WINTRUST!_ExplodeMessage的作用是赋值psIndirectData
第一部分:
HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *pProvData)
{
if (!(_GetMessage(pProvData)))
{
return(S_FALSE);
}//返回到这里:
if (!(_ExplodeMessage(pProvData)))
{
return(S_FALSE);
}
(memcmp(pProvData->pWintrustData->pCatalog->pbCalculatedFileHash,
pProvData->pPDSip->psIndirectData->Digest.pbData,
pProvData->pPDSip->psIndirectData->Digest.cbData) != 0))
第二部分:
0: kd> dv
pProvData = 0x007cea00
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!_CRYPT_PROVIDER_DATA *)0x7cea00)
((WINTRUST!_CRYPT_PROVIDER_DATA *)0x7cea00) : 0x7cea00 [Type: _CRYPT_PROVIDER_DATA *]
[+0x000] cbStruct : 0x7c [Type: unsigned long]
[+0x004] pWintrustData : 0x7ceb00 [Type: _WINTRUST_DATA *]
[+0x008] fOpenedFile : 0 [Type: int]
[+0x00c] hWndParent : 0x0 [Type: HWND__ *]
[+0x010] pgActionID : 0x7683d010 : {F750E6C3-38EE-11D1-85E5-00C04FC295EE} [Type: _GUID *]
[+0x014] hProv : 0x1232758 [Type: unsigned long]
[+0x018] dwError : 0x0 [Type: unsigned long]
[+0x01c] dwRegSecuritySettings : 0x2 [Type: unsigned long]
[+0x020] dwRegPolicySettings : 0x23c00 [Type: unsigned long]
[+0x024] psPfns : 0x174ee28 [Type: _CRYPT_PROVIDER_FUNCTIONS *]
[+0x028] cdwTrustStepErrors : 0x26 [Type: unsigned long]
[+0x02c] padwTrustStepErrors : 0x29c838 : 0x0 [Type: unsigned long *]
[+0x030] chStores : 0x0 [Type: unsigned long]
[+0x034] pahStores : 0x0 [Type: void * *]
[+0x038] dwEncoding : 0x10001 [Type: unsigned long]
[+0x03c] hMsg : 0x16e7290 [Type: void *]
[+0x040] csSigners : 0x0 [Type: unsigned long]
[+0x044] pasSigners : 0x0 [Type: _CRYPT_PROVIDER_SGNR *]
[+0x048] csProvPrivData : 0x1 [Type: unsigned long]
[+0x04c] pasProvPrivData : 0x1c518f0 [Type: _CRYPT_PROVIDER_PRIVDATA *]
[+0x050] dwSubjectChoice : 0x1 [Type: unsigned long]
[+0x054] pPDSip : 0x1c054e8 [Type: _PROVDATA_SIP *]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!_PROVDATA_SIP *)0x1c054e8)
((WINTRUST!_PROVDATA_SIP *)0x1c054e8) : 0x1c054e8 [Type: _PROVDATA_SIP *]
[+0x000] cbStruct : 0x28 [Type: unsigned long]
[+0x004] gSubject : {C689AAB8-8E78-11D0-8C47-00C04FC295EE} [Type: _GUID]
[+0x014] pSip : 0x1c53280 [Type: SIP_DISPATCH_INFO_ *]
[+0x018] pCATSip : 0x1c52ca8 [Type: SIP_DISPATCH_INFO_ *]
[+0x01c] psSipSubjectInfo : 0x1c53710 [Type: SIP_SUBJECTINFO_ *]
[+0x020] psSipCATSubjectInfo : 0x1c527f0 [Type: SIP_SUBJECTINFO_ *]
[+0x024] psIndirectData : 0x0 [Type: SIP_INDIRECT_DATA_ *] //现在还没有赋值_ExplodeMessage的作用是赋值psIndirectData
第三部分:
0: kd> p
WINTRUST!SoftpubLoadMessage+0x7c:
001b:76804e6f e837fbffff call WINTRUST!_ExplodeMessage (768049ab)
0: kd> p
WINTRUST!SoftpubLoadMessage+0x81:
001b:76804e74 85c0 test eax,eax
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!_PROVDATA_SIP *)0x1c054e8)
((WINTRUST!_PROVDATA_SIP *)0x1c054e8) : 0x1c054e8 [Type: _PROVDATA_SIP *]
[+0x000] cbStruct : 0x28 [Type: unsigned long]
[+0x004] gSubject : {C689AAB8-8E78-11D0-8C47-00C04FC295EE} [Type: _GUID]
[+0x014] pSip : 0x1c53280 [Type: SIP_DISPATCH_INFO_ *]
[+0x018] pCATSip : 0x1c52ca8 [Type: SIP_DISPATCH_INFO_ *]
[+0x01c] psSipSubjectInfo : 0x1c53710 [Type: SIP_SUBJECTINFO_ *]
[+0x020] psSipCATSubjectInfo : 0x1c527f0 [Type: SIP_SUBJECTINFO_ *]
[+0x024] psIndirectData : 0x1c2dd98 [Type: SIP_INDIRECT_DATA_ *]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!SIP_INDIRECT_DATA_ *)0x1c2dd98)
((WINTRUST!SIP_INDIRECT_DATA_ *)0x1c2dd98) : 0x1c2dd98 [Type: SIP_INDIRECT_DATA_ *]
[+0x000] Data [Type: _CRYPT_ATTRIBUTE_TYPE_VALUE]
[+0x00c] DigestAlgorithm [Type: _CRYPT_ALGORITHM_IDENTIFIER]
[+0x018] Digest [Type: _CRYPTOAPI_BLOB]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((WINTRUST!_CRYPTOAPI_BLOB *)0x1c2ddb0))
(*((WINTRUST!_CRYPTOAPI_BLOB *)0x1c2ddb0)) [Type: _CRYPTOAPI_BLOB]
[+0x000] cbData : 0x14 [Type: unsigned long]
[+0x004] pbData : 0x1723fe8 : 0x2c [Type: unsigned char *]
0: kd> db 0x1723fe8
01723fe8 2c ac 74 89 bc 3c f9 74-71 ec 23 93 d4 38 57 d5 ,.t..<.tq.#..8W.
01723ff8 c0 84 9d 6b 00 00 00 00-0c 00 04 00 e7 01 0e 01 ...k............