加载 WCP
加載 WCP
?
功能:
加載WCP.DLL,初始化幾個函數:
?
?
?
?
//----- (1008CBD0)--------------------------------------------------------
signed int __userpurge WcpLoad@<eax>(
const unsigned__int16 *a1@<ecx>,
const unsigned__int16 *a2,
int a3,
HINSTANCE *a4)
{
? lpLibFileName = 0;
? v4 =a1;
? v5 =0;
? v6 =wcslen(v4);
? if (v6 == -8 )
? {
??? v8 =0;
? }
? else
? {
??? v5 =v6 + 8;
??? v7 =operator new(2 * (v6 + 8) + 4);
??? *v7= 0;
??? v8 =(WCHAR *)(v7 + 4);
??? *(_DWORD *)v7 = v5;
??? lpLibFileName = v8;
??? *v8= 0;
? }
? v9 =0;
? v10 =v5;
? while (*v8 )
? {
??? ++v8;
??? if (!--v10 )
????? goto LABEL_65;
? }
? if (!v10 )
? {
LABEL_65:
??? v9 =-2147024809;
LABEL_66:
??? v11 =0;
??? goto LABEL_13;
? }
? v11 =v5 - v10;
LABEL_13:
? if (v9 < 0)
??? goto LABEL_119;
? v46 =0;
? v12 =(char *)&lpLibFileName[v11];
? v13 =v5 - v11;
? if (v5 == v11 )
??? goto LABEL_67;
? v14 =v11 + v13 -v5 + 2147483646;
? v15 =(char *)v4 -v12;
? while (v14 )
? {
??? v16 =*(_WORD*)&v12[v15];
??? if (!v16 )
????? break;
??? *(_WORD *)v12 =v16;
??? --v14;
??? v12 +=2;
??? if (!--v13 )
????? goto LABEL_67;
? }
? if (v13 )
? {
??? v9 =v46;
? }
? else
? {
LABEL_67:
??? v12 -=2;
??? v9 =-2147024774;
? }
? *(_WORD *)v12 = 0;
? if (v9 < 0)
? {
LABEL_119:
??? CBSWdsLog(0x4000000u,v9, 1, "Failed toconcat string.");
??? v18 =lpLibFileName;
??? goto LABEL_42;
? }
? v17 =0;
? v46 =0;
? if (!v5 ||v5 > 0x7FFFFFFF)
? {
??? v17 =-2147024809;
??? v46 =-2147024809;
? }
? v18 =lpLibFileName;
? if (v17 < 0)
??? goto LABEL_71;
? v17 =0;
? v19 =v5;
? v46 =0;
? v20 =lpLibFileName;
? if (!v5 )
??? goto LABEL_70;
? while (*v20 )
? {
??? ++v20;
??? if (!--v19 )
????? goto LABEL_70;
? }
? if (!v19 )
? {
LABEL_70:
??? v17 =-2147024809;
??? v46 =-2147024809;
LABEL_71:
??? v21 =0;
??? goto LABEL_32;
? }
? v21 =v5 - v19;
LABEL_32:
? if (v17 >= 0)
? {
??? v46 =0;
??? v22 =(char *)&lpLibFileName[v21];
??? v23 =v5 - v21;
??? if (v5 == v21 )
????? goto LABEL_72;
??? v24 =v21 + v23 -v5 + 2147483646;
??? v25 =(char *)((char *)L"wcp.dll"- v22);
??? while (v24 )
??? {
????? v26 =*(_WORD*)&v25[(_DWORD)v22];
????? if (!v26 )
??????? break;
????? *(_WORD *)v22 =v26;
????? --v24;
????? v22 +=2;
????? if (!--v23 )
??????? goto LABEL_72;
??? }
??? if (!v23 )
??? {
LABEL_72:
????? v22 -=2;
????? v46 =-2147024774;
??? }
??? v18 =lpLibFileName;
??? *(_WORD *)v22 = 0;
? }
? v9 =v46;
// v28 v29 是 wcp.dll 的實例句柄
? v28 =LoadLibraryW(v18);
? v29 =v28;
? vpfnSetIsolationIMalloc = GetProcAddress(v28,"SetIsolationIMalloc");
? vpfnGetIdentityAuthority = GetProcAddress(v29,"GetIdentityAuthority");
? vpfnGetSystemStore = GetProcAddress(v29,"GetSystemStore");
? vpfnOpenExistingOfflineStore = GetProcAddress(v29,"OpenExistingOfflineStore");
? vpfnWcpInitialize = GetProcAddress(v29,"WcpInitialize");
? vpfnWcpShutdown = GetProcAddress(v29,"WcpShutdown");
? vpfnWcpSetHelperCallback = (__int32(__stdcall *)(struct ICBSHelper *))GetProcAddress(v29, "WcpSetHelperCallback");
??vpfnWcpSetHelperCallback((struct ICBSHelper *)&vCsiHelper);
? v32 =(int (__stdcall*)(int*))vpfnWcpInitialize;
? if (!vpfnWcpInitialize || gulpWcpCookie )
? {
LABEL_56:
? ??hLibModule =v29;
? ??goto LABEL_57;
? }
? v46 =0;
? v33 = vpfnWcpInitialize(&v46);
? v27 =v33;
? if (_InterlockedCompareExchange((volatile signed__int32 *)&gulpWcpCookie,v46, 0) )
? {
??? v43 =v46;
??? vpfnWcpShutdown (v43);
? }
?
LABEL_57:
? if (lpLibFileName )
??? operator delete((void *)(lpLibFileName -2));
? return v27;
}
// 100023C0: using guessed type wchar_taWcp_dll[8];
// 1019B5BC: using guessed type __int32 (__stdcall*vpfnWcpSetHelperCallback)(struct ICBSHelper *);
// 1019B8A0: using guessed type int vCsiHelper;
// 1019BA9C: using guessed type unsigned __int32gulpWcpCookie;
總結
- 上一篇: 公众号H5运营如何激发用户的打开H5商城
- 下一篇: magicAjax问题