Created
October 13, 2021 14:52
-
-
Save ghoulgy/3aed10460751a7c3e738cfe75c78f801 to your computer and use it in GitHub Desktop.
wmi_process_call.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void FUN_140001070(int param_1,longlong param_2,undefined8 param_3,undefined8 param_4) | |
{ | |
u_short uVar1; | |
HRESULT HVar2; | |
int iVar3; | |
basic_ostream<char,struct_std::char_traits<char>_> *this; | |
longlong *plVar4; | |
undefined8 uVar5; | |
wchar_t *pwVar6; | |
undefined8 uVar7; | |
wchar_t *pwVar8; | |
undefined *puVar9; | |
longlong **pplVar10; | |
undefined auStackY744 [32]; | |
longlong *local_298; | |
longlong *local_290; | |
longlong *local_288; | |
longlong *wbemLocator; | |
longlong *local_278; | |
longlong *local_270; | |
longlong *local_268; | |
undefined8 local_260; | |
undefined2 local_258; | |
wchar_t *local_250; | |
undefined2 local_240; | |
longlong *local_238; | |
wchar_t local_228 [264]; | |
ulonglong local_18; | |
local_18 = DAT_140005008 ^ (ulonglong)auStackY744; | |
if (param_1 == 2) { | |
uVar1 = htons(0x4081); | |
this = std::basic_ostream<char,struct_std::char_traits<char>_>::operator<< | |
((basic_ostream<char,struct_std::char_traits<char>_> *)cout_exref,(uint)uVar1); | |
std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<(this,FUN_140001400); | |
CoInitializeEx((LPVOID)0x0,0); | |
puVar9 = &DAT_1400032c0; | |
wbemLocator = (longlong *)0x0; | |
uVar5 = 0; | |
uVar7 = 1; | |
HVar2 = CoCreateInstance((IID *)&DAT_1400032b0,(LPUNKNOWN)0x0,1,(IID *)&DAT_1400032c0, | |
&wbemLocator); | |
if (HVar2 < 0) { | |
CoUninitialize(); | |
FUN_140001010("failed1\n",uVar5,uVar7,puVar9); | |
} | |
else { | |
pplVar10 = (longlong **)0x0; | |
pwVar6 = L"ROOT\\CIMV2"; | |
local_298 = (longlong *)0x0; | |
pwVar8 = (wchar_t *)0x0; | |
iVar3 = (**(code **)(*wbemLocator + 0x18))(); | |
plVar4 = wbemLocator; | |
if (-1 < iVar3) { | |
pplVar10 = (longlong **)0x0; | |
pwVar8 = (wchar_t *)0x0; | |
pwVar6 = (wchar_t *)0xa; | |
HVar2 = CoSetProxyBlanket((IUnknown *)0x0,10,0,(OLECHAR *)0x0,3,3, | |
(RPC_AUTH_IDENTITY_HANDLE)0x0,0); | |
plVar4 = wbemLocator; | |
if (-1 < HVar2) { | |
local_288 = (longlong *)0x0; | |
pplVar10 = (longlong **)0x0; | |
pwVar8 = (wchar_t *)0x0; | |
pwVar6 = L"Win32_ProcessStartup"; | |
iVar3 = (**(code **)(lRam0000000000000000 + 0x30))(); | |
plVar4 = local_288; | |
if (-1 < iVar3) { | |
local_268 = (longlong *)0x0; | |
pwVar8 = (wchar_t *)&local_268; | |
pwVar6 = (wchar_t *)0x0; | |
iVar3 = (**(code **)(*local_288 + 0x78))(); | |
plVar4 = local_288; | |
if (-1 < iVar3) { | |
local_278 = (longlong *)0x0; | |
pplVar10 = (longlong **)0x0; | |
pwVar8 = (wchar_t *)0x0; | |
pwVar6 = L"Win32_Process"; | |
iVar3 = (**(code **)(lRam0000000000000000 + 0x30))(); | |
plVar4 = local_298; | |
if (-1 < iVar3) { | |
pplVar10 = &local_270; | |
local_270 = (longlong *)0x0; | |
pwVar6 = L"Create"; | |
pwVar8 = (wchar_t *)0x0; | |
iVar3 = (**(code **)(*local_278 + 0x98))(); | |
plVar4 = local_278; | |
if (-1 < iVar3) { | |
pwVar8 = (wchar_t *)&local_290; | |
local_290 = (longlong *)0x0; | |
pwVar6 = (wchar_t *)0x0; | |
iVar3 = (**(code **)(*local_270 + 0x78))(); | |
plVar4 = local_270; | |
if (-1 < iVar3) { | |
wcscpy_s(local_228,0x105,*(wchar_t **)(param_2 + 8)); | |
VariantInit((VARIANTARG *)&local_258); | |
pplVar10 = (longlong **)&local_258; | |
local_258 = 8; | |
pwVar6 = L"CommandLine"; | |
local_250 = local_228; | |
pwVar8 = (wchar_t *)0x0; | |
iVar3 = (**(code **)(*local_290 + 0x28))(); | |
plVar4 = local_290; | |
if (-1 < iVar3) { | |
VariantInit((VARIANTARG *)&local_240); | |
pplVar10 = (longlong **)&local_240; | |
local_240 = 9; | |
pwVar6 = L"ProcessStartupInformation"; | |
pwVar8 = (wchar_t *)0x0; | |
local_238 = local_268; | |
iVar3 = (**(code **)(*local_290 + 0x28))(); | |
plVar4 = local_290; | |
if (-1 < iVar3) { | |
pwVar8 = L"Create"; | |
pwVar6 = L"Win32_Process"; | |
pplVar10 = (longlong **)0x0; | |
local_260 = 0; | |
iVar3 = (**(code **)(lRam0000000000000000 + 0xc0))(); | |
plVar4 = local_298; | |
if (-1 < iVar3) { | |
(**(code **)(*local_290 + 0x10))(); | |
(**(code **)(*local_278 + 0x10))(); | |
(**(code **)(*local_288 + 0x10))(); | |
(**(code **)(*local_268 + 0x10))(); | |
(**(code **)(lRam0000000000000000 + 0x10))(); | |
(**(code **)(*wbemLocator + 0x10))(); | |
CoUninitialize(); | |
goto LAB_1400013d2; | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
(**(code **)(*plVar4 + 0x10))(); | |
FUN_140001010("failed1\n",pwVar6,pwVar8,pplVar10); | |
} | |
} | |
else { | |
FUN_140001010("Usage: binary.exe <command>",param_2,param_3,param_4); | |
} | |
LAB_1400013d2: | |
FUN_140001450(local_18 ^ (ulonglong)auStackY744); | |
return; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment