Created
February 4, 2025 00:26
-
-
Save MurylloEx/5e2b75a935be227a4aeb76f7f8abdd20 to your computer and use it in GitHub Desktop.
Update volume identifier (Windows Sysinternals VolumeId64.exe)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __int64 sub_140003100() | |
| { | |
| HANDLE FileA; // rax | |
| void *v1; // rbx | |
| DWORD LastError; // eax | |
| DWORD v3; // eax | |
| DWORD v4; // eax | |
| CHAR Buffer[8]; // [rsp+40h] [rbp-C0h] BYREF | |
| DWORD NumberOfBytesRead; // [rsp+48h] [rbp-B8h] BYREF | |
| char v8[3]; // [rsp+50h] [rbp-B0h] BYREF | |
| char Str1[36]; // [rsp+53h] [rbp-ADh] BYREF | |
| int v10; // [rsp+77h] [rbp-89h] | |
| char v11[13]; // [rsp+86h] [rbp-7Ah] BYREF | |
| int v12; // [rsp+93h] [rbp-6Dh] | |
| int v13; // [rsp+98h] [rbp-68h] | |
| char v14[430]; // [rsp+A2h] [rbp-5Eh] BYREF | |
| CHAR FileName[256]; // [rsp+250h] [rbp+150h] BYREF | |
| sprintf(FileName, "\\\\.\\%c:", (unsigned int)byte_140025AF4); | |
| FileA = CreateFileA(FileName, 0xC0000000, 3u, 0LL, 3u, 0, 0LL); | |
| v1 = FileA; | |
| if ( FileA == (HANDLE)-1LL ) | |
| { | |
| LastError = GetLastError(); | |
| FormatMessageA(0x1100u, 0LL, LastError, 0x400u, Buffer, 0, 0LL); | |
| sub_140002700("Error opening drive", *(_QWORD *)Buffer); | |
| LocalFree(*(HLOCAL *)Buffer); | |
| } | |
| else if ( ReadFile(FileA, v8, 0x200u, &NumberOfBytesRead, 0LL) ) | |
| { | |
| if ( !strncmp(Str1, "NTFS", 4uLL) ) | |
| { | |
| v13 = dword_140025AF0; | |
| } | |
| else if ( !strncmp(v14, "FAT32", 5uLL) ) | |
| { | |
| v12 = dword_140025AF0; | |
| } | |
| else | |
| { | |
| if ( strncmp(v11, "FAT", 3uLL) ) | |
| { | |
| printf("\n\nUnrecognized drive type\n"); | |
| return 0LL; | |
| } | |
| v10 = dword_140025AF0; | |
| } | |
| SetFilePointer(v1, 0, 0LL, 0); | |
| NumberOfBytesRead = 512; | |
| if ( WriteFile(v1, v8, 0x200u, &NumberOfBytesRead, 0LL) ) | |
| { | |
| CloseHandle(v1); | |
| printf( | |
| "Volume ID for drive %C: updated to %04x-%04x\n", | |
| byte_140025AF4, | |
| HIWORD(dword_140025AF0), | |
| (unsigned __int16)dword_140025AF0); | |
| return 1LL; | |
| } | |
| v4 = GetLastError(); | |
| FormatMessageA(0x1100u, 0LL, v4, 0x400u, Buffer, 0, 0LL); | |
| sub_140002700("Error writing volume id", *(_QWORD *)Buffer); | |
| LocalFree(*(HLOCAL *)Buffer); | |
| } | |
| else | |
| { | |
| v3 = GetLastError(); | |
| FormatMessageA(0x1100u, 0LL, v3, 0x400u, Buffer, 0, 0LL); | |
| sub_140002700("Error reading drive", *(_QWORD *)Buffer); | |
| LocalFree(*(HLOCAL *)Buffer); | |
| } | |
| return 0LL; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment