-
-
[求助]NtUserCallOneParam win7
-
发表于:
2014-1-27 03:50
5508
-
[求助]NtUserCallOneParam win7
在XP 第二个参数是0x34的时候是关机重启注销
在WIN7呢?IDA分析看不懂
int __stdcall NtUserCallOneParam(PVOID hDC, unsigned int a2)
{
int v2; // eax@5
int v3; // edi@5
if ( a2 == 59 )
{
EnterSharedCrit();
}
else
{
UserEnterUserCritSec();
if ( a2 < 0x22 || a2 >= 0x47 )
goto LABEL_8;
}
v2 = ((int (__stdcall *)(PVOID))apfnSimpleCall[a2])(hDC);
v3 = v2;
if ( a2 - 34 <= 2 )
{
if ( v2 )
{
v3 = *(_DWORD *)v2;
goto LABEL_9;
}
LABEL_8:
v3 = 0;
}
LABEL_9:
UserSessionSwitchLeaveCrit();
return v3;
}
BOOL __stdcall ExitWindowsEx(UINT uFlags, DWORD dwReason)
{
UINT v2; // ebx@1
BOOL result; // eax@9
int v4; // eax@15
BOOL v5; // edi@15
int v6; // [sp+Ch] [bp-18h]@8
UINT v7; // [sp+10h] [bp-14h]@8
DWORD v8; // [sp+14h] [bp-10h]@8
int v9; // [sp+18h] [bp-Ch]@8
int v10; // [sp+1Ch] [bp-8h]@8
int v11; // [sp+20h] [bp-4h]@8
v2 = uFlags;
if ( !(uFlags & 0x580B)
|| uFlags & 4
|| gfLogonProcess && !(uFlags & 0x20000)
|| v2 & 0x40000
|| !IsSeShutdownNameEnabled()
|| DisplayExitWindowsWarnings(uFlags & 0xFFFFFCFF) )
{
v8 = dwReason;
v6 = 24;
v7 = uFlags;
v10 = 0;
v9 = 3;
v11 = 0;
if ( gfLogonProcess && (uFlags & 0x580B) != 0 && v2 & 0x20000 )
RecordShutdownReason(&v6);
v4 = ExitWindowsWorker((HANDLE)uFlags, 0);
v5 = v4;
if ( !gfLogonProcess && v4 && (uFlags & 0x580B) != 0 )
RecordShutdownReason(&v6);
result = v5;
}
else
{
v8 = 0;
v11 = 0;
v6 = 24;
v7 = uFlags;
v10 = 1;
v9 = 3;
RecordShutdownReason(&v6);
if ( uFlags & 0x20000 )
{
SetLastError(0x4C7u);
result = 0;
}
else
{
result = 1;
}
}
return result;
}
[课程]Linux pwn 探索篇!
