第一部分:
CryptMsgUpdate(
#endif
IN HCRYPTMSG hCryptMsg,
IN const BYTE *pbData,
IN DWORD cbData,
IN BOOL fFinal)
{
ContentInfo *pci = NULL;
if ((PHASE_FIRST_FINAL == pcmi->dwPhase) &&
(0 == pcmi->dwMsgType)) {
if (0 != (Asn1Err = PkiAsn1Decode(
pDec,
(void **)&pci,
ContentInfoNC_PDU,
pbData,
cbData)))
第二部分:
0: kd> p
CRYPT32!CryptMsgUpdate+0x1b2:
001b:75c79dcc e83b110200 call CRYPT32!PkiAsn1Decode (75c9af0c)
0: kd> t
CRYPT32!PkiAsn1Decode:
001b:75c9af0c 55 push ebp
0: kd> kc
#
00 CRYPT32!PkiAsn1Decode
01 CRYPT32!CryptMsgUpdate
02 WINTRUST!_GetMessage
03 WINTRUST!SoftpubLoadMessage
04 WINTRUST!_VerifyTrust
05 WINTRUST!WinVerifyTrust
06 sfc_os!SfcValidateFileSignature
07 sfc_os!SfcGetValidationData
08 sfc_os!SfcValidateDLL
09 sfc_os!SfcQueueValidationThread
0a kernel32!BaseThreadStart
0: kd> dv
pDec = 0x012337d0
ppvAsn1Info = 0x007ce944
id = 0x13
pbEncoded = 0x01e00020 "0???"
cbEncoded = 0x96934
0: kd> db 0x01e00020
01e00020 30 83 09 69 2f 06 09 2a-86 48 86 f7 0d 01 07 02 0..i/..*.H......
01e00030 a0 83 09 69 1f 30 83 09-69 1a 02 01 01 31 0b 30 ...i.0..i....1.0
01e00040 09 06 05 2b 0e 03 02 1a-05 00 30 83 09 57 31 06 ...+......0..W1.
01e00050 09 2b 06 01 04 01 82 37-0a 01 a0 83 09 57 21 30 .+.....7.....W!0
01e00060 83 09 57 1c 30 0c 06 0a-2b 06 01 04 01 82 37 0c ..W.0...+.....7.
01e00070 01 01 04 10 bb fd 30 fb-6f a3 d9 40 82 26 85 87 ......0.o..@.&..
01e00080 87 cd 89 4b 17 0d 32 34-30 39 31 35 30 33 34 35 ...K..2409150345
01e00090 30 36 5a 30 0e 06 0a 2b-06 01 04 01 82 37 0c 01 06Z0...+.....7..
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((CRYPT32!ASN1decoding_s *)0x12337d0)
((CRYPT32!ASN1decoding_s *)0x12337d0) : 0x12337d0 [Type: ASN1decoding_s *]
[+0x000] magic : 0x44434544 [Type: unsigned long]
[+0x004] version : 0x0 [Type: unsigned long]
[+0x008] module : 0x75788 [Type: tagASN1module_t *]
[+0x00c] buf : 0x16cdde1 : 0x30 [Type: unsigned char *]
[+0x010] size : 0xb [Type: unsigned long]
[+0x014] len : 0xb [Type: unsigned long]
[+0x018] err : ASN1_SUCCESS (0) [Type: tagASN1error_e]
[+0x01c] bit : 0x0 [Type: unsigned long]
[+0x020] pos : 0x16cddec : 0xa0 [Type: unsigned char *]
[+0x024] eRule : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x028] dwFlags : 0x1000 [Type: unsigned long]
0: kd> p
CRYPT32!PkiAsn1Decode+0x1:
001b:75c9af0d 8bec mov ebp,esp
0: kd> p
CRYPT32!PkiAsn1Decode+0x3:
001b:75c9af0f 56 push esi
0: kd> p
CRYPT32!PkiAsn1Decode+0x4:
001b:75c9af10 ff7518 push dword ptr [ebp+18h]
0: kd> p
CRYPT32!PkiAsn1Decode+0x7:
001b:75c9af13 8b750c mov esi,dword ptr [ebp+0Ch]
0: kd> p
CRYPT32!PkiAsn1Decode+0xa:
001b:75c9af16 ff7514 push dword ptr [ebp+14h]
0: kd> p
CRYPT32!PkiAsn1Decode+0xd:
001b:75c9af19 832600 and dword ptr [esi],0
0: kd> p
CRYPT32!PkiAsn1Decode+0x10:
001b:75c9af1c 6a08 push 8
0: kd> p
CRYPT32!PkiAsn1Decode+0x12:
001b:75c9af1e ff7510 push dword ptr [ebp+10h]
0: kd> p
CRYPT32!PkiAsn1Decode+0x15:
001b:75c9af21 56 push esi
0: kd> p
CRYPT32!PkiAsn1Decode+0x16:
001b:75c9af22 ff7508 push dword ptr [ebp+8]
0: kd> p
CRYPT32!PkiAsn1Decode+0x19:
001b:75c9af25 e8124f0000 call CRYPT32!ASN1_Decode (75c9fe3c)
0: kd> t
CRYPT32!ASN1_Decode:
001b:75c9fe3c ff259013c175 jmp dword ptr [CRYPT32!_imp__ASN1_Decode (75c11390)]
0: kd> p
MSASN1!ASN1_Decode:
001b:75bf7d82 55 push ebp
0: kd> kc
#
00 MSASN1!ASN1_Decode
01 CRYPT32!PkiAsn1Decode
02 CRYPT32!CryptMsgUpdate
03 WINTRUST!_GetMessage
04 WINTRUST!SoftpubLoadMessage
05 WINTRUST!_VerifyTrust
06 WINTRUST!WinVerifyTrust
07 sfc_os!SfcValidateFileSignature
08 sfc_os!SfcGetValidationData
09 sfc_os!SfcValidateDLL
0a sfc_os!SfcQueueValidationThread
0b kernel32!BaseThreadStart
0: kd> dv
dec = 0x012337d0
valref = 0x007ce944
id = 0x13
flags = 8
pbBuf = 0x01e00020 "0???"
cbBufSize = 0x96934
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((MSASN1!ASN1decoding_s *)0x12337d0)
((MSASN1!ASN1decoding_s *)0x12337d0) : 0x12337d0 [Type: ASN1decoding_s *]
[+0x000] magic : 0x44434544 [Type: unsigned long]
[+0x004] version : 0x0 [Type: unsigned long]
[+0x008] module : 0x75788 [Type: tagASN1module_t *]
[+0x00c] buf : 0x16cdde1 : 0x30 [Type: unsigned char *]
[+0x010] size : 0xb [Type: unsigned long]
[+0x014] len : 0xb [Type: unsigned long]
[+0x018] err : ASN1_SUCCESS (0) [Type: tagASN1error_e]
[+0x01c] bit : 0x0 [Type: unsigned long]
[+0x020] pos : 0x16cddec : 0xa0 [Type: unsigned char *]
[+0x024] eRule : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x028] dwFlags : 0x1000 [Type: unsigned long]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((MSASN1!tagASN1module_t *)0x75788)
((MSASN1!tagASN1module_t *)0x75788) : 0x75788 [Type: tagASN1module_t *]
[+0x000] nModuleName : 0x73636b70 [Type: unsigned long]
[+0x004] eRule : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x008] dwFlags : 0x1000 [Type: unsigned long]
[+0x00c] cPDUs : 0x30 [Type: unsigned long]
[+0x010] apfnFreeMemory : 0x75c22418 [Type: void (**)(void *)]
[+0x014] acbStructSize : 0x75c224d8 : 0x44 [Type: unsigned long *]
[+0x018] PER [Type: tagASN1PerFunArr_t]
[+0x018] BER [Type: tagASN1BerFunArr_t]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((MSASN1!tagASN1PerFunArr_t *)0x757a0))
(*((MSASN1!tagASN1PerFunArr_t *)0x757a0)) [Type: tagASN1PerFunArr_t]
[+0x000] apfnEncoder : 0x75c22298 [Type: long (**)(ASN1encoding_s *,void *)]
[+0x004] apfnDecoder : 0x75c22358 [Type: long (**)(ASN1decoding_s *,void *)]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((MSASN1!long (**)(ASN1decoding_s *,void *))0x75c22358)
((MSASN1!long (**)(ASN1decoding_s *,void *))0x75c22358) : 0x75c22358 [Type: long (**)(ASN1decoding_s *,void *)]
0x75c7ae10 [Type: long (*)(ASN1decoding_s *,void *)]
0: kd> u 75c7ae10
CRYPT32!ASN1Dec_ObjectID [d:\srv03rtm\ds\security\cryptoapi\pki\wincrmsg\pkcs.c @ 443]:
75c7ae10 55 push ebp
75c7ae11 8bec mov ebp,esp
75c7ae13 8b450c mov eax,dword ptr [ebp+0Ch]
75c7ae16 85c0 test eax,eax
75c7ae18 7503 jne CRYPT32!ASN1Dec_ObjectID+0xd (75c7ae1d)
75c7ae1a 6a06 push 6
75c7ae1c 58 pop eax
75c7ae1d ff7510 push dword ptr [ebp+10h]
0: kd> dd 0x75c22358
75c22358 75c7ae10 75c7ae10 75c8ce81 75c7ae48
75c22368 75c7ae6c 75c7af08 75c7af8e 75c7b0d0
75c22378 75c7b20f 75c7b937 75c7b20f 75c7b37a
75c22388 75c7b4a5 75c7b937 75c7b6b1 75c7b937
75c22398 75c7b937 75c7ba4e 75c7bb9a 75c7bc73
75c223a8 75c7b937 75c7d861 75c7b937 75c7b937
75c223b8 75c7da15 75c7bf62 75c7c106 75c7c2f7
75c223c8 75c7dbbc 75c7c4ac 75c7c600 75c7dd94
0: kd> u 75c7bb9a
CRYPT32!ASN1Dec_ContentInfo [d:\srv03rtm\ds\security\cryptoapi\pki\wincrmsg\pkcs.c @ 1574]:
75c7bb9a 55 push ebp
75c7bb9b 8bec mov ebp,esp
75c7bb9d 83ec10 sub esp,10h
75c7bba0 8b450c mov eax,dword ptr [ebp+0Ch]
75c7bba3 85c0 test eax,eax
75c7bba5 7503 jne CRYPT32!ASN1Dec_ContentInfo+0x10 (75c7bbaa)
75c7bba7 6a10 push 10h
75c7bba9 58 pop eax
第三部分:返回到CRYPT32!PkiAsn1Decode
0: kd> p
CRYPT32!PkiAsn1Decode+0x24:
001b:75c9af30 eb0d jmp CRYPT32!PkiAsn1Decode+0x33 (75c9af3f)
0: kd> p
CRYPT32!PkiAsn1Decode+0x33:
001b:75c9af3f 5e pop esi
0: kd> p
CRYPT32!PkiAsn1Decode+0x34:
001b:75c9af40 5d pop ebp
0: kd> p
CRYPT32!PkiAsn1Decode+0x35:
001b:75c9af41 c21400 ret 14h
0: kd> p
CRYPT32!CryptMsgUpdate+0x1b7:
001b:75c79dd1 8945c8 mov dword ptr [ebp-38h],eax
0: kd> dv
hCryptMsg = 0x016e7290
pbData = 0x01e00020 "0???"
cbData = 0x96934
fFinal = 0n1
dwError = 0
fRet = 0n0
pci = 0x0007ea10
Asn1Err = 0n272 (No matching enumerant)
cb = 0x75c9d114
pDec = 0x012337d0
pb = 0x75c25e20 "???"
lth = 0n8186136
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((CRYPT32!ContentInfo *)0x7ea10)
((CRYPT32!ContentInfo *)0x7ea10) : 0x7ea10 [Type: ContentInfo *]
[+0x000] bit_mask : 0x80 [Type: unsigned short]
[+0x000] o [Type: unsigned char [1]]
[+0x004] contentType [Type: tagASN1objectidentifier2_t]
[+0x048] content [Type: tagASN1open_t]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!tagASN1objectidentifier2_t *)0x7ea14))
(*((CRYPT32!tagASN1objectidentifier2_t *)0x7ea14)) [Type: tagASN1objectidentifier2_t]
[+0x000] count : 0x7 [Type: unsigned short]
[+0x004] value [Type: unsigned long [16]]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!unsigned long (*)[16])0x7ea18))
(*((CRYPT32!unsigned long (*)[16])0x7ea18)) [Type: unsigned long [16]]
[0] : 0x1 [Type: unsigned long]
[1] : 0x2 [Type: unsigned long]
[2] : 0x348 [Type: unsigned long]
[3] : 0x1bb8d [Type: unsigned long]
[4] : 0x1 [Type: unsigned long]
[5] : 0x7 [Type: unsigned long]
[6] : 0x2 [Type: unsigned long]
[7] : 0x0 [Type: unsigned long]
[8] : 0x0 [Type: unsigned long]
[9] : 0x0 [Type: unsigned long]
[10] : 0x0 [Type: unsigned long]
[11] : 0x0 [Type: unsigned long]
[12] : 0x0 [Type: unsigned long]
[13] : 0x0 [Type: unsigned long]
[14] : 0x0 [Type: unsigned long]
[15] : 0x0 [Type: unsigned long]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!tagASN1open_t *)0x7ea58))
(*((CRYPT32!tagASN1open_t *)0x7ea58)) [Type: tagASN1open_t]
[+0x000] length : 0x9691f [Type: unsigned long]
[+0x004] encoded : 0x1e00035 [Type: void *]
[+0x004] value : 0x1e00035 [Type: void *]
相关函数)
)
