- Visual Chart Diff
- Metadata
- Deleted
- Added
- wil_details_NtQueryWnfStateData
- wil_details_FeatureReporting_RecordUsageInCache
- wil_details_FeatureReporting_ReportUsageToService
- wil_details_GetCurrentFeatureEnabledState
- wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
- wil_details_StagingConfig_Load
- wil_details_StagingConfig_QueryFeatureState
- Feature_3628230972__private_IsEnabled
- API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetModuleHandleW
- Modified
- Modified (No Code Changes)
flowchart LR
copy_from_lzss_window-4-old<--Match 96%-->copy_from_lzss_window-4-new
subgraph archiveint.dll.x64.10.0.19041.3930
copy_from_lzss_window-4-new
subgraph Added
direction LR
wil_details_NtQueryWnfStateData
wil_details_FeatureReporting_RecordUsageInCache
wil_details_FeatureReporting_ReportUsageToService
wil_details_GetCurrentFeatureEnabledState
wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
wil_details_StagingConfig_Load
wil_details_StagingConfig_QueryFeatureState
Feature_3628230972__private_IsEnabled
API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0DLL-GetModuleHandleW
end
end
subgraph archiveint.dll.x64.10.0.19041.3636
copy_from_lzss_window-4-old
end
pie showData
title Function Matches - 99.7476%
"unmatched_funcs_len" : 9
"matched_funcs_len" : 3557
pie showData
title Matched Function Similarity - 99.7751%
"matched_funcs_with_code_changes_len" : 1
"matched_funcs_with_non_code_changes_len" : 7
"matched_funcs_no_changes_len" : 3549
ghidriff --project-location ghidra_projects --project-name ghidriff --symbols-path symbols --threaded --log-level INFO --file-log-level INFO --log-path ghidriff.log --min-func-len 10 --bsim --max-ram-percent 60.0 --max-section-funcs 200 archiveint.dll.x64.10.0.19041.3636 archiveint.dll.x64.10.0.19041.3930
--old ['archiveint.dll.x64.10.0.19041.3636'] --new [['archiveint.dll.x64.10.0.19041.3930']] --engine VersionTrackingDiff --output-path ghidriffs --summary False --project-location ghidra_projects --project-name ghidriff --symbols-path symbols --threaded True --force-analysis False --force-diff False --no-symbols False --log-level INFO --file-log-level INFO --log-path ghidriff.log --va False --min-func-len 10 --use-calling-counts False --bsim True --bsim-full False --max-ram-percent 60.0 --print-flags False --jvm-args None --side-by-side False --max-section-funcs 200 --md-title None
wget https://msdl.microsoft.com/download/symbols/archiveint.dll/E9509ED1AD000/archiveint.dll -O archiveint.dll.x64.10.0.19041.3803
wget https://msdl.microsoft.com/download/symbols/archiveint.dll/C9506245AD000/archiveint.dll -O archiveint.dll.x64.10.0.19041.3989
--- archiveint.dll.x64.10.0.19041.3636 Meta
+++ archiveint.dll.x64.10.0.19041.3930 Meta
@@ -1,44 +1,44 @@
-Program Name: archiveint.dll.x64.10.0.19041.3636
+Program Name: archiveint.dll.x64.10.0.19041.3930
Language ID: x86:LE:64:default (3.0)
Compiler ID: windows
Processor: x86
Endian: Little
Address Size: 64
Minimum Address: 180000000
Maximum Address: ff0000184f
-# of Bytes: 694896
+# of Bytes: 698560
# of Memory Blocks: 10
-# of Instructions: 131686
-# of Defined Data: 5792
-# of Functions: 1778
-# of Symbols: 15300
-# of Data Types: 301
-# of Data Type Categories: 18
+# of Instructions: 132721
+# of Defined Data: 5827
+# of Functions: 1788
+# of Symbols: 15415
+# of Data Types: 305
+# of Data Type Categories: 19
Analyzed: true
Compiler: visualstudio:unknown
Created With Ghidra Version: 11.0.1
-Date Created: Wed Feb 07 06:13:14 UTC 2024
+Date Created: Wed Feb 07 06:13:15 UTC 2024
Executable Format: Portable Executable (PE)
-Executable Location: /workspaces/ghidriff/archiveint.dll.x64.10.0.19041.3636
-Executable MD5: 945ac6501841aefd761a3769c720bd8b
-Executable SHA256: d71efa593c575ea66d02809274ea7cbfa21bafa686fb36e06151ed79c0c64074
-FSRL: file:///workspaces/ghidriff/archiveint.dll.x64.10.0.19041.3636?MD5=945ac6501841aefd761a3769c720bd8b
+Executable Location: /workspaces/ghidriff/archiveint.dll.x64.10.0.19041.3930
+Executable MD5: 603b482bfd5309906e6934779d3fc0d7
+Executable SHA256: 164cf2ef21116c5857e6a630188890dd2db63c72856b4d0136083d021c9b451a
+FSRL: file:///workspaces/ghidriff/archiveint.dll.x64.10.0.19041.3930?MD5=603b482bfd5309906e6934779d3fc0d7
PDB Age: 1
PDB File: archiveint.pdb
-PDB GUID: fb22dbcc-3566-7ddf-4aab-ca184db6cdee
+PDB GUID: 50c4f199-babb-8f89-0730-e05fa35366b5
PDB Loaded: true
PDB Version: RSDS
PE Property[CompanyName]: Microsoft Corporation
PE Property[FileDescription]: Windows-internal libarchive library
PE Property[FileVersion]: 3.5.2 (WinBuild.160101.0800)
PE Property[InternalName]: archiveint
PE Property[LegalCopyright]: Copyright (c) libarchive authors
PE Property[OriginalFilename]: archiveint
PE Property[ProductName]: Microsoft® Windows® Operating System
-PE Property[ProductVersion]: 10.0.19041.3803
+PE Property[ProductVersion]: 10.0.19041.3989
PE Property[Translation]: 4b00409
Preferred Root Namespace Category:
RTTI Found: false
Relocatable: true
SectionAlignment: 4096
Should Ask To Analyze: false
Ghidra archiveint.dll.x64.10.0.19041.3636 Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra archiveint.dll.x64.10.0.19041.3636 Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra archiveint.dll.x64.10.0.19041.3636 Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | true |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search remote symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search remote symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | true |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 512 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
Ghidra archiveint.dll.x64.10.0.19041.3930 Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra archiveint.dll.x64.10.0.19041.3930 Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra archiveint.dll.x64.10.0.19041.3930 Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | true |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search remote symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search remote symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | true |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 512 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
| Stat | Value |
|---|---|
| added_funcs_len | 9 |
| deleted_funcs_len | 0 |
| modified_funcs_len | 8 |
| added_symbols_len | 15 |
| deleted_symbols_len | 0 |
| diff_time | 23.403663635253906 |
| deleted_strings_len | 0 |
| added_strings_len | 4 |
| match_types | Counter({'SymbolsHash': 1698, 'ExternalsName': 162, 'ExactInstructionsFunctionHasher': 52, 'ExactBytesFunctionHasher': 26, 'StructuralGraphHash': 4}) |
| items_to_process | 32 |
| diff_types | Counter({'refcount': 7, 'address': 7, 'calling': 6, 'code': 1, 'length': 1, 'sig': 1, 'called': 1}) |
| unmatched_funcs_len | 9 |
| total_funcs_len | 3566 |
| matched_funcs_len | 3557 |
| matched_funcs_with_code_changes_len | 1 |
| matched_funcs_with_non_code_changes_len | 7 |
| matched_funcs_no_changes_len | 3549 |
| match_func_similarity_percent | 99.7751% |
| func_match_overall_percent | 99.7476% |
| first_matches | Counter({'SymbolsHash': 1698, 'ExactInstructionsFunctionHasher': 52, 'ExactBytesFunctionHasher': 26, 'StructuralGraphHash': 4}) |
pie showData
title All Matches
"SymbolsHash" : 1698
"ExternalsName" : 162
"ExactBytesFunctionHasher" : 26
"ExactInstructionsFunctionHasher" : 52
"StructuralGraphHash" : 4
pie showData
title First Matches
"SymbolsHash" : 1698
"ExactBytesFunctionHasher" : 26
"ExactInstructionsFunctionHasher" : 52
"StructuralGraphHash" : 4
pie showData
title Diff Stats
"added_funcs_len" : 9
"deleted_funcs_len" : 0
"modified_funcs_len" : 8
pie showData
title Symbols
"added_symbols_len" : 15
"deleted_symbols_len" : 0
pie showData
title Strings
"deleted_strings_len" : 0
"added_strings_len" : 4
--- deleted strings
+++ added strings
@@ -0,0 +1,4 @@
+s_NtQueryWnfStateData
+s_RtlNotifyFeatureUsage
+s_RtlQueryFeatureConfiguration
+u_ntdll.dll
| String | Ref Count | Ref Func |
|---|
| String | Ref Count | Ref Func |
|---|---|---|
| s_NtQueryWnfStateData | 1 | wil_details_NtQueryWnfStateData |
| u_ntdll.dll | 3 | wil_details_FeatureReporting_ReportUsageToService,wil_details_GetCurrentFeatureEnabledState,wil_details_NtQueryWnfStateData |
| s_RtlNotifyFeatureUsage | 1 | wil_details_FeatureReporting_ReportUsageToService |
| s_RtlQueryFeatureConfiguration | 1 | wil_details_GetCurrentFeatureEnabledState |
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_NtQueryWnfStateData |
| fullname | wil_details_NtQueryWnfStateData |
| refcount | 4 |
| length | 161 |
| called | API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetModuleHandleW API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetProcAddress _guard_dispatch_icall |
| calling | wil_details_StagingConfig_Load |
| paramcount | 6 |
| address | 180032464 |
| sig | undefined8 __fastcall wil_details_NtQueryWnfStateData(undefined8 param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, undefined8 param_5, undefined8 param_6) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_NtQueryWnfStateData
+++ wil_details_NtQueryWnfStateData
@@ -0,0 +1,26 @@
+
+/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
+/* WARNING: Exceeded maximum restarts with more pending */
+
+undefined8
+wil_details_NtQueryWnfStateData
+ (undefined8 param_1,undefined8 param_2,undefined8 param_3,undefined8 param_4,
+ undefined8 param_5,undefined8 param_6)
+
+{
+ undefined8 uVar1;
+
+ if (g_wil_details_pfnNtQueryWnfStateData == (FARPROC)0x0) {
+ if (g_wil_details_ntdllModuleHandle == (HMODULE)0x0) {
+ g_wil_details_ntdllModuleHandle = GetModuleHandleW(L"ntdll.dll");
+ }
+ g_wil_details_pfnNtQueryWnfStateData =
+ GetProcAddress(g_wil_details_ntdllModuleHandle,"NtQueryWnfStateData");
+ if (g_wil_details_pfnNtQueryWnfStateData == (FARPROC)0x0) {
+ return 0xc0000139;
+ }
+ }
+ uVar1 = (*g_wil_details_pfnNtQueryWnfStateData)(param_1,0,0,param_4,param_5,param_6);
+ return uVar1;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_FeatureReporting_RecordUsageInCache |
| fullname | wil_details_FeatureReporting_RecordUsageInCache |
| refcount | 2 |
| length | 708 |
| called | |
| calling | wil_details_FeatureReporting_ReportUsageToService |
| paramcount | 3 |
| address | 18003250c |
| sig | undefined[16] * __fastcall wil_details_FeatureReporting_RecordUsageInCache(undefined[16] * param_1, undefined8 param_2, int param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_FeatureReporting_RecordUsageInCache
+++ wil_details_FeatureReporting_RecordUsageInCache
@@ -0,0 +1,166 @@
+
+undefined (*) [16]
+wil_details_FeatureReporting_RecordUsageInCache
+ (undefined (*param_1) [16],undefined8 param_2,int param_3)
+
+{
+ uint uVar1;
+ uint uVar2;
+ uint uVar3;
+ uint uVar4;
+ uint uVar5;
+ uint uVar6;
+ bool bVar7;
+
+ *param_1 = ZEXT816(0);
+ *(undefined8 *)param_1[1] = 0;
+ uVar4 = 1;
+ uVar3 = 0;
+ if (param_3 == 0) {
+LAB_1800326f3:
+ uVar5 = Feature_3628230972__private_reporting;
+ do {
+ uVar1 = uVar5;
+ *(undefined4 *)(*param_1 + 4) = 0;
+ uVar2 = uVar1 | 1;
+ if ((uVar1 >> 0xe & 1) != (uint)(param_3 == 4)) {
+ uVar5 = uVar1 >> 5 & 0x1ff;
+ if (uVar5 != 0) {
+ *(uint *)(*param_1 + 4) = uVar5;
+ *(uint *)(*param_1 + 8) = ~-(uint)(param_3 != 0) & 4;
+ uVar2 = uVar1 & 0xffffc01f | 1;
+ }
+ uVar5 = 0;
+ if (param_3 == 4) {
+ uVar5 = 0x4000;
+ }
+ uVar2 = uVar5 | uVar2 & 0xffffbfff;
+ }
+ uVar5 = uVar2 >> 5 & 0x1ff;
+ uVar6 = uVar5 + 1;
+ if ((0x1ff < uVar6) || (uVar6 < (uVar2 >> 5 & 0x1ff))) {
+ *(int *)(*param_1 + 8) = param_3;
+ *(uint *)(*param_1 + 4) = uVar5;
+ uVar6 = uVar4;
+ }
+ LOCK();
+ bVar7 = uVar1 != Feature_3628230972__private_reporting;
+ uVar5 = uVar1;
+ uVar2 = uVar2 ^ (uVar6 << 5 ^ uVar2) & 0x3fe0;
+ if (bVar7) {
+ uVar5 = Feature_3628230972__private_reporting;
+ uVar2 = Feature_3628230972__private_reporting;
+ }
+ Feature_3628230972__private_reporting = uVar2;
+ UNLOCK();
+ } while (bVar7);
+ }
+ else {
+ if (param_3 != 1) {
+ if (param_3 < 2) {
+LAB_1800325dd:
+ uVar5 = param_3 - 0x140;
+ if (uVar5 < 0x40) {
+ uVar2 = DAT_1800a40dc;
+ do {
+ if (((uVar2 & 0x10) == 0) || (uVar1 = uVar4, (uVar2 >> 5 & 0x3f) != uVar5)) {
+ uVar1 = uVar3;
+ }
+ *(uint *)param_1[1] = uVar1;
+ LOCK();
+ bVar7 = uVar2 != DAT_1800a40dc;
+ uVar1 = uVar2 & 0xfffff81f | (uVar5 & 0x3f) << 5 | 0x10;
+ if (bVar7) {
+ uVar2 = DAT_1800a40dc;
+ uVar1 = DAT_1800a40dc;
+ }
+ DAT_1800a40dc = uVar1;
+ UNLOCK();
+ } while (bVar7);
+ }
+ *(int *)(*param_1 + 8) = param_3;
+ *(undefined4 *)(*param_1 + 4) = 1;
+ *(undefined4 *)(*param_1 + 0xc) = 0;
+ return param_1;
+ }
+ if (3 < param_3) {
+ if (param_3 == 4) goto LAB_1800326f3;
+ if (param_3 == 5) goto LAB_18003263f;
+ if (1 < param_3 - 6U) goto LAB_1800325dd;
+ }
+ if (param_3 == 2) {
+ uVar3 = 2;
+ }
+ else if (param_3 == 3) {
+ uVar3 = 8;
+ }
+ else if (param_3 == 6) {
+ uVar3 = 4;
+ }
+ else if (param_3 == 7) {
+ uVar3 = 0x10;
+ }
+ uVar4 = Feature_3628230972__private_reporting;
+ do {
+ LOCK();
+ bVar7 = uVar4 != Feature_3628230972__private_reporting;
+ uVar5 = uVar4 | uVar3 | 1;
+ if (bVar7) {
+ uVar4 = Feature_3628230972__private_reporting;
+ uVar5 = Feature_3628230972__private_reporting;
+ }
+ Feature_3628230972__private_reporting = uVar5;
+ UNLOCK();
+ } while (bVar7);
+ *(uint *)*param_1 = ~uVar4 & 1;
+ uVar3 = (uint)((uVar3 & uVar4) == uVar3);
+ goto LAB_1800327b4;
+ }
+LAB_18003263f:
+ uVar5 = Feature_3628230972__private_reporting;
+ do {
+ uVar1 = uVar5;
+ *(undefined4 *)(*param_1 + 4) = 0;
+ uVar2 = uVar1 | 1;
+ if ((uVar1 >> 0x16 & 1) != (uint)(param_3 == 5)) {
+ uVar5 = uVar1 >> 0xf & 0x7f;
+ if (uVar5 != 0) {
+ *(uint *)(*param_1 + 4) = uVar5;
+ uVar5 = uVar4;
+ if (param_3 == 1) {
+ uVar5 = 5;
+ }
+ uVar2 = uVar1 & 0xffc07fff | 1;
+ *(uint *)(*param_1 + 8) = uVar5;
+ }
+ uVar5 = 0;
+ if (param_3 == 5) {
+ uVar5 = 0x400000;
+ }
+ uVar2 = uVar5 | uVar2 & 0xffbfffff;
+ }
+ uVar5 = uVar2 >> 0xf & 0x7f;
+ uVar6 = uVar5 + 1;
+ if ((0x7f < uVar6) || (uVar6 < (uVar2 >> 0xf & 0x7f))) {
+ *(int *)(*param_1 + 8) = param_3;
+ *(uint *)(*param_1 + 4) = uVar5;
+ uVar6 = uVar4;
+ }
+ LOCK();
+ bVar7 = uVar1 != Feature_3628230972__private_reporting;
+ uVar5 = uVar1;
+ uVar2 = uVar2 ^ (uVar6 << 0xf ^ uVar2) & 0x3f8000;
+ if (bVar7) {
+ uVar5 = Feature_3628230972__private_reporting;
+ uVar2 = Feature_3628230972__private_reporting;
+ }
+ Feature_3628230972__private_reporting = uVar2;
+ UNLOCK();
+ } while (bVar7);
+ }
+ *(uint *)*param_1 = ~uVar1 & 1;
+LAB_1800327b4:
+ *(uint *)param_1[1] = uVar3;
+ return param_1;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_FeatureReporting_ReportUsageToService |
| fullname | wil_details_FeatureReporting_ReportUsageToService |
| refcount | 2 |
| length | 540 |
| called | API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetModuleHandleW API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetProcAddress __security_check_cookie _guard_dispatch_icall wil_details_FeatureReporting_RecordUsageInCache |
| calling | Feature_3628230972__private_IsEnabled |
| paramcount | 4 |
| address | 1800327d8 |
| sig | undefined __fastcall wil_details_FeatureReporting_ReportUsageToService(int param_1, undefined8 param_2, int param_3, int param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_FeatureReporting_ReportUsageToService
+++ wil_details_FeatureReporting_ReportUsageToService
@@ -0,0 +1,98 @@
+
+/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
+/* WARNING: Exceeded maximum restarts with more pending */
+
+void wil_details_FeatureReporting_ReportUsageToService
+ (int param_1,undefined8 param_2,int param_3,int param_4)
+
+{
+ uint6 uVar1;
+ undefined (*pauVar2) [16];
+ uint uVar3;
+ byte bVar4;
+ undefined auStack_c8 [32];
+ int *local_a8;
+ undefined8 local_a0;
+ undefined local_98;
+ undefined8 local_90;
+ ulonglong local_78;
+ int local_70 [2];
+ undefined local_68 [24];
+ int local_50;
+ undefined4 uStack_4c;
+ undefined4 uStack_48;
+ undefined4 uStack_44;
+ undefined8 local_40;
+ ulonglong local_38;
+
+ local_38 = __security_cookie ^ (ulonglong)auStack_c8;
+ if (param_4 == 0) {
+LAB_1800328b2:
+ uVar3 = 0xff;
+ }
+ else if (param_4 == 1) {
+ uVar3 = ~-(uint)(param_3 != 0) & 4;
+ }
+ else if (param_4 == 2) {
+ uVar3 = (-(uint)(param_3 != 0) & 0xfffffffc) + 5;
+ }
+ else if (param_4 == 3) {
+ uVar3 = (-(uint)(param_3 != 0) & 0xfffffffc) + 6;
+ }
+ else if (param_4 == 4) {
+ uVar3 = (-(uint)(param_3 != 0) & 0xfffffffc) + 7;
+ }
+ else if (param_4 == 5) {
+ uVar3 = (-(uint)(param_3 != 0) & 0xfffffffe) + 10;
+ }
+ else if (param_4 == 6) {
+ uVar3 = (-(uint)(param_3 != 0) & 0xfffffffe) + 0xb;
+ }
+ else {
+ bVar4 = (char)param_4 + 0x9c;
+ if (0x31 < bVar4) goto LAB_1800328b2;
+ uVar3 = (-(uint)(param_3 != 0) & 0xffffffce) + 0x96 + (uint)bVar4;
+ }
+ local_70[0] = param_4;
+ pauVar2 = wil_details_FeatureReporting_RecordUsageInCache
+ ((undefined (*) [16])local_68,param_2,uVar3);
+ local_50 = *(int *)*pauVar2;
+ uStack_4c = *(undefined4 *)(*pauVar2 + 4);
+ uStack_48 = *(undefined4 *)(*pauVar2 + 8);
+ uStack_44 = *(undefined4 *)(*pauVar2 + 0xc);
+ local_40 = *(undefined8 *)pauVar2[1];
+ if (g_wil_details_recordFeatureUsage != 0) {
+ local_a8 = &local_50;
+ (*(code *)g_wil_details_recordFeatureUsage)
+ (0x2c64e68,uVar3,1,&Feature_3628230972__private_reporting);
+ }
+ if ((param_1 != 0) && (uVar3 != 0xfe)) {
+ local_78._0_6_ = CONCAT24((short)uVar3,0x2c64e68);
+ uVar1 = (uint6)local_78;
+ local_78 = (ulonglong)(uint6)local_78;
+ if ((int)param_2 != 0) {
+ local_78 = CONCAT26(1,uVar1);
+ }
+ if (g_wil_details_pfnRtlNotifyFeatureUsage == (FARPROC)0x0) {
+ if (g_wil_details_ntdllModuleHandle == (HMODULE)0x0) {
+ g_wil_details_ntdllModuleHandle = GetModuleHandleW(L"ntdll.dll");
+ }
+ g_wil_details_pfnRtlNotifyFeatureUsage =
+ GetProcAddress(g_wil_details_ntdllModuleHandle,"RtlNotifyFeatureUsage");
+ if (g_wil_details_pfnRtlNotifyFeatureUsage == (FARPROC)0x0) goto LAB_18003298e;
+ }
+ (*g_wil_details_pfnRtlNotifyFeatureUsage)(&local_78);
+ }
+LAB_18003298e:
+ if (((int)local_40 == 0) && (g_wil_details_pfnFeatureLoggingHook != 0)) {
+ local_90 = 1;
+ local_a8 = local_70;
+ local_98 = 0;
+ local_a0 = 0;
+ (*(code *)g_wil_details_pfnFeatureLoggingHook)
+ (0x2c64e68,&Feature_3628230972_logged_traits,0,param_3);
+ }
+ __security_check_cookie(local_38 ^ (ulonglong)auStack_c8);
+ return;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_GetCurrentFeatureEnabledState |
| fullname | wil_details_GetCurrentFeatureEnabledState |
| refcount | 2 |
| length | 627 |
| called | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::GetProcessHeap API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapFree API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetModuleHandleW API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetProcAddress __security_check_cookie _guard_dispatch_icall wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState wil_details_StagingConfig_Load wil_details_StagingConfig_QueryFeatureState |
| calling | wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState |
| paramcount | 3 |
| address | 1800329fc |
| sig | undefined __fastcall wil_details_GetCurrentFeatureEnabledState(longlong param_1, undefined4 * param_2, undefined * param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_GetCurrentFeatureEnabledState
+++ wil_details_GetCurrentFeatureEnabledState
@@ -0,0 +1,139 @@
+
+/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
+/* WARNING: Exceeded maximum restarts with more pending */
+
+void wil_details_GetCurrentFeatureEnabledState
+ (longlong param_1,undefined4 *param_2,undefined *param_3)
+
+{
+ char cVar1;
+ int iVar2;
+ uint **ppuVar3;
+ byte bVar4;
+ int iVar5;
+ undefined8 uVar6;
+ HANDLE hHeap;
+ uint uVar8;
+ uint uVar9;
+ uint uVar10;
+ char *pcVar11;
+ int iVar12;
+ uint uVar13;
+ undefined8 *puVar14;
+ undefined auStack_1c8 [48];
+ undefined8 local_198;
+ uint local_190;
+ undefined4 uStack_18c;
+ undefined local_188 [16];
+ undefined8 local_178;
+ undefined local_170 [8];
+ undefined8 local_168 [7];
+ LPVOID local_130;
+ int local_118;
+ undefined8 local_108;
+ undefined4 local_100;
+ undefined local_f8 [208];
+ ulonglong local_28;
+ ulonglong uVar7;
+
+ local_28 = __security_cookie ^ (ulonglong)auStack_1c8;
+ cVar1 = *(char *)(param_1 + 0x14);
+ iVar2 = *(int *)(param_1 + 0x10);
+ *param_2 = 1;
+ local_178 = 0;
+ local_108 = 0;
+ uVar13 = (uint)((byte)(cVar1 - 2U) < 2);
+ local_100 = 0;
+ local_188 = ZEXT816(0);
+ if (g_wil_details_pfnRtlQueryFeatureConfiguration == (FARPROC)0x0) {
+ if (g_wil_details_ntdllModuleHandle == (HMODULE)0x0) {
+ g_wil_details_ntdllModuleHandle = GetModuleHandleW(L"ntdll.dll");
+ }
+ pcVar11 = "RtlQueryFeatureConfiguration";
+ g_wil_details_pfnRtlQueryFeatureConfiguration =
+ GetProcAddress(g_wil_details_ntdllModuleHandle,"RtlQueryFeatureConfiguration");
+ if (g_wil_details_pfnRtlQueryFeatureConfiguration == (FARPROC)0x0) {
+ iVar5 = -0x3ffffec7;
+ goto LAB_180032ace;
+ }
+ }
+ pcVar11 = (char *)(ulonglong)(uVar13 ^ 1);
+ param_3 = local_170;
+ iVar5 = (*g_wil_details_pfnRtlQueryFeatureConfiguration)(iVar2,pcVar11,param_3,&local_108);
+LAB_180032ace:
+ if (iVar5 == 0) {
+ iVar12 = 1;
+ local_178 = CONCAT44(local_178._4_4_,local_108._4_4_ >> 7) & 0xffffffff00000001;
+ uVar13 = local_108._4_4_ >> 4 & 3;
+ uVar8 = local_108._4_4_ >> 6 & 1;
+ }
+ else {
+ if (iVar5 == 0x117) {
+ local_178 = CONCAT44(local_178._4_4_,local_108._4_4_ >> 7) & 0xffffffff00000001;
+ }
+ iVar12 = 0;
+ iVar5 = wil_details_StagingConfig_Load(local_168,pcVar11,param_3,(undefined (*) [16])local_f8);
+ if (iVar5 == 0) {
+ uVar6 = wil_details_StagingConfig_QueryFeatureState
+ ((longlong)local_168,(uint *)local_188,iVar2,uVar13);
+ iVar12 = (int)uVar6;
+ if (local_118 != 0) {
+ hHeap = GetProcessHeap();
+ HeapFree(hHeap,0,local_130);
+ }
+ }
+ uVar13 = local_188._0_4_;
+ uVar8 = local_178._4_4_;
+ }
+ uVar10 = -(uint)(iVar12 != 0) & uVar13 & 3;
+ if (uVar10 == 0) {
+ uVar9 = -(uint)(*(char *)(param_1 + 0x17) != '\0') & 0x10;
+ }
+ else {
+ uVar9 = 0;
+ if (uVar13 == 2) {
+ uVar9 = 0x10;
+ }
+ }
+ uVar13 = uVar9 >> 1 |
+ (uVar10 | -(uint)(uVar8 != 0) & 0x10 | -(uint)((int)local_178 != 0) & 8) << 5 | uVar9;
+ local_198 = (ulonglong)uVar13;
+ if ((uVar9 >> 1 != 0) &&
+ (puVar14 = *(undefined8 **)(param_1 + 0x18), puVar14 != (undefined8 *)0x0)) {
+ do {
+ ppuVar3 = (uint **)*puVar14;
+ if (ppuVar3 == (uint **)0x0) break;
+ if ((*(char *)((longlong)ppuVar3 + 0x16) == '\0') &&
+ (*(char *)((longlong)ppuVar3 + 0x15) == '\0')) {
+ local_190 = **ppuVar3;
+ if ((local_190 & 1) == 0) {
+ uVar7 = wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
+ (*ppuVar3,CONCAT44(uStack_18c,local_190),(undefined *)ppuVar3);
+ bVar4 = (byte)uVar7;
+ }
+ else {
+ bVar4 = (byte)local_190;
+ }
+ if ((uVar13 & 8) == 0) goto LAB_180032c30;
+ bVar4 = bVar4 & 8;
+LAB_180032c2a:
+ uVar8 = 8;
+ if (bVar4 == 0) goto LAB_180032c30;
+ }
+ else {
+ if ((uVar13 & 8) != 0) {
+ bVar4 = *(byte *)((longlong)ppuVar3 + 0x17);
+ goto LAB_180032c2a;
+ }
+LAB_180032c30:
+ uVar8 = 0;
+ }
+ puVar14 = puVar14 + 1;
+ uVar13 = uVar13 & 0xfffffff7 | uVar8;
+ local_198 = CONCAT44(local_198._4_4_,uVar13);
+ } while (uVar8 != 0);
+ }
+ __security_check_cookie(local_28 ^ (ulonglong)auStack_1c8);
+ return;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState |
| fullname | wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState |
| refcount | 3 |
| length | 236 |
| called | _guard_dispatch_icall wil_details_GetCurrentFeatureEnabledState |
| calling | Feature_3628230972__private_IsEnabled wil_details_GetCurrentFeatureEnabledState |
| paramcount | 3 |
| address | 180032c78 |
| sig | ulonglong __fastcall wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState(uint * param_1, ulonglong param_2, undefined * param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
+++ wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
@@ -0,0 +1,63 @@
+
+/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
+
+ulonglong wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
+ (uint *param_1,ulonglong param_2,undefined *param_3)
+
+{
+ int iVar1;
+ uint uVar2;
+ uint uVar3;
+ uint uVar4;
+ uint uVar5;
+ undefined *puVar6;
+ bool bVar7;
+ uint local_res8 [2];
+ undefined8 local_res10;
+
+ iVar1 = 0;
+ puVar6 = param_3;
+ local_res10 = param_2;
+ if (g_wil_details_ensureSubscribedToFeatureConfigurationChanges != 0) {
+ iVar1 = (*(code *)g_wil_details_ensureSubscribedToFeatureConfigurationChanges)();
+ }
+ uVar2 = wil_details_GetCurrentFeatureEnabledState((longlong)param_3,local_res8,puVar6);
+ if (param_3[0x14] == '\0') {
+ local_res8[0] = local_res8[0] & -(uint)(iVar1 != 0);
+ }
+ while( true ) {
+ uVar5 = (uint)param_2;
+ local_res10 = CONCAT44(local_res10._4_4_,uVar5);
+ uVar4 = uVar5;
+ if ((local_res8[0] != 0) && ((param_2 & 1) == 0)) {
+ uVar3 = (uVar5 ^ uVar2) & 0x278 ^ uVar5;
+ uVar4 = uVar3 | 1;
+ local_res10 = CONCAT44(local_res10._4_4_,uVar3) | 1;
+ }
+ if ((param_2 & 2) == 0) {
+ uVar3 = uVar4 ^ (uVar2 ^ uVar4) & 0x100;
+ uVar4 = uVar3 | 2;
+ local_res10 = CONCAT44(local_res10._4_4_,uVar3) | 2;
+ }
+ LOCK();
+ uVar3 = *param_1;
+ bVar7 = uVar5 == uVar3;
+ if (bVar7) {
+ *param_1 = uVar4;
+ uVar3 = uVar5;
+ }
+ UNLOCK();
+ if (bVar7) break;
+ param_2 = (ulonglong)uVar3;
+ }
+ if (((param_2 & 2) == 0) && (g_wil_details_subscribeFeatureStateCacheToConfigurationChanges != 0))
+ {
+ (*(code *)g_wil_details_subscribeFeatureStateCacheToConfigurationChanges)
+ (param_1,param_3[0x14],iVar1);
+ }
+ if (local_res8[0] == 0) {
+ local_res10 = CONCAT44(local_res10._4_4_,uVar4 ^ (uVar2 ^ uVar4) & 0x278);
+ }
+ return local_res10;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_StagingConfig_Load |
| fullname | wil_details_StagingConfig_Load |
| refcount | 2 |
| length | 747 |
| called | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::GetProcessHeap API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapAlloc API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapFree __security_check_cookie memset wil_details_NtQueryWnfStateData |
| calling | wil_details_GetCurrentFeatureEnabledState |
| paramcount | 4 |
| address | 180032d6c |
| sig | undefined __fastcall wil_details_StagingConfig_Load(undefined8 * param_1, undefined8 param_2, undefined8 param_3, undefined[16] * param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_StagingConfig_Load
+++ wil_details_StagingConfig_Load
@@ -0,0 +1,128 @@
+
+void wil_details_StagingConfig_Load
+ (undefined8 *param_1,undefined8 param_2,undefined8 param_3,undefined (*param_4) [16])
+
+{
+ ushort uVar1;
+ int iVar2;
+ undefined8 uVar3;
+ HANDLE pvVar4;
+ undefined (*pauVar5) [16];
+ ulonglong uVar6;
+ undefined (*lpMem) [16];
+ undefined8 uVar7;
+ SIZE_T SVar8;
+ ulonglong uVar9;
+ ulonglong dwBytes;
+ undefined (*lpMem_00) [16];
+ undefined auStackY_98 [32];
+ uint local_68;
+ int local_64;
+ undefined (*local_60) [16];
+ undefined8 local_58;
+ undefined8 local_50;
+ ulonglong local_48;
+
+ local_48 = __security_cookie ^ (ulonglong)auStackY_98;
+ uVar3 = 0;
+ uVar7 = 0x50;
+ local_60 = param_4;
+ memset(param_1 + 1,0,0x50);
+ lpMem = (undefined (*) [16])0x0;
+ *param_1 = 0;
+ local_58 = 0x418a073aa3bc7c75;
+ dwBytes = -(ulonglong)(param_4 != (undefined (*) [16])0x0) & 200;
+ local_68 = -(uint)(param_4 != (undefined (*) [16])0x0) & 200;
+ uVar3 = wil_details_NtQueryWnfStateData(&local_58,uVar3,uVar7,param_1 + 1,param_4,&local_68);
+ iVar2 = (int)uVar3;
+ pauVar5 = lpMem;
+ lpMem_00 = lpMem;
+ if (iVar2 != 0) goto LAB_180032eaa;
+ pauVar5 = local_60;
+ lpMem_00 = (undefined (*) [16])0x0;
+ if (local_60 != (undefined (*) [16])0x0) goto LAB_180032eaa;
+ do {
+ if (dwBytes < 200) {
+ dwBytes = 200;
+ }
+ if (dwBytes < local_68) {
+ dwBytes = (ulonglong)local_68;
+ }
+ if (dwBytes < 0x10) {
+ dwBytes = 0x10;
+ }
+ if (lpMem != (undefined (*) [16])0x0) {
+ pvVar4 = GetProcessHeap();
+ HeapFree(pvVar4,0,lpMem);
+ }
+ pvVar4 = GetProcessHeap();
+ uVar3 = 0;
+ SVar8 = dwBytes;
+ pauVar5 = (undefined (*) [16])HeapAlloc(pvVar4,0,dwBytes);
+ if (pauVar5 == (undefined (*) [16])0x0) goto LAB_180033033;
+ local_68 = (uint)dwBytes;
+ uVar3 = wil_details_NtQueryWnfStateData(&local_58,uVar3,SVar8,param_1 + 1,pauVar5,&local_68);
+ iVar2 = (int)uVar3;
+ lpMem_00 = pauVar5;
+LAB_180032eaa:
+ lpMem = lpMem_00;
+ } while (iVar2 == -0x3fffffdd);
+ if ((iVar2 != 0) || (pauVar5 == (undefined (*) [16])0x0)) {
+ if (lpMem_00 != (undefined (*) [16])0x0) {
+ pvVar4 = GetProcessHeap();
+ HeapFree(pvVar4,0,lpMem_00);
+ }
+ goto LAB_180033033;
+ }
+ uVar9 = (ulonglong)local_68;
+ if (4 < local_68) {
+ *(undefined *)((longlong)param_1 + 0xc) = (*pauVar5)[0];
+ }
+ if (((local_68 < 0x10) || (*(char *)((longlong)param_1 + 0xc) != '\x02')) ||
+ (*(ushort *)(*pauVar5 + 2) < 0x10)) {
+LAB_180032fb4:
+ local_68 = 0x10;
+ *pauVar5 = ZEXT816(0);
+ *(undefined4 *)*pauVar5 = 0x100202;
+ uVar9 = 0x10;
+ param_1[3] = pauVar5;
+ uVar1 = *(ushort *)(*pauVar5 + 2);
+ param_1[4] = *pauVar5 + uVar1;
+ param_1[5] = *pauVar5 + uVar1 + (ulonglong)*(ushort *)(*pauVar5 + 4) * 0xc;
+ }
+ else {
+ uVar6 = (ulonglong)*(ushort *)(*pauVar5 + 6) * 0x10 + (ulonglong)*(ushort *)(*pauVar5 + 4) * 0xc
+ + (ulonglong)*(ushort *)(*pauVar5 + 2);
+ if (uVar9 < uVar6) goto LAB_180032fb4;
+ local_64 = 0;
+ if (*(ushort *)(*pauVar5 + 4) != 0) {
+ local_50 = 0x418a073aa3bc8075;
+ local_60 = (undefined (*) [16])((ulonglong)local_60 & 0xffffffff00000000);
+ wil_details_NtQueryWnfStateData(&local_50,uVar6,uVar9,&local_64,0,&local_60);
+ uVar9 = (ulonglong)local_68;
+ }
+ param_1[3] = pauVar5;
+ param_1[4] = pauVar5 + 1;
+ param_1[5] = pauVar5[1] + (ulonglong)*(ushort *)(*pauVar5 + 4) * 0xc;
+ *(uint *)(param_1 + 6) = (uint)(local_64 != 0);
+ if (((*pauVar5)[0] == '\x02') && ((byte)(*pauVar5)[1] < 2)) {
+ uVar9 = (ulonglong)
+ ((uint)*(ushort *)(*pauVar5 + 6) * 0x10 +
+ ((uint)*(ushort *)(*pauVar5 + 4) + (uint)*(ushort *)(*pauVar5 + 4) * 2) * 4 +
+ (uint)*(ushort *)(*pauVar5 + 2));
+ *(undefined4 *)(param_1 + 2) = 1;
+ }
+ }
+ param_1[8] = uVar9;
+ uVar9 = 200;
+ if (lpMem_00 != (undefined (*) [16])0x0) {
+ uVar9 = dwBytes;
+ }
+ param_1[7] = pauVar5;
+ param_1[9] = uVar9;
+ *(uint *)(param_1 + 10) = (uint)(pauVar5 == lpMem_00);
+LAB_180033033:
+ __security_check_cookie(local_48 ^ (ulonglong)auStackY_98);
+ return;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | wil_details_StagingConfig_QueryFeatureState |
| fullname | wil_details_StagingConfig_QueryFeatureState |
| refcount | 2 |
| length | 437 |
| called | |
| calling | wil_details_GetCurrentFeatureEnabledState |
| paramcount | 4 |
| address | 180033060 |
| sig | undefined8 __fastcall wil_details_StagingConfig_QueryFeatureState(longlong param_1, uint * param_2, int param_3, int param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- wil_details_StagingConfig_QueryFeatureState
+++ wil_details_StagingConfig_QueryFeatureState
@@ -0,0 +1,109 @@
+
+undefined8
+wil_details_StagingConfig_QueryFeatureState(longlong param_1,uint *param_2,int param_3,int param_4)
+
+{
+ uint uVar1;
+ longlong lVar2;
+ longlong lVar3;
+ undefined8 uVar4;
+ uint uVar5;
+ int *piVar6;
+ ulonglong uVar7;
+ uint uVar8;
+ undefined8 uVar9;
+ undefined8 local_38;
+ uint local_30;
+
+ lVar2 = *(longlong *)(param_1 + 0x18);
+ lVar3 = *(longlong *)(param_1 + 0x20);
+ uVar8 = 0;
+ uVar1 = 1;
+ uVar9 = 1;
+ uVar7 = 0;
+ if (*(ushort *)(lVar2 + 4) != 0) {
+ do {
+ if (*(int *)(lVar3 + uVar7 * 0xc) == param_3) {
+ if ((param_4 == 0) || (*(int *)(param_1 + 0x30) == 0)) {
+ local_38 = *(undefined8 *)(lVar3 + uVar7 * 0xc);
+ local_30 = *(uint *)(lVar3 + 8 + uVar7 * 0xc);
+ uVar8 = uVar1;
+ if ((*(byte *)(lVar3 + 4 + uVar7 * 0xc) & 1) != 0) break;
+ }
+ else if ((*(byte *)(lVar3 + 4 + uVar7 * 0xc) & 1) == 0) {
+ local_38 = *(undefined8 *)(lVar3 + uVar7 * 0xc);
+ local_30 = *(uint *)(lVar3 + 8 + uVar7 * 0xc);
+ goto LAB_180033106;
+ }
+ }
+ uVar5 = (int)uVar7 + 1;
+ uVar7 = (ulonglong)uVar5;
+ } while (uVar5 < *(ushort *)(lVar2 + 4));
+ }
+ uVar4 = 0;
+ if (uVar8 != 0) {
+LAB_180033106:
+ if ((param_4 == 0) || (lVar3 = 0xc, *(int *)(param_1 + 0x30) == 0)) {
+ lVar3 = 8;
+ }
+ uVar8 = *(uint *)(lVar3 + lVar2);
+ uVar5 = local_38._4_4_;
+ if ((uVar8 & 4) != 0) {
+ uVar5 = local_38._4_4_ & 0xffffcfff;
+ }
+ if ((uVar8 & 2) != 0) {
+ uVar5 = uVar5 & 0xfffff3ff;
+ }
+ if ((uVar8 & 1) != 0) {
+ uVar5 = uVar5 & 0xfffffcff;
+ }
+ if ((uVar8 & 8) != 0) {
+ uVar5 = uVar5 & 0xc0ffffff;
+ local_30 = 0;
+ }
+ if ((int)local_38 != 0) {
+ if (((((uVar5 >> 0xc | uVar5 >> 10 | uVar5 >> 8) & 3) != 0) || ((uVar5 & 0x3f000000) != 0)) ||
+ ((uVar5 & 2) != 0)) {
+ param_2[3] = local_30;
+ param_2[2] = uVar5 >> 0x1e;
+ *(byte *)(param_2 + 1) = (byte)(uVar5 >> 0x18) & 0x3f;
+ param_2[5] = uVar5 >> 1 & 1;
+ uVar8 = uVar5 >> 0xc & 3;
+ uVar4 = uVar9;
+ if (uVar8 == 0) {
+ uVar8 = uVar5 >> 10 & 3;
+ if (uVar8 == 0) {
+ uVar8 = uVar5 >> 8 & 3;
+ if (uVar8 != 0) {
+ *param_2 = uVar8;
+ }
+ }
+ else {
+ *param_2 = uVar8;
+ }
+ }
+ else {
+ *param_2 = uVar8;
+ }
+ goto LAB_1800331cd;
+ }
+ }
+ uVar4 = 0;
+ }
+LAB_1800331cd:
+ uVar5 = 0;
+ piVar6 = *(int **)(param_1 + 0x28);
+ uVar8 = 0;
+ if (*(ushort *)(lVar2 + 6) != 0) {
+ do {
+ uVar8 = uVar1;
+ if (*piVar6 == param_3) break;
+ uVar5 = uVar5 + 1;
+ piVar6 = piVar6 + 4;
+ uVar8 = 0;
+ } while (uVar5 < *(ushort *)(lVar2 + 6));
+ }
+ param_2[4] = uVar8;
+ return uVar4;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | Feature_3628230972__private_IsEnabled |
| fullname | Feature_3628230972__private_IsEnabled |
| refcount | 2 |
| length | 97 |
| called | wil_details_FeatureReporting_ReportUsageToService wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState |
| calling | copy_from_lzss_window |
| paramcount | 0 |
| address | 18003321c |
| sig | uint __fastcall Feature_3628230972__private_IsEnabled(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- Feature_3628230972__private_IsEnabled
+++ Feature_3628230972__private_IsEnabled
@@ -0,0 +1,23 @@
+
+uint Feature_3628230972__private_IsEnabled(void)
+
+{
+ uint uVar1;
+ ulonglong uVar2;
+ uint uVar3;
+ undefined4 uStackX_c;
+
+ uVar1 = Feature_3628230972__private_featureState;
+ if ((Feature_3628230972__private_featureState & 1) == 0) {
+ uVar2 = wil_details_FeatureStateCache_ReevaluateCachedFeatureEnabledState
+ (&Feature_3628230972__private_featureState,
+ CONCAT44(uStackX_c,Feature_3628230972__private_featureState),
+ (undefined *)&Feature_3628230972__private_descriptor);
+ uVar1 = (uint)uVar2;
+ }
+ uVar3 = uVar1 >> 3 & 1;
+ wil_details_FeatureReporting_ReportUsageToService
+ (uVar1 >> 8 & 1,(ulonglong)(uVar1 >> 9 & 1),uVar3,3);
+ return uVar3;
+}
+
| Key | archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| name | GetModuleHandleW |
| fullname | API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetModuleHandleW |
| refcount | 4 |
| length | 0 |
| called | |
| calling | wil_details_FeatureReporting_ReportUsageToService wil_details_GetCurrentFeatureEnabledState wil_details_NtQueryWnfStateData |
| paramcount | 1 |
| address | EXTERNAL:0000008d |
| sig | HMODULE __stdcall GetModuleHandleW(LPCWSTR lpModuleName) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | True |
No code available for API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0.DLL::GetModuleHandleW
Modified functions contain code changes
| Key | archiveint.dll.x64.10.0.19041.3636 - archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| diff_type | code,length,sig,address,called |
| ratio | 0.21 |
| i_ratio | 0.59 |
| m_ratio | 0.94 |
| b_ratio | 0.96 |
| match_types | SymbolsHash |
| Key | archiveint.dll.x64.10.0.19041.3636 | archiveint.dll.x64.10.0.19041.3930 |
|---|---|---|
| name | copy_from_lzss_window | copy_from_lzss_window |
| fullname | copy_from_lzss_window | copy_from_lzss_window |
| refcount | 3 | 3 |
length |
325 | 354 |
called |
API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL::_o_malloc archive_set_error memcpy |
API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL::_o_malloc Feature_3628230972__private_IsEnabled archive_set_error memcpy |
| calling | read_data_compressed | read_data_compressed |
| paramcount | 4 | 4 |
address |
1800363d4 | 1800371f4 |
sig |
undefined8 __fastcall copy_from_lzss_window(longlong param_1, undefined8 * param_2, uint param_3, int param_4) | undefined8 __fastcall copy_from_lzss_window(longlong param_1, undefined8 * param_2, uint param_3, LPCWSTR param_4) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- copy_from_lzss_window called
+++ copy_from_lzss_window called
@@ -1,0 +2 @@
+Feature_3628230972__private_IsEnabled--- copy_from_lzss_window
+++ copy_from_lzss_window
@@ -1,65 +1,66 @@
-undefined8 copy_from_lzss_window(longlong param_1,undefined8 *param_2,uint param_3,int param_4)
+undefined8 copy_from_lzss_window(longlong param_1,undefined8 *param_2,uint param_3,LPCWSTR param_4)
{
- uint uVar1;
- longlong lVar2;
- LPCWSTR pWVar3;
- undefined8 uVar4;
- uint uVar5;
+ longlong lVar1;
+ uint uVar2;
+ uint uVar3;
+ uint uVar4;
void *_Dst;
- undefined4 uVar6;
+ undefined4 uVar5;
void *_Src;
- size_t _Size;
+ undefined8 uVar6;
int iVar7;
char *pcVar8;
+ uint uVar9;
- uVar4 = 0;
- _Size = (size_t)param_4;
- lVar2 = **(longlong **)(param_1 + 0x9a8);
- pWVar3 = *(LPCWSTR *)(lVar2 + 0xd0);
- if (pWVar3 == (LPCWSTR)0x0) {
- pWVar3 = (LPCWSTR)_o_malloc(*(undefined4 *)(lVar2 + 200));
- *(LPCWSTR *)(lVar2 + 0xd0) = pWVar3;
- if (pWVar3 != (LPCWSTR)0x0) goto LAB_0;
- pcVar8 = "Unable to allocate memory for uncompressed data.";
- uVar6 = 0xc;
-LAB_1:
- archive_set_error(param_1,uVar6,pcVar8,pWVar3);
- uVar4 = 0xffffffe2;
- }
- else {
-LAB_0:
- uVar1 = *(uint *)(lVar2 + 0x348);
- uVar5 = uVar1 & param_3;
- if ((int)(uVar1 + 1) < (int)(uVar5 + param_4)) {
- if (((int)(uVar1 + 1) < param_4) || (iVar7 = (uVar1 - uVar5) + 1, iVar7 < 0)) {
- pcVar8 = "Bad RAR file data";
- uVar6 = 0x2a;
- goto LAB_1;
- }
- _Src = (void *)((longlong)(int)uVar5 + *(longlong *)(lVar2 + 0x340));
- _Dst = (void *)((ulonglong)*(uint *)(lVar2 + 0xc4) + (longlong)pWVar3);
- if (iVar7 < param_4) {
- memcpy(_Dst,_Src,(longlong)iVar7);
- _Src = *(void **)(lVar2 + 0x340);
- _Size = (size_t)(param_4 - iVar7);
- _Dst = (void *)((ulonglong)(uint)(*(int *)(lVar2 + 0xc4) + iVar7) +
- *(longlong *)(lVar2 + 0xd0));
+ uVar9 = (uint)param_4;
+ lVar1 = **(longlong **)(param_1 + 0x9a8);
+ uVar3 = Feature_3628230972__private_IsEnabled();
+ uVar6 = 0;
+ if ((uVar3 == 0) || ((-1 < (int)uVar9 && (uVar9 <= *(uint *)(lVar1 + 200))))) {
+ param_4 = *(LPCWSTR *)(lVar1 + 0xd0);
+ if (param_4 == (LPCWSTR)0x0) {
+ param_4 = (LPCWSTR)_o_malloc(*(undefined4 *)(lVar1 + 200));
+ *(LPCWSTR *)(lVar1 + 0xd0) = param_4;
+ if (param_4 == (LPCWSTR)0x0) {
+ pcVar8 = "Unable to allocate memory for uncompressed data.";
+ uVar5 = 0xc;
+ goto LAB_0;
}
}
- else {
- _Src = (void *)((longlong)(int)uVar5 + *(longlong *)(lVar2 + 0x340));
- _Dst = (void *)((ulonglong)*(uint *)(lVar2 + 0xc4) + (longlong)pWVar3);
+ uVar3 = *(uint *)(lVar1 + 0x348);
+ uVar4 = uVar3 & param_3;
+ uVar2 = uVar9;
+ if ((int)(uVar4 + uVar9) <= (int)(uVar3 + 1)) {
+ _Src = (void *)((longlong)(int)uVar4 + *(longlong *)(lVar1 + 0x340));
+ _Dst = (void *)((ulonglong)*(uint *)(lVar1 + 0xc4) + (longlong)param_4);
+LAB_1:
+ memcpy(_Dst,_Src,(longlong)(int)uVar2);
+ *(int *)(lVar1 + 0xc4) = *(int *)(lVar1 + 0xc4) + uVar9;
+ if (*(uint *)(lVar1 + 200) <= *(uint *)(lVar1 + 0xc4)) {
+ uVar6 = *(undefined8 *)(lVar1 + 0xd0);
+ }
+ *param_2 = uVar6;
+ return 0;
}
- memcpy(_Dst,_Src,_Size);
- *(int *)(lVar2 + 0xc4) = *(int *)(lVar2 + 0xc4) + param_4;
- if (*(uint *)(lVar2 + 200) <= *(uint *)(lVar2 + 0xc4)) {
- uVar4 = *(undefined8 *)(lVar2 + 0xd0);
+ if (((int)uVar9 <= (int)(uVar3 + 1)) && (iVar7 = (uVar3 - uVar4) + 1, -1 < iVar7)) {
+ _Src = (void *)((longlong)(int)uVar4 + *(longlong *)(lVar1 + 0x340));
+ _Dst = (void *)((ulonglong)*(uint *)(lVar1 + 0xc4) + (longlong)param_4);
+ if (iVar7 < (int)uVar9) {
+ memcpy(_Dst,_Src,(longlong)iVar7);
+ _Src = *(void **)(lVar1 + 0x340);
+ _Dst = (void *)((ulonglong)(uint)(*(int *)(lVar1 + 0xc4) + iVar7) +
+ *(longlong *)(lVar1 + 0xd0));
+ uVar2 = uVar9 - iVar7;
+ }
+ goto LAB_1;
}
- *param_2 = uVar4;
- uVar4 = 0;
}
- return uVar4;
+ pcVar8 = "Bad RAR file data";
+ uVar5 = 0x2a;
+LAB_0:
+ archive_set_error(param_1,uVar5,pcVar8,param_4);
+ return 0xffffffe2;
}
Slightly modified functions have no code changes, rather differnces in:
- refcount
- length
- called
- calling
- name
- fullname
| Key | archiveint.dll.x64.10.0.19041.3636 - archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash,ExternalsName |
| Key | archiveint.dll.x64.10.0.19041.3636 | archiveint.dll.x64.10.0.19041.3930 |
|---|---|---|
| name | HeapFree | HeapFree |
| fullname | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapFree | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapFree |
refcount |
6 | 9 |
| length | 0 | 0 |
| called | ||
calling |
__hmac_sha1_cleanup __hmac_sha1_init aes_ctr_init aes_ctr_release zcfree |
__hmac_sha1_cleanup __hmac_sha1_init aes_ctr_init aes_ctr_release wil_details_GetCurrentFeatureEnabledState wil_details_StagingConfig_Load zcfree |
| paramcount | 3 | 3 |
| address | EXTERNAL:0000005e | EXTERNAL:0000005e |
| sig | BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem) | BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | True | True |
--- API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapFree calling
+++ API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapFree calling
@@ -4,0 +5,2 @@
+wil_details_GetCurrentFeatureEnabledState
+wil_details_StagingConfig_Load| Key | archiveint.dll.x64.10.0.19041.3636 - archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash,ExternalsName |
| Key | archiveint.dll.x64.10.0.19041.3636 | archiveint.dll.x64.10.0.19041.3930 |
|---|---|---|
| name | HeapAlloc | HeapAlloc |
| fullname | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapAlloc | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapAlloc |
refcount |
4 | 5 |
| length | 0 | 0 |
| called | ||
calling |
__hmac_sha1_init aes_ctr_init zcalloc |
__hmac_sha1_init aes_ctr_init wil_details_StagingConfig_Load zcalloc |
| paramcount | 3 | 3 |
address |
EXTERNAL:0000005c | EXTERNAL:0000005d |
| sig | LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes) | LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | True | True |
--- API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapAlloc calling
+++ API-MS-WIN-CORE-HEAP-L1-1-0.DLL::HeapAlloc calling
@@ -2,0 +3 @@
+wil_details_StagingConfig_Load| Key | archiveint.dll.x64.10.0.19041.3636 - archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| diff_type | refcount,address |
| ratio | 1.0 |
| i_ratio | 0.88 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | archiveint.dll.x64.10.0.19041.3636 | archiveint.dll.x64.10.0.19041.3930 |
|---|---|---|
| name | __GSHandlerCheck | __GSHandlerCheck |
| fullname | __GSHandlerCheck | __GSHandlerCheck |
refcount |
101 | 104 |
| length | 29 | 29 |
| called | __GSHandlerCheckCommon | __GSHandlerCheckCommon |
| calling | ||
| paramcount | 4 | 4 |
address |
18007eef0 | 18007fd30 |
| sig | undefined8 __fastcall __GSHandlerCheck(undefined8 param_1, ulonglong param_2, undefined8 param_3, longlong param_4) | undefined8 __fastcall __GSHandlerCheck(undefined8 param_1, ulonglong param_2, undefined8 param_3, longlong param_4) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
| Key | archiveint.dll.x64.10.0.19041.3636 - archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 0.62 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | archiveint.dll.x64.10.0.19041.3636 | archiveint.dll.x64.10.0.19041.3930 |
|---|---|---|
| name | __security_check_cookie | __security_check_cookie |
| fullname | __security_check_cookie | __security_check_cookie |
refcount |
113 | 116 |
| length | 33 | 33 |
| called | __report_gsfailure | __report_gsfailure |
calling |
Expand for full list:__archive_check_magic |
Expand for full list:__archive_check_magic |
| paramcount | 1 | 1 |
address |
180079ac0 | 18007a900 |
| sig | void __cdecl __security_check_cookie(uintptr_t _StackCookie) | void __cdecl __security_check_cookie(uintptr_t _StackCookie) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- __security_check_cookie calling
+++ __security_check_cookie calling
@@ -103,0 +104,3 @@
+wil_details_FeatureReporting_ReportUsageToService
+wil_details_GetCurrentFeatureEnabledState
+wil_details_StagingConfig_Load| Key | archiveint.dll.x64.10.0.19041.3636 - archiveint.dll.x64.10.0.19041.3930 |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash,ExternalsName |
| Key | archiveint.dll.x64.10.0.19041.3636 | archiveint.dll.x64.10.0.19041.3930 |
|---|---|---|
| name | GetProcessHeap | GetProcessHeap |
| fullname | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::GetProcessHeap | API-MS-WIN-CORE-HEAP-L1-1-0.DLL::GetProcessHeap |
refcount |
9 | 13 |
| length | 0 | 0 |
| called | ||
calling |
__hmac_sha1_cleanup __hmac_sha1_init aes_ctr_init aes_ctr_release zcalloc zcfree |
__hmac_sha1_cleanup __hmac_sha1_init aes_ctr_init aes_ctr_release wil_details_GetCurrentFeatureEnabledState wil_details_StagingConfig_Load zcalloc zcfree |
| paramcount | 0 | 0 |
address |
EXTERNAL:0000005d | EXTERNAL:0000005c |
| sig | HANDLE __stdcall GetProcessHeap(void) | HANDLE __stdcall GetProcessHeap(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | True | True |
--- API-MS-WIN-CORE-HEAP-L1-1-0.DLL::GetProcessHeap calling
+++ API-MS-WIN-CORE-HEAP-L1-1-0.DLL::GetProcessHeap calling
@@ -4,0 +5,2 @@
+wil_details_GetCurrentFeatureEnabledState
+wil_details_StagingConfig_LoadGenerated with ghidriff version: 0.6.2 on 2024-02-07T06:14:01