Created
April 24, 2024 11:57
-
-
Save spddl/f078df25a7f1ae9fbb14115ab01348b2 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* WARNING: Function: _guard_xfg_dispatch_icall_nop replaced with injection: guard_dispatch_icall */ | |
| /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ | |
| /* public: static bool __cdecl CMsiSecureRepairManager::NeedsSecureRepair(unsigned short const * | |
| __ptr64,enum eSecRepairModeEnum & __ptr64) */ | |
| bool __cdecl CMsiSecureRepairManager::NeedsSecureRepair(ushort *param_1,eSecRepairModeEnum *param_2) | |
| { | |
| bool bVar1; | |
| bool bVar2; | |
| long lVar3; | |
| LSTATUS LVar4; | |
| ulong uVar5; | |
| LPCWSTR lpValueName; | |
| bool bVar7_false; | |
| int lpData [2]; | |
| ulong local_res20 [2]; | |
| DWORD cbData [2]; | |
| HKEY HKEY; | |
| HKEY HKLM; | |
| CMsiStringNullCopy *local_30; | |
| bool bVar2_false; | |
| bVar7_false = false; | |
| local_30 = &MsiString::s_NullString; | |
| HKEY = (HKEY)0x0; | |
| bVar2_false = false; | |
| HKLM = (HKEY)0x0; | |
| lpData[0] = 0; | |
| cbData[0] = 4; | |
| (**(code **)(_s_NullString + 0x60))(&MsiString::s_NullString,param_1); | |
| local_res20[0] = 0x20019; | |
| AdjustREGSAM(local_res20); | |
| lVar3 = (*RegOpenKeyAPI)((HKEY__ *)0xffffffff80000002, | |
| (ushort *)L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",0, | |
| local_res20[0],&HKEY); | |
| if (lVar3 == 0) { | |
| LVar4 = RegQueryValueExW(HKEY,L"SecureRepairPolicy",(LPDWORD)0x0,(LPDWORD)0x0,(LPBYTE)lpData, | |
| cbData); | |
| bVar1 = bVar2_false; | |
| bVar2 = bVar2_false; | |
| if (LVar4 == 0) { | |
| if (lpData[0] == 0) { | |
| *param_2 = 1; | |
| } | |
| else { | |
| bVar2 = true; | |
| if (lpData[0] != 1) { | |
| if (lpData[0] == 2) { | |
| uVar5 = 0; | |
| LVar4 = RegQueryValueExW(HKEY,L"BlockBehaviourWithWhiteList",(LPDWORD)0x0,(LPDWORD)0x0, | |
| (LPBYTE)lpData,cbData); | |
| if ((LVar4 == 0) && (lpData[0] == 0)) { | |
| *param_2 = 1; | |
| } | |
| uVar5 = MsiRegOpen64bitKey((HKEY__ *)0xffffffff80000002, | |
| (ushort *) | |
| L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\\SecureRe pairWhiteList" | |
| ,uVar5,0x20019,&HKLM); | |
| bVar2 = bVar2_false; | |
| if (uVar5 == 0) { | |
| lpValueName = (LPCWSTR)MsiString::operator_unsigned_short_const*___ptr64 | |
| ((MsiString *)&local_30); | |
| LVar4 = RegQueryValueExW(HKLM,lpValueName,(LPDWORD)0x0,(LPDWORD)0x0,(LPBYTE)0x0, | |
| (LPDWORD)0x0); | |
| RegCloseKey(HKLM); | |
| bVar1 = LVar4 == 0; | |
| } | |
| } | |
| else { | |
| *param_2 = 0; | |
| bVar2 = bVar2_false; | |
| } | |
| } | |
| } | |
| } | |
| RegCloseKey(HKEY); | |
| if ((bVar1) || (bVar2)) goto LAB_180135a3e; | |
| } | |
| bVar7_false = true; | |
| LAB_180135a3e: | |
| IMsiData::Release((IMsiData *)local_30); | |
| return bVar7_false; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment