加载 WCP
功能:
加载WCP.DLL,初始化几个函数:
//----- (1008CBD0)-------------------------------------------------------- signed int __userpurge WcpLoad@<eax>(
const unsigned__int16 *a1@<ecx>,
const unsigned__int16 *a2,
int a3,
HINSTANCE *a4) { lpLibFileName = 0; v4 =a1; v5 =0; v6 =wcslen(v4); if (v6 == -8 ) { v8 =0; } else { v5 =v6 + 8; v7 =operator new(2 * (v6 + 8) + 4); *v7= 0; v8 =(WCHAR *)(v7 + 4); *(_DWORD *)v7 = v5; lpLibFileName = v8; *v8= 0; } v9 =0; v10 =v5; while (*v8 ) { ++v8; if (!--v10 ) goto LABEL_65; } if (!v10 ) { LABEL_65: v9 =-2147024809; LABEL_66: v11 =0; goto LABEL_13; } v11 =v5 - v10; LABEL_13: if (v9 < 0) goto LABEL_119; v46 =0; v12 =(char *)&lpLibFileName[v11]; v13 =v5 - v11; if (v5 == v11 ) goto LABEL_67; v14 =v11 + v13 -v5 + 2147483646; v15 =(char *)v4 -v12; while (v14 ) { v16 =*(_WORD*)&v12[v15]; if (!v16 ) break; *(_WORD *)v12 =v16; --v14; v12 +=2; if (!--v13 ) goto LABEL_67; } if (v13 ) { v9 =v46; } else { LABEL_67: v12 -=2; v9 =-2147024774; } *(_WORD *)v12 = 0; if (v9 < 0) { LABEL_119: CBSWdsLog(0x4000000u,v9, 1, "Failed toconcat string."); v18 =lpLibFileName; goto LABEL_42; } v17 =0; v46 =0; if (!v5 ||v5 > 0x7FFFFFFF) { v17 =-2147024809; v46 =-2147024809; } v18 =lpLibFileName; if (v17 < 0) goto LABEL_71; v17 =0; v19 =v5; v46 =0; v20 =lpLibFileName; if (!v5 ) goto LABEL_70; while (*v20 ) { ++v20; if (!--v19 ) goto LABEL_70; } if (!v19 ) { LABEL_70: v17 =-2147024809; v46 =-2147024809; LABEL_71: v21 =0; goto LABEL_32; } v21 =v5 - v19; LABEL_32: if (v17 >= 0) { v46 =0; v22 =(char *)&lpLibFileName[v21]; v23 =v5 - v21; if (v5 == v21 ) goto LABEL_72; v24 =v21 + v23 -v5 + 2147483646; v25 =(char *)((char *)L"wcp.dll"- v22); while (v24 ) { v26 =*(_WORD*)&v25[(_DWORD)v22]; if (!v26 ) break; *(_WORD *)v22 =v26; --v24; v22 +=2; if (!--v23 ) goto LABEL_72; } if (!v23 ) { LABEL_72: v22 -=2; v46 =-2147024774; } v18 =lpLibFileName; *(_WORD *)v22 = 0; } v9 =v46;
// v28 v29 是 wcp.dll 的实例句柄 v28 =LoadLibraryW(v18); v29 =v28; vpfnSetIsolationIMalloc = GetProcAddress(v28,"SetIsolationIMalloc"); vpfnGetIdentityAuthority = GetProcAddress(v29,"GetIdentityAuthority"); vpfnGetSystemStore = GetProcAddress(v29,"GetSystemStore"); vpfnOpenExistingOfflineStore = GetProcAddress(v29,"OpenExistingOfflineStore"); vpfnWcpInitialize = GetProcAddress(v29,"WcpInitialize"); vpfnWcpShutdown = GetProcAddress(v29,"WcpShutdown"); vpfnWcpSetHelperCallback = (__int32(__stdcall *)(struct ICBSHelper *))GetProcAddress(v29, "WcpSetHelperCallback");
vpfnWcpSetHelperCallback((struct ICBSHelper *)&vCsiHelper); v32 =(int (__stdcall*)(int*))vpfnWcpInitialize; if (!vpfnWcpInitialize || gulpWcpCookie ) { LABEL_56: hLibModule =v29; goto LABEL_57; }
v46 =0;
v33 = vpfnWcpInitialize(&v46); v27 =v33; if (_InterlockedCompareExchange((volatile signed__int32 *)&gulpWcpCookie,v46, 0) ) { v43 =v46; vpfnWcpShutdown (v43); } LABEL_57: if (lpLibFileName ) operator delete((void *)(lpLibFileName -2)); return v27; } // 100023C0: using guessed type wchar_taWcp_dll[8]; // 1019B5BC: using guessed type __int32 (__stdcall*vpfnWcpSetHelperCallback)(struct ICBSHelper *); // 1019B8A0: using guessed type int vCsiHelper; // 1019BA9C: using guessed type unsigned __int32gulpWcpCookie;