int __stdcall CExposedStream::Unmarshal(IStream *CurrentInputStream, void **ppv, unsigned int mshlflags)
{
int hrFinal; // edi
int hrTemp; // eax
unsigned int v6; // eax
const void *v7; // eax
unsigned int v8; // eax
const void *v9; // eax
CGlobalContext *globalContextPtr; // eax
void **pvBasePtr; // eax
void *pvBaseObj; // edi
CExposedStream *PExposedStreamTemp; // ecx
unsigned int procID; // eax
CMarshalList *MarshalListTempFirst; // ecx
CMarshalList *MarshalListTemp; // eax
CExposedStream *ppvObjRef; // esi
CExposedStream *v18; // eax
CExposedStream *v19; // eax
CSeekPointer *CSeekPointerTemp; // edx
CDFBasis *CDFBasisTemp; // ecx
CPubStream *.CBasedPubStreamObjTemp; // eax
CSmAllocator *TlsSmAllocatoCurrentOld; // eax
CSmAllocator *TlsSmAllocatoCurrentNew; // eax
unsigned int CBasedMarshalListObjTemp; // eax
CMarshalList *CMarshalListObjTemp; // ecx
unsigned int CBasedPubStreamObjTemp; // eax
unsigned int CBasedSeekPointerObjTemp; // eax
_DWORD *v29; // eax
CPerContext *v30; // ecx
CSmAllocator *v31; // eax
CSmAllocator *v32; // eax
CPerContext pcSharedMemory; // [esp+Ch] [ebp-8Ch]
unsigned int cbRead; // [esp+50h] [ebp-48h]
SDfMarshalPacket SDfMarshalPacketCurrent; // [esp+54h] [ebp-44h]
IStream *stremRefUnknownPtr; // [esp+88h] [ebp-10h]
CDfMutex mtx; // [esp+8Ch] [ebp-Ch]
CPerContext *CPerContextTemp; // [esp+94h] [ebp-4h]
void *pvBaseOld; // [esp+A0h] [ebp+8h]
void *pvBaseNew; // [esp+A8h] [ebp+10h]
mtx._pGlobalPortion = 0;
mtx._hLockEvent = 0;
stremRefUnknownPtr = 0;
SDfMarshalPacketCurrent.CBasedPubDocFileObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedSeekPointerObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedDFBasisObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedGlobalFileStreamObj._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedGlobalFileStreamDirty._SelftobjectPtr = 0;
SDfMarshalPacketCurrent.CBasedGlobalFileStreamOriginal._SelftobjectPtr = 0;
CPerContext::CPerContext(&pcSharedMemory, 0);
CoUnmarshalInterface(CurrentInputStream, &IID_IStream, (IUnknown *)&stremRefUnknownPtr);
if ( (mshlflags & 0x80000000) == 0 )
{
hrFinal = CurrentInputStream->_SelfStreamVtbl->Read(CurrentInputStream, &SDfMarshalPacketCurrent, 52u, &cbRead);
if ( hrFinal < 0 )
goto EH_std;
if ( cbRead != 52 )
{
hrFinal = -2147287010;
goto EH_std;
}
UnmarshalSharedMemory(&SDfMarshalPacketCurrent, mshlflags, &pcSharedMemory);
hrFinal = hrTemp;
if ( hrTemp < 0 )
goto EH_std;
pvBaseOld = *(void **)NtCurrentTeb()->ReservedForOle;
if ( SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr )
v6 = SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr + *(_DWORD *)NtCurrentTeb()->ReservedForOle;
else
v6 = 0;
if ( !v6
|| (!SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr ? (v7 = 0) : (v7 = (const void *)(SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr + *(_DWORD *)NtCurrentTeb()->ReservedForOle)),
!IsValidPtrIn(v7, 0x7Cu)
|| (!SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr ? (v8 = 0) : (v8 = SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle),
!v8
|| (!SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr ? (v9 = 0) : (v9 = (const void *)(SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr + *(_DWORD *)NtCurrentTeb()->ReservedForOle)),
!IsValidPtrIn(v9, 0x30u)))) )
{
hrFinal = -2147287031;
EH_Err_104:
CPerContext::SetThreadAllocatorState(&pcSharedMemory, 0);
TlsSmAllocatoCurrentOld = GetTlsSmAllocator();
CSmAllocator::Uninit(TlsSmAllocatoCurrentOld);
TlsSmAllocatoCurrentNew = GetTlsSmAllocator();
CSmAllocator::SetState(TlsSmAllocatoCurrentNew, 0, 0, 0, 0, 0);
goto EH_std;
}
if ( SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr )
globalContextPtr = (CGlobalContext *)(SDfMarshalPacketCurrent.CBasedGlobalContextObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
globalContextPtr = 0;
hrFinal = CDfMutex::Init(&mtx, globalContextPtr, 0);
if ( hrFinal < 0 )
goto EH_Err_104;
hrFinal = CDfMutex::Take(&mtx, 0xFFFFFFFF);
if ( hrFinal < 0 )
goto EH_Err_104;
hrFinal = UnmarshalContext(&SDfMarshalPacketCurrent, &CPerContextTemp, mshlflags, 0, 0);
if ( hrFinal < 0 )
{
EH_mtx:
CDfMutex::Release(&mtx);
goto EH_Err_104;
}
pvBasePtr = (void **)NtCurrentTeb()->ReservedForOle;
pvBaseObj = *pvBasePtr;
pvBaseNew = *pvBasePtr;
if ( gs_iSharedHeaps > 256 )
goto LABEL_37;
if ( SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr )
PExposedStreamTemp = (CExposedStream *)(SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
PExposedStreamTemp = 0;
if ( CExposedStream::Validate((CExposedStream *)(PExposedStreamTemp != 0 ? (unsigned int)&PExposedStreamTemp[-1]._pmlNext : 0)) < 0 )
{
ppvObjRef = 0;
}
else
{
procID = GetCurrentProcessId();
if ( SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr )
MarshalListTempFirst = (CMarshalList *)(SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
MarshalListTempFirst = 0;
MarshalListTemp = CMarshalList::FindMarshal(MarshalListTempFirst, procID, pvBaseObj);
ppvObjRef = (CExposedStream *)(MarshalListTemp != 0 ? (unsigned int)&MarshalListTemp[-3] : 0);
}
if ( ppvObjRef )
{
if ( SDfMarshalPacketCurrent.CBasedDFBasisObj._SelftobjectPtr )
v29 = (_DWORD *)(SDfMarshalPacketCurrent.CBasedDFBasisObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
v29 = 0;
v30 = CPerContextTemp;
v29[2] = CPerContextTemp->_plkbBase;
v29[3] = v30->_pfstDirty;
v29[4] = v30->_plkbOriginal;
ppvObjRef->_SelfStreamVtbl->AddRef((IStream *)&ppvObjRef->_SelfStreamVtbl);
CPerContext::Release(CPerContextTemp);
}
else
{
v18 = (CExposedStream *)CMallocBased::operator new(0x48u, CPerContextTemp->_pMalloc);
if ( v18 )
{
CExposedStream::CExposedStream(v18);
ppvObjRef = v19;
}
else
{
ppvObjRef = 0;
}
if ( !ppvObjRef )
{
LABEL_37:
hrFinal = -2147287032;
EH_ppc_1:
CPerContext::Release(CPerContextTemp);
goto EH_mtx;
}
if ( SDfMarshalPacketCurrent.CBasedSeekPointerObj._SelftobjectPtr )
CSeekPointerTemp = (CSeekPointer *)(SDfMarshalPacketCurrent.CBasedSeekPointerObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
CSeekPointerTemp = 0;
if ( SDfMarshalPacketCurrent.CBasedDFBasisObj._SelftobjectPtr )
CDFBasisTemp = (CDFBasis *)(SDfMarshalPacketCurrent.CBasedDFBasisObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
CDFBasisTemp = 0;
if ( SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr )
.CBasedPubStreamObjTemp = (CPubStream *)(SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
.CBasedPubStreamObjTemp = 0;
hrFinal = CExposedStream::Init(
ppvObjRef,
.CBasedPubStreamObjTemp,
CDFBasisTemp,
CPerContextTemp,
CSeekPointerTemp);
if ( hrFinal < 0 )
{
CExposedStream::`scalar deleting destructor'(ppvObjRef, 1u);
goto EH_ppc_1;
}
if ( SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr )
CBasedMarshalListObjTemp = SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle;
else
CBasedMarshalListObjTemp = 0;
if ( CBasedMarshalListObjTemp )
{
if ( SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr )
CMarshalListObjTemp = (CMarshalList *)(SDfMarshalPacketCurrent.CBasedMarshalListObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle);
else
CMarshalListObjTemp = 0;
CMarshalList::AddMarshal(CMarshalListObjTemp, (CMarshalList *)&ppvObjRef->_pmlNext);
}
if ( SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr )
CBasedPubStreamObjTemp = SDfMarshalPacketCurrent.CBasedPubStreamObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle;
else
CBasedPubStreamObjTemp = 0;
InterlockedIncrement((volatile LONG *)(CBasedPubStreamObjTemp + 96));
if ( SDfMarshalPacketCurrent.CBasedSeekPointerObj._SelftobjectPtr )
CBasedSeekPointerObjTemp = SDfMarshalPacketCurrent.CBasedSeekPointerObj._SelftobjectPtr
+ *(_DWORD *)NtCurrentTeb()->ReservedForOle;
else
CBasedSeekPointerObjTemp = 0;
InterlockedIncrement((volatile LONG *)(CBasedSeekPointerObjTemp + 8));
pvBaseObj = pvBaseNew;
}
*ppv = ppvObjRef;
CDfMutex::Release(&mtx);
if ( pvBaseOld != pvBaseObj )
{
CPerContext::SetThreadAllocatorState(&pcSharedMemory, 0);
v31 = GetTlsSmAllocator();
CSmAllocator::Uninit(v31);
}
v32 = GetTlsSmAllocator();
CSmAllocator::SetState(v32, 0, 0, 0, 0, 0);
if ( stremRefUnknownPtr )
stremRefUnknownPtr->_SelfStreamVtbl->Release(stremRefUnknownPtr);
goto teardown;
}
hrFinal = ((int (__stdcall *)(IStream *, signed int, _DWORD, signed int, _DWORD))CurrentInputStream->_SelfStreamVtbl->Seek)(
CurrentInputStream,
96,
0,
1,
0);
if ( hrFinal >= 0 )
hrFinal = -2147287039;
EH_std:
if ( stremRefUnknownPtr )
{
*ppv = stremRefUnknownPtr;
teardown:
CPerContext::~CPerContext(&pcSharedMemory);
CDfMutex::~CDfMutex(&mtx);
return 0;
}
CPerContext::~CPerContext(&pcSharedMemory);
CDfMutex::~CDfMutex(&mtx);
return hrFinal;
}
CExposedStream::Unmarshal逆向结果
猜你喜欢
转载自blog.csdn.net/oshuangyue12/article/details/79936429
今日推荐
周排行