1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
| __int64 __fastcall is_exe_enabled_for_execution(std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >* app_dll)
{
std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >* v1; // rbx
unsigned __int64 v2; // r8
unsigned __int8 v3; // bl
unsigned __int64 v4; // rdi
unsigned __int64 v5; // rsi
std::basic_string<char, std::char_traits<char>, std::allocator<char> >* v6; // rcx
size_t v7; // r8
__int64 v8; // rcx
unsigned __int64 v9; // rax
size_t v10; // rdi
std::basic_string<char, std::char_traits<char>, std::allocator<char> >* v11; // rcx
unsigned __int64 v12; // rdx
char* v13; // rcx
std::basic_string<char, std::char_traits<char>, std::allocator<char> > str; // [rsp+28h] [rbp-30h]
v1 = app_dll;
str._Mypair._Myval2._Mysize = 0i64;
str._Mypair._Myval2._Myres = 15i64;
str._Mypair._Myval2._Bx._Buf[0] = 0;
v2 = -1i64;
do
++v2;
while (embed_0[v2]);
std::basic_string<char, std::char_traits<char>, std::allocator < char»::assign(&str, embed_0, v2);
if (pal::utf8_palstring(&str, v1))
{
v4 = str._Mypair._Myval2._Mysize;
if (str._Mypair._Myval2._Mysize < 0x40)
goto LABEL_36;
v5 = 32i64;
if (str._Mypair._Myval2._Mysize < 0x20)
v5 = str._Mypair._Myval2._Mysize;
v6 = &str;
if (str._Mypair._Myval2._Myres >= 0x10)
v6 = (std::basic_string<char, std::char_traits<char>, std::allocator<char> >*)str._Mypair._Myval2._Bx._Ptr;
v7 = v5;
if (v5 > 0x20)
v7 = 32i64;
if (memcmp(v6, "c3ab8ff13720e8ad9047dd39466b3c89", v7) || v5 != 32)
goto LABEL_36;
if (v4 < 0x20)
std::_String_val < std::_Simple_types < char»::_Xran(v8);
v9 = v4 - 32;
v10 = 32i64;
if (v9 < 0x20)
v10 = v9;
v11 = &str;
if (str._Mypair._Myval2._Myres >= 0x10)
v11 = (std::basic_string<char, std::char_traits<char>, std::allocator<char> >*)str._Mypair._Myval2._Bx._Ptr;
if (!memcmp(&v11[1], "74e592c2fa383d4a3960714caef0c4f2", v10) && v10 == 32)
{
if (v1->_Mypair._Myval2._Myres >= 8)
v1 = (std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >*)v1->_Mypair._Myval2._Bx._Ptr;
trace::error(L"This executable is not bound to a managed DLL to execute. The binding value is: '%s'", v1);
v3 = 0;
}
else
{
LABEL_36:
if (v1->_Mypair._Myval2._Myres >= 8)
v1 = (std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >*)v1->_Mypair._Myval2._Bx._Ptr;
trace::info(L"The managed DLL bound to this executable is: '%s'", v1);
v3 = 1;
}
}
else
{
trace::error(L"The managed DLL bound to this executable could not be retrieved from the executable image.");
v3 = 0;
}
if (str._Mypair._Myval2._Myres >= 0x10)
{
v12 = str._Mypair._Myval2._Myres + 1;
v13 = str._Mypair._Myval2._Bx._Ptr;
if (str._Mypair._Myval2._Myres + 1 >= 0x1000)
{
v12 = str._Mypair._Myval2._Myres + 40;
v13 = (char*) * ((_QWORD*)str._Mypair._Myval2._Bx._Ptr - 1);
if ((unsigned __int64)(str._Mypair._Myval2._Bx._Ptr - v13 - 8) > 0x1F)
invalid_parameter_noinfo_noreturn_0();
}
operator delete(v13, v12);
}
return v3;
} |
(
