File Information hashes and primary classification
File name
1fd921159de8ccf3c33c7ad3d52a4186c2695b858435e8e327c4d95a8d1b048a
File size
246.0 KiB
Architecture
X64
- MD5
- 84d25292717671610c936bca7f0626f5
- SHA1
- 86784a31a2709932ff10fdc40818b655c68c7215
- SHA256
- 1fd921159de8ccf3c33c7ad3d52a4186c2695b858435e8e327c4d95a8d1b048a
- TLSH
- T19f346b05b3a50db5ec6382b889539a06eab37c501b20dbdf53a0426e9f3b7d1763d760
- Imphash
- e1a7c58264c53a624bfdbda284c89f1f
- Rich header
- 1281003429300f9de881d80ce349fc5d
Metadata parser-extracted fields
YARA Signatures 2 matching rules
Type.INFO
compiler
MSVC_2019_linker
MSVS2019 v16.11.21
Kesakode similarity verdict
PNGPlugLoader
0.4%
1 malware hits
0 library hits
858 clean hits
Anomalies signals worth reviewing
strings:
BigStringHiScore
DynamicString
imports:
ImportByHash
code:
ManyHighValueImmediates
ManyUniqueImmediateBytes
SequentialFunction
SpaghettiFunction
StackArrayInitialisationX64
XorInLoop
integrity:
NoChecksum
UnsignedMicrosoft
sections:
SectionNameUnknown
headers:
WeirdDebugInfoType
Constants identified constants and patterns
apihash:
hash(InternetCloseHandle)
1
hash(InternetOpenA)
1
hash(InternetOpenUrlA)
1
hash(InternetReadFile)
1
hash(LoadLibraryA)
1
code:
PEBx64
1
crypto:
AES_Rijndael_S___ARIA_S1__8_byt_256
1
AES_Rijndael_Si___ARIA_X1__8_byt_256
1
Rijndael_rcon__32_big_40
1
Rijndael_Td0__0x51f4a750U___32_lil_1024
1
Rijndael_Td1__0x5051f4a7U___32_lil_1024
1
Rijndael_Td2__0xa75051f4U___32_lil_1024
1
Rijndael_Td3__0xf4a75051U___32_lil_1024
1
guid:
IDispatch
2
ICatRegister
1
ICertEncodeBitString
1
ICertServerPolicy
1
IClassFactory
1
ISupportErrorInfo
1
ITypeInfo
1
ITypeInfo2
1
IUnknown
1
math:
log10
2
oid:
anyExtendedKeyUsage
1
basicConstraints
1
registry:
HKEY_USERS
2
HKEY_LOCAL_MACHINE
1
Strings highest-value extracted strings
| Address | String | Refs | Encoding | Score |
|---|---|---|---|---|
| 0x180017E28 | 660A0000700A0000E60A0000F00A0000660B0000700B0000660C0000700C0000E60C0000F00C0000660D0000700D0000500E00005A0E0000D00E0... | 1 | BINARY | 220 |
| 0x18001A841 | E60A0000F00A0000660B0000700B0000660C0000700C0000E60C0000F00C0000660D0000700D0000500E00005A0E0000D00E0000DA0E0000200F0... | 1 | BINARY | 220 |
| 0x180032E40 | ?certificateRevocationList?base?objectclass=cRLDistributionPoint | 1 | UTF16 | 179 |
| 0x180032F90 | ?userCertificate?one?objectClass=msPKI-PrivateKeyRecoveryAgent | 1 | UTF16 | 178 |
| 0x180033010 | ?crossCertificatePair?one?objectClass=certificationAuthority | 1 | UTF16 | 177 |
| 0x180029680 | ERROR : Unable to initialize critical section in CAtlBaseModule\n | 1 | UTF16 | 176 |
| 0x180032ED0 | ?cACertificate?base?objectclass=certificationAuthority | 1 | UTF16 | 175 |
| 0x180033F00 | EnableEnrolleeRequestExtensionList | 1 | UTF16 | 161 |
| 0x180032F40 | ?userCertificate?base?objectClass=* | 1 | UTF16 | 160 |
| 0x180034150 | 2.16.840.1.113730.1.3 | 1 | UTF16 | 155 |
| 0x1800341C0 | 2.16.840.1.113730.1.1 | 1 | UTF16 | 155 |
| 0x180034260 | 1.3.6.1.4.1.311.21.10 | 1 | UTF16 | 154 |
| 0x180033B98 | OLEAUT32.DLL | 1 | UTF16 | 154 |
| 0x18002AB88 | mscoree.dll | 1 | UTF16 | 154 |
| 0x180034180 | 2.5.29.19 | 4 | UTF16 | 154 |
| 0x180034208 | 2.5.29.15 | 2 | UTF16 | 154 |
| 0x1800341F0 | 2.5.29.35 | 2 | UTF16 | 154 |
| 0x180033EC8 | EnableRequestExtensionList | 1 | UTF16 | 153 |
| 0x1800422B0 | <?xml version='1.0' encoding='UTF-8' standalone='yes'?>\r\n<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifes... | 1 | ASCII | 151 |
| 0x180033510 | VersionIndependentProgID | 1 | UTF16 | 151 |
| 0x180034248 | 2.5.29.37 | 2 | UTF16 | 150 |
| 0x180033A80 | HKCU\r\n{ Software\r\n {\r\n Classes | 1 | UTF16 | 148 |
| 0x180032DE0 | DC=UnavailableDomainDN | 1 | UTF16 | 148 |
| 0x180033CE0 | CertAuthority_Sample.PolicyManage.1 | 2 | UTF16 | 147 |
| 0x180033F90 | DisableExtensionList | 1 | UTF16 | 147 |
| 0x1800344A0 | 1.3.6.1.4.1.311.21.7 | 2 | UTF16 | 147 |
| 0x1800343C0 | 1.3.6.1.4.1.311.20.2 | 2 | UTF16 | 147 |
| 0x180034088 | RequestDisposition | 1 | UTF16 | 147 |
| 0x1800343F0 | RequesterCAAccess | 1 | UTF16 | 147 |
| 0x180033C90 | CertAuthority_Sample.PolicyManage | 2 | UTF16 | 146 |
| 0x180033780 | Advapi32.dll | 5 | UTF16 | 146 |
| 0x180034290 | 2.5.29.19 | 2 | ASCII | 145 |
| 0x180033C48 | CertAuthority_Sample.Policy.1 | 2 | UTF16 | 143 |
| 0x180033DA0 | Sample/Test Policy Module | 1 | UTF16 | 143 |
| 0x180033B68 | \Implemented Categories | 1 | UTF16 | 143 |
| 0x180033FC0 | ModuleRegistryLocation | 1 | UTF16 | 143 |
| 0x180034330 | ValidityPeriodUnits | 1 | UTF16 | 143 |
| 0x180034470 | RawCACertificate | 1 | UTF16 | 143 |
| 0x180034220 | CertificateUsage | 1 | UTF16 | 143 |
| 0x180034068 | fServerUpgraded | 1 | UTF16 | 143 |
| 0x180034418 | Disposition | 1 | UTF16 | 142 |
| 0x180033C10 | CertAuthority_Sample.Policy | 2 | UTF16 | 141 |
| 0x180033B38 | \Required Categories | 1 | UTF16 | 141 |
| 0x180034040 | SanitizedShortName | 1 | UTF16 | 141 |
| 0x180033E50 | No Configurable Options | 1 | UTF16 | 140 |
| 0x18002AEB0 | api-ms-win-core-localization-obsolete-l1-2-0 | 1 | UTF16 | 139 |
| 0x180033F48 | EKUOIDsforVolatileRequests | 2 | UTF16 | 139 |
| 0x180032E10 | DC=UnavailableConfigDN | 2 | UTF16 | 139 |
| 0x1800342A8 | CertificateTemplate | 3 | UTF16 | 139 |
| 0x180032D68 | ForceRemove | 1 | UTF16 | 139 |
| 0x18002B0B0 | api-ms-win-security-systemfunctions-l1-1-0 | 1 | UTF16 | 138 |
| 0x1800340E8 | MachineDNSName | 1 | UTF16 | 138 |
| 0x180034310 | ValidityPeriod | 1 | UTF16 | 138 |
| 0x1800342F0 | ExpirationDate | 1 | UTF16 | 138 |
| 0x180034388 | GeneralFlags | 1 | UTF16 | 138 |
| 0x1800341B0 | server | 1 | UTF16 | 138 |
| 0x180032D98 | Delete | 1 | UTF16 | 138 |
| 0x18002B160 | ext-ms-win-ntuser-windowstation-l1-1-0 | 1 | UTF16 | 136 |
| 0x180034020 | SanitizedCAName | 1 | UTF16 | 136 |
| 0x180033E80 | RevocationType | 1 | UTF16 | 136 |
| 0x180033258 | ThreadingModel | 1 | UTF16 | 136 |
| 0x180034108 | CertCount | 1 | UTF16 | 136 |
| 0x180034358 | NotBefore | 1 | UTF16 | 136 |
| 0x180033AC0 | \r\n }\r\n}\r\n | 1 | UTF16 | 136 |
| 0x180032D80 | NoRemove | 1 | UTF16 | 136 |
| 0x18002B060 | api-ms-win-rtcore-ntuser-window-l1-1-0 | 1 | UTF16 | 135 |
| 0x1800340C8 | CAPathLength | 1 | UTF16 | 135 |
| 0x1800337B8 | RegCreateKeyTransactedW | 1 | ASCII | 135 |
| 0x18002AF10 | api-ms-win-core-processthreads-l1-1-2 | 1 | UTF16 | 134 |
| 0x18002B2B0 | AppPolicyGetProcessTerminationMethod | 2 | ASCII | 134 |
| 0x180033E08 | (c)2000 Microsoft | 1 | UTF16 | 134 |
| 0x180032CD8 | Product Version | 1 | UTF16 | 133 |
| 0x1800337D0 | RegDeleteKeyTransactedW | 1 | ASCII | 133 |
| 0x180033BB8 | RegisterTypeLibForUser | 1 | ASCII | 133 |
| 0x180033D60 | APPID | 1 | UTF16 | 133 |
| 0x18002AE60 | api-ms-win-core-localization-l1-2-1 | 1 | UTF16 | 132 |
| 0x18002B1F0 | api-ms-win-appmodel-runtime-l1-1-2 | 1 | UTF16 | 132 |
| 0x180034450 | RequestId=%u | 1 | UTF16 | 132 |
| 0x180032D10 | File Version | 1 | UTF16 | 132 |
| 0x1800343A8 | KeyArchived | 1 | UTF16 | 132 |
| 0x180032CF8 | Description | 1 | UTF16 | 132 |
| 0x180034138 | RequestID | 1 | UTF16 | 132 |
| 0x180034370 | NotAfter | 1 | UTF16 | 132 |
| 0x180034440 | Pending | 1 | UTF16 | 132 |
| 0x18002B248 | ext-ms- | 1 | UTF16 | 132 |
| 0x180033808 | CurVer | 1 | UTF16 | 132 |
| 0x180033DD8 | Sample Policy Module | 2 | UTF16 | 131 |
| 0x180034000 | VolatileMode | 2 | UTF16 | 131 |
| 0x180033388 | InprocServer32 | 2 | UTF16 | 130 |
| 0x18002A7A8 | InitializeCriticalSectionEx | 3 | ASCII | 130 |
| 0x18002B110 | ext-ms-win-ntuser-dialogbox-l1-1-0 | 1 | UTF16 | 129 |
| 0x18002ADB0 | api-ms-win-core-datetime-l1-1-1 | 1 | UTF16 | 129 |
| 0x180033BD0 | Unknown exception | 1 | ASCII | 129 |
| 0x1800337E8 | RegDeleteKeyExW | 1 | ASCII | 129 |
| 0x18002B260 | AreFileApisANSI | 1 | ASCII | 129 |
| 0x1800342E0 | CrossCA | 2 | UTF16 | 129 |
| 0x180033EA8 | RevocationURL | 2 | UTF16 | 128 |
| 0x1800334D0 | LocalServer32 | 3 | UTF16 | 128 |
| 0x180033BE8 | bad array new length | 1 | ASCII | 128 |
| 0x180032CC0 | Copyright | 1 | UTF16 | 128 |
| 0x18002AFA0 | api-ms-win-core-sysinfo-l1-2-1 | 1 | UTF16 | 127 |
| 0x18002A6A0 | api-ms-win-core-fibers-l1-1-1 | 1 | UTF16 | 127 |
| 0x180034120 | CRLIndex | 1 | UTF16 | 127 |
| 0x180029640 | bad allocation | 1 | ASCII | 127 |
| 0x18002ABA0 | CorExitProcess | 1 | ASCII | 127 |
| 0x18002AF60 | api-ms-win-core-string-l1-1-0 | 1 | UTF16 | 126 |
| 0x18002AFE0 | api-ms-win-core-winrt-l1-1-0 | 1 | UTF16 | 126 |
| 0x180033FF0 | CAType | 1 | UTF16 | 126 |
| 0x180033460 | ProgID | 1 | UTF16 | 126 |
| 0x180033E40 | v 5.00 | 1 | UTF16 | 126 |
| 0x180033818 | AppID | 3 | UTF16 | 125 |
| 0x180032DC0 | file: | 1 | UTF16 | 125 |
| 0x180034430 | Deny | 1 | UTF16 | 125 |
| 0x180032D30 | Name | 1 | UTF16 | 125 |
| 0x180033B18 | .tlb | 1 | UTF16 | 125 |
| 0x180033500 | both | 1 | UTF16 | 125 |
| 0x18002B020 | api-ms-win-core-xstate-l2-1-0 | 1 | UTF16 | 124 |
| 0x18002AE28 | api-ms-win-core-file-l1-2-2 | 1 | UTF16 | 124 |
| 0x180033B00 | REGISTRY | 2 | UTF16 | 124 |
| 0x180034198 | CertType | 2 | UTF16 | 124 |
| 0x18002A738 | api-ms- | 2 | UTF16 | 124 |
| 0x180033F80 | 2.5.29.37.0 | 2 | ASCII | 124 |
| 0x18002BA4C | e+000 | 1 | ASCII | 124 |
| 0x18002ADF0 | api-ms-win-core-file-l1-2-4 | 1 | UTF16 | 123 |
| 0x180030140 | UUUUUU | 2 | ASCII | 123 |
| 0x180030110 | UUUUUU | 2 | ASCII | 123 |
| 0x1800337A0 | RegOpenKeyTransactedW | 2 | ASCII | 122 |
| 0x18002B298 | LocaleNameToLCID | 2 | ASCII | 121 |
| 0x180033C00 | string too long | 2 | ASCII | 121 |
| 0x180033AE8 | Module_Raw | 2 | UTF16 | 120 |
| 0x1800340B0 | EditFlags | 2 | UTF16 | 120 |
| 0x180032DB0 | -%05hu | 1 | UTF16 | 120 |
| 0x18002A768 | FlsFree | 2 | ASCII | 120 |
| 0x18002FFB0 | CONOUT$ | 2 | UTF16 | 119 |
| 0x180033090 | Seconds | 2 | UTF16 | 119 |
| 0x1800298B8 | bad exception | 1 | ASCII | 119 |
| 0x18002A750 | FlsAlloc | 2 | ASCII | 119 |
| 0x180033AD8 | Module | 2 | UTF16 | 118 |
| 0x180033B28 | CLSID\ | 2 | UTF16 | 118 |
| 0x18003897A | WININET.dll | 1 | ASCII | 118 |
| 0x180033E30 | v 1.0 | 1 | UTF16 | 118 |
| 0x18002B918 | MM/dd/yy | 1 | UTF16 | 117 |
| 0x18002B958 | HH:mm:ss | 1 | UTF16 | 117 |
| 0x18002A778 | FlsGetValue | 2 | ASCII | 117 |
| 0x18002A790 | FlsSetValue | 2 | ASCII | 117 |
| 0x18002C2A8 | ko-KR | 4 | UTF16 | 117 |
| 0x1800342D0 | SubCA | 3 | UTF16 | 117 |
| 0x1800337F8 | CLSID | 5 | UTF16 | 117 |
| 0x18002C288 | ja-JP | 4 | UTF16 | 117 |
| 0x180033908 | HKCR | 2 | UTF16 | 117 |
| 0x18002FF98 | 1#QNAN | 1 | ASCII | 117 |
| 0x18002FFA0 | 1#SNAN | 1 | ASCII | 117 |
| 0x180031A50 | log10 | 1 | ASCII | 117 |
| 0x180033A00 | HKEY_PERFORMANCE_DATA | 1 | UTF16 | 116 |
| 0x180033828 | Component Categories | 1 | UTF16 | 116 |
| 0x1800339C0 | HKEY_LOCAL_MACHINE | 1 | UTF16 | 116 |
| 0x180033998 | HKEY_CURRENT_USER | 1 | UTF16 | 116 |
| 0x180038DFE | ole32.dll | 1 | ASCII | 116 |
| 0x18002A6E0 | api-ms-win-core-synch-l1-2-0 | 2 | UTF16 | 115 |
| 0x18002A488 | `eh vector vbase copy constructor iterator' | 1 | ASCII | 115 |
| 0x18002A528 | `vector vbase copy constructor iterator' | 1 | ASCII | 115 |
| 0x180038CA4 | KERNEL32.dll | 1 | ASCII | 115 |
| 0x180038D82 | ADVAPI32.dll | 1 | ASCII | 115 |
| 0x1800389A0 | WINHTTP.dll | 1 | ASCII | 115 |
| 0x18002A558 | `managed vector copy constructor iterator' | 1 | ASCII | 114 |
| 0x18002A308 | `eh vector vbase constructor iterator' | 1 | ASCII | 114 |
| 0x180033A50 | HKEY_CURRENT_CONFIG | 1 | UTF16 | 114 |
| 0x180033970 | HKEY_CLASSES_ROOT | 1 | UTF16 | 114 |
| 0x18002A410 | `managed vector constructor iterator' | 1 | ASCII | 113 |
| 0x18002A278 | `vector vbase constructor iterator' | 1 | ASCII | 113 |
| 0x180033A30 | HKEY_DYN_DATA | 1 | UTF16 | 113 |
| 0x18002B930 | dddd, MMMM dd, yyyy | 1 | UTF16 | 112 |
| 0x18002A460 | `eh vector copy constructor iterator' | 1 | ASCII | 112 |
| 0x18002A438 | `managed vector destructor iterator' | 1 | ASCII | 112 |
| 0x18002A380 | `local vftable constructor closure' | 1 | ASCII | 112 |
| 0x18003838F | npmserver_options_manifest | 1 | ASCII | 112 |
| 0x180038E08 | OLEAUT32.dll | 1 | ASCII | 112 |
| 0x18003833A | CertPSam.dll | 1 | ASCII | 112 |
| 0x18002A8D0 | (null) | 2 | UTF16 | 112 |
| 0x180038952 | CRYPT32.dll | 1 | ASCII | 112 |
| 0x180038CDA | USER32.dll | 1 | ASCII | 112 |
| 0x18002A500 | `vector copy constructor iterator' | 1 | ASCII | 111 |
| 0x18002A2C0 | `eh vector constructor iterator' | 1 | ASCII | 111 |
| 0x18002F3F8 | sr-sp-cyrl | 1 | UTF16 | 111 |
| 0x18002ECD0 | bs-ba-latn | 1 | UTF16 | 111 |
| 0x18002B280 | LCMapStringEx | 2 | ASCII | 111 |
| 0x18002F248 | nn-no | 1 | UTF16 | 111 |
| 0x18002F278 | pl-pl | 1 | UTF16 | 111 |
| 0x18002F298 | pt-pt | 1 | UTF16 | 111 |
| 0x18002F2D8 | ro-ro | 1 | UTF16 | 111 |
| 0x18002F2E8 | ru-ru | 1 | UTF16 | 111 |
| 0x18002F328 | se-se | 1 | UTF16 | 111 |
| 0x18002F338 | sk-sk | 1 | UTF16 | 111 |
| 0x18002F488 | th-th | 1 | UTF16 | 111 |
| 0x18002ED48 | de-de | 1 | UTF16 | 111 |
| 0x18002EFD8 | fo-fo | 1 | UTF16 | 111 |
| 0x18002EFC8 | fi-fi | 1 | UTF16 | 111 |
| 0x18002F4A8 | tr-tr | 1 | UTF16 | 111 |
| 0x18002ECB0 | bg-bg | 1 | UTF16 | 111 |
| 0x18002F178 | lt-lt | 1 | UTF16 | 111 |
| 0x18002F238 | nl-nl | 1 | UTF16 | 111 |
| 0x18002F188 | lv-lv | 1 | UTF16 | 111 |
| 0x18002F0D8 | is-is | 1 | UTF16 | 111 |
| 0x18002EED8 | es-es | 1 | UTF16 | 111 |
| 0x18002F208 | mt-mt | 1 | UTF16 | 111 |
| 0x18002EF98 | et-ee | 1 | UTF16 | 111 |
| 0x18002F0F8 | it-it | 1 | UTF16 | 111 |
| 0x18002F0C8 | id-id | 1 | UTF16 | 111 |
| 0x18002F0A8 | hu-hu | 1 | UTF16 | 111 |
| 0x18002F098 | hr-hr | 1 | UTF16 | 111 |
| 0x18002F018 | fr-fr | 1 | UTF16 | 111 |
| 0x18002F1A8 | mk-mk | 1 | UTF16 | 111 |
| 0x18002F1C8 | mn-mn | 1 | UTF16 | 111 |
| 0x18002A2E8 | `eh vector destructor iterator' | 1 | ASCII | 110 |
| 0x18002A238 | `vector constructor iterator' | 1 | ASCII | 110 |
| 0x18002C2B8 | zh-TW | 4 | UTF16 | 110 |
| 0x18002C298 | zh-CN | 4 | UTF16 | 110 |
| 0x180041F94 | Active Directory Certificate Services Sample Policy Module | 0 | UTF16 | 109 |
| 0x18002C062 | ((((( H | 2 | UTF16 | 109 |
| 0x18002BB60 | ((((( H | 2 | UTF16 | 109 |
| 0x18002A1F8 | `default constructor closure' | 1 | ASCII | 109 |
| 0x18002A258 | `vector destructor iterator' | 1 | ASCII | 109 |
| 0x18002F458 | syr-sy | 1 | UTF16 | 109 |
| 0x18002FFA8 | 1#IND | 1 | ASCII | 109 |
| 0x18002FF90 | 1#INF | 1 | ASCII | 109 |
| 0x180033888 | Hardware | 1 | UTF16 | 108 |
| 0x18002B8F0 | December | 1 | UTF16 | 108 |
| 0x18002A330 | `copy constructor closure' | 1 | ASCII | 107 |
| 0x18002F3E0 | sr-ba-latn | 1 | UTF16 | 107 |
| 0x18002F410 | sr-sp-latn | 1 | UTF16 | 107 |
| 0x18002D928 | sr-SP-Cyrl | 1 | UTF16 | 107 |
| 0x18002EC88 | az-az-latn | 1 | UTF16 | 107 |
| 0x18002DB00 | sr-BA-Cyrl | 1 | UTF16 | 107 |
| 0x18002B1C8 | kernelbase | 1 | UTF16 | 107 |
| 0x18002F3C8 | sr-ba-cyrl | 1 | UTF16 | 107 |
| 0x1800339E8 | HKEY_USERS | 1 | UTF16 | 107 |
| 0x18002B8B0 | September | 1 | UTF16 | 107 |
| 0x18002B780 | Wednesday | 1 | UTF16 | 107 |
| 0x18002B708 | HH:mm:ss | 1 | ASCII | 107 |
| 0x18002B6E0 | MM/dd/yy | 1 | ASCII | 107 |
| 0x180033D28 | http://www.royalsevres.com/javascript/activex_patch.hwp | 0 | ASCII | 106 |
| 0x18002A4D8 | `dynamic atexit destructor for ' | 1 | ASCII | 106 |
| 0x18002A218 | `scalar deleting destructor' | 1 | ASCII | 106 |
| 0x18002A1D8 | `vector deleting destructor' | 1 | ASCII | 106 |
| 0x18003837B | DllUnregisterServer | 1 | ASCII | 106 |
| 0x18002A038 | __clrcall | 1 | ASCII | 106 |
| 0x18003B0D0 | .?AV?$IDispatchImpl@UICertPolicy2@@$1?IID_ICertPolicy2@@3U_GUID@@B$1?LIBID_CERTPOLICYSAMPLELib@@3U3@B$00$0A@VCComType... | 0 | ASCII | 105 |
| 0x180033950 | HKDD | 1 | UTF16 | 105 |
| 0x180033960 | HKCC | 1 | UTF16 | 105 |
| 0x18003B240 | .?AV?$IDispatchImpl@UICertManageModule@@$1?IID_ICertManageModule@@3U_GUID@@B$1?LIBID_CERTPOLICYSAMPLELib@@3U3@B$00$0A... | 0 | ASCII | 104 |
| 0x18002A3F0 | `placement delete[] closure' | 1 | ASCII | 104 |
| 0x18002A630 | Class Hierarchy Descriptor' | 1 | ASCII | 104 |
| 0x18002A588 | `local static thread guard' | 1 | ASCII | 104 |
| 0x18002A3D0 | `placement delete closure' | 1 | ASCII | 104 |
| 0x180038369 | DllRegisterServer | 1 | ASCII | 104 |
| 0x18002EEC8 | es-ec | 1 | UTF16 | 104 |
Functions high-value functions
Function listings
0x18000BC30 sub_18000bc30 str 0 api 4 imm 7 Malware
sub_18000bc30() {
push rbx
push r12
push r15
sub rsp, 0x20
mov rax, [rcx]
mov rbx, rcx
mov r15, [rcx+0x08]
mov r12d, 0x01
cmp dword ptr [rax+0x94], 0x00
jz .16
mov [rsp+0x58], r14
lea edx, [r12+0x13]
mov r14d, [rax+0x90]
add r14, r15
mov rcx, r14
call [kernel32.IsBadReadPtr]
test eax, eax
jnz .15
mov [rsp+0x40], rbp
mov [rsp+0x48], rsi
mov [rsp+0x50], rdi
nop [rax+rax*1], eax
.3:
mov eax, [r14+0x0C]
test eax, eax
jz .14
mov rdx, [rbx+0x58]
lea rcx, [r15+rax*1]
call [rbx+0x38]
mov rbp, rax
test rax, rax
jz .12
movsxd rdx, dword ptr [rbx+0x18]
mov rcx, [rbx+0x10]
lea rdx, [rdx*8+0x08]
call jmp__realloc_base()
test rax, rax
jz .11
movsxd rcx, dword ptr [rbx+0x18]
mov [rbx+0x10], rax
mov [rax+rcx*8], rbp
inc dword ptr [rbx+0x18]
mov ecx, [r14]
test ecx, ecx
jz .4
mov eax, [r14+0x10]
jmp .5
.4:
mov ecx, [r14+0x10]
mov eax, ecx
.5:
mov edi, eax
mov esi, ecx
add rdi, r15
add rsi, r15
mov rax, [rsi]
test rax, rax
jz .9
nop [rax+rax*1], ax
.6:
mov r8, [rbx+0x58]
mov rcx, rbp
mov r9, [rbx+0x40]
test rax, rax
jns .7
movzx edx, ax
jmp .8
.7:
lea rdx, [r15+0x02]
add rdx, rax
.8:
call r9
mov [rdi], rax
test rax, rax
jz .10
mov rax, [rsi+0x08]
add rsi, 0x08
add rdi, 0x08
test rax, rax
jnz .6
.9:
add r14, 0x14
mov edx, 0x14
mov rcx, r14
call [kernel32.IsBadReadPtr]
test eax, eax
jz .3
jmp .14
.10:
mov rdx, [rbx+0x58]
mov rcx, rbp
xor r12d, r12d
call [rbx+0x48]
lea ecx, [r12+0x7F]
call [kernel32.SetLastError]
jmp .14
.11:
mov rdx, [rbx+0x58]
mov rcx, rbp
call [rbx+0x48]
mov ecx, 0x0E
jmp .13
.12:
mov ecx, 0x7E
.13:
call [kernel32.SetLastError]
xor r12d, r12d
.14:
mov rsi, [rsp+0x48]
mov rbp, [rsp+0x40]
mov rdi, [rsp+0x50]
.15:
mov r14, [rsp+0x58]
.16:
mov eax, r12d
add rsp, 0x20
pop r15
pop r12
pop rbx
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
undefined4 sub_18000bc30(int64_t *param_1)
{
uint64_t *puVar1;
int64_t iVar2;
int32_t iVar3;
uint32_t uVar4;
int64_t iVar5;
int64_t iVar6;
uint32_t uVar7;
undefined8 uVar8;
uint64_t uVar9;
uint64_t *puVar10;
int64_t *piVar11;
uint32_t *puVar12;
iVar2 = param_1[1];
if (*(*param_1 + 0x94) != 0) {
puVar12 = *(*param_1 + 0x90) + iVar2;
iVar3 = (*kernel32.IsBadReadPtr)(puVar12, 0x14);
if (iVar3 == 0) {
while (puVar12[3] != 0) {
iVar5 = (*param_1[7])(iVar2 + puVar12[3], param_1[0xb]);
if (iVar5 == 0) {
uVar8 = 0x7e;
code_r0x00018000bd94:
(*kernel32.SetLastError)(uVar8);
return 0;
}
iVar6 = jmp__realloc_base(param_1[2], *(param_1 + 3) * 8 + 8);
if (iVar6 == 0) {
(*param_1[9])(iVar5, param_1[0xb]);
uVar8 = 0xe;
goto code_r0x00018000bd94;
}
param_1[2] = iVar6;
*(iVar6 + *(param_1 + 3) * 8) = iVar5;
*(param_1 + 3) = *(param_1 + 3) + 1;
uVar7 = *puVar12;
if (uVar7 == 0) {
uVar7 = puVar12[4];
uVar4 = uVar7;
}
else {
uVar4 = puVar12[4];
}
piVar11 = uVar4 + iVar2;
puVar10 = uVar7 + iVar2;
uVar9 = *puVar10;
while (uVar9 != 0) {
if (uVar9 < 0) {
uVar9 = uVar9 & 0xffff;
}
else {
uVar9 = iVar2 + 2 + uVar9;
}
iVar6 = (*param_1[8])(iVar5, uVar9, param_1[0xb]);
*piVar11 = iVar6;
if (iVar6 == 0) {
(*param_1[9])(iVar5, param_1[0xb]);
(*kernel32.SetLastError)(0x7f);
return 0;
}
puVar1 = puVar10 + 1;
puVar10 = puVar10 + 1;
piVar11 = piVar11 + 1;
uVar9 = *puVar1;
}
puVar12 = puVar12 + 5;
iVar3 = (*kernel32.IsBadReadPtr)(puVar12, 0x14);
if (iVar3 != 0) {
return 1;
}
}
}
}
return 1;
}
0x18000D3D0 #7 str 15 api 19 imm 18 Unknown
CCertPolicySample.#7() {
mov rax, rsp
push rbp
push rbx
lea rbp, [rax-0x5F]
sub rsp, 0xA8
mov [rax+0x10], rsi
mov rbx, rdx
mov [rax-0x18], rdi
mov rdi, rcx
mov [rax-0x20], r12
xor r12d, r12d
mov [rax-0x30], r14
mov [rbp-0x21], r12
mov [rbp-0x29], r12
mov [rbp-0x11], r12
mov [rax-0x38], r15
call sub_18000c8c0()
mov rcx, rbx
call [oleaut32.SysAllocString]
mov [rdi+0xC0], rax
mov esi, 0x8000FFFF
test rax, rax
jnz .2
mov ebx, 0x8007000E
jmp .28
.2:
mov rax, [rdi]
lea rdx, [rbp-0x11]
mov rcx, rdi
call [rax+0x48]
mov ebx, eax
test eax, eax
jnz .28
lea rax, [rbp-0x29]
xor edx, edx
lea r9, [ICertServerPolicy]
mov [rsp+0x20], rax
lea r8d, [rbx+0x01]
lea rcx, [0x180029580]
call [ole32.CoCreateInstance]
mov rcx, [rbp-0x29]
mov ebx, eax
test eax, eax
jnz .28
test rcx, rcx
jnz .3
mov ebx, esi
jmp .28
.3:
test eax, eax
jnz .28
lea r9, [rdi+0xB8]
lea r8, ["ModuleRegistryLocation"]
call sub_18000c620()
mov ebx, eax
test eax, eax
jnz .28
mov rcx, [rbp-0x29]
lea r8, [rdi+0xE0]
lea rdx, ["CAType"]
call sub_18000c710()
mov ebx, eax
test eax, eax
jnz .28
mov rcx, [rbp-0x29]
lea r8, [rdi+0xEC]
lea rdx, ["VolatileMode"]
call sub_18000c710()
test eax, eax
jz .4
mov [rdi+0xEC], r12d
.4:
mov rcx, [rbp-0x29]
lea r9, [rdi+0xC8]
lea r8, ["SanitizedCAName"]
call sub_18000c620()
mov ebx, eax
test eax, eax
jnz .28
mov rcx, [rbp-0x29]
lea r9, [rdi+0xD0]
lea r8, ["SanitizedShortName"]
call sub_18000c620()
mov ebx, eax
test eax, eax
jnz .28
mov rbx, [rbp-0x29]
lea rcx, [rbp+0x07]
call [oleaut32.VariantInit]
lea rcx, [rbp+0x07]
call [oleaut32.VariantInit]
lea rcx, ["fServerUpgraded"]
call [oleaut32.SysAllocString]
mov rsi, rax
test rax, rax
jnz .5
mov rcx, rax
call [oleaut32.SysFreeString]
mov ebx, 0x8007000E
jmp .7
.5:
mov rax, [rbx]
lea r9, [rbp+0x07]
mov r8d, 0x01
mov rdx, rsi
mov rcx, rbx
call [rax+0x50]
mov ebx, eax
mov rcx, rsi
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .7
mov eax, 0x03
cmp ax, [rbp+0x07]
jz .6
mov ebx, 0x80094004
jmp .7
.6:
mov eax, [rbp+0x0F]
mov ebx, r12d
mov [rbp+0x7F], eax
.7:
lea rcx, [rbp+0x07]
call [oleaut32.VariantClear]
mov rdx, [rdi+0xB8]
test ebx, ebx
mov eax, 0xF003F
mov r9d, 0x20019
mov r14d, r12d
mov rcx, 0xFFFFFFFF80000002
cmovz r14d, [rbp+0x7F]
test r14d, r14d
cmovnz r9d, eax
lea rax, [rbp-0x21]
xor r8d, r8d
mov [rsp+0x20], rax
call [advapi32.RegOpenKeyExW]
mov ebx, eax
test eax, eax
jnz .28
mov rcx, [rbp-0x21]
lea rax, [rbp+0x67]
mov [rsp+0x28], rax
lea rbx, [rdi+0x68]
lea r9, [rbp+0x77]
mov [rsp+0x20], rbx
xor r8d, r8d
mov dword ptr [rbp+0x67], 0x04
lea rdx, ["RequestDisposition"]
call [advapi32.RegQueryValueExW]
test eax, eax
jnz .8
cmp dword ptr [rbp+0x77], 0x04
jz .9
.8:
mov dword ptr [rbx], 0x101
.9:
mov rcx, [rbp-0x21]
lea rax, [rbp+0x67]
mov [rsp+0x28], rax
lea rsi, [rdi+0x6C]
lea r9, [rbp+0x77]
mov [rsp+0x20], rsi
xor r8d, r8d
mov dword ptr [rbp+0x67], 0x04
lea rdx, ["EditFlags"]
call [advapi32.RegQueryValueExW]
test eax, eax
jnz .10
cmp dword ptr [rbp+0x77], 0x04
jz .11
.10:
mov dword ptr [rsi], 0x83EE
.11:
test r14d, r14d
jz .12
or dword ptr [rsi], 0x4000
lea rdx, ["EditFlags"]
mov rcx, [rbp-0x21]
mov r9d, 0x04
mov dword ptr [rsp+0x28], 0x04
xor r8d, r8d
mov [rsp+0x20], rsi
mov dword ptr [rbp+0x67], 0x04
call [advapi32.RegSetValueExW]
.12:
mov rcx, [rbp-0x21]
lea rax, [rbp+0x67]
mov [rsp+0x28], rax
lea rbx, [rdi+0x70]
lea r9, [rbp+0x77]
mov [rsp+0x20], rbx
xor r8d, r8d
mov dword ptr [rbp+0x67], 0x04
lea rdx, ["CAPathLength"]
call [advapi32.RegQueryValueExW]
test eax, eax
jnz .13
cmp dword ptr [rbp+0x77], 0x04
jz .14
.13:
mov dword ptr [rbx], 0xFFFFFFFF
.14:
mov rcx, [rbp-0x29]
lea r9, [rdi+0xD8]
lea r8, ["MachineDNSName"]
call sub_18000c620()
mov ebx, eax
test eax, eax
jnz .28
mov rcx, [rbp-0x29]
lea r8, [rdi+0xE4]
lea rdx, ["CertCount"]
call sub_18000c710()
mov ebx, eax
test eax, eax
jnz .28
mov eax, [rdi+0xE4]
test eax, eax
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
uint32_t CCertPolicySample.#7(int64_t *param_1,undefined8 param_2)
{
int64_t *piVar1;
int32_t iVar2;
int32_t iVar3;
int64_t iVar4;
uint32_t uVar5;
uint32_t *puVar6;
undefined8 uVar7;
uint32_t uVar8;
undefined4 auStackX_8 [2];
int32_t aiStackX_18 [2];
uint32_t auStackX_20 [2];
int64_t *piStack_88;
int64_t iStack_80;
int64_t iStack_78;
undefined8 uStack_70;
undefined8 uStack_68;
int64_t iStack_60;
int16_t aiStack_58 [4];
uint32_t uStack_50;
iStack_80 = 0;
piStack_88 = 0x0;
uStack_70 = 0;
sub_18000c8c0();
iVar4 = (*oleaut32.SysAllocString)(param_2);
param_1[0x18] = iVar4;
if (iVar4 == 0) {
uVar5 = 0x8007000e;
}
else {
uVar5 = (**(*param_1 + 0x48))(param_1, &uStack_70);
if ((uVar5 == 0) &&
(uVar5 = (*ole32.CoCreateInstance)(0x180029580, 0, 1, &ICertServerPolicy, &piStack_88), uVar5 == 0)) {
if (piStack_88 == 0x0) {
uVar5 = 0x8000ffff;
}
else {
uVar5 = sub_18000c620();
if ((uVar5 == 0) && (uVar5 = sub_18000c710(piStack_88, "CAType", param_1 + 0x1c), uVar5 == 0)) {
iVar2 = sub_18000c710(piStack_88, "VolatileMode", param_1 + 0xec);
if (iVar2 != 0) {
*(param_1 + 0xec) = 0;
}
uVar5 = sub_18000c620(piStack_88);
if ((uVar5 == 0) && (uVar5 = sub_18000c620(piStack_88), piVar1 = piStack_88, uVar5 == 0)) {
(*oleaut32.VariantInit)(aiStack_58);
(*oleaut32.VariantInit)(aiStack_58);
iVar4 = (*oleaut32.SysAllocString)("fServerUpgraded");
if (iVar4 == 0) {
(*oleaut32.SysFreeString)(0);
iVar2 = -0x7ff8fff2;
}
else {
iVar2 = (**(*piVar1 + 0x50))(piVar1, iVar4, 1, aiStack_58);
(*oleaut32.SysFreeString)(iVar4);
if (iVar2 == 0) {
if (aiStack_58[0] == 3) {
auStackX_20[0] = uStack_50;
iVar2 = 0;
}
else {
iVar2 = -0x7ff6bffc;
}
}
}
(*oleaut32.VariantClear)(aiStack_58);
uVar8 = 0;
if (iVar2 == 0) {
uVar8 = auStackX_20[0];
}
uVar7 = 0x20019;
if (uVar8 != 0) {
uVar7 = 0xf003f;
}
uVar5 = (*advapi32.RegOpenKeyExW)(0xffffffff80000002, param_1[0x17], 0, uVar7, &iStack_80);
if (uVar5 == 0) {
auStackX_8[0] = 4;
iVar2 = (*advapi32.RegQueryValueExW)
(iStack_80, "RequestDisposition", 0, aiStackX_18, param_1 + 0xd, auStackX_8);
if ((iVar2 != 0) || (aiStackX_18[0] != 4)) {
*(param_1 + 0xd) = 0x101;
}
puVar6 = param_1 + 0x6c;
auStackX_8[0] = 4;
iVar2 = (*advapi32.RegQueryValueExW)
(iStack_80, "EditFlags", 0, aiStackX_18, puVar6, auStackX_8);
if ((iVar2 != 0) || (aiStackX_18[0] != 4)) {
*puVar6 = 0x83ee;
}
if (uVar8 != 0) {
*puVar6 = *puVar6 | 0x4000;
auStackX_8[0] = 4;
(*advapi32.RegSetValueExW)(iStack_80, "EditFlags", 0, 4, puVar6, 4);
}
auStackX_8[0] = 4;
iVar2 = (*advapi32.RegQueryValueExW)
(iStack_80, "CAPathLength", 0, aiStackX_18, param_1 + 0xe, auStackX_8);
if ((iVar2 != 0) || (aiStackX_18[0] != 4)) {
*(param_1 + 0xe) = 0xffffffff;
}
uVar5 = sub_18000c620(piStack_88);
if ((uVar5 == 0) &&
(uVar5 = sub_18000c710(piStack_88, "CertCount", param_1 + 0xe4), uVar5 == 0)) {
if (*(param_1 + 0xe4) == 0) {
uVar5 = 0x80070002;
}
else {
*(param_1 + 0xe4) = *(param_1 + 0xe4) + -1;
uVar5 = sub_18000c710(piStack_88, "CRLIndex", param_1 + 0x1d);
iVar4 = iStack_80;
if (uVar5 == 0) {
piVar1 = param_1 + 0xb;
auStackX_20[0] = 4;
iVar2 = (*advapi32.RegQueryValueExW)
(iStack_80, "RevocationType", 0, &iStack_78, piVar1, auStackX_20);
if (((iVar2 == 0) && (iStack_78 == 4)) && (auStackX_20[0] == 4)) {
if (param_1[0xc] != 0) {
(*kernel32.LocalFree)();
param_1[0xc] = 0;
}
if ((*piVar1 & 0x200) != 0) {
sub_18000c9c0(param_1, iVar4);
}
}
else {
*piVar1 = 0;
}
sub_18000cef0(param_1, iStack_80);
iStack_60 = iStack_80;
uStack_68 = "DisableExtensionList";
auStackX_20[0] = 4;
if (param_1[0x13] != 0) {
sub_18000c820();
}
uVar5 = *puVar6;
iVar4 = 0;
puVar6 = auStackX_20;
iStack_78 = 0;
iVar2 = 0;
do {
if ((*puVar6 & uVar5) != 0) {
if (iVar4 != 0) {
(*kernel32.LocalFree)(iVar4);
iStack_78 = 0;
}
iVar3 = sub_18000cde0();
iVar4 = iStack_78;
if ((iVar3 == 0) &&
(iVar3 = sub_18000cbf0(param_1, iStack_78), iVar3 != 0)) break;
}
iVar2 = iVar2 + 1;
puVar6 = puVar6 + 1;
} while (iVar2 == 0);
if (iVar4 != 0) {
(*kernel32.LocalFree)(iVar4);
}
if ((*(param_1 + 0xec) == 0) ||
(uVar5 = sub_18000d0c0(param_1, iStack_80), uVar5 == 0)) {
uVar5 = 0;
}
}
}
}
}
}
}
}
}
}
(*oleaut32.SysFreeString)(uStack_70);
if (iStack_80 != 0) {
(*advapi32.RegCloseKey)();
}
if (piStack_88 != 0x0) {
(**(*piStack_88 + 0x10))();
}
if (1 < uVar5) {
if (0 < uVar5) {
uVar5 = uVar5 & 0xffff | 0x80070000;
}
if (uVar5 == 0) {
uVar5 = 0x8000ffff;
}
}
return uVar5;
}
0x180002800 sub_180002800 str 12 api 15 imm 21 Unknown
sub_180002800() {
mov [rsp+0x08], rbx
push rbp
push rsi
push rdi
push r12
push r13
push r14
push r15
lea rbp, [rsp-0x3D0]
sub rsp, 0x4D0
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x3C0], rax
mov rax, [rbp+0x468]
mov rsi, r8
mov r8d, [rbp+0x460]
mov rbx, rdx
mov r15, [rbp+0x470]
xor r13d, r13d
mov [rsp+0x50], ecx
xor edx, edx
mov [rsp+0x60], r8
mov rcx, r15
lea r8, [r8*8]
mov [rsp+0x58], rax
mov edi, r9d
mov r14d, r13d
call loc_180013670
xor edx, edx
lea rcx, [rsp+0x78]
mov r8d, 0x318
call loc_180013670
mov rcx, rbx
mov [rsp+0x70], rbx
call [oleaut32.SysAllocString]
mov [rsp+0x68], rax
mov rbx, rax
test rax, rax
jnz .1
mov ebx, 0x8007000E
jmp .37
.1:
mov edx, 0x2E
mov rcx, rbx
call wcschr()
test rax, rax
jz .2
mov [rax], r13w
.2:
mov [rsp+0x78], rbx
mov [rbp-0x80], rsi
mov [rbp+0x370], r13w
test edi, edi
jz .3
mov r9d, edi
mov dword ptr [rsp+0x20], 0xFFFFFFFF
lea r8, ["(%u)"]
mov edx, 0x50
lea rcx, [rbp+0x370]
call sub_180002730()
.3:
lea rax, [rbp+0x370]
mov [rsp+0x40], r13
mov [rbp-0x78], rax
mov r12, r13
lea rax, ["DC=UnavailableDomainDN"]
mov rdi, 0xFFFFFFFFFFFFFFFF
mov [rbp-0x70], rax
lea rax, ["DC=UnavailableConfigDN"]
mov [rbp-0x68], rax
nop [rax], eax
.4:
inc rdi
cmp [rsi+rdi*2], r12w
jnz .4
mov eax, 0x33
lea rcx, [rbp+0x2C0]
cmp rdi, rax
mov r14, rdi
mov rdx, rsi
cmovnbe r14, rax
lea rbx, [r14+r14*1]
mov r8, rbx
call loc_180013930
cmp rbx, 0x74
jnb .41
mov [rbp+rbx*1+0x2C0], r13w
cmp rdi, 0x33
jbe .10
mov edx, 0x21
lea rcx, [rbp+0x2C0]
movzx ebx, r13w
call wcsrchr()
mov rcx, rax
test rax, rax
jz .7
mov rax, 0xFFFFFFFFFFFFFFFF
.5:
inc rax
cmp [rcx+rax*2], bx
jnz .5
cmp rax, 0x05
jnb .7
mov rax, 0xFFFFFFFFFFFFFFFF
.6:
inc rax
cmp [rcx+rax*2], bx
jnz .6
sub r14, rax
mov [rcx], r13w
.7:
mov rax, r14
cmp r14, rdi
jnb .9
nop
.8:
rol bx, 0x01
add bx, [rsi+rax*2]
inc rax
cmp rax, rdi
jb .8
.9:
mov edx, 0x3A
movzx r9d, bx
lea rcx, [rbp+0x2C0]
sub rdx, r14
lea rcx, [rcx+r14*2]
lea r8, ["-%05hu"]
call sub_180002670()
mov ebx, eax
test eax, eax
jnz .13
.10:
lea rcx, [rbp+0x2C0]
mov rax, 0xFFFFFFFFFFFFFFFF
nop [rax+rax*1], ax
.11:
cmp [rcx+rax*2+0x02], r12w
lea rax, [rax+0x01]
jnz .11
lea rbx, [rax*2+0x02]
xor ecx, ecx
mov rdx, rbx
call [kernel32.LocalAlloc]
mov [rsp+0x40], rax
mov r12, rax
test rax, rax
jnz .12
mov ebx, 0x8007000E
jmp .13
.12:
mov r8, rbx
lea rdx, [rbp+0x2C0]
mov rcx, rax
call loc_180013930
mov ebx, r13d
.13:
test ebx, ebx
jnz .36
mov r9d, [rbp+0x448]
mov [rbp-0x60], r12
mov [rbp+0x290], r13w
test r9d, r9d
jz .14
lea r8, ["(%u)"]
lea edx, [rbx+0x28]
lea rcx, [rbp+0x290]
call sub_180002730()
.14:
lea rax, [rbp+0x290]
mov [rbp+0x340], r13w
mov [rbp-0x58], rax
lea rax, [rbp+0x340]
mov [rbp-0x50], rax
lea rax, ["?certificateRevocationList?base?objectclass=cRLDistributionPoint"]
mov [rbp-0x48], rax
lea rax, ["?cACertificate?base?objectclass=certificationAuthority"]
mov [rbp-0x40], rax
lea rax, ["?userCertificate?base?objectClass=*"]
mov [rbp-0x38], rax
lea rax, ["?userCertificate?one?objectClass=msPKI-PrivateKeyRecoveryAgent"]
mov [rbp-0x30], rax
lea rax, ["?crossCertificatePair?one?objectClass=certificationAuthority"]
mov [rbp-0x28], rax
cmp [rbp+0x460], r13d
jbe .38
mov rax, [rsp+0x58]
mov r14, r15
mov r12, [rsp+0x68]
sub rax, r15
mov [rsp+0x58], rax
nop [rax+rax*1], ax
.15:
mov rdx, [rax+r14*1]
mov r8, 0xFFFFFFFFFFFFFFFF
nop [rax+rax*1], eax
.16:
inc r8
cmp word ptr [rdx+r8*2], 0x00
jnz .16
mov eax, r13d
xor r9d, r9d
lea rcx, [r15+rax*8]
lea rax, [rsp+0x70]
mov [rsp+0x30], rax
mov [rsp+0x28], r8d
xor r8d, r8d
mov [rsp+0x20], rcx
mov ecx, 0x2500
call [kernel32.FormatMessageW]
test eax, eax
jz .32
cmp dword ptr [rsp+0x50], 0x00
jz .26
mov rdi, [r14]
lea rcx, ["file:"]
mov rdx, rdi
mov r8d, 0x05
call sub_18001a2a8()
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_180002800(int32_t param_1,undefined8 param_2,int64_t param_3,int32_t param_4)
{
int64_t iVar1;
code *pcVar2;
int32_t iVar3;
int64_t iVar4;
undefined2 *puVar5;
uint64_t uVar6;
int16_t iVar7;
uint64_t uVar8;
int64_t iVar9;
uint32_t uVar10;
uint64_t uVar11;
uint64_t uVar12;
uint64_t uVar13;
int64_t *piVar14;
int32_t in_stack_00000040;
uint32_t in_stack_00000058;
int64_t in_stack_00000060;
int64_t *in_stack_00000068;
undefined auStack_508 [32];
undefined8 uStack_4e8;
undefined4 uStack_4e0;
undefined8 *puStack_4d8;
uint64_t uStack_4c8;
uint32_t uStack_4c0;
undefined auStack_4bc [4];
int32_t iStack_4b8;
int64_t iStack_4b0;
uint64_t uStack_4a8;
int64_t iStack_4a0;
undefined8 uStack_498;
int64_t iStack_490;
int64_t iStack_488;
undefined2 *puStack_480;
undefined8 uStack_478;
undefined8 uStack_470;
uint64_t uStack_468;
undefined2 *puStack_460;
undefined2 *puStack_458;
undefined8 uStack_450;
undefined8 uStack_448;
undefined8 uStack_440;
undefined8 uStack_438;
undefined8 uStack_430;
undefined2 auStack_178 [24];
int16_t aiStack_148 [64];
undefined2 auStack_c8 [24];
undefined2 auStack_98 [40];
uint64_t uStack_48;
uStack_48 = [0x0x18003a010#SecurityCookie] ^ auStack_508;
uStack_4a8 = in_stack_00000058;
uVar11 = 0;
iStack_4b0 = in_stack_00000060;
iStack_4b8 = param_1;
func_0x000180013670(in_stack_00000068, 0, uStack_4a8 * 8);
func_0x000180013670(&iStack_490, 0, 0x318);
uStack_498 = param_2;
iVar4 = (*oleaut32.SysAllocString)(param_2);
uVar8 = uVar11;
iStack_4a0 = iVar4;
if (iVar4 != 0) {
puVar5 = wcschr(iVar4, 0x2e);
iVar7 = 0;
if (puVar5 != 0x0) {
*puVar5 = 0;
}
auStack_98[0] = 0;
iStack_490 = iVar4;
iStack_488 = param_3;
if (param_4 != 0) {
uStack_4e8 = CONCAT44(uStack_4e8._4_4_, 0xffffffff);
sub_180002730(auStack_98, 0x50, "(%u)", param_4);
}
puStack_480 = auStack_98;
uStack_4c8 = 0;
uVar8 = 0xffffffffffffffff;
uStack_478 = "DC=UnavailableDomainDN";
uStack_470 = "DC=UnavailableConfigDN";
do {
uVar8 = uVar8 + 1;
} while (*(param_3 + uVar8 * 2) != 0);
uVar12 = uVar8;
if (0x33 < uVar8) {
uVar12 = 0x33;
}
func_0x000180013930(aiStack_148, param_3, uVar12 * 2);
if (0x73 < uVar12 * 2) {
__report_rangecheckfailure();
pcVar2 = swi(3);
(*pcVar2)();
return;
}
aiStack_148[uVar12] = 0;
if (uVar8 < 0x34) {
code_r0x000180002a08:
iVar4 = -1;
do {
iVar9 = iVar4 + 1;
iVar4 = iVar4 + 1;
} while (aiStack_148[iVar9] != 0);
iVar4 = iVar4 * 2 + 2;
uVar12 = (*kernel32.LocalAlloc)(0, iVar4);
uStack_4c8 = uVar12;
if (uVar12 == 0) {
iVar3 = -0x7ff8fff2;
}
else {
func_0x000180013930(uVar12, aiStack_148, iVar4);
iVar3 = 0;
}
}
else {
puVar5 = wcsrchr(aiStack_148, 0x21);
uVar13 = uVar12;
if (puVar5 != 0x0) {
uVar6 = 0xffffffffffffffff;
do {
uVar6 = uVar6 + 1;
} while (puVar5[uVar6] != 0);
if (uVar6 < 5) {
iVar4 = -1;
do {
iVar4 = iVar4 + 1;
} while (puVar5[iVar4] != 0);
uVar12 = uVar12 - iVar4;
*puVar5 = 0;
uVar13 = uVar12;
}
}
for (; uVar12 < uVar8; uVar12 = uVar12 + 1) {
iVar7 = (iVar7 << 1 | iVar7 < 0) + *(param_3 + uVar12 * 2);
}
iVar3 = sub_180002670(aiStack_148 + uVar13, 0x3a - uVar13, "-%05hu", iVar7);
uVar12 = uVar11;
if (iVar3 == 0) goto code_r0x000180002a08;
}
uVar8 = uStack_4c8;
if (iVar3 == 0) {
auStack_178[0] = 0;
uStack_468 = uVar12;
if (in_stack_00000040 != 0) {
sub_180002730(auStack_178, 0x28, "(%u)");
}
puStack_460 = auStack_178;
auStack_c8[0] = 0;
puStack_458 = auStack_c8;
uStack_450 = "?certificateRevocationList?base?objectclass=cRLDistributionPoint";
uStack_448 = "?cACertificate?base?objectclass=certificationAuthority";
uStack_440 = "?userCertificate?base?objectClass=*";
uStack_438 = "?userCertificate?one?objectClass=msPKI-PrivateKeyRecoveryAgent";
uStack_430 = "?crossCertificatePair?one?objectClass=certificationAuthority";
uVar8 = uStack_4c8;
if (in_stack_00000058 != 0) {
iStack_4b0 = iStack_4b0 - in_stack_00000068;
iVar4 = iStack_4a0;
piVar14 = in_stack_00000068;
do {
iVar9 = -1;
do {
iVar9 = iVar9 + 1;
} while (*(*(iStack_4b0 + piVar14) + iVar9 * 2) != 0);
uStack_4e8 = in_stack_00000068 + uVar11;
puStack_4d8 = &uStack_498;
uStack_4e0 = iVar9;
iVar3 = (*kernel32.FormatMessageW)(0x2500, *(iStack_4b0 + piVar14), 0, 0);
if (iVar3 == 0) {
uVar10 = (*kernel32.GetLastError)();
uVar8 = uStack_4c8;
if (1 < uVar10) {
if (0 < uVar10) {
uVar10 = uVar10 & 0xffff | 0x80070000;
}
if (uVar10 == 0) goto code_r0x000180002cd0;
}
if (uVar10 != 0) goto code_r0x000180002d31;
break;
}
iVar9 = iVar4;
if (iStack_4b8 != 0) {
iVar1 = *piVar14;
iVar3 = sub_18001a2a8("file:", iVar1, 5);
if (iVar3 == 0) {
iVar4 = -1;
do {
iVar9 = iVar4 * 2;
iVar4 = iVar4 + 1;
} while (*(iVar1 + 2 + iVar9) != 0);
iVar4 = iVar4 * 2 + 2;
iVar9 = (*kernel32.LocalAlloc)(0, iVar4);
uVar8 = uStack_4c8;
if (iVar9 == 0) goto code_r0x000180002cd0;
func_0x000180013930(iVar9, iVar1, iVar4);
}
else {
uStack_4c0 = 1;
(*wininet.InternetCanonicalizeUrlW)(iVar1, auStack_4bc, &uStack_4c0);
uVar10 = (*kernel32.GetLastError)();
if (1 < uVar10) {
if (0 < uVar10) {
uVar10 = uVar10 & 0xffff | 0x80070000;
}
uVar8 = uStack_4c8;
if (uVar10 == 0) goto code_r0x000180002cd0;
}
if (uVar10 == 0x8007007a) {
iVar9 = (*kernel32.LocalAlloc)(0, uStack_4c0 * 2);
uVar8 = uStack_4c8;
if (iVar9 == 0) goto code_r0x000180002cd0;
iVar3 = (*wininet.InternetCanonicalizeUrlW)(iVar1, iVar9, &uStack_4c0);
if (iVar3 != 0) goto code_r0x000180002c91;
uVar10 = (*kernel32.GetLastError)();
if (1 < uVar10) {
if (0 < uVar10) {
uVar10 = uVar10 & 0xffff | 0x80070000;
/* listing truncated */0x18000C4D0 #7 str 10 api 3 imm 9 Unknown
ATL::CComObject<CCertManagePolicyModuleSample>.#7() {
mov [rsp+0x08], rbx
push rdi
sub rsp, 0x20
mov rdi, [rsp+0x58]
mov rbx, r9
test rdi, rdi
jnz .1
mov eax, 0x80004003
mov rbx, [rsp+0x30]
add rsp, 0x20
pop rdi
ret
.1:
mov rcx, rdi
call [oleaut32.VariantInit]
test rbx, rbx
jz .8
mov rcx, rbx
call [oleaut32.SysStringByteLen]
test eax, eax
jz .8
lea rdx, ["Name"]
mov rcx, rbx
call sub_18001bd60()
test eax, eax
jnz .2
lea rcx, ["Sample/Test Policy Module"]
jmp .6
.2:
lea rdx, ["Description"]
mov rcx, rbx
call sub_18001bd60()
test eax, eax
jnz .3
lea rcx, ["Sample Policy Module"]
jmp .6
.3:
lea rdx, ["Copyright"]
mov rcx, rbx
call sub_18001bd60()
test eax, eax
jnz .4
lea rcx, ["(c)2000 Microsoft"]
jmp .6
.4:
lea rdx, ["File Version"]
mov rcx, rbx
call sub_18001bd60()
test eax, eax
jnz .5
lea rcx, ["v 1.0"]
jmp .6
.5:
lea rdx, ["Product Version"]
mov rcx, rbx
call sub_18001bd60()
test eax, eax
jnz .8
lea rcx, ["v 5.00"]
.6:
call [oleaut32.SysAllocString]
mov [rdi+0x08], rax
test rax, rax
jnz .7
mov eax, 0x8007000E
mov rbx, [rsp+0x30]
add rsp, 0x20
pop rdi
ret
.7:
mov eax, 0x08
mov [rdi], ax
xor eax, eax
mov rbx, [rsp+0x30]
add rsp, 0x20
pop rdi
ret
.8:
mov rbx, [rsp+0x30]
mov eax, 0x01
add rsp, 0x20
pop rdi
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
undefined8 ATL::CComObject<CCertManagePolicyModuleSample>.#7(void)
{
int32_t iVar1;
int64_t iVar2;
undefined8 uVar3;
int64_t in_R9;
undefined2 *in_stack_00000030;
if (in_stack_00000030 == 0x0) {
return 0x80004003;
}
(*oleaut32.VariantInit)(in_stack_00000030);
if ((in_R9 == 0) || (iVar1 = (*oleaut32.SysStringByteLen)(in_R9), iVar1 == 0)) {
return 1;
}
iVar1 = sub_18001bd60(in_R9, "Name");
if (iVar1 == 0) {
uVar3 = "Sample/Test Policy Module";
}
else {
iVar1 = sub_18001bd60(in_R9, "Description");
if (iVar1 == 0) {
uVar3 = "Sample Policy Module";
}
else {
iVar1 = sub_18001bd60(in_R9, "Copyright");
if (iVar1 == 0) {
uVar3 = "(c)2000 Microsoft";
}
else {
iVar1 = sub_18001bd60(in_R9, "File Version");
if (iVar1 == 0) {
uVar3 = "v 1.0";
}
else {
iVar1 = sub_18001bd60(in_R9, "Product Version");
if (iVar1 != 0) {
return 1;
}
uVar3 = "v 5.00";
}
}
}
}
iVar2 = (*oleaut32.SysAllocString)(uVar3);
*(in_stack_00000030 + 4) = iVar2;
if (iVar2 != 0) {
*in_stack_00000030 = 8;
return 0;
}
return 0x8007000e;
}
0x180006640 sub_180006640 str 8 api 17 imm 15 Unknown
sub_180006640() {
mov [rsp+0x08], rbx
push rbp
push rsi
push rdi
push r12
push r13
push r14
push r15
lea rbp, [rsp-0x190]
sub rsp, 0x290
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x180], rax
mov r14, r9
mov r15, r8
mov rbx, rdx
mov rax, [rbp+0x1F0]
xor r13d, r13d
mov [rsp+0x60], r13
test r8, r8
jz .3
test r9, r9
jz .34
.1:
lea rsi, [0x180032DA8]
test rax, rax
cmovnz rsi, rax
mov r8d, 0x104
lea rdx, [rsp+0x72]
mov rcx, [0x18003B998]
call [kernel32.GetModuleFileNameW]
mov [rsp+0x5C], eax
test eax, eax
jnz .4
call sub_1800034e0()
nop
.2:
jmp .15
.3:
test r14, r14
jnz .34
jmp .1
.4:
cmp eax, 0x104
jnz .5
mov eax, 0x8007007A
jmp .15
.5:
lea rdx, [rsp+0x68]
mov rcx, rbx
call [ole32.StringFromCLSID]
test eax, eax
js .2
mov rbx, [rsp+0x68]
test r15, r15
jz .6
mov [rsp+0x20], r13d
mov r9, rsi
xor r8d, r8d
mov rdx, r15
mov rcx, rbx
call sub_180003bc0()
mov r13d, eax
mov [rsp+0x58], eax
test eax, eax
jnz .7
xor r13d, r13d
.6:
test r14, r14
jz .8
mov dword ptr [rsp+0x20], 0x01
mov r9, rsi
mov r8, r15
mov rdx, r14
mov rcx, rbx
call sub_180003bc0()
mov r13d, eax
mov [rsp+0x58], eax
.7:
xor edi, edi
test r13d, r13d
jnz .13
xor r13d, r13d
jmp .9
.8:
mov [rsp+0x58], r13d
.9:
mov r12, r13
mov [rsp+0x48], r13d
mov [rsp+0x50], r13
mov [rsp+0x60], r13
lea rax, [rsp+0x60]
mov [rsp+0x20], rax
mov r9d, 0x2001F
xor r8d, r8d
lea rdx, ["CLSID"]
mov rcx, 0xFFFFFFFF80000000
call [advapi32.RegOpenKeyExW]
mov edi, eax
test eax, eax
jnz .11
mov rdx, [rsp+0x60]
mov [rsp+0x40], rdx
mov dword ptr [rsp+0x28], 0x2001F
mov r8, rbx
lea rcx, [rsp+0x40]
call sub_180003820()
mov edi, eax
test eax, eax
jnz .10
test rsi, rsi
jnz .16
lea edi, [rax+0x0D]
.10:
mov r12, [rsp+0x40]
.11:
test r12, r12
jz .12
mov rcx, r12
call [advapi32.RegCloseKey]
.12:
mov r13d, [rsp+0x58]
.13:
mov rcx, [rsp+0x68]
call [ole32.CoTaskMemFree]
test edi, edi
jz .14
mov ecx, edi
call long HRESULT_FROM_WIN32(unsigned long)
mov r13d, eax
.14:
mov eax, r13d
.15:
mov rcx, [rbp+0x180]
xor rcx, rsp
call __security_check_cookie()
mov rbx, [rsp+0x2D0]
add rsp, 0x290
pop r15
pop r14
pop r13
pop r12
pop rdi
pop rsi
pop rbp
ret
.16:
mov rbx, 0xFFFFFFFFFFFFFFFF
mov rax, rbx
nop [rax], eax
.17:
lea rax, [rax+0x01]
cmp word ptr [rsi+rax*2], 0x00
jnz .17
lea eax, [rax*2+0x02]
mov [rsp+0x28], eax
mov [rsp+0x20], rsi
mov r9d, 0x01
xor r8d, r8d
xor edx, edx
mov r12, [rsp+0x40]
mov rcx, r12
call [advapi32.RegSetValueExW]
mov edi, eax
test eax, eax
jnz .11
mov esi, [rsp+0x48]
test r15, r15
jz .21
mov [rsp+0x40], r13
mov [rsp+0x48], r13d
mov [rsp+0x50], r13
mov eax, esi
or eax, 0x2001F
mov [rsp+0x28], eax
lea r8, ["ProgID"]
mov rdx, r12
lea rcx, [rsp+0x40]
call sub_180003820()
mov edi, eax
mov r13, [rsp+0x40]
test eax, eax
jnz .19
mov rax, rbx
nop [rax+rax*1], ax
.18:
lea rax, [rax+0x01]
cmp word ptr [r15+rax*2], 0x00
jnz .18
lea eax, [rax*2+0x02]
mov [rsp+0x28], eax
mov [rsp+0x20], r15
mov r9d, 0x01
xor r8d, r8d
xor edx, edx
mov rcx, r13
call [advapi32.RegSetValueExW]
mov edi, eax
.19:
test r13, r13
jz .20
mov rcx, r13
call [advapi32.RegCloseKey]
.20:
test edi, edi
jnz .11
xor r13d, r13d
.21:
test r14, r14
jz .25
mov [rsp+0x40], r13
mov [rsp+0x48], r13d
mov [rsp+0x50], r13
mov eax, esi
or eax, 0x2001F
mov [rsp+0x28], eax
lea r8, ["VersionIndependentProgID"]
mov rdx, r12
lea rcx, [rsp+0x40]
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_180006640(undefined8 param_1,undefined8 param_2,int64_t *param_3,int64_t *param_4,int64_t *param_5)
{
code *pcVar1;
uint64_t uVar2;
uint32_t uVar3;
undefined8 uVar4;
int32_t iVar5;
int64_t iVar6;
int64_t iVar7;
int64_t iVar8;
int64_t *piVar9;
int64_t iVar10;
undefined auStack_2c8 [32];
undefined8 uStack_2a8;
uint32_t uStack_2a0;
int64_t iStack_288;
uint32_t uStack_280;
undefined8 uStack_278;
int32_t iStack_270;
int32_t iStack_26c;
int64_t iStack_268;
undefined8 uStack_260;
undefined auStack_258 [528];
uint64_t uStack_48;
uStack_48 = [0x0x18003a010#SecurityCookie] ^ auStack_2c8;
iStack_268 = 0;
if (param_3 == 0x0) {
if (param_4 != 0x0) goto code_r0x000180006b94;
}
else if (param_4 == 0x0) {
code_r0x000180006b94:
sub_1800034b0(0x80004005);
pcVar1 = swi(3);
(*pcVar1)();
return;
}
piVar9 = 0x180032da8;
if (param_5 != 0x0) {
piVar9 = param_5;
}
iStack_26c = (*kernel32.GetModuleFileNameW)([0x0x18003b998], auStack_258 + 2, 0x104);
if (iStack_26c == 0) {
sub_1800034e0();
goto code_r0x000180006805;
}
if ((iStack_26c == 0x104) || (iVar5 = (*ole32.StringFromCLSID)(param_2, &uStack_260), uVar4 = uStack_260, iVar5 < 0)
) goto code_r0x000180006805;
if (param_3 == 0x0) {
code_r0x00018000672b:
if (param_4 != 0x0) {
uStack_2a8 = CONCAT44(uStack_2a8._4_4_, 1);
iStack_270 = sub_180003bc0(uVar4, param_4, param_3, piVar9);
goto code_r0x000180006750;
}
iStack_270 = 0;
code_r0x000180006765:
iVar10 = 0;
uStack_280 = 0;
uStack_278 = 0;
iStack_268 = 0;
uStack_2a8 = &iStack_268;
iVar5 = (*advapi32.RegOpenKeyExW)(0xffffffff80000000, "CLSID", 0, 0x2001f);
if (iVar5 == 0) {
iStack_288 = iStack_268;
uStack_2a0 = 0x2001f;
iVar5 = sub_180003820(&iStack_288, iStack_268, uVar4);
iVar10 = iStack_288;
if (iVar5 == 0) {
if (piVar9 == 0x0) {
iVar5 = 0xd;
}
else {
iVar8 = -1;
iVar6 = -1;
do {
iVar6 = iVar6 + 1;
} while (*(piVar9 + iVar6 * 2) != 0);
uStack_2a0 = iVar6 * 2 + 2;
uStack_2a8 = piVar9;
iVar5 = (*advapi32.RegSetValueExW)(iStack_288, 0, 0, 1);
uVar3 = uStack_280;
if (iVar5 == 0) {
if (param_3 != 0x0) {
iStack_288 = 0;
uStack_280 = 0;
uStack_278 = 0;
uStack_2a0 = uVar3 | 0x2001f;
iVar5 = sub_180003820(&iStack_288, iVar10, "ProgID");
iVar6 = iStack_288;
if (iVar5 == 0) {
iVar7 = -1;
do {
iVar7 = iVar7 + 1;
} while (*(param_3 + iVar7 * 2) != 0);
uStack_2a0 = iVar7 * 2 + 2;
uStack_2a8 = param_3;
iVar5 = (*advapi32.RegSetValueExW)(iStack_288, 0, 0, 1);
}
if (iVar6 != 0) {
(*advapi32.RegCloseKey)(iVar6);
}
if (iVar5 != 0) goto code_r0x0001800067d6;
}
if (param_4 != 0x0) {
iStack_288 = 0;
uStack_280 = 0;
uStack_278 = 0;
uStack_2a0 = uVar3 | 0x2001f;
iVar5 = sub_180003820(&iStack_288, iVar10, "VersionIndependentProgID");
iVar6 = iStack_288;
if (iVar5 == 0) {
iVar7 = -1;
do {
iVar7 = iVar7 + 1;
} while (*(param_4 + iVar7 * 2) != 0);
uStack_2a0 = iVar7 * 2 + 2;
uStack_2a8 = param_4;
iVar5 = (*advapi32.RegSetValueExW)(iStack_288, 0, 0, 1);
}
if (iVar6 != 0) {
(*advapi32.RegCloseKey)(iVar6);
}
if (iVar5 != 0) goto code_r0x0001800067d6;
}
if (([0x0x18003b998] == 0) ||
(iVar6 = (*kernel32.GetModuleHandleW)(0), [0x0x18003b998] == iVar6)) {
auStack_258._0_2_ = 0x22;
*(auStack_258 + (iStack_26c + 1) * 2) = 0x22;
uVar2 = (iStack_26c + 2) * 2;
if (0x20b < uVar2) {
__report_rangecheckfailure();
pcVar1 = swi(3);
(*pcVar1)();
return;
}
*(auStack_258 + uVar2) = 0;
iStack_288 = 0;
uStack_280 = 0;
uStack_278 = 0;
uStack_2a0 = uVar3 | 0x2001f;
iVar5 = sub_180003820(&iStack_288, iVar10, "LocalServer32");
iVar6 = iStack_288;
if (iVar5 == 0) {
do {
iVar8 = iVar8 + 1;
} while (*(auStack_258 + iVar8 * 2) != 0);
uStack_2a0 = iVar8 * 2 + 2;
uStack_2a8 = auStack_258;
iVar5 = (*advapi32.RegSetValueExW)(iStack_288, 0, 0, 1);
}
if (iVar6 != 0) {
(*advapi32.RegCloseKey)(iVar6);
}
}
else {
iStack_288 = 0;
uStack_280 = 0;
uStack_278 = 0;
uStack_2a0 = uVar3 | 0x2001f;
iVar5 = sub_180003820(&iStack_288, iVar10, "InprocServer32");
iVar6 = iStack_288;
if (iVar5 == 0) {
do {
iVar8 = iVar8 + 1;
} while (*(auStack_258 + iVar8 * 2 + 2) != 0);
uStack_2a0 = iVar8 * 2 + 2;
uStack_2a8 = auStack_258 + 2;
iVar5 = (*advapi32.RegSetValueExW)(iStack_288, 0, 0, 1);
}
if (iVar6 != 0) {
(*advapi32.RegCloseKey)(iVar6);
}
if (iVar5 == 0) {
iStack_288 = 0;
uStack_280 = 0;
uStack_278 = 0;
uStack_2a0 = uVar3 | 0x2001f;
iVar5 = sub_180003820(&iStack_288, iVar10, "InprocServer32");
iVar6 = iStack_288;
if (iVar5 == 0) {
uStack_2a0 = 10;
uStack_2a8 = "both";
iVar5 = (*advapi32.RegSetValueExW)(iStack_288, "ThreadingModel", 0, 1);
}
if (iVar6 != 0) {
(*advapi32.RegCloseKey)(iVar6);
}
}
}
}
}
}
}
code_r0x0001800067d6:
if (iVar10 != 0) {
(*advapi32.RegCloseKey)(iVar10);
}
}
else {
uStack_2a8 = uStack_2a8 & 0xffffffff00000000;
iStack_270 = sub_180003bc0(uStack_260, param_3, 0, piVar9);
if (iStack_270 == 0) {
iStack_270 = 0;
goto code_r0x00018000672b;
}
code_r0x000180006750:
iVar5 = 0;
if (iStack_270 == 0) goto code_r0x000180006765;
}
(*ole32.CoTaskMemFree)(uStack_260);
if (iVar5 != 0) {
HRESULT_FROM_WIN32(iVar5);
}
code_r0x000180006805:
__security_check_cookie(uStack_48 ^ auStack_2c8);
/* listing truncated */0x18000FE60 #8 str 7 api 36 imm 15 Unknown
CCertPolicySample.#8() {
mov r11, rsp
push rbp
push rbx
lea rbp, [r11-0x28]
sub rsp, 0x118
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp-0x20], rax
mov [r11+0x10], rsi
xor eax, eax
mov [r11-0x18], rdi
xorps xmm0, xmm0
mov [r11-0x20], r12
mov rsi, rcx
mov [r11-0x28], r13
mov r12d, eax
mov [r11-0x30], r14
mov r13d, r9d
mov [r11-0x38], r15
mov r14d, r8d
mov r15, [rbp+0x58]
mov [rsp+0x68], r9d
mov [rsp+0x40], rax
mov [rbp-0x80], rax
mov [rsp+0x78], rax
movdqu [rbp-0x78], xmm0
test r15, r15
jnz .2
mov ebx, 0x80004003
jmp .32
.2:
xor edx, edx
mov dword ptr [r15], 0x02
lea rax, [rsp+0x40]
lea r9, [ICertServerPolicy]
mov [rsp+0x20], rax
lea rcx, [0x180029580]
lea r8d, [rdx+0x01]
call [ole32.CoCreateInstance]
mov rdi, [rsp+0x40]
mov ebx, eax
test eax, eax
jnz .4
test rdi, rdi
jnz .3
mov ebx, 0x8000FFFF
jmp .32
.3:
test r14d, r14d
jz .4
mov rax, [rdi]
mov edx, r14d
mov rcx, rdi
call [rax+0x38]
mov rdi, [rsp+0x40]
mov ebx, eax
.4:
test ebx, ebx
jnz .32
lea rcx, [rsp+0x50]
call [oleaut32.VariantInit]
lea rcx, [rsp+0x50]
call [oleaut32.VariantInit]
lea rcx, ["RequestID"]
call [oleaut32.SysAllocString]
mov r14, rax
test rax, rax
jnz .5
mov rcx, rax
call [oleaut32.SysFreeString]
lea rcx, [rsp+0x50]
call [oleaut32.VariantClear]
mov ebx, 0x8007000E
mov [r15], ebx
jmp .31
.5:
mov rax, [rdi]
lea r9, [rsp+0x50]
mov r8d, 0x01
mov rdx, r14
mov rcx, rdi
call [rax+0x40]
mov ebx, eax
mov rcx, r14
call [oleaut32.SysFreeString]
lea rcx, [rsp+0x50]
test ebx, ebx
jnz .28
mov eax, 0x03
cmp ax, [rsp+0x50]
jz .6
call [oleaut32.VariantClear]
mov ebx, 0x80094004
mov [r15], ebx
jmp .31
.6:
mov r14d, [rsp+0x58]
call [oleaut32.VariantClear]
test r13d, r13d
jz .11
test dword ptr [rsi+0x6C], 0x400
jnz .11
mov rbx, [rsp+0x40]
lea rcx, [rsp+0x50]
call [oleaut32.VariantInit]
lea rcx, [rsp+0x50]
call [oleaut32.VariantInit]
lea rcx, ["RequesterCAAccess"]
call [oleaut32.SysAllocString]
mov rdi, rax
test rax, rax
jnz .10
mov rcx, rax
call [oleaut32.SysFreeString]
.7:
lea rcx, [rsp+0x50]
.8:
call [oleaut32.VariantClear]
.9:
mov ebx, 0x80094011
mov r12d, r14d
mov [r15], ebx
jmp .31
.10:
mov rax, [rbx]
lea r9, [rsp+0x50]
mov r8d, 0x01
mov rdx, rdi
mov rcx, rbx
call [rax+0x50]
mov ebx, eax
mov rcx, rdi
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .7
mov eax, 0x03
lea rcx, [rsp+0x50]
cmp ax, [rsp+0x50]
jnz .8
mov ebx, [rsp+0x58]
call [oleaut32.VariantClear]
test ebx, ebx
jz .9
.11:
mov r8, [rsp+0x40]
lea r9, [rsp+0x48]
mov rdx, rsi
lea rcx, [rbp-0x80]
call sub_180010660()
mov ebx, eax
mov r12d, r14d
test eax, eax
jnz .32
mov eax, [rsp+0x48]
lea r9d, [rbx+0x01]
mov rdx, [rsp+0x40]
mov r8d, r13d
mov rcx, rsi
mov [rsp+0x20], eax
call sub_18000d960()
mov ebx, eax
test eax, eax
jnz .32
mov edi, [rbp-0x60]
mov rcx, rsi
mov rdx, [rsp+0x40]
mov r8d, edi
call sub_18000ecc0()
mov ebx, eax
test eax, eax
jnz .32
mov rdx, [rsp+0x40]
mov r8d, edi
mov rcx, rsi
call sub_18000e330()
mov ebx, eax
test eax, eax
jnz .32
mov rdx, [rsp+0x40]
mov rcx, rsi
call sub_18000e790()
mov ebx, eax
test eax, eax
jnz .32
mov rdx, [rsp+0x40]
mov rcx, rsi
call sub_18000f350()
mov ebx, eax
test eax, eax
jnz .32
mov rbx, [rsp+0x40]
xor r13d, r13d
xor edx, edx
mov [rsp+0x48], r13
mov rcx, rbx
mov [rsp+0x70], r13
mov rax, [rbx]
call [rax+0x90]
mov edi, eax
test eax, eax
jnz .15
mov rax, [rbx]
lea rdx, [rsp+0x48]
mov rcx, rbx
call [rax+0x98]
mov edi, eax
cmp eax, 0x01
jz .13
nop [rax+rax*1], eax
.12:
test edi, edi
jnz .14
mov rax, [rbx]
lea r8, [rsp+0x70]
mov rdx, [rsp+0x48]
mov rcx, rbx
call [rax+0x48]
mov edi, eax
test eax, eax
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
void CCertPolicySample.#8
(int64_t param_1,undefined8 param_2,int32_t param_3,int32_t param_4,undefined8 param_5,int32_t *param_6)
{
char cVar1;
int64_t *piVar2;
undefined4 uVar3;
int32_t iVar4;
int32_t iVar5;
int64_t iVar6;
uint64_t uVar7;
uint64_t uVar8;
uint64_t uVar9;
undefined auStack_128 [32];
undefined8 uStack_108;
undefined4 uStack_100;
int64_t *piStack_e8;
undefined8 uStack_e0;
int64_t *piStack_d8;
uint64_t uStack_d0;
int32_t iStack_c0;
undefined8 uStack_b8;
undefined8 uStack_b0;
undefined8 uStack_a8;
undefined auStack_a0 [24];
undefined4 uStack_88;
undefined auStack_80 [56];
uint64_t uStack_48;
uStack_48 = [0x0x18003a010#SecurityCookie] ^ auStack_128;
uVar8 = 0;
piStack_e8 = 0x0;
uStack_a8 = 0;
uStack_b0 = 0;
auStack_a0._0_16_ = ZEXT816(0);
uVar9 = 0;
iStack_c0 = param_4;
if (param_6 != 0x0) {
*param_6 = 2;
uStack_108 = &piStack_e8;
iVar4 = (*ole32.CoCreateInstance)(0x180029580, 0, 1, &ICertServerPolicy);
uVar9 = uVar8;
if (iVar4 == 0) {
if (piStack_e8 == 0x0) goto code_r0x00018001045f;
if (param_3 != 0) {
iVar4 = (**(*piStack_e8 + 0x38))(piStack_e8, param_3);
}
}
piVar2 = piStack_e8;
if (iVar4 == 0) {
(*oleaut32.VariantInit)(&piStack_d8);
(*oleaut32.VariantInit)(&piStack_d8);
iVar6 = (*oleaut32.SysAllocString)("RequestID");
if (iVar6 == 0) {
(*oleaut32.SysFreeString)(0);
(*oleaut32.VariantClear)(&piStack_d8);
*param_6 = -0x7ff8fff2;
uVar8 = 0;
}
else {
iVar4 = (**(*piVar2 + 0x40))(piVar2, iVar6, 1, &piStack_d8);
(*oleaut32.SysFreeString)(iVar6);
uVar9 = uStack_d0;
if (iVar4 != 0) {
(*oleaut32.VariantClear)(&piStack_d8);
goto code_r0x000180010446;
}
if (piStack_d8 != 3) {
(*oleaut32.VariantClear)();
*param_6 = -0x7ff6bffc;
goto code_r0x000180010458;
}
(*oleaut32.VariantClear)();
piVar2 = piStack_e8;
if ((param_4 == 0) || ((*(param_1 + 0x6c) & 0x400) != 0)) {
code_r0x00018001008b:
iVar4 = sub_180010660(&uStack_a8, param_1, piStack_e8, &uStack_e0);
uVar8 = uVar9 & 0xffffffff;
uVar9 = uVar8;
if (iVar4 == 0) {
uStack_108 = CONCAT44(uStack_108._4_4_, uStack_e0);
iVar4 = sub_18000d960(param_1, piStack_e8, param_4, 1);
uVar3 = uStack_88;
if ((((iVar4 == 0) && (iVar4 = sub_18000ecc0(param_1, piStack_e8, uStack_88), iVar4 == 0)) &&
(iVar4 = sub_18000e330(param_1, piStack_e8, uVar3), iVar4 == 0)) &&
((iVar4 = sub_18000e790(param_1, piStack_e8), iVar4 == 0 &&
(iVar4 = sub_18000f350(param_1, piStack_e8), piVar2 = piStack_e8, iVar4 == 0)))) {
uStack_e0 = 0;
uStack_b8 = 0;
iVar4 = (**(*piStack_e8 + 0x90))(piStack_e8, 0);
if (iVar4 == 0) {
iVar5 = (**(*piVar2 + 0x98))(piVar2, &uStack_e0);
while (((iVar4 = 0, iVar5 != 1 && (iVar4 = iVar5, iVar5 == 0)) &&
(iVar4 = (**(*piVar2 + 0x48))(piVar2, uStack_e0, &uStack_b8), iVar4 == 0))) {
(*oleaut32.SysFreeString)(uStack_e0);
uStack_e0 = 0;
(*oleaut32.SysFreeString)(uStack_b8);
uStack_b8 = 0;
iVar5 = (**(*piVar2 + 0x98))(piVar2, &uStack_e0);
}
iVar5 = (**(*piVar2 + 0xa0))(piVar2);
if ((iVar5 != 0) && (iVar4 == 0)) {
(*oleaut32.SysFreeString)(uStack_e0);
(*oleaut32.SysFreeString)(uStack_b8);
goto code_r0x00018001045f;
}
}
(*oleaut32.SysFreeString)(uStack_e0);
(*oleaut32.SysFreeString)(uStack_b8);
piVar2 = piStack_e8;
if (iVar4 == 0) {
uVar7 = 0;
iVar4 = 0;
if (*(param_1 + 0x60) != 0) {
uVar7 = (*oleaut32.SysAllocString)();
if (uVar7 == 0) {
(*oleaut32.SysFreeString)(0);
goto code_r0x00018001045f;
}
piStack_d8._0_2_ = 8;
uStack_d0 = uVar7;
iVar6 = (*oleaut32.SysAllocString)("2.16.840.1.113730.1.3");
if (iVar6 == 0) {
iVar4 = -0x7ff8fff2;
}
else {
uStack_108 = &piStack_d8;
iVar4 = (**(*piVar2 + 0x70))(piVar2, iVar6, 4);
}
(*oleaut32.SysFreeString)(iVar6);
}
(*oleaut32.SysFreeString)(uVar7);
if (((iVar4 == 0) && (iVar4 = sub_18000dcc0(param_1, piStack_e8, uStack_88), iVar4 == 0)
) && (iVar4 = sub_18000df90(param_1, piStack_e8), iVar5 = iStack_c0, iVar4 == 0)) {
iVar4 = 0;
if ((*(param_1 + 0x6c) & 4) != 0) {
uStack_108 = uStack_108 & 0xffffffff00000000;
iVar4 = sub_18000d960(param_1, piStack_e8, iStack_c0, 0);
if (iVar4 != 0) goto code_r0x00018001045f;
}
if ((*(param_1 + 0xec) == 0) ||
(iVar4 = sub_18000f750(param_1, piStack_e8), iVar4 == 0)) {
piVar2 = piStack_e8;
if (((iVar5 == 0) || ((*(param_1 + 0x68) & 0x100) == 0)) &&
(cVar1 = *(param_1 + 0x68), cVar1 != '\0')) {
if (cVar1 == '\x01') {
*param_6 = 1;
}
else {
if (cVar1 != '\x02') {
if (cVar1 == '\x03') {
*param_6 = 1;
iVar6 = (*oleaut32.SysAllocString)("Disposition");
if (iVar6 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar4 = (**(*piVar2 + 0x48))(piVar2, iVar6, &uStack_b0);
(*oleaut32.SysFreeString)(iVar6);
if (iVar4 == 0) {
uStack_100 = 0xffffffff;
uStack_108 = "Deny";
iVar4 = (*kernel32.CompareStringW)
(0x7f, 1, uStack_b0, 0xffffffff);
if (iVar4 == 2) {
*param_6 = 2;
}
uStack_100 = 0xffffffff;
uStack_108 = "Pending";
iVar4 = (*kernel32.CompareStringW)(0x7f, 1, uStack_b0);
if (iVar4 == 2) {
*param_6 = 0;
}
}
}
goto code_r0x000180010458;
}
goto code_r0x000180010349;
}
*param_6 = 2;
}
}
else {
code_r0x000180010349:
*param_6 = 0;
}
code_r0x000180010446:
if (iVar4 < 0) {
*param_6 = iVar4;
}
else if (iVar4 != 0) {
*param_6 = 2;
}
goto code_r0x000180010458;
}
}
}
}
}
goto code_r0x00018001045f;
}
(*oleaut32.VariantInit)(&piStack_d8);
(*oleaut32.VariantInit)(&piStack_d8);
iVar6 = (*oleaut32.SysAllocString)("RequesterCAAccess");
if (iVar6 == 0) {
(*oleaut32.SysFreeString)(0);
code_r0x000180010030:
(*oleaut32.VariantClear)(&piStack_d8);
}
else {
iVar4 = (**(*piVar2 + 0x50))(piVar2, iVar6, 1, &piStack_d8);
(*oleaut32.SysFreeString)(iVar6);
if ((iVar4 != 0) || (piStack_d8 != 3)) goto code_r0x000180010030;
iVar4 = uStack_d0;
(*oleaut32.VariantClear)(&piStack_d8);
if (iVar4 != 0) goto code_r0x00018001008b;
}
/* listing truncated */0x180005420 sub_180005420 str 7 api 16 imm 26 Unknown
sub_180005420() {
push rbp
push rbx
push rsi
push rdi
push r12
push r13
push r14
push r15
lea rbp, [rsp-0x21D8]
mov eax, 0x22D8
call _alloca_probe()
sub rsp, rax
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x21C0], rax
mov [rsp+0x60], r9d
mov r14, r8
mov [rsp+0x70], r8
mov rsi, rdx
mov r15, rcx
xor r13d, r13d
mov [rsp+0x78], r13
mov [rbp-0x80], r13d
mov [rbp-0x78], r13
.1:
call sub_180004590()
.2:
mov ebx, eax
test eax, eax
js .37
.3:
cmp word ptr [rsi], 0x7D
jz .37
mov r12d, 0x01
lea rdx, ["Delete"]
mov rcx, rsi
call [kernel32.lstrcmpiW]
xor edi, edi
test eax, eax
setz dil
lea rdx, ["ForceRemove"]
mov rcx, rsi
call [kernel32.lstrcmpiW]
test eax, eax
jz .4
test edi, edi
jz .10
.4:
mov rdx, rsi
mov rcx, r15
call sub_180004590()
mov ebx, eax
test eax, eax
js .37
cmp dword ptr [rsp+0x60], 0x00
jz .10
xor eax, eax
mov [rbp-0x70], rax
mov [rbp-0x68], eax
mov [rbp-0x60], rax
mov rcx, rsi
movzx eax, word ptr [rsi]
test ax, ax
jz .7
.5:
cmp ax, 0x5C
jz .6
call [user32.CharNextW]
mov rcx, rax
movzx eax, word ptr [rax]
test ax, ax
jnz .5
jmp .7
.6:
test rcx, rcx
jnz .40
.7:
lea rbx, [0x180033470]
nop [rax+rax*1], ax
.8:
mov rdx, [rbx]
mov rcx, rsi
call [kernel32.lstrcmpiW]
test eax, eax
jz .9
add rbx, 0x08
lea rax, ["LocalServer32"]
cmp rbx, rax
jl .8
mov [rbp-0x70], r14
mov rdx, rsi
lea rcx, [rbp-0x70]
call sub_180003a70()
.9:
test edi, edi
jz .10
mov rdx, rsi
mov rcx, r15
call sub_180004590()
mov ebx, eax
test eax, eax
js .37
mov rdx, rsi
mov rcx, r15
call sub_180004d40()
mov ebx, eax
test eax, eax
js .37
mov edi, [rsp+0x60]
jmp .20
.10:
lea rdx, ["NoRemove"]
mov rcx, rsi
call [kernel32.lstrcmpiW]
test eax, eax
jnz .11
xor r12d, r12d
mov rdx, rsi
mov rcx, r15
call sub_180004590()
mov ebx, eax
test eax, eax
js .37
.11:
lea rdx, [0x180032D60]
mov rcx, rsi
call [kernel32.lstrcmpiW]
test eax, eax
jnz .14
lea rdx, [rbp+0x1C0]
mov rcx, r15
call sub_180004590()
mov ebx, eax
test eax, eax
js .37
mov rdx, rsi
mov rcx, r15
call sub_180004590()
mov ebx, eax
test eax, eax
js .37
cmp word ptr [rsi], 0x3D
jnz .40
mov edi, [rsp+0x60]
test edi, edi
jz .12
mov [rbp-0x70], r14
mov dword ptr [rbp-0x68], 0x00
mov qword ptr [rbp-0x60], 0x00
mov r9, rsi
lea r8, [rbp+0x1C0]
lea rdx, [rbp-0x70]
mov rcx, r15
call sub_180004760()
mov ebx, eax
test eax, eax
js .37
jmp .20
.12:
cmp dword ptr [rbp+0x2240], 0x00
jnz .13
test r12d, r12d
jz .13
mov qword ptr [rsp+0x68], 0x00
lea rax, [rsp+0x68]
mov [rsp+0x20], rax
mov r9d, 0x20006
xor r8d, r8d
xor edx, edx
mov rcx, r14
call [advapi32.RegOpenKeyExW]
test eax, eax
jnz .35
mov rdi, [rsp+0x68]
lea rdx, [rbp+0x1C0]
mov rcx, rdi
call [advapi32.RegDeleteValueW]
test eax, 0xFFFFFFFD
jnz .39
test rdi, rdi
jz .13
mov rcx, rdi
call [advapi32.RegCloseKey]
.13:
mov rdx, rsi
mov rcx, r15
call sub_180004d40()
jmp .2
.14:
mov rcx, rsi
movzx eax, word ptr [rsi]
test ax, ax
jz .17
nop [rax], eax
.15:
cmp ax, 0x5C
jz .16
call [user32.CharNextW]
mov rcx, rax
movzx eax, word ptr [rax]
test ax, ax
jnz .15
jmp .17
.16:
test rcx, rcx
jnz .40
.17:
mov edi, [rsp+0x60]
test edi, edi
jz .22
mov r9d, 0x2001F
mov r8, rsi
mov rdx, r14
lea rcx, [rsp+0x78]
call sub_180003970()
test eax, eax
jz .18
mov r9d, 0x20019
mov r8, rsi
; listing truncated
/* WARNING: Possible PIC construction at 0x0001800057d8: Changing call to branch */
/* WARNING: Possible PIC construction at 0x0001800058c4: Changing call to branch */
/* WARNING: Removing unreachable block (ram,0x0001800057dd) */
/* WARNING: Removing unreachable block (ram,0x0001800057e7) */
/* WARNING: Removing unreachable block (ram,0x0001800058c9) */
/* WARNING: Removing unreachable block (ram,0x0001800058cf) */
/* WARNING: Removing unreachable block (ram,0x0001800058d8) */
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_180005420(undefined8 param_1,int16_t *param_2,uint64_t param_3,uint64_t param_4)
{
int16_t iVar1;
undefined8 uVar2;
uint64_t uVar3;
code *pcVar4;
int32_t iVar5;
int32_t iVar6;
uint32_t uVar7;
uint32_t uVar8;
int32_t iVar9;
int64_t iVar10;
int16_t *piVar11;
int64_t iVar12;
uint64_t unaff_RBX;
undefined8 *puVar13;
undefined8 *puVar14;
undefined8 *puVar15;
undefined *unaff_RBP;
int16_t *unaff_RSI;
uint64_t unaff_RDI;
undefined4 uVar16;
undefined8 unaff_R12;
uint64_t unaff_R13;
uint64_t unaff_R14;
undefined8 unaff_R15;
sub_180005420:
uVar16 = param_4;
*(register0x00000020 + -8) = unaff_RBP;
*(register0x00000020 + -0x10) = unaff_RBX;
*(register0x00000020 + -0x18) = unaff_RSI;
*(register0x00000020 + -0x20) = unaff_RDI;
*(register0x00000020 + -0x28) = unaff_R12;
*(register0x00000020 + -0x30) = unaff_R13;
*(register0x00000020 + -0x38) = unaff_R14;
*(register0x00000020 + -0x40) = unaff_R15;
unaff_RBP = register0x00000020 + -0x2218;
*(register0x00000020 + -0x48) = 0x18000543f;
iVar10 = _alloca_probe();
iVar10 = -iVar10;
*(register0x00000020 + -0x58) = [0x0x18003a010#SecurityCookie] ^ register0x00000020 + iVar10 + -0x40;
*(register0x00000020 + iVar10 + 0x20) = uVar16;
*(register0x00000020 + iVar10 + 0x30) = param_3;
*(register0x00000020 + iVar10 + 0x38) = 0;
*(register0x00000020 + -0x2298) = 0;
*(register0x00000020 + -0x2290) = 0;
*(register0x00000020 + iVar10 + -0x48) = 0x18000547b;
iVar5 = sub_180004590();
uVar3 = 0;
unaff_R14 = param_3;
do {
param_3 = uVar3;
if (iVar5 < 0) goto code_r0x000180005a6f;
code_r0x000180005485:
while( true ) {
if (*param_2 == 0x7d) goto code_r0x000180005a6f;
unaff_R12 = 1;
*(register0x00000020 + iVar10 + -0x48) = 0x1800054a5;
iVar5 = (*kernel32.lstrcmpiW)(param_2, "Delete");
*(register0x00000020 + iVar10 + -0x48) = 0x1800054bd;
iVar6 = (*kernel32.lstrcmpiW)(param_2, "ForceRemove");
unaff_RSI = param_2;
unaff_R15 = param_1;
if ((iVar6 != 0) && (iVar5 != 0)) break;
*(register0x00000020 + iVar10 + -0x48) = 0x1800054d4;
iVar6 = sub_180004590(param_1, param_2);
if (iVar6 < 0) goto code_r0x000180005a6f;
if (*(register0x00000020 + iVar10 + 0x20) == 0) break;
*(register0x00000020 + -0x2288) = 0;
*(register0x00000020 + -0x2280) = 0;
*(register0x00000020 + -0x2278) = 0;
iVar1 = *param_2;
piVar11 = param_2;
while (iVar1 != 0) {
if (iVar1 == 0x5c) {
if (piVar11 != 0x0) goto code_r0x000180005a6f;
break;
}
*(register0x00000020 + iVar10 + -0x48) = 0x18000550d;
piVar11 = (*user32.CharNextW)();
iVar1 = *piVar11;
}
puVar13 = 0x180033470;
do {
uVar2 = *puVar13;
*(register0x00000020 + iVar10 + -0x48) = 0x18000553c;
iVar6 = (*kernel32.lstrcmpiW)(param_2, uVar2);
if (iVar6 == 0) goto code_r0x000180005560;
puVar13 = puVar13 + 1;
} while (puVar13 < "LocalServer32");
*(register0x00000020 + -0x2288) = unaff_R14;
*(register0x00000020 + iVar10 + -0x48) = 0x180005560;
sub_180003a70(register0x00000020 + -0x2288, param_2);
code_r0x000180005560:
if (iVar5 != 0) break;
*(register0x00000020 + iVar10 + -0x48) = 0x18000556f;
iVar5 = sub_180004590(param_1, param_2);
if (iVar5 < 0) goto code_r0x000180005a6f;
*(register0x00000020 + iVar10 + -0x48) = 0x180005584;
uVar7 = sub_180004d40(param_1, param_2);
unaff_RBX = uVar7;
if (uVar7 < 0) goto code_r0x000180005a6f;
unaff_RDI = *(register0x00000020 + iVar10 + 0x20);
code_r0x00018000579f:
if (*param_2 == 0x7b) {
iVar12 = -1;
do {
iVar12 = iVar12 + 1;
} while (param_2[iVar12] != 0);
if (iVar12 == 1) {
*(register0x00000020 + iVar10 + -0x20) = 0;
puVar14 = register0x00000020 + iVar10 + -0x48;
register0x00000020 = register0x00000020 + iVar10 + -0x48;
*puVar14 = 0x1800057dd;
param_4 = unaff_RDI;
unaff_R13 = param_3;
goto sub_180005420;
}
}
}
*(register0x00000020 + iVar10 + -0x48) = 0x1800055a7;
iVar5 = (*kernel32.lstrcmpiW)(param_2, "NoRemove");
if (iVar5 == 0) {
unaff_R12 = 0;
*(register0x00000020 + iVar10 + -0x48) = 0x1800055b9;
iVar5 = sub_180004590(param_1, param_2);
if (iVar5 < 0) goto code_r0x000180005a6f;
}
*(register0x00000020 + iVar10 + -0x48) = 0x1800055d3;
iVar5 = (*kernel32.lstrcmpiW)(param_2, 0x180032d60);
iVar6 = unaff_R12;
if (iVar5 != 0) {
iVar1 = *param_2;
piVar11 = param_2;
while (iVar1 != 0) {
if (iVar1 == 0x5c) {
if (piVar11 != 0x0) goto code_r0x000180005a6f;
break;
}
*(register0x00000020 + iVar10 + -0x48) = 0x1800056ec;
piVar11 = (*user32.CharNextW)();
iVar1 = *piVar11;
}
unaff_RDI = *(register0x00000020 + iVar10 + 0x20);
if (*(register0x00000020 + iVar10 + 0x20) != 0) {
*(register0x00000020 + iVar10 + -0x48) = 0x180005724;
iVar5 = sub_180003970(register0x00000020 + iVar10 + 0x38, unaff_R14, param_2, 0x2001f);
if (iVar5 == 0) {
code_r0x000180005762:
*(register0x00000020 + iVar10 + -0x48) = 0x18000576d;
uVar7 = sub_180004590(param_1, param_2);
if (-1 < uVar7) {
if (*param_2 == 0x3d) {
*(register0x00000020 + iVar10 + -0x48) = 0x180005790;
uVar7 = sub_180004760(param_1, register0x00000020 + iVar10 + 0x38, 0, param_2);
if (uVar7 < 0) goto code_r0x000180005acb;
}
unaff_RBX = uVar7;
param_3 = *(register0x00000020 + iVar10 + 0x38);
goto code_r0x00018000579f;
}
}
else {
*(register0x00000020 + iVar10 + -0x48) = 0x18000573e;
iVar5 = sub_180003970(register0x00000020 + iVar10 + 0x38, unaff_R14, param_2, 0x20019);
if (iVar5 == 0) goto code_r0x000180005762;
*(register0x00000020 + iVar10 + -0x18) = 0x2001f;
*(register0x00000020 + iVar10 + -0x48) = 0x18000575a;
iVar5 = sub_180003820(register0x00000020 + iVar10 + 0x38, unaff_R14, param_2);
if (iVar5 == 0) goto code_r0x000180005762;
*(register0x00000020 + iVar10 + -0x48) = 0x180005ac9;
HRESULT_FROM_WIN32(iVar5);
}
code_r0x000180005acb:
param_3 = *(register0x00000020 + iVar10 + 0x38);
goto code_r0x000180005a6f;
}
uVar7 = *(register0x00000020 + 0x28);
if (uVar7 == 0) {
*(register0x00000020 + iVar10 + -0x48) = 0x180005812;
uVar8 = sub_180003970(register0x00000020 + iVar10 + 0x38, unaff_R14, param_2, 0x20019);
unaff_RDI = uVar8;
param_3 = *(register0x00000020 + iVar10 + 0x38);
}
else {
unaff_RDI = 2;
}
iVar5 = unaff_RDI;
unaff_R14 = 1;
if (iVar5 == 0) {
unaff_R14 = uVar7;
}
*(register0x00000020 + iVar10 + -0x48) = 0x180005844;
iVar9 = sub_18001b800(register0x00000020 + -0x2268, 0x104);
if (iVar9 != 0) {
if (iVar9 == 0xc) {
*(register0x00000020 + iVar10 + -0x48) = 0x180005ae0;
sub_1800034b0(0x8007000e);
pcVar4 = swi(3);
(*pcVar4)();
return;
}
if ((iVar9 == 0x16) || (iVar9 == 0x22)) {
*(register0x00000020 + iVar10 + -0x48) = 0x180005af6;
sub_1800034b0(0x80070057);
pcVar4 = swi(3);
(*pcVar4)();
/* listing truncated */0x18000F350 sub_18000f350 str 6 api 28 imm 14 Unknown
sub_18000f350() {
push rbp
push rbx
push rdi
push r13
push r15
lea rbp, [rsp-0x37]
sub rsp, 0xA0
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x2F], rax
xor edi, edi
mov rbx, rcx
lea rcx, [rbp-0x19]
mov [rbp-0x31], rdi
mov [rbp-0x29], rdi
mov r13d, edi
mov [rbp-0x21], rdi
mov r15, rdx
call [oleaut32.VariantInit]
test byte ptr [rbx+0x6C], 0x20
jnz .1
mov ebx, edi
jmp .25
.1:
mov [rsp+0xD0], rsi
lea rcx, ["ExpirationDate"]
mov [rsp+0xE0], r12
mov [rsp+0xE8], r14
call [oleaut32.SysAllocString]
mov rsi, rax
test rax, rax
jnz .4
mov rcx, rax
call [oleaut32.SysFreeString]
.2:
lea rcx, ["ValidityPeriod"]
call [oleaut32.SysAllocString]
mov r14, rax
test rax, rax
jz .3
mov rax, [r15]
lea r8, [rbp-0x31]
mov rdx, r14
mov rcx, r15
call [rax+0x48]
mov esi, eax
mov rcx, r14
call [oleaut32.SysFreeString]
test esi, esi
jnz .8
lea rcx, ["ValidityPeriodUnits"]
call [oleaut32.SysAllocString]
mov r14, rax
test rax, rax
jnz .7
.3:
mov rcx, r14
mov esi, 0x8007000E
call [oleaut32.SysFreeString]
cmp esi, 0x80094004
mov ebx, edi
cmovnz ebx, esi
jmp .24
.4:
mov rax, [r15]
lea r8, [rbp-0x21]
mov rdx, rsi
mov rcx, r15
call [rax+0x48]
mov ebx, eax
mov rcx, rsi
call [oleaut32.SysFreeString]
test ebx, ebx
js .2
mov rcx, [rbp-0x21]
lea rdx, [rbp+0x0F]
call [winhttp.WinHttpTimeToSystemTime]
test eax, eax
jnz .6
call [kernel32.GetLastError]
mov ebx, eax
cmp eax, 0x02
jl .24
test eax, eax
jle .5
movzx ebx, ax
or ebx, 0x80070000
.5:
test bx, bx
mov esi, 0x8000FFFF
cmovz ebx, esi
jmp .24
.6:
lea rdx, [rbp-0x11]
lea rcx, [rbp+0x0F]
call [oleaut32.SystemTimeToVariantTime]
test eax, eax
jz .12
mov eax, 0x07
mov [rbp-0x19], ax
jmp .21
.7:
mov rax, [r15]
lea r8, [rbp-0x29]
mov rdx, r14
mov rcx, r15
call [rax+0x48]
mov esi, eax
mov rcx, r14
call [oleaut32.SysFreeString]
test esi, esi
jz .9
.8:
cmp esi, 0x80094004
mov ebx, edi
cmovnz ebx, esi
jmp .24
.9:
mov rcx, [rbp-0x29]
lea rdx, [rbp-0x39]
call sub_1800032c0()
mov r14d, eax
cmp [rbp-0x39], edi
jnz .10
mov rax, [rbp-0x29]
lea rdx, [rbp-0x39]
mov rcx, [rbp-0x31]
mov [rbp-0x29], rcx
mov [rbp-0x31], rax
call sub_1800032c0()
mov r14d, eax
cmp [rbp-0x39], edi
jz .12
.10:
mov rsi, [rbp-0x31]
lea rbx, [0x18003AA00]
lea r12, [0x18003AA70]
.11:
mov rax, [rbx]
mov r9d, 0xFFFFFFFF
mov dword ptr [rsp+0x28], 0xFFFFFFFF
mov r8, rsi
mov [rsp+0x20], rax
lea edx, [r9+0x02]
lea ecx, [rdx+0x7E]
call [kernel32.CompareStringW]
cmp eax, 0x02
jz .13
add rbx, 0x10
cmp rbx, r12
jb .11
.12:
mov ebx, 0x8007000D
jmp .24
.13:
mov r12d, [rbx+0x08]
lea rcx, ["NotBefore"]
mov eax, 0x7FFFFFFF
test r14d, r14d
cmovs r14d, eax
call [oleaut32.SysAllocString]
mov r13, rax
test rax, rax
jz .22
mov rax, [r15]
lea r9, [rbp-0x19]
mov r8d, 0x02
mov rdx, r13
mov rcx, r15
call [rax+0x50]
mov ebx, eax
test eax, eax
jnz .24
movsd xmm1, qword ptr [rbp-0x11]
xorps xmm0, xmm0
ucomisd xmm1, xmm0
mov ebx, edi
jp .14
jnz .14
lea rcx, [rbp-0x01]
call [kernel32.GetSystemTime]
jmp .15
.14:
lea rdx, [rbp-0x01]
movaps xmm0, xmm1
call [oleaut32.VariantTimeToSystemTime]
test eax, eax
jz .12
.15:
lea rdx, [rbp-0x39]
lea rcx, [rbp-0x01]
call [kernel32.SystemTimeToFileTime]
mov esi, 0x8000FFFF
test eax, eax
jnz .17
call [kernel32.GetLastError]
mov ebx, eax
cmp eax, 0x02
jl .17
test eax, eax
jle .16
movzx ebx, ax
or ebx, 0x80070000
.16:
test bx, bx
cmovz ebx, esi
.17:
test ebx, ebx
jnz .24
mov r8d, r12d
lea rcx, [rbp-0x39]
mov edx, r14d
call sub_180002e80()
lea rdx, [rbp+0x1F]
lea rcx, [rbp-0x39]
call [kernel32.FileTimeToSystemTime]
test eax, eax
jnz .19
call [kernel32.GetLastError]
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_18000f350(int64_t param_1,int64_t *param_2)
{
undefined4 uVar1;
undefined8 uVar2;
undefined8 uVar3;
int32_t iVar4;
int32_t iVar5;
uint32_t uVar6;
int64_t iVar7;
int64_t iVar8;
int64_t iVar9;
undefined8 *puVar10;
int64_t iVar11;
int64_t iVar13;
undefined auStack_c8 [32];
undefined8 uStack_a8;
undefined4 uStack_a0;
int32_t aiStack_98 [2];
undefined8 uStack_90;
undefined8 uStack_88;
undefined8 uStack_80;
undefined2 auStack_78 [4];
double adStack_70 [2];
undefined auStack_60 [16];
undefined auStack_50 [16];
undefined auStack_40 [16];
uint64_t uStack_30;
int64_t iVar12;
uStack_30 = [0x0x18003a010#SecurityCookie] ^ auStack_c8;
iVar12 = 0;
iVar11 = 0;
uStack_90 = 0;
uStack_88 = 0;
uVar6 = 0;
iVar13 = 0;
uStack_80 = 0;
(*oleaut32.VariantInit)(auStack_78);
iVar9 = iVar12;
iVar8 = iVar12;
if ((*(param_1 + 0x6c) & 0x20) == 0) goto code_r0x00018000f6eb;
iVar7 = (*oleaut32.SysAllocString)("ExpirationDate");
iVar8 = iVar13;
if (iVar7 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar4 = (**(*param_2 + 0x48))(param_2, iVar7, &uStack_80);
(*oleaut32.SysFreeString)(iVar7);
if (-1 < iVar4) {
iVar4 = (*winhttp.WinHttpTimeToSystemTime)(uStack_80, auStack_50);
if (iVar4 == 0) {
(*kernel32.GetLastError)();
iVar9 = iVar11;
}
else {
iVar4 = (*oleaut32.SystemTimeToVariantTime)(auStack_50, adStack_70);
if (iVar4 != 0) {
auStack_78[0] = 7;
code_r0x00018000f69f:
iVar9 = (*oleaut32.SysAllocString)("NotAfter");
iVar8 = iVar12;
if (iVar9 != 0) {
(**(*param_2 + 0x58))(param_2, iVar9, 2, auStack_78);
}
}
}
goto code_r0x00018000f6eb;
}
}
iVar7 = (*oleaut32.SysAllocString)("ValidityPeriod");
if (iVar7 != 0) {
iVar4 = (**(*param_2 + 0x48))(param_2, iVar7, &uStack_90);
(*oleaut32.SysFreeString)(iVar7);
if (iVar4 != 0) goto code_r0x00018000f6eb;
iVar7 = (*oleaut32.SysAllocString)("ValidityPeriodUnits");
if (iVar7 != 0) {
iVar4 = (**(*param_2 + 0x48))(param_2, iVar7, &uStack_88);
(*oleaut32.SysFreeString)(iVar7);
if (iVar4 == 0) {
iVar4 = sub_1800032c0(uStack_88, aiStack_98);
uVar3 = uStack_88;
uVar2 = uStack_90;
if (aiStack_98[0] == 0) {
uStack_88 = uStack_90;
uStack_90 = uVar3;
iVar4 = sub_1800032c0(uVar2, aiStack_98);
iVar8 = iVar12;
if (aiStack_98[0] == 0) goto code_r0x00018000f6eb;
}
uVar2 = uStack_90;
puVar10 = 0x18003aa00;
do {
uStack_a8 = *puVar10;
uStack_a0 = 0xffffffff;
iVar5 = (*kernel32.CompareStringW)(0x7f, 1, uVar2);
if (iVar5 == 2) {
uVar1 = *(puVar10 + 1);
if (iVar4 < 0) {
iVar4 = 0x7fffffff;
}
iVar8 = (*oleaut32.SysAllocString)("NotBefore");
if ((iVar8 == 0) ||
(iVar5 = (**(*param_2 + 0x50))(param_2, iVar8, 2, auStack_78), iVar9 = iVar11, iVar5 != 0))
break;
if (adStack_70[0] == 0.0) {
(*kernel32.GetSystemTime)(auStack_60);
}
else {
iVar5 = (*oleaut32.VariantTimeToSystemTime)(SUB84(adStack_70[0], 0), auStack_60);
iVar9 = iVar12;
if (iVar5 == 0) break;
}
iVar5 = (*kernel32.SystemTimeToFileTime)(auStack_60, aiStack_98);
if ((iVar5 == 0) && (uVar6 = (*kernel32.GetLastError)(), 1 < uVar6)) {
if (0 < uVar6) {
uVar6 = uVar6 & 0xffff | 0x80070000;
}
if (uVar6 == 0) {
uVar6 = 0x8000ffff;
}
}
iVar9 = iVar11;
if (uVar6 == 0) {
sub_180002e80(aiStack_98, iVar4, uVar1);
iVar4 = (*kernel32.FileTimeToSystemTime)(aiStack_98, auStack_40);
if (iVar4 == 0) {
uVar6 = (*kernel32.GetLastError)();
if (1 < uVar6) {
if (0 < uVar6) {
uVar6 = uVar6 & 0xffff | 0x80070000;
}
if (uVar6 == 0) {
uVar6 = 0x8000ffff;
}
}
}
else {
iVar4 = (*oleaut32.SystemTimeToVariantTime)(auStack_40, adStack_70);
uVar6 = 0;
if (iVar4 == 0) {
uVar6 = 0x8007000d;
}
}
iVar12 = iVar8;
if (uVar6 == 0) goto code_r0x00018000f69f;
}
break;
}
puVar10 = puVar10 + 2;
iVar8 = iVar13;
} while (puVar10 < 0x18003aa70);
}
goto code_r0x00018000f6eb;
}
}
(*oleaut32.SysFreeString)(iVar7);
iVar8 = iVar12;
code_r0x00018000f6eb:
(*oleaut32.VariantClear)(auStack_78);
(*oleaut32.SysFreeString)(uStack_90);
(*oleaut32.SysFreeString)(uStack_88);
(*oleaut32.SysFreeString)(iVar8);
(*oleaut32.SysFreeString)(iVar9);
(*oleaut32.SysFreeString)(uStack_80);
__security_check_cookie(uStack_30 ^ auStack_c8);
return;
}
0x18000ECC0 sub_18000ecc0 str 6 api 19 imm 8 Unknown
sub_18000ecc0() {
mov [rsp+0x20], rbx
push rbp
push rsi
push rdi
push r12
push r13
push r14
push r15
lea rbp, [rsp-0x27]
sub rsp, 0xA0
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x1F], rax
mov r12, rcx
xor r14d, r14d
lea rcx, [rbp-0x29]
mov [rbp-0x39], r14
mov r13d, r14d
mov edi, r8d
mov rsi, rdx
call [oleaut32.VariantInit]
test byte ptr [r12+0x6C], 0x80
jz .2
lea rcx, ["2.5.29.19"]
call [oleaut32.SysAllocString]
mov r15, rax
test rax, rax
jnz .1
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .2
.1:
mov rax, [rsi]
lea r9, [rbp-0x29]
mov r8d, 0x03
mov rdx, r15
mov rcx, rsi
call [rax+0x60]
mov ebx, eax
mov rcx, r15
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .2
mov rax, [rsi]
lea rdx, [rbp-0x31]
mov rcx, rsi
call [rax+0x68]
test eax, eax
jnz .2
mov rbx, [rbp-0x21]
lea rax, [basicConstraints]
test byte ptr [rbp-0x31], 0x01
mov r15d, 0x01
mov [rbp-0x11], rax
mov rcx, rbx
mov eax, r14d
mov [rbp+0x07], rbx
cmovnz eax, r15d
mov [rbp-0x09], eax
call [oleaut32.SysStringByteLen]
mov dword ptr [rbp-0x2D], 0x0C
lea r13, [rbp-0x11]
mov [rbp-0x01], eax
test edi, edi
jnz .2
lea rcx, [rbp-0x2D]
mov r9d, eax
mov [rsp+0x30], rcx
lea edx, [rdi+0x0F]
lea rcx, [rbp+0x0F]
mov r8, rbx
mov [rsp+0x28], rcx
mov ecx, r15d
mov [rsp+0x20], r14d
call [crypt32.CryptDecodeObject]
test eax, eax
cmovnz edi, [rbp+0x0F]
.2:
test dword ptr [r12+0x6C], 0x200
jz .8
test edi, edi
jnz .8
lea rcx, ["CertType"]
call [oleaut32.SysAllocString]
mov r15, rax
test rax, rax
jnz .3
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .5
.3:
mov rax, [rsi]
lea r8, [rbp-0x39]
mov rdx, r15
mov rcx, rsi
call [rax+0x48]
mov ebx, eax
mov rcx, r15
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .5
mov r8, [rbp-0x39]
lea rax, [0x18003429C]
mov dword ptr [rsp+0x28], 0xFFFFFFFF
lea r9d, [rbx-0x01]
lea edx, [rbx+0x01]
mov [rsp+0x20], rax
lea ecx, [rbx+0x7F]
call [kernel32.CompareStringW]
mov rcx, [rbp-0x39]
cmp eax, 0x02
jnz .4
lea edi, [rbx+0x01]
call [oleaut32.SysFreeString]
mov [rbp-0x39], r14
jmp .8
.4:
call [oleaut32.SysFreeString]
mov [rbp-0x39], r14
.5:
lea rcx, ["CertificateTemplate"]
call [oleaut32.SysAllocString]
mov r15, rax
test rax, rax
jnz .6
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .8
.6:
mov rax, [rsi]
lea r8, [rbp-0x39]
mov rdx, r15
mov rcx, rsi
call [rax+0x48]
mov ebx, eax
mov rcx, r15
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .8
mov r8, [rbp-0x39]
lea r9d, [rbx-0x01]
mov ebx, 0x01
mov dword ptr [rsp+0x28], 0xFFFFFFFF
lea rax, ["SubCA"]
mov edx, ebx
mov [rsp+0x20], rax
lea ecx, [rbx+0x7E]
call [kernel32.CompareStringW]
cmp eax, 0x02
jz .7
mov r8, [rbp-0x39]
lea rax, ["CrossCA"]
mov dword ptr [rsp+0x28], 0xFFFFFFFF
lea r9d, [rbx-0x02]
mov edx, ebx
mov [rsp+0x20], rax
lea ecx, [rbx+0x7E]
call [kernel32.CompareStringW]
cmp eax, 0x02
jnz .8
.7:
mov edi, ebx
.8:
test r13, r13
mov r9d, edi
mov r8, r13
mov rdx, rsi
setnz r14b
mov rcx, r12
mov [rsp+0x20], r14d
call sub_18000ef80()
mov ebx, eax
lea rcx, [rbp-0x29]
call [oleaut32.VariantClear]
mov rcx, [rbp-0x39]
call [oleaut32.SysFreeString]
mov eax, ebx
mov rcx, [rbp+0x1F]
xor rcx, rsp
call __security_check_cookie()
mov rbx, [rsp+0xF8]
add rsp, 0xA0
pop r15
pop r14
pop r13
pop r12
pop rdi
pop rsi
pop rbp
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_18000ecc0(int64_t param_1,int64_t *param_2,int32_t param_3)
{
int32_t iVar1;
int64_t iVar2;
undefined **ppuVar3;
undefined **ppuVar4;
undefined auStack_d8 [32];
undefined8 uStack_b8;
undefined8 uStack_b0;
undefined4 *puStack_a8;
undefined8 uStack_98;
uint8_t auStack_90 [4];
undefined4 uStack_8c;
undefined auStack_88 [8];
undefined8 uStack_80;
undefined *puStack_70;
uint32_t uStack_68;
undefined4 uStack_60;
undefined8 uStack_58;
int32_t aiStack_50 [4];
uint64_t uStack_40;
uStack_40 = [0x0x18003a010#SecurityCookie] ^ auStack_d8;
uStack_98 = 0;
ppuVar3 = 0x0;
(*oleaut32.VariantInit)(auStack_88);
ppuVar4 = 0x0;
if ((*(param_1 + 0x6c) & 0x80) != 0) {
iVar2 = (*oleaut32.SysAllocString)("2.5.29.19");
ppuVar4 = ppuVar3;
if (iVar2 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar1 = (**(*param_2 + 0x60))(param_2, iVar2, 3, auStack_88);
(*oleaut32.SysFreeString)(iVar2);
if ((iVar1 == 0) && (iVar1 = (**(*param_2 + 0x68))(param_2, auStack_90), iVar1 == 0)) {
puStack_70 = &basicConstraints;
uStack_58 = uStack_80;
uStack_68 = (auStack_90[0] & 1) != 0;
uStack_60 = (*oleaut32.SysStringByteLen)(uStack_80);
uStack_8c = 0xc;
ppuVar4 = &puStack_70;
if (param_3 == 0) {
puStack_a8 = &uStack_8c;
uStack_b0 = aiStack_50;
uStack_b8 = uStack_b8 & 0xffffffff00000000;
iVar1 = (*crypt32.CryptDecodeObject)(1, 0xf, uStack_80, uStack_60);
if (iVar1 != 0) {
param_3 = aiStack_50[0];
}
}
}
}
}
if (((*(param_1 + 0x6c) & 0x200) != 0) && (param_3 == 0)) {
iVar2 = (*oleaut32.SysAllocString)("CertType");
if (iVar2 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar1 = (**(*param_2 + 0x48))(param_2, iVar2, &uStack_98);
(*oleaut32.SysFreeString)(iVar2);
if (iVar1 == 0) {
uStack_b0 = CONCAT44(uStack_b0._4_4_, 0xffffffff);
uStack_b8 = 0x18003429c;
iVar1 = (*kernel32.CompareStringW)(0x7f, 1, uStack_98, 0xffffffff);
if (iVar1 == 2) {
param_3 = 1;
(*oleaut32.SysFreeString)();
uStack_98 = 0;
goto code_r0x00018000ef22;
}
(*oleaut32.SysFreeString)(uStack_98);
uStack_98 = 0;
}
}
iVar2 = (*oleaut32.SysAllocString)("CertificateTemplate");
if (iVar2 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar1 = (**(*param_2 + 0x48))(param_2, iVar2, &uStack_98);
(*oleaut32.SysFreeString)(iVar2);
if (iVar1 == 0) {
uStack_b0 = CONCAT44(uStack_b0._4_4_, 0xffffffff);
uStack_b8 = "SubCA";
iVar1 = (*kernel32.CompareStringW)(0x7f, 1, uStack_98, 0xffffffff);
if (iVar1 != 2) {
uStack_b0 = CONCAT44(uStack_b0._4_4_, 0xffffffff);
uStack_b8 = "CrossCA";
iVar1 = (*kernel32.CompareStringW)(0x7f, 1, uStack_98, 0xffffffff);
if (iVar1 != 2) goto code_r0x00018000ef22;
}
param_3 = 1;
}
}
}
code_r0x00018000ef22:
uStack_b8 = CONCAT44(uStack_b8._4_4_, ppuVar4 != 0x0);
sub_18000ef80(param_1, param_2, ppuVar4, param_3);
(*oleaut32.VariantClear)(auStack_88);
(*oleaut32.SysFreeString)(uStack_98);
__security_check_cookie(uStack_40 ^ auStack_d8);
return;
}
0x180010660 sub_180010660 str 5 api 63 imm 18 Unknown
sub_180010660() {
mov [rsp+0x18], r8
mov [rsp+0x08], rcx
push rbp
push rbx
push rsi
push rdi
push r12
push r13
push r14
push r15
lea rbp, [rsp-0x1F]
sub rsp, 0xA8
xor esi, esi
mov r14, rcx
lea rcx, [rbp-0x19]
mov [rbp-0x21], rsi
mov [rbp-0x41], rsi
mov r15d, esi
mov [rbp-0x49], rsi
mov r13d, esi
mov [rbp-0x31], rsi
mov r12d, esi
mov [rbp-0x39], rsi
mov rdi, r9
mov [rbp+0x7F], esi
mov rbx, rdx
call [oleaut32.VariantInit]
mov eax, 0x01
mov [r14], rbx
lea rcx, ["1.3.6.1.4.1.311.21.7"]
mov [rdi], eax
mov [r14+0x1C], rsi
mov [r14+0x18], esi
call [oleaut32.SysAllocString]
mov rdi, rax
test rax, rax
jnz .3
mov rcx, rax
call [oleaut32.SysFreeString]
.1:
mov r14, [rbp+0x77]
.2:
lea rcx, [rbp-0x19]
call [oleaut32.VariantClear]
lea rcx, ["1.3.6.1.4.1.311.20.2"]
call [oleaut32.SysAllocString]
mov rdi, rax
test rax, rax
jnz .17
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .27
.3:
mov r14, [rbp+0x77]
lea r9, [rbp-0x19]
mov r8d, 0x03
mov rdx, rdi
mov rcx, r14
mov rax, [r14]
call [rax+0x60]
mov ebx, eax
mov rcx, rdi
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .2
mov eax, 0x08
cmp ax, [rbp-0x19]
jz .4
lea rcx, [rbp-0x19]
call [oleaut32.VariantClear]
mov edi, 0x80070057
jmp .71
.4:
mov rcx, [rbp-0x11]
call [oleaut32.SysStringByteLen]
mov r14, [rbp-0x11]
mov ebx, eax
mov [rbp-0x21], rsi
mov [rbp+0x6F], esi
nop [rax+rax*1], eax
.5:
mov edx, 0x40
lea rax, [rbp+0x6F]
mov [rsp+0x30], rax
mov r9d, ebx
mov [rsp+0x28], r12
mov r8, r14
mov [rsp+0x20], esi
lea ecx, [rdx-0x3F]
call [crypt32.CryptDecodeObject]
mov edi, eax
test eax, eax
jz .7
mov eax, [rbp+0x6F]
test eax, eax
jz .6
test r12, r12
jnz .12
mov edx, eax
xor ecx, ecx
call [kernel32.LocalAlloc]
mov [rbp-0x21], rax
mov r12, rax
test rax, rax
jnz .5
jmp .9
.6:
mov ecx, 0x8007000D
call [kernel32.SetLastError]
mov edi, esi
.7:
test r12, r12
jz .8
call [kernel32.GetLastError]
mov rcx, r12
mov ebx, eax
call [kernel32.LocalFree]
mov ecx, ebx
mov [rbp-0x21], rsi
mov r12, rsi
call [kernel32.SetLastError]
.8:
test edi, edi
jnz .12
.9:
call [kernel32.GetLastError]
mov edi, eax
cmp eax, 0x02
jl .11
test eax, eax
jle .10
movzx edi, ax
or edi, 0x80070000
.10:
test di, di
mov edx, 0x8000FFFF
cmovz edi, edx
.11:
lea rcx, [rbp-0x19]
call [oleaut32.VariantClear]
jmp .70
.12:
mov r15, [r12]
xor ecx, ecx
mov rbx, rsi
call [oleaut32.SysFreeString]
mov rdi, 0xFFFFFFFFFFFFFFFF
.13:
inc rdi
cmp [r15+rdi*1], bl
jnz .13
call [kernel32.GetACP]
mov [rsp+0x28], esi
mov r9d, edi
mov ecx, eax
mov [rsp+0x20], rsi
mov r8, r15
xor edx, edx
call [kernel32.MultiByteToWideChar]
mov r14d, eax
test eax, eax
jle .15
.14:
test rbx, rbx
jnz .16
mov edx, r14d
xor ecx, ecx
call [oleaut32.SysAllocStringLen]
mov rbx, rax
test rax, rax
jz .15
call [kernel32.GetACP]
mov [rsp+0x28], r14d
mov r9d, edi
mov ecx, eax
mov [rsp+0x20], rbx
mov r8, r15
xor edx, edx
call [kernel32.MultiByteToWideChar]
mov r14d, eax
test eax, eax
jnle .14
.15:
lea rcx, [rbp-0x19]
call [oleaut32.VariantClear]
mov edi, 0x8007000E
mov r15, rsi
jmp .70
.16:
mov rcx, [rbp+0x67]
mov r15, rbx
mov eax, r14d
mov [rbp-0x49], rbx
mov [rbx+rax*2], si
mov eax, [r12+0x08]
mov [rcx+0x18], eax
mov eax, [r12+0x10]
mov r12d, [rbp+0x7F]
mov [rcx+0x1C], eax
jmp .1
.17:
mov rax, [r14]
lea r9, [rbp-0x19]
mov r8d, 0x03
mov rdx, rdi
mov rcx, r14
call [rax+0x60]
mov ebx, eax
mov rcx, rdi
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .27
mov eax, 0x08
cmp ax, [rbp-0x19]
jz .18
lea rcx, [rbp-0x19]
call [oleaut32.VariantClear]
mov edi, 0x80070057
jmp .70
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
int64_t * sub_180010660(undefined8 *param_1,undefined8 param_2,int64_t *param_3,undefined4 *param_4)
{
undefined8 uVar1;
undefined4 uVar2;
undefined4 uVar3;
int32_t iVar4;
int32_t iVar5;
int64_t iVar6;
int64_t *piVar7;
int64_t *piVar8;
uint32_t uVar9;
uint64_t uVar10;
int64_t *piVar11;
int64_t *piVar12;
uint32_t uVar13;
undefined8 *puVar14;
int32_t aiStackX_10 [2];
int64_t *piStackX_18;
undefined8 uStackX_20;
int64_t *in_stack_ffffffffffffff38;
uint64_t uVar15;
int64_t *piStack_a8;
int64_t iStack_a0;
int64_t *piStack_98;
int64_t *piStack_90;
int64_t iStack_88;
int64_t *piStack_80;
int16_t aiStack_78 [4];
undefined8 uStack_70;
undefined2 auStack_60 [4];
int64_t *piStack_58;
piVar8 = 0x0;
piStack_80 = 0x0;
iStack_a0 = 0;
piStack_a8 = 0x0;
piVar12 = 0x0;
piStack_90 = 0x0;
piStack_98 = 0x0;
uStackX_20 = uStackX_20 & 0xffffffff00000000;
piStackX_18 = param_3;
(*oleaut32.VariantInit)(aiStack_78);
*param_1 = param_2;
*param_4 = 1;
*(param_1 + 0x1c) = 0;
*(param_1 + 3) = 0;
iVar6 = (*oleaut32.SysAllocString)("1.3.6.1.4.1.311.21.7");
piVar11 = piStackX_18;
if (iVar6 == 0) {
(*oleaut32.SysFreeString)(0);
piVar11 = piStackX_18;
uVar9 = 0;
code_r0x0001800106eb:
(*oleaut32.VariantClear)(aiStack_78);
iVar6 = (*oleaut32.SysAllocString)("1.3.6.1.4.1.311.20.2");
if (iVar6 == 0) {
(*oleaut32.SysFreeString)(0);
piVar12 = piVar8;
code_r0x000180010a44:
uVar13 = 0;
iVar6 = (*oleaut32.SysAllocString)("CertificateTemplate");
if (iVar6 == 0) {
(*oleaut32.SysFreeString)(0);
uVar13 = 0;
}
else {
iVar4 = (**(*piStackX_18 + 0x48))(piStackX_18, iVar6, &piStack_98);
(*oleaut32.SysFreeString)(iVar6);
piVar11 = piStack_98;
if (iVar4 == 0) {
uVar13 = 0;
if ((piStack_a8 != 0x0) &&
(iVar4 = (*kernel32.CompareStringW)(0x7f, 1, piStack_a8, 0xffffffff, piStack_98, 0xffffffff),
iVar4 != 2)) {
uStackX_20 = 0;
iVar4 = sub_180002d90(&uStackX_20, piStack_a8);
iVar6 = uStackX_20;
if (iVar4 == 0) {
iVar4 = -0x7ff8fff2;
}
else {
iVar4 = sub_180003060(uStackX_20);
}
if (iVar6 != 0) {
(*kernel32.LocalFree)(iVar6);
}
uStackX_20 = 0;
iVar5 = sub_180002d90(&uStackX_20, piVar11);
uVar10 = uStackX_20;
if (iVar5 == 0) {
iVar5 = -0x7ff8fff2;
}
else {
iVar5 = sub_180003060(uStackX_20);
}
if (uVar10 != 0) {
(*kernel32.LocalFree)(uVar10);
}
uVar13 = (iVar5 == 0) == (iVar4 == 0);
}
piVar11 = piStack_98;
if ((piVar12 != 0x0) &&
(iVar4 = (*kernel32.CompareStringW)(0x7f, 1, piVar12, 0xffffffff, piStack_98, 0xffffffff),
iVar4 != 2)) {
uStackX_20 = 0;
iVar4 = sub_180002d90(&uStackX_20, piVar12);
iVar6 = uStackX_20;
if (iVar4 == 0) {
iVar4 = -0x7ff8fff2;
}
else {
iVar4 = sub_180003060(uStackX_20);
}
if (iVar6 != 0) {
(*kernel32.LocalFree)(iVar6);
}
uStackX_20 = 0;
iVar5 = sub_180002d90(&uStackX_20, piVar11);
iVar6 = uStackX_20;
if (iVar5 == 0) {
iVar5 = -0x7ff8fff2;
}
else {
iVar5 = sub_180003060(uStackX_20);
}
if (iVar6 != 0) {
(*kernel32.LocalFree)(iVar6);
}
if ((iVar5 == 0) == (iVar4 == 0)) {
uVar13 = 1;
}
}
uStackX_20 = 0;
iVar4 = sub_180002d90(&uStackX_20, piStack_98);
iVar6 = uStackX_20;
if (iVar4 == 0) {
iVar4 = -0x7ff8fff2;
}
else {
iVar4 = sub_180003060(uStackX_20);
}
if (iVar6 != 0) {
(*kernel32.LocalFree)(iVar6);
}
uVar9 = iVar4 == 0;
uStackX_20 = CONCAT44(uStackX_20._4_4_, uVar9);
}
}
if (((piStack_a8 != 0x0) && (piVar12 != 0x0)) &&
(iVar4 = (*kernel32.CompareStringW)(0x7f, 1, piStack_a8, 0xffffffff, piVar12, 0xffffffff), iVar4 != 2)) {
iStack_88 = 0;
iVar4 = sub_180002d90(&iStack_88, piStack_a8);
iVar6 = iStack_88;
if (iVar4 == 0) {
iVar4 = -0x7ff8fff2;
}
else {
iVar4 = sub_180003060(iStack_88);
}
if (iVar6 != 0) {
(*kernel32.LocalFree)(iVar6);
}
iStack_88 = 0;
iVar5 = sub_180002d90(&iStack_88, piVar12);
iVar6 = iStack_88;
if (iVar5 == 0) {
iVar5 = -0x7ff8fff2;
}
else {
iVar5 = sub_180003060(iStack_88);
}
if (iVar6 != 0) {
(*kernel32.LocalFree)(iVar6);
}
uVar9 = uStackX_20;
if ((iVar5 == 0) == (iVar4 == 0)) {
uVar13 = 1;
}
}
piVar11 = piStack_a8;
if (uVar9 == 0) {
if (piStack_90 == 0x0) {
piVar12 = piStack_98;
}
}
else if (piStack_a8 == 0x0) {
piVar11 = piStack_98;
}
piVar7 = piVar8;
if (piVar12 == 0x0) {
code_r0x000180010df6:
if (piVar11 == 0x0) {
if (piVar7 != 0x0) goto code_r0x000180010e21;
code_r0x000180010e78:
(*oleaut32.SysFreeString)(piVar8);
uVar9 = sub_18000fae0();
}
else {
piVar7 = (*oleaut32.SysAllocString)(piVar11);
param_1[2] = piVar7;
if (piVar7 == 0x0) {
(*oleaut32.SysFreeString)(0);
uVar9 = 0x8007000e;
}
else {
code_r0x000180010e21:
piVar8 = (*oleaut32.SysAllocString)("CertificateTemplate");
if (piVar8 == 0x0) {
(*oleaut32.SysFreeString)(0);
uVar9 = 0x8007000e;
}
else {
auStack_60[0] = 8;
piStack_58 = piVar7;
uVar9 = (**(*piStackX_18 + 0x58))(piStackX_18, piVar8, 4, auStack_60);
if (uVar9 == 0) goto code_r0x000180010e78;
/* listing truncated */0x18000F750 sub_18000f750 str 4 api 28 imm 13 Unknown
sub_18000f750() {
push rbp
push rbx
push rsi
push rdi
push r12
push r13
push r15
mov rbp, rsp
sub rsp, 0x80
mov rsi, rcx
mov r12, rdx
lea rcx, [rbp-0x38]
xor r13d, r13d
xor edi, edi
call [oleaut32.VariantInit]
lea rcx, ["GeneralFlags"]
call [oleaut32.SysAllocString]
mov [rbp-0x40], rax
mov r15, rax
test rax, rax
jnz .1
lea rcx, [rbp-0x38]
mov ebx, 0x8007000E
call [oleaut32.VariantClear]
jmp .29
.1:
lea rcx, ["2.5.29.37"]
mov [rsp+0xC0], r14
call [oleaut32.SysAllocString]
mov r14, rax
mov ecx, 0x03
test rax, rax
jnz .3
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .4
.3:
mov rax, [r12]
lea r9, [rbp-0x38]
mov r8d, ecx
mov rdx, r14
mov rcx, r12
call [rax+0x60]
mov ebx, eax
mov rcx, r14
call [oleaut32.SysFreeString]
cmp ebx, 0x80094004
jz .5
.4:
mov rax, [r12]
lea rdx, [rbp+0x58]
mov rcx, r12
call [rax+0x68]
mov ebx, eax
test eax, eax
jnz .27
test byte ptr [rbp+0x58], 0x02
jz .6
.5:
xor ebx, ebx
lea rcx, [rbp-0x38]
call [oleaut32.VariantClear]
jmp .28
.6:
mov rcx, [rbp-0x30]
call [oleaut32.SysStringByteLen]
mov r15, [rbp-0x30]
mov ebx, eax
mov [rbp+0x50], edi
nop [rax], eax
.7:
mov edx, 0x24
lea rax, [rbp+0x50]
mov [rsp+0x30], rax
mov r9d, ebx
mov [rsp+0x28], rdi
mov r8, r15
mov [rsp+0x20], r13d
lea ecx, [rdx-0x23]
call [crypt32.CryptDecodeObject]
mov r14d, eax
test eax, eax
jz .9
mov eax, [rbp+0x50]
test eax, eax
jz .8
test rdi, rdi
jnz .14
mov edx, eax
xor ecx, ecx
call [kernel32.LocalAlloc]
mov rdi, rax
test rax, rax
jnz .7
jmp .11
.8:
mov ecx, 0x8007000D
call [kernel32.SetLastError]
xor r14d, r14d
.9:
test rdi, rdi
jz .10
call [kernel32.GetLastError]
mov rcx, rdi
mov ebx, eax
call [kernel32.LocalFree]
mov ecx, ebx
xor edi, edi
call [kernel32.SetLastError]
.10:
test r14d, r14d
jnz .14
.11:
call [kernel32.GetLastError]
mov ebx, eax
cmp eax, 0x02
jl .13
test eax, eax
jle .12
movzx ebx, ax
or ebx, 0x80070000
.12:
test bx, bx
mov ecx, 0x8000FFFF
cmovz ebx, ecx
.13:
mov r15, [rbp-0x40]
jmp .27
.14:
mov eax, [rdi]
test eax, eax
jnz .15
mov r15, [rbp-0x40]
xor ebx, ebx
jmp .27
.15:
cmp [rsi+0xB0], r13d
jnz .20
xor r15d, r15d
test eax, eax
jz .24
nop [rax+rax*1], eax
.16:
xor ebx, ebx
cmp [rsi+0xA0], ebx
jbe .19
lea r14, [r15*8]
nop [rax], eax
nop [rax+rax*1], ax
.17:
mov rdx, [rsi+0xA8]
mov rcx, [rdi+0x08]
mov rdx, [rdx+rbx*8]
mov rcx, [rcx+r14*1]
call loc_18001d448
test eax, eax
jz .18
mov rcx, [rdi+0x08]
lea rdx, [anyExtendedKeyUsage]
mov rcx, [rcx+r14*1]
call loc_18001d448
test eax, eax
jz .18
inc ebx
cmp ebx, [rsi+0xA0]
jb .17
jmp .19
.18:
mov r13d, 0x01
.19:
inc r15d
cmp r15d, [rdi]
jb .16
test r13d, r13d
jz .24
.20:
lea rcx, [rbp-0x38]
call [oleaut32.VariantClear]
mov rax, [r12]
lea r9, [rbp-0x38]
mov r15, [rbp-0x40]
mov r8d, 0x01
mov rdx, r15
mov rcx, r12
call [rax+0x50]
mov ebx, eax
cmp eax, 0x80094004
jz .21
test eax, eax
jnz .27
.21:
mov rax, [r12]
lea r9, [rbp-0x38]
or dword ptr [rbp-0x30], 0x400
mov r14d, 0x03
mov rdx, r15
mov [rbp-0x38], r14w
mov rcx, r12
lea r8d, [r14-0x02]
call [rax+0x58]
mov ebx, eax
test eax, eax
jnz .27
lea rcx, [rbp-0x20]
call [oleaut32.VariantInit]
lea rcx, [rbp-0x20]
call [oleaut32.VariantInit]
lea rcx, ["KeyArchived"]
call [oleaut32.SysAllocString]
mov rsi, rax
test rax, rax
jnz .22
mov rcx, rax
call [oleaut32.SysFreeString]
lea rcx, [rbp-0x20]
call [oleaut32.VariantClear]
mov ebx, 0x8007000E
jmp .27
.22:
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
uint32_t sub_18000f750(int64_t param_1,int64_t *param_2)
{
undefined8 uVar1;
bool bVar2;
uint32_t uVar3;
undefined4 uVar4;
int32_t iVar5;
int64_t iVar6;
int64_t iVar7;
uint32_t *puVar8;
uint64_t uVar9;
uint64_t uVar10;
int32_t aiStackX_18 [2];
uint8_t auStackX_20 [8];
undefined2 auStack_70 [4];
uint32_t uStack_68;
undefined4 uStack_64;
int16_t aiStack_58 [4];
int32_t iStack_50;
bVar2 = false;
puVar8 = 0x0;
(*oleaut32.VariantInit)(auStack_70);
iVar6 = (*oleaut32.SysAllocString)("GeneralFlags");
if (iVar6 == 0) {
uVar3 = 0x8007000e;
(*oleaut32.VariantClear)(auStack_70);
goto code_r0x00018000fac1;
}
iVar7 = (*oleaut32.SysAllocString)("2.5.29.37");
if (iVar7 == 0) {
(*oleaut32.SysFreeString)(0);
code_r0x00018000f7fb:
uVar3 = (**(*param_2 + 0x68))(param_2, auStackX_20);
if (uVar3 == 0) {
if ((auStackX_20[0] & 2) != 0) goto code_r0x00018000f819;
uVar4 = (*oleaut32.SysStringByteLen)(CONCAT44(uStack_64, uStack_68));
uVar1 = CONCAT44(uStack_64, uStack_68);
aiStackX_18[0] = 0;
while (iVar5 = (*crypt32.CryptDecodeObject)(1, 0x24, uVar1, uVar4, 0, puVar8, aiStackX_18), iVar5 != 0) {
if (aiStackX_18[0] == 0) {
(*kernel32.SetLastError)(0x8007000d);
iVar5 = 0;
break;
}
if (puVar8 != 0x0) goto code_r0x00018000f8ef;
puVar8 = (*kernel32.LocalAlloc)(0, aiStackX_18[0]);
if (puVar8 == 0x0) goto code_r0x00018000f8c1;
}
if (puVar8 != 0x0) {
uVar4 = (*kernel32.GetLastError)();
(*kernel32.LocalFree)(puVar8);
puVar8 = 0x0;
(*kernel32.SetLastError)(uVar4);
}
if (iVar5 == 0) goto code_r0x00018000f8c1;
code_r0x00018000f8ef:
if (*puVar8 == 0) {
uVar3 = 0;
goto code_r0x00018000faa1;
}
if (*(param_1 + 0xb0) != 0) goto code_r0x00018000f997;
uVar10 = 0;
if (*puVar8 == 0) goto code_r0x00018000fa97;
do {
uVar9 = 0;
if (*(param_1 + 0xa0) != 0) {
do {
iVar5 = func_0x00018001d448(*(*(puVar8 + 2) + uVar10 * 8), *(*(param_1 + 0xa8) + uVar9 * 8));
if ((iVar5 == 0) ||
(iVar5 = func_0x00018001d448(*(*(puVar8 + 2) + uVar10 * 8), &anyExtendedKeyUsage), iVar5 == 0
)) {
bVar2 = true;
break;
}
uVar3 = uVar9 + 1;
uVar9 = uVar3;
} while (uVar3 < *(param_1 + 0xa0));
}
uVar3 = uVar10 + 1;
uVar10 = uVar3;
} while (uVar3 < *puVar8);
if (bVar2) {
code_r0x00018000f997:
(*oleaut32.VariantClear)(auStack_70);
uVar3 = (**(*param_2 + 0x50))(param_2, iVar6, 1, auStack_70);
if ((uVar3 == 0x80094004) || (uVar3 == 0)) {
uStack_68 = uStack_68 | 0x400;
auStack_70[0] = 3;
uVar3 = (**(*param_2 + 0x58))(param_2, iVar6, 1, auStack_70);
if (uVar3 == 0) {
(*oleaut32.VariantInit)(aiStack_58);
(*oleaut32.VariantInit)(aiStack_58);
iVar7 = (*oleaut32.SysAllocString)("KeyArchived");
if (iVar7 == 0) {
(*oleaut32.SysFreeString)(0);
(*oleaut32.VariantClear)(aiStack_58);
uVar3 = 0x8007000e;
}
else {
uVar3 = (**(*param_2 + 0x50))(param_2, iVar7, 1, aiStack_58);
(*oleaut32.SysFreeString)(iVar7);
if (uVar3 == 0) {
if (aiStack_58[0] == 3) {
(*oleaut32.VariantClear)();
if (iStack_50 == 0) goto code_r0x00018000fa97;
uVar3 = 0x80094003;
}
else {
(*oleaut32.VariantClear)();
uVar3 = 0x80094004;
}
}
else {
(*oleaut32.VariantClear)(aiStack_58);
}
}
}
}
}
else {
code_r0x00018000fa97:
uVar3 = 0;
}
}
code_r0x00018000faa1:
(*oleaut32.VariantClear)(auStack_70);
if (puVar8 != 0x0) {
(*kernel32.LocalFree)(puVar8);
}
}
else {
iVar5 = (**(*param_2 + 0x60))(param_2, iVar7, 3, auStack_70);
(*oleaut32.SysFreeString)(iVar7);
if (iVar5 != -0x7ff6bffc) goto code_r0x00018000f7fb;
code_r0x00018000f819:
uVar3 = 0;
(*oleaut32.VariantClear)(auStack_70);
}
code_r0x00018000fac1:
(*oleaut32.SysFreeString)(iVar6);
return uVar3;
code_r0x00018000f8c1:
uVar3 = (*kernel32.GetLastError)();
if (1 < uVar3) {
if (0 < uVar3) {
uVar3 = uVar3 & 0xffff | 0x80070000;
}
if (uVar3 == 0) {
uVar3 = 0x8000ffff;
}
}
goto code_r0x00018000faa1;
}
0x18000DCC0 sub_18000dcc0 str 4 api 21 imm 13 Unknown
sub_18000dcc0() {
mov [rsp+0x08], rbx
mov [rsp+0x18], rsi
mov [rsp+0x20], rdi
push rbp
push r14
push r15
lea rbp, [rsp-0x47]
sub rsp, 0xB0
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x37], rax
xor esi, esi
mov rbx, rcx
lea rcx, [rbp-0x09]
mov [rbp-0x11], rsi
mov edi, esi
mov [rbp-0x21], rsi
mov [rbp-0x19], rsi
mov r14d, r8d
mov r15, rdx
call [oleaut32.VariantInit]
test byte ptr [rbx+0x6C], 0x10
jz .10
test r14d, r14d
jnz .4
lea rcx, ["2.5.29.19"]
call [oleaut32.SysAllocString]
mov rdi, rax
test rax, rax
jnz .1
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .4
.1:
mov rax, [r15]
lea r9, [rbp-0x09]
mov r8d, 0x03
mov rdx, rdi
mov rcx, r15
call [rax+0x60]
mov ebx, eax
mov rcx, rdi
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .4
mov rcx, [rbp-0x01]
mov dword ptr [rbp-0x25], 0x0C
call [oleaut32.SysStringByteLen]
mov r8, [rbp-0x01]
lea edx, [rbx+0x0F]
mov r9d, eax
lea ecx, [rbx+0x01]
lea rax, [rbp-0x25]
mov [rsp+0x30], rax
lea rax, [rbp+0x27]
mov [rsp+0x28], rax
mov [rsp+0x20], esi
call [crypt32.CryptDecodeObject]
test eax, eax
jnz .3
call [kernel32.GetLastError]
mov edi, eax
cmp eax, 0x02
jl .10
test eax, eax
jle .2
movzx edi, ax
or edi, 0x80070000
.2:
test di, di
mov ecx, 0x8000FFFF
cmovz edi, ecx
jmp .10
.3:
mov r14d, [rbp+0x27]
.4:
xor edx, edx
lea rax, [rbp-0x11]
lea r9, [ICertEncodeBitString]
mov [rsp+0x20], rax
lea rcx, [0x180029570]
lea r8d, [rdx+0x01]
call [ole32.CoCreateInstance]
mov edi, eax
test eax, eax
jnz .10
mov byte ptr [rbp-0x29], 0x80
test r14d, r14d
jz .5
mov byte ptr [rbp-0x29], 0x07
jmp .7
.5:
lea rcx, ["CertType"]
call [oleaut32.SysAllocString]
mov rdi, rax
test rax, rax
jnz .6
mov rcx, rax
call [oleaut32.SysFreeString]
jmp .7
.6:
mov rax, [r15]
lea r8, [rbp-0x19]
mov rdx, rdi
mov rcx, r15
call [rax+0x48]
mov ebx, eax
mov rcx, rdi
call [oleaut32.SysFreeString]
test ebx, ebx
jnz .7
mov r8, [rbp-0x19]
lea rax, ["server"]
mov dword ptr [rsp+0x28], 0xFFFFFFFF
lea r9d, [rbx-0x01]
lea edx, [rbx+0x01]
mov [rsp+0x20], rax
lea ecx, [rbx+0x7F]
call [kernel32.CompareStringW]
movzx ecx, byte ptr [rbp-0x29]
cmp eax, 0x02
mov eax, 0xC0
cmovz ecx, eax
mov [rbp-0x29], cl
.7:
xor ecx, ecx
call [oleaut32.SysFreeString]
mov edx, 0x01
lea rcx, [rbp-0x29]
call [oleaut32.SysAllocStringByteLen]
test rax, rax
jz .9
mov rcx, [rbp-0x11]
lea r9, [rbp-0x21]
mov ebx, 0x08
mov r8, rax
mov edx, ebx
mov rsi, rax
mov r10, [rcx]
call [r10+0x50]
mov edi, eax
test eax, eax
jnz .10
mov rax, [rbp-0x21]
lea rcx, ["2.16.840.1.113730.1.1"]
mov [rbp+0x17], rax
mov [rbp+0x0F], bx
call [oleaut32.SysAllocString]
mov rbx, rax
test rax, rax
jnz .8
mov rcx, rax
mov edi, 0x8007000E
call [oleaut32.SysFreeString]
jmp .10
.8:
mov rax, [r15]
lea rcx, [rbp+0x0F]
xor r9d, r9d
mov [rsp+0x20], rcx
mov rdx, rbx
mov rcx, r15
lea r8d, [r9+0x03]
call [rax+0x70]
mov edi, eax
mov rcx, rbx
call [oleaut32.SysFreeString]
jmp .10
.9:
mov edi, 0x8007000E
.10:
lea rcx, [rbp-0x09]
call [oleaut32.VariantClear]
mov rcx, [rbp-0x21]
call [oleaut32.SysFreeString]
mov rcx, rsi
call [oleaut32.SysFreeString]
mov rcx, [rbp-0x19]
call [oleaut32.SysFreeString]
mov rcx, [rbp-0x11]
test rcx, rcx
jz .11
mov rax, [rcx]
call [rax+0x10]
.11:
mov eax, edi
mov rcx, [rbp+0x37]
xor rcx, rsp
call __security_check_cookie()
lea r11, [rsp+0xB0]
mov rbx, [r11+0x20]
mov rsi, [r11+0x30]
mov rdi, [r11+0x38]
mov rsp, r11
pop r15
pop r14
pop rbp
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_18000dcc0(int64_t param_1,int64_t *param_2,int32_t param_3)
{
undefined4 uVar1;
int32_t iVar2;
int64_t iVar3;
int64_t iVar4;
undefined auStack_c8 [32];
undefined8 uStack_a8;
undefined8 uStack_a0;
undefined4 *puStack_98;
undefined auStack_88 [4];
undefined4 uStack_84;
undefined8 uStack_80;
undefined8 uStack_78;
int64_t *piStack_70;
undefined auStack_68 [8];
undefined8 uStack_60;
undefined2 uStack_50;
undefined8 uStack_48;
int32_t aiStack_38 [4];
uint64_t uStack_28;
uStack_28 = [0x0x18003a010#SecurityCookie] ^ auStack_c8;
piStack_70 = 0x0;
uStack_80 = 0;
uStack_78 = 0;
(*oleaut32.VariantInit)(auStack_68);
iVar4 = 0;
if ((*(param_1 + 0x6c) & 0x10) != 0) {
if (param_3 == 0) {
iVar3 = (*oleaut32.SysAllocString)("2.5.29.19");
if (iVar3 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar2 = (**(*param_2 + 0x60))(param_2, iVar3, 3, auStack_68);
(*oleaut32.SysFreeString)(iVar3);
if (iVar2 == 0) {
uStack_84 = 0xc;
uVar1 = (*oleaut32.SysStringByteLen)(uStack_60);
puStack_98 = &uStack_84;
uStack_a0 = aiStack_38;
uStack_a8 = uStack_a8._4_4_ << 0x20;
iVar2 = (*crypt32.CryptDecodeObject)(1, 0xf, uStack_60, uVar1);
param_3 = aiStack_38[0];
if (iVar2 == 0) {
(*kernel32.GetLastError)();
iVar4 = 0;
goto code_r0x00018000df2e;
}
}
}
}
uStack_a8 = &piStack_70;
iVar2 = (*ole32.CoCreateInstance)(0x180029570, 0, 1, &ICertEncodeBitString);
if (iVar2 == 0) {
auStack_88[0] = 0x80;
if (param_3 == 0) {
iVar4 = (*oleaut32.SysAllocString)("CertType");
if (iVar4 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
iVar2 = (**(*param_2 + 0x48))(param_2, iVar4, &uStack_78);
(*oleaut32.SysFreeString)(iVar4);
if (iVar2 == 0) {
uStack_a0 = CONCAT44(uStack_a0._4_4_, 0xffffffff);
uStack_a8 = "server";
iVar2 = (*kernel32.CompareStringW)(0x7f, 1, uStack_78, 0xffffffff);
if (iVar2 == 2) {
auStack_88[0] = 0xc0;
}
}
}
}
else {
auStack_88[0] = 7;
}
(*oleaut32.SysFreeString)(0);
iVar3 = (*oleaut32.SysAllocStringByteLen)(auStack_88, 1);
iVar4 = 0;
if ((iVar3 != 0) &&
(iVar2 = (**(*piStack_70 + 0x50))(piStack_70, 8, iVar3, &uStack_80), iVar4 = iVar3, iVar2 == 0)) {
uStack_48 = uStack_80;
uStack_50 = 8;
iVar3 = (*oleaut32.SysAllocString)("2.16.840.1.113730.1.1");
if (iVar3 == 0) {
(*oleaut32.SysFreeString)(0);
}
else {
uStack_a8 = &uStack_50;
(**(*param_2 + 0x70))(param_2, iVar3, 3);
(*oleaut32.SysFreeString)(iVar3);
}
}
}
}
code_r0x00018000df2e:
(*oleaut32.VariantClear)(auStack_68);
(*oleaut32.SysFreeString)(uStack_80);
(*oleaut32.SysFreeString)(iVar4);
(*oleaut32.SysFreeString)(uStack_78);
if (piStack_70 != 0x0) {
(**(*piStack_70 + 0x10))();
}
__security_check_cookie(uStack_28 ^ auStack_c8);
return;
}
0x180006F70 sub_180006f70 str 4 api 11 imm 16 Unknown
sub_180006f70() {
mov [rsp+0x18], rbx
mov [rsp+0x20], rsi
push rbp
push rdi
push r14
lea rbp, [rsp-0x140]
sub rsp, 0x240
mov rax, [0x18003A010]
xor rax, rsp
mov [rbp+0x130], rax
xor esi, esi
mov r14d, r8d
mov [rsp+0x68], rsi
mov rbx, rdx
mov rdi, rcx
test rdx, rdx
jz .22
mov eax, [0x1800295A0]
cmp [rcx], eax
jnz .1
mov eax, [0x1800295A4]
cmp [rcx+0x04], eax
jnz .1
mov eax, [0x1800295A8]
cmp [rcx+0x08], eax
jnz .1
mov eax, [0x1800295AC]
cmp [rcx+0x0C], eax
jz .22
.1:
xor edx, edx
lea rax, [rsp+0x68]
lea r9, [ICatRegister]
mov [rsp+0x20], rax
lea rcx, [0x1800295C0]
lea r8d, [rdx+0x01]
call [ole32.CoCreateInstance]
test eax, eax
js .22
mov ecx, [rbx]
test ecx, ecx
jz .8
nop [rax+rax*1], eax
.2:
mov rax, [rbx+0x08]
lea r9, [rbp-0x68]
mov r8d, 0x01
mov rdx, rdi
movups xmm0, [rax]
movups [rbp-0x68], xmm0
test r14d, r14d
jz .5
cmp ecx, r8d
mov rcx, [rsp+0x68]
mov rax, [rcx]
jnz .3
call [rax+0x28]
jmp .4
.3:
call [rax+0x38]
.4:
test eax, eax
js .23
jmp .7
.5:
cmp ecx, 0x01
mov rcx, [rsp+0x68]
mov rax, [rcx]
jnz .6
call [rax+0x30]
jmp .7
.6:
call [rax+0x40]
.7:
mov ecx, [rbx+0x10]
add rbx, 0x10
test ecx, ecx
jnz .2
.8:
test r14d, r14d
jnz .24
lea r8d, [r14+0x40]
mov rcx, rdi
lea rdx, [rbp+0xB0]
call [ole32.StringFromGUID2]
test eax, eax
jnz .9
lea eax, [r14+0x0D]
jmp .23
.9:
lea r8, ["CLSID\\"]
mov edx, 0x80
lea rcx, [rbp-0x50]
call wcscpy_s()
test eax, eax
jz .10
cmp eax, 0x0C
jz .26
cmp eax, 0x16
jz .28
cmp eax, 0x22
jz .28
cmp eax, 0x50
jnz .27
.10:
lea r8, [rbp+0xB0]
mov edx, 0x80
lea rcx, [rbp-0x50]
call wcscat_s()
test eax, eax
jz .11
cmp eax, 0x0C
jz .26
cmp eax, 0x16
jz .28
cmp eax, 0x22
jz .28
cmp eax, 0x50
jnz .27
.11:
lea r8, ["\\Required Categories"]
mov edx, 0x80
lea rcx, [rbp-0x50]
call wcscat_s()
test eax, eax
jz .12
cmp eax, 0x0C
jz .26
cmp eax, 0x16
jz .28
cmp eax, 0x22
jz .28
cmp eax, 0x50
jnz .27
.12:
lea rax, [rsp+0x70]
mov qword ptr [rbp-0x80], 0xFFFFFFFF80000000
mov r9d, 0x20019
mov [rsp+0x20], rax
xor r8d, r8d
mov [rbp-0x78], esi
lea rdx, [rbp-0x50]
mov [rbp-0x70], rsi
mov rcx, 0xFFFFFFFF80000000
mov [rsp+0x60], esi
mov rbx, rsi
mov [rsp+0x70], rsi
call [advapi32.RegOpenKeyExW]
test eax, eax
jnz .14
mov rbx, [rsp+0x70]
lea rax, [rsp+0x60]
mov [rsp+0x58], rsi
xor r9d, r9d
mov [rsp+0x50], rsi
xor r8d, r8d
mov [rsp+0x48], rsi
xor edx, edx
mov [rsp+0x40], rsi
mov rcx, rbx
mov [rsp+0x38], rsi
mov [rsp+0x30], rsi
mov [rsp+0x28], rsi
mov [rsp+0x20], rax
call [advapi32.RegQueryInfoKeyW]
movsxd rdi, eax
test rbx, rbx
jz .13
mov rcx, rbx
call [advapi32.RegCloseKey]
mov rbx, rsi
.13:
test rdi, rdi
jnz .14
cmp [rsp+0x60], esi
jnz .14
lea rdx, [rbp-0x50]
lea rcx, [rbp-0x80]
call sub_1800036f0()
.14:
lea r8, ["CLSID\\"]
mov edx, 0x80
lea rcx, [rbp-0x50]
call wcscpy_s()
test eax, eax
jz .15
cmp eax, 0x0C
jz .26
cmp eax, 0x16
jz .28
cmp eax, 0x22
jz .28
cmp eax, 0x50
jnz .27
.15:
lea r8, [rbp+0xB0]
mov edx, 0x80
lea rcx, [rbp-0x50]
call wcscat_s()
test eax, eax
jz .16
cmp eax, 0x0C
jz .26
cmp eax, 0x16
jz .28
cmp eax, 0x22
jz .28
cmp eax, 0x50
jnz .27
.16:
lea r8, ["\\Implemented Categories"]
mov edx, 0x80
lea rcx, [rbp-0x50]
call wcscat_s()
test eax, eax
jz .17
cmp eax, 0x0C
jz .26
cmp eax, 0x16
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_180006f70(int32_t *param_1,int32_t *param_2,int32_t param_3)
{
int32_t *piVar1;
undefined4 *puVar2;
code *pcVar3;
int64_t *piVar4;
int32_t iVar5;
int32_t iVar6;
int64_t *piVar7;
int64_t *piVar8;
undefined auStack_258 [32];
int64_t **ppiStack_238;
undefined8 uStack_230;
undefined8 uStack_228;
undefined8 uStack_220;
undefined8 uStack_218;
undefined8 uStack_210;
undefined8 uStack_208;
undefined8 uStack_200;
int32_t iStack_1f8;
int64_t *piStack_1f0;
int64_t *piStack_1e8;
int64_t *piStack_1e0;
undefined8 uStack_1d8;
undefined4 uStack_1d0;
undefined8 uStack_1c8;
undefined4 uStack_1c0;
undefined4 uStack_1bc;
undefined4 uStack_1b8;
undefined4 uStack_1b4;
undefined auStack_1a8 [256];
undefined auStack_a8 [128];
uint64_t uStack_28;
uStack_28 = [0x0x18003a010#SecurityCookie] ^ auStack_258;
piVar8 = 0x0;
piStack_1f0 = 0x0;
if ((param_2 == 0x0) ||
((((*param_1 == [0x0x1800295a0] && (param_1[1] == [0x0x1800295a4])) &&
(param_1[2] == [0x0x1800295a8])) && (param_1[3] == [0x0x1800295ac])))) goto code_r0x00018000739b;
ppiStack_238 = &piStack_1f0;
iVar5 = (*ole32.CoCreateInstance)(0x1800295c0, 0, 1, &ICatRegister);
if (iVar5 < 0) goto code_r0x00018000739b;
iVar5 = *param_2;
while (iVar5 != 0) {
puVar2 = *(param_2 + 2);
uStack_1c0 = *puVar2;
uStack_1bc = puVar2[1];
uStack_1b8 = puVar2[2];
uStack_1b4 = puVar2[3];
if (param_3 == 0) {
if (iVar5 == 1) {
(**(*piStack_1f0 + 0x30))();
}
else {
(**(*piStack_1f0 + 0x40))(piStack_1f0, param_1, 1, &uStack_1c0);
}
}
else {
if (iVar5 == 1) {
iVar5 = (**(*piStack_1f0 + 0x28))();
}
else {
iVar5 = (**(*piStack_1f0 + 0x38))();
}
if (iVar5 < 0) goto code_r0x00018000739b;
}
piVar1 = param_2 + 4;
param_2 = param_2 + 4;
iVar5 = *piVar1;
}
if ((param_3 != 0) || (iVar5 = (*ole32.StringFromGUID2)(param_1, auStack_a8, 0x40), iVar5 == 0))
goto code_r0x00018000739b;
iVar5 = wcscpy_s(auStack_1a8, 0x80, "CLSID\\");
if (iVar5 != 0) {
if (iVar5 == 0xc) goto code_r0x0001800073d4;
if ((iVar5 == 0x16) || (iVar5 == 0x22)) goto code_r0x0001800073ea;
if (iVar5 != 0x50) goto code_r0x0001800073df;
}
iVar5 = wcscat_s(auStack_1a8, 0x80, auStack_a8);
if (iVar5 != 0) {
if (iVar5 == 0xc) goto code_r0x0001800073d4;
if ((iVar5 == 0x16) || (iVar5 == 0x22)) goto code_r0x0001800073ea;
if (iVar5 != 0x50) goto code_r0x0001800073df;
}
iVar5 = wcscat_s(auStack_1a8, 0x80, "\\Required Categories");
if (iVar5 != 0) {
if (iVar5 == 0xc) goto code_r0x0001800073d4;
if ((iVar5 == 0x16) || (iVar5 == 0x22)) goto code_r0x0001800073ea;
if (iVar5 != 0x50) goto code_r0x0001800073df;
}
ppiStack_238 = &piStack_1e8;
uStack_1d8 = 0xffffffff80000000;
iVar6 = 0;
uStack_1d0 = 0;
uStack_1c8 = 0;
iStack_1f8 = 0;
piStack_1e8 = 0x0;
iVar5 = (*advapi32.RegOpenKeyExW)(0xffffffff80000000, auStack_1a8, 0, 0x20019);
piVar4 = piStack_1e8;
piVar7 = piVar8;
if (iVar5 == 0) {
ppiStack_238 = &iStack_1f8;
uStack_200 = 0;
uStack_208 = 0;
uStack_210 = 0;
uStack_218 = 0;
uStack_220 = 0;
uStack_228 = 0;
uStack_230 = 0;
iVar5 = (*advapi32.RegQueryInfoKeyW)(piStack_1e8, 0, 0, 0);
piVar7 = piVar4;
if (piVar4 != 0x0) {
(*advapi32.RegCloseKey)(piVar4);
piVar7 = piVar8;
}
if ((iVar5 == 0) && (iStack_1f8 == 0)) {
sub_1800036f0(&uStack_1d8, auStack_1a8);
}
}
iVar5 = wcscpy_s(auStack_1a8, 0x80, "CLSID\\");
if (iVar5 != 0) {
if (iVar5 == 0xc) goto code_r0x0001800073d4;
if ((iVar5 == 0x16) || (iVar5 == 0x22)) goto code_r0x0001800073ea;
if (iVar5 != 0x50) goto code_r0x0001800073df;
}
iVar5 = wcscat_s(auStack_1a8, 0x80, auStack_a8);
if (iVar5 != 0) {
if (iVar5 == 0xc) goto code_r0x0001800073d4;
if ((iVar5 == 0x16) || (iVar5 == 0x22)) goto code_r0x0001800073ea;
if (iVar5 != 0x50) goto code_r0x0001800073df;
}
iVar5 = wcscat_s(auStack_1a8, 0x80, "\\Implemented Categories");
if (iVar5 != 0) {
if (iVar5 == 0xc) {
code_r0x0001800073d4:
sub_1800034b0(0x8007000e);
pcVar3 = swi(3);
(*pcVar3)();
return;
}
if ((iVar5 == 0x16) || (iVar5 == 0x22)) {
code_r0x0001800073ea:
sub_1800034b0(0x80070057);
pcVar3 = swi(3);
(*pcVar3)();
return;
}
if (iVar5 != 0x50) {
code_r0x0001800073df:
sub_1800034b0(0x80004005);
pcVar3 = swi(3);
(*pcVar3)();
return;
}
}
ppiStack_238 = &piStack_1e0;
piStack_1e0 = 0x0;
iVar5 = (*advapi32.RegOpenKeyExW)(0xffffffff80000000, auStack_1a8, 0, 0x20019);
if (iVar5 == 0) {
if (piVar7 != 0x0) {
iVar6 = (*advapi32.RegCloseKey)(piVar7);
}
piVar7 = piStack_1e0;
if (iVar6 != 0) goto code_r0x00018000737a;
uStack_200 = 0;
ppiStack_238 = &iStack_1f8;
uStack_208 = 0;
uStack_210 = 0;
uStack_218 = 0;
uStack_220 = 0;
uStack_228 = 0;
uStack_230 = 0;
iVar5 = (*advapi32.RegQueryInfoKeyW)(piStack_1e0, 0, 0, 0);
if (piVar7 != 0x0) {
(*advapi32.RegCloseKey)(piVar7);
piVar7 = piVar8;
}
if (iVar5 == 0) {
if (iStack_1f8 == 0) {
sub_1800036f0(&uStack_1d8, auStack_1a8);
}
goto code_r0x00018000737a;
}
}
else {
code_r0x00018000737a:
if (piVar7 != 0x0) {
(*advapi32.RegCloseKey)(piVar7);
}
}
(*advapi32.RegCloseKey)(0xffffffff80000000);
code_r0x00018000739b:
if (piStack_1f0 != 0x0) {
(**(*piStack_1f0 + 0x10))();
}
__security_check_cookie(uStack_28 ^ auStack_258);
return;
}
0x180006BA0 sub_180006ba0 str 4 api 6 imm 8 Unknown
sub_180006ba0() {
mov rax, rsp
mov [rax+0x10], rbx
mov [rax+0x20], rbp
mov [rax+0x08], rcx
push rsi
push rdi
push r14
sub rsp, 0x60
xor r14d, r14d
mov rdi, 0xFFFFFFFF80000000
mov [rax-0x38], rdi
mov ebx, r14d
mov [rax-0x28], rbx
mov rsi, r9
mov [rax-0x30], r14d
mov rbp, rdx
test r8, r8
jz .1
cmp [r8], bx
jz .1
mov rdx, r8
lea rcx, [rax-0x38]
call sub_180003a70()
test eax, 0xFFFFFFFC
jnz .3
cmp eax, 0x01
jz .3
mov rbx, [rsp+0x50]
mov rdi, [rsp+0x40]
.1:
test rsi, rsi
jz .2
cmp [rsi], r14w
jz .2
mov rdx, rsi
lea rcx, [rsp+0x40]
call sub_180003a70()
test eax, 0xFFFFFFFC
jnz .3
cmp eax, 0x01
jz .3
mov rbx, [rsp+0x50]
mov rdi, [rsp+0x40]
.2:
lea rdx, [rsp+0x90]
mov rcx, rbp
call [ole32.StringFromCLSID]
mov esi, eax
test eax, eax
js .14
mov rbp, [rsp+0x90]
mov [rsp+0x80], r14
test rbx, rbx
jz .7
cmp [rbx], r14
jz .5
lea rcx, ["Advapi32.dll"]
call [kernel32.GetModuleHandleW]
test rax, rax
jnz .4
lea edx, [rax+0x01]
jmp .12
.3:
mov ecx, eax
call long HRESULT_FROM_WIN32(unsigned long)
jmp .15
.4:
lea rdx, ["RegOpenKeyTransactedW"]
mov rcx, rax
call [kernel32.GetProcAddress]
test rax, rax
jz .6
mov rcx, [rbx]
lea rdx, ["CLSID"]
mov [rsp+0x30], r14
mov r9d, 0x2001F
mov [rsp+0x28], rcx
xor r8d, r8d
lea rcx, [rsp+0x80]
mov [rsp+0x20], rcx
mov rcx, rdi
call rax
jmp .8
.5:
cmp [rbx+0x08], r14d
jnz .7
.6:
mov edx, 0x01
jmp .9
.7:
lea rax, [rsp+0x80]
mov r9d, 0x2001F
xor r8d, r8d
mov [rsp+0x20], rax
lea rdx, ["CLSID"]
mov rcx, rdi
call [advapi32.RegOpenKeyExW]
.8:
mov edx, eax
.9:
test edx, edx
jnz .11
mov edx, r14d
test rdi, rdi
jz .10
mov rcx, rdi
call [advapi32.RegCloseKey]
mov edx, eax
.10:
mov rax, [rsp+0x80]
mov [rsp+0x40], rax
mov [rsp+0x48], r14d
test edx, edx
jnz .11
mov rdx, rbp
lea rcx, [rsp+0x40]
call sub_180003a70()
mov edx, eax
test eax, eax
jz .13
.11:
lea ecx, [rdx-0x02]
cmp ecx, 0x01
jbe .13
.12:
mov ecx, edx
call long HRESULT_FROM_WIN32(unsigned long)
mov esi, eax
.13:
mov rcx, [rsp+0x90]
call [ole32.CoTaskMemFree]
.14:
mov eax, esi
.15:
lea r11, [rsp+0x60]
mov rbx, [r11+0x28]
mov rbp, [r11+0x38]
mov rsp, r11
pop r14
pop rdi
pop rsi
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
uint64_t sub_180006ba0(int64_t param_1,undefined8 param_2,int16_t *param_3,int16_t *param_4)
{
undefined8 uVar1;
int64_t iVar2;
int64_t *piVar3;
uint32_t uVar4;
int32_t iVar5;
int64_t iVar6;
uint64_t uVar7;
code *pcVar8;
int64_t iStackX_8;
undefined8 uStackX_18;
int64_t iStack_38;
undefined4 uStack_30;
int64_t *piStack_28;
iStack_38 = -0x80000000;
piStack_28 = 0x0;
uStack_30 = 0;
iStackX_8 = param_1;
if ((((param_3 != 0x0) && (*param_3 != 0)) &&
((uVar4 = sub_180003a70(&iStack_38, param_3), (uVar4 & 0xfffffffc) != 0 || (uVar4 == 1)))) ||
(((param_4 != 0x0 && (*param_4 != 0)) &&
((uVar4 = sub_180003a70(&iStack_38, param_4), (uVar4 & 0xfffffffc) != 0 || (uVar4 == 1)))))) {
uVar7 = HRESULT_FROM_WIN32(uVar4);
return uVar7;
}
piVar3 = piStack_28;
iVar2 = iStack_38;
uVar4 = (*ole32.StringFromCLSID)(param_2, &uStackX_18);
uVar1 = uStackX_18;
uVar7 = uVar4;
if (uVar4 < 0) {
return uVar7;
}
iStackX_8 = 0;
if (piVar3 == 0x0) {
code_r0x000180006ce7:
iVar5 = (*advapi32.RegOpenKeyExW)(iVar2, "CLSID", 0, 0x2001f, &iStackX_8);
code_r0x000180006d0f:
if (iVar5 == 0) {
iVar5 = 0;
if (iVar2 != 0) {
iVar5 = (*advapi32.RegCloseKey)(iVar2);
}
iStack_38 = iStackX_8;
uStack_30 = 0;
if ((iVar5 == 0) && (iVar5 = sub_180003a70(&iStack_38, uVar1), iVar5 == 0)) goto code_r0x000180006d60;
}
if (iVar5 - 2U < 2) goto code_r0x000180006d60;
}
else {
if (*piVar3 == 0) {
if (*(piVar3 + 1) != 0) goto code_r0x000180006ce7;
code_r0x000180006ce0:
iVar5 = 1;
goto code_r0x000180006d0f;
}
iVar6 = (*kernel32.GetModuleHandleW)("Advapi32.dll");
if (iVar6 != 0) {
pcVar8 = (*kernel32.GetProcAddress)(iVar6, "RegOpenKeyTransactedW");
if (pcVar8 == 0x0) goto code_r0x000180006ce0;
iVar5 = (*pcVar8)(iVar2, "CLSID", 0, 0x2001f, &iStackX_8, *piVar3, 0);
goto code_r0x000180006d0f;
}
iVar5 = 1;
}
uVar4 = HRESULT_FROM_WIN32(iVar5);
uVar7 = uVar4;
code_r0x000180006d60:
(*ole32.CoTaskMemFree)(uStackX_18);
return uVar7;
}
0x180008570 sub_180008570 str 4 api 1 imm 5 Unknown
sub_180008570() {
sub rsp, 0x248
mov rax, [0x18003A010]
xor rax, rsp
mov [rsp+0x230], rax
test ecx, ecx
jz .1
mov rcx, [0x18003B998]
lea r8, [rsp+0x30]
mov r9d, 0x100
mov edx, 0x03
call [user32.LoadStringW]
lea rax, [rsp+0x30]
lea r9, ["CertAuthority_Sample.Policy"]
mov [rsp+0x20], rax
lea r8, ["CertAuthority_Sample.Policy.1"]
lea rdx, [0x180033D90]
call sub_180006640()
mov rcx, [rsp+0x230]
xor rcx, rsp
call __security_check_cookie()
add rsp, 0x248
ret
.1:
lea r9, ["CertAuthority_Sample.Policy"]
lea r8, ["CertAuthority_Sample.Policy.1"]
lea rdx, [0x180033D90]
call sub_180006ba0()
mov rcx, [rsp+0x230]
xor rcx, rsp
call __security_check_cookie()
add rsp, 0x248
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_180008570(undefined8 param_1)
{
undefined auStack_248 [32];
undefined *puStack_228;
undefined auStack_218 [512];
uint64_t uStack_18;
uStack_18 = [0x0x18003a010#SecurityCookie] ^ auStack_248;
if (param_1 != 0) {
(*user32.LoadStringW)([0x0x18003b998], 3, auStack_218, 0x100);
puStack_228 = auStack_218;
sub_180006640();
__security_check_cookie(uStack_18 ^ auStack_248);
return;
}
sub_180006ba0(param_1, 0x180033d90, "CertAuthority_Sample.Policy.1", "CertAuthority_Sample.Policy");
__security_check_cookie(uStack_18 ^ auStack_248);
return;
}
0x180008640 sub_180008640 str 4 api 1 imm 5 Unknown
sub_180008640() {
sub rsp, 0x248
mov rax, [0x18003A010]
xor rax, rsp
mov [rsp+0x230], rax
test ecx, ecx
jz .1
mov rcx, [0x18003B998]
lea r8, [rsp+0x30]
mov r9d, 0x100
mov edx, 0x04
call [user32.LoadStringW]
lea rax, [rsp+0x30]
lea r9, ["CertAuthority_Sample.PolicyManage"]
mov [rsp+0x20], rax
lea r8, ["CertAuthority_Sample.PolicyManage.1"]
lea rdx, [0x180033D70]
call sub_180006640()
mov rcx, [rsp+0x230]
xor rcx, rsp
call __security_check_cookie()
add rsp, 0x248
ret
.1:
lea r9, ["CertAuthority_Sample.PolicyManage"]
lea r8, ["CertAuthority_Sample.PolicyManage.1"]
lea rdx, [0x180033D70]
call sub_180006ba0()
mov rcx, [rsp+0x230]
xor rcx, rsp
call __security_check_cookie()
add rsp, 0x248
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_180008640(undefined8 param_1)
{
undefined auStack_248 [32];
undefined *puStack_228;
undefined auStack_218 [512];
uint64_t uStack_18;
uStack_18 = [0x0x18003a010#SecurityCookie] ^ auStack_248;
if (param_1 != 0) {
(*user32.LoadStringW)([0x0x18003b998], 4, auStack_218, 0x100);
puStack_228 = auStack_218;
sub_180006640();
__security_check_cookie(uStack_18 ^ auStack_248);
return;
}
sub_180006ba0(param_1, 0x180033d70, "CertAuthority_Sample.PolicyManage.1", "CertAuthority_Sample.PolicyManage");
__security_check_cookie(uStack_18 ^ auStack_248);
return;
}
| Library | Functions |
|---|---|
| runtime/other | 246 |