |
goto label_23; | |
} | |
eax = *(pdb.BaseSrvCSDNumber); | |
rcx = *(pdb.BaseSrvpStaticServerData); | |
*((rcx + 0x36)) = ax; | |
eax = *(0x180010972); | |
*((rcx + 0x38)) = ax; | |
label_5: | |
r9d = 0; | |
r8 = pdb_BaseServerRegistryConfigurationTable; | |
rdx = pdb____C__11LOCGONAA___AA__AA; | |
ecx = r9 + 3; | |
eax = uint64_t (*RtlQueryRegistryValuesEx)(void) (r12); | |
if (eax < 0) { | |
goto label_24; | |
} | |
r9d = *(pdb.BaseSrvCSDString); | |
edx = 0x80; | |
rcx = *(pdb.BaseSrvpStaticServerData); | |
r8 = *(0x180010968); | |
rcx += 0x3a; | |
r9 >>= 1; | |
uint64_t (*wcsncpy_s)() (); | |
label_6: | |
edx = 0; | |
rcx = pdb_BaseSrvCSDString; | |
eax = uint64_t (*RtlInitUnicodeStringEx)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
r9d = 0; | |
rdx = pdb_SysInfo; | |
ecx = 0; | |
r8d = r9 + 0x40; | |
eax = uint64_t (*NtQuerySystemInformation)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = pdb_BaseSrvInitializeIniFileMappings (rdi, rsi, rdx, rcx, r8); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
rax = *(pdb.BaseSrvpStaticServerData); | |
r8 = &var_ea8h; | |
__asm ("xorps xmm0, xmm0"); | |
rcx = rbp - 0x10; | |
edx = 0x20019; | |
*((rax + 0x958)) = r12b; | |
rax = 0x18000c0e8; | |
__asm ("movdqu xmmword [rbp - 0x80], xmm0"); | |
eax = uint64_t (*NtOpenKey)(void, void, void, void) (rax, 0x30, r12, 0x40); | |
if (eax >= 0) { | |
goto label_25; | |
} | |
label_7: | |
rax = *(pdb.BaseSrvpStaticServerData); | |
r8 = pdb_BnoRegistryConfigurationTable; | |
r9d = 0; | |
rdx = "Session Manager\\NamespaceSeparation"; | |
*((rax + 0x959)) = r12b; | |
ecx = r9 + 2; | |
uint64_t (*RtlQueryRegistryValuesEx)(void) (r12); | |
edx = *(pdb.BaseSrvTag); | |
r8d = 0x400; | |
rcx = *(pdb.BaseSrvHeap); | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
rdi = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
edx = 1; | |
rcx = rax; | |
eax = uint64_t (*RtlCreateSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
edx = *(pdb.BaseSrvTag); | |
r8d = 0x28; | |
rcx = *(pdb.BaseSrvHeap); | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
r14 = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
edx = 1; | |
rcx = rax; | |
eax = uint64_t (*RtlCreateSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
if (*(pdb.InteractiveUserNameSpaceSeparation) != r12d) { | |
goto label_26; | |
} | |
label_8: | |
var_ee8h = r12; | |
label_9: | |
eax = pdb_CreateBaseAcls (rdi, rsi, rbp, rbp - 0x40, rbp - 8, rbp - 0x48); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
r8 = *((rbp - 0x40)); | |
r9d = 0; | |
dl = 1; | |
rcx = rdi; | |
eax = uint64_t (*RtlSetDaclSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
r13 = *((rbp - 0x48)); | |
r9d = 0; | |
r8 = r13; | |
dl = 1; | |
rcx = rdi; | |
eax = uint64_t (*RtlSetSaclSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
r12 = *((rbp - 8)); | |
r9d = 0; | |
r8 = r12; | |
dl = 1; | |
rcx = r14; | |
eax = uint64_t (*RtlSetDaclSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
if (*(pdb.InteractiveUserNameSpaceSeparation) != 0) { | |
goto label_27; | |
} | |
label_10: | |
ecx = 0; | |
rax = rbp - 0x68; | |
*((rbp - 0x78)) = rcx; | |
r8 = &var_ea8h; | |
rcx = pdb_BaseSrvNamedObjectDirectory; | |
edx = 0xf000f; | |
*((rbp - 0x80)) = rdi; | |
eax = uint64_t (*NtCreateDirectoryObject)(void, void, void, void) (0x30, rcx, esi, rax); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
ecx = 0; | |
rax = rbp - 0x20; | |
*((rbp - 0x78)) = rcx; | |
r8 = &var_ea8h; | |
rcx = pdb_BaseSrvLowBoxObjectDirectory; | |
edx = 0xf000f; | |
*((rbp - 0x80)) = r14; | |
eax = uint64_t (*NtCreateDirectoryObject)(void, void, void, void) (0x30, rcx, esi, rax); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = *(pdb.SessionId); | |
if (eax == *(pdb.ServiceSessionId)) { | |
goto label_28; | |
} | |
label_0: | |
ebx = 0; | |
label_12: | |
if (*(pdb.InteractiveUserNameSpaceSeparation) != 0) { | |
goto label_29; | |
} | |
label_13: | |
r15d = 0; | |
label_14: | |
r9d = 4; | |
r8 = rbp - 0x58; | |
rcx |= 0xffffffffffffffff; | |
edx = r9 + 0x18; | |
eax = uint64_t (*NtQueryInformationProcess)(void) (r15); | |
if (eax < 0) { | |
goto label_30; | |
} | |
if (*((rbp - 0x58)) == 0) { | |
goto label_31; | |
} | |
cl = 1; | |
label_15: | |
rax = *(pdb.BaseSrvpStaticServerData); | |
*((rax + 0xb34)) = cl; | |
label_16: | |
if (cl == 1) { | |
edx = 0x80000000; | |
rcx = pdb_BaseSrvDDDBSMCritSec; | |
eax = uint64_t (*RtlInitializeCriticalSectionAndSpinCount)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
} | |
rax = *(pdb.BaseSrvNamedObjectDirectory); | |
r9 = 0x18000c020; | |
r8 = &var_ea8h; | |
rax = 0x18000c030; | |
edx = 0xf0001; | |
rcx = rbp - 0x70; | |
*((rbp - 0x80)) = rdi; | |
*((rbp - 0x78)) = r15; | |
eax = uint64_t (*NtCreateSymbolicLinkObject)(void, void, void, void) (rax, 0x30, rax, esi); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = *(pdb.ServiceSessionId); | |
if (*(pdb.SessionId) == eax) { | |
goto label_32; | |
} | |
label_1: | |
rdx = rbp + 0x3a0; | |
rcx = rbp + 0x38; | |
uint64_t (*RtlInitUnicodeString)() (); | |
rax = *(pdb.BaseSrvNamedObjectDirectory); | |
r9 = rbp + 0x38; | |
r8 = &var_ea8h; | |
rax = 0x18000c010; | |
edx = 0xf0001; | |
rcx = rbp - 0x70; | |
*((rbp - 0x80)) = rdi; | |
*((rbp - 0x78)) = r15; | |
eax = uint64_t (*NtCreateSymbolicLinkObject)(void, void, void, void) (rax, 0x30, rax, esi); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = *(pdb.ServiceSessionId); | |
if (*(pdb.SessionId) == eax) { | |
goto label_33; | |
} | |
label_2: | |
rax = *(pdb.BaseSrvNamedObjectDirectory); | |
r9 = rbp - 0x20; | |
r8 = &var_ea8h; | |
rax = section__rdata; | |
edx = 0xf0001; | |
rcx = rbp - 0x70; | |
*((rbp - 0x80)) = rdi; | |
*((rbp - 0x78)) = r15; | |
eax = uint64_t (*NtCreateSymbolicLinkObject)(void, void, void, void) (rax, 0x30, rax, esi); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = *(pdb.ServiceSessionId); | |
if (*(pdb.SessionId) == eax) { | |
goto label_34; | |
} | |
label_3: | |
rdx = "Session"; | |
rcx = rbp - 0x68; | |
uint64_t (*RtlInitUnicodeString)() (); | |
rdx = "\\Sessions\\BNOLINKS"; | |
rcx = rbp + 0x38; | |
uint64_t (*RtlInitUnicodeString)() (); | |
rax = *(pdb.BaseSrvNamedObjectDirectory); | |
r9 = rbp + 0x38; | |
r8 = &var_ea8h; | |
rax = rbp - 0x68; | |
edx = 0xf0001; | |
rcx = rbp - 0x70; | |
*((rbp - 0x80)) = rdi; | |
*((rbp - 0x78)) = r15; | |
eax = uint64_t (*NtCreateSymbolicLinkObject)(void, void, void, void) (rax, 0x30, rax, esi); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = *(pdb.ServiceSessionId); | |
if (*(pdb.SessionId) == eax) { | |
goto label_35; | |
} | |
label_4: | |
rdx = "Restricted"; | |
rcx = rbp - 0x68; | |
uint64_t (*RtlInitUnicodeString)() (); | |
r15 = *(rbp); | |
r9d = 0; | |
r8 = r15; | |
dl = 1; | |
rcx = rdi; | |
eax = uint64_t (*RtlSetDaclSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
rax = *(pdb.BaseSrvNamedObjectDirectory); | |
r8 = &var_ea8h; | |
rcx = pdb_BaseSrvRestrictedObjectDirectory; | |
rax = rbp - 0x68; | |
edx = 0xf000f; | |
eax = 0; | |
*((rbp - 0x78)) = rax; | |
*((rbp - 0x80)) = rdi; | |
eax = uint64_t (*NtCreateDirectoryObject)(void, void, void, void) (rax, 0x30, rax, esi); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
label_17: | |
eax = ebx; | |
label_11: | |
r13 = arg_18h; | |
r14 = *((rsp + 0xf28)); | |
label_18: | |
rcx = *((rbp + 0xdd0)); | |
rcx ^= rsp; | |
pdb_security_check_cookie (arg_10h, rsi, rdx); | |
return rax; | |
label_21: | |
r8 = "\\BaseNamedObjects"; | |
uint64_t (*wcscpy_s)() (); | |
} while (1); | |
label_28: | |
rcx = *(pdb.BaseSrvNamedObjectDirectory); | |
r9d = 0; | |
r8d = 0; | |
edx = r9 + 5; | |
eax = uint64_t (*NtSetInformationObject)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
eax = *(pdb.SessionId); | |
if (eax == 0) { | |
goto label_0; | |
} | |
goto label_36; | |
label_32: | |
rcx = *((rbp - 0x70)); | |
uint64_t (*NtClose)() (); | |
goto label_1; | |
label_33: | |
rcx = *((rbp - 0x70)); | |
uint64_t (*NtClose)() (); | |
goto label_2; | |
label_34: | |
rcx = *((rbp - 0x70)); | |
uint64_t (*NtClose)() (); | |
goto label_3; | |
label_35: | |
rcx = *((rbp - 0x70)); | |
uint64_t (*NtClose)() (); | |
goto label_4; | |
label_20: | |
pdb_report_rangecheckfailure (); | |
__asm ("int3"); | |
label_23: | |
rax = *(pdb.BaseSrvpStaticServerData); | |
*((rax + 0x36)) = r12d; | |
goto label_5; | |
label_24: | |
rax = *(pdb.BaseSrvpStaticServerData); | |
*((rax + 0x3a)) = r12w; | |
goto label_6; | |
label_25: | |
rcx = *((rbp - 0x10)); | |
rax = rbp + 0x30; | |
r9 = rbp + 0x80; | |
r8d = 2; | |
rdx = 0x18000c968; | |
eax = uint64_t (*NtQueryValueKey)(void, void) (rax, r14d); | |
if (eax >= 0) { | |
rax = *((rbp + 0x84)); | |
if (eax == 4) { | |
rax = *(pdb.BaseSrvpStaticServerData); | |
cl = (*((rbp + 0x8c)) != r12d) ? 1 : 0; | |
*((rax + 0x958)) = cl; | |
} else { | |
if (eax != 1) { | |
goto label_37; | |
} | |
rdx = pdb____C__17IHBDLLG___AAy__AAe__AAs__AA__AA; | |
rcx = rbp + 0x8c; | |
eax = uint64_t (*_wcsicmp)() (); | |
if (eax != 0) { | |
rdx = pdb____C__13JGCMLPCH___AA1__AA__AA; | |
rcx = rbp + 0x8c; | |
eax = uint64_t (*_wcsicmp)() (); | |
if (eax != 0) { | |
goto label_37; | |
} | |
} | |
rax = *(pdb.BaseSrvpStaticServerData); | |
*((rax + 0x958)) = 1; | |
} | |
} | |
label_37: | |
rcx = *((rbp - 0x10)); | |
uint64_t (*NtClose)() (); | |
goto label_7; | |
label_26: | |
edx = *(pdb.BaseSrvTag); | |
r8d = 0x28; | |
rcx = *(pdb.BaseSrvHeap); | |
rax = uint64_t (*RtlAllocateHeap)() (); | |
*((rbp + 8)) = rax; | |
r15 = rax; | |
if (rax == 0) { | |
goto label_19; | |
} | |
edx = 1; | |
rcx = rax; | |
eax = uint64_t (*RtlCreateSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
if (*(pdb.InteractiveUserNameSpaceSeparation) == r12d) { | |
goto label_8; | |
} | |
rax = rbp - 0x38; | |
var_ee8h = rax; | |
goto label_9; | |
label_27: | |
r8 = *((rbp - 0x38)); | |
r9d = 0; | |
dl = 1; | |
rcx = r15; | |
eax = uint64_t (*RtlSetDaclSecurityDescriptor)() (); | |
ebx = eax; | |
if (eax < 0) { | |
goto label_22; | |
} | |
goto label_10; | |
label_36: | |
r9 = "\\Sessions"; | |
r8 = "%ws\\%ld\\BaseNamedObjects"; | |
edx = 0x100; | |
rcx = rbp + 0x9a0; | |
swprintf_s (eax); | |
rdx = rbp + 0x9a0; | |
rcx = rbp + 0x48; | |
uint64_t (*RtlInitUnicodeString)() (); | |
rax = rbp + 0x48; | |
ebx = 0; | |
r9 = 0x18000c020; | |
r8 = &var_ea8h; | |
edx = 0xf0001; | |
*((rbp - 0x80)) = rdi; | |
rcx = rbp - 0x70; | |
*((rbp - 0x78)) = rbx; | |
eax = uint64_t (*NtCreateSymbolicLinkObject)(void, void, void, void) (0x30, rax, rbx, esi); | |
if (eax < 0) { | |
goto label_11; | |
} | |
rcx = *((rbp - 0x70)); | |
uint64_t (*NtClose)() (); | |
eax = *(pdb.SessionId); | |
goto label_12; | |
label_29: | |
if (eax != 0) { | |
goto label_13; | |
} | |
*((rbp - 0x80)) = r15; | |
rax = rbp - 0x30; | |
r15d = 0; | |
r8 = &var_ea8h; | |
*((rbp - 0x78)) = r15; | |
edx = 0xf000f; | |
rcx = pdb_BaseSrvUserObjectDirectory; | |
eax = uint64_t (*NtCreateDirectoryObject)(void, void, void, void) (0x30, rbx, esi, rax); | |
ebx = eax; | |
if (eax >= 0) { | |
goto label_14; | |
label_31: | |
cl = 0; | |
goto label_15; | |
label_30: | |
rax = *(pdb.BaseSrvpStaticServerData); | |
cl = 0; | |
*((rax + 0xb34)) = 0; | |
goto label_16; | |
label_19: | |
ebx = 0xc0000017; | |
} | |
label_22: | |
rcx = pdb_BaseSrvDosDeviceCritSec; | |
uint64_t (*RtlDeleteCriticalSection)() (); | |
goto label_17; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What the heck is this? The answer is here.