[C++] 纯文本查看 复制代码
// bad sp value at call has been detected, the output may be wrong!
// positive sp value has been detected, the output may be wrong!
int __usercall sub_4E83B0@<eax>(int a1@<eax>, int a2@<edx>, int a3@<edi>, int a4@<esi>, int a5)
{
char v5; // bl
int v6; // edx
Getitactionsbase *v7; // ecx
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList; // [esp-10h] [ebp-24h] BYREF
void *v10; // [esp-Ch] [ebp-20h]
int *v11; // [esp-8h] [ebp-1Ch]
unsigned int v12; // [esp-4h] [ebp-18h]
int v13; // [esp+0h] [ebp-14h] BYREF
Getitactionsbase *v14; // [esp+4h] [ebp-10h] BYREF
bool v15[4]; // [esp+8h] [ebp-Ch] BYREF
int v16; // [esp+Ch] [ebp-8h]
int v17; // [esp+10h] [ebp-4h] BYREF
int savedregs; // [esp+14h] [ebp+0h] BYREF
v13 = 0;
v12 = 0;
v17 = a1;
((void (__fastcall *)(int, int, _DWORD, int, int))System::__linkproc__ IntfAddRef)(a1, a2, 0, a4, a3);
v11 = &savedregs;
v10 = &loc_4E84E6;
ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;
__writefsdword(0, (unsigned int)&ExceptionList);
v5 = 0;
if ( (unsigned __int8)((int (__fastcall *)(_DWORD, int, int, int *, void *, struct _EXCEPTION_REGISTRATION_RECORD *))Getitinstallmanager::TGetItInstallManager::ExecuteActions)(
*(_DWORD *)(a5 - 4),
v17,
1,
&savedregs,
&loc_4E84E6,
ExceptionList) )
{
v11 = &savedregs;
v10 = &loc_4E8472;
ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;
__writefsdword(0, (unsigned int)&ExceptionList);
(*(void (__fastcall **)(int, Getitactionsbase **))(*(_DWORD *)v17 + 80))(v17, &v14);
LOBYTE(v6) = 1;
Getitactionsbase::ExpandTemporalVariables(v14, v6, 1, (bool)v15);
(*(void (__fastcall **)(int, _DWORD))(*(_DWORD *)v17 + 232))(v17, *(_DWORD *)v15);
if ( (unsigned __int8)sub_4E81D4(a5) )
{
if ( !v16 )
{
Getitinstallmanager::TGetItInstallManager::CreateGetItService(
*(Getitinstallmanager::TGetItInstallManager **)(a5 - 4),
1);
if ( (*(unsigned __int8 (__fastcall **)(int, int))(*(_DWORD *)v13 + 52))(v13, v17) )
v5 = 1;
}
}
__writefsdword(0, (unsigned int)ExceptionList);
if ( v5 )
((int (__fastcall *)(_DWORD, int, int))Getitinstallmanager::TGetItInstallManager::ExecuteActions)(
*(_DWORD *)(a5 - 4),
v17,
2);
}
v7 = v14;
__writefsdword(0, v12);
v14 = (Getitactionsbase *)&loc_4E84ED;
((void (__fastcall *)(int *, unsigned int, Getitactionsbase *))System::__linkproc__ IntfClear)(&v13, v12, v7);
((void (__fastcall *)(Getitactionsbase **, int))System::__linkproc__ UStrArrayClr)(&v14, 2);
return ((int (__fastcall *)(int *))System::__linkproc__ IntfClear)(&v17);
}
发表于 2023-8-27 17:32
