- Visual Chart Diff
- Metadata
- Deleted
- Added
- Modified
- NtSetCachedSigningLevel2
- CmpCaptureKeyValueArray
- KeQuerySpeculationControlInformation
- NtSetCachedSigningLevel2$filt$0
- NtSetCachedSigningLevel2$filt$1
- NtSetInformationKey
- XpressBuildHuffmanDecodingTable
- KiOptimizeSpecCtrlSettingsWorker
- AlpcpCreateRegion
- PsUpdateComponentPower
- NtQueryMultipleValueKey
- CmQueryMultipleValueForLayeredKey
- CmpCheckKey
- VrpUpdateKeyInformation
- CmpReferenceSecurityNode
- KiRestoreFeatureBits
- CmQueryMultipleValueKey
- KiDetectHardwareSpecControlFeatures
- CmpValidateHiveSecurityDescriptors
- Modified (No Code Changes)
flowchart LR
NtSetCachedSigningLevel2-6-old<--Match 87%-->NtSetCachedSigningLevel2-6-new
CmpCaptureKeyValueArray-5-old<--Match 39%-->CmpCaptureKeyValueArray-5-new
KeQuerySpeculationControlInformation-0-old<--Match 80%-->KeQuerySpeculationControlInformation-0-new
NtSetCachedSigningLevel2filt0-0-old<--Match 93%-->NtSetCachedSigningLevel2filt0-0-new
NtSetCachedSigningLevel2filt1-0-old<--Match 93%-->NtSetCachedSigningLevel2filt1-0-new
NtSetInformationKey-0-old<--Match 99%-->NtSetInformationKey-0-new
XpressBuildHuffmanDecodingTable-0-old<--Match 99%-->XpressBuildHuffmanDecodingTable-0-new
KiOptimizeSpecCtrlSettingsWorker-0-old<--Match 97%-->KiOptimizeSpecCtrlSettingsWorker-0-new
AlpcpCreateRegion-0-old<--Match 95%-->AlpcpCreateRegion-0-new
PsUpdateComponentPower-0-old<--Match 96%-->PsUpdateComponentPower-0-new
NtQueryMultipleValueKey-6-old<--Match 89%-->NtQueryMultipleValueKey-6-new
CmQueryMultipleValueForLayeredKey-6-old<--Match 99%-->CmQueryMultipleValueForLayeredKey-6-new
CmpCheckKey-7-old<--Match 36%-->CmpCheckKey-7-new
VrpUpdateKeyInformation-6-old<--Match 90%-->VrpUpdateKeyInformation-6-new
CmpReferenceSecurityNode-0-old<--Match 92%-->CmpReferenceSecurityNode-0-new
KiRestoreFeatureBits-0-old<--Match 96%-->KiRestoreFeatureBits-0-new
CmQueryMultipleValueKey-7-old<--Match 99%-->CmQueryMultipleValueKey-7-new
KiDetectHardwareSpecControlFeatures-0-old<--Match 63%-->KiDetectHardwareSpecControlFeatures-0-new
CmpValidateHiveSecurityDescriptors-5-old<--Match 53%-->CmpValidateHiveSecurityDescriptors-5-new
subgraph ntoskrnl.exe.10.0.22621.2283
NtSetCachedSigningLevel2-6-new
CmpCaptureKeyValueArray-5-new
KeQuerySpeculationControlInformation-0-new
NtSetCachedSigningLevel2filt0-0-new
NtSetCachedSigningLevel2filt1-0-new
NtSetInformationKey-0-new
XpressBuildHuffmanDecodingTable-0-new
KiOptimizeSpecCtrlSettingsWorker-0-new
AlpcpCreateRegion-0-new
PsUpdateComponentPower-0-new
NtQueryMultipleValueKey-6-new
CmQueryMultipleValueForLayeredKey-6-new
CmpCheckKey-7-new
VrpUpdateKeyInformation-6-new
CmpReferenceSecurityNode-0-new
KiRestoreFeatureBits-0-new
CmQueryMultipleValueKey-7-new
KiDetectHardwareSpecControlFeatures-0-new
CmpValidateHiveSecurityDescriptors-5-new
subgraph Added
direction LR
CmpKeySecurityIncrementReferenceCount
end
end
subgraph ntoskrnl.exe.10.0.22621.2215
NtSetCachedSigningLevel2-6-old
CmpCaptureKeyValueArray-5-old
KeQuerySpeculationControlInformation-0-old
NtSetCachedSigningLevel2filt0-0-old
NtSetCachedSigningLevel2filt1-0-old
NtSetInformationKey-0-old
XpressBuildHuffmanDecodingTable-0-old
KiOptimizeSpecCtrlSettingsWorker-0-old
AlpcpCreateRegion-0-old
PsUpdateComponentPower-0-old
NtQueryMultipleValueKey-6-old
CmQueryMultipleValueForLayeredKey-6-old
CmpCheckKey-7-old
VrpUpdateKeyInformation-6-old
CmpReferenceSecurityNode-0-old
KiRestoreFeatureBits-0-old
CmQueryMultipleValueKey-7-old
KiDetectHardwareSpecControlFeatures-0-old
CmpValidateHiveSecurityDescriptors-5-old
subgraph Deleted
direction LR
KiSetMicrocodeUpdateOptions
end
end
pie showData
title Function Matches - 99.9967%
"unmatched_funcs_len" : 2
"matched_funcs_len" : 60904
pie showData
title Matched Function Similarity - 99.9573%
"matched_funcs_with_code_changes_len" : 19
"matched_funcs_with_non_code_changes_len" : 7
"matched_funcs_no_changes_len" : 60878
ghidriff --project-location .ghidra_projects --project-name ghidriff --symbols-path .symbols --threaded --log-level INFO --file-log-level INFO --log-path ghidriff.log --max-ram-percent 60.0 --max-section-funcs 200 ntoskrnl.exe.10.0.22621.2215 ntoskrnl.exe.10.0.22621.2283
--old ['bins/ntoskrnl.exe.10.0.22621.2215'] --new [['bins/ntoskrnl.exe.10.0.22621.2283', 'bins/ntoskrnl.exe.10.0.22621.2361']] --engine VersionTrackingDiff --output-path ghidriffs --summary False --project-location .ghidra_projects --project-name ghidriff --symbols-path .symbols --threaded True --force-analysis False --force-diff False --no-symbols False --log-level INFO --file-log-level INFO --log-path ghidriff.log --va False --max-ram-percent 60.0 --print-flags False --jvm-args None --side-by-side False --max-section-funcs 200 --md-title None
wget https://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/D697AA931048000/ntkrnlmp.exe -O ntkrnlmp.exe.x64.10.0.22621.2215
wget https://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/8DB688181048000/ntkrnlmp.exe -O ntkrnlmp.exe.x64.10.0.22621.2283
--- ntoskrnl.exe.10.0.22621.2215 Meta
+++ ntoskrnl.exe.10.0.22621.2283 Meta
@@ -1,44 +1,44 @@
-Program Name: ntoskrnl.exe.10.0.22621.2215
+Program Name: ntoskrnl.exe.10.0.22621.2283
Language ID: x86:LE:64:default (2.14)
Compiler ID: windows
Processor: x86
Endian: Little
Address Size: 64
Minimum Address: 140000000
Maximum Address: ff0000184f
-# of Bytes: 17069684
+# of Bytes: 17069852
# of Memory Blocks: 42
-# of Instructions: 2421882
-# of Defined Data: 76952
+# of Instructions: 2421783
+# of Defined Data: 76962
# of Functions: 30453
-# of Symbols: 245712
+# of Symbols: 245722
# of Data Types: 6104
# of Data Type Categories: 581
Analyzed: true
Compiler: visualstudio:unknown
Created With Ghidra Version: 10.4
-Date Created: Sat Oct 07 11:15:26 UTC 2023
+Date Created: Sat Oct 07 11:15:36 UTC 2023
Executable Format: Portable Executable (PE)
-Executable Location: /workspaces/ghidriff/bins/ntoskrnl.exe.10.0.22621.2215
-Executable MD5: d7344ec390faf38227cd9cc9b2f4f494
-Executable SHA256: 9f0ad49c1a2c0c9f822db8262daa059bd0a0319e986902a699d117d281935191
-FSRL: file:///workspaces/ghidriff/bins/ntoskrnl.exe.10.0.22621.2215?MD5=d7344ec390faf38227cd9cc9b2f4f494
+Executable Location: /workspaces/ghidriff/bins/ntoskrnl.exe.10.0.22621.2283
+Executable MD5: 825a1cffa1af749376542eb35c3cf7cc
+Executable SHA256: d67c38552062a51eef56013bae30eedd2bae1c357067efb50be18a300860dce4
+FSRL: file:///workspaces/ghidriff/bins/ntoskrnl.exe.10.0.22621.2283?MD5=825a1cffa1af749376542eb35c3cf7cc
PDB Age: 1
PDB File: ntkrnlmp.pdb
-PDB GUID: 69071f68-0adf-e36f-178c-6ec06e79e09c
+PDB GUID: 738ed8ff-966e-8502-efe1-7095b9f1f548
PDB Loaded: true
PDB Version: RSDS
PE Property[CompanyName]: Microsoft Corporation
PE Property[FileDescription]: NT Kernel & System
-PE Property[FileVersion]: 10.0.22621.2215 (WinBuild.160101.0800)
+PE Property[FileVersion]: 10.0.22621.2283 (WinBuild.160101.0800)
PE Property[InternalName]: ntkrnlmp.exe
PE Property[LegalCopyright]: © Microsoft Corporation. All rights reserved.
PE Property[OriginalFilename]: ntkrnlmp.exe
PE Property[ProductName]: Microsoft® Windows® Operating System
-PE Property[ProductVersion]: 10.0.22621.2215
+PE Property[ProductVersion]: 10.0.22621.2283
PE Property[Translation]: 4b00409
Preferred Root Namespace Category:
RTTI Found: false
Relocatable: true
SectionAlignment: 4096
Should Ask To Analyze: false
Ghidra ntoskrnl.exe.10.0.22621.2215 Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra ntoskrnl.exe.10.0.22621.2215 Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra ntoskrnl.exe.10.0.22621.2215 Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | false |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search remote symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search remote symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | false |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 512 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
Ghidra ntoskrnl.exe.10.0.22621.2283 Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra ntoskrnl.exe.10.0.22621.2283 Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra ntoskrnl.exe.10.0.22621.2283 Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | false |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search remote symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search remote symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | false |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 512 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
| Stat | Value |
|---|---|
| added_funcs_len | 1 |
| deleted_funcs_len | 1 |
| modified_funcs_len | 26 |
| added_symbols_len | 25 |
| deleted_symbols_len | 23 |
| diff_time | 95.23741364479065 |
| deleted_strings_len | 1 |
| added_strings_len | 0 |
| match_types | Counter({'SymbolsHash': 28005, 'StructuralGraphHash': 695, 'ExactInstructionsFunctionHasher': 146, 'ExactBytesFunctionHasher': 85, 'BulkBasicBlockMnemonicHash': 4}) |
| items_to_process | 76 |
| diff_types | Counter({'address': 24, 'code': 19, 'length': 19, 'refcount': 13, 'called': 5, 'calling': 2, 'sig': 1}) |
| unmatched_funcs_len | 2 |
| total_funcs_len | 60906 |
| matched_funcs_len | 60904 |
| matched_funcs_with_code_changes_len | 19 |
| matched_funcs_with_non_code_changes_len | 7 |
| matched_funcs_no_changes_len | 60878 |
| match_func_similarity_percent | 99.9573% |
| func_match_overall_percent | 99.9967% |
pie showData
title Match Types
"SymbolsHash" : 28005
"ExactBytesFunctionHasher" : 85
"ExactInstructionsFunctionHasher" : 146
"StructuralGraphHash" : 695
"BulkBasicBlockMnemonicHash" : 4
pie showData
title Diff Stats
"added_funcs_len" : 1
"deleted_funcs_len" : 1
"modified_funcs_len" : 26
pie showData
title Symbols
"added_symbols_len" : 25
"deleted_symbols_len" : 23
pie showData
title Strings
"deleted_strings_len" : 1
"added_strings_len" : 0
--- deleted strings
+++ added strings
@@ -1 +0,0 @@
-s_SYSTEM*_140a76b01
| Key | ntoskrnl.exe.10.0.22621.2215 |
|---|---|
| name | KiSetMicrocodeUpdateOptions |
| fullname | KiSetMicrocodeUpdateOptions |
| refcount | 3 |
| length | 105 |
| called | |
| calling | KiOptimizeSpecCtrlSettingsWorker KiRestoreFeatureBits |
| paramcount | 0 |
| address | 14042b46c |
| sig | undefined KiSetMicrocodeUpdateOptions(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- KiSetMicrocodeUpdateOptions
+++ KiSetMicrocodeUpdateOptions
@@ -1,23 +0,0 @@
-
-ulonglong KiSetMicrocodeUpdateOptions(void)
-
-{
- ulonglong uVar1;
- ulonglong uVar2;
-
- uVar1 = KiSpeculationFeatures;
- if ((((KiSpeculationFeatures >> 0x12 & 1) != 0) && ((KiSpeculationFeatures >> 0x13 & 1) != 0)) &&
- ((KiSpeculationFeatures >> 0x14 & 1) == 0)) {
- uVar1 = rdmsr(0x123);
- uVar2 = uVar1 | 0x10;
- if ((KiSpeculationFeatures >> 0x2e & 1) == 0) {
- uVar2 = uVar1 & 0xffffffffffffffef;
- }
- if (uVar2 != uVar1) {
- wrmsr(0x123,uVar2);
- uVar1 = uVar2;
- }
- }
- return uVar1;
-}
-
| Key | ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| name | CmpKeySecurityIncrementReferenceCount |
| fullname | CmpKeySecurityIncrementReferenceCount |
| refcount | 3 |
| length | 71 |
| called | KeBugCheckEx |
| calling | CmpCheckKey CmpReferenceSecurityNode |
| paramcount | 0 |
| address | 14042c408 |
| sig | undefined CmpKeySecurityIncrementReferenceCount(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- CmpKeySecurityIncrementReferenceCount
+++ CmpKeySecurityIncrementReferenceCount
@@ -0,0 +1,23 @@
+
+undefined8
+CmpKeySecurityIncrementReferenceCount(longlong param_1,undefined8 param_2,undefined4 param_3)
+
+{
+ uint uVar1;
+ undefined8 uVar2;
+
+ uVar1 = *(uint *)(param_1 + 0xc);
+ uVar2 = 0;
+ if (uVar1 != 0) {
+ if (uVar1 + 1 < uVar1) {
+ uVar2 = 0xc0000095;
+ }
+ else {
+ *(uint *)(param_1 + 0xc) = uVar1 + 1;
+ }
+ return uVar2;
+ }
+ /* WARNING: Subroutine does not return */
+ KeBugCheckEx(0x51,4,6,param_2,param_3);
+}
+
Modified functions contain code changes
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.57 |
| i_ratio | 0.59 |
| m_ratio | 0.87 |
| b_ratio | 0.87 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | NtSetCachedSigningLevel2 | NtSetCachedSigningLevel2 |
| fullname | NtSetCachedSigningLevel2 | NtSetCachedSigningLevel2 |
| refcount | 3 | 3 |
length |
1177 | 1216 |
| called | ExAllocatePool2 ExFreePoolWithTag ExRaiseDatatypeMisalignment RtlCopyMemory RtlUnicodeStringValidateEx SepCaptureUnicodeStringArray _guard_dispatch_icall |
ExAllocatePool2 ExFreePoolWithTag ExRaiseDatatypeMisalignment RtlCopyMemory RtlUnicodeStringValidateEx SepCaptureUnicodeStringArray _guard_dispatch_icall |
| calling | NtSetCachedSigningLevel | NtSetCachedSigningLevel |
| paramcount | 6 | 6 |
address |
1409cca00 | 1409cca90 |
| sig | undefined NtSetCachedSigningLevel2(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) | undefined NtSetCachedSigningLevel2(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- NtSetCachedSigningLevel2
+++ NtSetCachedSigningLevel2
@@ -1,194 +1,200 @@
/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
int NtSetCachedSigningLevel2
(uint param_1,ulonglong param_2,undefined *param_3,uint param_4,longlong param_5,
uint *param_6)
{
+ size_t _Size;
char cVar1;
byte bVar2;
longlong lVar3;
uint uVar4;
int iVar5;
longlong *_Dst;
- size_t sVar6;
- uint uVar7;
- byte bVar8;
- longlong *plVar9;
- void *local_78;
- longlong local_70;
- longlong *local_68;
- undefined local_60 [32];
- size_t local_40;
+ ulonglong _Size_00;
+ uint uVar6;
+ byte bVar7;
+ longlong *plVar8;
+ void *local_68;
+ longlong local_60;
+ longlong *local_58;
+ undefined local_50 [16];
+ ulonglong local_40;
_Dst = (longlong *)0x0;
- plVar9 = (longlong *)0x0;
- bVar8 = 0;
- local_70 = 0;
- local_78 = (void *)0x0;
- local_60._0_16_ = ZEXT816(0);
+ plVar8 = (longlong *)0x0;
+ bVar7 = 0;
+ local_60 = 0;
+ local_68 = (void *)0x0;
+ local_50 = ZEXT816(0);
cVar1 = *(char *)((longlong)SystemReserved1[15] + 0x232);
if ((param_1 >> 0xd & 1) == 0) {
if (DAT_0 != (code *)0x0) {
if ((param_2 & 0x30) == 0) {
if (0xfff < param_4 - 1) {
LAB_1:
iVar5 = -0x3fffff0e;
goto LAB_2;
}
if (((param_1 & 6) != 0) || ((char)param_2 == '\0')) {
if (((byte)param_1 & 3) == 3) {
LAB_3:
iVar5 = -0x3fffff11;
- _Dst = plVar9;
+ _Dst = plVar8;
goto LAB_2;
}
if (cVar1 == '\x01') {
if ((param_1 & 2) != 0) goto LAB_3;
- uVar7 = param_1 | 1;
+ uVar6 = param_1 | 1;
uVar4 = param_1 & 4;
- param_1 = uVar7;
+ param_1 = uVar6;
if (uVar4 == 0) {
lVar3 = *(longlong *)((longlong)SystemReserved1[15] + 0xb8);
bVar2 = *(byte *)(lVar3 + 0x879);
if ((*(byte *)(lVar3 + 0x87a) & 7) != 1) goto LAB_4;
- bVar8 = *(byte *)(lVar3 + 0x878);
+ bVar7 = *(byte *)(lVar3 + 0x878);
if ((DAT_5 == (code *)0x0) ||
(iVar5 = (*DAT_5)(CONCAT71((int7)((ulonglong)lVar3 >> 8),bVar2) &
0xffffffffffffff0f,
- CONCAT71((int7)(param_2 >> 8),bVar8) & 0xffffffffffffff0f
+ CONCAT71((int7)(param_2 >> 8),bVar7) & 0xffffffffffffff0f
), iVar5 == 0)) {
- bVar8 = bVar2;
- }
- bVar8 = bVar8 & 0xf;
+ bVar7 = bVar2;
+ }
+ bVar7 = bVar7 & 0xf;
}
}
else if ((param_1 & 1) == 0) {
if ((param_1 & 2) == 0) goto LAB_3;
- bVar8 = 8;
+ bVar7 = 8;
}
else {
- bVar8 = 0xf;
- }
- sVar6 = (ulonglong)param_4 * 8;
- _Dst = (longlong *)ExAllocatePool2(0x100,sVar6,0x63734943);
- local_68 = _Dst;
+ bVar7 = 0xf;
+ }
+ _Size = (ulonglong)param_4 * 8;
+ _Dst = (longlong *)ExAllocatePool2(0x100,_Size,0x63734943);
+ local_58 = _Dst;
if (_Dst == (longlong *)0x0) {
iVar5 = -0x3fffff66;
goto LAB_2;
}
if (cVar1 == '\x01') {
if ((ulonglong)param_4 != 0) {
if (((ulonglong)param_3 & 7) != 0) {
/* WARNING: Subroutine does not return */
ExRaiseDatatypeMisalignment();
}
- if ((&DAT_6 < param_3 + sVar6) || (param_3 + sVar6 < param_3)) {
+ if ((&DAT_6 < param_3 + _Size) || (param_3 + _Size < param_3)) {
DAT_6 = 0;
}
}
if (param_6 != (uint *)0x0) {
if (((ulonglong)param_6 & 3) != 0) {
/* WARNING: Subroutine does not return */
ExRaiseDatatypeMisalignment();
}
if ((&DAT_6 < param_6 + 6) || (param_6 + 6 < param_6)) {
DAT_6 = 0;
}
}
}
- RtlCopyMemory(_Dst,param_3,sVar6);
+ RtlCopyMemory(_Dst,param_3,_Size);
if (param_6 != (uint *)0x0) {
if (*param_6 < 0x18) {
iVar5 = -0x3fffff0c;
goto LAB_2;
}
if ((*(short *)(param_6 + 2) != 0) &&
- ((iVar5 = SepCaptureUnicodeStringArray(param_6 + 2,1,cVar1,&local_70), iVar5 < 0 ||
- (iVar5 = RtlUnicodeStringValidateEx(local_70), iVar5 < 0)))) goto LAB_2;
+ ((iVar5 = SepCaptureUnicodeStringArray(param_6 + 2,1,cVar1,&local_60), iVar5 < 0 ||
+ (iVar5 = RtlUnicodeStringValidateEx(local_60), iVar5 < 0)))) goto LAB_2;
}
if ((param_1 & 6) != 0) {
if (param_4 != 1) goto LAB_1;
if (param_5 != *_Dst) {
iVar5 = -0x3fffff0d;
goto LAB_2;
}
}
- iVar5 = (*DAT_0)(param_1 & 0x807,cVar1,param_2 & 0xff,bVar8,_Dst,param_4,param_5,
- local_70);
+ iVar5 = (*DAT_0)(param_1 & 0x807,cVar1,param_2 & 0xff,bVar7,_Dst,param_4,param_5,
+ local_60);
goto LAB_2;
}
}
iVar5 = -0x3fffff10;
- _Dst = plVar9;
+ _Dst = plVar8;
goto LAB_2;
}
}
else if (DAT_7 != (code *)0x0) {
if ((param_6 == (uint *)0x0) || (param_5 == 0)) {
iVar5 = -0x3ffffff3;
- _Dst = plVar9;
+ _Dst = plVar8;
goto LAB_2;
}
if (cVar1 == '\x01') {
if ((*(byte *)(*(longlong *)((longlong)SystemReserved1[15] + 0xb8) + 0x87a) & 7) != 1) {
LAB_4:
iVar5 = -0x3fffffde;
- _Dst = plVar9;
+ _Dst = plVar8;
goto LAB_2;
}
if (((ulonglong)param_6 & 3) != 0) {
/* WARNING: Subroutine does not return */
ExRaiseDatatypeMisalignment();
}
if ((&DAT_6 < param_6 + 6) || (param_6 + 6 < param_6)) {
DAT_6 = 0;
}
- sVar6 = *(size_t *)*(undefined (*) [16])(param_6 + 2);
- local_60._0_16_ = *(undefined (*) [16])(param_6 + 2);
- if (sVar6 != 0) {
- if ((local_60._0_16_ & (undefined [16])0x3) != (undefined [16])0x0) {
+ _Size_00 = *(ulonglong *)*(undefined (*) [16])(param_6 + 2);
+ local_50 = *(undefined (*) [16])(param_6 + 2);
+ if (_Size_00 != 0) {
+ if ((local_50 & (undefined [16])0x3) != (undefined [16])0x0) {
/* WARNING: Subroutine does not return */
ExRaiseDatatypeMisalignment();
}
- if ((0x7fffffff0000 < local_60._8_8_ + sVar6) ||
- (local_60._8_8_ + sVar6 < (ulonglong)local_60._8_8_)) {
+ if ((0x7fffffff0000 < local_50._8_8_ + _Size_00) ||
+ (local_50._8_8_ + _Size_00 < (ulonglong)local_50._8_8_)) {
DAT_6 = 0;
}
}
- local_40 = sVar6;
- if ((local_60._8_8_ == 0) || (sVar6 == 0)) {
+ local_40 = _Size_00;
+ if ((local_50._8_8_ == 0) || (_Size_00 == 0)) {
iVar5 = -0x3ffffff3;
- _Dst = plVar9;
- goto LAB_2;
- }
- local_78 = (void *)ExAllocatePool2(0x103,sVar6,0x63734943);
- if (local_78 == (void *)0x0) {
+ _Dst = plVar8;
+ goto LAB_2;
+ }
+ if (0xffff < _Size_00) {
+ iVar5 = -0x3ffffff3;
+ _Dst = plVar8;
+ goto LAB_2;
+ }
+ local_68 = (void *)ExAllocatePool2(0x103,_Size_00,0x63734943);
+ if (local_68 == (void *)0x0) {
iVar5 = -0x3fffff66;
- _Dst = plVar9;
- goto LAB_2;
- }
- RtlCopyMemory(local_78,(void *)local_60._8_8_,sVar6);
+ _Dst = plVar8;
+ goto LAB_2;
+ }
+ RtlCopyMemory(local_68,(void *)local_50._8_8_,_Size_00);
}
else {
- sVar6 = *(size_t *)(param_6 + 2);
- local_78 = *(void **)(param_6 + 4);
- }
- iVar5 = (*DAT_7)(cVar1,param_5,sVar6,local_78);
+ _Size_00 = *(ulonglong *)(param_6 + 2);
+ local_68 = *(void **)(param_6 + 4);
+ }
+ iVar5 = (*DAT_7)(cVar1,param_5,_Size_00,local_68);
goto LAB_2;
}
iVar5 = -0x3ffffffe;
LAB_2:
- if ((cVar1 == '\x01') && (local_70 != 0)) {
- ExFreePoolWithTag(local_70,0);
+ if ((cVar1 == '\x01') && (local_60 != 0)) {
+ ExFreePoolWithTag(local_60,0);
}
if (_Dst != (longlong *)0x0) {
ExFreePoolWithTag(_Dst,0x63734943);
}
- if ((local_78 != (void *)0x0) && (cVar1 == '\x01')) {
- ExFreePoolWithTag(local_78,0x63734943);
+ if ((local_68 != (void *)0x0) && (cVar1 == '\x01')) {
+ ExFreePoolWithTag(local_68,0x63734943);
}
return iVar5;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,refcount,length,sig,address |
| ratio | 0.23 |
| i_ratio | 0.35 |
| m_ratio | 0.45 |
| b_ratio | 0.39 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmpCaptureKeyValueArray | CmpCaptureKeyValueArray |
| fullname | CmpCaptureKeyValueArray | CmpCaptureKeyValueArray |
refcount |
3 | 2 |
length |
693 | 809 |
| called | CmpAllocateTransientPoolWithQuota CmpDoesBufferRequireCapturing ExRaiseDatatypeMisalignment RtlCopyMemory RtlULongLongAdd SmFreeWrapper |
CmpAllocateTransientPoolWithQuota CmpDoesBufferRequireCapturing ExRaiseDatatypeMisalignment RtlCopyMemory RtlULongLongAdd SmFreeWrapper |
| calling | NtQueryMultipleValueKey | NtQueryMultipleValueKey |
| paramcount | 5 | 6 |
address |
14073696c | 14073639c |
sig |
undefined CmpCaptureKeyValueArray(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5) | undefined CmpCaptureKeyValueArray(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CmpCaptureKeyValueArray
+++ CmpCaptureKeyValueArray
@@ -1,164 +1,182 @@
-void * CmpCaptureKeyValueArray
- (longlong param_1,undefined4 *param_2,char param_3,void **param_4,void **param_5)
+ushort ** CmpCaptureKeyValueArray
+ (longlong param_1,ushort **param_2,char param_3,undefined8 *param_4,
+ undefined8 *param_5,undefined8 *param_6)
{
- ulonglong uVar1;
+ ushort *puVar1;
ushort uVar2;
- undefined8 uVar3;
- ulonglong uVar4;
- undefined4 uVar5;
- undefined4 uVar6;
- undefined4 uVar7;
- undefined auVar8 [16];
- char cVar9;
- int iVar10;
- void *pvVar11;
- void *pvVar12;
- void *pvVar13;
- uint uVar14;
- undefined4 *puVar15;
- void *pvVar16;
- void *pvVar17;
- ushort *puVar18;
+ ushort *puVar3;
+ undefined auVar4 [16];
+ char cVar5;
+ int iVar6;
+ ushort **ppuVar7;
+ ushort **ppuVar8;
+ ushort **ppuVar9;
+ uint uVar10;
+ ushort **ppuVar11;
+ ushort **ppuVar12;
+ ushort **ppuVar13;
+ ulonglong uVar14;
undefined4 extraout_XMM0_Da;
undefined4 extraout_XMM0_Da_00;
undefined4 extraout_XMM0_Da_01;
- undefined4 uVar19;
- uint local_98;
- undefined4 *local_80;
- void *local_78;
- void *local_70;
+ undefined4 extraout_XMM0_Da_02;
+ undefined4 uVar15;
+ uint local_a8;
+ ushort **local_98;
+ ushort **local_90;
+ ushort **local_88;
+ ushort **local_80;
+ ushort **local_78;
+ ushort **local_70;
undefined local_68 [8];
undefined8 uStack_60;
undefined8 *local_58;
- undefined4 *local_50;
- void *local_48;
+ ushort **local_50;
+ ushort **local_48;
- uVar14 = (uint)param_2;
- pvVar16 = (void *)0x0;
- if (uVar14 != 0) {
- param_2 = (undefined4 *)(((ulonglong)param_2 & 0xffffffff) << 5);
- pvVar11 = (void *)CmpAllocateTransientPoolWithQuota(param_1,param_2,0x33384d43);
- pvVar13 = pvVar16;
- local_70 = pvVar11;
- if (pvVar11 == (void *)0x0) {
-LAB_0:
- pvVar16 = (void *)0xc000009a;
- goto LAB_1;
+ uVar10 = (uint)param_2;
+ uVar14 = (ulonglong)param_2 & 0xffffffff;
+ ppuVar13 = (ushort **)0x0;
+ local_90 = (ushort **)0x0;
+ ppuVar7 = ppuVar13;
+ ppuVar8 = ppuVar13;
+ ppuVar9 = ppuVar13;
+ if (uVar10 == 0) goto LAB_0;
+ param_2 = (ushort **)(uVar14 * 0x18);
+ ppuVar7 = (ushort **)CmpAllocateTransientPoolWithQuota(param_1,param_2,0x33384d43);
+ local_78 = ppuVar7;
+ if (ppuVar7 != (ushort **)0x0) {
+ uVar15 = extraout_XMM0_Da;
+ ppuVar9 = (ushort **)0x0;
+ if (param_3 != '\0') {
+ param_2 = (ushort **)(uVar14 << 4);
+ ppuVar8 = (ushort **)CmpAllocateTransientPoolWithQuota(extraout_XMM0_Da,param_2,0x33384d43);
+ uVar15 = extraout_XMM0_Da_00;
+ local_90 = ppuVar8;
+ if (ppuVar8 == (ushort **)0x0) goto LAB_1;
}
- local_80 = (undefined4 *)0x0;
- local_98 = 0;
- pvVar12 = pvVar16;
- uVar19 = extraout_XMM0_Da;
- while ((uint)pvVar12 < uVar14) {
- param_2 = (undefined4 *)((longlong)pvVar12 * 0x20 + (longlong)pvVar11);
- local_58 = (undefined8 *)(param_1 + (longlong)pvVar12 * 0x18);
- local_50 = (undefined4 *)*local_58;
- if (param_3 == '\0') {
- uVar19 = *local_50;
- uVar5 = local_50[1];
- uVar6 = local_50[2];
- uVar7 = local_50[3];
- *param_2 = uVar19;
- param_2[1] = uVar5;
- param_2[2] = uVar6;
- param_2[3] = uVar7;
- }
- else {
- puVar15 = local_50;
- if ((undefined4 *)0x7ffffffeffff < local_50) {
- puVar15 = (undefined4 *)&DAT_2;
+ local_98 = (ushort **)0x0;
+ local_a8 = 0;
+ ppuVar11 = ppuVar13;
+ while ((uint)ppuVar11 < uVar10) {
+ local_80 = ppuVar7 + (longlong)ppuVar11 * 3;
+ local_58 = (undefined8 *)(param_1 + (longlong)ppuVar11 * 0x18);
+ local_50 = (ushort **)*local_58;
+ ppuVar12 = local_50;
+ if (param_3 != '\0') {
+ param_2 = ppuVar8 + (longlong)ppuVar11 * 2;
+ ppuVar11 = local_50;
+ if ((ushort **)0x7ffffffeffff < local_50) {
+ ppuVar11 = (ushort **)&DAT_2;
}
- uVar19 = *puVar15;
+ uVar15 = *(undefined4 *)ppuVar11;
stack0xffffffffffffff9c = SUB1612(ZEXT816(0),4);
- local_68._0_4_ = uVar19;
- uVar3 = *(undefined8 *)(puVar15 + 2);
- uStack_60 = uVar3;
- auVar8 = _local_68;
- uStack_60._0_4_ = (undefined4)uVar3;
- uStack_60._4_4_ = (undefined4)((ulonglong)uVar3 >> 0x20);
- *param_2 = uVar19;
- param_2[1] = 0;
- param_2[2] = (undefined4)uStack_60;
- param_2[3] = uStack_60._4_4_;
- _local_68 = auVar8;
+ local_68._0_4_ = uVar15;
+ puVar3 = ppuVar11[1];
+ uStack_60 = puVar3;
+ auVar4 = _local_68;
+ uStack_60._0_4_ = SUB84(puVar3,0);
+ uStack_60._4_4_ = (undefined4)((ulonglong)puVar3 >> 0x20);
+ *(undefined4 *)param_2 = uVar15;
+ *(undefined4 *)((longlong)param_2 + 4) = 0;
+ *(undefined4 *)(param_2 + 1) = (undefined4)uStack_60;
+ *(undefined4 *)((longlong)param_2 + 0xc) = uStack_60._4_4_;
+ local_70 = param_2;
+ _local_68 = auVar4;
if (*(ushort *)param_2 != 0) {
- uVar4 = *(ulonglong *)(param_2 + 2);
- if ((uVar4 & 1) != 0) {
+ puVar3 = param_2[1];
+ if (((ulonglong)puVar3 & 1) != 0) {
/* WARNING: Subroutine does not return */
ExRaiseDatatypeMisalignment();
}
- uVar1 = uVar4 + *(ushort *)param_2;
- if ((0x7fffffff0000 < uVar1) || (uVar1 < uVar4)) {
+ puVar1 = (ushort *)((longlong)puVar3 + (ulonglong)*(ushort *)param_2);
+ if ((&DAT_2 < puVar1) || (puVar1 < puVar3)) {
DAT_2 = 0;
}
}
+ ppuVar12 = param_2;
if ((*(byte *)param_2 & 1) != 0) {
- pvVar16 = (void *)0xc000000d;
- pvVar13 = (void *)0x0;
- goto LAB_1;
+ ppuVar13 = (ushort **)0xc000000d;
+ ppuVar9 = (ushort **)0x0;
+ goto LAB_0;
}
}
- puVar15 = (undefined4 *)(ulonglong)*(ushort *)param_2;
- if (*(ushort *)param_2 == 0) {
- *(undefined8 *)(param_2 + 2) = 0;
- *(ushort *)((longlong)param_2 + 2) = 0;
+ *local_80 = (ushort *)ppuVar12;
+ param_2 = (ushort **)(ulonglong)*(ushort *)ppuVar12;
+ if (*(ushort *)ppuVar12 == 0) {
+ ppuVar12[1] = (ushort *)0x0;
+ *(undefined2 *)((longlong)ppuVar12 + 2) = 0;
}
else {
- cVar9 = CmpDoesBufferRequireCapturing((int)param_3,*(undefined8 *)(param_2 + 2));
- uVar19 = extraout_XMM0_Da_00;
- if ((cVar9 != '\0') &&
- (iVar10 = RtlULongLongAdd(local_80,puVar15,&local_80), uVar19 = extraout_XMM0_Da_01,
- iVar10 < 0)) {
- param_2 = puVar15;
- pvVar16 = (void *)0xc000009a;
- goto LAB_1;
+ cVar5 = CmpDoesBufferRequireCapturing((int)param_3,ppuVar12[1]);
+ uVar15 = extraout_XMM0_Da_01;
+ if ((cVar5 != '\0') &&
+ (iVar6 = RtlULongLongAdd(local_98,param_2,&local_98), uVar15 = extraout_XMM0_Da_02,
+ iVar6 < 0)) {
+ ppuVar13 = (ushort **)0xc000009a;
+ goto LAB_0;
}
}
- local_98 = local_98 + 1;
- pvVar12 = (void *)(ulonglong)local_98;
+ local_a8 = local_a8 + 1;
+ ppuVar11 = (ushort **)(ulonglong)local_a8;
}
- param_2 = local_80;
- if (local_80 == (undefined4 *)0x0) {
- *param_4 = pvVar11;
+ param_2 = local_98;
+ if (local_98 == (ushort **)0x0) {
+ *param_4 = ppuVar7;
+ *param_5 = ppuVar8;
+ ppuVar7 = ppuVar13;
+ ppuVar8 = ppuVar13;
+ ppuVar9 = ppuVar13;
+ goto LAB_0;
}
- else {
- pvVar13 = (void *)CmpAllocateTransientPoolWithQuota(uVar19,local_80,0x33384d43);
- pvVar12 = pvVar16;
- pvVar17 = pvVar16;
- local_78 = pvVar13;
- if (pvVar13 == (void *)0x0) goto LAB_0;
- for (; (uint)pvVar12 < uVar14; pvVar12 = (void *)(ulonglong)((uint)pvVar12 + 1)) {
- puVar18 = (ushort *)((longlong)pvVar12 * 0x20 + (longlong)pvVar11);
- uVar2 = *puVar18;
+ ppuVar9 = (ushort **)CmpAllocateTransientPoolWithQuota(uVar15,local_98,0x33384d43);
+ local_88 = ppuVar9;
+ if (ppuVar9 != (ushort **)0x0) {
+ local_98 = (ushort **)0x0;
+ ppuVar11 = ppuVar13;
+ for (ppuVar12 = ppuVar13; (uint)ppuVar12 < uVar10;
+ ppuVar12 = (ushort **)(ulonglong)((uint)ppuVar12 + 1)) {
+ puVar3 = ppuVar7[(longlong)ppuVar12 * 3];
+ uVar2 = *puVar3;
if (uVar2 != 0) {
- puVar15 = *(undefined4 **)(puVar18 + 4);
- param_2 = puVar15;
- cVar9 = CmpDoesBufferRequireCapturing((int)param_3);
- if (cVar9 != '\0') {
- RtlCopyMemory((void *)((longlong)pvVar13 + (longlong)pvVar17),puVar15,(ulonglong)uVar2);
- *(void **)(puVar18 + 4) = (void *)((longlong)pvVar13 + (longlong)pvVar17);
- puVar18[1] = *puVar18;
- pvVar17 = (void *)((longlong)pvVar17 + (ulonglong)*puVar18);
- param_2 = puVar15;
- local_48 = pvVar17;
+ param_2 = *(ushort ***)(puVar3 + 4);
+ local_80 = param_2;
+ cVar5 = CmpDoesBufferRequireCapturing((int)param_3);
+ if (cVar5 != '\0') {
+ param_2 = local_80;
+ RtlCopyMemory((void *)((longlong)ppuVar11 + (longlong)ppuVar9),local_80,(ulonglong)uVar2
+ );
+ *(void **)(puVar3 + 4) = (void *)((longlong)ppuVar11 + (longlong)ppuVar9);
+ puVar3[1] = *puVar3;
+ ppuVar11 = (ushort **)((longlong)local_98 + (ulonglong)*puVar3);
+ local_98 = ppuVar11;
+ local_48 = ppuVar11;
}
}
}
- *param_4 = pvVar11;
- *param_5 = pvVar13;
+ *param_4 = ppuVar7;
+ *param_5 = ppuVar8;
+ *param_6 = ppuVar9;
+ ppuVar7 = ppuVar13;
+ ppuVar8 = ppuVar13;
+ ppuVar9 = ppuVar13;
+ goto LAB_0;
}
}
- pvVar11 = (void *)0x0;
- pvVar13 = pvVar11;
LAB_1:
- if (pvVar11 != (void *)0x0) {
- SmFreeWrapper(pvVar11,param_2);
+ ppuVar13 = (ushort **)0xc000009a;
+LAB_0:
+ if (ppuVar7 != (ushort **)0x0) {
+ SmFreeWrapper(ppuVar7,param_2);
}
- if (pvVar13 != (void *)0x0) {
- SmFreeWrapper(pvVar13,param_2);
+ if (ppuVar8 != (ushort **)0x0) {
+ SmFreeWrapper(ppuVar8,param_2);
}
- return pvVar16;
+ if (ppuVar9 != (ushort **)0x0) {
+ SmFreeWrapper(ppuVar9,param_2);
+ }
+ return ppuVar13;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.86 |
| i_ratio | 0.68 |
| m_ratio | 0.72 |
| b_ratio | 0.8 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | KeQuerySpeculationControlInformation | KeQuerySpeculationControlInformation |
| fullname | KeQuerySpeculationControlInformation | KeQuerySpeculationControlInformation |
| refcount | 2 | 2 |
length |
1270 | 1136 |
| called | HvlQueryL1tfMitigationInformation KeKvaShadowingActive KiIsFbClearSupported RtlCopyMemory memset |
HvlQueryL1tfMitigationInformation KeKvaShadowingActive KiIsFbClearSupported RtlCopyMemory memset |
| calling | ExpQuerySystemInformation | ExpQuerySystemInformation |
| paramcount | 0 | 0 |
address |
140982c1c | 140982d2c |
| sig | undefined KeQuerySpeculationControlInformation(void) | undefined KeQuerySpeculationControlInformation(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- KeQuerySpeculationControlInformation
+++ KeQuerySpeculationControlInformation
@@ -1,144 +1,128 @@
undefined8 KeQuerySpeculationControlInformation(void *param_1,uint param_2,uint *param_3)
{
ulonglong uVar1;
char cVar2;
int iVar3;
uint uVar4;
uint uVar5;
ulonglong uVar6;
ulonglong _Size;
undefined8 local_res20;
_Size = (ulonglong)param_2;
if (param_2 < 4) {
*param_3 = 8;
return 0xc0000004;
}
if (7 < param_2) {
param_2 = 8;
}
*param_3 = param_2;
cVar2 = KiKvaShadow;
uVar1 = KeFeatureBits2;
uVar5 = (uint)(KiSpeculationFeatures >> 0x20);
local_res20._4_4_ = 0;
local_res20._0_4_ = uVar5 >> 4 & 1 ^ uVar5 >> 1 & 2 ^ uVar5 >> 1 & 4;
if (((KiSpeculationFeatures & 0x10) != 0) || ((KiSpeculationFeatures & 0x40) != 0)) {
local_res20._0_4_ = (uint)local_res20 | 8;
}
if ((KiSpeculationFeatures & 4) != 0) {
local_res20._0_4_ = (uint)local_res20 | 0x10;
}
if (((KiSpeculationFeatures >> 0x24 & 1) != 0) && ((KiSpeculationFeatures & 0x2000000000) != 0)) {
local_res20._0_4_ = (uint)local_res20 | 0x2000;
}
uVar5 = (uint)KiSpeculationFeatures;
local_res20._0_4_ =
(uVar5 * 4 & 0x80 | (uint)local_res20 ^ uVar5 * 2 & 0x20 ^ uVar5 & 0x40 | 0x100) ^
(uint)(KiSpeculationFeatures << 2) & 0x200 ^ (uint)(KiSpeculationFeatures >> 0x1c) & 0x400 ^
(uint)(KiSpeculationFeatures >> 0x1c) & 0x800 ^ ~(uint)(KiSpeculationFeatures << 4) & 0x1000
^ (uint)(KiSpeculationFeatures >> 0x1b) & 0x4000 ^
(uint)(KiSpeculationFeatures >> 0x1b) & 0x8000;
uVar5 = (uVar5 & 1 | 0x80) << 0x10 | (uint)(KeFeatureBits2 << 0x13) & 0x1000000 |
(uint)local_res20;
if ((KiKvaShadow == '\0') || (uVar4 = 0x26000000, (KeFeatureBits2 & 8) == 0)) {
uVar4 = 0x24000000;
}
uVar6 = KeFeatureBits2 & 0x8000;
if (((uVar6 == 0) || (KiDisableTsx == 0)) && (KiTsxSupported != 0)) {
if (((KeFeatureBits2 >> 0x10 & 1) == 0) &&
((((byte)KeFeatureBits2 & 0x28) != 8 || (iVar3 = KeKvaShadowingActive(), iVar3 == 0)))) {
if (uVar6 == 0) {
local_res20._0_4_ = uVar5 | uVar4;
}
else {
local_res20._0_4_ = uVar5 | uVar4 | 0x8000000;
}
}
else {
local_res20._0_4_ = uVar5 | uVar4 | 0x10000000;
}
}
else {
local_res20._0_4_ = uVar5 | uVar4 | 0x18000000;
}
if (((uVar1 >> 0x10 & 1) == 0) && (KiTsxSupportedAtBoot != 0)) {
uVar5 = 0;
}
else {
uVar5 = 0x40000000;
}
local_res20._0_4_ = (uint)local_res20 | uVar5;
HvlQueryL1tfMitigationInformation(&local_res20);
uVar5 = ((uint)(uVar1 >> 0x13) ^ local_res20._4_4_) & 7 ^ local_res20._4_4_;
if (cVar2 == '\0') {
LAB_0:
uVar4 = 0x410;
}
else {
iVar3 = KiIsFbClearSupported();
uVar4 = 0x418;
if (iVar3 == 0) goto LAB_0;
}
- if ((KiSpeculationFeatures & 0x8000) == 0) {
+ if ((KiSpeculationFeatures >> 0xf & 1) == 0) {
uVar4 = uVar5 & 0xfffffef7 | uVar4 | 0x200;
}
else if ((((KiSpeculationFeatures & 0x400000000) == 0) &&
((KiSpeculationFeatures & 0x2000000000) == 0)) &&
((KiSpeculationFeatures >> 0x2c & 1) == 0)) {
if (((KiSpeculationFeatures & 0x800000000) == 0) && ((KiSpeculationFeatures >> 0x2d & 1) == 0))
{
uVar4 = uVar5 & 0xfffffff7 | uVar4 | 0x300;
}
else {
uVar4 = uVar5 & 0xfffffcf7 | uVar4;
}
}
else {
uVar4 = uVar5 & 0xfffffdf7 | uVar4 | 0x100;
}
- uVar5 = (uint)(KeFeatureBits2 << 8) & 0x1000;
- if ((KiSpeculationFeatures & 0x40000) == 0) {
- uVar5 = uVar5 | uVar4 & 0xfffeafff | 0xa800;
- }
- else if ((KiSpeculationFeatures >> 0x13 & 1) == 0) {
- uVar5 = uVar5 | uVar4 & 0xfffe2fff | 0x2800;
- }
- else if ((KiSpeculationFeatures >> 0x14 & 1) == 0) {
- if ((KiSpeculationFeatures >> 0x2e & 1) == 0) {
- uVar5 = uVar5 | uVar4 & 0xfffeefff | 0xe800;
- }
- else {
- uVar5 = uVar5 | uVar4 & 0xfffe6fff | 0x6800;
- }
- }
- else {
- uVar5 = uVar5 | uVar4 & 0xffff2fff | 0x12800;
- }
+ uVar5 = ((uint)(KeFeatureBits2 >> 4) & 1) << 0xc;
+ local_res20 = CONCAT44(uVar5 | uVar4 & 0xffffefff,(uint)local_res20);
if ((KiSpeculationFeatures >> 0x15 & 1) == 0) {
- uVar5 = uVar5 & 0xfffbffff | 0xa0000;
+ uVar5 = uVar5 | uVar4 & 0xfffbefff | 0xa0800;
}
else {
if ((((KiSpeculationFeatures & 0x400000000) == 0) &&
((KiSpeculationFeatures & 0x2000000000) == 0)) && ((KiSpeculationFeatures >> 0x2f & 1) == 0)
) {
if (((KiSpeculationFeatures & 0x800000000) == 0) && ((KiSpeculationFeatures >> 0x30 & 1) == 0)
) {
- local_res20 = CONCAT44(uVar5,(uint)local_res20) | 0xe000000000000;
+ local_res20 = local_res20 | 0xe080000000000;
}
else {
- local_res20 = CONCAT44(uVar5,(uint)local_res20) & 0xfff3ffffffffffff | 0x2000000000000;
+ local_res20 = local_res20 & 0xfff3ffffffffffff | 0x2080000000000;
}
goto LAB_1;
}
- uVar5 = uVar5 & 0xfff7ffff | 0x60000;
+ uVar5 = uVar5 | uVar4 & 0xfff7efff | 0x60800;
}
local_res20 = CONCAT44(uVar5,(uint)local_res20);
LAB_1:
memset(param_1,0,_Size);
RtlCopyMemory(param_1,&local_res20,(ulonglong)param_2);
return 0;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.73 |
| i_ratio | 0.93 |
| m_ratio | 0.93 |
| b_ratio | 0.93 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | NtSetCachedSigningLevel2$filt$0 | NtSetCachedSigningLevel2$filt$0 |
| fullname | NtSetCachedSigningLevel2$filt$0 | NtSetCachedSigningLevel2$filt$0 |
| refcount | 2 | 2 |
length |
59 | 45 |
| called | ||
| calling | ||
| paramcount | 0 | 0 |
address |
1409ccec7 | 1409ccf81 |
| sig | undefined NtSetCachedSigningLevel2$filt$0(void) | undefined NtSetCachedSigningLevel2$filt$0(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- NtSetCachedSigningLevel2$filt$0
+++ NtSetCachedSigningLevel2$filt$0
@@ -1,9 +1,8 @@
bool NtSetCachedSigningLevel2_filt_0(undefined8 param_1,longlong param_2)
{
- *(void **)(param_2 + 0x88) = SystemReserved1[15];
- *(undefined *)(param_2 + 0x50) = *(undefined *)(*(longlong *)(param_2 + 0x88) + 0x232);
+ *(undefined *)(param_2 + 0x50) = *(undefined *)((longlong)SystemReserved1[15] + 0x232);
return *(char *)(param_2 + 0x50) != '\0';
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.73 |
| i_ratio | 0.93 |
| m_ratio | 0.93 |
| b_ratio | 0.93 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | NtSetCachedSigningLevel2$filt$1 | NtSetCachedSigningLevel2$filt$1 |
| fullname | NtSetCachedSigningLevel2$filt$1 | NtSetCachedSigningLevel2$filt$1 |
| refcount | 2 | 2 |
length |
57 | 43 |
| called | ||
| calling | ||
| paramcount | 0 | 0 |
address |
1409ccf03 | 1409ccfaf |
| sig | undefined NtSetCachedSigningLevel2$filt$1(void) | undefined NtSetCachedSigningLevel2$filt$1(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- NtSetCachedSigningLevel2$filt$1
+++ NtSetCachedSigningLevel2$filt$1
@@ -1,9 +1,8 @@
bool NtSetCachedSigningLevel2_filt_1(undefined8 param_1,longlong param_2)
{
- *(void **)(param_2 + 0x90) = SystemReserved1[15];
- *(undefined *)(param_2 + 0x51) = *(undefined *)(*(longlong *)(param_2 + 0x90) + 0x232);
+ *(undefined *)(param_2 + 0x51) = *(undefined *)((longlong)SystemReserved1[15] + 0x232);
return *(char *)(param_2 + 0x51) != '\0';
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.57 |
| i_ratio | 0.56 |
| m_ratio | 0.6 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | NtSetInformationKey | NtSetInformationKey |
| fullname | NtSetInformationKey | NtSetInformationKey |
| refcount | 3 | 3 |
length |
1816 | 1793 |
| called | Expand for full list:EtwGetKernelTraceTimestamp |
Expand for full list:EtwGetKernelTraceTimestamp |
| calling | ||
| paramcount | 0 | 0 |
address |
1407aae20 | 1407aa9f0 |
| sig | undefined NtSetInformationKey(void) | undefined NtSetInformationKey(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- NtSetInformationKey
+++ NtSetInformationKey
@@ -1,321 +1,319 @@
/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
void NtSetInformationKey(undefined8 ****param_1,int param_2,undefined *param_3,int param_4)
{
bool bVar1;
bool bVar2;
bool bVar3;
- undefined8 ****ppppuVar4;
- char cVar5;
- int iVar6;
+ bool bVar4;
+ undefined8 ****ppppuVar5;
+ char cVar6;
int iVar7;
+ int iVar8;
undefined *_Size;
- undefined8 *****pppppuVar8;
undefined8 *****pppppuVar9;
+ undefined8 *****pppppuVar10;
undefined auStack_198 [32];
undefined8 local_178;
undefined8 *****local_170;
undefined8 *****local_168;
char local_158;
char local_157;
undefined8 *****local_150;
char local_145;
undefined8 *****local_140;
undefined8 ****local_138;
ulonglong local_130;
- undefined8 local_128;
+ int local_128;
+ undefined local_124 [4];
undefined8 *****local_120;
undefined8 *****local_118;
undefined4 local_110;
undefined local_100 [16];
undefined local_f0 [16];
undefined local_e0 [16];
undefined local_d0 [12];
undefined4 uStack_c4;
undefined local_c0 [12];
undefined4 uStack_b4;
undefined local_b0 [16];
undefined8 local_a0;
undefined8 *****local_98;
int local_90;
undefined4 local_8c;
undefined *local_88;
int local_80;
undefined local_7c [16];
undefined8 local_6c;
undefined4 local_64;
undefined local_60 [16];
undefined local_50 [16];
ulonglong local_40;
local_40 = __security_cookie ^ (ulonglong)auStack_198;
local_100 = ZEXT816(0);
- pppppuVar9 = (undefined8 *****)0x0;
+ pppppuVar10 = (undefined8 *****)0x0;
local_110 = 0;
+ local_130 = 0;
local_60 = ZEXT816(0);
local_50 = ZEXT816(0);
local_140 = (undefined8 *****)0x0;
local_138 = param_1;
- local_128._4_4_ = param_4;
+ local_128 = param_4;
if (CmpTraceRoutine != (code *)0x0) {
EtwGetKernelTraceTimestamp(local_60,0x20000);
}
+ bVar3 = false;
+ bVar4 = false;
local_150 = (undefined8 *****)0x0;
bVar1 = false;
_local_d0 = ZEXT816(0);
_local_c0 = ZEXT816(0);
local_b0 = ZEXT816(0);
local_a0 = 0;
local_118 = &local_120;
local_120 = &local_120;
CmpInitializeThreadInfo(local_100);
- local_128._0_4_ = 0;
+ local_124 = (undefined [4])0x0;
bVar2 = false;
local_f0 = ZEXT816(0);
local_e0 = ZEXT816(0);
local_145 = CmpAcquireShutdownRundown();
- ppppuVar4 = local_138;
+ ppppuVar5 = local_138;
if (local_145 == '\0') {
- iVar6 = -0x3ffffe77;
- pppppuVar8 = pppppuVar9;
+ iVar7 = -0x3ffffe77;
+ pppppuVar9 = pppppuVar10;
}
else {
- cVar5 = *(char *)((longlong)SystemReserved1[15] + 0x232);
- local_157 = cVar5;
+ cVar6 = *(char *)((longlong)SystemReserved1[15] + 0x232);
+ local_157 = cVar6;
if (param_2 == 5) goto LAB_0;
if (param_2 == 0) {
_Size = &DAT_1;
local_158 = '\x01';
}
else {
if (param_2 == 1) {
LAB_2:
local_158 = '\x01';
}
else {
if (param_2 != 2) {
if (param_2 != 3) {
if (param_2 != 4) {
if ((CmpTraceRoutine != (code *)0x0) && (local_138 != (undefined8 ****)0x0)) {
local_138 = (undefined8 ****)0x0;
local_170 = (undefined8 *****)0x0;
local_178 = &local_138;
- iVar6 = ObReferenceObjectByHandle
- (ppppuVar4,0,CmKeyObjectType,
+ iVar7 = ObReferenceObjectByHandle
+ (ppppuVar5,0,CmKeyObjectType,
*(undefined *)((longlong)SystemReserved1[15] + 0x232));
- if (-1 < iVar6) {
- pppppuVar9 = (undefined8 *****)local_138[1];
+ if (-1 < iVar7) {
+ pppppuVar10 = (undefined8 *****)local_138[1];
ObfDereferenceObject();
}
}
- bVar3 = false;
- pppppuVar8 = local_150;
- cVar5 = '\0';
- iVar6 = -0x3ffffffd;
+ pppppuVar9 = local_150;
+ cVar6 = '\0';
+ iVar7 = -0x3ffffffd;
bVar1 = bVar2;
+ bVar3 = bVar4;
goto LAB_3;
}
goto LAB_2;
}
}
LAB_0:
local_158 = '\0';
}
_Size = &DAT_4;
}
- if (param_4 != (int)_Size) {
+ if (local_128 != (int)_Size) {
if ((CmpTraceRoutine != (code *)0x0) && (local_138 != (undefined8 ****)0x0)) {
local_138 = (undefined8 ****)0x0;
local_170 = (undefined8 *****)0x0;
local_178 = &local_138;
- iVar6 = ObReferenceObjectByHandle
- (ppppuVar4,0,CmKeyObjectType,
+ iVar7 = ObReferenceObjectByHandle
+ (ppppuVar5,0,CmKeyObjectType,
*(undefined *)((longlong)SystemReserved1[15] + 0x232));
- if (-1 < iVar6) {
- pppppuVar9 = (undefined8 *****)local_138[1];
+ if (-1 < iVar7) {
+ pppppuVar10 = (undefined8 *****)local_138[1];
ObfDereferenceObject();
}
}
- bVar3 = false;
- pppppuVar8 = local_150;
- cVar5 = '\0';
- iVar6 = -0x3ffffffc;
+ pppppuVar9 = local_150;
+ cVar6 = '\0';
+ iVar7 = -0x3ffffffc;
bVar1 = bVar2;
+ bVar3 = bVar4;
goto LAB_3;
}
- local_130 = 0;
- if ((cVar5 != '\0') &&
+ if ((cVar6 != '\0') &&
((&DAT_5 < _Size + (longlong)param_3 || (_Size + (longlong)param_3 < param_3)))) {
DAT_5 = 0;
}
RtlCopyMemory(&local_130,param_3,(size_t)_Size);
- pppppuVar8 = pppppuVar9;
+ pppppuVar9 = pppppuVar10;
if (param_2 != 5) {
- pppppuVar8 = (undefined8 *****)&DAT_6;
+ pppppuVar9 = (undefined8 *****)&DAT_6;
}
local_150 = (undefined8 *****)0x0;
local_170 = (undefined8 *****)0x0;
local_178 = &local_150;
- iVar6 = ObReferenceObjectByHandle(local_138,pppppuVar8,CmKeyObjectType,cVar5);
- pppppuVar8 = local_150;
- if (iVar6 == -0x3fffffde) {
+ iVar7 = ObReferenceObjectByHandle(local_138,pppppuVar9,CmKeyObjectType,cVar6);
+ pppppuVar9 = local_150;
+ if (iVar7 == -0x3fffffde) {
if (local_158 == '\0') {
- bVar3 = false;
- cVar5 = '\0';
- iVar6 = -0x3fffffde;
+ cVar6 = '\0';
+ iVar7 = -0x3fffffde;
bVar1 = bVar2;
+ bVar3 = bVar4;
goto LAB_3;
}
SeCaptureSubjectContext(local_f0);
bVar2 = true;
- cVar5 = CmDoVirtualTest(local_f0,&local_128);
- if (cVar5 == '\0') {
- bVar3 = false;
- pppppuVar9 = (undefined8 *****)0x0;
- cVar5 = '\0';
- iVar6 = -0x3fffffde;
+ cVar6 = CmDoVirtualTest(local_f0,local_124);
+ if (cVar6 == '\0') {
+ pppppuVar10 = (undefined8 *****)0x0;
+ cVar6 = '\0';
+ iVar7 = -0x3fffffde;
bVar1 = true;
+ bVar3 = bVar4;
goto LAB_3;
}
local_150 = (undefined8 *****)0x0;
local_170 = (undefined8 *****)0x0;
local_178 = &local_150;
- iVar6 = ObReferenceObjectByHandle(local_138,0x20019,CmKeyObjectType,local_157);
- pppppuVar8 = local_150;
- if (iVar6 < 0) goto LAB_7;
- cVar5 = CmKeyBodyNeedsVirtualImage(local_150);
- if (cVar5 == '\0') {
- bVar3 = false;
- pppppuVar9 = (undefined8 *****)0x0;
- cVar5 = '\0';
- iVar6 = -0x3fffffde;
+ iVar7 = ObReferenceObjectByHandle(local_138,0x20019,CmKeyObjectType,local_157);
+ pppppuVar9 = local_150;
+ if (iVar7 < 0) goto LAB_7;
+ cVar6 = CmKeyBodyNeedsVirtualImage(local_150);
+ if (cVar6 == '\0') {
+ pppppuVar10 = (undefined8 *****)0x0;
+ cVar6 = '\0';
+ iVar7 = -0x3fffffde;
bVar1 = bVar2;
+ bVar3 = bVar4;
goto LAB_3;
}
bVar1 = true;
- iVar6 = 0;
+ iVar7 = 0;
}
bVar2 = bVar1;
- if (-1 < iVar6) {
- if ((CmpTraceRoutine != (code *)0x0) && (pppppuVar8 != (undefined8 *****)0x0)) {
- local_140 = (undefined8 *****)pppppuVar8[1];
+ if (-1 < iVar7) {
+ if ((CmpTraceRoutine != (code *)0x0) && (pppppuVar9 != (undefined8 *****)0x0)) {
+ local_140 = (undefined8 *****)pppppuVar9[1];
}
if (param_2 != 5) {
- pppppuVar9 = local_140;
- if ((char)*(undefined4 *)(pppppuVar8[1] + 1) < '\0') {
- bVar3 = false;
- cVar5 = '\0';
- iVar6 = -0x3fffffde;
+ pppppuVar10 = local_140;
+ if ((char)*(undefined4 *)(pppppuVar9[1] + 1) < '\0') {
+ cVar6 = '\0';
+ iVar7 = -0x3fffffde;
goto LAB_3;
}
- if ((*(uint *)(pppppuVar8[1][4] + 0x14) & 0x100000) != 0) {
- bVar3 = false;
- cVar5 = '\0';
- iVar6 = -0x3fffffde;
+ if ((*(uint *)(pppppuVar9[1][4] + 0x14) & 0x100000) != 0) {
+ cVar6 = '\0';
+ iVar7 = -0x3fffffde;
goto LAB_3;
}
}
*(short *)((longlong)SystemReserved1[15] + 0x1e4) =
*(short *)((longlong)SystemReserved1[15] + 0x1e4) + -1;
local_158 = '\x01';
- if ((CmpCallBackCount == 0) ||
- (iVar7 = CmpIsRegistryLockAcquired(), pppppuVar8 = local_150, iVar7 != 0)) {
- bVar3 = false;
- pppppuVar8 = local_150;
- }
- else {
+ pppppuVar9 = local_150;
+ if ((CmpCallBackCount != 0) &&
+ (iVar8 = CmpIsRegistryLockAcquired(), pppppuVar9 = local_150, iVar8 == 0)) {
local_d0._8_4_ = param_2;
local_d0._0_8_ = local_150;
- local_c0._8_4_ = local_128._4_4_;
- local_c0._0_8_ = param_3;
+ local_c0._8_4_ = local_128;
+ local_c0._0_8_ = &local_130;
local_168 = &local_120;
local_170 = local_150;
local_178 = (undefined8 *****)CONCAT44(local_178._4_4_,0x12);
- iVar6 = CmpCallCallBacksEx(3,local_d0,0,1);
- if (iVar6 < 0) {
- if (iVar6 == -0x3ffffafd) {
- iVar6 = 0;
+ iVar7 = CmpCallCallBacksEx(3,local_d0,0,1);
+ if (iVar7 < 0) {
+ pppppuVar10 = local_140;
+ cVar6 = local_158;
+ if (iVar7 == -0x3ffffafd) {
+ iVar7 = 0;
}
- bVar3 = false;
- pppppuVar9 = local_140;
- cVar5 = local_158;
goto LAB_3;
}
bVar3 = true;
}
if (bVar1) {
- local_178 = (undefined8 *****)&local_128;
- iVar6 = CmKeyBodyReplicateToVirtual(&local_150,local_157,2,local_f0);
- pppppuVar8 = local_150;
- pppppuVar9 = local_140;
- cVar5 = local_158;
- if (iVar6 < 0) goto LAB_3;
- }
- pppppuVar9 = local_140;
- cVar5 = local_158;
+ local_178 = (undefined8 *****)local_124;
+ iVar7 = CmKeyBodyReplicateToVirtual(&local_150,local_157,2,local_f0);
+ pppppuVar9 = local_150;
+ pppppuVar10 = local_140;
+ cVar6 = local_158;
+ if (iVar7 < 0) goto LAB_3;
+ }
+ pppppuVar10 = local_140;
+ cVar6 = local_158;
if (param_2 == 5) {
- *(undefined2 *)((longlong)pppppuVar8 + 0x32) = (undefined2)local_130;
- iVar6 = 0;
+ *(undefined2 *)((longlong)pppppuVar9 + 0x32) = (undefined2)local_130;
+ iVar7 = 0;
}
else if (param_2 == 0) {
- iVar6 = CmSetLastWriteTimeKey(pppppuVar8,&local_130);
- pppppuVar9 = local_140;
- cVar5 = local_158;
+ iVar7 = CmSetLastWriteTimeKey(pppppuVar9,&local_130);
+ pppppuVar10 = local_140;
+ cVar6 = local_158;
}
else {
if ((param_2 != 1) && (param_2 != 2)) {
if ((param_2 != 3) && (param_2 != 4)) goto LAB_3;
}
- iVar6 = CmSetKeyFlags(pppppuVar8,param_2,local_130 & 0xffffffff);
- pppppuVar9 = local_140;
- cVar5 = local_158;
+ iVar7 = CmSetKeyFlags(pppppuVar9,param_2,local_130 & 0xffffffff);
+ pppppuVar10 = local_140;
+ cVar6 = local_158;
}
goto LAB_3;
}
}
LAB_7:
- bVar3 = false;
- cVar5 = '\0';
+ cVar6 = '\0';
bVar1 = bVar2;
+ bVar3 = bVar4;
LAB_3:
if (bVar1) {
SeReleaseSubjectContext(local_f0);
}
- if ((((bVar3) && (CmpCallBackCount != 0)) && (iVar7 = CmpIsRegistryLockAcquired(), iVar7 == 0)) &&
+ if ((((bVar3) && (CmpCallBackCount != 0)) && (iVar8 = CmpIsRegistryLockAcquired(), iVar8 == 0)) &&
((undefined8 ******)local_120 != &local_120)) {
local_8c = 0;
local_7c = ZEXT816(0);
local_6c = 0;
local_64 = 0;
local_88 = local_d0;
local_168 = &local_120;
local_178 = (undefined8 *****)CONCAT44(local_178._4_4_,0x12);
- local_170 = pppppuVar8;
- local_98 = pppppuVar8;
- local_90 = iVar6;
- local_80 = iVar6;
+ local_170 = pppppuVar9;
+ local_98 = pppppuVar9;
+ local_90 = iVar7;
+ local_80 = iVar7;
CmpCallCallBacksEx(0x12,&local_98,0);
- iVar6 = local_80;
- }
- if (cVar5 != '\0') {
+ iVar7 = local_80;
+ }
+ if (cVar6 != '\0') {
KiLeaveCriticalRegionUnsafe(SystemReserved1[15]);
- pppppuVar8 = local_150;
- }
- if (pppppuVar8 != (undefined8 *****)0x0) {
- ObfDereferenceObject(pppppuVar8);
+ pppppuVar9 = local_150;
+ }
+ if (pppppuVar9 != (undefined8 *****)0x0) {
+ ObfDereferenceObject(pppppuVar9);
}
if (CmpTraceRoutine != (code *)0x0) {
local_170 = (undefined8 *****)0x0;
- local_178 = pppppuVar9;
- (*CmpTraceRoutine)(0x14,local_60,iVar6,0);
+ local_178 = pppppuVar10;
+ (*CmpTraceRoutine)(0x14,local_60,iVar7,0);
}
if (local_145 != '\0') {
CmpReleaseShutdownRundown();
}
CmCleanupThreadInfo(local_100);
__security_check_cookie(local_40 ^ (ulonglong)auStack_198);
return;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.28 |
| i_ratio | 0.83 |
| m_ratio | 0.99 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | XpressBuildHuffmanDecodingTable | XpressBuildHuffmanDecodingTable |
| fullname | XpressBuildHuffmanDecodingTable | XpressBuildHuffmanDecodingTable |
| refcount | 4 | 4 |
length |
1165 | 1149 |
| called | ||
| calling | RtlDecompressBufferXpressHuff RtlDecompressBufferXpressHuffProgress |
RtlDecompressBufferXpressHuff RtlDecompressBufferXpressHuffProgress |
| paramcount | 0 | 0 |
address |
140318840 | 140318ac0 |
| sig | undefined XpressBuildHuffmanDecodingTable(void) | undefined XpressBuildHuffmanDecodingTable(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- XpressBuildHuffmanDecodingTable
+++ XpressBuildHuffmanDecodingTable
@@ -1,231 +1,225 @@
-uint * XpressBuildHuffmanDecodingTable(longlong param_1,longlong param_2)
+undefined8 XpressBuildHuffmanDecodingTable(longlong param_1,longlong param_2)
{
ushort uVar1;
code *pcVar2;
short sVar3;
ushort *puVar4;
- uint *puVar5;
+ undefined8 uVar5;
short *psVar6;
- byte bVar7;
+ ulonglong uVar7;
ulonglong uVar8;
- ulonglong uVar9;
- longlong lVar10;
- ulonglong uVar11;
- ushort uVar12;
- short sVar14;
- longlong lVar15;
- undefined2 *puVar16;
- longlong lVar17;
- ushort *puVar18;
- ulonglong uVar13;
+ longlong lVar9;
+ ulonglong uVar10;
+ ushort uVar11;
+ short sVar13;
+ longlong lVar14;
+ undefined2 *puVar15;
+ longlong lVar16;
+ ushort *puVar17;
+ ulonglong uVar12;
- uVar13 = 0;
+ uVar12 = 0;
*(undefined4 *)(param_1 + 0x400) = 0x2000200;
*(undefined4 *)(param_1 + 0x404) = 0x2000200;
*(undefined4 *)(param_1 + 0x408) = 0x2000200;
*(undefined4 *)(param_1 + 0x40c) = 0x2000200;
*(undefined4 *)(param_1 + 0x410) = 0x2000200;
*(undefined4 *)(param_1 + 0x414) = 0x2000200;
*(undefined4 *)(param_1 + 0x418) = 0x2000200;
*(undefined4 *)(param_1 + 0x41c) = 0x2000200;
- uVar11 = uVar13;
+ uVar10 = uVar12;
do {
- uVar8 = (ulonglong)(*(byte *)(param_2 + uVar11) & 0xf);
- if ((*(byte *)(param_2 + uVar11) & 0xf) != 0) {
- *(undefined2 *)(param_1 + uVar11 * 4) = *(undefined2 *)(param_1 + 0x400 + uVar8 * 2);
- *(short *)(param_1 + 0x400 + uVar8 * 2) = (short)uVar11 * 2;
- }
- uVar8 = (ulonglong)(*(byte *)(param_2 + uVar11) >> 4);
- if (uVar8 != 0) {
- *(undefined2 *)(param_1 + 2 + uVar11 * 4) = *(undefined2 *)(param_1 + 0x400 + uVar8 * 2);
- *(short *)(param_1 + 0x400 + uVar8 * 2) = (short)uVar11 * 2 + 1;
- }
- uVar11 = uVar11 + 1;
- } while (uVar11 < 0x100);
+ uVar7 = (ulonglong)(*(byte *)(param_2 + uVar10) & 0xf);
+ if ((*(byte *)(param_2 + uVar10) & 0xf) != 0) {
+ *(undefined2 *)(param_1 + uVar10 * 4) = *(undefined2 *)(param_1 + 0x400 + uVar7 * 2);
+ *(short *)(param_1 + 0x400 + uVar7 * 2) = (short)uVar10 * 2;
+ }
+ uVar7 = (ulonglong)(*(byte *)(param_2 + uVar10) >> 4);
+ if (uVar7 != 0) {
+ *(undefined2 *)(param_1 + 2 + uVar10 * 4) = *(undefined2 *)(param_1 + 0x400 + uVar7 * 2);
+ *(short *)(param_1 + 0x400 + uVar7 * 2) = (short)uVar10 * 2 + 1;
+ }
+ uVar10 = uVar10 + 1;
+ } while (uVar10 < 0x100);
sVar3 = -0x400;
- puVar18 = (ushort *)(param_1 + 0x41e);
- sVar14 = -0x3ff;
- lVar17 = 0x400;
- uVar11 = 0xf;
+ puVar17 = (ushort *)(param_1 + 0x41e);
+ sVar13 = -0x3ff;
+ lVar16 = 0x400;
+ uVar10 = 0xf;
do {
- if (sVar14 < sVar3) {
- psVar6 = (short *)(param_1 + 0xc20 + lVar17 * 2);
- lVar17 = lVar17 - (ulonglong)(ushort)(((ushort)((sVar3 - sVar14) - 1U) >> 1) + 1);
+ if (sVar13 < sVar3) {
+ psVar6 = (short *)(param_1 + 0xc20 + lVar16 * 2);
+ lVar16 = lVar16 - (ulonglong)(ushort)(((ushort)((sVar3 - sVar13) - 1U) >> 1) + 1);
do {
- *psVar6 = sVar14;
+ *psVar6 = sVar13;
psVar6 = psVar6 + -1;
- sVar14 = sVar14 + 2;
- } while (sVar14 < sVar3);
- }
- if (sVar14 == sVar3) goto LAB_0;
- sVar14 = sVar3 + 1;
- uVar8 = (ulonglong)*puVar18;
- if (uVar8 != 0x200) {
- psVar6 = (short *)(param_1 + 0xc20 + lVar17 * 2);
+ sVar13 = sVar13 + 2;
+ } while (sVar13 < sVar3);
+ }
+ if (sVar13 == sVar3) goto LAB_0;
+ sVar13 = sVar3 + 1;
+ uVar7 = (ulonglong)*puVar17;
+ if (uVar7 != 0x200) {
+ psVar6 = (short *)(param_1 + 0xc20 + lVar16 * 2);
do {
- lVar17 = lVar17 + -1;
- *psVar6 = (short)uVar8 * 0x10 + (short)uVar11;
- uVar8 = (ulonglong)*(ushort *)(param_1 + uVar8 * 2);
+ lVar16 = lVar16 + -1;
+ *psVar6 = (short)uVar7 * 0x10 + (short)uVar10;
+ uVar7 = (ulonglong)*(ushort *)(param_1 + uVar7 * 2);
psVar6 = psVar6 + -1;
- } while (uVar8 != 0x200);
- }
- uVar11 = uVar11 - 1;
- sVar3 = -(short)lVar17;
- puVar18 = puVar18 + -1;
- } while (10 < uVar11);
- uVar11 = 0x3ff;
- if (SBORROW2(sVar14,sVar3) != (short)(sVar14 + (short)lVar17) < 0) {
+ } while (uVar7 != 0x200);
+ }
+ uVar10 = uVar10 - 1;
+ sVar3 = -(short)lVar16;
+ puVar17 = puVar17 + -1;
+ } while (10 < uVar10);
+ uVar10 = 0x3ff;
+ if (SBORROW2(sVar13,sVar3) != (short)(sVar13 + (short)lVar16) < 0) {
psVar6 = (short *)(param_1 + 0xc1e);
- uVar11 = 0x3ff - (ulonglong)(ushort)(((ushort)((sVar3 - sVar14) - 1U) >> 1) + 1);
+ uVar10 = 0x3ff - (ulonglong)(ushort)(((ushort)((sVar3 - sVar13) - 1U) >> 1) + 1);
do {
- *psVar6 = sVar14;
+ *psVar6 = sVar13;
psVar6 = psVar6 + -1;
- sVar14 = sVar14 + 2;
- } while (sVar14 < sVar3);
+ sVar13 = sVar13 + 2;
+ } while (sVar13 < sVar3);
}
- if (sVar14 == sVar3) {
+ if (sVar13 == sVar3) {
LAB_0:
- puVar5 = (uint *)0xc0000242;
+ uVar5 = 0xc0000242;
}
else {
- puVar18 = (ushort *)(param_1 + 0x414);
- lVar17 = 10;
- uVar8 = uVar13;
+ puVar17 = (ushort *)(param_1 + 0x414);
+ lVar16 = 10;
+ uVar7 = uVar12;
do {
- uVar1 = *puVar18;
+ uVar1 = *puVar17;
while( true ) {
if ((ulonglong)uVar1 == 0x200) break;
- uVar12 = uVar1 * 0x10 + (short)lVar17;
- uVar13 = (ulonglong)uVar12;
- if ((int)uVar8 != 0) goto LAB_0;
- uVar9 = 10 - lVar17;
- if (0x400 < uVar11 + 1 << ((byte)uVar9 & 0x3f)) goto LAB_0;
- lVar15 = uVar11 << ((byte)uVar9 & 0x3f);
- if (9 < (uint)uVar9) {
- bVar7 = 0x25;
+ uVar11 = uVar1 * 0x10 + (short)lVar16;
+ uVar12 = (ulonglong)uVar11;
+ if ((int)uVar7 != 0) goto LAB_0;
+ uVar8 = 10 - lVar16;
+ if (0x400 < uVar10 + 1 << ((byte)uVar8 & 0x3f)) goto LAB_0;
+ lVar14 = uVar10 << ((byte)uVar8 & 0x3f);
+ if (9 < (uint)uVar8) {
pcVar2 = (code *)swi(0x29);
- puVar5 = (uint *)(*pcVar2)();
- *(char *)(lVar17 + -0x76) = *(char *)(lVar17 + -0x76) + (char)puVar5;
- *puVar5 = *puVar5 ^ (uint)puVar5;
- *(byte *)(lVar17 + -0x7559ffcf) = *(byte *)(lVar17 + -0x7559ffcf) ^ bVar7;
- *puVar5 = *puVar5 ^ (uint)puVar5;
- return puVar5;
+ uVar5 = (*pcVar2)(0x25);
+ return uVar5;
}
- switch(uVar9 & 0xffffffff) {
+ switch(uVar8 & 0xffffffff) {
case 3:
- *(ushort *)(param_1 + 0x42e + lVar15 * 2) = uVar12;
- *(ushort *)(param_1 + 0x42c + lVar15 * 2) = uVar12;
- *(ushort *)(param_1 + 0x42a + lVar15 * 2) = uVar12;
- *(ushort *)(param_1 + 0x428 + lVar15 * 2) = uVar12;
+ *(ushort *)(param_1 + 0x42e + lVar14 * 2) = uVar11;
+ *(ushort *)(param_1 + 0x42c + lVar14 * 2) = uVar11;
+ *(ushort *)(param_1 + 0x42a + lVar14 * 2) = uVar11;
+ *(ushort *)(param_1 + 0x428 + lVar14 * 2) = uVar11;
case 2:
- *(ushort *)(param_1 + 0x426 + lVar15 * 2) = uVar12;
- *(ushort *)(param_1 + 0x424 + lVar15 * 2) = uVar12;
+ *(ushort *)(param_1 + 0x426 + lVar14 * 2) = uVar11;
+ *(ushort *)(param_1 + 0x424 + lVar14 * 2) = uVar11;
case 1:
- *(ushort *)(param_1 + 0x422 + lVar15 * 2) = uVar12;
+ *(ushort *)(param_1 + 0x422 + lVar14 * 2) = uVar11;
case 0:
- *(ushort *)(param_1 + 0x420 + lVar15 * 2) = uVar12;
+ *(ushort *)(param_1 + 0x420 + lVar14 * 2) = uVar11;
break;
case 4:
- lVar10 = 4;
- puVar4 = (ushort *)(param_1 + 0x422 + lVar15 * 2);
- do {
- puVar4[-1] = uVar12;
- *puVar4 = uVar12;
- puVar4[1] = uVar12;
- puVar4[2] = uVar12;
- puVar4 = puVar4 + 4;
- lVar10 = lVar10 + -1;
- } while (lVar10 != 0);
+ lVar9 = 4;
+ puVar4 = (ushort *)(param_1 + 0x422 + lVar14 * 2);
+ do {
+ puVar4[-1] = uVar11;
+ *puVar4 = uVar11;
+ puVar4[1] = uVar11;
+ puVar4[2] = uVar11;
+ puVar4 = puVar4 + 4;
+ lVar9 = lVar9 + -1;
+ } while (lVar9 != 0);
break;
case 5:
- lVar10 = 8;
- puVar4 = (ushort *)(param_1 + 0x422 + lVar15 * 2);
- do {
- puVar4[-1] = uVar12;
- *puVar4 = uVar12;
- puVar4[1] = uVar12;
- puVar4[2] = uVar12;
- puVar4 = puVar4 + 4;
- lVar10 = lVar10 + -1;
- } while (lVar10 != 0);
+ lVar9 = 8;
+ puVar4 = (ushort *)(param_1 + 0x422 + lVar14 * 2);
+ do {
+ puVar4[-1] = uVar11;
+ *puVar4 = uVar11;
+ puVar4[1] = uVar11;
+ puVar4[2] = uVar11;
+ puVar4 = puVar4 + 4;
+ lVar9 = lVar9 + -1;
+ } while (lVar9 != 0);
break;
case 6:
- lVar10 = 0x10;
- puVar4 = (ushort *)(param_1 + 0x422 + lVar15 * 2);
- do {
- puVar4[-1] = uVar12;
- *puVar4 = uVar12;
- puVar4[1] = uVar12;
- puVar4[2] = uVar12;
- puVar4 = puVar4 + 4;
- lVar10 = lVar10 + -1;
- } while (lVar10 != 0);
+ lVar9 = 0x10;
+ puVar4 = (ushort *)(param_1 + 0x422 + lVar14 * 2);
+ do {
+ puVar4[-1] = uVar11;
+ *puVar4 = uVar11;
+ puVar4[1] = uVar11;
+ puVar4[2] = uVar11;
+ puVar4 = puVar4 + 4;
+ lVar9 = lVar9 + -1;
+ } while (lVar9 != 0);
break;
case 7:
- lVar10 = 0x20;
- puVar4 = (ushort *)(param_1 + 0x422 + lVar15 * 2);
- do {
- puVar4[-1] = uVar12;
- *puVar4 = uVar12;
- puVar4[1] = uVar12;
- puVar4[2] = uVar12;
- puVar4 = puVar4 + 4;
- lVar10 = lVar10 + -1;
- } while (lVar10 != 0);
+ lVar9 = 0x20;
+ puVar4 = (ushort *)(param_1 + 0x422 + lVar14 * 2);
+ do {
+ puVar4[-1] = uVar11;
+ *puVar4 = uVar11;
+ puVar4[1] = uVar11;
+ puVar4[2] = uVar11;
+ puVar4 = puVar4 + 4;
+ lVar9 = lVar9 + -1;
+ } while (lVar9 != 0);
break;
case 8:
- lVar10 = 0x40;
- puVar4 = (ushort *)(param_1 + 0x422 + lVar15 * 2);
- do {
- puVar4[-1] = uVar12;
- *puVar4 = uVar12;
- puVar4[1] = uVar12;
- puVar4[2] = uVar12;
- puVar4 = puVar4 + 4;
- lVar10 = lVar10 + -1;
- } while (lVar10 != 0);
+ lVar9 = 0x40;
+ puVar4 = (ushort *)(param_1 + 0x422 + lVar14 * 2);
+ do {
+ puVar4[-1] = uVar11;
+ *puVar4 = uVar11;
+ puVar4[1] = uVar11;
+ puVar4[2] = uVar11;
+ puVar4 = puVar4 + 4;
+ lVar9 = lVar9 + -1;
+ } while (lVar9 != 0);
break;
case 9:
- lVar10 = 0x80;
- puVar4 = (ushort *)(param_1 + 0x422 + lVar15 * 2);
- do {
- puVar4[-1] = uVar12;
- *puVar4 = uVar12;
- puVar4[1] = uVar12;
- puVar4[2] = uVar12;
- puVar4 = puVar4 + 4;
- lVar10 = lVar10 + -1;
- } while (lVar10 != 0);
+ lVar9 = 0x80;
+ puVar4 = (ushort *)(param_1 + 0x422 + lVar14 * 2);
+ do {
+ puVar4[-1] = uVar11;
+ *puVar4 = uVar11;
+ puVar4[1] = uVar11;
+ puVar4[2] = uVar11;
+ puVar4 = puVar4 + 4;
+ lVar9 = lVar9 + -1;
+ } while (lVar9 != 0);
}
- if (uVar11 == 0) {
- uVar8 = 1;
+ if (uVar10 == 0) {
+ uVar7 = 1;
}
uVar1 = *(ushort *)(param_1 + (ulonglong)uVar1 * 2);
- uVar11 = uVar11 - 1;
+ uVar10 = uVar10 - 1;
}
- uVar11 = uVar11 >> 1;
- puVar18 = puVar18 + -1;
- lVar17 = lVar17 + -1;
- } while (lVar17 != 0);
- if ((int)uVar8 == 0) {
- uVar11 = 2;
+ uVar10 = uVar10 >> 1;
+ puVar17 = puVar17 + -1;
+ lVar16 = lVar16 + -1;
+ } while (lVar16 != 0);
+ if ((int)uVar7 == 0) {
+ uVar10 = 2;
psVar6 = (short *)(param_1 + 0x404);
do {
if (*psVar6 != 0x200) goto LAB_0;
- uVar11 = uVar11 + 1;
+ uVar10 = uVar10 + 1;
psVar6 = psVar6 + 1;
- } while (uVar11 < 0x10);
+ } while (uVar10 < 0x10);
if (*(short *)(param_1 + 0x402) == 0x200) goto LAB_0;
- puVar16 = (undefined2 *)(param_1 + 0x420);
- for (lVar17 = 0x200; lVar17 != 0; lVar17 = lVar17 + -1) {
- *puVar16 = (short)uVar13;
- puVar16 = puVar16 + 1;
+ puVar15 = (undefined2 *)(param_1 + 0x420);
+ for (lVar16 = 0x200; lVar16 != 0; lVar16 = lVar16 + -1) {
+ *puVar15 = (short)uVar12;
+ puVar15 = puVar15 + 1;
}
}
- puVar5 = (uint *)0x0;
+ uVar5 = 0;
}
- return puVar5;
+ return uVar5;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.96 |
| i_ratio | 0.52 |
| m_ratio | 0.99 |
| b_ratio | 0.97 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | KiOptimizeSpecCtrlSettingsWorker | KiOptimizeSpecCtrlSettingsWorker |
| fullname | KiOptimizeSpecCtrlSettingsWorker | KiOptimizeSpecCtrlSettingsWorker |
| refcount | 3 | 3 |
length |
2034 | 1999 |
called |
Expand for full list:KiIsSrsoMitigationSupported |
Expand for full list:KiIsSrsoMitigationSupported |
| calling | KeOptimizeSpecCtrlSettings | KeOptimizeSpecCtrlSettings |
| paramcount | 0 | 0 |
address |
1403e4950 | 1403e48a0 |
| sig | undefined KiOptimizeSpecCtrlSettingsWorker(void) | undefined KiOptimizeSpecCtrlSettingsWorker(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- KiOptimizeSpecCtrlSettingsWorker called
+++ KiOptimizeSpecCtrlSettingsWorker called
@@ -13 +12,0 @@
-KiSetMicrocodeUpdateOptions--- KiOptimizeSpecCtrlSettingsWorker
+++ KiOptimizeSpecCtrlSettingsWorker
@@ -1,337 +1,331 @@
/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
undefined8 KiOptimizeSpecCtrlSettingsWorker(uint *param_1)
{
longlong lVar1;
byte bVar2;
void *pvVar3;
char cVar4;
uint uVar5;
undefined8 uVar6;
int iVar7;
byte *pbVar8;
ulonglong uVar9;
uint uVar10;
uint uVar11;
int iVar12;
ulonglong uVar13;
undefined local_res8 [8];
undefined4 local_res10 [2];
undefined4 local_res18 [2];
int iStackX_20;
undefined4 auStack_48 [6];
pvVar3 = FiberData;
if ((*(ulonglong *)((longlong)FiberData + 0x8860) &
*(ulonglong *)((longlong)FiberData + 0x8860) - 1) != 0) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 2;
UNLOCK();
}
if ((HvlHypervisorConnected != '\0') && (cVar4 = HvlIsCoreSharingPossible(), cVar4 != '\0')) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 2;
UNLOCK();
}
if ((char)KiFeatureSettings < '\0') {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x10000000000;
UNLOCK();
}
if (*(char *)((longlong)pvVar3 + 0x8d) == '\x01') {
KiDetectAmdNonArchSsbdSupport(pvVar3);
}
uVar13 = 0x4000000000;
if (((char)KiSpeculationFeatures < '\0') && ((KiSpeculationFeatures >> 8 & 1) == 0)) {
if ((KiFeatureSettings & 8) == 0) {
if ((KiFeatureSettings & 0x10) != 0) {
if (KiSsbdMsr != 0x48) goto LAB_0;
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x8000000000;
UNLOCK();
}
}
else {
LAB_0:
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x4000000000;
UNLOCK();
}
}
uVar9 = 0x800000000;
if ((KiSpeculationFeatures & 4) == 0) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x800000000;
UNLOCK();
}
if ((KiFeatureSettings & 4) == 0) {
if ((KiFeatureSettings & 1) != 0) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x400000000;
UNLOCK();
if ((((HvlHypervisorConnected != '\0') && ((HvlpFlags & 2) != 0)) &&
(cVar4 = HvlIsCoreSharingPossible(), cVar4 != '\0')) &&
((KiSpeculationFeatures & 0x40) != 0)) {
*(undefined *)((longlong)pvVar3 + 0xfb) = 2;
*(undefined *)((longlong)pvVar3 + 0xfd) = 2;
*(undefined *)((longlong)pvVar3 + 0x6d0) = 2;
}
}
}
else {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x400000000;
UNLOCK();
}
- if ((KiFeatureSettings & 0x2000000) != 0) {
- LOCK();
- KiSpeculationFeatures = KiSpeculationFeatures | 0x400000000000;
- UNLOCK();
- }
if (param_1 != (uint *)0x0) {
LOCK();
uVar5 = *param_1;
*param_1 = *param_1 - 1;
UNLOCK();
uVar10 = ~(uVar5 - 1) & 0x80000000;
if ((uVar5 - 1 & 0x7fffffff) == 0) {
*param_1 = uVar10 | param_1[1];
}
else {
local_res10[0] = 0;
if ((*param_1 & 0x80000000) != uVar10) {
do {
KeYieldProcessorEx(local_res10);
} while ((*param_1 & 0x80000000) != uVar10);
uVar9 = 0x800000000;
uVar13 = 0x4000000000;
}
}
}
uVar5 = 0x80000000;
if (((KiSpeculationFeatures & 0x400000000) != 0) || ((uVar9 & KiSpeculationFeatures) != 0)) {
if ((KiSpeculationFeatures & 0x8000000000) != 0) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | uVar13;
UNLOCK();
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures & 0xffffff7fffffffff;
UNLOCK();
}
if ((uVar13 & KiSpeculationFeatures) != 0) {
local_res8[0] = *(undefined *)((longlong)pvVar3 + 0xfb);
KiAddSpecCtrlSsbdBit(local_res8);
*(undefined *)((longlong)pvVar3 + 0xfb) = local_res8[0];
*(undefined *)((longlong)pvVar3 + 0xfd) = local_res8[0];
}
goto LAB_1;
}
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x1000000000;
UNLOCK();
*(byte *)((longlong)pvVar3 + 0xf9) = *(byte *)((longlong)pvVar3 + 0xf9) | 2;
if ((KiSpeculationFeatures & 1) == 0) {
pbVar8 = (byte *)((longlong)pvVar3 + 0xfc);
}
else {
local_res8[0] = 1;
if ((KiSpeculationFeatures & 0x4000) != 0) {
local_res8[0] = 3;
}
*(undefined *)((longlong)pvVar3 + 0xfb) = local_res8[0];
*(undefined *)((longlong)pvVar3 + 0xfd) = local_res8[0];
*(undefined *)((longlong)pvVar3 + 0x6d0) = local_res8[0];
if (((uVar13 & KiSpeculationFeatures) != 0) ||
(uVar5 = 0x80000000, (KiSpeculationFeatures & 0x8000000000) != 0)) {
local_res8[0] = *(undefined *)((longlong)pvVar3 + 0xfb);
uVar5 = 0x80000000;
KiAddSpecCtrlSsbdBit(local_res8);
*(undefined *)((longlong)pvVar3 + 0xfb) = local_res8[0];
*(undefined *)((longlong)pvVar3 + 0xfd) = local_res8[0];
*(undefined *)((longlong)pvVar3 + 0x6d0) = local_res8[0];
}
pbVar8 = (byte *)((longlong)pvVar3 + 0xfc);
*pbVar8 = 1;
if (((uVar13 & KiSpeculationFeatures) != 0) || ((KiSpeculationFeatures & 0x8000000000) != 0)) {
KiAddSpecCtrlSsbdBit();
}
if ((KiSpeculationFeatures & 0x4000) != 0) {
*pbVar8 = *pbVar8 | 2;
}
if ((KiSpeculationFeatures >> 0xd & 1) != 0) {
*pbVar8 = *pbVar8 | 0x80;
}
if ((KiSpeculationFeatures & 0x8000000000) == 0) goto LAB_1;
}
if ((KiSpeculationFeatures & 0x10) == 0) {
if (((KiSpeculationFeatures & 0x40) != 0) && ((KiSpeculationFeatures & 2) != 0)) {
*pbVar8 = 2;
}
}
else {
*pbVar8 = 1;
}
if ((KiSpeculationFeatures & 0x4000) != 0) {
*pbVar8 = *pbVar8 | 2;
}
if ((KiSpeculationFeatures >> 0xd & 1) != 0) {
*pbVar8 = *pbVar8 | 0x80;
}
if (((uVar13 & KiSpeculationFeatures) != 0) || ((KiSpeculationFeatures & 0x8000000000) != 0)) {
KiAddSpecCtrlSsbdBit();
}
if ((KiSpeculationFeatures & 1) != 0) goto LAB_1;
if (param_1 != (uint *)0x0) {
LOCK();
uVar10 = *param_1;
*param_1 = *param_1 - 1;
UNLOCK();
uVar11 = ~(uVar10 - 1) & uVar5;
if ((uVar10 - 1 & 0x7fffffff) == 0) {
*param_1 = uVar11 | param_1[1];
}
else {
local_res18[0] = 0;
uVar5 = *param_1 & uVar5;
while (uVar5 != uVar11) {
KeYieldProcessorEx(local_res18);
uVar5 = *param_1 & 0x80000000;
}
}
}
if ((KiSpeculationFeatures >> 0x29 & 1) != 0) {
*(byte *)((longlong)pvVar3 + 0x6d3) = *(byte *)((longlong)pvVar3 + 0x6d3) | 4;
KeExitRetpoline();
}
if (((((KiSpeculationFeatures & 2) != 0) && ((KiSpeculationFeatures & 0x4000) == 0)) &&
(HvlHypervisorConnected == '\0')) &&
(((KiSpeculationFeatures & 0x10) != 0 || ((KiSpeculationFeatures & 0x40) != 0)))) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x200000000;
UNLOCK();
*(byte *)((longlong)pvVar3 + 0xf9) = *(byte *)((longlong)pvVar3 + 0xf9) | 1;
}
iVar12 = 0;
iVar7 = 0;
if (((((KiSpeculationFeatures & 2) != 0) && ((KiSpeculationFeatures & 0x40) != 0)) &&
(((KiSpeculationFeatures & 0x10) != 0 &&
(((iVar7 = iVar12, (KiSpeculationFeatures & 0x4000) == 0 &&
((KiSpeculationFeatures & 0x10000000000) == 0)) &&
(uVar13 = *(ulonglong *)((longlong)pvVar3 + 0x8860),
uVar9 = uVar13 - (uVar13 >> 1 & 0x5555555555555555),
uVar9 = (uVar9 >> 2 & 0x3333333333333333) + (uVar9 & 0x3333333333333333),
(char)(((uVar9 >> 4) + uVar9 & 0xf0f0f0f0f0f0f0f) * 0x101010101010101 >> 0x38) == '\x02'))))
)) && (((HvlHypervisorConnected == '\0' ||
(iVar7 = 0, cVar4 = HvlIsCoreSharingPossible(), cVar4 == '\0')) ||
(((HvlpFlags & 2) != 0 && (cVar4 = HvlIsStibpPairingRecommended(), cVar4 != '\0'))))))
{
iVar7 = *(byte *)((longlong)pvVar3 + 0xd1) + 1;
bVar2 = (byte)iVar7 & 0x3f;
uVar13 = uVar13 >> bVar2 | uVar13 << 0x40 - bVar2;
lVar1 = 0;
if (uVar13 != 0) {
for (; (uVar13 >> lVar1 & 1) == 0; lVar1 = lVar1 + 1) {
}
}
iStackX_20 = (int)lVar1;
uVar6 = KeGetPrcb(*(undefined4 *)
(&KiProcessorNumberToIndexMappingTable +
(ulonglong)
((uint)*(byte *)((longlong)pvVar3 + 0xd0) * 0x40 +
(iVar7 + iStackX_20 & 0x3fU)) * 4));
*(undefined8 *)((longlong)pvVar3 + 0x2db0) = uVar6;
*(undefined2 *)((longlong)pvVar3 + 0xfe) = 6;
iVar7 = 1;
}
if (((((KiFeatureSettings & 0x20) != 0) && ((KiSpeculationFeatures & 2) != 0)) &&
((KiSpeculationFeatures & 0x40) != 0)) ||
((((((KiSpeculationFeatures & 2) != 0 && ((KiSpeculationFeatures & 0x40) != 0)) && (iVar7 == 0)
) && (((KiSpeculationFeatures & 0x10000000000) == 0 && (HvlHypervisorConnected != '\0'))))
&& (cVar4 = HvlIsCoreSharingPossible(), cVar4 != '\0')))) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x100000000;
UNLOCK();
}
if ((((KiSpeculationFeatures & 2) != 0) && ((KiSpeculationFeatures & 0x40) != 0)) &&
(((KiSpeculationFeatures & 0x4000) != 0 &&
((iVar7 == 0 && ((KiSpeculationFeatures & 0x10000000000) == 0)))))) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x80000000000;
UNLOCK();
}
if (((*(char *)((longlong)pvVar3 + 0x8d) == '\x01') && ((KiSpeculationFeatures & 0x10) == 0)) &&
((KiFeatureSettings & 0x40) == 0)) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x2000000000;
UNLOCK();
}
else {
iVar7 = KiIsBranchConfusionPresent(pvVar3);
if (iVar7 != 0) {
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | 0x8000;
UNLOCK();
iVar7 = KiIsBranchConfusionMitigationDesired(pvVar3,&KiSpeculationFeatures);
if (iVar7 == 0) {
uVar13 = 0x100000000000;
}
else {
iVar7 = KiIsBranchConfusionMitigationSupported(pvVar3);
if (iVar7 != 0) goto LAB_2;
uVar13 = 0x200000000000;
}
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | uVar13;
UNLOCK();
}
LAB_2:
if ((KiSpeculationFeatures >> 0x15 & 1) != 0) {
iVar7 = KiIsSrsoMitigationSupported();
if (iVar7 == 0) {
uVar13 = 0x1000000000000;
}
else {
iVar7 = KiIsSrsoMitigationDesired(pvVar3);
if (iVar7 != 0) goto LAB_3;
uVar13 = 0x800000000000;
}
LOCK();
KiSpeculationFeatures = KiSpeculationFeatures | uVar13;
UNLOCK();
}
LAB_3:
if (param_1 != (uint *)0x0) {
LOCK();
uVar5 = *param_1;
*param_1 = *param_1 - 1;
UNLOCK();
uVar10 = ~(uVar5 - 1) & 0x80000000;
if ((uVar5 - 1 & 0x7fffffff) == 0) {
*param_1 = uVar10 | param_1[1];
}
else {
auStack_48[0] = 0;
while ((*param_1 & 0x80000000) != uVar10) {
KeYieldProcessorEx(auStack_48);
}
}
}
KiUpdateSpeculationControl(*(undefined8 *)((longlong)SystemReserved1[15] + 0xb8));
}
uVar13 = 0x4000000000;
LAB_1:
bVar2 = *(byte *)((longlong)pvVar3 + 0xfb);
*(byte *)((longlong)pvVar3 + 0xfa) = bVar2;
if (bVar2 != 0) {
wrmsr(0x48,(ulonglong)bVar2);
}
if (((uVar13 & KiSpeculationFeatures) != 0) && (KiSsbdMsr != 0x48)) {
uVar13 = rdmsr(KiSsbdMsr);
wrmsr(KiSsbdMsr,uVar13 | _KiSsbdBit);
}
- KiSetMicrocodeUpdateOptions();
return 0;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,refcount,length,address |
| ratio | 0.35 |
| i_ratio | 0.59 |
| m_ratio | 0.67 |
| b_ratio | 0.95 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | AlpcpCreateRegion | AlpcpCreateRegion |
| fullname | AlpcpCreateRegion | AlpcpCreateRegion |
refcount |
3 | 2 |
length |
411 | 407 |
| called | AlpcpAllocateBlob AlpcpReferenceBlob memset |
AlpcpAllocateBlob AlpcpReferenceBlob memset |
| calling | AlpcpCreateSectionView | AlpcpCreateSectionView |
| paramcount | 0 | 0 |
address |
1406eae00 | 1406ea430 |
| sig | undefined AlpcpCreateRegion(void) | undefined AlpcpCreateRegion(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- AlpcpCreateRegion
+++ AlpcpCreateRegion
@@ -1,96 +1,99 @@
undefined8
-AlpcpCreateRegion(longlong *param_1,longlong param_2,longlong param_3,undefined8 *param_4)
+AlpcpCreateRegion(longlong *param_1,longlong param_2,longlong *param_3,undefined8 *param_4)
{
longlong **pplVar1;
longlong **pplVar2;
void *pvVar3;
longlong *plVar4;
- longlong **pplVar5;
- longlong *plVar6;
- ulonglong uVar7;
+ longlong *plVar5;
+ longlong **pplVar6;
+ longlong **pplVar7;
longlong **pplVar8;
- longlong **pplVar9;
+ longlong *plVar9;
longlong *plVar10;
longlong *plVar11;
longlong *plVar12;
- uint uVar13;
- longlong *plVar14;
+ longlong *plVar13;
pvVar3 = SystemReserved1[15];
*param_4 = 0;
if (param_1[4] != *(longlong *)((longlong)pvVar3 + 0xb8)) {
return 0xc0000022;
}
- uVar7 = (ulonglong)AlpcpViewGranularity;
- pplVar5 = (longlong **)(param_1 + 7);
- uVar13 = AlpcpViewGranularity - 1;
- plVar14 = (longlong *)
- ((ulonglong)(AlpcpRegionGranularity - 1) + param_3 &
+ plVar12 = (longlong *)
+ ((ulonglong)(AlpcpViewGranularity - 1) + (longlong)param_3 &
+ ~((ulonglong)AlpcpViewGranularity - 1));
+ plVar13 = (longlong *)
+ ((ulonglong)(AlpcpRegionGranularity - 1) + (longlong)param_3 &
~((ulonglong)AlpcpRegionGranularity - 1));
+ if ((plVar12 < param_3) || (plVar13 < param_3)) {
+ return 0xc000000d;
+ }
+ pplVar6 = (longlong **)(param_1 + 7);
if (param_2 == 0) {
- pplVar8 = (longlong **)*pplVar5;
- pplVar9 = (longlong **)0x0;
- plVar12 = (longlong *)0x0;
- plVar6 = (longlong *)0x0;
+ pplVar7 = (longlong **)*pplVar6;
+ pplVar8 = (longlong **)0x0;
+ plVar11 = (longlong *)0x0;
+ plVar5 = (longlong *)0x0;
plVar4 = (longlong *)0x0;
- plVar11 = (longlong *)0x0;
- if (pplVar8 != pplVar5) {
+ plVar10 = (longlong *)0x0;
+ if (pplVar7 != pplVar6) {
do {
- plVar10 = plVar6;
- pplVar1 = pplVar8 + 3;
- plVar6 = (longlong *)((longlong)*pplVar1 - (longlong)plVar10);
- if (plVar6 == plVar14) goto LAB_0;
- if ((plVar14 < plVar6) && ((pplVar9 == (longlong **)0x0 || (plVar6 < plVar12)))) {
- pplVar9 = pplVar8;
- plVar11 = plVar10;
- plVar12 = plVar6;
+ plVar9 = plVar5;
+ pplVar1 = pplVar7 + 3;
+ plVar5 = (longlong *)((longlong)*pplVar1 - (longlong)plVar9);
+ if (plVar5 == plVar13) goto LAB_0;
+ if ((plVar13 < plVar5) && ((pplVar8 == (longlong **)0x0 || (plVar5 < plVar11)))) {
+ pplVar8 = pplVar7;
+ plVar10 = plVar9;
+ plVar11 = plVar5;
}
- plVar10 = plVar11;
- pplVar2 = pplVar8 + 4;
- pplVar8 = (longlong **)*pplVar8;
- plVar6 = (longlong *)((longlong)*pplVar2 + (longlong)*pplVar1);
- plVar11 = plVar10;
- } while (pplVar8 != pplVar5);
- plVar4 = plVar6;
- pplVar8 = pplVar9;
- if (pplVar9 != (longlong **)0x0) goto LAB_0;
+ plVar9 = plVar10;
+ pplVar2 = pplVar7 + 4;
+ pplVar7 = (longlong **)*pplVar7;
+ plVar5 = (longlong *)((longlong)*pplVar2 + (longlong)*pplVar1);
+ plVar10 = plVar9;
+ } while (pplVar7 != pplVar6);
+ plVar4 = plVar5;
+ pplVar7 = pplVar8;
+ if (pplVar8 != (longlong **)0x0) goto LAB_0;
}
- plVar10 = plVar4;
- pplVar8 = pplVar5;
- if ((longlong *)(param_1[1] - (longlong)plVar10) < plVar14) {
+ plVar9 = plVar4;
+ pplVar7 = pplVar6;
+ if ((longlong *)(param_1[1] - (longlong)plVar9) < plVar13) {
return 0xc000009a;
}
}
else {
- plVar10 = (longlong *)
- (param_2 + (ulonglong)(AlpcpRegionGranularity - 1) &
- ~((ulonglong)AlpcpRegionGranularity - 1));
- pplVar8 = pplVar5;
+ plVar9 = (longlong *)
+ (param_2 + (ulonglong)(AlpcpRegionGranularity - 1) &
+ ~((ulonglong)AlpcpRegionGranularity - 1));
+ pplVar7 = pplVar6;
}
LAB_0:
- pplVar5 = (longlong **)AlpcpAllocateBlob(&AlpcRegionType);
- if (pplVar5 == (longlong **)0x0) {
+ pplVar6 = (longlong **)AlpcpAllocateBlob(&AlpcRegionType);
+ if (pplVar6 == (longlong **)0x0) {
return 0xc000009a;
}
- memset(pplVar5,0,0x58);
- *(uint *)(pplVar5 + 6) = *(uint *)(pplVar5 + 6) & 0xfffffffe;
- pplVar9 = pplVar5 + 7;
- pplVar5[8] = (longlong *)pplVar9;
- *pplVar9 = (longlong *)pplVar9;
- pplVar5[3] = plVar10;
- pplVar5[4] = plVar14;
- pplVar5[5] = (longlong *)((ulonglong)uVar13 + param_3 & ~(uVar7 - 1));
+ memset(pplVar6,0,0x58);
+ *(uint *)(pplVar6 + 6) = *(uint *)(pplVar6 + 6) & 0xfffffffe;
+ pplVar8 = pplVar6 + 7;
+ pplVar6[8] = (longlong *)pplVar8;
+ *pplVar8 = (longlong *)pplVar8;
+ pplVar6[3] = plVar9;
+ pplVar6[4] = plVar13;
+ pplVar6[5] = plVar12;
AlpcpReferenceBlob(param_1);
- pplVar5[2] = param_1;
- pplVar5[1] = pplVar8[1];
- *pplVar5 = (longlong *)pplVar8;
- plVar14 = pplVar8[1];
- *param_4 = pplVar5;
- *plVar14 = (longlong)pplVar5;
- pplVar8[1] = (longlong *)pplVar5;
+ pplVar6[2] = param_1;
+ pplVar6[1] = pplVar7[1];
+ *pplVar6 = (longlong *)pplVar7;
+ plVar12 = pplVar7[1];
+ *param_4 = pplVar6;
+ *plVar12 = (longlong)pplVar6;
+ pplVar7[1] = (longlong *)pplVar6;
*(int *)((longlong)param_1 + 0x34) = *(int *)((longlong)param_1 + 0x34) + 1;
return 0;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.71 |
| i_ratio | 0.69 |
| m_ratio | 0.96 |
| b_ratio | 0.96 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | PsUpdateComponentPower | PsUpdateComponentPower |
| fullname | PsUpdateComponentPower | PsUpdateComponentPower |
| refcount | 7 | 7 |
length |
426 | 427 |
| called | PoEnergyContextUpdateComponentPower | PoEnergyContextUpdateComponentPower |
| calling | PspApplyJobChainLimitsToProcess PspSetProcessEnergyTrackingStateCallback |
PspApplyJobChainLimitsToProcess PspSetProcessEnergyTrackingStateCallback |
| paramcount | 0 | 0 |
address |
1402e64b0 | 1402e67c0 |
| sig | undefined PsUpdateComponentPower(void) | undefined PsUpdateComponentPower(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- PsUpdateComponentPower
+++ PsUpdateComponentPower
@@ -1,143 +1,144 @@
void PsUpdateComponentPower(longlong param_1,int param_2,ulonglong param_3)
{
ulonglong *puVar1;
longlong lVar2;
code *pcVar3;
uint uVar4;
int iVar5;
ulonglong uVar7;
- char cVar9;
longlong lVar8;
+ uint uVar9;
uint uVar10;
- uint uVar11;
- longlong lVar12;
+ longlong lVar11;
+ char unaff_BH;
longlong unaff_RDI;
- char unaff_R13B;
- bool bVar13;
+ char unaff_R15B;
+ bool bVar12;
undefined8 local_res8;
+ undefined8 *local_20;
ulonglong uVar6;
- /* 0x2e64b0 2074 PsUpdateComponentPower */
+ /* 0x2e67c0 2074 PsUpdateComponentPower */
if ((param_1 == 0) || (param_1 == PsIdleProcess)) {
param_1 = PsInitialSystemProcess;
}
lVar2 = *(longlong *)(param_1 + 0x8e8);
if (lVar2 == 0) {
return;
}
if (param_2 != 2) {
if (param_2 != 1) {
switch(param_2) {
case 3:
- goto switchD_1402e65a9_caseD_3;
+ goto switchD_1402e68b9_caseD_3;
case 4:
case 5:
case 6:
case 7:
case 8:
case 9:
case 10:
case 0xb:
case 0xc:
case 0xd:
case 0xe:
PoEnergyContextUpdateComponentPower(param_1,param_2);
return;
default:
- cVar9 = '\0';
pcVar3 = (code *)swi(0x29);
- (*pcVar3)();
- in(0x5c);
- *(char *)(unaff_RDI + -0x50ffd19b) = *(char *)(unaff_RDI + -0x50ffd19b) + unaff_R13B;
- *(char *)(unaff_RDI + -0x50ffd19b) = *(char *)(unaff_RDI + -0x50ffd19b) + cVar9;
- *(char *)(unaff_RDI + -0x50ffd19b) = *(char *)(unaff_RDI + -0x50ffd19b) + cVar9;
- *(char *)(unaff_RDI + -0x50ffd19b) = *(char *)(unaff_RDI + -0x50ffd19b) + cVar9;
- *(char *)(unaff_RDI + -0x50ffd19b) = *(char *)(unaff_RDI + -0x50ffd19b) + cVar9;
- *(char *)(unaff_RDI + -0x33ffd19b) = *(char *)(unaff_RDI + -0x33ffd19b) + cVar9;
+ (*pcVar3)(0x25);
+ *(char *)(unaff_RDI + -0x40ffd198) = *(char *)(unaff_RDI + -0x40ffd198) + unaff_R15B;
+ *local_20 = 0x68bf002e;
+ *(char *)(unaff_RDI + -0x40ffd198) = *(char *)(unaff_RDI + -0x40ffd198) + unaff_BH;
+ local_20[-1] = 0x68bf002e;
+ *(char *)(unaff_RDI + -0x40ffd198) = *(char *)(unaff_RDI + -0x40ffd198) + unaff_BH;
+ local_20[-2] = 0x68bf002e;
+ *(char *)(unaff_RDI + -0x40ffd198) = *(char *)(unaff_RDI + -0x40ffd198) + unaff_BH;
+ local_20[-3] = 0xffffffffcccc002e;
pcVar3 = (code *)swi(3);
(*pcVar3)();
return;
}
}
if (param_3 == 0) {
return;
}
lVar8 = 0x118;
- lVar12 = 0x40;
+ lVar11 = 0x40;
goto LAB_0;
}
if (param_3 == 0) {
return;
}
LOCK();
*(longlong *)(lVar2 + 0x48) = *(longlong *)(lVar2 + 0x48) + (param_3 >> 0x20);
UNLOCK();
lVar8 = 0x120;
- lVar12 = 0x58;
+ lVar11 = 0x58;
LAB_1:
param_3 = param_3 & 0xffffffff;
LAB_0:
puVar1 = (ulonglong *)(lVar2 + lVar8);
LOCK();
- *(longlong *)(lVar2 + lVar12) = *(longlong *)(lVar2 + lVar12) + param_3;
+ *(longlong *)(lVar2 + lVar11) = *(longlong *)(lVar2 + lVar11) + param_3;
uVar4 = KiTimelineBitmapTime;
UNLOCK();
if (puVar1 != (ulonglong *)0x0) {
uVar7 = *puVar1;
- uVar11 = (uint)uVar7;
- bVar13 = KiTimelineBitmapTime == uVar11;
+ uVar10 = (uint)uVar7;
+ bVar12 = KiTimelineBitmapTime == uVar10;
uVar6 = uVar7;
- if (!bVar13) goto LAB_2;
+ if (!bVar12) goto LAB_2;
if ((uVar7 >> 0x20 & 1) == 0) {
do {
- uVar11 = (uint)uVar7;
- bVar13 = uVar4 == uVar11;
+ uVar10 = (uint)uVar7;
+ bVar12 = uVar4 == uVar10;
uVar6 = uVar7;
LAB_2:
iVar5 = (int)uVar6;
- uVar10 = (uint)(uVar6 >> 0x20);
- if (uVar4 < uVar11 || bVar13) {
+ uVar9 = (uint)(uVar6 >> 0x20);
+ if (uVar4 < uVar10 || bVar12) {
if (0x1f < iVar5 - uVar4) {
return;
}
- uVar11 = 1 << ((byte)(iVar5 - uVar4) & 0x1f) | uVar10;
- if (uVar11 == uVar10) {
+ uVar10 = 1 << ((byte)(iVar5 - uVar4) & 0x1f) | uVar9;
+ if (uVar10 == uVar9) {
return;
}
- local_res8 = CONCAT44(uVar11,iVar5);
+ local_res8 = CONCAT44(uVar10,iVar5);
}
else {
if (uVar4 - iVar5 < 0x20) {
- local_res8._4_4_ = uVar10 << ((byte)(uVar4 - iVar5) & 0x1f) | 1;
+ local_res8._4_4_ = uVar9 << ((byte)(uVar4 - iVar5) & 0x1f) | 1;
}
else {
local_res8._4_4_ = 1;
}
local_res8 = CONCAT44(local_res8._4_4_,uVar4);
}
LOCK();
uVar7 = *puVar1;
- bVar13 = uVar6 == uVar7;
- if (bVar13) {
+ bVar12 = uVar6 == uVar7;
+ if (bVar12) {
*puVar1 = local_res8;
uVar7 = uVar6;
}
UNLOCK();
- } while (!bVar13);
+ } while (!bVar12);
}
}
return;
-switchD_1402e65a9_caseD_3:
+switchD_1402e68b9_caseD_3:
if (param_3 == 0) {
return;
}
LOCK();
*(longlong *)(lVar2 + 0x50) = *(longlong *)(lVar2 + 0x50) + (param_3 >> 0x20);
UNLOCK();
lVar8 = 0x128;
- lVar12 = 0x60;
+ lVar11 = 0x60;
goto LAB_1;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,refcount,length,address |
| ratio | 0.59 |
| i_ratio | 0.53 |
| m_ratio | 0.61 |
| b_ratio | 0.89 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | NtQueryMultipleValueKey | NtQueryMultipleValueKey |
| fullname | NtQueryMultipleValueKey | NtQueryMultipleValueKey |
refcount |
3 | 2 |
length |
1379 | 1373 |
| called | Expand for full list:CmpCaptureKeyValueArray |
Expand for full list:CmpCaptureKeyValueArray |
| calling | ||
| paramcount | 6 | 6 |
address |
1406e1df0 | 1406e1a00 |
| sig | undefined NtQueryMultipleValueKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) | undefined NtQueryMultipleValueKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- NtQueryMultipleValueKey
+++ NtQueryMultipleValueKey
@@ -1,232 +1,233 @@
/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
void NtQueryMultipleValueKey
(undefined8 param_1,longlong param_2,uint param_3,undefined8 ****param_4,
uint *param_5,undefined4 *param_6)
{
char cVar1;
- uint uVar2;
- int iVar3;
- uint *puVar4;
+ int iVar2;
+ uint *puVar3;
+ undefined8 ****ppppuVar4;
undefined8 ****ppppuVar5;
undefined4 *puVar6;
- undefined8 ****ppppuVar7;
- longlong lVar8;
- ulonglong uVar9;
+ ulonglong uVar7;
undefined auStack_218 [32];
undefined8 local_1f8;
undefined8 ****local_1f0;
undefined8 ****local_1e8;
char local_1d8;
char local_1d7;
- char local_1d6;
uint local_1d4;
- uint local_1d0;
+ char local_1d0;
uint local_1c8;
undefined8 ****local_1c0;
undefined4 local_1b8;
+ int local_1b4;
void *local_1b0;
uint local_1a8;
undefined8 ****local_1a0;
undefined8 ****local_198;
undefined8 ****local_190;
undefined8 ***local_188;
- undefined8 ****local_180;
+ undefined8 ***local_180;
undefined8 ****local_178;
- undefined4 local_170;
+ undefined8 ****local_170;
longlong local_168;
undefined local_160 [16];
undefined8 ****local_148;
- longlong local_140;
+ void *local_140;
uint local_138;
undefined8 ****local_130;
- uint *local_128;
+ undefined8 *local_128;
undefined4 *local_120;
undefined local_f8 [16];
undefined local_e8 [16];
undefined local_d8 [16];
undefined local_c8 [16];
undefined local_b8 [16];
undefined local_a8 [8];
undefined8 ****local_a0;
ulonglong local_48;
local_48 = __security_cookie ^ (ulonglong)auStack_218;
+ ppppuVar5 = (undefined8 ****)(ulonglong)param_3;
local_160 = ZEXT816(0);
+ local_1d4 = 0;
local_1b8 = 0;
- local_170 = 0;
+ local_1b4 = 0;
local_d8 = ZEXT816(0);
local_c8 = ZEXT816(0);
local_b8 = ZEXT816(0);
- local_1d0 = param_3;
+ local_1c8 = param_3;
local_1a0 = param_4;
local_168 = param_2;
memset(local_a8,0,0x58);
local_f8 = ZEXT816(0);
local_e8 = ZEXT816(0);
local_190 = (undefined8 ****)0x0;
if (CmpTraceRoutine != (code *)0x0) {
EtwGetKernelTraceTimestamp(local_f8);
}
local_1d8 = '\0';
local_1d7 = '\0';
local_1c0 = (undefined8 ****)0x0;
- ppppuVar5 = (undefined8 ****)0x0;
+ ppppuVar4 = (undefined8 ****)0x0;
memset(&local_148,0,0x48);
- local_178 = &local_180;
- local_180 = &local_180;
+ local_170 = &local_178;
+ local_178 = &local_178;
CmpInitializeThreadInfo(local_160);
local_198 = (undefined8 ****)0x0;
local_1b0 = (void *)0x0;
local_188 = (undefined8 ***)0x0;
- local_1d6 = CmpAcquireShutdownRundown();
- if (local_1d6 == '\0') {
- uVar2 = 0xc0000189;
+ local_180 = (undefined8 ***)0x0;
+ local_1d0 = CmpAcquireShutdownRundown();
+ if (local_1d0 == '\0') {
+ iVar2 = -0x3ffffe77;
}
else {
cVar1 = *(char *)((longlong)SystemReserved1[15] + 0x232);
local_1f0 = (undefined8 ****)0x0;
local_1f8 = &local_1c0;
- ppppuVar5 = (undefined8 ****)0x1;
- uVar2 = CmObReferenceObjectByHandle(param_1);
- if (-1 < (int)uVar2) {
+ ppppuVar4 = (undefined8 ****)0x1;
+ iVar2 = CmObReferenceObjectByHandle(param_1);
+ if (-1 < iVar2) {
if ((CmpTraceRoutine != (code *)0x0) && (local_1c0 != (undefined8 ****)0x0)) {
local_190 = (undefined8 ****)local_1c0[1];
}
if (cVar1 == '\x01') {
- puVar4 = (uint *)&DAT_0;
+ puVar3 = (uint *)&DAT_0;
if (param_5 < &DAT_0) {
- puVar4 = param_5;
- }
- local_1d4 = *puVar4;
- local_1c8 = local_1d4;
+ puVar3 = param_5;
+ }
+ local_1d4 = *puVar3;
if (0x10000 < param_3) {
/* WARNING: Subroutine does not return */
ExRaiseStatus(0xc000009a);
}
- ProbeForWrite(param_2,(ulonglong)param_3 * 0x18,4);
- ppppuVar7 = local_1a0;
+ ProbeForWrite(param_2,(longlong)ppppuVar5 * 0x18,4);
if (param_6 != (undefined4 *)0x0) {
puVar6 = (undefined4 *)&DAT_0;
if (param_6 < &DAT_0) {
puVar6 = param_6;
}
*puVar6 = *puVar6;
}
- ppppuVar5 = (undefined8 ****)(ulonglong)local_1c8;
- ProbeForWrite(local_1a0,ppppuVar5,4);
+ ProbeForWrite(local_1a0,local_1d4,4);
}
else {
local_1d4 = *param_5;
- ppppuVar7 = local_1a0;
- }
- *(short *)((longlong)SystemReserved1[15] + 0x1e4) =
- *(short *)((longlong)SystemReserved1[15] + 0x1e4) + -1;
- local_1d7 = '\x01';
- if (CmpCallBackCount != 0) {
- iVar3 = CmpIsRegistryLockAcquired();
- if (iVar3 == 0) {
- local_148 = local_1c0;
- local_128 = param_5;
- local_120 = param_6;
- local_1e8 = &local_180;
- local_1f0 = local_1c0;
- local_1f8 = (undefined8 ****)CONCAT44(local_1f8._4_4_,0x18);
- ppppuVar5 = &local_148;
- local_140 = param_2;
- local_138 = param_3;
- local_130 = ppppuVar7;
- uVar2 = CmpCallCallBacksEx(9,ppppuVar5,0,1);
- if ((int)uVar2 < 0) {
- if (uVar2 == 0xc0000503) {
- uVar2 = 0;
+ }
+ local_1f0 = &local_180;
+ local_1f8 = &local_188;
+ iVar2 = CmpCaptureKeyValueArray(param_2,ppppuVar5,cVar1,&local_1b0);
+ ppppuVar4 = ppppuVar5;
+ if (-1 < iVar2) {
+ *(short *)((longlong)SystemReserved1[15] + 0x1e4) =
+ *(short *)((longlong)SystemReserved1[15] + 0x1e4) + -1;
+ local_1d7 = '\x01';
+ if (CmpCallBackCount != 0) {
+ iVar2 = CmpIsRegistryLockAcquired();
+ ppppuVar4 = ppppuVar5;
+ if (iVar2 == 0) {
+ local_148 = local_1c0;
+ local_140 = local_1b0;
+ local_130 = local_1a0;
+ local_128 = (undefined8 *)&local_1d4;
+ local_120 = param_6;
+ local_1e8 = &local_178;
+ local_1f0 = local_1c0;
+ local_1f8 = (undefined8 ****)CONCAT44(local_1f8._4_4_,0x18);
+ ppppuVar4 = &local_148;
+ local_138 = param_3;
+ iVar2 = CmpCallCallBacksEx(9,ppppuVar4,0,1);
+ if (iVar2 < 0) {
+ if (iVar2 == -0x3ffffafd) {
+ iVar2 = 0;
+ }
+ goto LAB_1;
}
- goto LAB_1;
+ local_1d8 = '\x01';
}
- local_1d8 = '\x01';
- }
- }
- ppppuVar5 = (undefined8 ****)CONCAT71((int7)((ulonglong)ppppuVar5 >> 8),cVar1);
- uVar2 = CmKeyBodyRemapToVirtualForEnum(&local_1c0,ppppuVar5,1,&local_198);
- if (-1 < (int)uVar2) {
- local_1f8 = &local_188;
- ppppuVar5 = (undefined8 ****)(ulonglong)param_3;
- uVar2 = CmpCaptureKeyValueArray(param_2,ppppuVar5,cVar1,&local_1b0);
- if (-1 < (int)uVar2) {
+ }
+ ppppuVar4 = (undefined8 ****)CONCAT71((int7)((ulonglong)ppppuVar4 >> 8),cVar1);
+ iVar2 = CmKeyBodyRemapToVirtualForEnum(&local_1c0,ppppuVar4,1,&local_198);
+ if (-1 < iVar2) {
local_1f8 = (undefined8 ****)CONCAT44(local_1f8._4_4_,4);
- ppppuVar5 = local_1a0;
- uVar2 = CmpBounceContextStart(local_a8,local_1a0,local_1d4,(int)cVar1);
- if (-1 < (int)uVar2) {
+ ppppuVar4 = local_1a0;
+ iVar2 = CmpBounceContextStart(local_a8,local_1a0,local_1d4,(int)cVar1);
+ if (-1 < iVar2) {
CmpAttachToRegistryProcess(local_d8);
local_1e8 = (undefined8 ****)&local_1b8;
local_1f0 = (undefined8 ****)&local_1d4;
local_1f8 = local_a0;
- ppppuVar5 = local_198;
- uVar2 = CmQueryMultipleValueKey(local_1c0,local_198,local_1b0);
- local_1c8 = uVar2;
+ ppppuVar4 = local_198;
+ iVar2 = CmQueryMultipleValueKey(local_1c0,local_198,local_1b0,param_3);
+ local_1b4 = iVar2;
CmpDetachFromRegistryProcess(local_d8);
*param_5 = local_1d4;
if (param_6 != (undefined4 *)0x0) {
*param_6 = local_1b8;
}
- if (((uVar2 + 0x80000000 & 0x80000000) != 0) || (uVar2 == 0x80000005)) {
- uVar9 = 0;
+ if (((iVar2 + 0x80000000U & 0x80000000) != 0) || (iVar2 == -0x7ffffffb)) {
+ uVar7 = 0;
while( true ) {
- local_1a8 = (uint)uVar9;
+ local_1a8 = (uint)uVar7;
if (param_3 <= local_1a8) break;
- lVar8 = uVar9 * 0x20;
- *(undefined4 *)(param_2 + 8 + uVar9 * 0x18) =
- *(undefined4 *)(lVar8 + 0x10 + (longlong)local_1b0);
- *(undefined4 *)(param_2 + 0xc + uVar9 * 0x18) =
- *(undefined4 *)(lVar8 + 0x14 + (longlong)local_1b0);
- *(undefined4 *)(param_2 + 0x10 + uVar9 * 0x18) =
- *(undefined4 *)(lVar8 + 0x18 + (longlong)local_1b0);
- uVar9 = (ulonglong)(local_1a8 + 1);
+ *(undefined4 *)(param_2 + 8 + uVar7 * 0x18) =
+ *(undefined4 *)((longlong)local_1b0 + uVar7 * 0x18 + 8);
+ *(undefined4 *)(param_2 + 0xc + uVar7 * 0x18) =
+ *(undefined4 *)((longlong)local_1b0 + uVar7 * 0x18 + 0xc);
+ *(undefined4 *)(param_2 + 0x10 + uVar7 * 0x18) =
+ *(undefined4 *)((longlong)local_1b0 + uVar7 * 0x18 + 0x10);
+ uVar7 = (ulonglong)(local_1a8 + 1);
}
- ppppuVar5 = (undefined8 ****)(ulonglong)local_1d4;
+ ppppuVar4 = (undefined8 ****)(ulonglong)local_1d4;
CmpBounceContextCopyDataToCallerBuffer(local_a8);
}
}
}
}
}
}
LAB_1:
if (local_198 != (undefined8 ****)0x0) {
ObfDereferenceObject();
}
if (local_1d8 != '\0') {
- local_1f0 = &local_180;
+ local_1f0 = &local_178;
local_1f8 = (undefined8 ****)0x0;
- ppppuVar5 = local_1c0;
- uVar2 = CmPostCallbackNotificationEx(0x18,local_1c0,uVar2,&local_148);
+ ppppuVar4 = local_1c0;
+ iVar2 = CmPostCallbackNotificationEx(0x18,local_1c0,iVar2,&local_148);
}
if (local_1d7 != '\0') {
KiLeaveCriticalRegionUnsafe(SystemReserved1[15]);
}
if (local_1c0 != (undefined8 ****)0x0) {
ObfDereferenceObject();
}
CmpBounceContextCleanup(local_a8);
if (CmpTraceRoutine != (code *)0x0) {
local_1f0 = (undefined8 ****)0x0;
local_1f8 = local_190;
- ppppuVar5 = (undefined8 ****)local_f8;
- (*CmpTraceRoutine)(0x13,ppppuVar5,uVar2,(ulonglong)param_3);
- }
- if (local_1d6 != '\0') {
+ ppppuVar4 = (undefined8 ****)local_f8;
+ (*CmpTraceRoutine)(0x13,ppppuVar4,iVar2,param_3);
+ }
+ if (local_1d0 != '\0') {
CmpReleaseShutdownRundown();
}
if (local_1b0 != (void *)0x0) {
- SmFreeWrapper(local_1b0,ppppuVar5);
+ SmFreeWrapper(local_1b0,ppppuVar4);
}
if (local_188 != (undefined8 ***)0x0) {
- SmFreeWrapper(local_188,ppppuVar5);
+ SmFreeWrapper(local_188,ppppuVar4);
+ }
+ if (local_180 != (undefined8 ***)0x0) {
+ SmFreeWrapper(local_180,ppppuVar4);
}
CmCleanupThreadInfo(local_160);
__security_check_cookie(local_48 ^ (ulonglong)auStack_218);
return;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.65 |
| i_ratio | 0.68 |
| m_ratio | 0.99 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmQueryMultipleValueForLayeredKey | CmQueryMultipleValueForLayeredKey |
| fullname | CmQueryMultipleValueForLayeredKey | CmQueryMultipleValueForLayeredKey |
| refcount | 2 | 2 |
length |
1143 | 1164 |
| called | Expand for full list:HvpGetCellFlat |
Expand for full list:HvpGetCellFlat |
| calling | CmQueryMultipleValueKey | CmQueryMultipleValueKey |
| paramcount | 6 | 6 |
address |
140a16600 | 140a166a0 |
| sig | undefined CmQueryMultipleValueForLayeredKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) | undefined CmQueryMultipleValueForLayeredKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CmQueryMultipleValueForLayeredKey
+++ CmQueryMultipleValueForLayeredKey
@@ -1,255 +1,254 @@
undefined8 *
CmQueryMultipleValueForLayeredKey
(longlong param_1,longlong param_2,uint param_3,longlong param_4,uint *param_5,
uint *param_6)
{
bool bVar1;
bool bVar2;
undefined8 *puVar3;
char cVar4;
uint uVar5;
undefined8 *puVar6;
longlong lVar7;
undefined8 *puVar8;
undefined8 *puVar9;
undefined8 *puVar10;
uint uVar11;
- ushort *puVar12;
+ undefined8 *puVar12;
undefined8 *puVar13;
- undefined8 *puVar14;
- uint uVar15;
- undefined8 *puVar16;
- ushort uVar17;
+ uint uVar14;
+ undefined8 *puVar15;
+ ushort uVar16;
+ undefined8 *puVar17;
undefined8 *puVar18;
- undefined8 *puVar19;
undefined4 extraout_XMM0_Da;
char local_b7;
undefined local_b6;
uint local_b4;
uint local_b0 [2];
undefined8 local_a8;
undefined8 *local_a0;
undefined8 local_98;
uint local_90;
undefined8 local_88;
- ushort *local_80;
+ undefined8 *local_80;
undefined8 *local_78;
undefined8 *local_70;
- undefined8 *local_68;
+ longlong local_68;
undefined local_60 [16];
undefined local_50 [24];
puVar10 = (undefined8 *)0x0;
local_a8 = 0;
local_88 = 0;
local_98 = 0;
local_50._0_16_ = ZEXT816(0);
local_60._4_12_ = SUB1612(ZEXT816(0),4);
local_60._0_4_ = 0xffff0000;
HvpGetCellContextReinitialize(&local_a8);
HvpGetCellContextReinitialize(&local_88);
- local_70 = (undefined8 *)0x0;
+ local_78 = (undefined8 *)0x0;
local_a0 = (undefined8 *)0x0;
local_b7 = '\0';
HvpGetCellContextReinitialize(&local_98);
local_b4 = 0;
bVar1 = false;
puVar9 = *(undefined8 **)(param_1 + 8);
- local_68 = puVar9;
+ local_70 = puVar9;
uVar5 = CmpStartKcbStackForTopLayerKcb(local_60);
puVar8 = (undefined8 *)0x0;
- puVar14 = (undefined8 *)0x0;
+ puVar13 = (undefined8 *)0x0;
if ((int)uVar5 < 0) {
bVar2 = false;
- puVar13 = (undefined8 *)(ulonglong)uVar5;
- puVar19 = (undefined8 *)0x0;
+ puVar12 = (undefined8 *)(ulonglong)uVar5;
+ puVar18 = (undefined8 *)0x0;
}
else {
CmpLockKcbStackShared(local_60);
bVar2 = true;
local_b6 = 1;
puVar9 = (undefined8 *)0x0;
uVar5 = CmpPerformKeyBodyDeletionCheck(param_1);
- puVar13 = puVar10;
- puVar16 = puVar10;
- puVar18 = puVar10;
+ puVar12 = puVar10;
+ puVar15 = puVar10;
+ puVar17 = puVar10;
if ((int)uVar5 < 0) {
bVar2 = true;
- puVar13 = (undefined8 *)(ulonglong)uVar5;
- puVar19 = puVar10;
+ puVar12 = (undefined8 *)(ulonglong)uVar5;
+ puVar18 = puVar10;
}
else {
while( true ) {
- local_90 = (uint)puVar13;
+ local_90 = (uint)puVar12;
puVar8 = puVar10;
- puVar14 = puVar10;
- puVar19 = puVar18;
+ puVar13 = puVar10;
+ puVar18 = puVar17;
if (param_3 <= local_90) break;
- local_80 = (ushort *)((longlong)puVar13 * 0x20 + param_2);
+ local_68 = (longlong)puVar12 * 3;
+ local_80 = *(undefined8 **)(param_2 + (longlong)puVar12 * 0x18);
while( true ) {
- uVar17 = *local_80;
- puVar9 = (undefined8 *)(ulonglong)uVar17;
- if ((uVar17 == 0) ||
- (*(short *)(*(longlong *)(local_80 + 4) + ((longlong)puVar9 - 1U & 0xfffffffffffffffe))
- != 0)) break;
- *local_80 = uVar17 - 2;
+ uVar16 = *(ushort *)local_80;
+ puVar9 = (undefined8 *)(ulonglong)uVar16;
+ if ((uVar16 == 0) ||
+ (*(short *)(local_80[1] + ((longlong)puVar9 - 1U & 0xfffffffffffffffe)) != 0)) break;
+ *(ushort *)local_80 = uVar16 - 2;
}
local_b0[0] = 0xffffffff;
- uVar17 = *(ushort *)((longlong)local_68 + 0x42);
+ uVar16 = *(ushort *)((longlong)local_70 + 0x42);
puVar12 = local_80;
- while (puVar19 = puVar18, puVar3 = local_70, -1 < (short)uVar17) {
- puVar9 = (undefined8 *)(ulonglong)uVar17;
+ while (puVar18 = puVar17, puVar3 = local_78, -1 < (short)uVar16) {
+ puVar9 = (undefined8 *)(ulonglong)uVar16;
puVar6 = (undefined8 *)CmpGetKcbAtLayerHeight(local_60);
cVar4 = '\0';
- if (*(short *)((longlong)puVar6 + 0x42) != 0) {
+ if (*(ushort *)((longlong)puVar6 + 0x42) != 0) {
cVar4 = *(char *)((longlong)puVar6 + 0x41);
}
- puVar3 = local_70;
+ puVar3 = local_78;
if (cVar4 == '\x01') break;
if (*(int *)(puVar6 + 5) == -1) {
- uVar17 = uVar17 - 1;
+ uVar16 = uVar16 - 1;
}
else {
lVar7 = CmpGetKeyNodeForKcb(puVar6,&local_88,0);
uVar5 = CmpFindNameInListWithStatus(puVar6[4],lVar7 + 0x24,puVar12,0,0,local_b0);
- puVar13 = (undefined8 *)(ulonglong)uVar5;
+ puVar12 = (undefined8 *)(ulonglong)uVar5;
puVar9 = &local_88;
if ((*(byte *)(puVar6[4] + 0x8c) & 1) == 0) {
HvpReleaseCellPaged();
}
else {
HvpReleaseCellFlat();
}
- puVar19 = puVar6;
+ puVar18 = puVar6;
puVar3 = puVar6;
if (-1 < (int)uVar5) break;
- puVar19 = puVar18;
+ puVar18 = puVar17;
if (uVar5 != 0xc0000034) goto LAB_0;
cVar4 = '\0';
- if (*(short *)((longlong)puVar6 + 0x42) != 0) {
+ if (*(ushort *)((longlong)puVar6 + 0x42) != 0) {
cVar4 = *(char *)((longlong)puVar6 + 0x41);
}
- puVar3 = local_70;
+ puVar3 = local_78;
if (cVar4 != '\0') break;
- uVar17 = uVar17 - 1;
+ uVar16 = uVar16 - 1;
puVar12 = local_80;
}
}
- local_70 = puVar3;
+ local_78 = puVar3;
uVar5 = local_b0[0];
if (local_b0[0] == 0xffffffff) {
- puVar13 = (undefined8 *)0xc0000034;
+ puVar12 = (undefined8 *)0xc0000034;
goto LAB_0;
}
- if ((*(byte *)(puVar19[4] + 0x8c) & 1) == 0) {
- puVar8 = (undefined8 *)HvpGetCellPaged(puVar19[4],local_b0[0]);
+ if ((*(byte *)(puVar18[4] + 0x8c) & 1) == 0) {
+ puVar8 = (undefined8 *)HvpGetCellPaged(puVar18[4],local_b0[0]);
}
else {
puVar8 = (undefined8 *)HvpGetCellFlat();
}
puVar9 = puVar8;
- local_78 = puVar8;
- cVar4 = CmpIsValueTombstone(puVar19[4]);
+ local_80 = puVar8;
+ cVar4 = CmpIsValueTombstone(puVar18[4]);
if (cVar4 != '\0') {
- puVar13 = (undefined8 *)0xc0000034;
- puVar14 = (undefined8 *)0x0;
+ puVar12 = (undefined8 *)0xc0000034;
+ puVar13 = (undefined8 *)0x0;
goto LAB_0;
}
- uVar15 = *(uint *)((longlong)puVar8 + 4);
- uVar11 = uVar15 + 0x80000000;
- if (uVar15 < 0x80000000) {
- uVar11 = uVar15;
- }
- uVar15 = (uint)puVar16 + 7 & 0xfffffff8;
+ uVar14 = *(uint *)((longlong)puVar8 + 4);
+ uVar11 = uVar14 + 0x80000000;
+ if (uVar14 < 0x80000000) {
+ uVar11 = uVar14;
+ }
+ uVar14 = (uint)puVar15 + 7 & 0xfffffff8;
local_b4 = local_b4 + 7 & 0xfffffff8;
local_b0[0] = uVar11;
- if (((bVar1) || (*param_5 < uVar11 + uVar15)) || (uVar11 + uVar15 < uVar15)) {
+ if (((bVar1) || (*param_5 < uVar11 + uVar14)) || (uVar11 + uVar14 < uVar14)) {
bVar1 = true;
}
else {
puVar9 = (undefined8 *)(ulonglong)uVar5;
cVar4 = CmpGetValueData(extraout_XMM0_Da,puVar9,puVar8,local_b0,&local_a0,&local_b7,
&local_98);
uVar11 = local_b0[0];
if (cVar4 == '\0') {
- puVar13 = (undefined8 *)0xc000009a;
- puVar14 = local_a0;
+ puVar12 = (undefined8 *)0xc000009a;
+ puVar13 = local_a0;
goto LAB_0;
}
- RtlCopyMemory((void *)((ulonglong)uVar15 + param_4),local_a0,(ulonglong)local_b0[0]);
- *(undefined4 *)(local_80 + 0xc) = *(undefined4 *)((longlong)puVar8 + 0xc);
- *(uint *)(local_80 + 8) = uVar11;
- *(uint *)(local_80 + 10) = uVar15;
- uVar15 = uVar15 + uVar11;
+ RtlCopyMemory((void *)((ulonglong)uVar14 + param_4),local_a0,(ulonglong)local_b0[0]);
+ *(undefined4 *)(param_2 + 0x10 + local_68 * 8) = *(undefined4 *)((longlong)puVar8 + 0xc);
+ *(uint *)(param_2 + 8 + local_68 * 8) = uVar11;
+ *(uint *)(param_2 + 0xc + local_68 * 8) = uVar14;
+ uVar14 = uVar14 + uVar11;
if (local_b7 == '\0') {
- if ((*(byte *)(puVar19[4] + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(puVar19[4],&local_98);
+ if ((*(byte *)(puVar18[4] + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(puVar18[4],&local_98);
}
else {
HvpReleaseCellFlat();
}
}
else {
ExFreePoolWithTag(local_a0,0);
}
local_a0 = (undefined8 *)0x0;
}
local_b4 = local_b4 + uVar11;
puVar9 = &local_a8;
- if ((*(byte *)(puVar19[4] + 0x8c) & 1) == 0) {
+ if ((*(byte *)(puVar18[4] + 0x8c) & 1) == 0) {
HvpReleaseCellPaged();
}
else {
HvpReleaseCellFlat();
}
- puVar13 = (undefined8 *)(ulonglong)(local_90 + 1);
- puVar16 = (undefined8 *)(ulonglong)uVar15;
- puVar18 = puVar19;
- }
- *param_5 = (uint)puVar16;
+ puVar12 = (undefined8 *)(ulonglong)(local_90 + 1);
+ puVar15 = (undefined8 *)(ulonglong)uVar14;
+ puVar17 = puVar18;
+ }
+ *param_5 = (uint)puVar15;
if (param_6 != (uint *)0x0) {
*param_6 = local_b4;
}
bVar2 = true;
- puVar13 = puVar10;
+ puVar12 = puVar10;
if (bVar1) {
- puVar13 = (undefined8 *)0x80000005;
+ puVar12 = (undefined8 *)0x80000005;
}
}
}
LAB_0:
- if (puVar14 != (undefined8 *)0x0) {
+ if (puVar13 != (undefined8 *)0x0) {
if (local_b7 == '\0') {
puVar9 = &local_98;
- if ((*(byte *)(puVar19[4] + 0x8c) & 1) == 0) {
+ if ((*(byte *)(puVar18[4] + 0x8c) & 1) == 0) {
HvpReleaseCellPaged();
}
else {
HvpReleaseCellFlat();
}
}
else {
puVar9 = (undefined8 *)0x0;
- ExFreePoolWithTag(puVar14);
+ ExFreePoolWithTag(puVar13);
}
}
if (puVar8 != (undefined8 *)0x0) {
puVar9 = &local_a8;
- if ((*(byte *)(puVar19[4] + 0x8c) & 1) == 0) {
+ if ((*(byte *)(puVar18[4] + 0x8c) & 1) == 0) {
HvpReleaseCellPaged();
}
else {
HvpReleaseCellFlat();
}
}
if (bVar2) {
CmpUnlockKcbStack(local_60);
}
if ((void *)local_50._8_8_ != (void *)0x0) {
SmFreeWrapper((void *)local_50._8_8_,puVar9);
}
- return puVar13;
+ return puVar12;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.09 |
| i_ratio | 0.47 |
| m_ratio | 0.43 |
| b_ratio | 0.36 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmpCheckKey | CmpCheckKey |
| fullname | CmpCheckKey | CmpCheckKey |
| refcount | 2 | 2 |
length |
6928 | 7119 |
called |
Expand for full list: |
Expand for full list:RtlULongAdd |
| calling | CmpCheckRegistry2 | CmpCheckRegistry2 |
| paramcount | 7 | 7 |
address |
1407164f0 | 140715fe0 |
| sig | undefined CmpCheckKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined1 param_5, undefined8 param_6, undefined8 param_7) | undefined CmpCheckKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined1 param_5, undefined8 param_6, undefined8 param_7) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CmpCheckKey called
+++ CmpCheckKey called
@@ -4,0 +5 @@
+CmpKeySecurityIncrementReferenceCount
@@ -10,0 +12 @@
+RtlULongAdd--- CmpCheckKey
+++ CmpCheckKey
@@ -1,1164 +1,1170 @@
uint CmpCheckKey(longlong param_1,uint param_2,int param_3,int param_4,char param_5,
undefined8 param_6,ulonglong param_7)
{
- int *piVar1;
- undefined4 *puVar2;
- uint *puVar3;
- int iVar4;
- bool bVar5;
+ uint *puVar1;
+ int iVar2;
+ bool bVar3;
+ byte bVar4;
+ char cVar5;
byte bVar6;
- char cVar7;
- byte bVar8;
+ ushort uVar7;
+ uint uVar8;
uint uVar9;
- uint uVar10;
+ long lVar10;
int iVar11;
undefined4 uVar12;
undefined4 uVar13;
short *psVar14;
longlong lVar15;
longlong lVar16;
ulonglong uVar17;
short *psVar18;
- short *psVar19;
- byte bVar20;
- ushort uVar21;
- short sVar22;
- undefined8 uVar23;
- longlong *plVar24;
- ulonglong uVar25;
- uint uVar26;
- short *psVar27;
+ byte bVar19;
+ short sVar20;
+ undefined8 uVar21;
+ undefined4 *puVar22;
+ ulonglong uVar23;
+ ulonglong uVar24;
+ uint uVar25;
ulonglong in_stack_ffffffffffffff28;
- undefined8 uVar28;
- undefined8 local_a0;
- short *local_98;
- longlong local_90;
- undefined8 local_88;
- undefined4 local_80;
- undefined4 local_7c;
- uint local_78;
- uint local_74;
+ undefined8 uVar26;
+ longlong local_a0;
+ undefined4 local_98;
+ undefined4 local_94;
+ short *local_90;
+ undefined4 local_88;
+ undefined4 local_84;
+ uint local_80;
+ uint local_7c;
+ undefined4 local_78;
+ undefined4 local_74;
undefined4 local_70;
undefined4 local_6c;
uint local_68;
undefined4 local_60;
undefined4 local_5c;
undefined4 local_58;
undefined4 local_54;
- uint local_50 [2];
+ uint local_50;
+ ulong local_4c;
byte *local_48;
uint local_40;
undefined4 local_3c;
- local_70 = 0xffffffff;
- bVar6 = 0;
+ local_78 = 0xffffffff;
+ bVar4 = 0;
+ local_7c = 0;
+ local_80 = 0;
+ local_60 = 0xffffffff;
local_74 = 0;
- local_78 = 0;
- local_60 = 0xffffffff;
- local_6c = 0;
local_5c = 0;
- local_88._0_4_ = 0xffffffff;
- local_88._4_4_ = 0;
- local_a0._0_4_ = 0xffffffff;
- local_a0._4_4_ = 0;
+ local_88 = 0xffffffff;
+ local_84 = 0;
+ local_98 = 0xffffffff;
+ local_94 = 0;
local_58 = 0xffffffff;
local_54 = 0;
- bVar8 = 0;
- local_98 = (short *)0x0;
+ bVar6 = 0;
+ local_90 = (short *)0x0;
if (param_7 != 0) {
*(int *)(param_7 + 0xf0) = param_3;
*(undefined8 *)(param_7 + 0xf8) = 0;
*(undefined8 *)(param_7 + 0x100) = 0;
*(undefined4 *)(param_7 + 0x108) = 0xffffffff;
}
- cVar7 = HvIsCellAllocated(param_1,param_3,param_6);
- if (cVar7 == '\0') {
+ cVar5 = HvIsCellAllocated(param_1,param_3,param_6);
+ if (cVar5 == '\0') {
SetFailureLocation(param_7,0,0xe,0xc000014c,in_stack_ffffffffffffff28 & 0xffffffff00000000);
return 0xc000014c;
}
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
psVar14 = (short *)HvpGetCellPaged(param_1,param_3,&local_60);
}
else {
psVar14 = (short *)HvpGetCellFlat();
}
uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
if (psVar14 == (short *)0x0) {
- uVar28 = CONCAT44(uVar13,0x10);
+ uVar26 = CONCAT44(uVar13,0x10);
goto LAB_0;
}
if (param_7 != 0) {
*(short **)(param_7 + 0xf8) = psVar14;
}
- if (-*(int *)(psVar14 + -2) - 0x50U < 0x411) {
- uVar21 = psVar14[0x24];
- if (((uVar21 + 0x4c < 0x4c) || (uVar21 == 0)) || (-*(int *)(psVar14 + -2) - 4U < uVar21 + 0x4c))
- {
- uVar28 = CONCAT44(uVar13,0x30);
- goto LAB_1;
- }
- if ((*(byte *)(psVar14 + 1) & 0x20) == 0) {
- if (uVar21 < 0x201) {
- if ((uVar21 & 1) == 0) {
- if (psVar14[0x26] != 0) {
- uVar9 = 0;
- if (uVar21 >> 1 != 0) {
- do {
- if (psVar14[(ulonglong)uVar9 + 0x26] == 0x5c) {
- uVar28 = CONCAT44(uVar13,0x510);
- goto LAB_1;
- }
- uVar9 = uVar9 + 1;
- } while (uVar9 < uVar21 >> 1);
- }
- goto LAB_2;
- }
- uVar28 = CONCAT44(uVar13,0x60);
+ if (0x410 < -*(int *)(psVar14 + -2) - 0x50U) {
+ uVar26 = CONCAT44(uVar13,0x20);
+LAB_1:
+ uVar9 = 0xc000014c;
+ goto LAB_2;
+ }
+ uVar7 = psVar14[0x24];
+ if (((uVar7 + 0x4c < 0x4c) || (uVar7 == 0)) || (-*(int *)(psVar14 + -2) - 4U < uVar7 + 0x4c)) {
+ uVar26 = CONCAT44(uVar13,0x30);
+ goto LAB_1;
+ }
+ if ((*(byte *)(psVar14 + 1) & 0x20) == 0) {
+ if (uVar7 < 0x201) {
+ if ((uVar7 & 1) == 0) {
+ if (psVar14[0x26] != 0) {
+ uVar8 = 0;
+ if (uVar7 >> 1 != 0) {
+ do {
+ if (psVar14[(ulonglong)uVar8 + 0x26] == 0x5c) {
+ uVar26 = CONCAT44(uVar13,0x510);
+ goto LAB_1;
+ }
+ uVar8 = uVar8 + 1;
+ } while (uVar8 < uVar7 >> 1);
+ }
+ goto LAB_3;
+ }
+ uVar26 = CONCAT44(uVar13,0x60);
+ }
+ else {
+ uVar26 = CONCAT44(uVar13,0x50);
+ }
+ }
+ else {
+ uVar26 = CONCAT44(uVar13,0x45);
+ }
+ goto LAB_1;
+ }
+ if (0x100 < uVar7) {
+ uVar26 = CONCAT44(uVar13,0x35);
+ goto LAB_1;
+ }
+ if (*(char *)(psVar14 + 0x26) == '\0') {
+ uVar26 = CONCAT44(uVar13,0x40);
+ goto LAB_1;
+ }
+ uVar8 = 0;
+ if (uVar7 != 0) {
+ do {
+ if (*(char *)((ulonglong)uVar8 + 0x4c + (longlong)psVar14) == '\\') {
+ uVar26 = CONCAT44(uVar13,0x500);
+ goto LAB_1;
+ }
+ uVar8 = uVar8 + 1;
+ } while (uVar8 < uVar7);
+ }
+LAB_3:
+ uVar8 = param_2 & 0x20000;
+ if (*psVar14 == 0x6b6e) {
+LAB_4:
+ if (((*(uint *)(*(longlong *)(param_1 + 0x40) + 0x90) & 2) == 0) &&
+ ((*(byte *)((longlong)psVar14 + 0xd) & 3) != 0)) {
+ bVar6 = 1;
+ uVar9 = 0xc000014c;
+ bVar4 = 1;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x92);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ *(byte *)((longlong)psVar14 + 0xd) = *(byte *)((longlong)psVar14 + 0xd) & 0xfc;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_5;
+ }
+ uVar26 = 0x96;
+ }
+ else {
+ uVar26 = CONCAT44(uVar13,0x94);
+ }
+ }
+ else {
+LAB_5:
+ if (param_4 == -1) {
+ bVar19 = *(byte *)((longlong)psVar14 + 0xd) & 3;
+ if ((bVar19 == 0) || (local_48 = (byte *)((longlong)psVar14 + 0xd), bVar19 == 2))
+ goto LAB_6;
+ uVar9 = 0xc000014c;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x1e4);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ *(byte *)((longlong)psVar14 + 0xd) = *(byte *)((longlong)psVar14 + 0xd) & 0xfe | 2;
+ goto LAB_7;
+ }
+ uVar26 = 0x1e8;
}
else {
- uVar28 = CONCAT44(uVar13,0x50);
+ uVar26 = CONCAT44(uVar13,0x1ec);
}
}
else {
- uVar28 = CONCAT44(uVar13,0x45);
- }
- goto LAB_1;
- }
- if (0x100 < uVar21) {
- uVar28 = CONCAT44(uVar13,0x35);
- goto LAB_1;
- }
- if (*(char *)(psVar14 + 0x26) == '\0') {
- uVar28 = CONCAT44(uVar13,0x40);
- goto LAB_1;
- }
- uVar9 = 0;
- if (uVar21 != 0) {
- do {
- if (*(char *)((ulonglong)uVar9 + 0x4c + (longlong)psVar14) == '\\') {
- uVar28 = CONCAT44(uVar13,0x500);
- goto LAB_1;
- }
- uVar9 = uVar9 + 1;
- } while (uVar9 < uVar21);
- }
-LAB_2:
- uVar9 = param_2 & 0x20000;
- uVar23 = 1;
- if (*psVar14 == 0x6b6e) {
-LAB_3:
- if (((*(uint *)(*(longlong *)(param_1 + 0x40) + 0x90) & 2) == 0) &&
- ((*(byte *)((longlong)psVar14 + 0xd) & 3) != 0)) {
- bVar6 = 1;
- uVar10 = 0xc000014c;
- bVar8 = 1;
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x92);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- *(byte *)((longlong)psVar14 + 0xd) = *(byte *)((longlong)psVar14 + 0xd) & 0xfc;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- goto LAB_4;
- }
- uVar28 = 0x96;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ lVar15 = HvpGetCellPaged(param_1,param_4,&local_88);
}
else {
- uVar28 = CONCAT44(uVar13,0x94);
+ lVar15 = HvpGetCellFlat();
}
- }
- else {
-LAB_4:
- if (param_4 == -1) {
- bVar20 = *(byte *)((longlong)psVar14 + 0xd) & 3;
- if ((bVar20 == 0) || (local_48 = (byte *)((longlong)psVar14 + 0xd), bVar20 == 2))
- goto LAB_5;
- uVar10 = 0xc000014c;
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x1e4);
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (((*(byte *)(lVar15 + 0xd) & 3) == 3) &&
+ (((*(byte *)((longlong)psVar14 + 0xd) & 3) - 1 & 0xfd) != 0)) {
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_88);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ uVar9 = 0xc000014c;
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x98);
SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- *(byte *)((longlong)psVar14 + 0xd) = *(byte *)((longlong)psVar14 + 0xd) & 0xfe | 2;
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ *(byte *)((longlong)psVar14 + 0xd) = *(byte *)((longlong)psVar14 + 0xd) | 3;
+LAB_7:
+ bVar6 = 1;
+ bVar4 = 1;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
goto LAB_6;
}
- uVar28 = 0x1e8;
+ uVar26 = 0x9a;
}
else {
- uVar28 = CONCAT44(uVar13,0x1ec);
+ uVar26 = CONCAT44(uVar13,0x9c);
}
}
else {
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar15 = HvpGetCellPaged(param_1,param_4,&local_88);
+ HvpReleaseCellPaged(param_1,&local_88);
}
else {
- lVar15 = HvpGetCellFlat();
- }
+ HvpReleaseCellFlat();
+ }
+LAB_6:
+ local_48 = (byte *)((longlong)psVar14 + 0xd);
+ local_40 = *(uint *)(psVar14 + 0x12);
+ iVar11 = *(int *)(psVar14 + 0x18);
+ iVar2 = *(int *)(psVar14 + 0x16);
+ local_3c = *(undefined4 *)(psVar14 + 0x14);
+ local_68 = (uint)(ushort)psVar14[0x25];
uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (((*(byte *)(lVar15 + 0xd) & 3) == 3) &&
- (((*(byte *)((longlong)psVar14 + 0xd) & 3) - 1 & 0xfd) != 0)) {
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_88);
+ if (local_68 == 0) {
+ if (iVar11 != -1) {
+ bVar4 = 1;
+ bVar6 = 1;
+ uVar9 = 0xc000014c;
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = CONCAT44(uVar13,0xe4);
+ goto LAB_2;
+ }
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0xe8);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0xec;
+ uVar21 = 1;
+ goto LAB_8;
+ }
+ *(undefined4 *)(psVar14 + 0x18) = 0xffffffff;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ }
+LAB_9:
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (iVar2 == -1) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x100);
+ goto LAB_10;
+ }
+ if (param_4 != -1) {
+ if ((uVar8 == 0) &&
+ (((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)) && (param_5 != '\0'))))
+ goto LAB_11;
+ if (param_4 != -1) goto LAB_12;
+ }
+ if ((psVar14[1] & 0x50U) != 0) {
+ uVar26 = CONCAT44(uVar13,0x1b0);
+ goto LAB_1;
+ }
+ if ((psVar14[1] & 2U) == 0) goto LAB_13;
+ uVar9 = 0xc000014c;
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x1c0);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ uVar7 = 0xfffd;
+ do {
+ bVar4 = 1;
+ psVar14[1] = psVar14[1] & uVar7;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+LAB_13:
+ do {
+ local_50 = 0;
+ local_4c = 0;
+ cVar5 = CmpFindSecurityCellCacheIndex
+ (param_1,*(undefined4 *)(psVar14 + 0x16),&local_50);
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (cVar5 != '\0') {
+ lVar15 = *(longlong *)
+ (*(longlong *)(param_1 + 0x760) + 8 + (ulonglong)local_50 * 0x10);
+ lVar10 = RtlULongAdd(*(ulong *)(lVar15 + 0x1c),1,&local_4c);
+ uVar12 = local_3c;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (-1 < lVar10) {
+ *(ulong *)(lVar15 + 0x1c) = local_4c;
+ if ((*(byte *)(psVar14 + 1) & 0x40) != 0) {
+ uVar9 = 0xc000014c;
+ bVar4 = 1;
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = CONCAT44(uVar13,0x288);
+ goto LAB_2;
+ }
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x28c;
+ goto LAB_2;
+ }
+ psVar14[1] = psVar14[1] & 0xffbf;
+ *(undefined4 *)(psVar14 + 0x14) = 0xffffffff;
+ *(undefined4 *)(psVar14 + 0x12) = 0;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_14;
+ }
+ uVar23 = (ulonglong)local_40;
+ if (local_40 == 0) goto LAB_15;
+ if ((*local_48 & 3) == 1) {
+ uVar9 = 0xc000014c;
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x1f8);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ goto LAB_16;
+ }
+ cVar5 = HvIsCellAllocated(param_1,local_3c,param_6);
+ if (cVar5 == '\0') {
+ uVar9 = 0xc000014c;
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x200);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ goto LAB_16;
+ }
+ local_a0 = 0xffffffff;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ lVar15 = HvpGetCellPaged(param_1,uVar12,&local_a0);
+ }
+ else {
+ lVar15 = HvpGetCellFlat();
+ }
+ if (lVar15 == 0) {
+ uVar9 = 0xc000009a;
+ uVar26 = CONCAT44(uVar13,0x210);
+ goto LAB_2;
+ }
+ uVar17 = uVar23 << 2;
+ if ((uVar17 < 0x100000000) && ((uint)uVar17 <= -*(int *)(lVar15 + -4) - 4U))
+ {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,param_3);
+ uVar9 = CmpCheckValueList(param_1,*(byte *)(psVar14 + 1) >> 4 & 1,lVar15,
+ uVar23,in_stack_ffffffffffffff28,param_2,param_6
+ ,param_7,&local_80,&local_7c);
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_a0);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ if (uVar9 == 0x8000002a) {
+ bVar4 = 1;
+ goto LAB_15;
+ }
+ if (-1 < (int)uVar9) goto LAB_15;
+ if (uVar9 != 0xc000014c) goto LAB_17;
+ if (param_7 != 0) {
+ *(longlong *)(param_7 + 0xf8) = lVar15;
+ }
+ in_stack_ffffffffffffff28 =
+ CONCAT44((int)(in_stack_ffffffffffffff28 >> 0x20),0x230);
+ }
+ else {
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_a0);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ uVar9 = 0xc000014c;
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x220);
+ }
+ SetFailureLocation(param_7,1,0xe,uVar9,in_stack_ffffffffffffff28);
+ goto LAB_16;
+ }
+ if (lVar10 != -0x3ffffddb) {
+ uVar26 = CONCAT44(uVar13,500);
+ uVar9 = 0xc000014c;
+ uVar21 = 1;
+ goto LAB_8;
+ }
+ }
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x1f0);
+LAB_10:
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+LAB_11:
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ SetFailureLocation(param_7,0,0xe,0xc000014c,0x130);
+ uVar9 = 0xc000014c;
+ goto LAB_17;
+ }
+ local_70 = 0xffffffff;
+ local_6c = 0;
+ local_a0 = 0xffffffff;
+ if (param_4 == -1) {
+ uVar26 = 0x110;
+ goto LAB_1;
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ lVar15 = HvpGetCellPaged(param_1,param_4,&local_70);
+ }
+ else {
+ lVar15 = HvpGetCellFlat();
+ }
+ if (lVar15 == 0) {
+ uVar9 = 0xc000009a;
+ uVar26 = 0x114;
+ goto LAB_2;
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ lVar16 = HvpGetCellPaged(param_1,*(undefined4 *)(lVar15 + 0x2c),&local_a0);
+ }
+ else {
+ lVar16 = HvpGetCellFlat();
+ }
+ if (lVar16 == 0) {
+ uVar9 = 0xc000009a;
+ SetFailureLocation(param_7,0,0xe,0xc000009a,0x118);
+ puVar22 = &local_70;
+ goto LAB_18;
+ }
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x11c;
+LAB_19:
+ SetFailureLocation(param_7,0,0xe,uVar9,uVar26);
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_a0);
+ puVar22 = &local_70;
+ }
+ else {
+ HvpReleaseCellFlat();
+ puVar22 = &local_70;
+ }
+ goto LAB_18;
+ }
+ uVar9 = HvMarkCellDirty(param_1,*(undefined4 *)(lVar15 + 0x2c),0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x120;
+ goto LAB_19;
+ }
+ uVar9 = CmpKeySecurityIncrementReferenceCount
+ (lVar16,param_1,*(undefined4 *)(lVar15 + 0x2c));
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x124;
+ goto LAB_19;
+ }
+ *(undefined4 *)(psVar14 + 0x16) = *(undefined4 *)(lVar15 + 0x2c);
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_a0);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_70);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ bVar6 = 1;
+LAB_12:
+ bVar4 = bVar6;
+ if (*(int *)(psVar14 + 8) != param_4) {
+ uVar9 = 0xc000014c;
+ bVar4 = 1;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = CONCAT44(uVar13,0x160);
+ goto LAB_2;
+ }
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x140);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x150;
+ goto LAB_2;
+ }
+ *(int *)(psVar14 + 8) = param_4;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ lVar15 = HvpGetCellPaged(param_1,param_4,&local_88);
+ }
+ else {
+ lVar15 = HvpGetCellFlat();
+ }
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (lVar15 == 0) {
+ uVar9 = 0xc000009a;
+ uVar26 = CONCAT44(uVar13,0x170);
+ goto LAB_2;
+ }
+ uVar7 = psVar14[0x24] * 2;
+ if ((*(byte *)(psVar14 + 1) & 0x20) == 0) {
+ uVar7 = psVar14[0x24];
+ }
+ if ((*(uint *)(lVar15 + 0x34) & 0xffff) < (uint)uVar7) {
+ bVar4 = 1;
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x174);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_4,0);
+ if (-1 < (int)uVar9) {
+ sVar20 = psVar14[0x24] * 2;
+ if ((*(byte *)(psVar14 + 1) & 0x20) == 0) {
+ sVar20 = psVar14[0x24];
+ }
+ *(short *)(lVar15 + 0x34) = sVar20;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_20;
+ }
+ SetFailureLocation(param_7,1,0xe,uVar9,0x176);
+ puVar22 = &local_88;
+ }
+ else {
+ uVar26 = CONCAT44(uVar13,0x172);
+LAB_21:
+ uVar9 = 0xc000014c;
+LAB_22:
+ SetFailureLocation(param_7,0,0xe,uVar9,uVar26);
+ puVar22 = &local_88;
+ }
+ goto LAB_18;
+ }
+LAB_20:
+ uVar25 = local_68;
+ if (*(uint *)(lVar15 + 0x38) < local_68) {
+ bVar4 = 1;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = CONCAT44(uVar13,0x178);
+ goto LAB_21;
+ }
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x17a);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_4,0);
+ if (-1 < (int)uVar9) {
+ *(uint *)(lVar15 + 0x38) = uVar25;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_23;
+ }
+ uVar26 = 0x17c;
+ goto LAB_22;
+ }
+LAB_23:
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_88);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ } while ((*(byte *)(psVar14 + 1) & 0xe) == 0);
+ uVar9 = 0xc000014c;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = CONCAT44(uVar13,0x1a0);
+ goto LAB_2;
+ }
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x180);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) goto LAB_24;
+ uVar7 = 0xfff1;
+ } while( true );
+ }
+ uVar26 = 0x1d0;
}
else {
- HvpReleaseCellFlat();
- }
- uVar10 = 0xc000014c;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x98);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- *(byte *)((longlong)psVar14 + 0xd) = *(byte *)((longlong)psVar14 + 0xd) | 3;
-LAB_6:
- bVar8 = 1;
- bVar6 = 1;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- goto LAB_5;
+ uVar26 = CONCAT44(uVar13,0x1e0);
+ }
+ }
+ else {
+ if (iVar11 == -1) {
+ bVar4 = 1;
+ bVar6 = 1;
+ uVar9 = 0xc000014c;
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x9b);
+ SetFailureLocation(param_7,0,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ local_68 = 0;
+ psVar14[0x25] = 0;
+ goto LAB_9;
+ }
+ uVar26 = 0x9f;
}
- uVar28 = 0x9a;
+ else {
+ uVar26 = CONCAT44(uVar13,0x9d);
+ }
+ goto LAB_2;
+ }
+ if ((*local_48 & 3) == 1) {
+ uVar26 = CONCAT44(uVar13,0x9e);
+LAB_25:
+ SetFailureLocation(param_7,1,0xe,0xc000014c,uVar26);
+ uVar13 = (undefined4)((ulonglong)uVar26 >> 0x20);
}
else {
- uVar28 = CONCAT44(uVar13,0x9c);
- }
- }
- else {
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_88);
- }
- else {
- HvpReleaseCellFlat();
- }
-LAB_5:
- local_48 = (byte *)((longlong)psVar14 + 0xd);
- local_40 = *(uint *)(psVar14 + 0x12);
- iVar11 = *(int *)(psVar14 + 0x18);
- iVar4 = *(int *)(psVar14 + 0x16);
- local_3c = *(undefined4 *)(psVar14 + 0x14);
- local_68 = (uint)(ushort)psVar14[0x25];
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (local_68 == 0) {
- if (iVar11 != -1) {
- bVar6 = 1;
- bVar8 = 1;
- uVar10 = 0xc000014c;
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- uVar28 = CONCAT44(uVar13,0xe4);
- goto LAB_7;
- }
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0xe8);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0xec;
- uVar23 = 1;
- goto LAB_8;
- }
- *(undefined4 *)(psVar14 + 0x18) = 0xffffffff;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- }
-LAB_9:
+ cVar5 = HvIsCellAllocated(param_1,iVar11,param_6);
uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (iVar4 == -1) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x100);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- goto LAB_10;
- }
- if (param_4 != -1) {
- if ((uVar9 == 0) &&
- (((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)) && (param_5 != '\0'))))
- goto LAB_10;
- if (param_4 != -1) goto LAB_11;
- }
- if ((psVar14[1] & 0x50U) != 0) {
- uVar28 = CONCAT44(uVar13,0x1b0);
- goto LAB_1;
- }
- if ((psVar14[1] & 2U) != 0) {
- bVar6 = 1;
- uVar10 = 0xc000014c;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x1c0);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- psVar14[1] = psVar14[1] & 0xfffd;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- goto LAB_12;
- }
- uVar28 = 0x1d0;
- }
- else {
- uVar28 = CONCAT44(uVar13,0x1e0);
- }
- goto LAB_7;
- }
-LAB_12:
- while( true ) {
- local_50[0] = 0;
- cVar7 = CmpFindSecurityCellCacheIndex
- (param_1,*(undefined4 *)(psVar14 + 0x16),local_50);
- uVar13 = local_3c;
- uVar12 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (cVar7 != '\0') break;
- in_stack_ffffffffffffff28 = CONCAT44(uVar12,0x1f0);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
-LAB_10:
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- SetFailureLocation(param_7,0,0xe,0xc000014c,0x130);
- uVar10 = 0xc000014c;
- goto LAB_13;
- }
- local_90 = 0xffffffff;
- local_80 = 0xffffffff;
- local_7c = 0;
- if (param_4 == -1) {
- uVar28 = 0x110;
- goto LAB_1;
- }
+ if (cVar5 != '\0') {
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar15 = HvpGetCellPaged(param_1,param_4,&local_90);
- }
- else {
- lVar15 = HvpGetCellFlat();
- }
- if (lVar15 == 0) {
- uVar10 = 0xc000009a;
- uVar28 = 0x114;
- goto LAB_7;
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar16 = HvpGetCellPaged(param_1,*(undefined4 *)(lVar15 + 0x2c),&local_80);
- }
- else {
- lVar16 = HvpGetCellFlat();
- }
- if (lVar16 == 0) {
- uVar10 = 0xc000009a;
- SetFailureLocation(param_7,0,0xe,0xc000009a,0x118);
- plVar24 = &local_90;
- goto LAB_14;
- }
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x11c;
-LAB_15:
- SetFailureLocation(param_7,0,0xe,uVar10,uVar28);
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_80);
- plVar24 = &local_90;
- }
- else {
- HvpReleaseCellFlat();
- plVar24 = &local_90;
- }
- goto LAB_14;
- }
- uVar10 = HvMarkCellDirty(param_1,*(undefined4 *)(lVar15 + 0x2c),0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x120;
- goto LAB_15;
- }
- *(undefined4 *)(psVar14 + 0x16) = *(undefined4 *)(lVar15 + 0x2c);
- *(int *)(lVar16 + 0xc) = *(int *)(lVar16 + 0xc) + 1;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_80);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_90);
- }
- else {
- HvpReleaseCellFlat();
- }
- bVar8 = 1;
-LAB_11:
- bVar6 = bVar8;
- if (*(int *)(psVar14 + 8) != param_4) {
- bVar6 = 1;
- uVar10 = 0xc000014c;
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- uVar28 = CONCAT44(uVar13,0x160);
- goto LAB_7;
- }
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x140);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x150;
- goto LAB_7;
- }
- *(int *)(psVar14 + 8) = param_4;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar15 = HvpGetCellPaged(param_1,param_4,&local_88);
+ lVar15 = HvpGetCellPaged(param_1,iVar11,&local_58);
}
else {
lVar15 = HvpGetCellFlat();
}
uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
if (lVar15 == 0) {
- uVar10 = 0xc000009a;
- uVar28 = CONCAT44(uVar13,0x170);
- goto LAB_7;
+ uVar9 = 0xc000009a;
+ uVar26 = 0xd0;
+ goto LAB_2;
}
- uVar21 = psVar14[0x24] * 2;
- if ((*(byte *)(psVar14 + 1) & 0x20) == 0) {
- uVar21 = psVar14[0x24];
- }
- if ((*(uint *)(lVar15 + 0x34) & 0xffff) < (uint)uVar21) {
- bVar6 = 1;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x174);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_4,0);
- if (-1 < (int)uVar10) {
- sVar22 = psVar14[0x24] * 2;
- if ((*(byte *)(psVar14 + 1) & 0x20) == 0) {
- sVar22 = psVar14[0x24];
- }
- *(short *)(lVar15 + 0x34) = sVar22;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- goto LAB_16;
- }
- uVar28 = 0x176;
- uVar23 = 1;
- }
- else {
- uVar28 = CONCAT44(uVar13,0x172);
-LAB_17:
- uVar10 = 0xc000014c;
-LAB_18:
- uVar23 = 0;
- }
- SetFailureLocation(param_7,uVar23,0xe,uVar10,uVar28);
- plVar24 = &local_88;
- goto LAB_14;
- }
-LAB_16:
- uVar26 = local_68;
- if (*(uint *)(lVar15 + 0x38) < local_68) {
- bVar6 = 1;
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- uVar28 = CONCAT44(uVar13,0x178);
- goto LAB_17;
- }
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x17a);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_4,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x17c;
- goto LAB_18;
- }
- *(uint *)(lVar15 + 0x38) = uVar26;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_88);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(psVar14 + 1) & 0xe) != 0) {
- bVar6 = 1;
- uVar10 = 0xc000014c;
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- uVar28 = CONCAT44(uVar13,0x1a0);
- goto LAB_7;
- }
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x180);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 400;
- goto LAB_7;
- }
- psVar14[1] = psVar14[1] & 0xfff1;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- }
- }
- piVar1 = (int *)(*(longlong *)
- (*(longlong *)(param_1 + 0x760) + 8 + (ulonglong)local_50[0] * 0x10)
- + 0x1c);
- *piVar1 = *piVar1 + 1;
- if ((*(byte *)(psVar14 + 1) & 0x40) != 0) {
- uVar10 = 0xc000014c;
- bVar6 = 1;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- psVar14[1] = psVar14[1] & 0xffbf;
- *(undefined4 *)(psVar14 + 0x14) = 0xffffffff;
- *(undefined4 *)(psVar14 + 0x12) = 0;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
-LAB_19:
- psVar14 = (short *)0x0;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_60);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar15 = HvpGetCellPaged(param_1,param_3,&local_60);
- }
- else {
- lVar15 = HvpGetCellFlat();
- }
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (lVar15 == 0) {
- uVar28 = CONCAT44(uVar13,0x2b0);
- local_90 = 0;
-LAB_0:
- SetFailureLocation(param_7,0,0xe,0xc000009a,uVar28);
- return 0xc000009a;
- }
- if (param_7 != 0) {
- *(longlong *)(param_7 + 0xf8) = lVar15;
- }
- psVar18 = local_98;
- local_90 = lVar15;
- if (param_3 < 0) {
- if (*(int *)(lVar15 + 0x14) != 0) {
- uVar28 = CONCAT44(uVar13,0x2c0);
- goto LAB_1;
- }
-LAB_20:
- psVar14 = psVar18;
- if ((*(int *)(lVar15 + 0x20) == -1) && (*(int *)(lVar15 + 0x18) == 0)) {
- bVar5 = false;
- }
- else {
- bVar5 = true;
- }
- if (((param_2 >> 0x12 & 1) == 0) || (!bVar5)) {
- bVar8 = (byte)(param_2 >> 1) & 1;
- if (((param_2 & 0xd) != 0) && (bVar5)) {
- bVar8 = 1;
- }
- if ((((param_2 & 8) != 0) && (*(uint *)(param_1 + 0xdc) < 4)) ||
- (bVar8 != 0)) {
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = CONCAT44(uVar13,0x420);
- goto LAB_21;
- }
- *(undefined4 *)(lVar15 + 0x18) = 0;
- if (((param_2 & 4) == 0) || (*(uint *)(param_1 + 0xdc) < 4)) {
- uVar13 = 0xffffffff;
- }
- else {
- uVar13 = 0xbaadf00d;
- }
- *(undefined4 *)(lVar15 + 0x20) = uVar13;
- }
- uVar10 = -(uint)bVar6 & 0x8000002a;
- }
- else {
- uVar10 = 0xc000014c;
-LAB_22:
- uVar28 = CONCAT44(uVar13,0x410);
-LAB_21:
- SetFailureLocation(param_7,0,0xe,uVar10,uVar28);
- }
- if (psVar14 == (short *)0x0) goto LAB_13;
- }
- else {
- if (*(int *)(lVar15 + 0x14) == 0) goto LAB_20;
- puVar2 = (undefined4 *)(lVar15 + 0x1c);
- if ((*(byte *)(lVar15 + 0xd) & 3) == 1) {
- uVar10 = 0xc000014c;
- uVar12 = 0x2c8;
- psVar14 = local_98;
-LAB_23:
- bVar6 = 1;
- uVar28 = CONCAT44(uVar13,uVar12);
- SetFailureLocation(param_7,1,0xe,uVar10,uVar28);
- uVar13 = (undefined4)((ulonglong)uVar28 >> 0x20);
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- uVar28 = CONCAT44(uVar13,0x3f0);
- SetFailureLocation(param_7,1,0xe,uVar10,uVar28);
- uVar13 = (undefined4)((ulonglong)uVar28 >> 0x20);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- *(undefined4 *)(lVar15 + 0x14) = 0;
- *puVar2 = 0xffffffff;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- psVar18 = psVar14;
- goto LAB_20;
- }
- uVar28 = CONCAT44(uVar13,0x400);
- goto LAB_21;
- }
- goto LAB_22;
- }
- cVar7 = HvIsCellAllocated(param_1,*puVar2,param_6);
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (cVar7 == '\0') {
- uVar10 = 0xc000014c;
- uVar12 = 0x2d0;
- psVar14 = local_98;
- goto LAB_23;
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- psVar18 = (short *)HvpGetCellPaged(param_1,*puVar2,&local_a0);
- }
- else {
- psVar18 = (short *)HvpGetCellFlat();
- }
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- local_98 = psVar18;
- if (psVar18 == (short *)0x0) {
- uVar10 = 0xc000009a;
- uVar28 = CONCAT44(uVar13,0x2e0);
- goto LAB_7;
- }
- uVar25 = (ulonglong)(-*(int *)(psVar18 + -2) - 4U);
- if (-*(int *)(psVar18 + -2) - 4U < 8) {
-LAB_24:
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- uVar12 = 0x2f0;
- goto LAB_23;
- }
- uVar10 = (uint)(ushort)psVar18[1];
- iVar11 = CmpGetIndexElementSize(psVar18);
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((ulonglong)(iVar11 * uVar10) + 4 < 4) goto LAB_24;
- iVar11 = CmpGetIndexElementSize(psVar18);
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if ((uVar25 & 0xffffffff) < (ulonglong)(iVar11 * uVar10) + 4)
- goto LAB_24;
- if ((short)uVar10 == 0) {
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- uVar12 = 0x310;
- }
- else {
- HvpReleaseCellFlat();
- uVar12 = 0x310;
- }
- goto LAB_23;
- }
- if (param_7 != 0) {
- *(short **)(param_7 + 0x100) = psVar18;
- }
- sVar22 = *psVar18;
- if ((((sVar22 != 0x696c) && (sVar22 != 0x666c)) && (sVar22 != 0x686c)) &&
- (sVar22 != 0x6972)) {
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- uVar12 = 0x3e0;
- }
- else {
- HvpReleaseCellFlat();
- uVar12 = 0x3e0;
- }
- goto LAB_23;
- }
- if (sVar22 == 0x6972) {
- uVar10 = 0;
- psVar27 = psVar14;
- if (psVar18[1] != 0) {
- do {
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (param_7 != 0) {
- *(int *)(param_7 + 0x108) = (int)psVar14;
- }
- cVar7 = HvIsCellAllocated(param_1,*(undefined4 *)
- (psVar18 + (longlong)psVar14 * 2 + 2)
- ,param_6);
- if (cVar7 == '\0') {
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- local_98 = (short *)0x0;
- uVar12 = 0x350;
- psVar14 = (short *)0x0;
- lVar15 = local_90;
- goto LAB_23;
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- psVar19 = (short *)HvpGetCellPaged(param_1,*(undefined4 *)
- (psVar18 +
- (longlong)psVar14 * 2 + 2)
- ,&local_70);
- }
- else {
- psVar19 = (short *)HvpGetCellFlat();
- }
- if (psVar19 == (short *)0x0) {
- uVar10 = 0xc000009a;
- SetFailureLocation(param_7,0,0xe,0xc000009a,CONCAT44(uVar13,0x360));
- goto LAB_25;
- }
- uVar25 = (ulonglong)(-*(int *)(psVar19 + -2) - 4U);
- if (-*(int *)(psVar19 + -2) - 4U < 8) {
-LAB_26:
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_70);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- local_98 = (short *)0x0;
- uVar12 = 0x370;
- psVar14 = (short *)0x0;
- lVar15 = local_90;
- goto LAB_23;
- }
- uVar10 = (uint)(ushort)psVar19[1];
- iVar11 = CmpGetIndexElementSize(psVar19);
- if (((ulonglong)(iVar11 * uVar10) + 4 < 4) ||
- (iVar11 = CmpGetIndexElementSize(psVar19),
- (uVar25 & 0xffffffff) < (ulonglong)(iVar11 * uVar10) + 4))
- goto LAB_26;
- if ((short)uVar10 == 0) {
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_70);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- local_98 = (short *)0x0;
- uVar12 = 0x390;
- psVar14 = (short *)0x0;
- lVar15 = local_90;
- goto LAB_23;
- }
- if (((*psVar19 + 0x9994U & 0xfcff) != 0) || (*psVar19 == 0x676c)) {
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_70);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- local_98 = (short *)0x0;
- uVar12 = 0x3b0;
- psVar14 = (short *)0x0;
- lVar15 = local_90;
- goto LAB_23;
- }
- in_stack_ffffffffffffff28 = param_7;
- uVar10 = CmpCheckLeaf(param_1,param_2,psVar19,
- *(undefined4 *)
- (psVar18 + (longlong)psVar14 * 2 + 2),param_7);
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (uVar10 == 0x8000002a) {
- bVar6 = 1;
- }
- else if ((int)uVar10 < 0) {
- if (uVar10 != 0xc000014c) goto LAB_25;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_70);
- }
- else {
- HvpReleaseCellFlat();
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- local_98 = (short *)0x0;
- uVar12 = 0x3b8;
- psVar14 = (short *)0x0;
- lVar15 = local_90;
- goto LAB_23;
- }
- uVar10 = (int)psVar27 + (uint)(ushort)psVar19[1];
- psVar27 = (short *)(ulonglong)uVar10;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_70);
- }
- else {
- HvpReleaseCellFlat();
- }
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- uVar26 = (int)psVar14 + 1;
- psVar14 = (short *)(ulonglong)uVar26;
- psVar18 = local_98;
- } while (uVar26 < (ushort)local_98[1]);
- }
- lVar15 = local_90;
- if (*(uint *)(local_90 + 0x14) == uVar10) goto LAB_27;
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- }
- else {
- HvpReleaseCellFlat();
- }
- local_98 = (short *)0x0;
- uVar12 = 0x3c0;
- psVar14 = (short *)0x0;
- lVar15 = local_90;
- goto LAB_23;
- }
- if ((uint)(ushort)psVar18[1] != *(uint *)(lVar15 + 0x14)) {
- uVar10 = 0xc000014c;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- uVar12 = 0x330;
- }
- else {
- HvpReleaseCellFlat();
- uVar12 = 0x330;
- }
- goto LAB_23;
- }
- uVar25 = param_7;
- uVar10 = CmpCheckLeaf(param_1,param_2,psVar18,*puVar2,param_7);
- uVar13 = (undefined4)(uVar25 >> 0x20);
- if (uVar10 == 0x8000002a) {
- bVar6 = 1;
-LAB_27:
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_a0);
- psVar18 = (short *)0x0;
- }
- else {
- HvpReleaseCellFlat();
- psVar18 = (short *)0x0;
- }
- goto LAB_20;
- }
- if (-1 < (int)uVar10) goto LAB_27;
- if (uVar10 == 0xc000014c) {
- uVar12 = 0x340;
- psVar14 = local_98;
- goto LAB_23;
- }
- }
-LAB_25:
- plVar24 = &local_a0;
-LAB_14:
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,plVar24);
- }
- else {
- HvpReleaseCellFlat();
- }
- goto LAB_13;
- }
- uVar28 = 0x28c;
- }
- else {
- uVar28 = CONCAT44(uVar12,0x288);
- }
- goto LAB_7;
- }
- uVar25 = (ulonglong)local_40;
- if (local_40 == 0) goto LAB_28;
- if ((*local_48 & 3) == 1) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar12,0x1f8);
-LAB_29:
- uVar10 = 0xc000014c;
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- }
- else {
- cVar7 = HvIsCellAllocated(param_1,local_3c,param_6);
- if (cVar7 == '\0') {
- in_stack_ffffffffffffff28 = CONCAT44(uVar12,0x200);
- goto LAB_29;
- }
- local_80 = 0xffffffff;
- local_7c = 0;
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar15 = HvpGetCellPaged(param_1,uVar13,&local_80);
- }
- else {
- lVar15 = HvpGetCellFlat();
- }
- if (lVar15 == 0) {
- uVar10 = 0xc000009a;
- uVar28 = CONCAT44(uVar12,0x210);
- goto LAB_7;
- }
- uVar17 = uVar25 << 2;
- if ((uVar17 < 0x100000000) && ((uint)uVar17 <= -*(int *)(lVar15 + -4) - 4U)) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar12,param_3);
- uVar10 = CmpCheckValueList(param_1,*(byte *)(psVar14 + 1) >> 4 & 1,lVar15,uVar25,
- in_stack_ffffffffffffff28,param_2,param_6,param_7,
- &local_78,&local_74);
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_80);
- }
- else {
- HvpReleaseCellFlat();
- }
- if (uVar10 == 0x8000002a) {
- bVar6 = 1;
- goto LAB_28;
- }
- if (-1 < (int)uVar10) goto LAB_28;
- if (uVar10 != 0xc000014c) goto LAB_13;
- if (param_7 != 0) {
- *(longlong *)(param_7 + 0xf8) = lVar15;
- }
- in_stack_ffffffffffffff28 =
- CONCAT44((int)(in_stack_ffffffffffffff28 >> 0x20),0x230);
- }
- else {
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_80);
- }
- else {
- HvpReleaseCellFlat();
- }
- uVar10 = 0xc000014c;
- in_stack_ffffffffffffff28 = CONCAT44(uVar12,0x220);
- }
- SetFailureLocation(param_7,1,0xe,uVar10,in_stack_ffffffffffffff28);
- }
- while ((bVar6 = 1, uVar9 == 0 && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))))
- {
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x240;
- goto LAB_7;
- }
- *(undefined4 *)(psVar14 + 0x14) = 0xffffffff;
- *(undefined4 *)(psVar14 + 0x12) = 0;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
-LAB_28:
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (*(int *)(psVar14 + 0x12) != 0) {
-LAB_30:
- if (*(uint *)(psVar14 + 0x1e) < local_78) {
- uVar10 = 0xc000014c;
- bVar6 = 1;
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- uVar28 = CONCAT44(uVar13,0x262);
- goto LAB_7;
- }
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x264;
- goto LAB_7;
- }
- *(uint *)(psVar14 + 0x1e) = local_78;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- }
- if (*(uint *)(psVar14 + 0x20) < local_74) {
- uVar10 = 0xc000014c;
- bVar6 = 1;
- if ((uVar9 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
- uVar28 = 0x266;
- goto LAB_7;
- }
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if ((int)uVar10 < 0) {
- uVar28 = 0x268;
- goto LAB_7;
- }
- *(uint *)(psVar14 + 0x20) = local_74;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- }
- else if (uVar9 != 0) goto LAB_19;
- if ((*(uint *)(psVar14 + 0x1e) != local_78) &&
- (iVar11 = HvMarkCellDirty(param_1,param_3,0), -1 < iVar11)) {
- *(uint *)(psVar14 + 0x1e) = local_78;
- }
- if ((*(uint *)(psVar14 + 0x20) != local_74) &&
- (iVar11 = HvMarkCellDirty(param_1,param_3,0), -1 < iVar11)) {
- *(uint *)(psVar14 + 0x20) = local_74;
- }
- goto LAB_19;
- }
- if (*(int *)(psVar14 + 0x14) == -1) {
- local_78 = 0;
- local_74 = 0;
- goto LAB_30;
- }
- uVar10 = 0xc000014c;
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x260);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- }
- uVar28 = 0x250;
- }
- else {
- if (iVar11 == -1) {
- bVar6 = 1;
- bVar8 = 1;
- uVar10 = 0xc000014c;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x9b);
- SetFailureLocation(param_7,0,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- local_68 = 0;
- psVar14[0x25] = 0;
- goto LAB_9;
- }
- uVar28 = 0x9f;
- }
- else {
- uVar28 = CONCAT44(uVar13,0x9d);
- }
- goto LAB_7;
- }
- if ((*local_48 & 3) == 1) {
- uVar28 = CONCAT44(uVar13,0x9e);
-LAB_31:
- SetFailureLocation(param_7,1,0xe,0xc000014c,uVar28);
- uVar13 = (undefined4)((ulonglong)uVar28 >> 0x20);
- }
- else {
- cVar7 = HvIsCellAllocated(param_1,iVar11,param_6);
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (cVar7 != '\0') {
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar15 = HvpGetCellPaged(param_1,iVar11,&local_58);
- }
- else {
- lVar15 = HvpGetCellFlat();
- }
- uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
- if (lVar15 == 0) {
- uVar10 = 0xc000009a;
- uVar28 = CONCAT44(uVar13,0xd0);
- goto LAB_7;
- }
- bVar20 = *(byte *)(param_1 + 0x8c) & 1;
- if (local_68 <= -*(int *)(lVar15 + -4) - 4U) {
- if (bVar20 == 0) {
- HvpReleaseCellPaged(param_1,&local_58);
- }
- else {
- HvpReleaseCellFlat();
- }
- goto LAB_9;
- }
- if (bVar20 == 0) {
+ bVar19 = *(byte *)(param_1 + 0x8c) & 1;
+ if (local_68 <= -*(int *)(lVar15 + -4) - 4U) {
+ if (bVar19 == 0) {
HvpReleaseCellPaged(param_1,&local_58);
}
else {
HvpReleaseCellFlat();
}
- uVar28 = CONCAT44(uVar13,0xe0);
- goto LAB_31;
- }
- }
- bVar8 = 1;
- bVar6 = 1;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0xa0);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- *(undefined4 *)(psVar14 + 0x18) = 0xffffffff;
- psVar14[0x25] = 0;
- local_68 = 0;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
goto LAB_9;
}
- uVar28 = 0xb0;
+ if (bVar19 == 0) {
+ HvpReleaseCellPaged(param_1,&local_58);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ uVar26 = CONCAT44(uVar13,0xe0);
+ goto LAB_25;
}
- else {
- uVar28 = CONCAT44(uVar13,0xc0);
- uVar10 = 0xc000014c;
+ }
+ bVar6 = 1;
+ bVar4 = 1;
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0xa0);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ *(undefined4 *)(psVar14 + 0x18) = 0xffffffff;
+ psVar14[0x25] = 0;
+ local_68 = 0;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_9;
}
+ uVar26 = 0xb0;
+ }
+ else {
+ uVar26 = CONCAT44(uVar13,0xc0);
+ uVar9 = 0xc000014c;
}
}
}
}
- goto LAB_7;
- }
- bVar8 = 1;
- bVar6 = 1;
- if ((uVar9 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
- in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x70);
- SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
- uVar10 = HvMarkCellDirty(param_1,param_3,0);
- if (-1 < (int)uVar10) {
- *psVar14 = 0x6b6e;
- puVar3 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
- *puVar3 = *puVar3 | 4;
- goto LAB_3;
- }
- uVar28 = 0x80;
- goto LAB_7;
- }
- uVar28 = CONCAT44(uVar13,0x90);
- uVar10 = 0xc000014c;
- }
- else {
- uVar28 = CONCAT44(uVar13,0x20);
-LAB_1:
- uVar10 = 0xc000014c;
-LAB_7:
- uVar23 = 0;
- }
-LAB_8:
- SetFailureLocation(param_7,uVar23,0xe,uVar10,uVar28);
-LAB_13:
+ }
+ goto LAB_2;
+ }
+ bVar6 = 1;
+ bVar4 = 1;
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x70);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x80;
+ goto LAB_2;
+ }
+ *psVar14 = 0x6b6e;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_4;
+ }
+ uVar26 = CONCAT44(uVar13,0x90);
+ uVar21 = 1;
+ uVar9 = 0xc000014c;
+ goto LAB_8;
+LAB_16:
+ bVar4 = 1;
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) goto LAB_26;
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x240;
+ goto LAB_2;
+ }
+ *(undefined4 *)(psVar14 + 0x14) = 0xffffffff;
+ *(undefined4 *)(psVar14 + 0x12) = 0;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+LAB_15:
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (*(int *)(psVar14 + 0x12) == 0) {
+ if (*(int *)(psVar14 + 0x14) == -1) {
+ local_80 = 0;
+ local_7c = 0;
+ goto LAB_27;
+ }
+ uVar9 = 0xc000014c;
+ in_stack_ffffffffffffff28 = CONCAT44(uVar13,0x260);
+ SetFailureLocation(param_7,1,0xe,0xc000014c,in_stack_ffffffffffffff28);
+ goto LAB_16;
+ }
+LAB_27:
+ if (*(uint *)(psVar14 + 0x1e) < local_80) {
+ uVar9 = 0xc000014c;
+ bVar4 = 1;
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = CONCAT44(uVar13,0x262);
+ goto LAB_2;
+ }
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x264;
+ goto LAB_2;
+ }
+ *(uint *)(psVar14 + 0x1e) = local_80;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ }
+ if (*(uint *)(psVar14 + 0x20) < local_7c) {
+ uVar9 = 0xc000014c;
+ bVar4 = 1;
+ if ((uVar8 != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0)))) {
+ uVar26 = 0x266;
+ goto LAB_2;
+ }
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = 0x268;
+ goto LAB_2;
+ }
+ *(uint *)(psVar14 + 0x20) = local_7c;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ }
+ else if (uVar8 != 0) goto LAB_14;
+ if ((*(uint *)(psVar14 + 0x1e) != local_80) &&
+ (iVar11 = HvMarkCellDirty(param_1,param_3,0), -1 < iVar11)) {
+ *(uint *)(psVar14 + 0x1e) = local_80;
+ }
+ if ((*(uint *)(psVar14 + 0x20) != local_7c) &&
+ (iVar11 = HvMarkCellDirty(param_1,param_3,0), -1 < iVar11)) {
+ *(uint *)(psVar14 + 0x20) = local_7c;
+ }
+LAB_14:
+ uVar23 = 0;
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
HvpReleaseCellPaged(param_1,&local_60);
}
else {
HvpReleaseCellFlat();
}
- return uVar10;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ lVar15 = HvpGetCellPaged(param_1,param_3,&local_60);
+ }
+ else {
+ lVar15 = HvpGetCellFlat();
+ }
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (lVar15 == 0) {
+ uVar26 = CONCAT44(uVar13,0x2b0);
+ local_a0 = 0;
+LAB_0:
+ SetFailureLocation(param_7,0,0xe,0xc000009a,uVar26);
+ return 0xc000009a;
+ }
+ if (param_7 != 0) {
+ *(longlong *)(param_7 + 0xf8) = lVar15;
+ }
+ psVar14 = local_90;
+ local_a0 = lVar15;
+ if (param_3 < 0) {
+ if (*(int *)(lVar15 + 0x14) != 0) {
+ uVar26 = CONCAT44(uVar13,0x2c0);
+ goto LAB_1;
+ }
+LAB_28:
+ if ((*(int *)(lVar15 + 0x20) == -1) && (*(int *)(lVar15 + 0x18) == 0)) {
+ bVar3 = false;
+ }
+ else {
+ bVar3 = true;
+ }
+ if (((param_2 >> 0x12 & 1) == 0) || (!bVar3)) {
+ bVar6 = (byte)(param_2 >> 1) & 1;
+ if (((param_2 & 0xd) != 0) && (bVar3)) {
+ bVar6 = 1;
+ }
+ if ((((param_2 & 8) != 0) && (*(uint *)(param_1 + 0xdc) < 4)) || (bVar6 != 0)) {
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if ((int)uVar9 < 0) {
+ uVar26 = CONCAT44(uVar13,0x420);
+ goto LAB_29;
+ }
+ *(undefined4 *)(lVar15 + 0x18) = 0;
+ if (((param_2 & 4) == 0) || (*(uint *)(param_1 + 0xdc) < 4)) {
+ uVar13 = 0xffffffff;
+ }
+ else {
+ uVar13 = 0xbaadf00d;
+ }
+ *(undefined4 *)(lVar15 + 0x20) = uVar13;
+ }
+ uVar9 = -(uint)bVar4 & 0x8000002a;
+ }
+ else {
+ uVar9 = 0xc000014c;
+LAB_30:
+ uVar26 = CONCAT44(uVar13,0x410);
+LAB_29:
+ SetFailureLocation(param_7,0,0xe,uVar9,uVar26);
+ }
+ if (psVar14 == (short *)0x0) goto LAB_17;
+ }
+ else {
+ if (*(int *)(lVar15 + 0x14) == 0) goto LAB_28;
+ puVar22 = (undefined4 *)(lVar15 + 0x1c);
+ if ((*(byte *)(lVar15 + 0xd) & 3) == 1) {
+ uVar9 = 0xc000014c;
+ uVar12 = 0x2c8;
+LAB_31:
+ bVar4 = 1;
+ uVar26 = CONCAT44(uVar13,uVar12);
+ SetFailureLocation(param_7,1,0xe,uVar9,uVar26);
+ uVar13 = (undefined4)((ulonglong)uVar26 >> 0x20);
+ if ((uVar8 == 0) && ((CmpSelfHeal != '\0' || ((CmpBootType & 6) != 0)))) {
+ uVar26 = CONCAT44(uVar13,0x3f0);
+ SetFailureLocation(param_7,1,0xe,uVar9,uVar26);
+ uVar13 = (undefined4)((ulonglong)uVar26 >> 0x20);
+ uVar9 = HvMarkCellDirty(param_1,param_3,0);
+ if (-1 < (int)uVar9) {
+ *(undefined4 *)(lVar15 + 0x14) = 0;
+ *puVar22 = 0xffffffff;
+ puVar1 = (uint *)(*(longlong *)(param_1 + 0x40) + 0xff8);
+ *puVar1 = *puVar1 | 4;
+ goto LAB_28;
+ }
+ uVar26 = CONCAT44(uVar13,0x400);
+ goto LAB_29;
+ }
+ goto LAB_30;
+ }
+ cVar5 = HvIsCellAllocated(param_1,*puVar22,param_6);
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (cVar5 == '\0') {
+ uVar9 = 0xc000014c;
+ uVar12 = 0x2d0;
+ psVar14 = local_90;
+ goto LAB_31;
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ psVar14 = (short *)HvpGetCellPaged(param_1,*puVar22,&local_98);
+ }
+ else {
+ psVar14 = (short *)HvpGetCellFlat();
+ }
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ local_90 = psVar14;
+ if (psVar14 == (short *)0x0) {
+ uVar9 = 0xc000009a;
+ uVar26 = 0x2e0;
+ goto LAB_2;
+ }
+ uVar17 = (ulonglong)(-*(int *)(psVar14 + -2) - 4U);
+ if (-*(int *)(psVar14 + -2) - 4U < 8) {
+LAB_32:
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ psVar14 = (short *)0x0;
+ uVar12 = 0x2f0;
+ goto LAB_31;
+ }
+ uVar9 = (uint)(ushort)psVar14[1];
+ iVar11 = CmpGetIndexElementSize(psVar14);
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((ulonglong)(iVar11 * uVar9) + 4 < 4) goto LAB_32;
+ iVar11 = CmpGetIndexElementSize(psVar14);
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if ((uVar17 & 0xffffffff) < (ulonglong)(iVar11 * uVar9) + 4) goto LAB_32;
+ if ((short)uVar9 == 0) {
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x310;
+ psVar14 = (short *)0x0;
+ goto LAB_31;
+ }
+ if (param_7 != 0) {
+ *(short **)(param_7 + 0x100) = psVar14;
+ }
+ sVar20 = *psVar14;
+ if ((((sVar20 != 0x696c) && (sVar20 != 0x666c)) && (sVar20 != 0x686c)) && (sVar20 != 0x6972)) {
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x3e0;
+ psVar14 = (short *)0x0;
+ goto LAB_31;
+ }
+ if (sVar20 == 0x6972) {
+ uVar9 = 0;
+ uVar17 = uVar23;
+ if (psVar14[1] != 0) {
+ do {
+ psVar14 = local_90;
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (param_7 != 0) {
+ *(int *)(param_7 + 0x108) = (int)uVar23;
+ }
+ cVar5 = HvIsCellAllocated(param_1,*(undefined4 *)(local_90 + uVar23 * 2 + 2),param_6);
+ if (cVar5 == '\0') {
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x350;
+ psVar14 = (short *)0x0;
+ lVar15 = local_a0;
+ goto LAB_31;
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ psVar18 = (short *)HvpGetCellPaged(param_1,*(undefined4 *)(psVar14 + uVar23 * 2 + 2),
+ &local_78);
+ }
+ else {
+ psVar18 = (short *)HvpGetCellFlat();
+ }
+ if (psVar18 == (short *)0x0) {
+ uVar9 = 0xc000009a;
+ SetFailureLocation(param_7,0,0xe,0xc000009a,CONCAT44(uVar13,0x360));
+ goto LAB_33;
+ }
+ uVar24 = (ulonglong)(-*(int *)(psVar18 + -2) - 4U);
+ if (-*(int *)(psVar18 + -2) - 4U < 8) {
+LAB_34:
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_78);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x370;
+ psVar14 = (short *)0x0;
+ lVar15 = local_a0;
+ goto LAB_31;
+ }
+ uVar9 = (uint)(ushort)psVar18[1];
+ iVar11 = CmpGetIndexElementSize(psVar18);
+ if (((ulonglong)(iVar11 * uVar9) + 4 < 4) ||
+ (iVar11 = CmpGetIndexElementSize(psVar18),
+ (uVar24 & 0xffffffff) < (ulonglong)(iVar11 * uVar9) + 4)) goto LAB_34;
+ if ((short)uVar9 == 0) {
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_78);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x390;
+ psVar14 = (short *)0x0;
+ lVar15 = local_a0;
+ goto LAB_31;
+ }
+ if (((*psVar18 + 0x9994U & 0xfcff) != 0) || (*psVar18 == 0x676c)) {
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_78);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x3b0;
+ psVar14 = (short *)0x0;
+ lVar15 = local_a0;
+ goto LAB_31;
+ }
+ in_stack_ffffffffffffff28 = param_7;
+ uVar9 = CmpCheckLeaf(param_1,param_2,psVar18,*(undefined4 *)(psVar14 + uVar23 * 2 + 2),
+ param_7);
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ if (uVar9 == 0x8000002a) {
+ bVar4 = 1;
+ }
+ else if ((int)uVar9 < 0) {
+ if (uVar9 != 0xc000014c) goto LAB_33;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_78);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x3b8;
+ psVar14 = (short *)0x0;
+ lVar15 = local_a0;
+ goto LAB_31;
+ }
+ uVar9 = (int)uVar17 + (uint)(ushort)psVar18[1];
+ uVar17 = (ulonglong)uVar9;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_78);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ uVar13 = (undefined4)(in_stack_ffffffffffffff28 >> 0x20);
+ uVar25 = (int)uVar23 + 1;
+ uVar23 = (ulonglong)uVar25;
+ } while (uVar25 < (ushort)local_90[1]);
+ }
+ lVar15 = local_a0;
+ if (*(uint *)(local_a0 + 0x14) == uVar9) goto LAB_35;
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x3c0;
+ psVar14 = (short *)0x0;
+ lVar15 = local_a0;
+ goto LAB_31;
+ }
+ if ((uint)(ushort)psVar14[1] != *(uint *)(lVar15 + 0x14)) {
+ uVar9 = 0xc000014c;
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ local_90 = (short *)0x0;
+ uVar12 = 0x330;
+ psVar14 = (short *)0x0;
+ goto LAB_31;
+ }
+ uVar23 = param_7;
+ uVar9 = CmpCheckLeaf(param_1,param_2,psVar14,*puVar22,param_7);
+ uVar13 = (undefined4)(uVar23 >> 0x20);
+ if (uVar9 == 0x8000002a) {
+ bVar4 = 1;
+LAB_35:
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_98);
+ psVar14 = (short *)0x0;
+ }
+ else {
+ HvpReleaseCellFlat();
+ psVar14 = (short *)0x0;
+ }
+ goto LAB_28;
+ }
+ if (-1 < (int)uVar9) goto LAB_35;
+ if (uVar9 == 0xc000014c) {
+ uVar12 = 0x340;
+ psVar14 = local_90;
+ goto LAB_31;
+ }
+ }
+LAB_33:
+ puVar22 = &local_98;
+LAB_18:
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,puVar22);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ goto LAB_17;
+LAB_26:
+ uVar26 = 0x250;
+ goto LAB_2;
+LAB_24:
+ uVar26 = 400;
+LAB_2:
+ uVar21 = 0;
+LAB_8:
+ SetFailureLocation(param_7,uVar21,0xe,uVar9,uVar26);
+LAB_17:
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_60);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ return uVar9;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,refcount,length,address,called |
| ratio | 0.35 |
| i_ratio | 0.1 |
| m_ratio | 0.51 |
| b_ratio | 0.9 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | VrpUpdateKeyInformation | VrpUpdateKeyInformation |
| fullname | VrpUpdateKeyInformation | VrpUpdateKeyInformation |
refcount |
4 | 3 |
length |
594 | 650 |
called |
RtlCopyMemory | RtlCopyMemory RtlULongAdd memset |
| calling | VrpPostEnumerateKey VrpPostQueryKey |
VrpPostEnumerateKey VrpPostQueryKey |
| paramcount | 6 | 6 |
address |
1407d3c0c | 1407d48cc |
| sig | undefined VrpUpdateKeyInformation(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined4 param_6) | undefined VrpUpdateKeyInformation(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined4 param_6) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- VrpUpdateKeyInformation called
+++ VrpUpdateKeyInformation called
@@ -1,0 +2,2 @@
+RtlULongAdd
+memset--- VrpUpdateKeyInformation
+++ VrpUpdateKeyInformation
@@ -1,144 +1,147 @@
-undefined4
+undefined8
VrpUpdateKeyInformation
- (int param_1,uint *param_2,uint param_3,uint *param_4,uint *param_5,uint param_6)
+ (int param_1,uint *param_2,uint param_3,ulong *param_4,uint *param_5,uint param_6)
{
undefined auVar1 [16];
undefined auVar2 [16];
undefined auVar3 [14];
- uint uVar4;
+ long lVar4;
longlong lVar5;
- ushort uVar6;
+ short *psVar6;
ulonglong uVar7;
- longlong lVar8;
- uint uVar9;
- short *psVar10;
+ ulonglong uVar8;
+ undefined8 uVar9;
+ uint uVar10;
ushort uVar11;
+ uint uVar12;
uint *_Dst;
- uint uVar12;
uint *puVar13;
- uint *puVar14;
- void *_Src;
- uint *puVar15;
+ uint local_res8 [2];
+ uint *local_48;
+ uint *local_40;
undefined local_38 [2];
undefined auStack_36 [6];
longlong lStack_30;
- _Src = (void *)0x0;
- puVar15 = (uint *)0x0;
- puVar13 = (uint *)0x0;
- uVar12 = 0;
+ local_48 = (uint *)0x0;
+ local_40 = (uint *)0x0;
_local_38 = ZEXT816(0);
- lVar5 = 0x18;
if (param_1 == 0) {
- uVar9 = 0x10;
lVar5 = 0x10;
- lVar8 = 0xc;
+ uVar12 = 0x10;
+ uVar10 = 0xc;
LAB_0:
_Dst = (uint *)((longlong)param_2 + lVar5);
- puVar14 = (uint *)((longlong)param_2 + lVar8);
uVar11 = 0;
- uVar6 = 0;
+ puVar13 = (uint *)((longlong)param_2 + (ulonglong)uVar10);
auVar2._12_4_ = 0;
auVar2._0_12_ = *(undefined (*) [12])(param_5 + 1);
_local_38 = auVar2 << 0x20;
+ auVar1 = _local_38;
+ lStack_30 = SUB128(*(undefined (*) [12])(param_5 + 1),4);
+ lVar5 = lStack_30;
+ _auStack_36 = auVar1._2_14_;
auVar3 = _auStack_36;
auVar1._14_2_ = 0;
auVar1._0_14_ = _auStack_36;
_local_38 = auVar1 << 0x10;
uVar7 = (ulonglong)((*param_5 & 0xffff) >> 1);
if (uVar7 != 0) {
- lStack_30 = SUB128(*(undefined (*) [12])(param_5 + 1),4);
- psVar10 = (short *)(lStack_30 + -2 + uVar7 * 2);
+ psVar6 = (short *)(lVar5 + -2 + uVar7 * 2);
do {
- uVar11 = uVar6;
- if (*psVar10 == 0x5c) break;
- uVar6 = uVar6 + 2;
- psVar10 = psVar10 + -1;
+ if (*psVar6 == 0x5c) break;
+ uVar11 = uVar11 + 2;
+ psVar6 = psVar6 + -1;
uVar7 = uVar7 - 1;
- uVar11 = uVar6;
} while (uVar7 != 0);
local_38 = (undefined [2])uVar11;
_local_38 = CONCAT142(auVar3,local_38);
}
- lVar5 = lStack_30;
- param_5 = (uint *)local_38;
auStack_36._0_2_ = uVar11;
lStack_30 = lVar5 + uVar7 * 2;
- if (puVar15 == (uint *)0x0) goto LAB_1;
- if (param_2 == (uint *)0x0) {
- *param_4 = *param_4 + (uint)uVar11;
- uVar4 = *param_4;
- goto LAB_2;
+ param_5 = (uint *)local_38;
+ if (param_1 == 1) {
+ if (*param_4 < uVar12) goto LAB_1;
+ lVar4 = RtlULongAdd(*param_4,(uint)uVar11,param_4);
+ if (-1 < lVar4) goto LAB_2;
}
- uVar12 = *puVar15;
- *param_4 = 0x18;
- _Src = (void *)((ulonglong)uVar12 + (longlong)param_2);
- uVar12 = uVar11 + 0x18;
- *param_4 = uVar12;
- if (*puVar13 != 0) {
- uVar12 = uVar11 + 0x1f & 0xfffffff8;
- *param_4 = uVar12;
+ else {
+LAB_3:
+ *param_4 = ((uint)*(ushort *)param_5 - (int)param_2) + (int)_Dst;
+LAB_2:
+ if (param_3 < uVar12) goto LAB_1;
+ if (*param_4 <= param_3) {
+ if (local_40 == (uint *)0x0) {
+LAB_4:
+ RtlCopyMemory(_Dst,*(void **)(param_5 + 2),(ulonglong)*(ushort *)param_5);
+ *puVar13 = (uint)*(ushort *)param_5;
+ return 0;
+ }
+ uVar10 = *local_48;
+ uVar7 = (ulonglong)uVar10;
+ if (uVar10 == 0) goto LAB_4;
+ uVar8 = (ulonglong)*local_40;
+ local_res8[0] = 0;
+ lVar4 = RtlULongAdd(*local_40,uVar10,local_res8);
+ if ((-1 < lVar4) && (local_res8[0] <= param_3)) {
+ uVar10 = *(ushort *)param_5 + 0x1f & 0xfffffff8;
+ RtlCopyMemory((void *)((ulonglong)uVar10 + (longlong)param_2),
+ (void *)((longlong)param_2 + uVar8),uVar7 & 0xffffffff);
+ memset((void *)((ulonglong)*local_48 + (ulonglong)uVar10 + (longlong)param_2),0,
+ (ulonglong)((param_3 - *local_48) - uVar10));
+ *local_40 = uVar10;
+ goto LAB_4;
+ }
+ }
}
- uVar4 = *puVar13 + uVar12;
+ uVar9 = 0x80000005;
}
else {
if (param_1 == 1) {
- puVar15 = param_2 + 3;
- lVar8 = 0x14;
- puVar13 = param_2 + 4;
- uVar9 = 0x18;
+ uVar12 = 0x18;
+ local_48 = param_2 + 4;
+ local_40 = param_2 + 3;
+ lVar5 = 0x18;
+ uVar10 = 0x14;
goto LAB_0;
}
- if (param_1 != 3) {
- if (param_1 != 4) {
- if (param_1 != 8) {
- return 0xc000000d;
+ if (param_1 == 3) {
+ _Dst = param_2 + 1;
+ uVar12 = 4;
+ puVar13 = param_2;
+ goto LAB_3;
+ }
+ if (param_1 == 4) {
+ uVar11 = *(ushort *)param_5;
+ uVar7 = (ulonglong)(uVar11 >> 1);
+ if (0x27 < param_3) {
+ if (uVar7 != 0) {
+ psVar6 = (short *)(*(longlong *)(param_5 + 2) + -2 +
+ ((ulonglong)uVar11 & 0xfffffffffffffffe));
+ do {
+ if (*psVar6 == 0x5c) break;
+ psVar6 = psVar6 + -1;
+ uVar7 = uVar7 - 1;
+ } while (uVar7 != 0);
}
- if (param_3 < 4) {
- return 0xc0000023;
- }
+ param_2[8] = (uint)uVar11 + (int)uVar7 * -2;
+ return 0;
+ }
+ }
+ else {
+ if (param_1 != 8) {
+ return 0xc000000d;
+ }
+ if (3 < param_3) {
*param_2 = param_6 >> 1 & 1;
return 0;
}
- uVar11 = *(ushort *)param_5;
- uVar7 = (ulonglong)(uVar11 >> 1);
- if (param_3 < 0x28) {
- return 0xc0000023;
- }
- if (uVar7 != 0) {
- psVar10 = (short *)(*(longlong *)(param_5 + 2) + -2 +
- ((ulonglong)uVar11 & 0xfffffffffffffffe));
- do {
- if (*psVar10 == 0x5c) break;
- psVar10 = psVar10 + -1;
- uVar7 = uVar7 - 1;
- } while (uVar7 != 0);
- }
- param_2[8] = (uint)uVar11 + (int)uVar7 * -2;
- return 0;
}
- _Dst = param_2 + 1;
- uVar9 = 4;
- puVar14 = param_2;
LAB_1:
- uVar4 = ((uint)*(ushort *)param_5 - (int)param_2) + (int)_Dst;
+ uVar9 = 0xc0000023;
}
- *param_4 = uVar4;
-LAB_2:
- if (param_3 < uVar9) {
- return 0xc0000023;
- }
- if (param_3 < uVar4) {
- return 0x80000005;
- }
- if ((puVar15 != (uint *)0x0) && (*puVar13 != 0)) {
- RtlCopyMemory((void *)((ulonglong)uVar12 + (longlong)param_2),_Src,(ulonglong)*puVar13);
- *puVar15 = uVar12;
- }
- RtlCopyMemory(_Dst,*(void **)(param_5 + 2),(ulonglong)*(ushort *)param_5);
- *puVar14 = (uint)*(ushort *)param_5;
- return 0;
+ return uVar9;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,called |
| ratio | 0.56 |
| i_ratio | 0.34 |
| m_ratio | 0.81 |
| b_ratio | 0.92 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmpReferenceSecurityNode | CmpReferenceSecurityNode |
| fullname | CmpReferenceSecurityNode | CmpReferenceSecurityNode |
| refcount | 2 | 2 |
length |
193 | 178 |
called |
HvpGetBinContextInitialize HvpGetCellFlat HvpGetCellPaged HvpReleaseCellFlat HvpReleaseCellPaged KeBugCheckEx |
CmpKeySecurityIncrementReferenceCount HvpGetBinContextInitialize HvpGetCellFlat HvpGetCellPaged HvpReleaseCellFlat HvpReleaseCellPaged |
| calling | CmRenameKey | CmRenameKey |
| paramcount | 0 | 0 |
| address | 14067bf94 | 14067bf94 |
| sig | undefined CmpReferenceSecurityNode(void) | undefined CmpReferenceSecurityNode(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CmpReferenceSecurityNode called
+++ CmpReferenceSecurityNode called
@@ -0,0 +1 @@
+CmpKeySecurityIncrementReferenceCount
@@ -6 +6,0 @@
-KeBugCheckEx--- CmpReferenceSecurityNode
+++ CmpReferenceSecurityNode
@@ -1,46 +1,39 @@
-undefined4 CmpReferenceSecurityNode(longlong param_1,undefined4 param_2)
+int CmpReferenceSecurityNode(longlong param_1,undefined4 param_2)
{
- uint uVar1;
+ int iVar1;
longlong lVar2;
- undefined4 uVar3;
undefined8 local_res8;
local_res8 = 0xffffffff;
HvpGetBinContextInitialize((longlong)&local_res8 + 4);
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
lVar2 = HvpGetCellPaged(param_1,param_2,&local_res8);
}
else {
lVar2 = HvpGetCellFlat();
}
- uVar1 = *(uint *)(lVar2 + 0xc);
- if (uVar1 != 0) {
- if (uVar1 + 1 < uVar1) {
- uVar3 = 0xc0000095;
- if (lVar2 != 0) {
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(param_1,&local_res8);
- }
- else {
- HvpReleaseCellFlat();
- }
- }
- }
- else {
- *(uint *)(lVar2 + 0xc) = uVar1 + 1;
+ iVar1 = CmpKeySecurityIncrementReferenceCount(lVar2,param_1,param_2);
+ if (iVar1 < 0) {
+ if (lVar2 != 0) {
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
HvpReleaseCellPaged(param_1,&local_res8);
}
else {
HvpReleaseCellFlat();
}
- uVar3 = 0;
}
- return uVar3;
}
- /* WARNING: Subroutine does not return */
- KeBugCheckEx(0x51,4,6,param_1,param_2);
+ else {
+ if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(param_1,&local_res8);
+ }
+ else {
+ HvpReleaseCellFlat();
+ }
+ iVar1 = 0;
+ }
+ return iVar1;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,refcount,length,called |
| ratio | 0.97 |
| i_ratio | 0.64 |
| m_ratio | 0.73 |
| b_ratio | 0.96 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | KiRestoreFeatureBits | KiRestoreFeatureBits |
| fullname | KiRestoreFeatureBits | KiRestoreFeatureBits |
refcount |
2 | 3 |
length |
349 | 391 |
called |
HviIsAnyHypervisorPresent KeInitializeCatRegisters KiCheckMicrocode KiSetMicrocodeUpdateOptions |
HviIsAnyHypervisorPresent KeInitializeCatRegisters KiCheckMicrocode |
| calling | KeRestoreProcessorSpecificFeatures | KeRestoreProcessorSpecificFeatures |
| paramcount | 0 | 0 |
| address | 14036fef8 | 14036fef8 |
| sig | undefined KiRestoreFeatureBits(void) | undefined KiRestoreFeatureBits(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- KiRestoreFeatureBits called
+++ KiRestoreFeatureBits called
@@ -4 +3,0 @@
-KiSetMicrocodeUpdateOptions--- KiRestoreFeatureBits
+++ KiRestoreFeatureBits
@@ -1,51 +1,50 @@
void KiRestoreFeatureBits(undefined8 param_1,ulonglong param_2)
{
byte bVar1;
void *pvVar2;
char cVar3;
ulonglong uVar4;
pvVar2 = FiberData;
if (*(char *)((longlong)FiberData + 0x8d) == '\x02') {
param_2 = KiIa32MiscEnable >> 0x20;
wrmsr(0x1a0,KiIa32MiscEnable);
}
if ((*(ulonglong *)((longlong)FiberData + 0x89a0) >> 0x22 & 1) != 0) {
param_2 = 0;
wrmsr(0xc0000103,
(ulonglong)
CONCAT11(*(undefined *)((longlong)FiberData + 0xd0),
*(undefined *)((longlong)FiberData + 0xd1)));
}
bVar1 = *(byte *)((longlong)FiberData + 0xfa);
if ((bVar1 != 0) || (uVar4 = (ulonglong)bVar1, (KeFeatureBits2 & 0x600) != 0)) {
param_2 = 0;
uVar4 = 0x48;
wrmsr(0x48,(ulonglong)bVar1);
}
if ((KeFeatureBits2 & 0x8000) != 0) {
param_2 = *(ulonglong *)((longlong)FiberData + 0x2d00) >> 0x20;
uVar4 = 0x122;
wrmsr(0x122,*(ulonglong *)((longlong)FiberData + 0x2d00));
}
- KiSetMicrocodeUpdateOptions(uVar4,param_2);
- KeInitializeCatRegisters();
+ KeInitializeCatRegisters(uVar4,param_2);
wrmsr(0x174,0);
wrmsr(0x176,0);
wrmsr(0x175,0);
if ((((*(char *)((longlong)pvVar2 + 0x8d) == '\x01') &&
('\x0f' < *(char *)((longlong)pvVar2 + 0x40))) &&
(*(char *)((longlong)pvVar2 + 0x40) != '\x11')) &&
(cVar3 = HviIsAnyHypervisorPresent(0x175,0), cVar3 == '\0')) {
uVar4 = rdmsr(0xc0011029);
wrmsr(0xc0011029,uVar4 & 0xffffffff00000000 | uVar4 & 0xffffffff | 2);
}
KiCheckMicrocode(pvVar2);
if (KiHresetMask != 0) {
wrmsr(0x17da,(ulonglong)KiHresetMask);
}
return;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.55 |
| i_ratio | 0.64 |
| m_ratio | 0.84 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmQueryMultipleValueKey | CmQueryMultipleValueKey |
| fullname | CmQueryMultipleValueKey | CmQueryMultipleValueKey |
| refcount | 3 | 3 |
length |
2050 | 2062 |
| called | Expand for full list:CmpUnlockTwoKcbs |
Expand for full list:CmpUnlockTwoKcbs |
| calling | NtQueryMultipleValueKey | NtQueryMultipleValueKey |
| paramcount | 7 | 7 |
address |
1407370b0 | 140736c7c |
| sig | undefined CmQueryMultipleValueKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6, undefined8 param_7) | undefined CmQueryMultipleValueKey(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5, undefined8 param_6, undefined8 param_7) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CmQueryMultipleValueKey
+++ CmQueryMultipleValueKey
@@ -1,347 +1,349 @@
ulonglong CmQueryMultipleValueKey
(longlong param_1,longlong param_2,longlong param_3,uint param_4,
longlong param_5,uint *param_6,uint *param_7)
{
longlong *plVar1;
longlong lVar2;
ushort uVar3;
longlong lVar4;
- bool bVar5;
- char cVar6;
- ulonglong uVar7;
+ ushort *puVar5;
+ bool bVar6;
+ char cVar7;
ulonglong uVar8;
- uint uVar9;
+ ulonglong uVar9;
uint uVar10;
- ulonglong uVar11;
+ uint uVar11;
ulonglong uVar12;
ulonglong uVar13;
ulonglong uVar14;
ulonglong uVar15;
+ ulonglong uVar16;
char local_res8 [16];
longlong local_res18;
uint local_res20;
uint local_f4;
uint local_f0;
uint local_ec;
uint local_e8;
uint local_e4;
uint local_e0;
undefined4 local_d8;
undefined4 local_d4;
undefined4 local_d0;
undefined4 local_cc;
undefined8 local_c8;
uint local_c0;
ulonglong local_b8;
undefined4 local_b0;
undefined4 local_ac;
undefined4 local_a8;
undefined4 local_a4;
void *local_a0;
ulonglong local_98;
- ulonglong local_90;
- byte *local_88;
- uint local_80;
- ushort *local_78;
- ulonglong local_70;
- ulonglong local_68;
- longlong local_60;
+ byte *local_90;
+ uint local_88;
+ ulonglong local_80;
+ ulonglong local_78;
+ longlong local_70;
+ longlong local_68;
+ ulonglong local_60;
ulonglong local_58;
ulonglong local_50;
longlong local_48;
- uVar11 = 0;
- local_68 = 0;
- local_70 = 0;
+ uVar12 = 0;
+ local_78 = 0;
+ local_80 = 0;
local_d8 = 0xffffffff;
local_d4 = 0;
local_e8 = 0;
local_ec = 0;
- bVar5 = false;
+ bVar6 = false;
local_d0 = 0xffffffff;
local_cc = 0;
local_b8 = 0;
local_b0 = 0xffffffff;
local_ac = 0;
local_58 = 0;
local_c8 = 0;
local_e0 = local_e0 & 0xffffff00;
local_e4 = local_e4 & 0xffffff00;
local_a0 = (void *)0x0;
local_res8[0] = '\0';
local_a8 = 0xffffffff;
local_a4 = 0;
local_res18 = param_3;
local_res20 = param_4;
CmpLockRegistry();
lVar4 = *(longlong *)(param_1 + 8);
local_48 = lVar4;
if (*(short *)(lVar4 + 0x42) != 0) {
- uVar10 = CmQueryMultipleValueForLayeredKey(param_1,local_res18,param_4,param_5,param_6,param_7);
+ uVar11 = CmQueryMultipleValueForLayeredKey(param_1,param_3,local_res20,param_5,param_6,param_7);
CmpUnlockRegistry();
- return (ulonglong)uVar10;
+ return (ulonglong)uVar11;
}
if ((*(longlong *)(param_1 + 0x38) != 0) || (*(longlong *)(param_1 + 0x40) != 0)) {
CmpLockKcbShared(lVar4);
- cVar6 = CmpIsKeyDeletedForKeyBody(param_1,0);
- if (cVar6 != '\0') {
- uVar10 = *(uint *)(param_1 + 0x30);
+ cVar7 = CmpIsKeyDeletedForKeyBody(param_1,0);
+ if (cVar7 != '\0') {
+ uVar11 = *(uint *)(param_1 + 0x30);
CmpUnlockKcb(lVar4);
goto LAB_0;
}
CmpUnlockKcb(lVar4);
- uVar10 = CmpTransSearchAddTransFromKeyBody(param_1,&local_c8);
- if ((int)uVar10 < 0) {
+ uVar11 = CmpTransSearchAddTransFromKeyBody(param_1,&local_c8);
+ if ((int)uVar11 < 0) {
CmpUnlockRegistry();
- return (ulonglong)uVar10;
+ return (ulonglong)uVar11;
}
}
- uVar15 = uVar11;
+ uVar16 = uVar12;
if (param_2 != 0) {
- uVar15 = *(ulonglong *)(param_2 + 8);
- local_58 = uVar15;
- }
- CmpLockTwoKcbsShared(uVar15,lVar4);
- cVar6 = CmpIsKeyDeletedForKeyBody(param_1,local_c8);
- if (cVar6 == '\0') {
- if ((param_2 == 0) || (cVar6 = CmpIsKeyDeletedForKeyBody(param_2,local_c8), cVar6 == '\0')) {
- uVar12 = *(ulonglong *)(lVar4 + 0x20);
- plVar1 = (longlong *)(uVar12 + 0x48);
- local_98 = uVar12;
- local_50 = uVar12;
- local_88 = (byte *)KeAbPreAcquire(plVar1,0,0);
+ uVar16 = *(ulonglong *)(param_2 + 8);
+ local_58 = uVar16;
+ }
+ CmpLockTwoKcbsShared(uVar16,lVar4);
+ cVar7 = CmpIsKeyDeletedForKeyBody(param_1,local_c8);
+ if (cVar7 == '\0') {
+ if ((param_2 == 0) || (cVar7 = CmpIsKeyDeletedForKeyBody(param_2,local_c8), cVar7 == '\0')) {
+ uVar13 = *(ulonglong *)(lVar4 + 0x20);
+ plVar1 = (longlong *)(uVar13 + 0x48);
+ local_98 = uVar13;
+ local_50 = uVar13;
+ local_90 = (byte *)KeAbPreAcquire(plVar1,0,0);
LOCK();
lVar2 = *plVar1;
if (lVar2 == 0) {
*plVar1 = 0x11;
}
UNLOCK();
if (lVar2 != 0) {
- ExfAcquirePushLockSharedEx(plVar1,0,local_88,plVar1);
- }
- if (local_88 != (byte *)0x0) {
- *(undefined *)((longlong)local_88 + 0x12) = 1;
- }
- local_88 = (byte *)(uVar12 + 0x8c);
- if ((*local_88 & 1) == 0) {
- local_60 = HvpGetCellPaged();
+ ExfAcquirePushLockSharedEx(plVar1,0,local_90,plVar1);
+ }
+ if (local_90 != (byte *)0x0) {
+ *(undefined *)((longlong)local_90 + 0x12) = 1;
+ }
+ local_90 = (byte *)(uVar13 + 0x8c);
+ if ((*local_90 & 1) == 0) {
+ local_68 = HvpGetCellPaged();
}
else {
- local_60 = HvpGetCellFlat(uVar12,*(undefined4 *)(lVar4 + 0x28),&local_d0);
- }
- if (local_60 != 0) {
- CmpUpdateKeyNodeAccessBits(uVar12,local_60,*(undefined4 *)(lVar4 + 0x28));
+ local_68 = HvpGetCellFlat(uVar13,*(undefined4 *)(lVar4 + 0x28),&local_d0);
+ }
+ if (local_68 != 0) {
+ CmpUpdateKeyNodeAccessBits(uVar13,local_68,*(undefined4 *)(lVar4 + 0x28));
LOCK();
lVar2 = *plVar1;
if (lVar2 == 0x11) {
*plVar1 = 0;
}
UNLOCK();
if (lVar2 != 0x11) {
ExfReleasePushLockShared(plVar1);
}
KeAbPostRelease(plVar1);
- uVar8 = local_c8;
+ uVar9 = local_c8;
if ((local_c8 != 0) &&
(local_e0 = local_e0 & 0xff, *(ulonglong *)(lVar4 + 0x120) == local_c8)) {
local_e0 = 1;
}
- uVar7 = uVar11;
- uVar13 = uVar11;
- uVar14 = uVar11;
- if (uVar15 != 0) {
- local_68 = *(ulonglong *)(uVar15 + 0x20);
- if ((*(byte *)(local_68 + 0x8c) & 1) == 0) {
- local_b8 = HvpGetCellPaged(local_68,*(undefined4 *)(uVar15 + 0x28),&local_b0);
+ uVar8 = uVar12;
+ uVar14 = uVar12;
+ uVar15 = uVar12;
+ if (uVar16 != 0) {
+ local_78 = *(ulonglong *)(uVar16 + 0x20);
+ if ((*(byte *)(local_78 + 0x8c) & 1) == 0) {
+ local_b8 = HvpGetCellPaged(local_78,*(undefined4 *)(uVar16 + 0x28),&local_b0);
}
else {
local_b8 = HvpGetCellFlat();
}
if (local_b8 == 0) {
- if ((*local_88 & 1) == 0) {
- HvpReleaseCellPaged(uVar12,&local_d0);
+ if ((*local_90 & 1) == 0) {
+ HvpReleaseCellPaged(uVar13,&local_d0);
}
else {
HvpReleaseCellFlat();
}
goto LAB_1;
}
- uVar13 = local_b8;
- if ((uVar8 != 0) && (local_e4 = local_e4 & 0xff, *(ulonglong *)(uVar15 + 0x120) == uVar8))
+ uVar14 = local_b8;
+ if ((uVar9 != 0) && (local_e4 = local_e4 & 0xff, *(ulonglong *)(uVar16 + 0x120) == uVar9))
{
local_e4 = 1;
}
}
do {
- local_c0 = (uint)uVar7;
- uVar12 = uVar11;
+ local_c0 = (uint)uVar8;
+ uVar13 = uVar12;
if (local_res20 <= local_c0) {
LAB_2:
- uVar8 = uVar11;
- if (-1 < (int)uVar12) {
- if (bVar5) {
- uVar12 = 0x80000005;
+ uVar9 = uVar12;
+ if (-1 < (int)uVar13) {
+ if (bVar6) {
+ uVar13 = 0x80000005;
}
*param_6 = local_ec;
- uVar8 = 0;
+ uVar9 = 0;
if (param_7 != (uint *)0x0) {
*param_7 = local_e8;
}
}
LAB_3:
- if (uVar8 != 0) {
- if ((*(byte *)(uVar14 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(uVar14,&local_d8);
+ if (uVar9 != 0) {
+ if ((*(byte *)(uVar15 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(uVar15,&local_d8);
}
else {
HvpReleaseCellFlat();
}
}
if (local_b8 != 0) {
- if ((*(byte *)(local_68 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged(local_68,&local_b0);
+ if ((*(byte *)(local_78 + 0x8c) & 1) == 0) {
+ HvpReleaseCellPaged(local_78,&local_b0);
}
else {
HvpReleaseCellFlat();
}
}
- if ((*local_88 & 1) == 0) {
+ if ((*local_90 & 1) == 0) {
HvpReleaseCellPaged();
}
else {
HvpReleaseCellFlat(local_98,&local_d0);
}
- CmpUnlockTwoKcbs(uVar15,lVar4);
+ CmpUnlockTwoKcbs(uVar16,lVar4);
CmpUnlockRegistry();
- return uVar12;
- }
- local_78 = (ushort *)(uVar7 * 0x20 + local_res18);
+ return uVar13;
+ }
+ local_70 = uVar8 * 3;
+ puVar5 = *(ushort **)(local_res18 + uVar8 * 0x18);
while( true ) {
- uVar3 = *local_78;
+ uVar3 = *puVar5;
if ((uVar3 == 0) ||
- (*(short *)(*(longlong *)(local_78 + 4) + -2 +
- ((ulonglong)uVar3 & 0xfffffffffffffffe)) != 0)) break;
- *local_78 = uVar3 - 2;
+ (*(short *)(*(longlong *)(puVar5 + 4) + -2 + ((ulonglong)uVar3 & 0xfffffffffffffffe))
+ != 0)) break;
+ *puVar5 = uVar3 - 2;
}
local_f0 = 0xffffffff;
local_f4 = 0xffffffff;
- uVar12 = uVar14;
- if (uVar15 != 0) {
- local_70 = local_68;
- uVar12 = local_68;
+ uVar13 = uVar15;
+ if (uVar16 != 0) {
+ local_80 = local_78;
+ uVar13 = local_78;
if ((char)local_e4 == '\0') {
- local_f0 = CmpFindValueByName(local_68,uVar13);
- }
- else {
- CmpFindNameInList(local_68,uVar15 + 0x118,local_78,0,0,&local_f4);
+ local_f0 = CmpFindValueByName(local_78,uVar14);
+ }
+ else {
+ CmpFindNameInList(local_78,uVar16 + 0x118,puVar5,0,0,&local_f4);
local_f0 = local_f4;
}
}
- uVar14 = local_98;
+ uVar15 = local_98;
local_f4 = local_f0;
if (local_f0 == 0xffffffff) {
- local_70 = local_98;
+ local_80 = local_98;
if ((char)local_e0 == '\0') {
- local_f0 = CmpFindValueByName(local_98,local_60);
- }
- else {
- CmpFindNameInList(local_98,lVar4 + 0x118,local_78,0,0,&local_f4);
+ local_f0 = CmpFindValueByName(local_98,local_68);
+ }
+ else {
+ CmpFindNameInList(local_98,lVar4 + 0x118,puVar5,0,0,&local_f4);
local_f0 = local_f4;
}
- uVar12 = uVar14;
+ uVar13 = uVar15;
if (local_f0 == 0xffffffff) {
- uVar12 = 0xc0000034;
+ uVar13 = 0xc0000034;
goto LAB_2;
}
}
- if ((*(byte *)(uVar12 + 0x8c) & 1) == 0) {
- uVar8 = HvpGetCellPaged();
+ if ((*(byte *)(uVar13 + 0x8c) & 1) == 0) {
+ uVar9 = HvpGetCellPaged();
}
else {
- uVar8 = HvpGetCellFlat(uVar12,local_f0,&local_d8);
- }
- local_90 = uVar8;
- uVar14 = uVar12;
- if (uVar8 == 0) {
+ uVar9 = HvpGetCellFlat(uVar13,local_f0,&local_d8);
+ }
+ local_60 = uVar9;
+ uVar15 = uVar13;
+ if (uVar9 == 0) {
LAB_4:
- uVar12 = 0xc000009a;
+ uVar13 = 0xc000009a;
goto LAB_3;
}
- uVar10 = *(uint *)(uVar8 + 4);
- uVar9 = uVar10 + 0x80000000;
- if (uVar10 < 0x80000000) {
- uVar9 = uVar10;
- }
- uVar10 = local_ec + 3;
- local_ec = uVar10 & 0xfffffffc;
- local_c8 = CONCAT44(local_c8._4_4_,uVar10) & 0xfffffffffffffffc;
+ uVar11 = *(uint *)(uVar9 + 4);
+ uVar10 = uVar11 + 0x80000000;
+ if (uVar11 < 0x80000000) {
+ uVar10 = uVar11;
+ }
+ uVar11 = local_ec + 3;
+ local_ec = uVar11 & 0xfffffffc;
+ local_c8 = CONCAT44(local_c8._4_4_,uVar11) & 0xfffffffffffffffc;
local_e8 = local_e8 + 3 & 0xfffffffc;
- local_f4 = uVar9;
- local_80 = local_e8;
- if (((*param_6 < uVar9 + local_ec) || (uVar9 + local_ec < local_ec)) || (bVar5)) {
- bVar5 = true;
+ local_f4 = uVar10;
+ local_88 = local_e8;
+ if (((*param_6 < uVar10 + local_ec) || (uVar10 + local_ec < local_ec)) || (bVar6)) {
+ bVar6 = true;
}
else {
- cVar6 = CmpGetValueData(uVar12,local_f0,uVar8,&local_f4,&local_a0,local_res8,&local_a8);
- if (cVar6 == '\0') goto LAB_4;
+ cVar7 = CmpGetValueData(uVar13,local_f0,uVar9,&local_f4,&local_a0,local_res8,&local_a8);
+ if (cVar7 == '\0') goto LAB_4;
local_f0 = local_f4;
RtlCopyMemory((void *)((ulonglong)local_ec + param_5),local_a0,(ulonglong)local_f4);
- uVar10 = local_ec;
- *(undefined4 *)(local_78 + 0xc) = *(undefined4 *)(uVar8 + 0xc);
- *(uint *)(local_78 + 8) = local_f0;
- *(uint *)(local_78 + 10) = local_ec;
+ uVar11 = local_ec;
+ *(undefined4 *)(local_res18 + 0x10 + local_70 * 8) = *(undefined4 *)(uVar9 + 0xc);
+ *(uint *)(local_res18 + 8 + local_70 * 8) = local_f0;
+ *(uint *)(local_res18 + 0xc + local_70 * 8) = local_ec;
if (local_res8[0] == '\0') {
- if ((*(byte *)(uVar12 + 0x8c) & 1) == 0) {
+ if ((*(byte *)(uVar13 + 0x8c) & 1) == 0) {
HvpReleaseCellPaged();
}
else {
- HvpReleaseCellFlat(uVar12,&local_a8);
+ HvpReleaseCellFlat(uVar13,&local_a8);
}
}
else {
ExFreePoolWithTag(local_a0,0);
local_res8[0] = '\0';
}
local_a0 = (void *)0x0;
- local_ec = uVar10 + local_f0;
- uVar9 = local_f0;
- }
- local_e8 = local_e8 + uVar9;
- if ((*(byte *)(uVar12 + 0x8c) & 1) == 0) {
+ local_ec = uVar11 + local_f0;
+ uVar10 = local_f0;
+ }
+ local_e8 = local_e8 + uVar10;
+ if ((*(byte *)(uVar13 + 0x8c) & 1) == 0) {
HvpReleaseCellPaged();
}
else {
- HvpReleaseCellFlat(uVar12,&local_d8);
- }
- uVar7 = (ulonglong)(local_c0 + 1);
- uVar13 = local_b8;
+ HvpReleaseCellFlat(uVar13,&local_d8);
+ }
+ uVar8 = (ulonglong)(local_c0 + 1);
+ uVar14 = local_b8;
} while( true );
}
LOCK();
lVar2 = *plVar1;
if (lVar2 == 0x11) {
*plVar1 = 0;
}
UNLOCK();
if (lVar2 != 0x11) {
ExfReleasePushLockShared(plVar1);
}
KeAbPostRelease(plVar1);
LAB_1:
- CmpUnlockTwoKcbs(uVar15,lVar4);
+ CmpUnlockTwoKcbs(uVar16,lVar4);
CmpUnlockRegistry();
return 0xc000009a;
}
- uVar10 = *(uint *)(param_2 + 0x30);
+ uVar11 = *(uint *)(param_2 + 0x30);
}
else {
- uVar10 = *(uint *)(param_1 + 0x30);
- }
- CmpUnlockTwoKcbs(uVar15,lVar4);
+ uVar11 = *(uint *)(param_1 + 0x30);
+ }
+ CmpUnlockTwoKcbs(uVar16,lVar4);
LAB_0:
CmpUnlockRegistry();
- return (ulonglong)((-(uint)((uVar10 & 1) != 0) & 0x2a9) + 0xc000017c);
+ return (ulonglong)((-(uint)((uVar11 & 1) != 0) & 0x2a9) + 0xc000017c);
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,length,address |
| ratio | 0.29 |
| i_ratio | 0.55 |
| m_ratio | 0.95 |
| b_ratio | 0.63 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | KiDetectHardwareSpecControlFeatures | KiDetectHardwareSpecControlFeatures |
| fullname | KiDetectHardwareSpecControlFeatures | KiDetectHardwareSpecControlFeatures |
| refcount | 4 | 4 |
length |
1049 | 947 |
| called | HviGetEnlightenmentInformation HviGetHypervisorFeatures HviIsAnyHypervisorPresent HviIsHypervisorMicrosoftCompatible KiIsBranchConfusionPresent KiIsSrsoPresent __security_check_cookie |
HviGetEnlightenmentInformation HviGetHypervisorFeatures HviIsAnyHypervisorPresent HviIsHypervisorMicrosoftCompatible KiIsBranchConfusionPresent KiIsSrsoPresent __security_check_cookie |
| calling | KiDetermineRetpolineEnablement KiIsKvaShadowNeededForBranchConfusion KiSetHardwareSpeculationControlFeatures |
KiDetermineRetpolineEnablement KiIsKvaShadowNeededForBranchConfusion KiSetHardwareSpeculationControlFeatures |
| paramcount | 0 | 0 |
address |
1403c4d74 | 1403c4cdc |
| sig | undefined KiDetectHardwareSpecControlFeatures(void) | undefined KiDetectHardwareSpecControlFeatures(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- KiDetectHardwareSpecControlFeatures
+++ KiDetectHardwareSpecControlFeatures
@@ -1,255 +1,240 @@
-/* WARNING: Removing unreachable block (ram,0x0001403c4e86) */
-/* WARNING: Removing unreachable block (ram,0x0001403c4e6d) */
-/* WARNING: Removing unreachable block (ram,0x0001403c4dfe) */
-/* WARNING: Removing unreachable block (ram,0x0001403c4dc2) */
+/* WARNING: Removing unreachable block (ram,0x0001403c4dea) */
+/* WARNING: Removing unreachable block (ram,0x0001403c4dd1) */
+/* WARNING: Removing unreachable block (ram,0x0001403c4d62) */
+/* WARNING: Removing unreachable block (ram,0x0001403c4d2a) */
void KiDetectHardwareSpecControlFeatures
(longlong param_1,ulonglong param_2,undefined4 *param_3,longlong param_4)
{
char cVar1;
byte bVar2;
uint *puVar3;
undefined8 *puVar4;
undefined4 *puVar5;
- ulonglong uVar6;
- bool bVar7;
- undefined auVar8 [16];
- char cVar9;
- int iVar10;
- uint uVar11;
+ bool bVar6;
+ undefined auVar7 [16];
+ char cVar8;
+ int iVar9;
+ uint uVar10;
+ ulonglong uVar11;
ulonglong uVar12;
- ulonglong uVar13;
+ bool bVar13;
bool bVar14;
bool bVar15;
- bool bVar16;
undefined auStack_a8 [32];
undefined8 local_88;
undefined4 uStack_80;
undefined4 uStack_7c;
undefined8 local_78;
- ulonglong local_70;
- undefined4 *local_68;
- undefined local_60 [4];
- undefined auStack_5c [8];
- undefined4 uStack_54;
- undefined local_50 [16];
- ulonglong local_40;
+ undefined4 *local_70;
+ undefined local_68 [4];
+ undefined auStack_64 [8];
+ undefined4 uStack_5c;
+ undefined local_58 [16];
+ ulonglong local_48;
- local_40 = __security_cookie ^ (ulonglong)auStack_a8;
+ local_48 = __security_cookie ^ (ulonglong)auStack_a8;
cVar1 = *(char *)(param_1 + 0x8d);
- uVar12 = 0;
+ uVar11 = 0;
uStack_7c = 0;
bVar2 = *(byte *)(param_1 + 0x43);
+ local_88 = 0;
puVar3 = (uint *)cpuid_basic_info(0);
- local_88 = 0;
- bVar15 = false;
uStack_80 = 0x48;
bVar14 = false;
local_78 = 4;
- auVar8._4_4_ = puVar3[3];
- auVar8._0_4_ = puVar3[1];
- auVar8._8_4_ = puVar3[2];
- auVar8._12_4_ = 0;
- _local_60 = auVar8 << 0x20;
- local_50 = ZEXT816(0);
+ bVar13 = false;
+ auVar7._4_4_ = puVar3[3];
+ auVar7._0_4_ = puVar3[1];
+ auVar7._8_4_ = puVar3[2];
+ auVar7._12_4_ = 0;
+ _local_68 = auVar7 << 0x20;
+ local_58 = ZEXT816(0);
if (*puVar3 < 7) {
- uVar11 = 0;
+ uVar10 = 0;
}
else {
puVar4 = (undefined8 *)cpuid_Extended_Feature_Enumeration_info(7);
- uVar11 = *(uint *)(puVar4 + 1);
- auStack_5c._4_4_ = *(undefined4 *)((longlong)puVar4 + 0xc);
- _local_60 = *puVar4;
- uStack_54 = puVar3[2];
- if ((uVar11 >> 0x1d & 1) != 0) {
- uVar13 = rdmsr(0x10a);
- bVar14 = (uVar13 & 2) != 0;
+ uVar10 = *(uint *)(puVar4 + 1);
+ auStack_64._4_4_ = *(undefined4 *)((longlong)puVar4 + 0xc);
+ _local_68 = *puVar4;
+ uStack_5c = puVar3[2];
+ if ((uVar10 >> 0x1d & 1) != 0) {
+ uVar12 = rdmsr(0x10a);
+ bVar13 = (uVar12 & 2) != 0;
+ if (bVar13) {
+ uVar11 = 0x201;
+ local_88 = 0x201;
+ }
+ bVar14 = (uVar12 & 0x10) != 0;
if (bVar14) {
- uVar12 = 0x201;
- local_88 = 0x201;
- }
- bVar15 = (uVar13 & 0x10) != 0;
- if (bVar15) {
- uVar12 = uVar12 | 0x100;
- local_88 = uVar12;
- }
- bVar15 = bVar15 || bVar14;
- if ((uVar13 & 4) != 0) {
- uVar12 = uVar12 | 0x200;
- bVar15 = true;
- local_88 = uVar12;
+ uVar11 = uVar11 | 0x100;
+ local_88 = uVar11;
+ }
+ bVar14 = bVar14 || bVar13;
+ if ((uVar12 & 4) != 0) {
+ uVar11 = uVar11 | 0x200;
+ bVar14 = true;
+ local_88 = uVar11;
}
}
}
if (cVar1 == '\x01') {
puVar3 = (uint *)cpuid(0x80000000);
- auStack_5c._0_4_ = puVar3[1];
- auStack_5c._4_4_ = puVar3[3];
- uStack_54 = puVar3[2];
+ auStack_64._0_4_ = puVar3[1];
+ auStack_64._4_4_ = puVar3[3];
+ uStack_5c = puVar3[2];
if (*puVar3 < 0x80000008) {
- uVar11 = 0;
+ uVar10 = 0;
}
else {
puVar5 = (undefined4 *)cpuid(0x80000008);
- uVar11 = puVar5[1];
- local_60 = (undefined [4])*puVar5;
- auStack_5c._4_4_ = puVar5[3];
- uStack_54 = puVar5[2];
- }
- if ((uVar11 >> 0xc & 1) != 0) {
- uVar12 = uVar12 | 4;
- bVar15 = true;
- local_88 = uVar12;
- }
- if ((uVar11 >> 0xe & 1) != 0) {
- uVar12 = uVar12 | 0x10;
- bVar15 = true;
- local_88 = uVar12;
- }
- if ((uVar11 >> 0xf & 1) != 0) {
- uVar12 = uVar12 | 0x40;
- bVar15 = true;
- local_88 = uVar12;
- }
- if ((uVar11 >> 0x18 & 1) != 0) {
- uVar12 = uVar12 | 0x80;
- local_88 = uVar12;
- }
- if ((uVar11 >> 0x1a & 1) != 0) {
- uVar12 = uVar12 | 0x180;
- local_88 = uVar12;
+ uVar10 = puVar5[1];
+ local_68 = (undefined [4])*puVar5;
+ auStack_64._4_4_ = puVar5[3];
+ uStack_5c = puVar5[2];
+ }
+ if ((uVar10 >> 0xc & 1) != 0) {
+ uVar11 = uVar11 | 4;
+ bVar14 = true;
+ local_88 = uVar11;
+ }
+ if ((uVar10 >> 0xe & 1) != 0) {
+ uVar11 = uVar11 | 0x10;
+ bVar14 = true;
+ local_88 = uVar11;
+ }
+ if ((uVar10 >> 0xf & 1) != 0) {
+ uVar11 = uVar11 | 0x40;
+ bVar14 = true;
+ local_88 = uVar11;
+ }
+ if ((uVar10 >> 0x18 & 1) != 0) {
+ uVar11 = uVar11 | 0x80;
+ local_88 = uVar11;
+ }
+ if ((uVar10 >> 0x1a & 1) != 0) {
+ uVar11 = uVar11 | 0x180;
+ local_88 = uVar11;
}
if ((local_88 & 0x80) != 0) {
LAB_0:
- bVar15 = true;
+ bVar14 = true;
}
}
else {
- if ((uVar11 >> 0x1a & 1) != 0) {
- uVar12 = uVar12 | 0x14;
- bVar15 = true;
- local_88 = uVar12;
- }
- if ((uVar11 >> 0x1b & 1) != 0) {
- uVar12 = uVar12 | 0x44;
- bVar15 = true;
- local_88 = uVar12;
- }
- if ((int)uVar11 < 0) {
- uVar12 = uVar12 | 0x80;
- local_88 = uVar12;
+ if ((uVar10 >> 0x1a & 1) != 0) {
+ uVar11 = uVar11 | 0x14;
+ bVar14 = true;
+ local_88 = uVar11;
+ }
+ if ((uVar10 >> 0x1b & 1) != 0) {
+ uVar11 = uVar11 | 0x44;
+ bVar14 = true;
+ local_88 = uVar11;
+ }
+ if ((int)uVar10 < 0) {
+ uVar11 = uVar11 | 0x80;
+ local_88 = uVar11;
goto LAB_0;
}
}
if (((param_2 & 1) != 0) || (KiKvaShadowMode == 1)) {
- uVar12 = uVar12 | 0x20;
- local_88 = uVar12;
+ uVar11 = uVar11 | 0x20;
+ local_88 = uVar11;
}
if ((cVar1 == '\x02') && (*(char *)(param_1 + 0x40) == '\x06')) {
if ((((byte)(bVar2 - 0x4e) < 0x1a) && ((0x3010081U >> (bVar2 - 0x4e & 0x1f) & 1) != 0)) ||
((bVar2 == 0x8e || (bVar2 == 0x9e)))) {
- uVar12 = uVar12 | 0x200;
- local_88 = uVar12;
+ uVar11 = uVar11 | 0x200;
+ local_88 = uVar11;
}
if (((byte)(bVar2 - 0x37) < 0x3f) &&
((0x4080404800680001U >> ((ulonglong)(byte)(bVar2 - 0x37) & 0x3f) & 1) != 0)) {
- uVar12 = uVar12 | 0x200;
+ uVar11 = uVar11 | 0x200;
+ local_88 = uVar11;
+ }
+ }
+ uVar12 = uVar11;
+ local_70 = param_3;
+ if (((local_88 & 0x10) == 0) || ((local_88 & 4) == 0)) goto LAB_1;
+ bVar6 = true;
+ cVar8 = HviIsHypervisorMicrosoftCompatible();
+ if (cVar8 == '\0') {
+ cVar8 = HviIsAnyHypervisorPresent();
+ bVar15 = cVar8 == '\0';
+LAB_2:
+ if (!bVar15) goto LAB_3;
+ bVar6 = false;
+LAB_4:
+ uVar10 = *(uint *)(param_1 + 0x6cc);
+ if ((uVar10 & 2) != 0) {
+ uVar12 = uVar11 | 0x400;
local_88 = uVar12;
}
- }
- uVar13 = uVar12;
- local_70 = param_2;
- local_68 = param_3;
- if (((local_88 & 0x10) == 0) || ((local_88 & 4) == 0)) goto LAB_1;
- bVar7 = true;
- cVar9 = HviIsHypervisorMicrosoftCompatible();
- if (cVar9 == '\0') {
- cVar9 = HviIsAnyHypervisorPresent();
- bVar16 = cVar9 == '\0';
-LAB_2:
- if (!bVar16) goto LAB_3;
- bVar7 = false;
-LAB_4:
- uVar11 = *(uint *)(param_1 + 0x6cc);
- if ((uVar11 & 2) != 0) {
- uVar13 = uVar12 | 0x400;
- local_88 = uVar13;
- }
- uVar12 = uVar13;
- if (((uVar11 & 4) != 0) &&
- (uVar12 = uVar13 | 0x800, local_88 = uVar12, (KiFeatureSettings & 0x4000) != 0)) {
- uVar12 = uVar13 | 0x801;
- local_88 = uVar12;
+ uVar11 = uVar12;
+ if (((uVar10 & 4) != 0) &&
+ (uVar11 = uVar12 | 0x800, local_88 = uVar11, (KiFeatureSettings & 0x4000) != 0)) {
+ uVar11 = uVar12 | 0x801;
+ local_88 = uVar11;
}
if (cVar1 == '\x02') {
- if (((!bVar7) && (!bVar14)) || (uVar13 = uVar12, (uVar11 & 3) != 0)) {
- uVar13 = uVar12 | 0x1000;
- local_88 = uVar13;
+ if (((!bVar6) && (!bVar13)) || (uVar12 = uVar11, (uVar10 & 3) != 0)) {
+ uVar12 = uVar11 | 0x1000;
+ local_88 = uVar12;
}
goto LAB_1;
}
}
else {
- HviGetEnlightenmentInformation(local_50);
- _local_60 = ZEXT816(0);
- HviGetHypervisorFeatures(local_60);
- if ((_local_60 & (undefined [16])0x100000000000) != (undefined [16])0x0) {
- bVar16 = (local_50 & (undefined [16])0x1000) == (undefined [16])0x0;
+ HviGetEnlightenmentInformation(local_58);
+ _local_68 = ZEXT816(0);
+ HviGetHypervisorFeatures(local_68);
+ if ((_local_68 & (undefined [16])0x100000000000) != (undefined [16])0x0) {
+ bVar15 = (local_58 & (undefined [16])0x1000) == (undefined [16])0x0;
goto LAB_2;
}
LAB_3:
if ((KiFeatureSettings & 0x8000) != 0) goto LAB_4;
}
- uVar13 = uVar12;
- if ((cVar1 == '\x01') && (uVar13 = uVar12 | 0x1000, local_88 = uVar13, (uVar12 & 0x40) != 0)) {
- uVar13 = uVar12 | 0x5000;
- local_88 = uVar13;
+ uVar12 = uVar11;
+ if ((cVar1 == '\x01') && (uVar12 = uVar11 | 0x1000, local_88 = uVar12, (uVar11 & 0x40) != 0)) {
+ uVar12 = uVar11 | 0x5000;
+ local_88 = uVar12;
}
LAB_1:
if (((KeFeatureBits2 & 0x20000) != 0) && ((KiFeatureSettings & 0x400000) == 0)) {
- uVar13 = uVar13 | 0x2000;
- local_88 = uVar13;
- }
- iVar10 = KiIsBranchConfusionPresent(param_1);
- if (iVar10 != 0) {
- uVar13 = uVar13 | 0x8000;
- local_88 = uVar13;
+ uVar12 = uVar12 | 0x2000;
+ local_88 = uVar12;
+ }
+ iVar9 = KiIsBranchConfusionPresent(param_1);
+ if (iVar9 != 0) {
+ uVar12 = uVar12 | 0x8000;
+ local_88 = uVar12;
}
if ((cVar1 != '\x01') || ((KeFeatureBits2 & 0x2000000) != 0)) {
- uVar13 = uVar13 | 8;
- local_88 = uVar13;
+ uVar12 = uVar12 | 8;
+ local_88 = uVar12;
}
if ((KiFeatureSettings & 0x10000) != 0) {
- uVar13 = uVar13 & 0xfffffffffffff7fe;
- local_88 = uVar13;
- }
- uVar12 = uVar13;
- if ((((cVar1 == '\x02') && ((local_70 & 0x8000000000000) != 0)) &&
- ((KeFeatureBits2 >> 0x20 & 1) == 0)) &&
- (uVar12 = uVar13 | 0x40000, local_88 = uVar12, (KeFeatureBits2 >> 0x1f & 1) != 0)) {
- uVar12 = uVar13 | 0xc0000;
- uVar6 = rdmsr(0x123);
- local_88 = uVar12;
- if ((uVar6 & 0x20) != 0) {
- uVar12 = uVar13 | 0x1c0000;
- local_88 = uVar12;
- }
- }
- iVar10 = KiIsSrsoPresent(param_1);
- if (iVar10 != 0) {
+ uVar12 = uVar12 & 0xfffffffffffff7fe;
+ local_88 = uVar12;
+ }
+ iVar9 = KiIsSrsoPresent(param_1);
+ if (iVar9 != 0) {
local_88 = uVar12 | 0x200000;
}
- *local_68 = (undefined4)local_88;
- local_68[1] = local_88._4_4_;
- local_68[2] = uStack_80;
- local_68[3] = uStack_7c;
- *(undefined8 *)(local_68 + 4) = local_78;
+ *local_70 = (undefined4)local_88;
+ local_70[1] = local_88._4_4_;
+ local_70[2] = uStack_80;
+ local_70[3] = uStack_7c;
+ *(undefined8 *)(local_70 + 4) = local_78;
if (param_4 != 0) {
- *(bool *)param_4 = bVar15;
- }
- __security_check_cookie(local_40 ^ (ulonglong)auStack_a8);
+ *(bool *)param_4 = bVar14;
+ }
+ __security_check_cookie(local_48 ^ (ulonglong)auStack_a8);
return;
}
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | code,refcount,length,address |
| ratio | 0.49 |
| i_ratio | 0.3 |
| m_ratio | 0.51 |
| b_ratio | 0.53 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmpValidateHiveSecurityDescriptors | CmpValidateHiveSecurityDescriptors |
| fullname | CmpValidateHiveSecurityDescriptors | CmpValidateHiveSecurityDescriptors |
refcount |
3 | 2 |
length |
1380 | 1335 |
| called | Expand for full list:HvpReleaseCellFlat |
Expand for full list:HvpReleaseCellFlat |
| calling | CmCheckRegistry | CmCheckRegistry |
| paramcount | 5 | 5 |
address |
1406dfa74 | 1406df3b8 |
| sig | undefined CmpValidateHiveSecurityDescriptors(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5) | undefined CmpValidateHiveSecurityDescriptors(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined8 param_5) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CmpValidateHiveSecurityDescriptors
+++ CmpValidateHiveSecurityDescriptors
@@ -1,245 +1,249 @@
int CmpValidateHiveSecurityDescriptors
(longlong param_1,uint param_2,undefined *param_3,undefined8 param_4,longlong param_5)
{
uint *puVar1;
int iVar2;
- int iVar3;
- uint uVar4;
- longlong lVar5;
- char cVar6;
- uint uVar7;
- int iVar8;
- longlong lVar9;
- int iVar10;
- int local_res8 [2];
+ uint uVar3;
+ longlong lVar4;
+ char cVar5;
+ uint uVar6;
+ int iVar7;
+ longlong lVar8;
+ uint uVar9;
+ uint uVar10;
+ uint local_res8 [2];
uint local_res10;
undefined *local_res18;
undefined8 local_res20;
uint in_stack_ffffffffffffff88;
undefined4 uVar11;
undefined8 local_60;
undefined8 local_58;
longlong local_50;
local_58 = 0;
local_60 = 0;
local_res10 = param_2;
local_res18 = param_3;
local_res20 = param_4;
HvpGetCellContextReinitialize(&local_58);
HvpGetCellContextReinitialize(&local_60);
iVar2 = *(int *)(param_1 + 0x750);
- cVar6 = HvIsCellAllocated(param_1,*(undefined4 *)(*(longlong *)(param_1 + 0x40) + 0x24),0);
- if (cVar6 == '\0') {
+ cVar5 = HvIsCellAllocated(param_1,*(undefined4 *)(*(longlong *)(param_1 + 0x40) + 0x24),0);
+ if (cVar5 == '\0') {
if (param_5 != 0) {
*(undefined4 *)(param_5 + 0xf0) = *(undefined4 *)(*(longlong *)(param_1 + 0x40) + 0x24);
}
uVar11 = 0;
}
else {
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- local_50 = HvpGetCellPaged();
+ local_50 = HvpGetCellPaged(param_1,*(undefined4 *)(*(longlong *)(param_1 + 0x40) + 0x24),
+ &local_58);
}
else {
- local_50 = HvpGetCellFlat(param_1,*(undefined4 *)(*(longlong *)(param_1 + 0x40) + 0x24),
- &local_58);
+ local_50 = HvpGetCellFlat();
}
if (local_50 != 0) {
- iVar3 = *(int *)(local_50 + 0x2c);
+ uVar9 = *(uint *)(local_50 + 0x2c);
local_res8[0] = 0;
- iVar8 = iVar3;
+ uVar6 = uVar9;
do {
- iVar10 = iVar8;
- cVar6 = HvIsCellAllocated(param_1,iVar10,param_4);
- if (cVar6 == '\0') {
- if (iVar3 == iVar10) {
- iVar8 = -0x3ffffeb4;
+ uVar10 = uVar6;
+ cVar5 = HvIsCellAllocated(param_1,uVar10,param_4);
+ if (cVar5 == '\0') {
+ if (uVar9 == uVar10) {
+ iVar7 = -0x3ffffeb4;
SetFailureLocation(param_5,0,9,0xc000014c,0x80);
- lVar9 = 0;
+ lVar8 = 0;
goto LAB_0;
}
LAB_1:
- lVar5 = local_50;
- lVar9 = 0;
+ lVar4 = local_50;
+ lVar8 = 0;
if (((local_res10 & 0x20000) != 0) || ((CmpSelfHeal == '\0' && ((CmpBootType & 6) == 0))))
{
uVar11 = 0x70;
goto LAB_2;
}
- cVar6 = HvIsCellAllocated(param_1,*(undefined4 *)(local_50 + 0x2c),0);
- if (cVar6 == '\0') {
+ cVar5 = HvIsCellAllocated(param_1,*(undefined4 *)(local_50 + 0x2c),0);
+ if (cVar5 == '\0') {
uVar11 = 0x20;
goto LAB_2;
}
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar9 = HvpGetCellPaged(param_1,*(undefined4 *)(lVar5 + 0x2c),&local_60);
+ lVar8 = HvpGetCellPaged(param_1,*(undefined4 *)(lVar4 + 0x2c),&local_60);
}
else {
- lVar9 = HvpGetCellFlat();
- }
- if (lVar9 == 0) {
+ lVar8 = HvpGetCellFlat();
+ }
+ if (lVar8 == 0) {
uVar11 = 0x30;
goto LAB_2;
}
- uVar7 = -*(int *)(lVar9 + -4) - 4;
- if (0x13 < uVar7) {
- uVar4 = *(uint *)(lVar9 + 0x10);
- if ((uVar4 <= uVar4 + 0x14) && (uVar4 + 0x14 <= uVar7)) {
- cVar6 = RtlValidRelativeSecurityDescriptor(lVar9 + 0x14,uVar4,0);
- if (cVar6 == '\0') {
+ uVar9 = -*(int *)(lVar8 + -4) - 4;
+ if (0x13 < uVar9) {
+ uVar6 = *(uint *)(lVar8 + 0x10);
+ if ((uVar6 <= uVar6 + 0x14) && (uVar6 + 0x14 <= uVar9)) {
+ cVar5 = RtlValidRelativeSecurityDescriptor(lVar8 + 0x14,uVar6,0);
+ if (cVar5 == '\0') {
uVar11 = 0x40;
goto LAB_2;
}
- iVar8 = HvpMarkCellDirty(param_1,*(undefined4 *)(lVar5 + 0x2c),0,0);
- if (-1 < iVar8) {
+ iVar7 = HvpMarkCellDirty(param_1,*(undefined4 *)(lVar4 + 0x2c),0,0);
+ if (-1 < iVar7) {
uVar11 = *(undefined4 *)(local_50 + 0x2c);
- *(undefined4 *)(lVar9 + 8) = uVar11;
- *(undefined4 *)(lVar9 + 4) = uVar11;
+ *(undefined4 *)(lVar8 + 8) = uVar11;
+ *(undefined4 *)(lVar8 + 4) = uVar11;
CmpDestroySecurityCache(param_1);
CmpInitSecurityCache(param_1);
- iVar8 = -0x3ffffdd3;
- lVar5 = *(longlong *)(param_1 + 0x40);
+ iVar7 = -0x3ffffdd3;
+ lVar4 = *(longlong *)(param_1 + 0x40);
*local_res18 = 1;
- puVar1 = (uint *)(lVar5 + 0xff8);
+ puVar1 = (uint *)(lVar4 + 0xff8);
*puVar1 = *puVar1 | 4;
goto LAB_0;
}
uVar11 = 0x60;
goto LAB_3;
}
}
uVar11 = 0x50;
goto LAB_2;
}
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar9 = HvpGetCellPaged();
+ lVar8 = HvpGetCellPaged(param_1,uVar10,&local_60);
}
else {
- lVar9 = HvpGetCellFlat(param_1,iVar10,&local_60);
- }
- if (lVar9 == 0) {
+ lVar8 = HvpGetCellFlat();
+ }
+ if (lVar8 == 0) {
uVar11 = 0x90;
goto LAB_2;
}
- uVar7 = -*(int *)(lVar9 + -4) - 4;
- if (uVar7 < 0x14) {
+ uVar6 = -*(int *)(lVar8 + -4) - 4;
+ if (uVar6 < 0x14) {
LAB_4:
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
HvpReleaseCellPaged(param_1,&local_60);
}
else {
HvpReleaseCellFlat();
}
uVar11 = 0x98;
LAB_5:
SetFailureLocation(param_5,1,9,0xc000014c,uVar11);
goto LAB_1;
}
- uVar4 = *(uint *)(lVar9 + 0x10);
- if ((uVar4 + 0x14 < uVar4) || (uVar7 < uVar4 + 0x14)) goto LAB_4;
- if ((iVar10 != iVar3) && (*(int *)(lVar9 + 8) != local_res8[0])) {
+ uVar3 = *(uint *)(lVar8 + 0x10);
+ if ((uVar3 + 0x14 < uVar3) || (uVar6 < uVar3 + 0x14)) goto LAB_4;
+ if ((uVar10 != uVar9) && (*(uint *)(lVar8 + 8) != local_res8[0])) {
uVar11 = 0xa0;
goto LAB_2;
}
- cVar6 = RtlValidRelativeSecurityDescriptor(lVar9 + 0x14,uVar4,0);
- if (cVar6 == '\0') {
+ cVar5 = RtlValidRelativeSecurityDescriptor(lVar8 + 0x14,uVar3,0);
+ if (cVar5 == '\0') {
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
HvpReleaseCellPaged(param_1,&local_60);
}
else {
HvpReleaseCellFlat();
}
uVar11 = 0xa8;
goto LAB_5;
}
if (iVar2 == 0) {
- iVar8 = CmpAddSecurityCellToCache(param_1,iVar10,1);
- if (iVar8 < 0) {
+ iVar7 = CmpAddSecurityCellToCache(param_1,uVar10,1);
+ if (iVar7 < 0) {
uVar11 = 0xb0;
goto LAB_3;
}
}
else {
local_res8[0] = 0;
- cVar6 = CmpFindSecurityCellCacheIndex(param_1,iVar10,local_res8);
- if (cVar6 == '\0') {
- uVar11 = 0xc0;
- goto LAB_2;
- }
- }
- iVar8 = *(int *)(lVar9 + 4);
- local_res8[0] = iVar10;
+ cVar5 = CmpFindSecurityCellCacheIndex(param_1,uVar10,local_res8);
+ if (cVar5 == '\0') {
+ uVar11 = 0xb8;
+ iVar7 = -0x3ffffddb;
+ goto LAB_3;
+ }
+ *(undefined4 *)
+ (*(longlong *)(*(longlong *)(param_1 + 0x760) + 8 + (ulonglong)local_res8[0] * 0x10) +
+ 0x1c) = 0;
+ }
+ uVar6 = *(uint *)(lVar8 + 4);
+ local_res8[0] = uVar10;
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged();
+ HvpReleaseCellPaged(param_1,&local_60);
}
else {
- HvpReleaseCellFlat(param_1,&local_60);
+ HvpReleaseCellFlat();
}
param_4 = local_res20;
- } while (iVar8 != iVar3);
+ } while (uVar6 != uVar9);
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- lVar9 = HvpGetCellPaged();
+ lVar8 = HvpGetCellPaged(param_1,uVar6,&local_60);
}
else {
- lVar9 = HvpGetCellFlat(param_1,iVar8,&local_60);
- }
- if (*(int *)(lVar9 + 8) == iVar10) {
+ lVar8 = HvpGetCellFlat();
+ }
+ if (*(uint *)(lVar8 + 8) == uVar10) {
if (iVar2 == 0) {
CmpAdjustSecurityCacheSize(param_1);
}
if (((local_res10 & 0x2000000) != 0) && (1 < *(uint *)(param_1 + 0x750))) {
- uVar7 = 0;
+ uVar9 = 0;
do {
in_stack_ffffffffffffff88 = in_stack_ffffffffffffff88 & 0xffffff00;
- iVar8 = CmpCheckSecurityCellAccess
+ iVar7 = CmpCheckSecurityCellAccess
(param_1,*(undefined4 *)
- (*(longlong *)(param_1 + 0x760) + (ulonglong)uVar7 * 0x10),1
+ (*(longlong *)(param_1 + 0x760) + (ulonglong)uVar9 * 0x10),1
,0x20019,in_stack_ffffffffffffff88);
- if (iVar8 < 0) {
- SetFailureLocation(param_5,0,9,iVar8,0xd0);
- if (iVar8 != -0x3fffff66) {
- iVar8 = -0x3ffffeb4;
+ if (iVar7 < 0) {
+ SetFailureLocation(param_5,0,9,iVar7,0xd0);
+ if (iVar7 != -0x3fffff66) {
+ iVar7 = -0x3ffffeb4;
}
goto LAB_0;
}
- uVar7 = uVar7 + 1;
- } while (uVar7 < *(uint *)(param_1 + 0x750));
- }
- iVar8 = 0;
+ uVar9 = uVar9 + 1;
+ } while (uVar9 < *(uint *)(param_1 + 0x750));
+ }
+ iVar7 = 0;
}
else {
uVar11 = 200;
LAB_2:
- iVar8 = -0x3ffffeb4;
+ iVar7 = -0x3ffffeb4;
LAB_3:
- SetFailureLocation(param_5,0,9,iVar8,uVar11);
+ SetFailureLocation(param_5,0,9,iVar7,uVar11);
}
LAB_0:
if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged();
+ HvpReleaseCellPaged(param_1,&local_58);
}
else {
- HvpReleaseCellFlat(param_1,&local_58);
- }
- if (lVar9 == 0) {
- return iVar8;
- }
- if ((*(byte *)(param_1 + 0x8c) & 1) == 0) {
- HvpReleaseCellPaged();
- return iVar8;
- }
- HvpReleaseCellFlat(param_1,&local_60);
- return iVar8;
+ HvpReleaseCellFlat();
+ }
+ if (lVar8 == 0) {
+ return iVar7;
+ }
+ if ((*(byte *)(param_1 + 0x8c) & 1) != 0) {
+ HvpReleaseCellFlat();
+ return iVar7;
+ }
+ HvpReleaseCellPaged(param_1,&local_60);
+ return iVar7;
}
if (param_5 != 0) {
*(undefined4 *)(param_5 + 0xf0) = *(undefined4 *)(*(longlong *)(param_1 + 0x40) + 0x24);
}
uVar11 = 0x10;
local_50 = 0;
}
SetFailureLocation(param_5,0,9,0xc000014c,uVar11);
return -0x3ffffeb4;
}
Slightly modified functions have no code changes, rather differnces in:
- refcount
- length
- called
- calling
- name
- fullname
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address |
| ratio | 0.83 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | SmFreeWrapper | SmFreeWrapper |
| fullname | SmFreeWrapper | SmFreeWrapper |
refcount |
198 | 200 |
| length | 16 | 16 |
| called | ExFreePoolWithTag | ExFreePoolWithTag |
| calling | Expand for full list:CmQueryMultipleValueForLayeredKey |
Expand for full list:CmQueryMultipleValueForLayeredKey |
| paramcount | 2 | 2 |
address |
1402980f0 | 140298460 |
| sig | void __cdecl SmFreeWrapper(void * param_1, void * param_2) | void __cdecl SmFreeWrapper(void * param_1, void * param_2) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address |
| ratio | 1.0 |
| i_ratio | 0.88 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | __GSHandlerCheck | __GSHandlerCheck |
| fullname | __GSHandlerCheck | __GSHandlerCheck |
refcount |
2652 | 2651 |
| length | 29 | 29 |
| called | __GSHandlerCheckCommon | __GSHandlerCheckCommon |
| calling | ||
| paramcount | 0 | 0 |
address |
1403f69f4 | 1403f6924 |
| sig | undefined __GSHandlerCheck(void) | undefined __GSHandlerCheck(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 0.99 |
| i_ratio | 0.86 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | memset | memset |
| fullname | memset | memset |
refcount |
3431 | 3432 |
| length | 236 | 236 |
| called | __memset_repmovs | __memset_repmovs |
calling |
Expand for full list:AlpcpAllocateMessageFunction |
Expand for full list:AlpcpAllocateMessageFunction |
| paramcount | 3 | 3 |
address |
140448540 | 140448440 |
| sig | void * __cdecl memset(void * _Dst, int _Val, size_t _Size) | void * __cdecl memset(void * _Dst, int _Val, size_t _Size) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- memset calling
+++ memset calling
@@ -500,10 +500,10 @@
-FUN_1402e91c0
-FUN_140380d00
-FUN_14040aa60
-FUN_14066abc4
-FUN_1407e4e38
-FUN_1407fb15c
-FUN_140868bdc
-FUN_140a4f0cc
-FUN_140a4f61c
-FUN_140a50ea8
+FUN_1402e94d0
+FUN_140380cb0
+FUN_14040a990
+FUN_14066ab54
+FUN_1407e54d8
+FUN_1407fb7fc
+FUN_14086927c
+FUN_140a4f17c
+FUN_140a4f6cc
+FUN_140a50f58
@@ -2181,0 +2182 @@
+VrpUpdateKeyInformation| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address |
| ratio | 1.0 |
| i_ratio | 0.91 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | SetFailureLocation | SetFailureLocation |
| fullname | SetFailureLocation | SetFailureLocation |
refcount |
138 | 139 |
| length | 360 | 360 |
| called | __security_check_cookie _tlgWriteTransfer_EtwWriteTransfer |
__security_check_cookie _tlgWriteTransfer_EtwWriteTransfer |
| calling | Expand for full list:CmpLinkHiveToMaster |
Expand for full list:CmpLinkHiveToMaster |
| paramcount | 5 | 5 |
address |
140316764 | 1403169e4 |
| sig | undefined SetFailureLocation(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined4 param_5) | undefined SetFailureLocation(undefined param_1, undefined param_2, undefined param_3, undefined param_4, undefined4 param_5) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | RtlULongAdd | RtlULongAdd |
| fullname | RtlULongAdd | RtlULongAdd |
refcount |
24 | 27 |
| length | 22 | 22 |
| called | ||
calling |
FUN_1406d6580 FUN_14073d190 MiCaptureRetpolineRelocationTables |
CmpCheckKey FUN_1406d6290 FUN_14073cd60 MiCaptureRetpolineRelocationTables VrpUpdateKeyInformation |
| paramcount | 3 | 3 |
address |
1402840dc | 14028433c |
| sig | long __cdecl RtlULongAdd(ulong param_1, ulong param_2, ulong * param_3) | long __cdecl RtlULongAdd(ulong param_1, ulong param_2, ulong * param_3) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- RtlULongAdd calling
+++ RtlULongAdd calling
@@ -1,2 +1,3 @@
-FUN_1406d6580
-FUN_14073d190
+CmpCheckKey
+FUN_1406d6290
+FUN_14073cd60
@@ -3,0 +5 @@
+VrpUpdateKeyInformation| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address |
| ratio | 1.0 |
| i_ratio | 0.8 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | VerifierIofCompleteRequest | VerifierIofCompleteRequest |
| fullname | VerifierIofCompleteRequest | VerifierIofCompleteRequest |
refcount |
3 | 4 |
| length | 21 | 21 |
| called | _guard_dispatch_icall | _guard_dispatch_icall |
| calling | ||
| paramcount | 0 | 0 |
address |
140abec90 | 140abeca0 |
| sig | undefined VerifierIofCompleteRequest(void) | undefined VerifierIofCompleteRequest(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
| Key | ntoskrnl.exe.10.0.22621.2215 - ntoskrnl.exe.10.0.22621.2283 |
|---|---|
| diff_type | refcount,address |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntoskrnl.exe.10.0.22621.2215 | ntoskrnl.exe.10.0.22621.2283 |
|---|---|---|
| name | CmpAllocateTransientPoolWithQuota | CmpAllocateTransientPoolWithQuota |
| fullname | CmpAllocateTransientPoolWithQuota | CmpAllocateTransientPoolWithQuota |
refcount |
14 | 15 |
| length | 19 | 19 |
| called | ExAllocatePool2 | ExAllocatePool2 |
| calling | Expand for full list: |
Expand for full list: |
| paramcount | 0 | 0 |
address |
14029809c | 140298410 |
| sig | undefined CmpAllocateTransientPoolWithQuota(void) | undefined CmpAllocateTransientPoolWithQuota(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
Generated with ghidriff version: 0.5.0 on 2023-10-07T12:23:13