[原创]windows-ag真人国际厅网站

if ( inputbufferlength != 0x30 || outputbufferlength )

  {

    v10 = status_info_length_mismatch;

    goto label_45;

  }

if ( !v7->dwcounter )

    goto label_5;

if ( v7->dwlen )

 {

    if ( !v7->ppwnptr || !v7->pdata2 )

      goto label_5;

 }

else if ( v7->pdata2 || v7->dwtimeout )

  {

label_5:

    v10 = status_invalid_parameter;

    goto label_45;

  }

 

v11 = v7->hcompletion;

object = 0i64;

v10 = obreferenceobjectbyhandle(v11, 2u, iocompletionobjecttype, pre_mode, &object, 0i64);

 

 

if ( v10 >= 0 )

  {

    v12 = iois32bitprocess(0i64);

    v13 = 0;

    v14 = (unsigned __int64 *)mmuserprobeaddress;

    while ( v13 < v7->dwcounter )

    {

      if ( pre_mode )

      {

        v24 = 0i64;

        v25 = 0i64;

        v15 = v13;

        v16 = v7->pdata1;

        if ( v12 )

        {

          v17 = (unsigned __int64)v16 16 * v13;

          v31 = v17;

          if ( (v17 & 3) != 0 )

            exraisedatatypemisalignment();

          if ( v17 16 > *v14 || v17 16 < v17 )

            *(_byte *)*v14 = 0;

          *(_qword *)&v24 = *(unsigned int *)v17;

          *((_qword *)&v24 1) = *(unsigned int *)(v17 4);

          loword(v25) = *(_word *)(v17 8);

          byte2(v25) = *(_byte *)(v17 10);

        }

        else

        {

          v17 = (unsigned __int64)v16 24 * v13;

          if ( v17 >= *v14 )

            v17 = *v14;

          v24 = *(_oword *)v17;

          v25 = *(_qword *)(v17 16);

        }

        v18 = &v24;

        v27 = &v24;

      }

      else

      {

        v15 = v13;

        v17 = 3i64 * v13;

        v18 = (__int128 *)((char *)v7->pdata1 24 * v13);

        v27 = v18;

      }

      v19 = a1;

      if ( v13 )

        v19 = 0i64;

      lobyte(v17) = pre_mode;

      v20 = afdnotifyprocessregistration(v17, v9, v18, v19);

      if ( pre_mode )

      {

        v21 = (char *)v7->pdata1;

        v14 = (unsigned __int64 *)mmuserprobeaddress;

        if ( v12 )

          v22 = &v21[16 * v15 12];

        else

          v22 = &v21[24 * v15 20];

        if ( (unsigned __int64)v22 >= mmuserprobeaddress )

          v22 = (char *)mmuserprobeaddress;

        *(_dword *)v22 = v20;

      }

      else

      {

        *((_dword *)v7->pdata1 6 * v15 5) = v20;

        v14 = (unsigned __int64 *)mmuserprobeaddress;

      }

       v13;

    }

    v10 = afdnotifyremoveiocompletion(pre_mode, (__int64)v9, (__int64)v7);

  }

原文链接:https://bbs.kanxue.com/thread-276663.htm

网络摘文,本文作者:15h,如若转载,请注明出处:https://www.15cov.cn/2023/08/27/原创windows_afd_lpe_cve-2023-21768分析/

发表评论

邮箱地址不会被公开。 必填项已用*标注

网站地图