本文详细解析了CopyFileContents函数的实现细节,包括文件信息查询、设置、读写操作等关键步骤。通过深入分析源代码,揭示了该函数如何进行文件内容复制。
解读 CopyFileContents
//----- (100F1216)--------------------------------------------------------
int __fastcall CopyFileContents(inta1,
int a2, int a3, int a4)
{
v38 =C00000E5;
v4 =a3;
v5 =a2;
if
(a3 )
{
if
(a4 )
{
v29 =0;
v30 =0;
v31
=0;
v37 =0i64;
v38 =0;
if
(!a2
)
{
Windows::Auto<Windows::Rtl::SystemImplementation::DirectFileSystemProvider*>::Allocate(&v38);
v5 =v38;
v4 =a3;
}
v8 =*(_DWORD*)v5;
v9 =v4;
// SysQueryInformationFile
v6 =
(*(int(__thiscall
**)(int,
int, char
*, char *,signed int,
signed int))(v8+
48))(
v5,
v9,
&v35,
&v32,
24,
5);
if
(v6 >=
0)
{
v34 =v33;
v10 =*(_DWORD*)v5;
// SysSetInformationFile
v6 =
(*(int(__thiscall
**)(int, _DWORD,
int, char
*, __int64
*,signed int, signed int, _DWORD))(v10
+
52))(
v5,
0,
a4,
&v35,
(__int64*)&v34,
8,
20,
0);
if
( v6 >=
0
)
{
v27 =HIDWORD(v33);
HIDWORD(v11)
= v33;
v12 =0x400000;
if
( v33 <=0x400000
)
v12 = v33;
v6 =RtlAllocateLBlob(v12,
(int)&v29);
if
( v6 >=0
)
{
LODWORD(v11)
= v27;
if
( !__PAIR__(HIDWORD(v11), v27)
)
{
LABEL_22:
Windows::Auto<Windows::Rtl::SystemImplementation::DirectFileSystemProvider*>::~Auto<Windows::Rtl::SystemImplementation::DirectFileSystemProvider*>(&v38);
Windows::Rtl::AutoBlob<Windows::Auto<_LBLOB>>::Close((int)&v29);
return
0;
}
HIDWORD(v13)
=
0;
while
( 1
)
{
LODWORD(v13)
=
(unsignedint)v11
>HIDWORD(v13)
||
(unsignedint)v11
>=HIDWORD(v13)&& HIDWORD(v11)
>= v30
?v30 : HIDWORD(v11);
v14 =
*(_DWORD
*)v5;
v15 = HIDWORD(v13);
v16 = HIDWORD(v13);
v17 = v13;
v18 = v31;
v19 = HIDWORD(v13);
v20
=HIDWORD(v13);
v21 = HIDWORD(v13);
v22 = HIDWORD(v13);
// SysReadFile
v6 =
(*(int(__thiscall
**)(int,
int, int, int, int,int,
char *,
constchar *,
int, __int64*,
int, int))(v14
+
40))(
v5,
v22,
a3,
v21,
v20,
v19,
&v35,
v18,
v17,
&v37,
v16,
v15);
if
( v6 <0
)
break;
v23 =
*(_DWORD
*)v5;
v24 = v36;
v25 = v31;
// SysWriteFile
v6 =
(*(int(__thiscall
**)(int, _DWORD,
int, _DWORD, _DWORD,_DWORD, char
*, const char*,
unsigned int, __int64*, _DWORD, _DWORD))(v23
+
44))(
v5,
0,
a4,
0,
0,
0,
&v35,
v25,
v24,
&v37,
0,
0);
if
( v6 <0
)
break;
LODWORD(v11)
=
(__PAIR__(v27, HIDWORD(v11))
- v36)
>>32;
HIDWORD(v11)
-= v36;
v13 = HIDWORD(v11);
v27 = v11;
v37 += v36;
if
( !v11
)
goto LABEL_22;
}
}
}
}
Windows::Auto<Windows::Rtl::SystemImplementation::DirectFileSystemProvider*>::~Auto<Windows::Rtl::SystemImplementation::DirectFileSystemProvider*>(&v38);
Windows::Rtl::AutoBlob<Windows::Auto<_LBLOB>>::Close((int)&v29);
}
else
{
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::SetInvalidParameter_NullPointer(&v38);
v28 ="base\\wcp\\sil\\merged\\ntu\\ntsystem.cpp";
v29 =(int)"Windows::Rtl::SystemImplementation::CopyFileContents";
v30 =4806;
v31 ="Not-null check failed: Target";
Windows::ErrorHandling::Rtl::CBaseFrame<Windows::ErrorHandling::Rtl::CVoidRaiseFrame>::ReportErrorOrigination(
v7,
(int)&v28);
v6 =v38;
}
}
else
{
v6 =0;
}
return v6;
}
扫一扫
11万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
