Skip to content

Instantly share code, notes, and snippets.

@v-p-b

v-p-b/mpengine.dll-mpengine.dll.ghidriff.md

Created January 26, 2025 15:21
Show Gist options
  • Save v-p-b/513a8f70a32c62f3ab7bf0d6a90e0941 to your computer and use it in GitHub Desktop.
Save v-p-b/513a8f70a32c62f3ab7bf0d6a90e0941 to your computer and use it in GitHub Desktop.
Download ZIP
ghidriff - mpengine.dll - SimpleDiff - 1.1.24030.4 vs 1.1.24060.5
Raw
mpengine.dll-mpengine.dll.ghidriff.md

mpengine.dll-mpengine.dll Diff

TOC

Visual Chart Diff

flowchart LR

AdaptBootInput-3-old<--Match 60%-->AdaptBootInput-3-new
AdaptChangeSettingInput-3-old<--Match 19%-->AdaptChangeSettingInput-3-new
Arrayunsigned_charAdd-2-old<--Match 91%-->Arrayunsigned_charAdd-2-new
Arrayclass_lzstreamRARUnpackFilter___ptr64Add-2-old<--Match 97%-->Arrayclass_lzstreamRARUnpackFilter___ptr64Add-2-new
Arraystruct_VM_PreparedCommandAdd-2-old<--Match 97%-->Arraystruct_VM_PreparedCommandAdd-2-new
BmInternalInfoAddBehavior-6-old<--Match 64%-->BmInternalInfoAddBehavior-6-new
spynet_wrapperAddHeartbeat-2-old<--Match 98%-->spynet_wrapperAddHeartbeat-2-new
PEBMPatScannerAddNewPattern-5-old<--Match 56%-->PEBMPatScannerAddNewPattern-5-new
FopScannerAddNewPatternCommon-7-old<--Match 27%-->FopScannerAddNewPatternCommon-7-new
LuaHipsLibAddPath-4-old<--Match 54%-->LuaHipsLibAddPath-4-new
BmContextRichDataJsonBmContextRichDataJsonImplAddRelationship-4-old<--Match 97%-->BmContextRichDataJsonBmContextRichDataJsonImplAddRelationship-4-new
LuaStandaloneAddScript-6-old<--Match 77%-->LuaStandaloneAddScript-6-new
PEFileWriterAddSection-5-old<--Match 8%-->PEFileWriterAddSection-5-new
nscriptAddStdMatch-3-old<--Match 98%-->nscriptAddStdMatch-3-new
LogSkipAddString-4-old<--Match 99%-->LogSkipAddString-4-new
AddTdtInfo-1-old<--Match 94%-->AddTdtInfo-1-new
FopScannerAddToResults-5-old<--Match 69%-->FopScannerAddToResults-5-new
AllocScanReply-0-old<--Match 98%-->AllocScanReply-0-new
Arrayunsigned_charAdd-2-old<--Match 44%-->AmsiSessionCacheAmsiSessionCacheAmsiSessionCache-2-new
UfsClientRequestAnalyzeLeaf-3-old<--Match 90%-->UfsClientRequestAnalyzeLeaf-3-new
ApitableInit-1-old<--Match 97%-->ApitableInit-1-new
ArDetectionItemArDetectionItem-4-old<--Match 99%-->ArDetectionItemArDetectionItem-4-new
AsrRuleData_tAsrRuleData_t-2-old<--Match 97%-->AsrRuleData_tAsrRuleData_t-2-new
HipsManagerAutoEnableRule-3-old<--Match 99%-->HipsManagerAutoEnableRule-3-new
BMSRegisterBMCallbacks-0-old<--Match 99%-->BMSRegisterBMCallbacks-0-new
BMSUnRegisterBMCallbacks-0-old<--Match 98%-->BMSUnRegisterBMCallbacks-0-new
mpengine.dll<--1700ommited-->mpengine.dll

subgraph mpengine.dll
    AdaptBootInput-3-new
AdaptChangeSettingInput-3-new
Arrayunsigned_charAdd-2-new
Arrayclass_lzstreamRARUnpackFilter___ptr64Add-2-new
Arraystruct_VM_PreparedCommandAdd-2-new
BmInternalInfoAddBehavior-6-new
spynet_wrapperAddHeartbeat-2-new
PEBMPatScannerAddNewPattern-5-new
FopScannerAddNewPatternCommon-7-new
LuaHipsLibAddPath-4-new
BmContextRichDataJsonBmContextRichDataJsonImplAddRelationship-4-new
LuaStandaloneAddScript-6-new
PEFileWriterAddSection-5-new
nscriptAddStdMatch-3-new
LogSkipAddString-4-new
AddTdtInfo-1-new
FopScannerAddToResults-5-new
AllocScanReply-0-new
AmsiSessionCacheAmsiSessionCacheAmsiSessionCache-2-new
UfsClientRequestAnalyzeLeaf-3-new
ApitableInit-1-new
ArDetectionItemArDetectionItem-4-new
AsrRuleData_tAsrRuleData_t-2-new
HipsManagerAutoEnableRule-3-new
BMSRegisterBMCallbacks-0-new
BMSUnRegisterBMCallbacks-0-new
    
end

subgraph mpengine.dll
    AdaptBootInput-3-old
AdaptChangeSettingInput-3-old
Arrayunsigned_charAdd-2-old
Arrayclass_lzstreamRARUnpackFilter___ptr64Add-2-old
Arraystruct_VM_PreparedCommandAdd-2-old
BmInternalInfoAddBehavior-6-old
spynet_wrapperAddHeartbeat-2-old
PEBMPatScannerAddNewPattern-5-old
FopScannerAddNewPatternCommon-7-old
LuaHipsLibAddPath-4-old
BmContextRichDataJsonBmContextRichDataJsonImplAddRelationship-4-old
LuaStandaloneAddScript-6-old
PEFileWriterAddSection-5-old
nscriptAddStdMatch-3-old
LogSkipAddString-4-old
AddTdtInfo-1-old
FopScannerAddToResults-5-old
AllocScanReply-0-old
Arrayunsigned_charAdd-2-old
UfsClientRequestAnalyzeLeaf-3-old
ApitableInit-1-old
ArDetectionItemArDetectionItem-4-old
AsrRuleData_tAsrRuleData_t-2-old
HipsManagerAutoEnableRule-3-old
BMSRegisterBMCallbacks-0-old
BMSUnRegisterBMCallbacks-0-old
    subgraph Deleted
direction LR
SignatureHandler-HandleNotification
    SignatureHandler-HandleNotification
    SignatureHandler-HandleNotification
    ProcessContextLogger-CollectStates
    tdt_library_v_current-tdt_app_profiling-time_update_service_api_impl-get_latest_time
    tdt_library_v_next-feature_extraction-hotspot_detector_node-calculate_output_value
    std-_Func_impl_no_alloclambda_49aaa8c101f8a6e50877c71242352a0cboolchar_const_unsigned___int64sha1_t_const_unsigned___int64-_Do_call
    std-_Func_impl_no_alloclambda_73e9606387324b6c8fd692d5be98c77cboolchar_const_-_Do_call
    dynamic_atexit_destructor_for_tdt_library_v_current-logger_client-logger-m_instance
    dynamic_atexit_destructor_for_tdt_library_v_next-logger_client-logger-m_instance
    lambda_0f9762a6c82734cc8c0c6edb2ce7b823-operator
    getsigtype
    getsigtype
    lambda_5e4005bbdd9cae4eff357a4b8aac90e6-operator
    lambda_31575293ba5bb7430c6f950f1afc8e90-operator
    lambda_f2278183a0c285f5fcf141a901c5e4bf-operator
    lambda_6babf04455e01b1f129b6480367e39c8-operator
    lambda_091b22df2017f17e232e72bdb61857f3-operator
    lambda_ca68b46a02b00be7f2919989f8991ad0-operator
    lambda_e80b1ba6d35967b9aef5c7bd96a48a03-operator
    lambda_a52397e543c1736d69ca94d83c8eb915-operator
    lambda_2b16eede04a3efdc783f6feb99ed8c61-operator
    lambda_2821effc6a6193929ab5d8bf0c3ba95b-operator-__l1-catch8
    lambda_7914faad9942e8ab5a27c76d3416fbab-operator
    tdt_library_v_current-bit_shovel_plugins-detection_tlv_recorder-init-__l1-catch47
    lambda_0002dfbc9e826a78e572fed23f745983-operator
    lambda_6e9b5994c18c479ab1407996b7e58975-operator
    1343_more_deleted_funcs_omitted
end
end
Loading 
pie showData
    title Function Matches - 98.7936%
"unmatched_funcs_len" : 1368
"matched_funcs_len" : 112023
Loading 
pie showData
    title Matched Function Similarity - 94.5163%
"matched_funcs_with_code_changes_len" : 1725
"matched_funcs_with_non_code_changes_len" : 4418
"matched_funcs_no_changes_len" : 105880
Loading

Metadata

Ghidra Diff Engine

Command Line

Captured Command Line

ghidriff --project-location ghidra_projects --project-name ghidriff --symbols-path /symbols --threaded --force-diff --log-level INFO --file-log-level INFO --log-path ghidriff.log --min-func-len 10 --gdt [] --bsim --max-ram-percent 60.0 --max-section-funcs 200 mpengine.dll mpengine.dll

Verbose Args

--old ['/dummy/engine_files/64/1.1.24030.4/mpengine.dll'] --new [['/dummy/engine_files/64/1.1.24060.5/mpengine.dll']] --engine SimpleDiff --output-path /tmp/ghdriff_out --summary False --project-location ghidra_projects --project-name ghidriff --symbols-path /symbols --threaded True --force-analysis False --force-diff True --no-symbols False --log-level INFO --file-log-level INFO --log-path ghidriff.log --va False --min-func-len 10 --use-calling-counts False --gdt [] --bsim True --bsim-full False --max-ram-percent 60.0 --print-flags False --jvm-args None --side-by-side False --max-section-funcs 200 --md-title None

Download Original PEs

wget https://msdl.microsoft.com/download/symbols/mpengine.dll/073DC37C128B000/mpengine.dll -O mpengine.dll.x64.1.1.24030.4
wget https://msdl.microsoft.com/download/symbols/mpengine.dll/568F151012C3000/mpengine.dll -O mpengine.dll.x64.1.1.24060.5

Binary Metadata Diff

--- mpengine.dll Meta
+++ mpengine.dll Meta
@@ -1,44 +1,44 @@
 Program Name: mpengine.dll
 Language ID: x86:LE:64:default (4.1)
 Compiler ID: windows
 Processor: x86
 Endian: Little
 Address Size: 64
 Minimum Address: 75a100000
 Maximum Address: ff0000184f
-# of Bytes: 19449888
+# of Bytes: 19676448
 # of Memory Blocks: 8
-# of Instructions: 3240180
-# of Defined Data: 163180
-# of Functions: 56164
-# of Symbols: 580826
-# of Data Types: 17909
-# of Data Type Categories: 751
+# of Instructions: 3289352
+# of Defined Data: 164732
+# of Functions: 57227
+# of Symbols: 590675
+# of Data Types: 18198
+# of Data Type Categories: 758
 Analyzed: true
 Compiler: visualstudio:unknown
 Created With Ghidra Version: 11.2
-Date Created: Sat Jan 25 17:20:55 CET 2025
+Date Created: Sat Jan 25 17:21:00 CET 2025
 Executable Format: Portable Executable (PE)
-Executable Location: /dummy/engine_files/64/1.1.24030.4/mpengine.dll
-Executable MD5: 394f8bc026b2bb8aeae7205a07bbd667
-Executable SHA256: c22200e499fb2d7cef1a3092773221ad89b0627fe5b2c244bcbb41895b76d6d0
-FSRL: file:///dummy/engine_files/64/1.1.24030.4/mpengine.dll?MD5=394f8bc026b2bb8aeae7205a07bbd667
+Executable Location: /dummy/engine_files/64/1.1.24060.5/mpengine.dll
+Executable MD5: 984836eb2eceb2554d9a91b8eadeb544
+Executable SHA256: dc1e3f25aacac110b79268648355612db457809b7b4a95fef87c85c2785a7e4f
+FSRL: file:///dummy/engine_files/64/1.1.24060.5/mpengine.dll?MD5=984836eb2eceb2554d9a91b8eadeb544
 PDB Age: 1
 PDB File: mpengine.pdb
-PDB GUID: 466c72e7-d685-3e47-d6eb-a950401d3793
+PDB GUID: 09025bc7-7df1-f906-c4a3-89ed3b3dbc74
 PDB Loaded: true
 PDB Version: RSDS
 PE Property[CompanyName]: Microsoft Corporation
 PE Property[FileDescription]: Microsoft Malware Protection Engine
-PE Property[FileVersion]: 1.1.24030.4 (1a01e339f67f879ed387740375fff418bee36191)
+PE Property[FileVersion]: 1.1.24060.5 (237fa10f982d874c9fdbe79cf68e0047ba27fd2b)
 PE Property[InternalName]: mpengine
 PE Property[LegalCopyright]: © Microsoft Corporation. All rights reserved.
 PE Property[OriginalFilename]: mpengine.dll
 PE Property[ProductName]: Microsoft Malware Protection
-PE Property[ProductVersion]: 1.1.24030.4
+PE Property[ProductVersion]: 1.1.24060.5
 PE Property[Translation]: 4b00409
 Preferred Root Namespace Category: 
 RTTI Found: true
 Relocatable: true
 SectionAlignment: 4096
 Should Ask To Analyze: false

Program Options

Ghidra mpengine.dll Decompiler Options
Decompiler Option Value
Prototype Evaluation __fastcall
Ghidra mpengine.dll Specification extensions Options
Specification extensions Option Value
FormatVersion 0
VersionCounter 0
Ghidra mpengine.dll Analyzers Options
Analyzers Option Value
ASCII Strings true
ASCII Strings.Create Strings Containing Existing Strings true
ASCII Strings.Create Strings Containing References true
ASCII Strings.Force Model Reload false
ASCII Strings.Minimum String Length LEN_5
ASCII Strings.Model File StringModel.sng
ASCII Strings.Require Null Termination for String true
ASCII Strings.Search Only in Accessible Memory Blocks true
ASCII Strings.String Start Alignment ALIGN_1
ASCII Strings.String end alignment 4
Aggressive Instruction Finder false
Aggressive Instruction Finder.Create Analysis Bookmarks true
Apply Data Archives true
Apply Data Archives.Archive Chooser [Auto-Detect]
Apply Data Archives.Create Analysis Bookmarks true
Apply Data Archives.GDT User File Archive Path None
Apply Data Archives.User Project Archive Path None
Call Convention ID true
Call Convention ID.Analysis Decompiler Timeout (sec) 60
Call-Fixup Installer true
Condense Filler Bytes false
Condense Filler Bytes.Filler Value Auto
Condense Filler Bytes.Minimum number of sequential bytes 1
Create Address Tables true
Create Address Tables.Allow Offcut References false
Create Address Tables.Auto Label Table false
Create Address Tables.Create Analysis Bookmarks true
Create Address Tables.Maxmimum Pointer Distance 16777215
Create Address Tables.Minimum Pointer Address 4132
Create Address Tables.Minimum Table Size 2
Create Address Tables.Pointer Alignment 1
Create Address Tables.Relocation Table Guide true
Create Address Tables.Table Alignment 4
Data Reference true
Data Reference.Address Table Alignment 1
Data Reference.Address Table Minimum Size 2
Data Reference.Align End of Strings false
Data Reference.Ascii String References true
Data Reference.Create Address Tables true
Data Reference.Minimum String Length 5
Data Reference.References to Pointers true
Data Reference.Relocation Table Guide true
Data Reference.Respect Execute Flag true
Data Reference.Subroutine References true
Data Reference.Switch Table References false
Data Reference.Unicode String References true
Decompiler Parameter ID true
Decompiler Parameter ID.Analysis Clear Level ANALYSIS
Decompiler Parameter ID.Analysis Decompiler Timeout (sec) 60
Decompiler Parameter ID.Commit Data Types true
Decompiler Parameter ID.Commit Void Return Values false
Decompiler Parameter ID.Prototype Evaluation __fastcall
Decompiler Switch Analysis true
Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) 60
Demangler Microsoft true
Demangler Microsoft.Apply Function Calling Conventions true
Demangler Microsoft.Apply Function Signatures true
Disassemble Entry Points true
Disassemble Entry Points.Respect Execute Flag true
Embedded Media true
Embedded Media.Create Analysis Bookmarks true
External Entry References true
Function ID true
Function ID.Always Apply FID Labels false
Function ID.Create Analysis Bookmarks true
Function ID.Instruction Count Threshold 14.6
Function ID.Multiple Match Threshold 30.0
Function Start Search true
Function Start Search.Bookmark Functions false
Function Start Search.Search Data Blocks false
Non-Returning Functions - Discovered true
Non-Returning Functions - Discovered.Create Analysis Bookmarks true
Non-Returning Functions - Discovered.Function Non-return Threshold 3
Non-Returning Functions - Discovered.Repair Flow Damage true
Non-Returning Functions - Known true
Non-Returning Functions - Known.Create Analysis Bookmarks true
PDB MSDIA false
PDB MSDIA.Search untrusted symbol servers false
PDB Universal true
PDB Universal.Search untrusted symbol servers false
Reference true
Reference.Address Table Alignment 1
Reference.Address Table Minimum Size 2
Reference.Align End of Strings false
Reference.Ascii String References true
Reference.Create Address Tables true
Reference.Minimum String Length 5
Reference.References to Pointers true
Reference.Relocation Table Guide true
Reference.Respect Execute Flag true
Reference.Subroutine References true
Reference.Switch Table References false
Reference.Unicode String References true
Scalar Operand References true
Scalar Operand References.Relocation Table Guide true
Shared Return Calls true
Shared Return Calls.Allow Conditional Jumps false
Shared Return Calls.Assume Contiguous Functions Only false
Stack true
Stack.Create Local Variables true
Stack.Create Param Variables true
Stack.useNewFunctionStackAnalysis true
Subroutine References true
Subroutine References.Create Thunks Early true
Variadic Function Signature Override false
Variadic Function Signature Override.Create Analysis Bookmarks false
Windows x86 PE Exception Handling true
Windows x86 PE RTTI Analyzer true
Windows x86 Thread Environment Block (TEB) Analyzer true
Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB
Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version Windows 7
WindowsPE x86 Propagate External Parameters false
WindowsResourceReference true
WindowsResourceReference.Create Analysis Bookmarks true
x86 Constant Reference Analyzer true
x86 Constant Reference Analyzer.Create Data from pointer false
x86 Constant Reference Analyzer.Function parameter/return Pointer analysis true
x86 Constant Reference Analyzer.Max Threads 2
x86 Constant Reference Analyzer.Min absolute reference 4
x86 Constant Reference Analyzer.Require pointer param data type false
x86 Constant Reference Analyzer.Speculative reference max 256
x86 Constant Reference Analyzer.Speculative reference min 1024
x86 Constant Reference Analyzer.Stored Value Pointer analysis true
x86 Constant Reference Analyzer.Trust values read from writable memory true

Diff Stats

Stat Value
added_funcs_len 0
deleted_funcs_len 1368
modified_funcs_len 6143
added_symbols_len 221
deleted_symbols_len 217
diff_time 74336.26318621635
deleted_strings_len 91
added_strings_len 319
match_types Counter({'a': 18034, 'm': 12047, 'l': 11456, 'e': 8104, ':': 7004, 'r': 6672, 'P': 5987, 'N': 5977, 'F': 5728, 'u': 5728, 'n': 1442, 'd': 1370, 's': 1370, 'L': 1359, 'g': 1359, 't': 1359, 'h': 1359, 'A': 685})
items_to_process 7949
diff_types Counter({'address': 6128, 'refcount': 4933, 'called': 2137, 'length': 1905, 'calling': 1759, 'code': 1725, 'sig': 1273, 'fullname': 1023, 'parent': 983, 'name': 925})
unmatched_funcs_len 1368
total_funcs_len 113391
matched_funcs_len 112023
matched_funcs_with_code_changes_len 1725
matched_funcs_with_non_code_changes_len 4418
matched_funcs_no_changes_len 105880
match_func_similarity_percent 94.5163%
func_match_overall_percent 98.7936%
first_matches Counter({'F': 5728, 'A': 685, 'P': 342, 'N': 332}) 
pie showData
    title All Matches
"A" : 685
"d" : 1370
"r" : 6672
"e" : 8104
"s" : 1370
"" : 7004
"L" : 1359
"n" : 1442
"g" : 1359
"t" : 1359
"h" : 1359
"P" : 5987
"a" : 18034
"m" : 12047
"F" : 5728
"u" : 5728
"l" : 11456
"N" : 5977
Loading 
pie showData
    title First Matches
"A" : 685
"P" : 342
"F" : 5728
"N" : 332
Loading 
pie showData
    title Diff Stats
"added_funcs_len" : 0
"deleted_funcs_len" : 1368
"modified_funcs_len" : 6143
Loading 
pie showData
    title Symbols
"added_symbols_len" : 221
"deleted_symbols_len" : 217
Loading

Strings

pie showData
    title Strings
"deleted_strings_len" : 91
"added_strings_len" : 319
Loading

Strings Diff

--- deleted strings
+++ added strings
@@ -1,91 +1,319 @@
-s_(SfxCab_29ef55d8)
-s_(SfxCab_3042dbd6)
-s_(SfxCab_c7f925e5)
-s_,"detector_name":"
-s_,"return_code_details":"
-s_-crypted.exe.ucc~HERE~1337_Exe_C
-s_1.1.24030.4
-s_4.5.0.317
-s_4.7.1.317
-s_:_falling_back_to_using_CPU;
-s_>[%ls]
-s_@_fast
-s_B64_ALLOW_EXTRA_PADDING
-s_BM_TAINT_MODULE
-s_CPU_device_handle_=_%u
-s_DirtyUnload
-s_DnsDomainsFindFirst_(domain)
-s_DnsDomainsFindFirst_(master_lis
-s_Engine.AttribPersist.Operation
-s_Engine.Core.DirtyUnload
-s_Engine.Lua.SkipScriptFailure
-s_Engine.Lua.SkipScriptIncludeFai
-s_GPU_and_CPU_device_handles_are
-s_GPU_device_handle_=_%u
-s_GetQuery
-s_GetQueryOperation
-s_GetRemove
-s_GetRemoveOperation
-s_MPRESOURCE_TYPE_CONCRETE
-s_MP_BEHAVIORAL_NETWORK_BLOCK_BRU
-s_MP_BEHAVIORAL_NETWORK_BLOCK_DIS
-s_Model_%s_:
-s_PropagateInsert
-s_PropagateInsertOperation
-s_PropagateQuery
-s_PropagateQueryOperation
-s_SCANREASON_ONMOUNT
-s_SMS_SCAN_LOW
-s_STATE_DELETED
-s_SetInsert
-s_SetInsertOperation
-s_SetRemove
-s_SetRemoveOperation
-s_SkipScriptFailure
-s_SkipScriptIncludeFailure
-s_THREAT_HISTORY_CATEGORY_ASR
-s_TOKEN_ELEVATION_TYPE_FULL
-s_Using_CPU_device/model_handles
-s_WTSInitialProgram
-s_\\.\IntelTDT
-s__bytes
-s__entries
-s__entries_and_total_window_size
-s__entries_upon_destruction
-s_among_those,_the_largest_histor
-s_among_those,_the_largest_window
-s_calling__init_classifier()
-s_calling_set_current_classifier
-s_classifier_detect:_calling_set
-s_failed_to_load_model.
-s_failed_to_load_model_for_device
-s_found_invalid_plugin_data
-s_loaded_model_for_device:_CPU.
-s_loaded_model_for_device:_GPU.
-s_mapscreateconnectiontime
-s_model_config->tdt_model_cpu_han
-s_model_config->tdt_model_handle
-s_model_is_corrupted.
-s_newvalueaccountinfo_scrubbed
-s_nodeValue
-s_normalizer_agent_for_model_'%s'
-s_setMinutes
-s_split
-s_task_struct
-s_tdt_CPU_device_handle_loaded_su
-s_tdt_GPU_device_handle_loaded_su
-s_tdt_dt_init()_failed_with_m_tdt
-s_thstndrd
-s_time_series_pipeline_m_thread
-s_total_capacity_of_all_windows_i
-s_{"version":_"4.5.0.317"
-s_{"version":_"4.7.1.317"
-u_%USERNAME%
-u_Fork
-u_MdDiskSensorThr
-u_PassThroughNoti
-u_ProcessFork
-u_Will_not_logski
-u_\TYPELIB\\VERSI
-u_no_response
-u_{0,_%ls,___attr
+BM_INTERNAL_CHANGE_OWNER
+BM_INTERNAL_CHANGE_OWNER_FILE_OWNERS
+BM_INTERNAL_CHANGE_OWNER_FILE_PATH
+s_!#BLKEXC:
+s_":"0x
+s_"bene":{
+s_%s:_%lf
+s_%s:_%u
+s_+-0123456789ABCDEFGHIJKLMNOPQRST
+s_,"process_path":"
+s_,"profile_date":"
+s_,"profile_name":"
+s_1.0
+s_1.1.24060.5
+s_1.3.6.1.4.1.311.2.4.1
+s_4.7.1.334
+s_4.7.3.334
+s_@_x86
+s_ASR
+s_AddStudyId
+s_Adding_%zu_processes_to_ignore
+s_AsrOnlyExclusion
+s_AsrOnlyPerRuleExclusion
+s_BENE:_Filtering_detection_for:
+s_BENE_dynamic_throttled_process
+s_BENE_high_compute:_Add_process
+s_BENE_high_compute:_Delete_proce
+s_BENE_suppressed_detection
+s_BENE_trusted_high_compute_proce
+s_BmSequentialFileReadExcludedPat
+s_BmSequentialFileReadIncludedExt
+s_BmSequentialFileReadIncludedPat
+s_BuildIn
+s_CheckAttributeForRegion
+s_CheckAttributeForRegion_is_only
+s_CryptMsgOpenToDecode
+s_CryptMsgUpdate
+s_CustomAsrNotAllowedBlock
+s_CustomAsrNotAllowedRemediation
+s_ELF.GetSectionName():_Failed_to
+s_ELF.GetSectionName():_Not_an_EL
+s_ELF.GetSectionName():_Offset_ou
+s_ELFGen
+s_EN_MATCH
+s_ERROR:_CryptMsgGetParam_failed:
+s_ERROR:_CryptMsgOpenToDecode_fai
+s_ERROR:_CryptMsgUpdate_failed:_%
+s_Empty_attribute_name_in_CheckAt
+s_Empty_attribute_name_in_SetAttr
+s_Empty_attribute_prefix_name_in
+s_Engine.ASR.ExclusionFailure
+s_Error_querying_certificate_in_s
+s_Exception_caught_while_plugin_%
+s_Exclusion_failure
+s_Failed_to_load_ImageConfig_lib
+s_Failed_to_load_mpcommon_lib
+s_FilePath
+s_Filtering_detection_after_restr
+s_FormatMessageA
+s_FwpmEngineClose0
+s_FwpmEngineOpen0
+s_FwpmFilterAdd0
+s_FwpmFilterCreateEnumHandle0
+s_FwpmFilterDeleteByKey0
+s_FwpmFilterDestroyEnumHandle0
+s_FwpmFilterEnum0
+s_FwpmFreeMemory0
+s_FwpmProviderAdd0
+s_FwpmProviderDeleteByKey0
+s_FwpmProviderGetByKey0
+s_FwpmSubLayerAdd0
+s_FwpmSubLayerDeleteByKey0
+s_FwpmSubLayerGetByKey0
+s_FwpmTransactionBegin0
+s_FwpmTransactionCommit0
+s_GPU_initialization_requirement:
+s_GetAttributesForRegion
+s_GetAttributesForRegion_is_only
+s_GetAttributesWithPrefixForRegio
+s_GetCommandLine
+s_GetImagePath
+s_GetModAddress
+s_GetModAddress_called_with_an_em
+s_GetModAddress_is_only_available
+s_GetOfficeConfigRing
+s_GetParentPpid
+s_GetPlatformBuild
+s_GetPpid
+s_GetProcAddress
+s_GetProcAddress(%s,_%s)_failed
+s_GetProcAddress_called_with_an
+s_GetProcAddress_is_only_availabl
+s_GetProcInfo_not_available_in_Ch
+s_GetSafeReleaseGroup
+s_GetSafeReleaseRing
+s_GetSectionName
+s_GetSidSubAuthority
+s_GetSidSubAuthorityCount
+s_High_compute_process_NOT_BENE_t
+s_Invalid_index_in_ephdrs:_%d
+s_Invalid_index_in_esec:_%d
+s_Invalid_region_index_in_CheckAt
+s_Invalid_region_index_in_GetAttr
+s_Invalid_segment:_macho_segment.
+s_Invalid_value_for_config:_%s
+s_IssuerUtf8
+s_LC_SYMTAB
+s_Located_in_a_system_directory:
+s_LuaGetModAddress(%s)_failed
+s_MemQueryRegion
+s_MemoryQuery
+s_Memory_allocation_failed
+s_Missing_configuration_setting:
+s_MpDeviceLevelAuditMode
+s_MpDiag
+s_MpExhaustiveAppleScriptScanning
+s_MpPublicDisallowedThumbs
+s_MpPublicRootThumbs
+s_MpTrustCheck_CatalogSigned
+s_MpTrustCheck_Corrupt
+s_MpTrustCheck_HasBadSignature
+s_MpTrustCheck_HasBrokenChain
+s_MpTrustCheck_HasCodeDirectoryMi
+s_MpTrustCheck_HasContentInOverla
+s_MpTrustCheck_HasExpired
+s_MpTrustCheck_HasHashMismatch
+s_MpTrustCheck_HasImproperUsage
+s_MpTrustCheck_HasInvalidChain
+s_MpTrustCheck_HasInvalidSignatur
+s_MpTrustCheck_HasMalformedSignat
+s_MpTrustCheck_HasMissingRoot
+s_MpTrustCheck_HasMultipleSignatu
+s_MpTrustCheck_HasOtherInvalidRea
+s_MpTrustCheck_HasUnsupportedSign
+s_MpTrustCheck_HasValidSignature
+s_MpTrustCheck_InvalidlySigned
+s_MpTrustCheck_IsAppleRootSigned
+s_MpTrustCheck_IsMicrosoftRootSig
+s_MpTrustCheck_NotDigitallySigned
+s_MpTrustCheck_RevokedCert
+s_MpTrustCheck_TrustedPublisher
+s_MpTrustCheck_TrustedViaCodeInte
+s_MpTrustCheck_ValidlySigned
+s_MpTrustChecked
+s_No_memory_ranges_available_in_C
+s_No_memory_ranges_available_in_G
+s_No_process_handle_is_available
+s_NtReadVirtualMemoryEx
+s_ObCheckObjectAccess
+s_OnImageConfig
+s_OpenProcess(PROCESS_QUERY_LIMIT
+s_PROCESS_ATTRIBUTE_DOPPLEGANGING
+s_PROCESS_ATTRIBUTE_NONE
+s_QueryFullProcessImageNameW
+s_RefreshTrustAnchors
+s_Removing_%zu_processes_from_ign
+s_Restricted_folder_check_for:_%s
+s_SCAN_REPLY_not_available_in_Che
+s_SCAN_REPLY_not_available_in_Set
+s_SIGNATURE_TYPE_ASCRIPTHSTR_EXT
+s_SIGNATURE_TYPE_DATABASE_CERT3
+s_SMSSetAttributeForRegion_failed
+s_Scanned_process_info_not_availa
+s_SetAttributeForRegion
+s_SetAttributeForRegion_is_only
+s_SetDetectionString
+s_SignatureRing
+s_SubjectUtf8
+s_System_folder_check_not_passing
+s_TDT_Driver_configuration_versio
+s_TDT_cannot_find_a_profile/model
+s_TrustAnchor_%ls
+s_Unknown_member:_elfhdr.%s
+s__exception_caught_in_cpu_intens
+s_addralign
+s_align
+s_allocprotectionflags
+s_authenticode_check
+s_authenticode_check_error_code
+s_charAt
+s_cume_dist
+s_directory_type
+s_ehsize
+s_elf_vars_not_available
+s_elfhdr
+s_enable_high_compute
+s_entsize
+s_environment
+s_ephdrs
+s_esec
+s_file_attributes
+s_file_change_time
+s_file_create_time
+s_file_last_access_time
+s_file_last_write_time
+s_filesz
+s_filter
+s_hashType
+s_high_compute_measurement_interv
+s_high_compute_min_pmi_count
+s_high_compute_notification
+s_high_compute_threshold
+s_high_compute_throttling
+s_high_compute_timeout
+s_high_compute_timeout_cannot
+s_include_bene
+s_inet_ntop
+s_inet_pton
+s_install_time
+s_intThumbs
+s_link
+s_manageddefenderproducttype
+s_memsz
+s_mp.SetDetectionString():_UtilWi
+s_mp.SetDetectionString():_string
+s_newvaluepath_scrubbed
+s_paddr
+s_process_monitor_query_API_or_pr
+s_processinfoid
+s_protected
+s_report_filtering.bene.enable
+s_report_filtering.bene.notify_su
+s_restricted
+s_rootThumbs
+s_running_time
+s_system-restricted
+s_system\currentcontrolset
+s_toUTCString
+s_trustanchors
+s_usage
+s_vaddr
+s_{"root":{"level":"off"}}
+s_{"version":_"4.7.1.334"
+s_{"version":_"4.7.3.334"
+u_!
+u_%hs|%ls|%ls|%hs
+u_%ls:%ls:%ls
+u_<nonexistent>
+u_ASR_exclusion
+u_ASR_exclusion_n
+u_AllocProtection
+u_Asr-Exclusions
+u_Asr-Health
+u_BCDE
+u_BM_ChangeOwner
+u_BM_CloudRespons
+u_BM_DeleteXattr
+u_BM_Etw_WMICreat
+u_BM_InitializeFr
+u_BaseVirtualAddr
+u_CfaStatus
+u_ChangeOwner
+u_CloudResponse
+u_CreatedProcess
+u_CurrProtectionF
+u_CurrentProtecti
+u_DeleteXattr
+u_Device_level_au
+u_FastpathCacheSi
+u_IsSystemDriveSs
+u_Lua_IsKnownFrie
+u_Lua_IsSignedFil
+u_MacFQDN
+u_MdDiskSensorHig
+u_MdDiskSensorLow
+u_MemQuery
+u_MemQueryRegion
+u_MemQueryRegions
+u_MemoryQueries
+u_MemoryQuery
+u_MpDisableAsrHea
+u_MpDisableBlobCa
+u_MpDisableBmChan
+u_MpDisableBmDele
+u_MpDisableCiEaCh
+u_MpDisableDevice
+u_MpDisableMacLUA
+u_MpDisableOverwr
+u_MpDisablePidVer
+u_MpDisableTrustA
+u_MpFastpathExpec
+u_MpMaxMemQueryNa
+u_MpSMSKillbitMem
+u_MpSMSMemQueryCo
+u_NTDLL.DLL
+u_NotificationTim
+u_Origin
+u_PPID
+u_Possible_invali
+u_ProcessInfoId
+u_RegionCount
+u_ScanType:
+u_SmartLockerMode
+u_SmsFlags
+u_TdtMpDisableBmT
+u_TdtUserChoice
+u_Unconfigured
+u_WMIActivityEven
+u_WMICreateProces
+u_WMIInfo
+u_]
+u_^[0-9]+$
+u_allocprotection
+u_basevirtualaddr
+u_cfastatus
+u_currentprotecti
+u_disabled
+u_fastpath.wdcp.m
+u_fastpath.wdcppp
+u_fastpathcachesi
+u_issystemdrivess
+u_modulemightbefr
+u_processinfoid
+u_quick
+u_smartlockermode
+u_smsflags
+u_wmicreateproces
+u_{"version":1,"e
+u_{%llu,_%ls,

String References

Old

String Ref Count Ref Func
s_1.1.24030.4 3 modprobe_init_worker,InitializeMpEngineUtils
s_4.7.1.317 6 start,tdt_agent_impl,get_platform_information,_init_tdt_version
s_setMinutes 1
s_(SfxCab_3042dbd6) 1
s_total_capacity_of_all_windows_i 1 get_memory_usage_info
s_B64_ALLOW_EXTRA_PADDING 2 Load
s_4.5.0.317 4 start,tdt_agent_impl,get_platform_information
s_tdt_dt_init()_failed_with_m_tdt 1 _init_classifier
s_MPRESOURCE_TYPE_CONCRETE 2 Load
s_tdt_GPU_device_handle_loaded_su 1 _init_classifier
s__entries_upon_destruction 1 get_memory_usage_info
u_%USERNAME% 1
s_GPU_and_CPU_device_handles_are_ 1 _init_classifier
s_@_fast 1
s_PropagateInsert 2 PropagateContext
s_PropagateInsertOperation 2 PropagateContext
s_newvalueaccountinfo_scrubbed 2 GetAttributePriority
s_Model_%s_: 2 _set_model
u_\TYPELIB\VERSI 1
s_MP_BEHAVIORAL_NETWORK_BLOCK_DIS 2 Load
s_among_those,_the_largest_histor 2 print_memory_usage_info
s_model_config->tdt_model_handle_ 1 _set_model
s_PropagateQueryOperation 2 PropagateContext
u_PassThroughNoti 1
s_calling_set_current_classifier_ 1 set_current_classifier_device
s_normalizer_agent_for_model_'%s' 2 print_memory_usage_info
s_Engine.AttribPersist.Operation 7 GetContextsRawForPrefix,GetContextRaw,SetOrOverwriteContext,PropagateContext
s_GetRemoveOperation 4 GetContextsRawForPrefix,GetContextRaw
s_DirtyUnload 2 ShutdownOnProcessDetach
u_{0,_%ls,___attr 1 GetEvent
s_found_invalid_plugin_data 1
s_BM_TAINT_MODULE 2 Load
s_CPU_device_handle_=_%u 4 _init_classifier
s_GetQuery 2 GetContextRaw
s_(SfxCab_29ef55d8) 1
s_failed_to_load_model_for_device 1 _set_model
s__bytes 1 get_memory_usage_info
s_{"version":_"4.7.1.317" 1 discover
s_GPU_device_handle_=_%u 4 _init_classifier
s_SetRemove 2 SetOrOverwriteContext
s_WTSInitialProgram 2 Load
s_>[%ls]_75ae6725c 1 output_json
s_loaded_model_for_device:_CPU. 1 _set_model
s_SetInsert 2 SetOrOverwriteContext
u_ProcessFork 1 NotificationTagToString
s__entries_and_total_window_size_ 1 get_memory_usage_info
s_PropagateQuery 2 PropagateContext
s_split 1
s_MP_BEHAVIORAL_NETWORK_BLOCK_BRU 2 Load
s_model_config->tdt_model_cpu_han 1 _set_model
s_GetRemove 4 GetContextsRawForPrefix,GetContextRaw
s_model_is_corrupted. 1 _set_model
s_SMS_SCAN_LOW 2 Load
s_loaded_model_for_device:_GPU. 1 _set_model
s_:falling_back_to_using_CPU; 1 _fallback_to_cpu_all_models
s_Engine.Lua.SkipScriptFailure 1 CallLuaSkipRules2
s_TOKEN_ELEVATION_TYPE_FULL 2 Load
s_SetRemoveOperation 2 SetOrOverwriteContext
u_MdDiskSensorThr 2 SigDataInit
s_Using_CPU_device/model_handles 1 _set_model
s_(SfxCab_c7f925e5) 1
s_failed_to_load_model. 1 _set_model
s_\.\IntelTDT 2 init
s_-crypted.exe.uccHERE1337_Exe_C_75b038350 1 RetrieveUCCFileOffset
s_{"version":_"4.5.0.317" 1 discover
s_,"detector_name":" 1 create_api_status_notification
s_SkipScriptIncludeFailure 2 CallLuaSkipRules2
s_SkipScriptFailure 2 CallLuaSkipRules2
s_DnsDomainsFindFirst_(domain) 2 NetworkHipsDnsDomainsEnum
s_time_series_pipeline_m_thread_b 1 get_memory_usage_info
s_thstndrd_75afdd478 2 sqlite3_str_vappendf
s_STATE_DELETED 1
s_SCANREASON_ONMOUNT 2 Load
s_nodeValue 1
s_calling__init_classifier() 1 _init_classifier
s_mapscreateconnectiontime 2 GetAttributePriority
u_Will_not_logski 1 ShouldUnskipPath
s_DnsDomainsFindFirst_(master_lis 2 NetworkHipsDnsDomainsEnum
s__entries 1 get_memory_usage_info
s_,"return_code_details":" 1 create_api_status_notification
u_Fork 1 GetTagName
s_task_struct 2 search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>
s_Engine.Core.DirtyUnload 1 ShutdownOnProcessDetach
s_THREAT_HISTORY_CATEGORY_ASR 2 Load
s_SetInsertOperation 2 SetOrOverwriteContext
u_no_response 1 ~DetectionItem
s_among_those,_the_largest_window 1 get_memory_usage_info
s_classifier_detect:calling_set 1 _is_invoke_classifier_for_dynamic_device
s_Engine.Lua.SkipScriptIncludeFai 1 CallLuaSkipRules2
s_GetQueryOperation 2 GetContextRaw
s_tdt_CPU_device_handle_loaded_su 1 _init_classifier

New

String Ref Count Ref Func
u_smartlockermode 2
u_MpDisableTrustA 2 trustanchors_init_module,TrustAnchorHolder
s_%s:_%lf 2 log_config_values
s_restricted 1 _should_report_restricted_folders
s_BmSequentialFileReadExcludedPat 1
s_,"profile_name":" 1 create_suppressed_detection_status_notification
s_MpTrustCheck_HasCodeDirectoryMi 1 AddMpAttributes
s_LC_SYMTAB 3 macho_lua_api_GetSegment
u_MacFQDN 2 ProcessWMIActivity
s_GetSafeReleaseRing 1
s_1.3.6.1.4.1.311.2.4.1 1 _retrieve_nested_signature_information
s_MpTrustCheck_HasValidSignature 1 AddMpAttributes
s_@_x86 1
s_SubjectUtf8 1 CreateCertificateInfoTable
s_high_compute_min_pmi_count 1 init
s_Empty_attribute_prefix_name_in_ 1 mp_lua_api_GetAttributesWithPrefixForRegion
u_IsSystemDriveSs 1
s_cume_dist_75b010660 2 sqlite3WindowUpdate
u_DeleteXattr 1 CollectStates
s_FwpmFilterDeleteByKey0 1
s_Failed_to_load_ImageConfig_lib 2 CallOnImageConfigScriptsImpl
s_FwpmFilterAdd0 1
u_MpSMSKillbitMem 2 SMS_init_module,GetMemQueryInfo
s_system-restricted 1 _should_report_restricted_folders
u_allocprotection 2 AddMemoryQuery
u_MpDisableBlobCa 2 LoadBlobCore,SpynetSigLoader_init_module
s_system\currentcontrolset 1
s_SignatureRing_75b10b501 1 modprobe_init
s_high_compute_threshold 1 init
s_1.0 1 _build_json_telemetry_helper
s_QueryFullProcessImageNameW 3 `dynamic_initializer_for_'g_tdt_os_shim_api_list'',get_dll_id,init
s_FwpmEngineClose0 1
s_manageddefenderproducttype 4 GetAttributePriority
u_Asr-Exclusions 1 CheckIfValidPathExclusion
u_SmsFlags 4 GetMemQueryInfo,ConvertMemQueryDataToJson,GenerateBMSpynetReport
s_GetModAddress_is_only_available 1 mp_lua_api_GetModAddress
u_quick 2 CheckXclRestriction
BM_INTERNAL_CHANGE_OWNER_FILE_OWNERS 4 ProcessBmChangeOwner,HandleChangeOwner
u_RegionCount 2 GetMemQueryInfo,GenerateBMSpynetReport
u_MpDisablePidVer 2 ReadBmDynConfigValues,RegisterBmDynConfigValues
s_MemQueryRegion 2
s_SetAttributeForRegion_is_only_a 1 mp_lua_api_SetAttributeForRegion
s_GetSafeReleaseGroup 1
s_FwpmSubLayerGetByKey0 1
s_elfhdr 3 lmp_CreateGlobalELFTables
s_MpTrustCheck_HasMissingRoot 1 AddMpAttributes
s_inet_pton 1
s_esec 3 lmp_CreateGlobalELFTables
u_MdDiskSensorLow 2 SigDataInit
u_basevirtualaddr 2 AddMemoryQuery
s_CheckAttributeForRegion 1
s_GetModAddress 2
s_directory_type 1 _build_json_telemetry_helper
u_disabled 1 LogAsrDeviceModeAuditForRule
s_MpDiag 1 LUA_init_module
u_MpFastpathExpec 2 FpChainIsTrusted,fastpath_init_module
s_MpTrustChecked 2 AddMpAttributes
s_No_memory_ranges_available_in_C 1 mp_lua_api_CheckAttributeForRegion
s_trustanchors 1
u_TdtUserChoice 1 AddTdtInfo
s_MpTrustCheck_HasContentInOverla 1 AddMpAttributes
s_ephdrs 3 lmp_CreateGlobalELFTables
s_ObCheckObjectAccess 1 FindObTypeIndexTableEmulation
s_GetAttributesForRegion 1
s_Engine.ASR.ExclusionFailure 1 EmitDiagnostic
s_ELF.GetSectionName():_Not_an_EL 1 elfo_lua_api_GetSectionName
s_ERROR:CryptMsgUpdate_failed:% 2 _retrieve_nested_signature_information
s_Removing_%zu_processes_from_ign 2 _timer_cleanup_callback
s_allocprotectionflags 1
s_GetProcAddress(%s,_%s)_failed 2 mp_lua_api_GetProcAddress,bm_lua_api_GetProcAddress
s_PROCESS_ATTRIBUTE_NONE 2 Load
s_Unknown_member:_elfhdr.%s 1 elfhdr___index
s_GetOfficeConfigRing 1
s_FwpmSubLayerDeleteByKey0 1
s__exception_caught_in_cpu_intens 1 local_telemetry_server_impl
s_running_time 1 _build_json_telemetry_helper
s_!#BLKEXC: 1 CallOnImageConfigScriptsImpl
u_ScanType: 2 CheckXclRestriction
s_MpTrustCheck_Corrupt 1 AddMpAttributes
s_report_filtering.bene.enable_be 1 init
s_MpTrustCheck_TrustedViaCodeInte 1 AddMpAttributes
u_MpDisableOverwr 2 ReadBmDynConfigValues,RegisterBmDynConfigValues
s_ELFGen 1 elf_init_module
s_processinfoid 1
u_CloudResponse 1 CollectStates
s_SIGNATURE_TYPE_DATABASE_CERT3 2 getsigtype
u_MpDisableBmDele 2 ReadBmDynConfigValues,RegisterBmDynConfigValues
s_Error_querying_certificate_in_s 2 verify_os_signed
u_TdtMpDisableBmT 1 AddTdtInfo
s_FwpmProviderGetByKey0 1
s_newvaluepath_scrubbed 2 GetAttributePriority
s_hashType 2 FromJSON
u_CfaStatus 1
u_fastpathcachesi 2 AddHeartbeat
s_Adding_%zu_processes_to_ignore_ 2 high_compute_process_callback
s_,"profile_date":" 1 create_suppressed_detection_status_notification
s_GetSidSubAuthorityCount 3 `dynamic_initializer_for_'g_tdt_os_shim_api_list'',get_dll_id,init
s_paddr 1 ephdrs___index
u_CreatedProcess 1 CollectStates
s_OnImageConfig 1 LUA_init_module
u_MemQuery 1 operator()
u_MdDiskSensorHig 2 SigDataInit
s_GetImagePath 1
u_WMIInfo 1 InitializeParentNotificationForWMI
s_intThumbs 3 FromJSON
s_+-0123456789ABCDEFGHIJKLMNOPQRST_75b049600 7 encodeXXD
s_FwpmProviderAdd0 1
s_MpTrustCheck_HasBrokenChain 1 AddMpAttributes
s_MpTrustCheck_ValidlySigned 1 AddMpAttributes
s_System_folder_check_not_passing 1 _should_report_system_folders
s_No_memory_ranges_available_in_G 1 mp_lua_api_GetAttributesForRegion
s_Invalid_value_for_config:_%s 4 catch$10
u_PPID 2 ProcessWMIActivity
u_fastpath.wdcp.m 2 fastpath_init_module
u_Device_level_au 1 LogAsrDeviceModeAuditForRule
s_FwpmFilterCreateEnumHandle0 1
s_Restricted_folder_check_for:_%s 2 _should_report_restricted_folders
s_BENE_trusted_high_compute_proce 2 _process_high_compute_process
u_cfastatus 2 AddHeartbeat
s_include_bene 1 init
s_MpTrustCheck_HasImproperUsage 1 AddMpAttributes
s_MpTrustCheck_IsMicrosoftRootSig 1 AddMpAttributes
u_BM_InitializeFr 1 Create<wchar_t_const_(&___ptr64)[47],wchar_t*___ptr64_const&___ptr64>
s_MpPublicDisallowedThumbs 1
BM_INTERNAL_CHANGE_OWNER 1 ProcessBmChangeOwner
s_SetDetectionString 1
s_MpTrustCheck_HasMalformedSignat 1 AddMpAttributes
s_Empty_attribute_name_in_SetAttr 1 mp_lua_api_SetAttributeForRegion
s_MpTrustCheck_HasUnsupportedSign 1 AddMpAttributes
u_wmicreateproces 2 ProcessBMResource
u_FastpathCacheSi 1
u_NotificationTim 1 WriteDomain
s_MpTrustCheck_HasOtherInvalidRea 1 AddMpAttributes
s_toUTCString 1
s_GetProcInfo_not_available_in_Ch 1 mp_lua_api_CheckAttributeForRegion
s_environment 2 FromJSON
s_AsrOnlyPerRuleExclusion 2 IsExcludedPath
s_LuaGetModAddress(%s)_failed 2 bm_lua_api_GetModAddress,mp_lua_api_GetModAddress
u_modulemightbefr 1
u_{"version":1,"e 1 SerializeNotFound
s_GetAttributesForRegion_is_only_ 1 mp_lua_api_GetAttributesForRegion
s_high_compute_notification 1 init
s_MpTrustCheck_HasHashMismatch 1 AddMpAttributes
u_] 1 GetInfoFromFilter
s_AddStudyId 1
s_MpPublicRootThumbs 1
s_MpTrustCheck_CatalogSigned 1 AddMpAttributes
u_WMIActivityEven 1 ProcessEtwEvent
u_MpDisableDevice 4 SetDeviceAuditMode,hips_init_module,LoadRulesFromDatabase,UpdateRules
s_Filtering_detection_after_restr 2 _should_report_restricted_folders
s_GetPlatformBuild 1
s_protected 1 _should_report_protected_folders
u_BM_CloudRespons 1 GetEventName
s_{"root":{"level":"off"}} 2 ~tdt_agent_impl
s_BENE_high_compute:_Delete_proce 2 _timer_cleanup_callback
u_%ls:%ls:%ls 1 InitializeParentNotificationForWMI
s_ELF.GetSectionName():_Offset_ou 1 elfo_lua_api_GetSectionName
s_Missing_configuration_setting:_ 4 catch$9
s_Invalid_index_in_esec:_%d 1 esec___index
s_":"0x 1 _build_json_telemetry_helper
s_entsize 1 esec___index
u_BaseVirtualAddr 4 ConvertMemQueryDataToJson,GenerateBMSpynetReport,SetAttributeHelper<unsigned___int64>
s_Invalid_index_in_ephdrs:_%d 1 ephdrs___index
s_FwpmTransactionBegin0 1
s_Scanned_process_info_not_availa 1 mp_lua_api_CheckAttributeForRegion
u_ASR_exclusion_n 1 CheckIfValidPathExclusion
s_IssuerUtf8 1 CreateCertificateInfoTable
s_Invalid_region_index_in_GetAttr 1 mp_lua_api_GetAttributesForRegion
u_^[0-9]+$ 1 GetWFPRangeFromPorts
s_OpenProcess(PROCESS_QUERY_LIMIT 2 _get_process_info
s_MemoryQuery 3 GetElementPriority
s_FwpmFilterDestroyEnumHandle0 1
s_MpTrustCheck_InvalidlySigned 2 AddMpAttributes
u_smsflags 2 AddMemoryQuery
u_MemoryQuery 4 ParseAction,AddMemoryQuery
s_High_compute_process_NOT_BENE_t 2 _process_high_compute_process
u_MpDisableCiEaCh 2 trustedcontent_init_module,LoadTrustedContentDynamicConfigs
s_ELF.GetSectionName():_Failed_to 1 elfo_lua_api_GetSectionName
u_MemQueryRegions 2 ConvertMemQueryDataToJson
u_MpDisableBmChan 2 ReadBmDynConfigValues,RegisterBmDynConfigValues
s_authenticode_check_error_code 1 _build_json_telemetry_helper
u_Possible_invali 1 CheckIfValidPathExclusion
BM_INTERNAL_CHANGE_OWNER_FILE_PATH 4 ProcessBmChangeOwner,HandleChangeOwner
u_ChangeOwner 1 CollectStates
s_GPU_initialization_requirement: 2 get_dependencies
s_4.7.3.334 6 start,tdt_agent_impl,get_tdt_version,get_platform_information
s_MpExhaustiveAppleScriptScanning 2 macappl_scanfile_legacy,__macappl_scanfile
s_FwpmEngineOpen0 1
s_BmSequentialFileReadIncludedExt 1
u_WMICreateProces 1
u_{%llu,_%ls,___a 1 GetEvent
u_MpDisableMacLUA 1 LUA_init_module
s_,"process_path":" 2 create_dynamic_throttle_status_notification,create_suppressed_detection_status_notification
s_Invalid_region_index_in_CheckAt 1 mp_lua_api_CheckAttributeForRegion
s_Memory_allocation_failed_ 1 _retrieve_nested_signature_information
u_ASR_exclusion_f 1 EmitDiagnostic
s_NtReadVirtualMemoryEx 1 ReadProcessMemoryInternal
s_Located_in_a_system_directory:_ 2 verify_system_folder_authenticode_check
u_Origin 2 ProcessWMIActivity
s_file_change_time 1 SigattrlogToBmInfoKey
s_CheckAttributeForRegion_is_only 1 mp_lua_api_CheckAttributeForRegion
u_MemQueryRegion 3 AddMemoryQuery
s_ERROR:_CryptMsgGetParam_failed: 4 _retrieve_nested_signature_information
s_elf_vars_not_available 1 lua_get_elfvars
s_FwpmTransactionCommit0 1
s_MpTrustCheck_HasInvalidChain 1 AddMpAttributes
s_MpTrustCheck_HasExpired 1 AddMpAttributes
s_GetModAddress_called_with_an_em 2 bm_lua_api_GetModAddress,mp_lua_api_GetModAddress
s_BmSequentialFileReadIncludedPat 1
s_Exception_caught_while_plugin_% 2 catch$155
s_MpDeviceLevelAuditMode 1
s_file_last_write_time 1 SigattrlogToBmInfoKey
s_GetCommandLine 1
s_%s:_%u 2 log_config_values<unsigned_int>
s_MpTrustCheck_HasBadSignature 1 AddMpAttributes
s_SCAN_REPLY_not_available_in_Che 1 mp_lua_api_CheckAttributeForRegion
u_ 3 HandleEtwWmiCreateProcess
u_Unconfigured 1 TrustAnchorSerialize
u_BCDE_75b0108a0 1 sqlite3ExprCodeTarget
s_BuildIn 2 IsExcludedPath
s_high_compute_timeout 1 init
s_vaddr 1 ephdrs___index
s_inet_ntop 1
s_GetProcAddress_is_only_availabl 1 mp_lua_api_GetProcAddress
u_CurrProtectionF 2 GetMemQueryInfo,GenerateBMSpynetReport
s_AsrOnlyExclusion 2 IsExcludedPath
s_Exclusion_failure 4 IsExcludedPath
u_fastpath.wdcppp 2 fastpath_init_module
s_GetAttributesWithPrefixForRegio 1 mp_lua_api_GetAttributesWithPrefixForRegion
s_high_compute_timeout_cannot_be_ 1 init
s_usage 2 FromJSON
s_BENE_suppressed_detection 1 create_suppressed_detection_status_notification
s_file_last_access_time 1 SigattrlogToBmInfoKey
s_MpTrustCheck_NotDigitallySigned 1 AddMpAttributes
s_filesz 1 ephdrs___index
s_CryptMsgUpdate 4 `dynamic_initializer_for_'g_tdt_os_shim_api_list'',get_dll_id,init
s_charAt 1
s_Failed_to_load_mpcommon_lib 2 LoadLuaDynamicSignatures
u_CurrentProtecti 2 ConvertMemQueryDataToJson
s_GetProcAddress 2
u_MpDisableAsrHea 4 FromMpHipsRule,OnAsrNotification,FromMpHipsRuleEx,FromMpHipsRuleEx2
u_BM_ChangeOwner 1 GetEventName
s_GetParentPpid 1
s_install_time 1 _build_json_telemetry_helper
s_high_compute_measurement_interv 1 init
u_MpMaxMemQueryNa 2 ConvertMemQueryDataToJson,SpynetSigLoader_init_module
u_issystemdrivess 2 AddIsSystemDriveSsd
s_enable_high_compute 1 init
s_4.7.1.334 5 start,tdt_agent_impl,get_platform_information,_init_tdt_version
s_SMSSetAttributeForRegion_failed 1 mp_lua_api_SetAttributeForRegion
s_TDT_cannot_find_a_profile/model 2 `dynamic_initializer_for_'error_strings''
s_FormatMessageA 3 `dynamic_initializer_for_'g_tdt_os_shim_api_list'',get_dll_id,init
s_CustomAsrNotAllowedBlock 2 ProcessRuleOnImageConfig,OnStreamDetection
s_SIGNATURE_TYPE_ASCRIPTHSTR_EXT 2 getsigtype
s_SCAN_REPLY_not_available_in_Set 1 mp_lua_api_SetAttributeForRegion
s_SetAttributeForRegion 1
s_MpTrustCheck_HasMultipleSignatu 1 AddMpAttributes
s_CryptMsgOpenToDecode 4 `dynamic_initializer_for_'g_tdt_os_shim_api_list'',get_dll_id,init
s_FilePath 2 McTemplateU0ssszzsz_MPEventWriteTransfer
s_file_create_time 1 SigattrlogToBmInfoKey
u_! 1 BmCloudResponse
s_{"version":_"4.7.3.334" 1 discover
s_No_process_handle_is_available_ 1 mp_lua_api_GetProcAddress
s_ASR 3 McTemplateU0ssszzsz_MPEventWriteTransfer
s_mp.SetDetectionString():_UtilWi 1 mp_lua_api_SetDetectionString
s_TrustAnchor_%ls 1 FromDBVar
s_FwpmFilterEnum0 1
u_NTDLL.DLL 1 ApitableInit
u_MemoryQueries 1
u_processinfoid 2 AddMemoryQuery
s_high_compute_throttling 1 init
s_authenticode_check 1 _build_json_telemetry_helper
s_Invalid_segment:_macho_segment. 1 macho_segment_entry___index
s_rootThumbs 3 FromJSON
u_MpSMSMemQueryCo 2 AddMemQuery,SMS_init_module
s_RefreshTrustAnchors 2 completeEngineInitialization
s_PROCESS_ATTRIBUTE_DOPPLEGANGING 2 Load
s_FwpmFreeMemory0 1
s_addralign 1 esec___index
u_BM_DeleteXattr 1 GetEventName
s_align 1 ephdrs___index
u_BM_Etw_WMICreat 1 GetEventName
s_{"version":_"4.7.1.334" 1 discover
s_GetProcAddress_called_with_an_e 2 mp_lua_api_GetProcAddress,bm_lua_api_GetProcAddress
s_MpTrustCheck_IsAppleRootSigned 1 AddMpAttributes
s_report_filtering.bene.notify_su 1 init
u_Lua_IsSignedFil 1 mp_lua_api_IsTrustedFile
s_mp.SetDetectionString():_string 1 mp_lua_api_SetDetectionString
s_"bene":{ 1 _build_json_telemetry_helper
u_ProcessInfoId 2 ConvertMemQueryDataToJson
s_MpTrustCheck_TrustedPublisher 1 AddMpAttributes
s_EN_MATCH_75afc0738 2 handle_perl_verb
s_MpTrustCheck_HasInvalidSignatur 1 AddMpAttributes
s_TDT_Driver_configuration_versio 2 `dynamic_initializer_for_'error_strings''
u_SmartLockerMode 2
s_file_attributes 1 SigattrlogToBmInfoKey
s_MpTrustCheck_RevokedCert 1 AddMpAttributes
s_process_monitor_query_API_or_pr 1 high_compute_process_callback
u_currentprotecti 2 AddMemoryQuery
u_Asr-Health 1 EmitDiagnostic
s_BENE:Filtering_detection_for: 2 should_report
u_AllocProtection 4 GetMemQueryInfo,ConvertMemQueryDataToJson,GenerateBMSpynetReport
s_filter 1 _build_json_telemetry_helper
s_Empty_attribute_name_in_CheckAt 1 mp_lua_api_CheckAttributeForRegion
s_BENE_dynamic_throttled_process 1 create_dynamic_throttle_status_notification
u_Lua_IsKnownFrie 1 mp_lua_api_IsKnownFriendlyFileWorker
s_GetPpid 1
s_CustomAsrNotAllowedRemediation 2 ProcessRuleOnImageConfig,OnStreamDetection
s_BENE_high_compute:Add_process 2 _process_high_compute_process
s_ehsize 1
s_ERROR:_CryptMsgOpenToDecode_fai 2 _retrieve_nested_signature_information
s_GetSectionName 1
s_memsz 1 ephdrs___index
s_link 1 esec___index
s_GetSidSubAuthority 3 `dynamic_initializer_for_'g_tdt_os_shim_api_list'',get_dll_id,init
u_%hs|%ls|%ls|%hs 1 ReportSenseExclusionEvent
s_FwpmProviderDeleteByKey0 1
s_FwpmSubLayerAdd0 1
s_1.1.24060.5 3 modprobe_init_worker,InitializeMpEngineUtils

Deleted

SignatureHandler::HandleNotification

Function Meta

Key mpengine.dll
name HandleNotification
fullname SignatureHandler::HandleNotification
refcount 4
length 8956
called
Expand for full list:
BackupStore::BackupProcessInfo
BmController::GetProcessImageName
BmController::UpdateEtwMonitoringList
CommonUtil::AutoRef<class_IUfsNodeCallbacks>::~AutoRef<class_IUfsNodeCallbacks>
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CMpShutableCounter::TryUsing
CommonUtil::CMpShutterRef<class_FriendlyCache>::FinalShutdown
CommonUtil::CRefObject::Release
CommonUtil::HashWideStringCaseInsensitiveCommonUtil::NewSprintfW
FgGetState
FriendlyCache::Find
FriendlyCache::Set
GetBmController
GetDosPathFromNormalizedPath
GetEnvMatch
GetHardLinks
GetHipsRuleState
GetOriginalFileName
HipsRuleHandlesDuplicateNotifications
IsFileExcluded
IsFriendlyFile
IsKnownFriendly
MpDebug::GetDebug<struct_MpDebug::IBmProcessing>
MpLogGlobalCallback
MpLogWriter::Commit
MpLogWriter::MpLogWriter
MpLogWriter::PushString
MpLogWriter::~MpLogWriter
NotifyServiceOfASRViolation
ProcessContext::DoIntegrityChecks
ProcessContext::GetCommandLineArgs
ProcessContext::GetDosImagePath
ProcessContext::GetImagePath
ProcessContext::GetProcessIntegrity
ProcessContext::GetProcessTuple
ProcessContext::GetSessionId
ProcessContext::InitializeHollowCheck
ProcessContext::IsFriendlyProcess
ProcessContext::SendParentNotification
ProcessContext::SendPropagatingNotificationsToChild
ProcessContext::SetTainted
ProcessInfoContainer::GetInstance
ProcessInfoContainer::GetProcessHipsRules
QueryConfig
QueueController::FindContext
RemoveDuplicateWhiteSpaces
ShouldLogToAsimov
SignatureHandler::TestForDetection
SignatureHandler::TestForDetectionWithTokenizedPath
SignatureHandler::TestForModuleLoad
SignatureHandler::TestForProcessStart
WPP_SF_
WPP_SF_S
WPP_SF_SDDDD
WPP_SF_SL
WPP_SF_dSL
WPP_SF_l
__security_check_cookie
guard_dispatch_icall$fo_default$
_tlgKeywordOn
_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*__ptr64),void_const*ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByRef<16>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz>
wcsicmp
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
free
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::Tidy
std::vector<wchar_t,class_std::allocator<wchar_t>>::_Tidy
calling
paramcount 5
address 75a1895d0
sig long __thiscall HandleNotification(SignatureHandler * this, ProcessContext * param_1, ProcessNotification * param_2, bool * param_3, bool * param_4)
sym_type Function
sym_source ANALYSIS
external False

SignatureHandler::HandleNotification

Function Meta

Key mpengine.dll
name HandleNotification
fullname SignatureHandler::HandleNotification
refcount 3
length 1713
called
Expand for full list:
ConnectionCacheInfo::ConnectionCacheInfo
ProcessContext::CacheConnection
ProcessContext::SetConnectionString
SignatureHandler::TestForDetection
WPP_SF_SL
WPP_SF_SS
WPP_SF_l
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free
wcscmp
calling
paramcount 5
address 75a4a58f0
sig long __thiscall HandleNotification(SignatureHandler * this, ProcessContext * param_1, InternalNotification * param_2, bool * param_3, bool * param_4)
sym_type Function
sym_source ANALYSIS
external False

SignatureHandler::HandleNotification

Function Meta

Key mpengine.dll
name HandleNotification
fullname SignatureHandler::HandleNotification
refcount 3
length 1007
called SignatureHandler::HandleEtwCodeInjectionNotifications
SignatureHandler::HandleEtwGetAsyncKeyStateEvent
SignatureHandler::HandleEtwSetWindowsHook
SignatureHandler::TestForDetection
StrToULongHelper<wchar_t>
WPP_SF_
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
calling
paramcount 5
address 75a87fc90
sig long __thiscall HandleNotification(SignatureHandler * this, ProcessContext * param_1, EtwNotification * param_2, bool * param_3, bool * param_4)
sym_type Function
sym_source ANALYSIS
external False

ProcessContextLogger::CollectStates

Function Meta

Key mpengine.dll
name CollectStates
fullname ProcessContextLogger::CollectStates
refcount 3
length 1544
called
Expand for full list:
GetDosPathFromNormalizedPath
GetOriginalFileName
NotificationImpl::GetDomainName
ProcessContextLogger::WriteDomain
WPP_SF_SL
WPP_SF_l
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
free
std::Deallocate<16,0>std::vector<class_CXmlAttribute,class_std::allocator<class_CXmlAttribute>>::push_back
calling
paramcount 2
address 75a88a240
sig long __thiscall CollectStates(ProcessContextLogger * this, InternalNotification * param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::get_latest_time

Function Meta

Key mpengine.dll
name get_latest_time
fullname tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::get_latest_time
refcount 2
length 6
called
calling
paramcount 1
address 75a979ca0
sig __uint64 __thiscall get_latest_time(time_update_service_api_impl * this)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::feature_extraction::hotspot_detector_node::calculate_output_value

Function Meta

Key mpengine.dll
name calculate_output_value
fullname tdt_library_v_next::feature_extraction::hotspot_detector_node::calculate_output_value
refcount 3
length 1322
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
operator_new
std::Allocate<16,struct_std::Default_allocate_traits,0>
std::Deallocate<16,0>
std::Get_size_of_n<40>
std::Tree<class_std::Tmap_traits<unsigned_int,class_std::set<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>>,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,class_std::set<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>>>>,0>>::Emplace<unsigned_int_const&ptr64,class_std::set<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>>>
std::Tree<class_std::Tmap_traits<unsigned_int,class_std::set<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>>,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,class_std::set<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>>>>,0>>::Find<unsigned_int>
std::Tree<class_std::Tset_traits<struct_boost::re_detail_500::digraph<wchar_t>,struct_std::less<struct_boost::re_detail_500::digraph<wchar_t>>,class_std::allocator<struct_boost::re_detail_500::digraph<wchar_t>>,0>>::~Tree<class_std::Tset_traits<struct_boost::re_detail_500::digraph<wchar_t>,struct_std::less<struct_boost::re_detail_500::digraph<wchar_t>>,class_std::allocator<struct_boost::re_detail_500::digraph<wchar_t>>,0>_>
std::_Tree<class_std::Tset_traits<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>,0>>::_Insert_range_unchecked<unsigned_int_const*___ptr64,unsigned_int_const*___ptr64>
std::Tree<class_std::Tset_traits<unsigned_int,struct_std::less<unsigned_int>,class_std::allocator<unsigned_int>,0>>::insert<0,0>std::Xbad_function_call
std::basic_ostream<char,struct_std::char_traits>::operator<<
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::list<struct_tdt_library_v_next::feature_extraction::address_bucket,class_std::allocator<struct_tdt_library_v_next::feature_extraction::address_bucket>>::Emplace<struct_tdt_library_v_next::feature_extraction::address_bucket_const&ptr64>
std::operator<<<char,struct_std::char_traits,class_std::allocator>
std::operator<<<struct_std::char_traits>
std::set<unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<unsigned_long>>::set<unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<unsigned_long>>
tdt_library_v_next::bit_shovel_plugins::context_manager::add_context
tdt_library_v_next::bit_shovel_plugins::context_manager::get_context
tdt_library_v_next::feature_extraction::hotspot_detector_node::_dump_context
calling
paramcount 4
address 75a9b1f70
sig void __thiscall calculate_output_value(hotspot_detector_node * this, data_record_meta_data_t * param_1, vector<double,class_std::allocator> * param_2, vector<unsigned_char,class_std::allocator<unsigned_char>> * param_3)
sym_type Function
sym_source ANALYSIS
external False

std::Func_impl_no_alloc<<lambda_49aaa8c101f8a6e50877c71242352a0c>,bool,char_const*,unsigned___int64,sha1_t_const_&,unsigned___int64>::_Do_call

Function Meta

Key mpengine.dll
name _Do_call
fullname std::Func_impl_no_alloc<<lambda_49aaa8c101f8a6e50877c71242352a0c>,bool,char_const*,unsigned___int64,sha1_t_const_&,unsigned___int64>::_Do_call
refcount 2
length 12
called <lambda_49aaa8c101f8a6e50877c71242352a0c>::operator()
calling
paramcount 4
address 75aa089b0
sig undefined __fastcall _Do_call(longlong param_1, undefined8 * param_2, undefined8 param_3, char * * param_4)
sym_type Function
sym_source IMPORTED
external False

std::Func_impl_no_alloc<<lambda_73e9606387324b6c8fd692d5be98c77c>,bool,char_const*>::_Do_call

Function Meta

Key mpengine.dll
name _Do_call
fullname std::Func_impl_no_alloc<<lambda_73e9606387324b6c8fd692d5be98c77c>,bool,char_const*>::_Do_call
refcount 2
length 12
called <lambda_73e9606387324b6c8fd692d5be98c77c>::operator()
calling
paramcount 4
address 75aae4130
sig undefined __fastcall _Do_call(longlong param_1, undefined8 * param_2, undefined8 param_3, ulong param_4)
sym_type Function
sym_source IMPORTED
external False

`dynamic_atexit_destructor_for_'tdt_library_v_current::logger_client::logger::m_instance''

Function Meta

Key mpengine.dll
name m_instance''
fullname `dynamic_atexit_destructor_for_'tdt_library_v_current::logger_client::logger::m_instance''
refcount 3
length 26
called std::_Ref_count_base::_Decref
calling `dynamic_atexit_destructor_for_'tdt_library_v_current::logger_client::logger::m_instance''
paramcount 0
address 75ad604f0
sig undefined __fastcall m_instance''(void)
sym_type Function
sym_source IMPORTED
external False

`dynamic_atexit_destructor_for_'tdt_library_v_next::logger_client::logger::m_instance''

Function Meta

Key mpengine.dll
name m_instance''
fullname `dynamic_atexit_destructor_for_'tdt_library_v_next::logger_client::logger::m_instance''
refcount 3
length 26
called std::_Ref_count_base::_Decref
calling `dynamic_atexit_destructor_for_'tdt_library_v_next::logger_client::logger::m_instance''
paramcount 0
address 75ad608c0
sig undefined __fastcall m_instance''(void)
sym_type Function
sym_source IMPORTED
external False

<lambda_0f9762a6c82734cc8c0c6edb2ce7b823>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_0f9762a6c82734cc8c0c6edb2ce7b823>::operator()
refcount 3
length 4352
called
Expand for full list:
AsrLocationInfo::FindPath
AsrLocationInfo::IsEmpty
AsrRemediateProcess
AsrRuleSettingsProxy::Read
CProcessCommandLine::Process
CProcessImagePath::Process
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
CommonUtil::CCommonThrowHR::operator=
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpReadLockFunctor<class_CommonUtil::CMpReadWriteLock2>>::CGenericAutoLock<struct_CommonUtil::CMpReadLockFunctor<class_CommonUtil::CMpReadWriteLock2>>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpReadLockFunctor<class_CommonUtil::CMpReadWriteLock2>>::~CGenericAutoLock<struct_CommonUtil::CMpReadLockFunctor<class_CommonUtil::CMpReadWriteLock2>>CommonUtil::NewSprintfW
CommonUtil::UtilStringFromUuid
DcQueryConfigBool
GetInvolvedDocument
HipsManager::IsASRExcludedTarget
IsDisabledSignature
IsDisabledSignatureWithCloudCheck
IsEnterpriseAllowListedWin32Path
IsMapsEnabledForHipsRule
LogSkip::Check
MatchesRegexList
MemScanQueryIntegrityLevel
MpLogGlobalCallback
MpLogWriter::Commit
MpLogWriter::MpLogWriter
MpLogWriter::PushString
MpLogWriter::~MpLogWriter
NotAllowedRuleEvaluator::NotAllowedRuleEvaluator
NotifyHipsEvent
SDSSQuery::SDSSQuery
WPP_SF_
WPP_SF_I
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
cmp_fpath_w
di::TelemetryAssert::AssertTriggeredNoArgs
fill_seville_resource_info
free
memset
operator_new
sigseqfromrecid
sigshafromrecid
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::vector<struct_HipsRules,class_std::allocator<struct_HipsRules>>::emplace_back<struct_HipsRules&___ptr64>
calling HipsManager::OnImageConfig
paramcount 4
address 75a539a1c
sig undefined __fastcall operator()(longlong * param_1, _GUID * param_2, AsrRuleSettingsProxy * param_3, int param_4)
sym_type Function
sym_source IMPORTED
external False

getsigtype

Function Meta

Key mpengine.dll
name getsigtype
fullname getsigtype
refcount 145
length 2853
called
calling EvaluateVersioningOperator
ReceiveNewTemplate
Receivers_New_End
paramcount 1
address 75a49ddd0
sig char * __fastcall getsigtype(byte param_1)
sym_type Function
sym_source IMPORTED
external False

getsigtype

Function Meta

Key mpengine.dll
name getsigtype
fullname getsigtype
refcount 56
length 1318
called
calling
Expand for full list:
MpSignatureSubType<struct_bloomfilter_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_bloomfilter_record>,1,1,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_explicitresource_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresource_record>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::Lookup<struct_ExplicitResourceHashProvider>
MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::Lookup<struct_FriendlyHashProvider>
MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::Lookup<struct_PeEmuHashProvider>
MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_pestatic_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestatic_t>,0,0,1>::Lookup<struct_PeStaticHashProvider>
MpSignatureSubType<struct_pestatic_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestatic_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_pestaticex_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestaticex_t>,0,0,1>::Lookup<struct_PeStaticExHashProvider<0>_>MpSignatureSubType<struct_pestaticex_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestaticex_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::Lookup<struct_RevokedCertProvider>
MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::Lookup<struct_RevokedCertProviderFunc>
MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::Lookup<class_StaticHashProvider>
MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_trustedpublisher_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_trustedpublisher_t>,0,0,1>::Lookup<struct_TrustedPublisherProvider>
MpSignatureSubType<struct_trustedpublisher_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_trustedpublisher_t>,0,0,1>::PostProcessRecordsWorker
modprobe_init_worker
paramcount 1
address 75a12a040
sig char * __fastcall getsigtype(undefined param_1)
sym_type Function
sym_source IMPORTED
external False

<lambda_5e4005bbdd9cae4eff357a4b8aac90e6>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_5e4005bbdd9cae4eff357a4b8aac90e6>::operator()
refcount 4
length 6096
called
Expand for full list:
GetSignatureVersion
McTemplateU0zzizzzzzqqzzzddqxzzdttqqqxzz_MPEventWriteTransfer
WPP_SF_
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
spynet_wrapper::ReportError
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::default_delete<class_web::json::details::_Value>::operator()web::json::value::boolean
web::json::value::number
web::json::value::number
web::json::value::operator=
web::json::value::operator[]
web::json::value::serialize
web::json::value::string
web::json::value::value
calling SendSenseRemediationEtwEvent
paramcount 4
address 75a74044c
sig undefined __fastcall operator()(undefined8 * param_1, wchar_t * param_2, basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>> * param_3, basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>> * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_31575293ba5bb7430c6f950f1afc8e90>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_31575293ba5bb7430c6f950f1afc8e90>::operator()
refcount 3
length 645
called
Expand for full list:
Init_thread_footer
Init_thread_header
guard_dispatch_icall$fo_default$
public:_bool___cdecl_<lambda_31575293ba5bb7430c6f950f1afc8e90>::operator()(class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const&___ptr64)const___ptr64'::__l2::dynamic_atexit_destructor_for'plugin_list''
atexit
std::Ref_count_base::Decref
std::Traits_equal<struct_std::char_traits>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::vector<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel::plugin_base>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel::plugin_base>>_>::Emplace_reallocate<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel::plugin_base>>
tdt_library_v_current::bit_shovel_plugins::core_telemetry_preprocessor::create
tdt_library_v_current::bit_shovel_plugins::core_telemetry_publisher::createtdt_library_v_current::bit_shovel_plugins::isv_sample::create
tdt_library_v_current::bit_shovel_plugins::normalizer::create
tdt_library_v_current::bit_shovel_plugins::process_monitor_service::create
tdt_library_v_current::bit_shovel_plugins::profiling_database_service::create
tdt_library_v_current::bit_shovel_plugins::profiling_heuristic::create
tdt_library_v_current::bit_shovel_plugins::time_update_service::create
tdt_library_v_current::bit_shovel_plugins::vail_random_forest_classifier_plugin::create
calling tdt_library_v_current::plugin_loader::create_plugin
paramcount 2
address 75a8f93e4
sig undefined8 __fastcall operator()(undefined8 * param_1, char * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()
refcount 2
length 592
called
Expand for full list:
Init_thread_footer
Init_thread_header
_security_check_cookie
guard_dispatch_icall$fo_default$
public:_bool___cdecl_<lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()(class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const&___ptr64)const___ptr64'::__l2::dynamic_atexit_destructor_for'plugin_list''
atexit
std::Traits_equal<struct_std::char_traits>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::bit_shovel_plugins::normalizer::get_dependencies
tdt_library_v_current::bit_shovel_plugins::profiling_database_service::get_dependenciestdt_library_v_current::bit_shovel_plugins::profiling_heuristic::get_dependencies
tdt_library_v_current::bit_shovel_plugins::vail_random_forest_classifier_plugin::get_dependencies
tdt_library_v_next::bit_shovel_plugins::core_telemetry_publisher::get_dependencies
calling tdt_library_v_current::plugin_loader::get_plugins_dependencies
paramcount 2
address 75a8f966c
sig undefined __fastcall operator()(undefined8 * param_1, char * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_6babf04455e01b1f129b6480367e39c8>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_6babf04455e01b1f129b6480367e39c8>::operator()
refcount 3
length 1424
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
operator_new
snprintf
std::_Allocate<16,struct_std::_Default_allocate_traits,0>
std::_List_node_emplace_op2<class_std::allocator<struct_std::_List_node<class_std::shared_ptr<class_IWorkUnitFactory>,void*_ptr64>>>::~_List_node_emplace_op2<class_std::allocator<struct_std::List_node<class_std::shared_ptr<class_IWorkUnitFactory>,void*ptr64>>>
std::Ref_count_base::Decref
std::Xlength_error
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
tdt_library_v_current::bit_shovel_plugins::internal::classifier_detect_impl::classifier_detect_impl
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
tdt_library_v_next::bit_shovel::result_type::operator_bool
calling tdt_library_v_current::bit_shovel_plugins::classifier_plugin::_create_detection_agents
paramcount 6
address 75a9027ac
sig undefined __fastcall operator()(longlong * param_1, result_type * param_2, undefined8 param_3, undefined8 param_4, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_5, undefined8 param_6)
sym_type Function
sym_source IMPORTED
external False

<lambda_091b22df2017f17e232e72bdb61857f3>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_091b22df2017f17e232e72bdb61857f3>::operator()
refcount 2
length 394
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::bit_shovel::data_network::push<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::event_base_t>_>
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
tdt_library_v_next::bit_shovel::result_type::operator_bool
calling std::_Func_impl_no_alloc<<lambda_091b22df2017f17e232e72bdb61857f3>,void,std::shared_ptr<tdt_library_v_current::tdt_app_profiling::preprocessed_events::event_base_t>const&,bool>::_Do_call
paramcount 2
address 75a7a0598
sig undefined __fastcall operator()(undefined8 * param_1, longlong * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_ca68b46a02b00be7f2919989f8991ad0>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_ca68b46a02b00be7f2919989f8991ad0>::operator()
refcount 9
length 3369
called __security_check_cookie
guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::message_processing_agent::log_statistics
paramcount 3
address 75a910bb8
sig undefined __fastcall operator()(undefined8 param_1, longlong * param_2, undefined8 * param_3)
sym_type Function
sym_source IMPORTED
external False

<lambda_e80b1ba6d35967b9aef5c7bd96a48a03>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_e80b1ba6d35967b9aef5c7bd96a48a03>::operator()
refcount 3
length 1168
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::message_processing_agent::log_statistics
paramcount 4
address 75a9118e4
sig undefined __fastcall operator()(undefined8 param_1, undefined8 * param_2, longlong param_3, longlong param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_a52397e543c1736d69ca94d83c8eb915>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_a52397e543c1736d69ca94d83c8eb915>::operator()
refcount 4
length 3428
called <lambda_4d20d8faec7ff538c8000da0e19b56fc>::operator()
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::core_telemetry_publisher::deinit
paramcount 2
address 75a91ad00
sig undefined __fastcall operator()(undefined8 param_1, longlong * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_2b16eede04a3efdc783f6feb99ed8c61>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_2b16eede04a3efdc783f6feb99ed8c61>::operator()
refcount 4
length 509
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_ostream<char,struct_std::char_traits>::operator<<
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::basic_stringbuf<char,struct_std::char_traits,class_std::allocator>::str
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::`vbase_destructor'
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::basic_stringstream<char,struct_std::char_traits,class_std::allocator>std::operator<<<char,struct_std::char_traits,class_std::allocator>
std::operator<<<struct_std::char_traits_>
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list
paramcount 3
address 75a920390
sig undefined __fastcall operator()(undefined8 param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2, longlong * param_3)
sym_type Function
sym_source IMPORTED
external False

`<lambda_2821effc6a6193929ab5d8bf0c3ba95b>::operator()'::__l1::catch$8

Function Meta

Key mpengine.dll
name catch$8
fullname `<lambda_2821effc6a6193929ab5d8bf0c3ba95b>::operator()'::__l1::catch$8
refcount 1
length 390
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling
paramcount 2
address 75ad44f37
sig undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_7914faad9942e8ab5a27c76d3416fbab>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_7914faad9942e8ab5a27c76d3416fbab>::operator()
refcount 2
length 692
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
buffer_view<unsigned_char>::throw_if_out_of_range
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>>::Tidy_deallocate
std::make_shared<struct_tdt_library_v_current::tdt_app_profiling::filtered_process_list_t>std::vector<unsigned_int,class_std::allocator<unsigned_int>>::_Emplace_reallocate<unsigned_int_const&___ptr64>
tdt_library_v_current::bit_shovel_plugins::get_process_integrity_level
tdt_library_v_current::bit_shovel_plugins::tts_event_view<1883652899>::get_image_path
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
tdt_library_v_current::tdt_app_profiling::file_path_preprocessor::translate_path
calling tdt_library_v_current::bit_shovel_plugins::core_telemetry_parser::parse<<lambda_7914faad9942e8ab5a27c76d3416fbab>_>
paramcount 2
address 75a93b04c
sig undefined __fastcall operator()(longlong * param_1, buffer_view<unsigned_char> * param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_current::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$47

Function Meta

Key mpengine.dll
name catch$47
fullname `tdt_library_v_current::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$47
refcount 1
length 354
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling
paramcount 2
address 75ad45415
sig undefined8 __fastcall catch$47(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_0002dfbc9e826a78e572fed23f745983>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_0002dfbc9e826a78e572fed23f745983>::operator()
refcount 5
length 550
called
Expand for full list:
__security_check_cookie
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get<unsigned___int64>
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::operator+<char,struct_std::char_traits,class_std::allocator>std::operator+<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::detection_filter::init
paramcount 4
address 75a9448c4
sig undefined __fastcall operator()(undefined8 * param_1, char * param_2, __uint64 * param_3, __uint64 param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_6e9b5994c18c479ab1407996b7e58975>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_6e9b5994c18c479ab1407996b7e58975>::operator()
refcount 8
length 596
called
Expand for full list:
__security_check_cookie
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::operator+<char,struct_std::char_traits,class_std::allocator>std::operator+<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::detection_filter::init
paramcount 4
address 75a944aec
sig undefined __fastcall operator()(undefined8 * param_1, char * param_2, char * param_3, undefined param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_3c2594255a12239f97f3b2e3fa9a1311>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_3c2594255a12239f97f3b2e3fa9a1311>::operator()
refcount 3
length 551
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::append
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::Emplace_reallocate<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64>tdt_library_v_current::bit_shovel_plugins::normalizer_config::get_normalizer_model_name
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::normalizer::get_dependencies
paramcount 2
address 75a94c714
sig undefined __fastcall operator()(undefined8 * param_1, undefined8 * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_be08062effc0cc22e5039bcfde02c98d>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_be08062effc0cc22e5039bcfde02c98d>::operator()
refcount 7
length 413
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::tdt_app_profiling::time_series_heuristic::_is_detect_config_ok
tdt_library_v_current::tdt_app_profiling::time_series_heuristic::_is_train_config_ok
paramcount 4
address 75a96e0b8
sig undefined __fastcall operator()(undefined8 param_1, double param_2, undefined8 param_3, undefined8 * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_e142b6e321a34ddece5dedaf6906d5fc>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_e142b6e321a34ddece5dedaf6906d5fc>::operator()
refcount 6
length 403
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::tdt_app_profiling::time_series_heuristic::_is_auto_config_ok
paramcount 4
address 75a96ed64
sig undefined __fastcall operator()(undefined8 param_1, longlong param_2, undefined8 param_3, undefined8 * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_1241208179f00ded9d7d5c54e5197654>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_1241208179f00ded9d7d5c54e5197654>::operator()
refcount 5
length 425
called <lambda_e44e9d6376a21d8036597927136c78a2>::operator()
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::heuristic_processor::deinit
paramcount 3
address 75a9762e0
sig undefined __fastcall operator()(undefined8 param_1, undefined8 param_2, longlong * param_3)
sym_type Function
sym_source IMPORTED
external False

<lambda_915b71b27d4f965add1674c17df56f75>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_915b71b27d4f965add1674c17df56f75>::operator()
refcount 2
length 437
called _Cnd_wait
std::_Tree_unchecked_const_iterator<class_std::_Tree_val<struct_std::Tree_simple_types<unsigned_int>>,struct_std::Iterator_base0>::operator++
std::chrono::steady_clock::now
std::condition_variable::Wait_until1<std::chrono::steady_clock,std::chrono::duration<__int64,std::ratio<1,1000000000>>,<lambda_c1894fd93ab2f9e19b6044618d42b5d1>>
std::unique_lock<class_std::mutex>::unique_lock<class_std::mutex>
std::unique_lock<class_std::mutex>::unlock
std::unique_lock<class_std::mutex>::~unique_lock<class_std::mutex>
tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::dispatch_callbacks
calling std::thread::Invoke<std::tuple<<lambda_915b71b27d4f965add1674c17df56f75>>,0>
paramcount 1
address 75a97980c
sig undefined __fastcall operator()(longlong * param_1)
sym_type Function
sym_source IMPORTED
external False

`<lambda_7d89ce293df0537485e879585b616a19>::operator()'::__l1::catch$8

Function Meta

Key mpengine.dll
name catch$8
fullname `<lambda_7d89ce293df0537485e879585b616a19>::operator()'::__l1::catch$8
refcount 1
length 336
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad49614
sig undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$57

Function Meta

Key mpengine.dll
name catch$57
fullname `tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$57
refcount 1
length 336
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad34edd
sig undefined8 __fastcall catch$57(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$58

Function Meta

Key mpengine.dll
name catch$58
fullname `tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$58
refcount 2
length 336
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad3502e
sig undefined8 __fastcall catch$58(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::discover_dependencies'::__l1::catch$50

Function Meta

Key mpengine.dll
name catch$50
fullname `tdt_library_v_next::discover_dependencies'::__l1::catch$50
refcount 1
length 465
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad49ff9
sig undefined8 __fastcall catch$50(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_af4342b357659ccce2874d49241f8856>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_af4342b357659ccce2874d49241f8856>::operator()
refcount 4
length 1690
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
memset
operator_new
snprintf
std::_Allocate<16,struct_std::_Default_allocate_traits,0>
std::_Ref_count_base::_Decref
std::Xlength_error
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Construct<1,char_const*ptr64>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Reallocate_for<class<lambda_66f57f934f28d61049862f64df852ff0>,char_const*ptr64>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Reallocate_grow_by<class<lambda_e1befb086ad3257e3f042a63030725f7>,unsigned___int64,char>std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
tdt_library_v_next::bit_shovel::result_type::operator_bool
tdt_library_v_next::bit_shovel_plugins::classifier_detect::classifier_detect
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::classifier_plugin::_create_detection_agents
paramcount 5
address 75a50b508
sig undefined __fastcall operator()(longlong * param_1, result_type * param_2, undefined8 param_3, ulonglong param_4, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_5)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::classifier_plugin::init'::__l1::catch$23

Function Meta

Key mpengine.dll
name catch$23
fullname `tdt_library_v_next::bit_shovel_plugins::classifier_plugin::init'::__l1::catch$23
refcount 2
length 375
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad2a07c
sig undefined8 __fastcall catch$23(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_0ecd438b0ae0830926a4a2907280c33b>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_0ecd438b0ae0830926a4a2907280c33b>::operator()
refcount 2
length 280
called __security_check_cookie
guard_dispatch_icall$fo_default$
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::to_string
tdt_library_v_next::bit_shovel::data_network::push<struct_tdt_library_v_next::bit_shovel::pipeline_message_t>
tdt_library_v_next::bit_shovel::result_type::operator_bool
tdt_library_v_next::bit_shovel_plugins::message_processing_agent::process_tlv
calling std::_Func_impl_no_alloc<<lambda_0ecd438b0ae0830926a4a2907280c33b>,void,std::shared_ptr<tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>const&>::_Do_call
paramcount 2
address 75a6c56c0
sig undefined __fastcall operator()(longlong * param_1, undefined8 param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_4779b7e98c341a68831230402777e48b>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_4779b7e98c341a68831230402777e48b>::operator()
refcount 2
length 394
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::bit_shovel::data_network::push<class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::event_base_t>_>
tdt_library_v_next::bit_shovel::result_type::operator_bool
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling std::_Func_impl_no_alloc<<lambda_4779b7e98c341a68831230402777e48b>,void,std::shared_ptr<tdt_library_v_next::tdt_app_profiling::preprocessed_events::event_base_t>const&,bool>::_Do_call
paramcount 2
address 75a7b7fbc
sig undefined __fastcall operator()(undefined8 * param_1, longlong * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_67e87abe0e30e8df0e4f574906d2d8a1>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_67e87abe0e30e8df0e4f574906d2d8a1>::operator()
refcount 8
length 5988
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
memset
snprintf
std::_Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::_Construct<1,char_const*__ptr64>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Reallocate_for<class<lambda_66f57f934f28d61049862f64df852ff0>,char_const*ptr64>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Reallocate_grow_by<class<lambda_e1befb086ad3257e3f042a63030725f7>,unsigned___int64,char>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::append
std::basic_string<char,struct_std::char_traits,class_std::allocator>::datatdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::message_processing_agent::log_statistics
paramcount 3
address 75a35b01c
sig undefined __fastcall operator()(undefined8 param_1, longlong * param_2, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_3)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::internal::core_telemetry_preprocessor_config_impl::_configure_compute_device'::__l1::catch$51

Function Meta

Key mpengine.dll
name catch$51
fullname `tdt_library_v_next::bit_shovel_plugins::internal::core_telemetry_preprocessor_config_impl::_configure_compute_device'::__l1::catch$51
refcount 1
length 424
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad2c3b6
sig undefined8 __fastcall catch$51(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_94a06d27cfddde603db7080a25a2c2c5>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_94a06d27cfddde603db7080a25a2c2c5>::operator()
refcount 3
length 3428
called <lambda_4d20d8faec7ff538c8000da0e19b56fc>::operator()
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::core_telemetry_publisher::deinit
paramcount 2
address 75a7945d8
sig undefined __fastcall operator()(undefined8 param_1, longlong * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_9306065256854b91b959b31dc93e47a9>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_9306065256854b91b959b31dc93e47a9>::operator()
refcount 4
length 509
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_ostream<char,struct_std::char_traits>::operator<<
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::basic_stringbuf<char,struct_std::char_traits,class_std::allocator>::str
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::`vbase_destructor'
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::basic_stringstream<char,struct_std::char_traits,class_std::allocator>std::operator<<<char,struct_std::char_traits,class_std::allocator>
std::operator<<<struct_std::char_traits_>
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list
paramcount 3
address 75a99d45c
sig undefined __fastcall operator()(undefined8 param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2, longlong * param_3)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::_set_incompat_process_list'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::_set_incompat_process_list'::__l1::dtor$0
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad1e8d5
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::_update_driver_config_for_replayed_telemetry'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::_update_driver_config_for_replayed_telemetry'::__l1::dtor$0
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4aebf
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::resume'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::resume'::__l1::dtor$0
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4af32
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list'::__l1::dtor$19

Function Meta

Key mpengine.dll
name dtor$19
fullname `tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list'::__l1::dtor$19
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4af58
sig undefined __fastcall dtor$19(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list'::__l1::dtor$28

Function Meta

Key mpengine.dll
name dtor$28
fullname `tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list'::__l1::dtor$28
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4af7e
sig undefined __fastcall dtor$28(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list'::__l1::dtor$37

Function Meta

Key mpengine.dll
name dtor$37
fullname `tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::set_filtered_process_list'::__l1::dtor$37
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4afa4
sig undefined __fastcall dtor$37(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_3a32f7c354283886a497322859bb2365>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_3a32f7c354283886a497322859bb2365>::operator()
refcount 4
length 501
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::logtdt_library_v_next::telemetry_publisher::system_process::_get_last_error_as_string
calling tdt_library_v_next::telemetry_publisher::system_process::_get_process_info
paramcount 4
address 75a9a29a8
sig undefined __fastcall operator()(longlong * param_1, undefined8 param_2, ulonglong param_3, basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_171acaa0967f74a09a953a10b762c201>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_171acaa0967f74a09a953a10b762c201>::operator()
refcount 3
length 1108
called
Expand for full list:
_security_check_cookie
boost::algorithm::is_any_of<char[2]>
boost::algorithm::split<class_std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>&ptr64,struct_boost::algorithm::detail::is_any_ofF>
boost::optional<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>::value
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get_child_optional
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get_value_optional<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
snprintf
std::Ref_count_base::Decrefstd::basic_string<char,struct_std::char_traits,class_std::allocator>::Equal
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::`scalar_deleting_destructor'
std::basic_string<char,struct_std::char_traits,class_std::allocator>::append
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::Emplace_reallocate<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const&ptr64>
std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::_Tidy
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::get_dependencies
paramcount 4
address 75a9a7d58
sig undefined __fastcall operator()(undefined8 * param_1, undefined8 * param_2, undefined8 param_3, char * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()
refcount 4
length 3374
called
Expand for full list:
__security_check_cookie
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get<unsigned___int64>
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get_child_optional
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::~basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
boost::property_tree::json_parser::write_json<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>>
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
snprintf
std::Ref_count_base::Decref
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::Emplace<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::append
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::basic_stringbuf<char,struct_std::char_traits,class_std::allocator>::str
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::`vbase_destructor'
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::basic_stringstream<char,struct_std::char_traits,class_std::allocator>
std::make_shared<tdt_library_v_next::feature_extraction::feature_extraction_graph,tdt_library_v_next::bit_shovel_plugins::context_manager&,<lambda_8bb9b646f85c0f382534feb5aacffa83>,void_*&>
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::operator+<char,struct_std::char_traits,class_std::allocator_>
tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::_replace_model_file_with_content
tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent::feature_extraction_graph_agent
tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent::feature_extraction_graph_agent
tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent::~feature_extraction_graph_agent
tdt_library_v_next::feature_extraction::feature_extraction_graph::configure
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::_create_feature_extraction_graphs
paramcount 5
address 75a9a8774
sig undefined __fastcall operator()(longlong * param_1, int * param_2, basic_string<char,struct_std::char_traits,class_std::allocator> * param_3, basic_string<char,struct_std::char_traits,class_std::allocator> * param_4, uint param_5)
sym_type Function
sym_source IMPORTED
external False

`<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()'::__l1::dtor$0
refcount 1
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4b2cc
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()'::__l1::catch$111

Function Meta

Key mpengine.dll
name catch$111
fullname `<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()'::__l1::catch$111
refcount 1
length 460
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad4b30a
sig undefined8 __fastcall catch$111(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`<lambda_c47e3657ed89008d786bba62d503857f>::operator()'::__l1::dtor$6

Function Meta

Key mpengine.dll
name dtor$6
fullname `<lambda_c47e3657ed89008d786bba62d503857f>::operator()'::__l1::dtor$6
refcount 2
length 38
called `<lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()'::__l2::plugin_dependencies_t::~plugin_dependencies_t
calling
paramcount 2
address 75ad4b4d7
sig undefined __fastcall dtor$6(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::feature_extraction::feature_extraction_graph::_configure_signals'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::feature_extraction::feature_extraction_graph::_configure_signals'::__l1::dtor$0
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4bbf5
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::feature_extraction::feature_extraction_graph::_make_node'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::feature_extraction::feature_extraction_graph::_make_node'::__l1::dtor$0
refcount 1
length 38
called std::shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>>>>::~shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>>>>
calling
paramcount 2
address 75ad4bc27
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::feature_extraction::exponential_smoothing_node::configure_node'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::feature_extraction::exponential_smoothing_node::configure_node'::__l1::dtor$0
refcount 1
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad4c0ec
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_abd::_check_and_add_process'::__l1::catch$76

Function Meta

Key mpengine.dll
name catch$76
fullname `tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_abd::_check_and_add_process'::__l1::catch$76
refcount 2
length 422
called snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad4c74c
sig undefined8 __fastcall catch$76(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`<lambda_2e19177984e714482baac494227fadc2>::operator()'::__l1::catch$8

Function Meta

Key mpengine.dll
name catch$8
fullname `<lambda_2e19177984e714482baac494227fadc2>::operator()'::__l1::catch$8
refcount 2
length 390
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad4ca97
sig undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_6d89f87bd1291b537d7e5a3b8553e267>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_6d89f87bd1291b537d7e5a3b8553e267>::operator()
refcount 2
length 692
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
buffer_view<unsigned_char>::throw_if_out_of_range
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>>::Tidy_deallocate
std::make_shared<struct_tdt_library_v_next::tdt_app_profiling::filtered_process_list_t>std::vector<unsigned_int,class_std::allocator<unsigned_int>>::_Emplace_reallocate<unsigned_int_const&___ptr64>
tdt_library_v_current::bit_shovel_plugins::tts_event_view<1883652899>::get_image_path
tdt_library_v_next::bit_shovel_plugins::get_process_integrity_level
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
tdt_library_v_next::tdt_app_profiling::file_path_preprocessor::translate_path
calling tdt_library_v_next::bit_shovel_plugins::core_telemetry_parser::parse<<lambda_6d89f87bd1291b537d7e5a3b8553e267>_>
paramcount 2
address 75a9beafc
sig undefined __fastcall operator()(longlong * param_1, buffer_view<unsigned_char> * param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::isv_sample_agent::agent_init'::__l1::dtor$29

Function Meta

Key mpengine.dll
name dtor$29
fullname `tdt_library_v_next::bit_shovel_plugins::isv_sample_agent::agent_init'::__l1::dtor$29
refcount 2
length 38
called `<lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()'::__l2::plugin_dependencies_t::~plugin_dependencies_t
calling
paramcount 2
address 75ad4cdec
sig undefined __fastcall dtor$29(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$57

Function Meta

Key mpengine.dll
name catch$57
fullname `tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$57
refcount 2
length 354
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad1ff92
sig undefined8 __fastcall catch$57(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::library_reporter::init'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::library_reporter::init'::__l1::dtor$0
refcount 1
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad1fc82
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_c3cacfba70cb363f6a0b9ed181941be3>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_c3cacfba70cb363f6a0b9ed181941be3>::operator()
refcount 5
length 550
called
Expand for full list:
__security_check_cookie
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get<unsigned___int64>
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::operator+<char,struct_std::char_traits,class_std::allocator>std::operator+<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::detection_filter::init
paramcount 4
address 75a9c3d7c
sig undefined __fastcall operator()(undefined8 * param_1, char * param_2, __uint64 * param_3, __uint64 param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_d8838b0f4fa45cad863edfb1880d780c>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_d8838b0f4fa45cad863edfb1880d780c>::operator()
refcount 8
length 596
called
Expand for full list:
__security_check_cookie
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get
boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::operator+<char,struct_std::char_traits,class_std::allocator>std::operator+<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::detection_filter::init
paramcount 4
address 75a9c3fa4
sig undefined __fastcall operator()(undefined8 * param_1, char * param_2, char * param_3, undefined param_4)
sym_type Function
sym_source IMPORTED
external False

`<lambda_69099dc339f6b8032743615cb1e756af>::operator()'::__l1::dtor$5

Function Meta

Key mpengine.dll
name dtor$5
fullname `<lambda_69099dc339f6b8032743615cb1e756af>::operator()'::__l1::dtor$5
refcount 2
length 38
called `<lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()'::__l2::plugin_dependencies_t::~plugin_dependencies_t
calling
paramcount 2
address 75ad4d32f
sig undefined __fastcall dtor$5(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_796a4c06adf31caadaf7a777f6ec9327>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_796a4c06adf31caadaf7a777f6ec9327>::operator()
refcount 3
length 549
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::append
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::operator+<char,struct_std::char_traits,class_std::allocator>
std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::Emplace_reallocate<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64>tdt_library_v_current::bit_shovel_plugins::normalizer_config::get_normalizer_model_name
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::normalizer::get_dependencies
paramcount 2
address 75a33cb74
sig undefined __fastcall operator()(undefined8 * param_1, undefined8 * param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer::get_dependencies'::__l1::dtor$1

Function Meta

Key mpengine.dll
name dtor$1
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer::get_dependencies'::__l1::dtor$1
refcount 1
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad1e2ed
sig undefined __fastcall dtor$1(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer::init'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer::init'::__l1::dtor$0
refcount 1
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad29e08
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer::push_configs'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer::push_configs'::__l1::dtor$0
refcount 1
length 41
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad3110e
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::_load_model'::__l1::dtor$92

Function Meta

Key mpengine.dll
name dtor$92
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::_load_model'::__l1::dtor$92
refcount 1
length 41
called std::unique_ptr<class_std::basic_istream<char,struct_std::char_traits>,struct_std::default_delete<class_std::basic_istream<char,struct_std::char_traits>>>::~unique_ptr<class_std::basic_istream<char,struct_std::char_traits>,struct_std::default_delete<class_std::basic_istream<char,struct_std::char_traits>>>
calling
paramcount 2
address 75ad1e0f4
sig undefined __fastcall dtor$92(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::dtor$0

Function Meta

Key mpengine.dll
name dtor$0
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::dtor$0
refcount 2
length 38
called <lambda_58fab4f05f9fe402bba8675704d18494>::~<lambda_58fab4f05f9fe402bba8675704d18494>
calling
paramcount 2
address 75ad1db9e
sig undefined __fastcall dtor$0(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$130

Function Meta

Key mpengine.dll
name catch$130
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$130
refcount 1
length 424
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad1dccc
sig undefined8 __fastcall catch$130(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$131

Function Meta

Key mpengine.dll
name catch$131
fullname `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$131
refcount 2
length 424
called guard_dispatch_icall$fo_default$
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad1de75
sig undefined8 __fastcall catch$131(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_directory'::__l1::catch$35

Function Meta

Key mpengine.dll
name catch$35
fullname `tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_directory'::__l1::catch$35
refcount 2
length 335
called snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad4e297
sig undefined8 __fastcall catch$35(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_directory'::__l1::catch$36

Function Meta

Key mpengine.dll
name catch$36
fullname `tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_directory'::__l1::catch$36
refcount 2
length 335
called snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad4e3e7
sig undefined8 __fastcall catch$36(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

`tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_info'::__l1::catch$25

Function Meta

Key mpengine.dll
name catch$25
fullname `tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_info'::__l1::catch$25
refcount 2
length 336
called snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling
paramcount 2
address 75ad4e537
sig undefined8 __fastcall catch$25(undefined8 param_1, longlong param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_14ba09e0a876ec0d948693e262e4ef28>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_14ba09e0a876ec0d948693e262e4ef28>::operator()
refcount 7
length 413
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_is_detect_config_ok
tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_is_train_config_ok
paramcount 4
address 75a9e16ec
sig undefined __fastcall operator()(undefined8 param_1, double param_2, undefined8 param_3, undefined8 * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_a0466f1711d1a4f7a471d0fbd02f76ad>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_a0466f1711d1a4f7a471d0fbd02f76ad>::operator()
refcount 2
length 139
called __security_check_cookie
buffer_view<unsigned_char>::throw_if_out_of_range
std::basic_string<char,struct_std::char_traits,class_std::allocator>::_Tidy_deallocate
tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::_check_and_add_process
tdt_library_v_next::bit_shovel_plugins::tts_event_view<1900430115>::get_image_path
calling tdt_library_v_next::bit_shovel_plugins::core_telemetry_parser::parse<<lambda_4193b7ddc099516270bf15963018d5e4>,<lambda_a0466f1711d1a4f7a471d0fbd02f76ad>_>
paramcount 2
address 75a9a9d1c
sig undefined __fastcall operator()(undefined8 * param_1, tts_event_view<1900430115> * param_2)
sym_type Function
sym_source IMPORTED
external False

<lambda_c9e78e1a692ed2a6ef4dc23a5da3d263>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_c9e78e1a692ed2a6ef4dc23a5da3d263>::operator()
refcount 13
length 403
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_is_auto_config_ok
tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_is_detect_config_ok
tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_is_train_config_ok
paramcount 4
address 75a9e1af8
sig undefined __fastcall operator()(undefined8 param_1, longlong param_2, undefined8 param_3, undefined8 * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_e1c5a3db80bd1f2f949a3566b9d3827e>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_e1c5a3db80bd1f2f949a3566b9d3827e>::operator()
refcount 3
length 909
called
Expand for full list:
__security_check_cookie
snprintf
std::Hash<class_std::Umap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::time_series_config_t>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::time_series_config_t>>>,0>>::find
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling <lambda_fc2301dc8476246e53d79082dc22c469>::operator()
tdt_library_v_next::tdt_app_profiling::time_series_heuristic::update_process_event
paramcount 4
address 75a9e2274
sig undefined __fastcall operator()(longlong * param_1, shared_ptr<struct_ObjectManager::MutantObject> * param_2, longlong param_3, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_fc2301dc8476246e53d79082dc22c469>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_fc2301dc8476246e53d79082dc22c469>::operator()
refcount 3
length 370
called <lambda_c964c0c2a3772b0c6fdc4095893e9a97>::operator()
<lambda_cee6adda5ac01518ec612af806086e79>::operator()
<lambda_e1c5a3db80bd1f2f949a3566b9d3827e>::operator()
__security_check_cookie
operator_new
std::Ref_count_base::Decref
std::map<unsigned_int,class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::process_control_flow_info_t>,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::process_control_flow_info_t>>>>::_Try_emplace<unsigned_int_const&___ptr64>
std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
tdt_library_v_next::tdt_app_profiling::process_control_flow_info_t::process_control_flow_info_t
calling tdt_library_v_next::tdt_app_profiling::time_series_heuristic::update_process_event
paramcount 4
address 75a9e2604
sig undefined __fastcall operator()(longlong * param_1, shared_ptr<struct_ObjectManager::MutantObject> * param_2, longlong param_3, process_event_t * param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_4a7686f5dc2f2475710fac1489852590>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_4a7686f5dc2f2475710fac1489852590>::operator()
refcount 5
length 425
called <lambda_e44e9d6376a21d8036597927136c78a2>::operator()
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::heuristic_processor::deinit
paramcount 3
address 75a9e8c70
sig undefined __fastcall operator()(undefined8 param_1, undefined8 param_2, longlong * param_3)
sym_type Function
sym_source IMPORTED
external False

std::Partition_by_median_guess_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>

Function Meta

Key mpengine.dll
name Partition_by_median_guess_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>
fullname std::Partition_by_median_guess_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>
refcount 2
length 532
called std::Guess_median_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>
calling std::Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>
paramcount 3
address 75aa712e8
sig ulonglong * __fastcall Partition_by_median_guess_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>(ulonglong * param_1, uint * param_2, uint * param_3)
sym_type Function
sym_source IMPORTED
external False

getsigtype

Function Meta

Key mpengine.dll
name getsigtype
fullname getsigtype
refcount 36
length 2853
called
calling
Expand for full list:
MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Lookup<struct_Nid64Provider>
MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_nid_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_nid_entry_t>,0,0,1>::Lookup<struct_NidProvider>
MpSignatureSubType<struct_nid_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_nid_entry_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::Lookup<struct_PropertyBagProvider>
MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_snid_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snid_entry_t>,0,0,1>::Lookup<struct_SnidProvider>
MpSignatureSubType<struct_snid_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snid_entry_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_snidex2_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex2_entry_t>,0,0,1>::Lookup<struct_SnidEx2Provider>
MpSignatureSubType<struct_snidex2_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex2_entry_t>,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_snidex_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex_entry_t>,0,0,1>::Lookup<struct_SnidExProvider>MpSignatureSubType<struct_snidex_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex_entry_t>,0,0,1>::PostProcessRecordsWorker
paramcount 1
address 75a5ef064
sig char * __fastcall getsigtype(byte param_1)
sym_type Function
sym_source IMPORTED
external False

getsigtype

Function Meta

Key mpengine.dll
name getsigtype
fullname getsigtype
refcount 14
length 2845
called
calling MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::Lookup<class_KcrcHashProvider>
MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::PostProcessRecordsWorker
MpSignatureSubType<struct_kcrcex_t,unsigned_long,3,1,0,0,struct_kcrcex_t,0,0,1>::Lookup<class_KcrcExHashProvider>
MpSignatureSubType<struct_kcrcex_t,unsigned_long,3,1,0,0,struct_kcrcex_t,0,0,1>::PostProcessRecordsWorker
paramcount 1
address 75a3eb978
sig char * __fastcall getsigtype(byte param_1)
sym_type Function
sym_source IMPORTED
external False

getsigtype

Function Meta

Key mpengine.dll
name getsigtype
fullname getsigtype
refcount 2
length 1318
called
calling ValidateSignatureWithPcodeStandaloneWorker2
ValidateSignatureWithPcodeWorker2
paramcount 1
address 75a2ce300
sig char * __fastcall getsigtype(undefined param_1)
sym_type Function
sym_source IMPORTED
external False

<lambda_cd92814f5cc40b1756fb5567a2d60eee>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_cd92814f5cc40b1756fb5567a2d60eee>::operator()
refcount 2
length 266
called CommonUtil::UtilMultiByteToWideChar
ProcessAttributes::DoesProcessHaveAttribute
WPP_SF_
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
calling std::Func_impl_no_alloc<<lambda_cd92814f5cc40b1756fb5567a2d60eee>,bool,char_const*>::_Do_call
paramcount 4
address 75aaeeac0
sig undefined __fastcall operator()(undefined8 * param_1, char * param_2, undefined8 param_3, ulong param_4)
sym_type Function
sym_source IMPORTED
external False

`CommonUtil::detail::InvokeThrowingFunctionEx<enum_MP_ERROR,<lambda_e6bf4ed7e9aae69b1d6997833c381c22>_>'::__l1::catch$87

Function Meta

Key mpengine.dll
name catch$87
fullname `CommonUtil::detail::InvokeThrowingFunctionEx<enum_MP_ERROR,<lambda_e6bf4ed7e9aae69b1d6997833c381c22>_>'::__l1::catch$87
refcount 2
length 121
called std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::pair<long,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>::pair<long,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>><long,char_const_(&___ptr64)[28],0>
calling
paramcount 3
address 75ad55a20
sig undefined8 __fastcall catch$87(undefined8 param_1, longlong param_2, char * param_3)
sym_type Function
sym_source IMPORTED
external False

<lambda_e0b316cc40eb5d101a892dedc51db4ec>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_e0b316cc40eb5d101a892dedc51db4ec>::operator()
refcount 3
length 133
called CommonUtil::CCommonThrowHR::operator=
KERNEL32.DLL::AcquireSRWLockExclusive
KERNEL32.DLL::ReleaseSRWLockExclusive
MetaStore::MetaVaultStorageSQLite::DoRemove
mpsqlite::AMSQLiteDB::begin_transaction
mpsqlite::AMSQLiteDB::commit
mpsqlite::db_rollback_guard::~db_rollback_guard
calling CommonUtil::detail::InvokeThrowingFunction<<lambda_e0b316cc40eb5d101a892dedc51db4ec>_>
paramcount 4
address 75a388600
sig undefined8 __fastcall operator()(longlong * param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_e3cacc5b68963b3c1f70327e54ddc61d>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_e3cacc5b68963b3c1f70327e54ddc61d>::operator()
refcount 2
length 724
called
Expand for full list:
AllowIdenticalNames
AttributePersistContext::GetContextCount
AttributePersistContext::OverwriteContext
GetFileNameFromFileID
GetFriendlyFileNameW
ProcessFileForOriginalFileName
__security_check_cookie
wcslwr
free
std::Func_class<void,class_tdt_library_v_next::bit_shovel_plugins::profiling_heuristic_api_t*ptr64_const&ptr64>::operator()
std::Tree<class_std::Tmap_traits<unsigned_long,wchar_t,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const,wchar_t>>,0>>::findstd::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::append
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::Emplace_reallocate<wchar_t_const(&ptr64)[10]>
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::_Tidy
wcsrchr
calling std::_Func_impl_no_alloc<<lambda_e3cacc5b68963b3c1f70327e54ddc61d>,int,unsigned___int64,unsigned_long,unsigned_char>::_Do_call
paramcount 4
address 75ab8a9a4
sig undefined __fastcall operator()(undefined8 * param_1, profiling_heuristic_api_t * * param_2, uint param_3, char param_4)
sym_type Function
sym_source IMPORTED
external False

<lambda_0c441ab9a409f40fee1016130bf8ef48>::<lambda_0c441ab9a409f40fee1016130bf8ef48>

Function Meta

Key mpengine.dll
name <lambda_0c441ab9a409f40fee1016130bf8ef48>
fullname <lambda_0c441ab9a409f40fee1016130bf8ef48>::<lambda_0c441ab9a409f40fee1016130bf8ef48>
refcount 1
length 213
called
calling ScanCmdLine
paramcount 22
address 75a3ff794
sig undefined8 * __fastcall <lambda_0c441ab9a409f40fee1016130bf8ef48>(undefined8 * param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, undefined8 param_5, undefined8 param_6, undefined8 param_7, undefined8 param_8, undefined8 param_9, undefined8 param_10, undefined8 param_11, undefined8 param_12, undefined8 param_13, undefined8 param_14, undefined8 param_15, undefined8 param_16, undefined8 param_17, undefined8 param_18, undefined8 param_19, undefined8 param_20, undefined8 param_21, undefined8 param_22)
sym_type Function
sym_source IMPORTED
external False

ERR_isError

Function Meta

Key mpengine.dll
name ERR_isError
fullname ERR_isError
refcount 8
length 10
called
calling HUF_decompress4X1_usingDTable_internal_default
HUF_decompress4X2_usingDTable_internal_default
paramcount 1
address 75a5b485c
sig bool __fastcall ERR_isError(ulonglong param_1)
sym_type Function
sym_source IMPORTED
external False

ZSTD_comparePackedTags

Function Meta

Key mpengine.dll
name ZSTD_comparePackedTags
fullname ZSTD_comparePackedTags
refcount 12
length 10
called
calling ZSTD_compressBlock_doubleFast_dictMatchState
paramcount 2
address 75abdd1c4
sig bool __fastcall ZSTD_comparePackedTags(char param_1, char param_2)
sym_type Function
sym_source IMPORTED
external False

ZSTD_cwksp_create

Function Meta

Key mpengine.dll
name ZSTD_cwksp_create
fullname ZSTD_cwksp_create
refcount 2
length 134
called guard_dispatch_icall$fo_default$
`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>
calling ZSTD_resetCCtx_internal
paramcount 3
address 75a442ddc
sig undefined8 __fastcall ZSTD_cwksp_create(undefined8 * param_1, ulonglong param_2, undefined8 * param_3)
sym_type Function
sym_source IMPORTED
external False

KERNEL32.DLL::ReadProcessMemory

Function Meta

Key mpengine.dll
name ReadProcessMemory
fullname KERNEL32.DLL::ReadProcessMemory
refcount 14
length 0
called
calling
Expand for full list:
CEMSTele::Matched
CSMSProcess::InvokeScanner
CSMSProcess::ScanRange
CheckProcessForInjectedModule
LsaTriggerLib::AlureonA2G
LuaReadProcMem
MemScanReadProcess
PartialReadHelper
nUFSP_proc::Read
platform_services_sample::ReadProcessMemory_shim
x86dasm_worker
paramcount 5
address EXTERNAL:00000087
sig BOOL __stdcall ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead)
sym_type Function
sym_source IMPORTED
external True

VERSION.DLL::GetFileVersionInfoA

Function Meta

Key mpengine.dll
name GetFileVersionInfoA
fullname VERSION.DLL::GetFileVersionInfoA
refcount 3
length 0
called
calling platform_services_sample::GetFileVersionInfoA_shim
tdt_utils::get_file_info
paramcount 4
address EXTERNAL:000001ca
sig BOOL __stdcall GetFileVersionInfoA(LPCSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData)
sym_type Function
sym_source IMPORTED
external True

CRYPT32.DLL::CertGetCertificateChain

Function Meta

Key mpengine.dll
name CertGetCertificateChain
fullname CRYPT32.DLL::CertGetCertificateChain
refcount 2
length 0
called
calling platform_services_sample::CertGetCertificateChain_shim
paramcount 8
address EXTERNAL:000001c8
sig BOOL __stdcall CertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT * ppChainContext)
sym_type Function
sym_source IMPORTED
external True

CRYPT32.DLL::CertFreeCertificateChain

Function Meta

Key mpengine.dll
name CertFreeCertificateChain
fullname CRYPT32.DLL::CertFreeCertificateChain
refcount 2
length 0
called
calling platform_services_sample::CertFreeCertificateChain_shim
paramcount 1
address EXTERNAL:000001c9
sig void __stdcall CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
sym_type Function
sym_source IMPORTED
external True

_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapperBinary,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz,struct__tlgWrapperByVal<4>>

Function Meta

Key mpengine.dll
name Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapperBinary,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz,struct__tlgWrapperByVal<4>_>
fullname _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapperBinary,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz,struct__tlgWrapperByVal<4>>
refcount 8
length 954
called __security_check_cookie
_tlgWriteAgg
calling AttributePersistContext::PropagateContext
AttributePersistContext::anonymous_namespace'::GetContextRaw<br>AttributePersistContext::anonymous_namespace'::GetContextsRawForPrefix
AttributePersistContext::`anonymous_namespace'::SetOrOverwriteContext
paramcount 24
address 75a1016b0
sig long __cdecl Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapperBinary,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz,struct__tlgWrapperByVal<4>_>(_tlgProvider_t * param_1, void * param_2, void * param_3, _tlgWrapperByVal<8> * param_4, _tlgWrapSz * param_5, _tlgWrapperBinary * param_6, _tlgWrapperByVal<8> * param_7, _tlgWrapSz<wchar_t> * param_8, _tlgWrapSz<wchar_t> * param_9, _tlgWrapSz<wchar_t> * param_10, _tlgWrapSz<wchar_t> * param_11, _tlgWrapSz<wchar_t> * param_12, _tlgWrapSz<wchar_t> * param_13, _tlgWrapperByVal<4> * param_14, _tlgWrapperByVal<4> * param_15, _tlgWrapperByVal<4> * param_16, _tlgWrapperByVal<4> * param_17, _tlgWrapperByVal<4> * param_18, _tlgWrapperByVal<4> * param_19, _tlgWrapperByVal<4> * param_20, _tlgWrapperByVal<4> * param_21, _tlgWrapSz * param_22, _tlgWrapSz * param_23, _tlgWrapperByVal<4> * param_24)
sym_type Function
sym_source ANALYSIS
external False

_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz>

Function Meta

Key mpengine.dll
name Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz_>
fullname _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz>
refcount 2
length 1123
called __security_check_cookie
_tlgWriteAgg
calling ImageNameConfigAsimov::Complete
paramcount 33
address 75a10a40c
sig long __cdecl Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz_>(_tlgProvider_t * param_1, void * param_2, void * param_3, _tlgWrapperByVal<8> * param_4, _tlgWrapperByVal<8> * param_5, _tlgWrapperByVal<8> * param_6, _tlgWrapperByVal<8> * param_7, _tlgWrapperByVal<8> * param_8, _tlgWrapperByVal<8> * param_9, _tlgWrapperByVal<8> * param_10, _tlgWrapperByVal<8> * param_11, _tlgWrapperByVal<8> * param_12, _tlgWrapperByVal<8> * param_13, _tlgWrapperByVal<8> * param_14, _tlgWrapSz * param_15, _tlgWrapSz<wchar_t> * param_16, _tlgWrapperByVal<8> * param_17, _tlgWrapSz<wchar_t> * param_18, _tlgWrapSz<wchar_t> * param_19, _tlgWrapSz<wchar_t> * param_20, _tlgWrapSz<wchar_t> * param_21, _tlgWrapSz<wchar_t> * param_22, _tlgWrapSz<wchar_t> * param_23, _tlgWrapperByVal<4> * param_24, _tlgWrapperByVal<4> * param_25, _tlgWrapperByVal<4> * param_26, _tlgWrapperByVal<4> * param_27, _tlgWrapperByVal<4> * param_28, _tlgWrapperByVal<4> * param_29, _tlgWrapperByVal<4> * param_30, _tlgWrapperByVal<4> * param_31, _tlgWrapSz * param_32, _tlgWrapSz * param_33)
sym_type Function
sym_source ANALYSIS
external False

_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteTransfer_EventWriteTransfer(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),struct__GUID_const*___ptr64,struct__GUID_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>>

Function Meta

Key mpengine.dll
name Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>_>
fullname _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteTransfer_EventWriteTransfer(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),struct__GUID_const*___ptr64,struct__GUID_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>>
refcount 3
length 708
called __security_check_cookie
_tlgWriteTransfer_EventWriteTransfer
calling ProcessInfoContainer::~ProcessInfoContainer
paramcount 24
address 75a10f3b8
sig long __cdecl Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>_>(_tlgProvider_t * param_1, void * param_2, _GUID * param_3, _GUID * param_4, _tlgWrapperByVal<8> * param_5, _tlgWrapSz<wchar_t> * param_6, _tlgWrapSz<wchar_t> * param_7, _tlgWrapSz<wchar_t> * param_8, _tlgWrapSz<wchar_t> * param_9, _tlgWrapSz<wchar_t> * param_10, _tlgWrapSz<wchar_t> * param_11, _tlgWrapperByVal<4> * param_12, _tlgWrapperByVal<4> * param_13, _tlgWrapperByVal<4> * param_14, _tlgWrapperByVal<4> * param_15, _tlgWrapperByVal<4> * param_16, _tlgWrapperByVal<4> * param_17, _tlgWrapperByVal<4> * param_18, _tlgWrapperByVal<4> * param_19, _tlgWrapperByVal<4> * param_20, _tlgWrapperByVal<8> * param_21, _tlgWrapperByVal<4> * param_22, _tlgWrapperByVal<4> * param_23, _tlgWrapperByVal<8> * param_24)
sym_type Function
sym_source ANALYSIS
external False

std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned___int64_const,struct_signature_sequence_t>>_>::_Insert_node

Function Meta

Key mpengine.dll
name _Insert_node
fullname std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned___int64_const,struct_signature_sequence_t>>_>::_Insert_node
refcount 2
length 525
called std::Tree_val<std::Tree_simple_types<std::pair<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>>const,AttributePersistContext::`anonymous_namespace'::RawExtendedContext2>>_>::_Rrotate
calling SigtreeHandlerInstance::refresh_cksig_data
paramcount 3
address 75a145c50
sig longlong * __thiscall Insert_node(Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned___int64_const,struct_signature_sequence_t>>> * this, longlong * param_1, longlong * param_2)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel::internal::data_network_impl::add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>

Function Meta

Key mpengine.dll
name add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>
fullname tdt_library_v_next::bit_shovel::internal::data_network_impl::add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>
refcount 2
length 232
called __RTDynamicCast
std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
std::vector<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*__ptr64>>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*ptr64>>>>::_Emplace_reallocate<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*__ptr64>>_const&___ptr64>
tdt_library_v_next::bit_shovel::internal::data_network_impl::type_manager<struct_tdt_library_v_next::bit_shovel::internal::data_network_impl::callback_info_base>::get_type_info<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>
calling tdt_library_v_next::bit_shovel::data_network::add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>
paramcount 4
address 75a19a02c
sig undefined4 * __thiscall add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>(data_network_impl * this, undefined4 * param_1, shared_ptr<struct_ObjectManager::MutantObject> * param_2, type_manager<struct_tdt_library_v_next::bit_shovel::internal::data_network_impl::callback_info_base> * param_3)
sym_type Function
sym_source ANALYSIS
external False

ProcessContext::GetCfaReason

Function Meta

Key mpengine.dll
name GetCfaReason
fullname ProcessContext::GetCfaReason
refcount 2
length 80
called guard_dispatch_icall$fo_default$
calling NotifyServiceOfASRViolation
paramcount 2
address 75a237d7c
sig ulong __thiscall GetCfaReason(ProcessContext * this, bool * param_1)
sym_type Function
sym_source ANALYSIS
external False

std::basic_ostream<wchar_t,struct_std::char_traits<wchar_t>_>::operator<<

Function Meta

Key mpengine.dll
name operator<<
fullname std::basic_ostream<wchar_t,struct_std::char_traits<wchar_t>_>::operator<<
refcount 5
length 360
called __uncaught_exception
guard_dispatch_icall$fo_default$
std::basic_ios<wchar_t,struct_std::char_traits<wchar_t>>::setstate
std::basic_ostream<wchar_t,struct_std::char_traits<wchar_t>>::Osfx
std::basic_ostream<wchar_t,struct_std::char_traits<wchar_t>>::sentry::sentry
std::locale::facet::Incref
std::locale::~locale
std::use_facet<class_std::num_put<wchar_t,class_std::ostreambuf_iterator<wchar_t,struct_std::char_traits<wchar_t>>>>
calling BmController::DumpStatsToSupportLogs
tdt_library_v_current::bit_shovel_plugins::driver_interface_impl::_event_select_tamper_details
tdt_library_v_current::bit_shovel_plugins::driver_interface_impl::_global_ctrl_tamper_details
tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::_event_select_tamper_details
paramcount 2
address 75a438524
sig basic_ostream<wchar_t,struct_std::char_traits<wchar_t>> * __thiscall operator<<(basic_ostream<wchar_t,struct_std::char_traits<wchar_t>> * this, __uint64 param_1)
sym_type Function
sym_source ANALYSIS
external False

std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64>

Function Meta

Key mpengine.dll
name Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64>
fullname std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64>
refcount 2
length 303
called guard_dispatch_icall$fo_default$
std::_Allocate<16,struct_std::_Default_allocate_traits,0>
std::_Get_size_of_n<64>
std::Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>>
std::Xlength_error
std::vector<class_std::function<void___cdecl(void)>,class_std::allocator<class_std::function<void___cdecl(void)>>>::_Change_array
calling tdt_library_v_current::bit_shovel_plugins::normalizer::register_refresh_callback
paramcount 3
address 75a43a9c0
sig function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&___ptr64)> * __thiscall Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&__ptr64>(vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>> * this, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)> * param_1, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)> * param_2)
sym_type Function
sym_source ANALYSIS
external False

BaseReport::HrAddAttribute

Function Meta

Key mpengine.dll
name HrAddAttribute
fullname BaseReport::HrAddAttribute
refcount 502
length 1162
called
Expand for full list:
BaseReport::ConvertSpecial
BaseReport::IsSpynetAttributeExcluded
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
GetAttributeSize
ShouldLogToAsimov
SpynetXmlNode::AddAttribute
WPP_SF_SS
__security_check_cookie
_tlgKeywordOn
_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteTransfer_EventWriteTransfer(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),struct__GUID_const*___ptr64,struct__GUID_const*_ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>>`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
std::String_val<struct_std::Simple_types<wchar_t>>::Check_offset
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::insert
calling
Expand for full list:
<lambda_b4a066d4232e6494820265c3c1813066>::operator()
<lambda_cbbea07f2e78570078691d33b5daa19a>::operator()
<lambda_cc6ca98f3a5cf79354db552d1022edd6>::operator()
AddAadDeviceId
AddAttributesToIpElement
AddAuditModeValues
AddCollectReasonEx
AddCompetitiveSecurityProductsTelemetry
AddContextualDataReport
AddCustomAsrRules
AddDefenderHealthInfoAddDeterminationAndActionStatus
AddDllImportToSpynetReport
AddFilterDriverTelemetryToBootThreatReports
AddFirmwareEnvironmentVariable
AddFirmwareEnvironmentVariables
AddHighPriClientAttributes
AddHighPriSevilleAttributes
AddLowPriClientAttributes
AddMediumPriClientAttributes
AddMediumPriProductInfo
AddMemDeviceId
AddMitigationValuesToNode
AddNetworkConnectionInfo
AddPassiveModeAndSxSPassiveMode
AddPortInfo
AddProcessInfos
AddProcessStartupDetailsElement
AddProxySettings
AddQualityCompat
AddRelatedStringInformation
AddRemediationResultToFileReports
AddRemediationStatusReport
AddRtpChange
AddScanAgeValues
AddSenseMachineMetadataAttributes
AddSpynetClientAttributes
AddTdtInfo
AddTrackingData
AddUEFIScanStatus
AddUefiBiosInformation
AddWdFilterHealthStatus
AddWindowUpdateTime
BMReport::AddArInformation
BMReport::AddDesktopInformation
BMReport::AddDetectionInformation
BMReport::AddFileChangeInformation
BMReport::AddInternalBehavior
BMReport::AddInternalInformation
BMReport::AddNriBMTelemetry
BMReport::AddNriConnectionDetails
BMReport::AddOpenProcessInformation
BMReport::AddProcessModifierInformation
BMReport::AddRegistryChangeInformation
BMReport::AddRelatedStringInformation
BMReport::AddRootkitInformation
BMReport::AddVolumeMountInformation
BMReport::CreateProcessInfoElement
BackupStore::AddSystemFileCacheTelemetry
BackupStore::RestoreSystemFileUsingSFC
BaseReport::AddFileHashes
BtrReport::AddFileAction
BtrReport::AddRegistryAction
CAdvSampleSubmission::GenerateAzSubmitFeedbackReport
CAnomalyTable::GenerateTableMaps
CResmgrAmsi::AddStringListMapsAttributeFromAttributeMap
CResmgrAmsi::GenerateOriginalFileReport
CResmgrAmsi::MapAttributesFromEdgeAllBlob
CResmgrAmsiUac::AddAmsiUacSpynetAttributes
CResmgrBitsJob::AddBitsJobSpynetAttributes
CResmgrBitsJob::Spynet
CResmgrCertStore::Spynet
CResmgrCmdLine::Spynet
CResmgrFile::CleanStore
CResmgrFile::SpynetEx
CResmgrKeyentry::AddStartupRegistryKeyTelemetry
CResmgrKeyentry::Spynet
CResmgrListval::Spynet
CResmgrNetworkIP::Spynet
CResmgrNoscanBase::AddBooleanMapsAttributeFromAttributeMap
CResmgrNoscanBase::AddDataBlobAttributeAsStringFromAttributeMap
CResmgrNoscanBase::AddStringMapsAttributeFromAttributeMap
CResmgrProcess::Spynet
CResmgrRemediationCheckpoint::Spynet
CResmgrRootkit::Spynet
CResmgrService::Spynet
CResmgrUefiFirmware::Spynet
CResmgrUefiVar::Spynet
CResmgrWebscript::GetPIIStrippedReferrerUrls
CResmgrWmi::Spynet
CheckSqmClientSettings
CreateCleanFileTelemetry
CreateSimpleFileReport
CreateTrackingXml
DetectionItem::GenerateBMSpynetReport
GenerateNetworkConnectionReport
GetCertInfoXml
ProcessBMResource
ProcessModuleInformation
ReportLatencyAttribute
ReportSpynetExtraAttribute
ReportThreatNotFoundData
SMSMaps::SendSMSScanReport
SendFileQueryFromCoreReport
SendHipsMapsReport
SigQueryReport::AddFastPathFileQuery
SigQueryReport::AddFastPathFileQuery
SigQueryReport::AddRTSDReportQuery
SigQueryReport::SigQueryReport
SpynetQueryDnsEntry
SpynetRemediationCheckpointRegkeys
SpynetXmlNode::CreateFileQueryNode
TryAddRegKeyValue
UrlReputationMaps::GenerateAndSendUrlReport
spynet_report::AddFileDetectionInformation
spynet_report::AddPEInfo
spynet_report::AddPrecalculatedHashes
spynet_report::SetIsContainerReport
spynet_report::SetSampleSubmissionConsentRequired
spynet_report::add_cert_info
spynet_report::add_certificate_info
spynet_report::add_filesystem_type
spynet_report::add_key
spynet_report::add_list_attributes
spynet_report::add_motw_info
spynet_report::add_name_property
spynet_report::add_owner_sid
spynet_report::add_vpath
spynet_report::get_clsid
spynet_report::process
spynet_report::process
spynet_report::process_content
spynet_wrapper::AddDynamicInfo
spynet_wrapper::AddHeartbeat
spynet_wrapper::AddHeartbeatErrorReport
spynet_wrapper::AddHeartbeatExclusion
spynet_wrapper::AddSampleReportHelper
spynet_wrapper::ReportError
paramcount 5
address 75a48c6f4
sig long __cdecl HrAddAttribute(SpynetXmlNode * param_1, wchar_t * param_2, wchar_t * param_3, ulong param_4, ulong param_5)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel::internal::data_network_impl::add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>

Function Meta

Key mpengine.dll
name add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>
fullname tdt_library_v_next::bit_shovel::internal::data_network_impl::add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>
refcount 2
length 228
called __RTDynamicCast
std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
std::vector<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*__ptr64>>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*ptr64>>>>::_Emplace_reallocate<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*__ptr64>>_const&___ptr64>
tdt_library_v_next::bit_shovel::internal::data_network_impl::type_manager<struct_tdt_library_v_next::bit_shovel::internal::data_network_impl::callback_info_base>::get_type_info<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>
calling tdt_library_v_next::bit_shovel::data_network::add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>
paramcount 4
address 75a50c0c8
sig undefined4 * __thiscall add_callback<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64,class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor>(data_network_impl * this, undefined4 * param_1, shared_ptr<struct_ObjectManager::MutantObject> * param_2, type_manager<struct_tdt_library_v_next::bit_shovel::internal::data_network_impl::callback_info_base> * param_3)
sym_type Function
sym_source ANALYSIS
external False

FUN_75a34f93c

Function Meta

Key mpengine.dll
name FUN_75a34f93c
fullname FUN_75a34f93c
refcount 2
length 253
called FUN_75a34fa94
boost::multi_index::detail::ordered_index_node_impl<struct_boost::multi_index::detail::null_augment_policy,class_std::allocator>::link
std::basic_string<char,struct_std::char_traits,class_std::allocator>::compare
calling FUN_75a34f894
paramcount 3
address 75a34f93c
sig longlong __fastcall FUN_75a34f93c(longlong param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2, longlong * param_3)
sym_type Function
sym_source DEFAULT
external False

tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::get_memory_usage_info

Function Meta

Key mpengine.dll
name get_memory_usage_info
fullname tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::get_memory_usage_info
refcount 2
length 768
called
Expand for full list:
__security_check_cookie
operator_delete[]
std::basic_ostream<char,struct_std::char_traits>::operator<<
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_stringbuf<char,struct_std::char_traits,class_std::allocator>::str
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::basic_stringstream<char,struct_std::char_traits,class_std::allocator>
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::~basic_stringstream<char,struct_std::char_traits,class_std::allocator>
std::ios_base::Tidy
std::locale::~locale
std::operator<<<struct_std::char_traits>
std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::Emplace_one_at_back<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_>
calling tdt_library_v_current::bit_shovel_plugins::internal::classifier_detect_impl::log_statistics
paramcount 2
address 75a56d158
sig vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> __thiscall get_memory_usage_info(time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>> * this, vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> * param_1)
sym_type Function
sym_source ANALYSIS
external False

std::search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>

Function Meta

Key mpengine.dll
name search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>
fullname std::search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>
refcount 3
length 122
called memcmp
calling elffile_scan
paramcount 4
address 75a5f3a5c
sig void * __cdecl search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>(void * param_1, void * param_2, undefined8 param_3, longlong param_4)
sym_type Function
sym_source ANALYSIS
external False

ProcessContext::InitializeCbpNamespacesTracking

Function Meta

Key mpengine.dll
name InitializeCbpNamespacesTracking
fullname ProcessContext::InitializeCbpNamespacesTracking
refcount 2
length 438
called FgGetState
GetDosPathFromNormalizedPath
IsKnownFriendly
IsKnownFriendlyWin32Path
ProcessContext::GetImagePathUnlocked
free
calling ProcessContext::ProcessContext
paramcount 1
address 75a61e140
sig void __thiscall InitializeCbpNamespacesTracking(ProcessContext * this)
sym_type Function
sym_source ANALYSIS
external False

ProcessNotification::ProcessNotification

Function Meta

Key mpengine.dll
name ProcessNotification
fullname ProcessNotification::ProcessNotification
refcount 3
length 195
called NotificationImpl::NotificationImpl
calling ProcessNotification::CreateInstance<struct_ProcessTerminateSetup>
paramcount 3
address 75a64374c
sig undefined __thiscall ProcessNotification(ProcessNotification * this, NotificationSetup * param_1, ProcessTerminateSetup * param_2)
sym_type Function
sym_source ANALYSIS
external False

kstore_unpin

Function Meta

Key mpengine.dll
name kstore_unpin
fullname kstore_unpin
refcount 2
length 210
called KERNEL32.DLL::GetLastError
KERNEL32.DLL::VirtualProtect
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
calling KstoreUnlocker::KstoreUnlocker
paramcount 0
address 75a70a7f8
sig bool __cdecl kstore_unpin(void)
sym_type Function
sym_source ANALYSIS
external False

kstore_pin

Function Meta

Key mpengine.dll
name kstore_pin
fullname kstore_pin
refcount 2
length 210
called KERNEL32.DLL::GetLastError
KERNEL32.DLL::VirtualProtect
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
calling KstoreUnlocker::~KstoreUnlocker
paramcount 0
address 75a70be60
sig bool __cdecl kstore_pin(void)
sym_type Function
sym_source ANALYSIS
external False

std::shared_ptr<class_tdt_library_v_current::logger_client::logger>::operator=

Function Meta

Key mpengine.dll
name operator=
fullname std::shared_ptr<class_tdt_library_v_current::logger_client::logger>::operator=
refcount 3
length 63
called std::_Ref_count_base::_Decref
calling tdt_library_v_current::logger_client::logger::set_logger
paramcount 2
address 75a76c370
sig shared_ptr<class_tdt_library_v_current::logger_client::logger> * __thiscall operator=(shared_ptr<class_tdt_library_v_current::logger_client::logger> * this, shared_ptr<class_tdt_library_v_current::logger_client::logger> * param_1)
sym_type Function
sym_source ANALYSIS
external False

BaseReport::BaseReport

Function Meta

Key mpengine.dll
name BaseReport
fullname BaseReport::BaseReport
refcount 2
length 1890
called CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new
calling SendFileQueryFromCoreReport
paramcount 2
address 75a76d674
sig undefined __thiscall BaseReport(BaseReport * this, BaseReport * param_1)
sym_type Function
sym_source ANALYSIS
external False

SetHipsBootData

Function Meta

Key mpengine.dll
name SetHipsBootData
fullname SetHipsBootData
refcount 2
length 294
called SetHipsBootData
free
operator_new
calling StartMpEngine
paramcount 7
address 75a81d304
sig long __cdecl SetHipsBootData(uint param_1, MpHipsRule_t * param_2, MpHipsRuleState_t param_3, MpHipsRuleState_t param_4, wchar_t * param_5, wchar_t * param_6, wchar_t * param_7)
sym_type Function
sym_source ANALYSIS
external False

NotificationFactory::CreateInstanceForProcessFork

Function Meta

Key mpengine.dll
name CreateInstanceForProcessFork
fullname NotificationFactory::CreateInstanceForProcessFork
refcount 2
length 303
called ExtractCmdLine
ExtractStartupParameters
GetImagePath
GetParentID
GetProcessID
ProcessNotification::CreateInstance<struct_ProcessForkSetup>
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
calling NotificationFactory::CreateProcessList
paramcount 2
address 75a892be8
sig long __cdecl CreateInstanceForProcessFork(ProcessNotification * * param_1, MPRTP_NOTIFICATION * param_2)
sym_type Function
sym_source ANALYSIS
external False

McTemplateU0pU16sdqqzz_MPEventWriteTransfer

Function Meta

Key mpengine.dll
name McTemplateU0pU16sdqqzz_MPEventWriteTransfer
fullname McTemplateU0pU16sdqqzz_MPEventWriteTransfer
refcount 4
length 343
called McGenEventWrite_MPEventWriteTransfer
__security_check_cookie
calling ScanRequestEtwHelper::OnEndRundown
ScanRequestEtwHelper::OnStartRundown
paramcount 5
address 75a8cdb24
sig undefined __fastcall McTemplateU0pU16sdqqzz_MPEventWriteTransfer(undefined8 param_1, PCEVENT_DESCRIPTOR param_2, undefined8 param_3, undefined8 param_4, char * param_5)
sym_type Function
sym_source IMPORTED
external False

std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::~Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>

Function Meta

Key mpengine.dll
name ~Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>
fullname std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::~Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>
refcount 4
length 77
called std::Deallocate<16,0>
std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*___ptr64>::Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>
calling std::unordered_map<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>,class_std::allocator<struct_std::pair<unsigned___int64_const_,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>>::~unordered_map<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>>
tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::~time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>_>
paramcount 1
address 75a906ed4
sig void __thiscall ~Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>(Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>> * this)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Range_eraser::_Bump_erased

Function Meta

Key mpengine.dll
name _Bump_erased
fullname std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Range_eraser::_Bump_erased
refcount 3
length 38
called std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>_>,void*___ptr64>::Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>
calling std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Unchecked_erase
paramcount 1
address 75a90776c
sig void __thiscall _Bump_erased(_Range_eraser * this)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Forced_rehash

Function Meta

Key mpengine.dll
name _Forced_rehash
fullname std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Forced_rehash
refcount 2
length 383
called std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::Clear_guard::~Clear_guard
std::Hash_vec<class_std::allocator<class_std::List_unchecked_iterator<class_std::List_val<struct_std::List_simple_types<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>>>>_>::_Assign_grow
std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64>
std::_Xlength_error
calling std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>
paramcount 2
address 75a90787c
sig void __thiscall Forced_rehash(Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>_> * this, __uint64 param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::message_processing_agent::_make_processed_image_event

Function Meta

Key mpengine.dll
name _make_processed_image_event
fullname tdt_library_v_current::bit_shovel_plugins::message_processing_agent::_make_processed_image_event
refcount 3
length 549
called
Expand for full list:
__security_check_cookie
buffer_view<unsigned_char>::throw_if_out_of_range
buffer_view<unsigned_char>::copy_as<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
buffer_view<unsigned_char>::subview
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resizetdt_library_v_current::bit_shovel_plugins::object_pool<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t>::allocate_shared
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
tdt_library_v_current::tdt_app_profiling::make_processed_image_event_common<tdt_library_v_current::bit_shovel_plugins::tts_event_view<1833321251>>
tdt_library_v_next::bit_shovel_plugins::message_processing_agent::get_dll_hash
calling std::Func_impl_no_alloc<<lambda_ff00e30d7dec161686b800fdd3ec3405>,std::shared_ptr<tdt_library_v_current::tdt_app_profiling::preprocessed_events::event_base_t>>::_Do_call
paramcount 3
address 75a9135f8
sig shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t> __thiscall _make_processed_image_event(message_processing_agent * this, object_pool<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t> * param_1, buffer_view<unsigned_char> * param_2)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::message_processing_agent::_make_processed_pid_event

Function Meta

Key mpengine.dll
name _make_processed_pid_event
fullname tdt_library_v_current::bit_shovel_plugins::message_processing_agent::_make_processed_pid_event
refcount 2
length 615
called
Expand for full list:
__security_check_cookie
buffer_view<unsigned_char>::throw_if_out_of_range
buffer_view<unsigned_char>::copy_as<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
buffer_view<unsigned_char>::subview
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resizetdt_library_v_current::bit_shovel_plugins::object_pool<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::process_event_t>::allocate_shared
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
tdt_library_v_current::tdt_app_profiling::make_processed_pid_event_common<tdt_library_v_current::bit_shovel_plugins::tts_event_view<1883652899>>
tdt_library_v_next::bit_shovel_plugins::message_processing_agent::get_dll_hash
tdt_library_v_next::bit_shovel_plugins::tts_event_view<1900430115>::get_image_path
calling std::Func_impl_no_alloc<<lambda_7c1c5ef5334669890381871a23b3188b>,std::shared_ptr<tdt_library_v_current::tdt_app_profiling::preprocessed_events::event_base_t>>::_Do_call
paramcount 3
address 75a913c60
sig shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::process_event_t> __thiscall _make_processed_pid_event(message_processing_agent * this, shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::process_event_t> * param_1, tts_event_view<1900430115> * param_2)
sym_type Function
sym_source ANALYSIS
external False

boost::optional<unsigned_int>::value

Function Meta

Key mpengine.dll
name value
fullname boost::optional<unsigned_int>::value
refcount 3
length 38
called boost::bad_optional_access::bad_optional_access
boost::throw_exception<class_boost::bad_optional_access>
calling tdt_library_v_current::bit_shovel_plugins::local_telemetry_server_impl::_update_driver_config_for_pmu_counters
tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::_update_driver_config_for_pmu_counters
paramcount 1
address 75a927500
sig uint * __thiscall value(optional<unsigned_int> * this)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::normalizer::_refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_t>

Function Meta

Key mpengine.dll
name _refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_t>
fullname tdt_library_v_current::bit_shovel_plugins::normalizer::_refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_t>
refcount 2
length 261
called std::Tree_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::pmi_records_reordering_queue_t<struct_tts_pmi_record_t>_>,void*___ptr64>::Freenode<class_std::allocator<struct_std::Tree_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::pmi_records_reordering_queue_t<struct_tts_pmi_record_t>>,void*ptr64>>>
std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned_int_const,struct_tdt_library_v_current::bit_shovel_plugins::isv_sample_agent_tbd::process_info_t>>>,struct_std::Iterator_base0>::operator++
std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::pmi_records_reordering_queue_t<struct_tts_pmi_record_t>>>>::_Extract
std::vector<class_BMInternalInfo*___ptr64,class_std::allocator<class_BMInternalInfo*__ptr64>>::_Emplace_reallocate<class_BMInternalInfo*___ptr64_const&___ptr64>
calling tdt_library_v_current::bit_shovel_plugins::normalizer::_process_pmi_event_common<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_t>
paramcount 2
address 75a94bc98
sig void __thiscall refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_t>(normalizer * this, vector<unsigned___int64,class_std::allocator<unsigned___int64>> * param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::normalizer::_refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>

Function Meta

Key mpengine.dll
name _refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>
fullname tdt_library_v_current::bit_shovel_plugins::normalizer::_refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>
refcount 2
length 261
called std::Tree_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_next::bit_shovel_plugins::pmi_records_reordering_queue_t<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_v2_record_t>_>,void*___ptr64>::Freenode<class_std::allocator<struct_std::Tree_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_next::bit_shovel_plugins::pmi_records_reordering_queue_t<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_v2_record_t>>,void*ptr64>>>
std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned_int_const,struct_tdt_library_v_current::bit_shovel_plugins::isv_sample_agent_tbd::process_info_t>>>,struct_std::Iterator_base0>::operator++
std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::pmi_records_reordering_queue_t<struct_tts_pmi_record_t>>>>::_Extract
std::vector<class_BMInternalInfo*___ptr64,class_std::allocator<class_BMInternalInfo*__ptr64>>::_Emplace_reallocate<class_BMInternalInfo*___ptr64_const&___ptr64>
calling tdt_library_v_current::bit_shovel_plugins::normalizer::_process_pmi_event_common<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>
paramcount 2
address 75a94bda0
sig void __thiscall refresh_reordering_queues<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>(normalizer * this, vector<unsigned___int64,class_std::allocator<unsigned___int64>> * param_1)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>

Function Meta

Key mpengine.dll
name emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>
fullname std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>
refcount 2
length 392
called std::Allocate<16,struct_std::Default_allocate_traits,0>
std::Hash<class_std::Umap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_tdt_library_v_next::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_tdt_library_v_next::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t>>,0>>::Desired_grow_bucket_count
std::Hash<class_std::Umap_traits<struct_PersistentProcessID,class_CommonUtil::AutoRefWrapper<struct_ProcessInfoBase>,class_std::Uhash_compare<struct_PersistentProcessID,struct_CommonUtil::CStdHashMapCompare<struct_PersistentProcessID,struct_CommonUtil::CStdRefHashMapAdapter<struct_PersistentProcessID,struct_ProcessInfoBase,struct_CommonUtil::CStdDefaultCompare<struct_PersistentProcessID,struct_std::hash<struct_PersistentProcessID>>>::CPolicy>,struct_CommonUtil::CStdHashMapCompare<struct_PersistentProcessID,struct_CommonUtil::CStdRefHashMapAdapter<struct_PersistentProcessID,struct_ProcessInfoBase,struct_CommonUtil::CStdDefaultCompare<struct_PersistentProcessID,struct_std::hash<struct_PersistentProcessID>>>::CPolicy>>,class_std::allocator<struct_std::pair<struct_PersistentProcessID_const_,class_CommonUtil::AutoRefWrapper<struct_ProcessInfoBase>>>,0>_>::_Insert_new_node_before
std::_Hash<class_std::_Umap_traits<unsigned___int64,class_std::vector<void*___ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*_ptr64>>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_std::vector<void*__ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*ptr64>>>>,0>>::Find_last<unsigned___int64>
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>>::_Forced_rehash
std::_List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>::~_List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>
std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64>
std::_Xlength_error
tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t::counters_per_pid_tid_t
calling tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::_find_counters_per_pid_tid
paramcount 4
address 75a94fca4
sig longlong * __thiscall emplace<unsigned___int64_const&__ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, longlong * param_1, __uint64 * param_2, counters_per_pid_tid_t * param_3)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased

Function Meta

Key mpengine.dll
name _Bump_erased
fullname std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased
refcount 3
length 38
called std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>
calling std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase
paramcount 1
address 75a950620
sig void __thiscall _Bump_erased(_Range_eraser * this)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Forced_rehash

Function Meta

Key mpengine.dll
name _Forced_rehash
fullname std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Forced_rehash
refcount 2
length 383
called std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>>::Clear_guard::~Clear_guard
std::Hash_vec<class_std::allocator<class_std::List_unchecked_iterator<class_std::List_val<struct_std::List_simple_types<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>>>>>::_Assign_grow
std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64>
std::_Xlength_error
calling std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>
paramcount 2
address 75a950678
sig void __thiscall Forced_rehash(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, __uint64 param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess

Function Meta

Key mpengine.dll
name _preprocess
fullname tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess
refcount 2
length 479
called log2
tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::_find_counters_per_pid_tid
tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess_common
calling tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::process<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::pmi_v2_record_t>
paramcount 3
address 75a950e18
sig void __thiscall _preprocess(normalizer_agent_impl * this, pmi_v2_record_t * param_1, counters_ex_t * param_2)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::print_memory_usage_info

Function Meta

Key mpengine.dll
name print_memory_usage_info
fullname tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::print_memory_usage_info
refcount 2
length 740
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
calling tdt_library_v_current::bit_shovel_plugins::normalizer::deinit
paramcount 1
address 75a951670
sig void __thiscall print_memory_usage_info(normalizer_agent_impl * this)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel_plugins::normalizer_agent::register_callback

Function Meta

Key mpengine.dll
name register_callback
fullname tdt_library_v_current::bit_shovel_plugins::normalizer_agent::register_callback
refcount 2
length 122
called guard_dispatch_icall$fo_default$
std::Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64>::_Tidy
tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::register_callback
calling tdt_library_v_current::bit_shovel_plugins::normalizer::register_callback
paramcount 2
address 75a951974
sig bool __thiscall register_callback(normalizer_agent * this, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::dispatch_callbacks

Function Meta

Key mpengine.dll
name dispatch_callbacks
fullname tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::dispatch_callbacks
refcount 3
length 284
called std::_Allocate<16,struct_std::_Default_allocate_traits,0>
std::_Deallocate<16,0>
std::_Func_class<void,unsigned___int64>::operator()
std::_Ref_count_base::_Decref
std::_Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<unsigned_int>>,struct_std::Iterator_base0>::operator++
std::list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>::_Emplace<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>_const&___ptr64>
std::unique_lock<class_std::mutex>::unique_lock<class_std::mutex>
std::unique_lock<class_std::mutex>::~unique_lock<class_std::mutex>
calling <lambda_915b71b27d4f965add1674c17df56f75>::operator()
paramcount 3
address 75a979ae0
sig void __thiscall dispatch_callbacks(time_update_service_api_impl * this, longlong param_1, longlong param_2)
sym_type Function
sym_source ANALYSIS
external False

<lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<double,class_std::allocator>>

Function Meta

Key mpengine.dll
name operator()<class_std::vector<double,class_std::allocator>>
fullname <lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<double,class_std::allocator>>
refcount 2
length 167
called tdt_dt_classify_stream
calling tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model
paramcount 2
address 75a979f78
sig tdt_status_ __thiscall operator()<class_std::vector<double,class_std::allocator>>(<lambda_8b8e3fe099d26a3f46ff4def3b5c236f> * this, vector<double,class_std::allocator_> * param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel_plugins::message_processing_agent::_make_processed_image_event

Function Meta

Key mpengine.dll
name _make_processed_image_event
fullname tdt_library_v_next::bit_shovel_plugins::message_processing_agent::_make_processed_image_event
refcount 3
length 549
called
Expand for full list:
__security_check_cookie
buffer_view<unsigned_char>::throw_if_out_of_range
buffer_view<unsigned_char>::copy_as<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
buffer_view<unsigned_char>::subview
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resizetdt_library_v_current::tdt_app_profiling::make_processed_image_event_common<tdt_library_v_current::bit_shovel_plugins::tts_event_view<1833321251>>
tdt_library_v_next::bit_shovel_plugins::message_processing_agent::get_dll_hash
tdt_library_v_next::bit_shovel_plugins::object_pool<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::image_load_event_t>::allocate_shared
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling std::Func_impl_no_alloc<<lambda_ec53dacb184735feadfff80331e777ef>,std::shared_ptr<tdt_library_v_next::tdt_app_profiling::preprocessed_events::event_base_t>>::_Do_call
paramcount 3
address 75a9902e4
sig shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::image_load_event_t> __thiscall _make_processed_image_event(message_processing_agent * this, object_pool<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::image_load_event_t> * param_1, buffer_view<unsigned_char> * param_2)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel_plugins::message_processing_agent::_make_processed_pid_event

Function Meta

Key mpengine.dll
name _make_processed_pid_event
fullname tdt_library_v_next::bit_shovel_plugins::message_processing_agent::_make_processed_pid_event
refcount 2
length 615
called
Expand for full list:
__security_check_cookie
buffer_view<unsigned_char>::throw_if_out_of_range
buffer_view<unsigned_char>::copy_as<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
buffer_view<unsigned_char>::subview
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resizetdt_library_v_current::tdt_app_profiling::make_processed_pid_event_common<tdt_library_v_current::bit_shovel_plugins::tts_event_view<1883652899>>
tdt_library_v_next::bit_shovel_plugins::message_processing_agent::get_dll_hash
tdt_library_v_next::bit_shovel_plugins::object_pool<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::process_event_t>::allocate_shared
tdt_library_v_next::bit_shovel_plugins::tts_event_view<1900430115>::get_image_path
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling std::Func_impl_no_alloc<<lambda_131fc097608e50d6060911fe6e581095>,std::shared_ptr<tdt_library_v_next::tdt_app_profiling::preprocessed_events::event_base_t>>::_Do_call
paramcount 3
address 75a990998
sig shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::process_event_t> __thiscall _make_processed_pid_event(message_processing_agent * this, shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::process_event_t> * param_1, tts_event_view<1900430115> * param_2)
sym_type Function
sym_source ANALYSIS
external False

<lambda_f54c131c46b51efd7fad7b20bfccc291>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_f54c131c46b51efd7fad7b20bfccc291>::operator()
refcount 5
length 393
called __security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::_process_all_telemetry_data
paramcount 3
address 75a99d6e0
sig undefined __thiscall operator()(<lambda_f54c131c46b51efd7fad7b20bfccc291> * this, char * param_1, _channel_operation_stats_t * param_2)
sym_type Function
sym_source ANALYSIS
external False

<lambda_ae006f047328060027111814c42dd78b>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_ae006f047328060027111814c42dd78b>::operator()
refcount 3
length 492
called
Expand for full list:
<lambda_7482b643e0e0cfebe56c58d47ecfb029>::operator()
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::equal_range
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::find
std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_tdt_library_v_next::feature_extraction::signal_info_t>>,struct_std::Iterator_base0>::operator++
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator_>::resizetdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::_process_pmi_event_common<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>
paramcount 2
address 75a9a8588
sig undefined __thiscall operator()(<lambda_ae006f047328060027111814c42dd78b> * this, pmi_v2_record_t * param_1)
sym_type Function
sym_source ANALYSIS
external False

<lambda_f707771f85ae76d0d116ad4310dd82a1>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_f707771f85ae76d0d116ad4310dd82a1>::operator()
refcount 3
length 492
called
Expand for full list:
<lambda_b9a5e139ad4349087906b98af1d5d329>::operator()
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::equal_range
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::find
std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_tdt_library_v_next::feature_extraction::signal_info_t>>,struct_std::Iterator_base0>::operator++
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator_>::resizetdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::_process_pmi_event_common<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_event_t>
paramcount 2
address 75a9a9850
sig undefined __thiscall operator()(<lambda_f707771f85ae76d0d116ad4310dd82a1> * this, tts_pmi_record_t * param_1)
sym_type Function
sym_source ANALYSIS
external False

std::vector<struct_tdt_library_v_next::feature_extraction::signal_info_t,class_std::allocator<struct_tdt_library_v_next::feature_extraction::signal_info_t>_>::_Emplace_reallocate<struct_tdt_library_v_next::feature_extraction::signal_info_t>

Function Meta

Key mpengine.dll
name _Emplace_reallocate<struct_tdt_library_v_next::feature_extraction::signal_info_t>
fullname std::vector<struct_tdt_library_v_next::feature_extraction::signal_info_t,class_std::allocator<struct_tdt_library_v_next::feature_extraction::signal_info_t>_>::_Emplace_reallocate<struct_tdt_library_v_next::feature_extraction::signal_info_t>
refcount 2
length 370
called std::_Allocate<16,struct_std::_Default_allocate_traits,0>
std::Get_size_of_n<40>
std::Uninitialized_move<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,unsigned_int>*ptr64,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,unsigned_int>>>
std::vector<struct_AmsiSessionCache::AmsiSessionCache::AmsiSessionCacheEntry::AmsiAttribute,class_std::allocator<struct_AmsiSessionCache::AmsiSessionCache::AmsiSessionCacheEntry::AmsiAttribute>>::Change_array
std::vector<struct__GUID,class_std::allocator<struct__GUID>>::_Xlength
calling std::vector<struct_tdt_library_v_next::feature_extraction::signal_info_t,class_std::allocator<struct_tdt_library_v_next::feature_extraction::signal_info_t>_>::emplace_back<struct_tdt_library_v_next::feature_extraction::signal_info_t>
paramcount 3
address 75a9ad600
sig signal_info_t * __thiscall Emplace_reallocate<struct_tdt_library_v_next::feature_extraction::signal_info_t>(vector<struct_tdt_library_v_next::feature_extraction::signal_info_t,class_std::allocator<struct_tdt_library_v_next::feature_extraction::signal_info_t>> * this, signal_info_t * param_1, signal_info_t * param_2)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::feature_extraction::exponential_smoothing_node::~exponential_smoothing_node

Function Meta

Key mpengine.dll
name ~exponential_smoothing_node
fullname tdt_library_v_next::feature_extraction::exponential_smoothing_node::~exponential_smoothing_node
refcount 3
length 31
called std::vector<struct_AddressMapEntryType,class_std::allocator<struct_AddressMapEntryType>_>::_Tidy
tdt_library_v_next::feature_extraction::feature_extraction_node::~feature_extraction_node
calling tdt_library_v_next::feature_extraction::exponential_smoothing_node::`vector_deleting_destructor'
paramcount 1
address 75a9ade38
sig void __thiscall ~exponential_smoothing_node(exponential_smoothing_node * this)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::feature_extraction::feature_extraction_node::~feature_extraction_node

Function Meta

Key mpengine.dll
name ~feature_extraction_node
fullname tdt_library_v_next::feature_extraction::feature_extraction_node::~feature_extraction_node
refcount 7
length 41
called std::basic_string<char,struct_std::char_traits,class_std::allocator_>::Tidy_deallocate
std::vector<struct_vdll_section_data_t,class_std::allocator<struct_vdll_section_data_t>>::_Tidy
calling tdt_library_v_next::feature_extraction::hotspot_detector_node::hotspot_detector_node'::__l1::dtor$1<br>tdt_library_v_next::feature_extraction::exponential_smoothing_node::~exponential_smoothing_node<br>tdt_library_v_next::feature_extraction::hotspot_detector_node::~hotspot_detector_node<br>tdt_library_v_next::feature_extraction::l2_norm_node::scalar_deleting_destructor'
tdt_library_v_next::feature_extraction::statistical_distributions_node::~statistical_distributions_node
tdt_library_v_next::feature_extraction::t0_feature_node::~t0_feature_node
paramcount 1
address 75a9ade58
sig void __thiscall ~feature_extraction_node(feature_extraction_node * this)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::feature_extraction::statistical_distributions_node::~statistical_distributions_node

Function Meta

Key mpengine.dll
name ~statistical_distributions_node
fullname tdt_library_v_next::feature_extraction::statistical_distributions_node::~statistical_distributions_node
refcount 2
length 31
called tdt_library_v_next::feature_extraction::feature_extraction_node::~feature_extraction_node
tdt_library_v_next::tdt_normalizer_lib::data_model::~data_model
calling tdt_library_v_next::feature_extraction::statistical_distributions_node::`vector_deleting_destructor'
paramcount 1
address 75a9adebc
sig void __thiscall ~statistical_distributions_node(statistical_distributions_node * this)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel_plugins::detection_filter::_get_system_folders

Function Meta

Key mpengine.dll
name _get_system_folders
fullname tdt_library_v_next::bit_shovel_plugins::detection_filter::_get_system_folders
refcount 2
length 701
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
snprintf
std::Deallocate<16,0>
std::Destroy_range<class_std::allocator<struct_std::pair<enum_tdt_library_v_current::bit_shovel_plugins::match_type_t,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>>
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::operator=
std::basic_string<char,struct_std::char_traits,class_std::allocator_>::resizetdt_library_v_next::bit_shovel_plugins::detection_filter::_process_folder_matching
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
tdt_library_v_next::logger_client::logger::log_message
calling tdt_library_v_next::bit_shovel_plugins::detection_filter::init
paramcount 3
address 75a9c4778
sig result_type __thiscall get_system_folders(detection_filter * this, undefined4 * param_1, basic_string<char,struct_std::char_traits,class_std::allocator> * param_2)
sym_type Function
sym_source ANALYSIS
external False

<lambda_3e9f779f0033d4a0b8b75e5cc148621e>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_3e9f779f0033d4a0b8b75e5cc148621e>::operator()
refcount 3
length 478
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::equal_range
std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>const,class_std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>>>>>,struct_std::Iterator_base0>::operator++
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::process<struct_tts_pmi_record_t>
tdt_library_v_next::bit_shovel_plugins::normalizer_agent::dispatch_callbackstdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::normalizer::_process_pmi_event_common<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_event_t>
paramcount 2
address 75a9c969c
sig undefined __thiscall operator()(<lambda_3e9f779f0033d4a0b8b75e5cc148621e> * this, tts_pmi_record_t * param_1)
sym_type Function
sym_source ANALYSIS
external False

<lambda_3f0d6c16b1fbefd1ae2cda1433c052f2>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_3f0d6c16b1fbefd1ae2cda1433c052f2>::operator()
refcount 3
length 478
called
Expand for full list:
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::Tree<class_std::Tmap_traits<unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,struct_tdt_library_v_next::bit_shovel_plugins::feature_extraction_plugin::feature_extraction_graph_agent>>,1>>::equal_range
std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>const,class_std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>>>>>,struct_std::Iterator_base0>::operator++
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize
tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::process<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_v2_record_t>
tdt_library_v_next::bit_shovel_plugins::normalizer_agent::dispatch_callbackstdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
calling tdt_library_v_next::bit_shovel_plugins::normalizer::_process_pmi_event_common<struct_tdt_library_v_next::tdt_app_profiling::preprocessed_events::pmi_event_v2_t>
paramcount 2
address 75a9c987c
sig undefined __thiscall operator()(<lambda_3f0d6c16b1fbefd1ae2cda1433c052f2> * this, pmi_v2_record_t * param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_find_counters_per_pid_tid

Function Meta

Key mpengine.dll
name _find_counters_per_pid_tid
fullname tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_find_counters_per_pid_tid
refcount 3
length 425
called KERNEL32.DLL::HeapFree
guard_dispatch_icall$fo_default$
operator_new
std::_Xbad_function_call
tdt_library_v_next::bit_shovel_plugins::context_manager::add_context
tdt_library_v_next::bit_shovel_plugins::context_manager::get_context
tdt_library_v_next::bit_shovel_plugins::internal::counters_per_pid_tid_t::counters_per_pid_tid_t
calling tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess
tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess
paramcount 5
address 75a9cac78
sig counters_per_pid_tid_t * __thiscall _find_counters_per_pid_tid(normalizer_agent_impl * this, __uint64 param_1, uint param_2, uint param_3, __uint64 param_4)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess

Function Meta

Key mpengine.dll
name _preprocess
fullname tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess
refcount 2
length 339
called log2
tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_find_counters_per_pid_tid
tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::_preprocess_common
calling tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::process<struct_tts_pmi_record_t>
paramcount 3
address 75a9cb004
sig void __thiscall _preprocess(normalizer_agent_impl * this, tts_pmi_record_t * param_1, counters_ex_t * param_2)
sym_type Function
sym_source ANALYSIS
external False

<lambda_be658caf3e56b049fcd5f41bbba671c9>::operator()<class_std::vector<double,class_std::allocator>>

Function Meta

Key mpengine.dll
name operator()<class_std::vector<double,class_std::allocator>>
fullname <lambda_be658caf3e56b049fcd5f41bbba671c9>::operator()<class_std::vector<double,class_std::allocator>>
refcount 2
length 178
called guard_dispatch_icall$fo_default$
calling tdt_library_v_next::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model
paramcount 2
address 75a9eb700
sig tdt_status_ __thiscall operator()<class_std::vector<double,class_std::allocator>>(<lambda_be658caf3e56b049fcd5f41bbba671c9> * this, vector<double,class_std::allocator_> * param_1)
sym_type Function
sym_source ANALYSIS
external False

FUN_75ab8fefc

Function Meta

Key mpengine.dll
name FUN_75ab8fefc
fullname FUN_75ab8fefc
refcount 3
length 146
called std::List_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,class_std::unordered_map<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_atomic_counter_entry,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_atomic_counter_entry>>>>,void*ptr64>::Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,class_std::unordered_map<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_atomic_counter_entry,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_atomic_counter_entry>>>>,void*ptr64>>>
std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::operator()<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
calling atomic_counters::erase_nolock
atomic_counters::scavenge
paramcount 3
address 75ab8fefc
sig longlong * __fastcall FUN_75ab8fefc(Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> * param_1, longlong * param_2, List_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,class_std::unordered_map<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_atomic_counter_entry,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_atomic_counter_entry>>>>,void*___ptr64> * param_3)
sym_type Function
sym_source DEFAULT
external False

McTemplateU0pzq_MPEventWriteTransfer

Function Meta

Key mpengine.dll
name McTemplateU0pzq_MPEventWriteTransfer
fullname McTemplateU0pzq_MPEventWriteTransfer
refcount 4
length 167
called McGenEventWrite_MPEventWriteTransfer
__security_check_cookie
calling EtwTraceHelper::OnEndRundown
EtwTraceHelper::OnStartRundown
paramcount 5
address 75abfa4d0
sig undefined __fastcall McTemplateU0pzq_MPEventWriteTransfer(undefined8 param_1, PCEVENT_DESCRIPTOR param_2, undefined8 param_3, wchar_t * param_4, undefined1 param_5)
sym_type Function
sym_source IMPORTED
external False

WPP_SF_SLd

Function Meta

Key mpengine.dll
name WPP_SF_SLd
fullname WPP_SF_SLd
refcount 3
length 123
called ADVAPI32.DLL::TraceMessage
calling CommonUtil::HrOpenService
paramcount 5
address 75accedbc
sig undefined __fastcall WPP_SF_SLd(undefined8 param_1, undefined param_2, undefined param_3, undefined param_4, undefined1 param_5)
sym_type Function
sym_source IMPORTED
external False

FWPUCLNT.DLL::FwpmEngineClose0

Function Meta

Key mpengine.dll
name FwpmEngineClose0
fullname FWPUCLNT.DLL::FwpmEngineClose0
refcount 3
length 0
called
calling CommonUtil::ScopeGuardImpl<<lambda_478bed5938205202c5e87d2f0dd24b6c>>::~ScopeGuardImpl<<lambda_478bed5938205202c5e87d2f0dd24b6c>>
CommonUtil::ScopeGuardImpl<<lambda_4d4744c4a686a0bb5e47138ce5c371f2>>::~ScopeGuardImpl<<lambda_4d4744c4a686a0bb5e47138ce5c371f2>>
paramcount 0
address EXTERNAL:000001d2
sig undefined FwpmEngineClose0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmEngineOpen0

Function Meta

Key mpengine.dll
name FwpmEngineOpen0
fullname FWPUCLNT.DLL::FwpmEngineOpen0
refcount 4
length 0
called
calling FirewallHelpers::CleanupWFPFiltersByDirection
FirewallHelpers::GetWFPEngine
FirewallHelpers::UninstallWFPProvider
paramcount 0
address EXTERNAL:000001d1
sig undefined FwpmEngineOpen0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmFilterCreateEnumHandle0

Function Meta

Key mpengine.dll
name FwpmFilterCreateEnumHandle0
fullname FWPUCLNT.DLL::FwpmFilterCreateEnumHandle0
refcount 2
length 0
called
calling FirewallHelpers::CleanupWFPFiltersByDirection
paramcount 0
address EXTERNAL:000001d8
sig undefined FwpmFilterCreateEnumHandle0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmFilterEnum0

Function Meta

Key mpengine.dll
name FwpmFilterEnum0
fullname FWPUCLNT.DLL::FwpmFilterEnum0
refcount 2
length 0
called
calling FirewallHelpers::CleanupWFPFiltersByDirection
paramcount 0
address EXTERNAL:000001da
sig undefined FwpmFilterEnum0(void)
sym_type Function
sym_source IMPORTED
external True

WS2_32.DLL::inet_pton

Function Meta

Key mpengine.dll
name inet_pton
fullname WS2_32.DLL::inet_pton
refcount 2
length 0
called
calling FirewallHelpers::CreateWFPFilterIpAddress
paramcount 0
address EXTERNAL:000001cb
sig undefined inet_pton(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmFilterAdd0

Function Meta

Key mpengine.dll
name FwpmFilterAdd0
fullname FWPUCLNT.DLL::FwpmFilterAdd0
refcount 2
length 0
called
calling FirewallHelpers::CreateWFPFilterIpAddress
paramcount 0
address EXTERNAL:000001d9
sig undefined FwpmFilterAdd0(void)
sym_type Function
sym_source IMPORTED
external True

WS2_32.DLL::inet_ntop

Function Meta

Key mpengine.dll
name inet_ntop
fullname WS2_32.DLL::inet_ntop
refcount 2
length 0
called
calling FirewallHelpers::GetInfoFromFilter
paramcount 0
address EXTERNAL:000001cc
sig undefined inet_ntop(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmTransactionBegin0

Function Meta

Key mpengine.dll
name FwpmTransactionBegin0
fullname FWPUCLNT.DLL::FwpmTransactionBegin0
refcount 3
length 0
called
calling FirewallHelpers::GetWFPEngine
FirewallHelpers::UninstallWFPProvider
paramcount 0
address EXTERNAL:000001cf
sig undefined FwpmTransactionBegin0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmProviderGetByKey0

Function Meta

Key mpengine.dll
name FwpmProviderGetByKey0
fullname FWPUCLNT.DLL::FwpmProviderGetByKey0
refcount 2
length 0
called
calling FirewallHelpers::GetWFPEngine
paramcount 0
address EXTERNAL:000001d6
sig undefined FwpmProviderGetByKey0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmFreeMemory0

Function Meta

Key mpengine.dll
name FwpmFreeMemory0
fullname FWPUCLNT.DLL::FwpmFreeMemory0
refcount 3
length 0
called
calling FirewallHelpers::GetWFPEngine
paramcount 0
address EXTERNAL:000001cd
sig undefined FwpmFreeMemory0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmSubLayerGetByKey0

Function Meta

Key mpengine.dll
name FwpmSubLayerGetByKey0
fullname FWPUCLNT.DLL::FwpmSubLayerGetByKey0
refcount 2
length 0
called
calling FirewallHelpers::GetWFPEngine
paramcount 0
address EXTERNAL:000001d3
sig undefined FwpmSubLayerGetByKey0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmTransactionCommit0

Function Meta

Key mpengine.dll
name FwpmTransactionCommit0
fullname FWPUCLNT.DLL::FwpmTransactionCommit0
refcount 3
length 0
called
calling FirewallHelpers::GetWFPEngine
FirewallHelpers::UninstallWFPProvider
paramcount 0
address EXTERNAL:000001d5
sig undefined FwpmTransactionCommit0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmProviderAdd0

Function Meta

Key mpengine.dll
name FwpmProviderAdd0
fullname FWPUCLNT.DLL::FwpmProviderAdd0
refcount 2
length 0
called
calling FirewallHelpers::GetWFPEngine
paramcount 0
address EXTERNAL:000001d7
sig undefined FwpmProviderAdd0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmSubLayerAdd0

Function Meta

Key mpengine.dll
name FwpmSubLayerAdd0
fullname FWPUCLNT.DLL::FwpmSubLayerAdd0
refcount 2
length 0
called
calling FirewallHelpers::GetWFPEngine
paramcount 0
address EXTERNAL:000001d4
sig undefined FwpmSubLayerAdd0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmFilterDeleteByKey0

Function Meta

Key mpengine.dll
name FwpmFilterDeleteByKey0
fullname FWPUCLNT.DLL::FwpmFilterDeleteByKey0
refcount 2
length 0
called
calling FirewallHelpers::RemoveWFPFilter
paramcount 0
address EXTERNAL:000001ce
sig undefined FwpmFilterDeleteByKey0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmSubLayerDeleteByKey0

Function Meta

Key mpengine.dll
name FwpmSubLayerDeleteByKey0
fullname FWPUCLNT.DLL::FwpmSubLayerDeleteByKey0
refcount 2
length 0
called
calling FirewallHelpers::UninstallWFPProvider
paramcount 0
address EXTERNAL:000001db
sig undefined FwpmSubLayerDeleteByKey0(void)
sym_type Function
sym_source IMPORTED
external True

FWPUCLNT.DLL::FwpmProviderDeleteByKey0

Function Meta

Key mpengine.dll
name FwpmProviderDeleteByKey0
fullname FWPUCLNT.DLL::FwpmProviderDeleteByKey0
refcount 2
length 0
called
calling FirewallHelpers::UninstallWFPProvider
paramcount 0
address EXTERNAL:000001d0
sig undefined FwpmProviderDeleteByKey0(void)
sym_type Function
sym_source IMPORTED
external True

tdt::worker_context_t::~worker_context_t

Function Meta

Key mpengine.dll
name ~worker_context_t
fullname tdt::worker_context_t::~worker_context_t
refcount 3
length 38
called _Mtx_destroy_in_situ
std::_Ref_count_base::_Decref
calling std::_Ref_count_obj2<struct_tdt::worker_context_t>::_Destroy
paramcount 1
address 75a19b9ac
sig void __thiscall ~worker_context_t(worker_context_t * this)
sym_type Function
sym_source ANALYSIS
external False

MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::RecordPush

Function Meta

Key mpengine.dll
name RecordPush
fullname MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::RecordPush
refcount 3
length 503
called WPP_SF_iL
CxxThrowException
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecidpc
realloc
std::Uninitialized_value_construct_n<class_std::allocator<struct_MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::ChunkEntry>>
std::vector<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry>>::_Resize_reallocate<struct_std::_Value_init_tag>
threatidfromrecid
calling MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::RecordPush
paramcount 5
address 75a3e8c70
sig MP_ERROR __thiscall RecordPush(MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1> * this, uchar * param_1, __uint64 param_2, ulong param_3, ulong param_4)
sym_type Function
sym_source ANALYSIS
external False

std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>>::~vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>

Function Meta

Key mpengine.dll
name ~vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>
fullname std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>>::~vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>
refcount 6
length 65
called std::_Deallocate<16,0>
std::_Destroy_range<class_std::allocator<class_std::function<void___cdecl(float_const*___ptr64,unsigned___int64,struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_context_t_const*___ptr64,void*_ptr64)>>>
calling CDcGlobal::Finalize'::__l1::dtor$0<br>tdt_library_v_current::bit_shovel_plugins::internal::classifier_detect_impl::classifier_detect_impl'::__l1::dtor$12
tdt_library_v_current::bit_shovel_plugins::internal::classifier_detect_impl::~classifier_detect_impl'::__l1::dtor$8<br>tdt_library_v_current::bit_shovel_plugins::normalizer::normalizer'::__l1::dtor$6
`tdt_library_v_next::bit_shovel_plugins::context_manager::context_manager'::__l1::dtor$0
paramcount 1
address 75a43b868
sig void __thiscall ~vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>>(vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>> * this)
sym_type Function
sym_source ANALYSIS
external False

get_severity

Function Meta

Key mpengine.dll
name get_severity
fullname get_severity
refcount 2
length 85
called kpopobjectex
calling GetSeverity
paramcount 1
address 75a60ebc0
sig uchar __cdecl get_severity(t_mini_threat_record * param_1)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::bit_shovel::internal::channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>::~channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>

Function Meta

Key mpengine.dll
name ~channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>
fullname tdt_library_v_current::bit_shovel::internal::channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>::~channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>
refcount 2
length 31
called std::vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::_Tidy
calling std::_Ref_count_obj2<class_tdt_library_v_next::bit_shovel::internal::channel_registration<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*__ptr64>>::_Destroy
paramcount 1
address 75a6ff774
sig void __thiscall ~channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>(channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>> * this)
sym_type Function
sym_source ANALYSIS
external False

<lambda_ab0e2f205cd97d96b5bab94cb5ec5d85>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_ab0e2f205cd97d96b5bab94cb5ec5d85>::operator()
refcount 2
length 1777
called
Expand for full list:
AntiRootkit::PeFileImportInfo::~PeFileImportInfo
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Equal
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::find
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resizestd::operator+<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::bit_shovel::internal::pipeline_manager_impl::_reset
tdt_library_v_current::logger_client::logger::get_logger
tdt_library_v_current::logger_client::logger::log
tdt_library_v_current::tdt_status_notification::create_status_json_notification
tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::_send_notification
tdt_library_v_next::bit_shovel::pipeline_plugin_exit_details_t::operator=
calling std::Func_impl_no_alloc<class_std::Fake_no_copy_callable_adapter<class<lambda_556e180f6a5c39711a427e97abd38b06>>,void>::_Do_call
paramcount 1
address 75a8f473c
sig void __thiscall operator()(<lambda_ab0e2f205cd97d96b5bab94cb5ec5d85> * this)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Unchecked_erase

Function Meta

Key mpengine.dll
name _Unchecked_erase
fullname std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Unchecked_erase
refcount 2
length 303
called std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Range_eraser::_Bump_erased
std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64>
calling std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::clear
paramcount 3
address 75a907cd8
sig List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>_>,void*_ptr64> * __thiscall Unchecked_erase(Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>> * this, List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*__ptr64> * param_1, List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*___ptr64> * param_2)
sym_type Function
sym_source ANALYSIS
external False

std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase

Function Meta

Key mpengine.dll
name _Unchecked_erase
fullname std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase
refcount 2
length 303
called std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased
std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64>
calling std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Clear_guard::~_Clear_guard
paramcount 3
address 75a950818
sig List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * __thiscall Unchecked_erase(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * param_1, List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * param_2)
sym_type Function
sym_source ANALYSIS
external False

std::list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>::~list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>

Function Meta

Key mpengine.dll
name ~list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>
fullname std::list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>::~list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>
refcount 2
length 103
called std::_Deallocate<16,0>
std::_Ref_count_base::_Decref
calling `tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::dispatch_callbacks'::__l1::dtor$0
paramcount 1
address 75a979778
sig void __thiscall ~list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>>(list<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>,class_std::allocator<class_std::shared_ptr<struct_tdt_library_v_current::tdt_app_profiling::time_update_service_api_impl::callback_info_t>>> * this)
sym_type Function
sym_source ANALYSIS
external False

<lambda_2927230490f590d553feb3ebacfa3c08>::operator()

Function Meta

Key mpengine.dll
name operator()
fullname <lambda_2927230490f590d553feb3ebacfa3c08>::operator()
refcount 2
length 1777
called
Expand for full list:
AntiRootkit::PeFileImportInfo::~PeFileImportInfo
__security_check_cookie
snprintf
std::Ref_count_base::Decref
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Equal
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_string<char,struct_std::char_traits,class_std::allocator>::find
std::basic_string<char,struct_std::char_traits,class_std::allocator>::resizestd::operator+<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::_reset
tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::_send_notification
tdt_library_v_next::bit_shovel::pipeline_plugin_exit_details_t::operator=
tdt_library_v_next::logger_client::logger::get_logger
tdt_library_v_next::logger_client::logger::log
tdt_library_v_next::tdt_status_notification::create_status_json_notification
calling std::Func_impl_no_alloc<class_std::Fake_no_copy_callable_adapter<class<lambda_88c3201bf12fb15fa7aad5507f772d56>>,void>::_Do_call
paramcount 1
address 75a983940
sig void __thiscall operator()(<lambda_2927230490f590d553feb3ebacfa3c08> * this)
sym_type Function
sym_source ANALYSIS
external False

std::vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>::~vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>

Function Meta

Key mpengine.dll
name ~vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>
fullname std::vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>::~vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>
refcount 2
length 65
called std::Deallocate<16,0>
std::Destroy_range<class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>
calling `tdt_library_v_next::feature_extraction::feature_extraction_graph::feature_extraction_graph'::__l1::dtor$3
paramcount 1
address 75a9a7af0
sig void __thiscall ~vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>>(vector<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::feature_extraction::feature_extraction_node>>> * this)
sym_type Function
sym_source ANALYSIS
external False

MpSignatureSubType<struct_pestaticex_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestaticex_t>,0,0,1>::RecordPush

Function Meta

Key mpengine.dll
name RecordPush
fullname MpSignatureSubType<struct_pestaticex_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestaticex_t>,0,0,1>::RecordPush
refcount 2
length 479
called WPP_SF_iL
CxxThrowException
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecidpc
realloc
std::Uninitialized_value_construct_n<class_std::allocator<struct_MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::ChunkEntry>>
std::vector<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry>>::_Resize_reallocate<struct_std::_Value_init_tag>
threatidfromrecid
calling MpSignatureSubType<struct_pestaticex_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestaticex_t>,0,0,1>::RecordPush
paramcount 5
address 75aa1d9c0
sig MP_ERROR __thiscall RecordPush(MpSignatureSubType<struct_pestaticex_t,unsigned_long,3,0,0,0,struct_MpEmptyEnumerator<struct_pestaticex_t>,0,0,1> * this, uchar * param_1, __uint64 param_2, ulong param_3, ulong param_4)
sym_type Function
sym_source ANALYSIS
external False

MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::RecordPush

Function Meta

Key mpengine.dll
name RecordPush
fullname MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::RecordPush
refcount 3
length 877
called
Expand for full list:
CommonUtil::UtilMultiByteToWideChar
MpSmartBuffer::GetBytes
WPP_SF_iL
CxxThrowException
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
free
kstore
realloc
std::Uninitialized_value_construct_n<class_std::allocator<struct_MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::ChunkEntry>>
std::vector<char,class_std::allocator>::Tidystd::vector<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry>>::Resize_reallocate<struct_std::Value_init_tag>
std::vector<unsigned_char,class_std::allocator<unsigned_char>>::vector<unsigned_char,class_std::allocator<unsigned_char>>
calling MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::RecordPush
paramcount 5
address 75aa865b0
sig MP_ERROR __thiscall RecordPush(MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1> * this, uchar * param_1, __uint64 param_2, ulong param_3, ulong param_4)
sym_type Function
sym_source ANALYSIS
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'known_node_types''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
refcount 3
length 200
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types''
calling
paramcount 0
address 75a122f30
sig undefined _fastcall `dynamic_initializer_for'known_node_types''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'builtin_signals''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
refcount 3
length 300
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals''
calling
paramcount 0
address 75a123000
sig undefined _fastcall `dynamic_initializer_for'builtin_signals''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'known_node_types''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
refcount 3
length 200
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types''
calling
paramcount 0
address 75a123130
sig undefined _fastcall `dynamic_initializer_for'known_node_types''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'builtin_signals''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
refcount 3
length 300
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals''
calling
paramcount 0
address 75a123200
sig undefined _fastcall `dynamic_initializer_for'builtin_signals''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'known_node_types''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
refcount 3
length 200
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types''
calling
paramcount 0
address 75a123330
sig undefined _fastcall `dynamic_initializer_for'known_node_types''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'builtin_signals''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
refcount 3
length 300
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals''
calling
paramcount 0
address 75a123400
sig undefined _fastcall `dynamic_initializer_for'builtin_signals''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'known_node_types''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
refcount 3
length 200
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types''
calling
paramcount 0
address 75a123530
sig undefined _fastcall `dynamic_initializer_for'known_node_types''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'builtin_signals''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
refcount 3
length 300
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals''
calling
paramcount 0
address 75a123600
sig undefined _fastcall `dynamic_initializer_for'builtin_signals''(void)
sym_type Function
sym_source IMPORTED
external False

tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''

Function Meta

Key mpengine.dll
name `dynamic_initializer_for_'known_node_types''
fullname tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
refcount 3
length 200
called atexit
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types''
calling
paramcount 0
address 75a123730
sig undefined _fastcall `dynamic_initializer_for'known_node_types''(void)
sym_type Function
sym_source IMPORTED
external False

CertFreeCertificateChain

Function Meta

Key mpengine.dll
name CertFreeCertificateChain
fullname CertFreeCertificateChain
refcount 3
length 54
called ApitableInit
guard_dispatch_icall$fo_default$
calling platform_services_sample::CertFreeCertificateChain_shim
paramcount 1
address 75a77b150
sig void __stdcall CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
sym_type Function
sym_source IMPORTED
external False

ReadProcessMemory

Function Meta

Key mpengine.dll
name ReadProcessMemory
fullname ReadProcessMemory
refcount 22
length 5
called ReadProcessMemoryInternal
calling
Expand for full list:
CEMSTele::Matched
CSMSProcess::InvokeScanner
CSMSProcess::ScanRange
CheckProcessForInjectedModule
LsaTriggerLib::AlureonA2G
LuaGetProcAddress
LuaReadProcMem
MemScanReadProcess
PartialReadHelper
nUFSP_proc::Read
platform_services_sample::ReadProcessMemory_shimx86dasm_worker
paramcount 5
address 75a77e4d0
sig undefined8 __fastcall ReadProcessMemory(undefined8 param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, undefined8 * param_5)
sym_type Function
sym_source IMPORTED
external False

FailStubNtReadVirtualMemoryEx

Function Meta

Key mpengine.dll
name FailStubNtReadVirtualMemoryEx
fullname FailStubNtReadVirtualMemoryEx
refcount 2
length 6
called
calling ReadProcessMemoryInternal
paramcount 0
address 75a77ff00
sig undefined8 __fastcall FailStubNtReadVirtualMemoryEx(void)
sym_type Function
sym_source IMPORTED
external False

ReadProcessMemoryInternal

Function Meta

Key mpengine.dll
name ReadProcessMemoryInternal
fullname ReadProcessMemoryInternal
refcount 4
length 311
called ApitableInit
FailStubNtReadVirtualMemoryEx
KERNEL32.DLL::GetProcAddress
KERNEL32.DLL::SetLastError
NTDLL.DLL::RtlNtStatusToDosError
guard_dispatch_icall$fo_default$
calling ReadProcessMemory
paramcount 5
address 75a77ff10
sig undefined8 __fastcall ReadProcessMemoryInternal(undefined8 param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, undefined8 * param_5)
sym_type Function
sym_source IMPORTED
external False

SignatureHandler::HandleChangeOwner

Function Meta

Key mpengine.dll
name HandleChangeOwner
fullname SignatureHandler::HandleChangeOwner
refcount 3
length 368
called SignatureHandler::TestForDetection
WPP_SF_
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
calling
paramcount 5
address 75a841cc0
sig long __thiscall HandleChangeOwner(SignatureHandler * this, ProcessContext * param_1, InternalNotification * param_2, bool * param_3, bool * param_4)
sym_type Function
sym_source ANALYSIS
external False

Max Deleted Section Functions Reached Error

1168 Deleted Functions Ommited...

Added

Modified

Modified functions contain code changes

AdaptBootInput

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address
ratio 0.02
i_ratio 0.43
m_ratio 0.59
b_ratio 0.6
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AdaptBootInput AdaptBootInput
fullname AdaptBootInput AdaptBootInput
refcount 2 2
length 1369 1425
called AdaptStructSameMajor<engine_boot_t>
WPP_SF_Ll
WPP_SF_ii
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
memset		 AdaptStructSameMajor<engine_boot_t>
WPP_SF_Ll
WPP_SF_ii
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
memset
calling DispatchSignalOnHandle DispatchSignalOnHandle
paramcount 3 3
address 75a819cd4 75a7ce174
sig undefined8 __fastcall AdaptBootInput(uint * param_1, ulonglong param_2, undefined8 * param_3) undefined8 __fastcall AdaptBootInput(uint * param_1, ulonglong param_2, undefined8 * param_3)
sym_type Function Function
sym_source IMPORTED IMPORTED
external False False

AdaptBootInput Diff

--- AdaptBootInput
+++ AdaptBootInput
@@ -1,42 +1,289 @@
 
 undefined8 AdaptBootInput(uint *param_1,ulonglong param_2,undefined8 *param_3)
 
 {
-  undefined8 *puVar1;
-  undefined8 *puVar2;
-  longlong unaff_RBP;
-  undefined8 *local_res20;
-  undefined8 *puStack0000000000000028;
-  undefined8 *puStack0000000000000030;
+  uint uVar1;
+  longlong lVar2;
+  undefined8 uVar3;
+  ulonglong uVar4;
+  uint *puVar5;
+  undefined8 *puVar6;
   
-  *(byte *)(unaff_RBP + 0x56) = *(byte *)(unaff_RBP + 0x56) | (byte)param_2;
-  puVar1 = (undefined8 *)operator_new(8);
-  *puVar1 = `enum_MP_ERROR___cdecl_filesstash_init_module(class_AutoInitModules*___ptr64)'::__l2::
-            FilesStashCleanupThread::vftable;
-  puStack0000000000000028 = puVar1;
-  puVar2 = (undefined8 *)operator_new(0x88);
-  *(undefined4 *)(puVar2 + 1) = 0;
-  *puVar2 = FileStashGlobalProperties::vftable;
-  puVar2[3] = 0;
-  puStack0000000000000030 = puVar2;
-  std::
-  unordered_set<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-  ::
-  unordered_set<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-            ((unordered_set<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-              *)(puVar2 + 4));
-  InitializeCriticalSectionAndSpinCount((LPCRITICAL_SECTION)(puVar2 + 0xc),4000);
-  LOCK();
-  DAT_0 = puVar2;
-  *(int *)(puVar2 + 1) = *(int *)(puVar2 + 1) + 1;
-  UNLOCK();
-  LOCK();
-  DAT_1 = 0;
-  UNLOCK();
-  local_res20 = puVar1;
-  AutoInitModules::RegisterThreadCleanup
-            ((AutoInitModules *)param_1,
-             (CReturnHandle<class_CommonUtil::CAutoUniquePtr<class_IReader,void>_> *)&local_res20);
-  return 0;
+  if (param_3 == (undefined8 *)0x0) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  memset(param_3,0,0x1e0);
+  if ((param_2 < 4) || (param_1 == (uint *)0x0)) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_ii(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x1f,
+                &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,param_2,4);
+    }
+  }
+  else {
+    uVar1 = *param_1;
+    if ((short)(uVar1 >> 0x10) == 0) {
+      if ((ushort)uVar1 < 0xa800) {
+        if (uVar1 < 0x9301) {
+          if (uVar1 == 0x9300) {
+            uVar4 = 0x138;
+            goto LAB_0;
+          }
+          if (uVar1 < 0x8901) {
+            if (uVar1 == 0x8900) {
+              uVar4 = 0xc0;
+              goto LAB_0;
+            }
+            if (uVar1 < 0x8401) {
+              if (uVar1 == 0x8400) {
+                uVar4 = 0x98;
+                goto LAB_0;
+              }
+              if (uVar1 == 0) {
+                uVar4 = 0x40;
+                goto LAB_0;
+              }
+              if (uVar1 == 0x8000) {
+                uVar4 = 0x48;
+                goto LAB_0;
+              }
+              if (uVar1 == 0x8100) {
+                uVar4 = 0x70;
+                goto LAB_0;
+              }
+              if (uVar1 == 0x8200) {
+                uVar4 = 0x74;
+                goto LAB_0;
+              }
+              if (uVar1 == 0x8300) {
+                uVar4 = 0x84;
+                goto LAB_0;
+              }
+            }
+            else {
+              if (uVar1 == 0x8500) {
+                uVar4 = 0xa8;
+                goto LAB_0;
+              }
+              if ((uVar1 == 0x8600) || (uVar1 == 0x8700)) {
+                uVar4 = 0xb0;
+                goto LAB_0;
+              }
+              if (uVar1 == 0x8800) {
+                uVar4 = 0xb8;
+                goto LAB_0;
+              }
+            }
+          }
+          else {
+            if (uVar1 == 0x8a00) {
+              uVar4 = 200;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x8b00) {
+              uVar4 = 0xcc;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x8c00) {
+              uVar4 = 0xe0;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x8d00) {
+              uVar4 = 0xe4;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x8e00) {
+              uVar4 = 0xe8;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x8f00) {
+              uVar4 = 0x118;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9000) {
+              uVar4 = 0x120;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9100) {
+              uVar4 = 0x124;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9200) {
+              uVar4 = 0x128;
+              goto LAB_0;
+            }
+          }
+        }
+        else if (uVar1 < 0x9e01) {
+          if (uVar1 == 0x9e00) {
+            uVar4 = 0x184;
+            goto LAB_0;
+          }
+          if (uVar1 < 0x9901) {
+            if (uVar1 == 0x9900) {
+              uVar4 = 0x164;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9400) {
+              uVar4 = 0x140;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9500) {
+              uVar4 = 0x144;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9600) {
+              uVar4 = 0x148;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9700) {
+              uVar4 = 0x150;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9800) {
+              uVar4 = 0x158;
+              goto LAB_0;
+            }
+          }
+          else {
+            if (uVar1 == 0x9a00) {
+              uVar4 = 0x168;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9b00) {
+              uVar4 = 0x178;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9c00) {
+              uVar4 = 0x17c;
+              goto LAB_0;
+            }
+            if (uVar1 == 0x9d00) {
+              uVar4 = 0x180;
+              goto LAB_0;
+            }
+          }
+        }
+        else {
+          if (uVar1 == 0x9f00) {
+            uVar4 = 0x188;
+LAB_0:
+            uVar3 = AdaptStructSameMajor<engine_boot_t>(uVar4,param_1,param_2,param_3);
+            return uVar3;
+          }
+          if (uVar1 == 0xa000) {
+            uVar4 = 0x1a0;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa100) {
+            uVar4 = 0x1a4;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa200) {
+            uVar4 = 0x1b0;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa300) {
+            uVar4 = 0x1b8;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa400) {
+            uVar4 = 0x1c0;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa500) {
+            uVar4 = 0x1c8;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa600) {
+            uVar4 = 0x1d0;
+            goto LAB_0;
+          }
+          if (uVar1 == 0xa700) {
+            uVar4 = 0x1d4;
+            goto LAB_0;
+          }
+        }
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x23,
+                   &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,uVar1);
+        }
+        di::TelemetryAssert::AssertTriggeredNoArgs();
+      }
+      else {
+        if (0x1df < param_2) {
+          if (((0xa800 < (ushort)uVar1) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)
+              ) && ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+            WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x22,
+                      &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,uVar1,0);
+          }
+          lVar2 = 3;
+          do {
+            puVar6 = param_3;
+            puVar5 = param_1;
+            uVar3 = *(undefined8 *)(puVar5 + 2);
+            *puVar6 = *(undefined8 *)puVar5;
+            puVar6[1] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 6);
+            puVar6[2] = *(undefined8 *)(puVar5 + 4);
+            puVar6[3] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 10);
+            puVar6[4] = *(undefined8 *)(puVar5 + 8);
+            puVar6[5] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 0xe);
+            puVar6[6] = *(undefined8 *)(puVar5 + 0xc);
+            puVar6[7] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 0x12);
+            puVar6[8] = *(undefined8 *)(puVar5 + 0x10);
+            puVar6[9] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 0x16);
+            puVar6[10] = *(undefined8 *)(puVar5 + 0x14);
+            puVar6[0xb] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 0x1a);
+            puVar6[0xc] = *(undefined8 *)(puVar5 + 0x18);
+            puVar6[0xd] = uVar3;
+            uVar3 = *(undefined8 *)(puVar5 + 0x1e);
+            puVar6[0xe] = *(undefined8 *)(puVar5 + 0x1c);
+            puVar6[0xf] = uVar3;
+            lVar2 = lVar2 + -1;
+            param_1 = puVar5 + 0x20;
+            param_3 = puVar6 + 0x10;
+          } while (lVar2 != 0);
+          uVar3 = *(undefined8 *)(puVar5 + 0x22);
+          puVar6[0x10] = *(undefined8 *)(puVar5 + 0x20);
+          puVar6[0x11] = uVar3;
+          uVar3 = *(undefined8 *)(puVar5 + 0x26);
+          puVar6[0x12] = *(undefined8 *)(puVar5 + 0x24);
+          puVar6[0x13] = uVar3;
+          uVar3 = *(undefined8 *)(puVar5 + 0x2a);
+          puVar6[0x14] = *(undefined8 *)(puVar5 + 0x28);
+          puVar6[0x15] = uVar3;
+          uVar3 = *(undefined8 *)(puVar5 + 0x2e);
+          puVar6[0x16] = *(undefined8 *)(puVar5 + 0x2c);
+          puVar6[0x17] = uVar3;
+          uVar3 = *(undefined8 *)(puVar5 + 0x32);
+          puVar6[0x18] = *(undefined8 *)(puVar5 + 0x30);
+          puVar6[0x19] = uVar3;
+          uVar3 = *(undefined8 *)(puVar5 + 0x36);
+          puVar6[0x1a] = *(undefined8 *)(puVar5 + 0x34);
+          puVar6[0x1b] = uVar3;
+          return 0;
+        }
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_ii(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x21,
+                    &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,param_2,0xe0);
+        }
+        di::TelemetryAssert::AssertTriggeredNoArgs();
+      }
+    }
+    else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+            ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x20,
+                &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,uVar1,0);
+    }
+  }
+  return 0x800c;
 }

AdaptChangeSettingInput

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address
ratio 0.08
i_ratio 0.39
m_ratio 0.17
b_ratio 0.19
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AdaptChangeSettingInput AdaptChangeSettingInput
fullname AdaptChangeSettingInput AdaptChangeSettingInput
refcount 2 2
length 1005 1018
called AdaptStructSameMajor<engine_settings_change_t>
WPP_SF_Ll
WPP_SF_ii
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
memset		 AdaptStructSameMajor<engine_settings_change_t>
WPP_SF_Ll
WPP_SF_ii
WPP_SF_l
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
memset
calling DispatchSignalOnHandle DispatchSignalOnHandle
paramcount 3 3
address 75a81a230 75a7ce708
sig undefined8 __fastcall AdaptChangeSettingInput(uint * param_1, ulonglong param_2, undefined8 * param_3) undefined8 __fastcall AdaptChangeSettingInput(uint * param_1, ulonglong param_2, undefined8 * param_3)
sym_type Function Function
sym_source IMPORTED IMPORTED
external False False

AdaptChangeSettingInput Diff

--- AdaptChangeSettingInput
+++ AdaptChangeSettingInput
@@ -1,72 +1,186 @@
 
-/* WARNING: Instruction at (ram,0x00075a81a231) overlaps instruction at (ram,0x00075a81a230)
-    */
-
-ulonglong AdaptChangeSettingInput(uint *param_1,ulonglong param_2,undefined8 *param_3)
+undefined8 AdaptChangeSettingInput(uint *param_1,ulonglong param_2,undefined8 *param_3)
 
 {
-  _mp_resource_t *p_Var1;
-  undefined8 uVar2;
-  undefined8 uVar3;
-  undefined8 uVar4;
-  LUM_ExpandStatus_e LVar5;
-  ulong uVar6;
-  longlong in_RAX;
-  longlong unaff_RBP;
-  vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>_> *unaff_RSI;
-  ulonglong unaff_RDI;
-  ulonglong unaff_R15;
-  bool bVar7;
+  undefined8 uVar1;
+  ulonglong uVar2;
   
-  unaff_RSI[0x44] = (vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>_>)0x0;
-  bVar7 = (char)in_RAX == 'A';
-  do {
-    if (bVar7) {
-      *(longlong *)(unaff_RBP + -0x18) = in_RAX;
-      uVar6 = CPrefixList::ExpandPrefixWithCurrentUser
-                        ((CPrefixList *)param_1,*(MpOpaqueUserProfile **)(unaff_RBP + 0x28),
-                         (SExpandPath *)(unaff_RBP + -0x20),0x41);
-      if (uVar6 != 0) {
-        LUM_FreeCurrentUser(*(MpOpaqueUserProfile **)(unaff_RBP + 0x28));
-        LUM_CloseUserProfileHandle((MpOpaqueUserProfile **)(unaff_RBP + 0x28));
-        return (ulonglong)uVar6;
+  if (((param_3 == (undefined8 *)0x0) || (param_1 == (uint *)0x0)) || (param_2 < 5)) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  memset(param_3,0,0xe0);
+  if ((param_2 < 4) || (param_1 == (uint *)0x0)) {
+    if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) {
+      return 0x800c;
+    }
+    if ((WPP_GLOBAL_Control[0x1c] & 1) == 0) {
+      return 0x800c;
+    }
+    WPP_SF_ii(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x24,
+              &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,param_2,4);
+    return 0x800c;
+  }
+  if ((short)(*param_1 >> 0x10) != 0) {
+    if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) {
+      return 0x800c;
+    }
+    if ((WPP_GLOBAL_Control[0x1c] & 1) == 0) {
+      return 0x800c;
+    }
+    WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x25,
+              &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,*param_1,0);
+    return 0x800c;
+  }
+  if (*(ushort *)param_1 < 0x9c00) {
+    if (*param_1 < 0x9101) {
+      if (*param_1 == 0x9100) {
+        uVar2 = 0x94;
       }
-      p_Var1 = *(_mp_resource_t **)(unaff_RSI + 8);
-      if (p_Var1 == *(_mp_resource_t **)(unaff_RSI + 0x10)) {
-        std::vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>_>::
-        _Emplace_reallocate<struct__mp_resource_t_const&___ptr64>
-                  (unaff_RSI,p_Var1,(_mp_resource_t *)(unaff_RBP + -0x20));
+      else if (*param_1 < 0x8501) {
+        if (*param_1 == 0x8500) {
+          uVar2 = 0x60;
+        }
+        else if (*param_1 == 0x8000) {
+          uVar2 = 0xc;
+        }
+        else if (*param_1 == 0x8100) {
+          uVar2 = 0x10;
+        }
+        else if (*param_1 == 0x8200) {
+          uVar2 = 0x20;
+        }
+        else if (*param_1 == 0x8300) {
+          uVar2 = 0x28;
+        }
+        else {
+          if (*param_1 != 0x8400) goto LAB_0;
+          uVar2 = 0x34;
+        }
+      }
+      else if (*param_1 == 0x8600) {
+        uVar2 = 0x68;
+      }
+      else if (*param_1 == 0x8700) {
+        uVar2 = 0x6c;
+      }
+      else if (*param_1 == 0x8800) {
+        uVar2 = 0x80;
+      }
+      else if (*param_1 == 0x8900) {
+        uVar2 = 0x84;
       }
       else {
-        uVar2 = *(undefined8 *)(unaff_RBP + -0x18);
-        uVar3 = *(undefined8 *)(unaff_RBP + -0x10);
-        uVar4 = *(undefined8 *)(unaff_RBP + -8);
-        *(undefined8 *)p_Var1 = *(undefined8 *)(unaff_RBP + -0x20);
-        *(undefined8 *)(p_Var1 + 8) = uVar2;
-        *(undefined8 *)(p_Var1 + 0x10) = uVar3;
-        *(undefined8 *)(p_Var1 + 0x18) = uVar4;
-        *(longlong *)(unaff_RSI + 8) = *(longlong *)(unaff_RSI + 8) + 0x20;
+        if (*param_1 != 0x9000) goto LAB_0;
+        uVar2 = 0x88;
       }
-      unaff_RDI = unaff_RDI + 8;
-      while (0x17 < unaff_RDI) {
-        LUM_FreeCurrentUser(*(MpOpaqueUserProfile **)(unaff_RBP + 0x28));
-        do {
-          bVar7 = LUM_EnumUserProfiles((MpOpaqueUserProfile **)(unaff_RBP + 0x28),true);
-          if ((!bVar7) || (*(ulonglong *)(unaff_RBP + 0x28) == unaff_R15)) {
-            return 0;
-          }
-          LVar5 = LUM_SetCurrentUser(*(MpOpaqueUserProfile **)(unaff_RBP + 0x28),0);
-          unaff_RDI = unaff_R15;
-        } while (LVar5 != 0);
+    }
+    else if (*param_1 < 0x9701) {
+      if (*param_1 == 0x9700) {
+        uVar2 = 0xb8;
       }
-      param_1 = *(uint **)((longlong)&PTR_u__appdata__75adf6b70 + unaff_RDI);
-      in_RAX = -1;
-      *(uint **)(unaff_RBP + -0x20) = param_1;
-      *(undefined8 *)(unaff_RBP + -0x10) = 0;
-      *(undefined8 *)(unaff_RBP + -8) = 0;
+      else if (*param_1 == 0x9200) {
+        uVar2 = 0x98;
+      }
+      else if (*param_1 == 0x9300) {
+        uVar2 = 0xa8;
+      }
+      else if (*param_1 == 0x9400) {
+        uVar2 = 0xac;
+      }
+      else if (*param_1 == 0x9500) {
+        uVar2 = 0xb0;
+      }
+      else {
+        if (*param_1 != 0x9600) goto LAB_0;
+        uVar2 = 0xb4;
+      }
     }
-    in_RAX = in_RAX + 1;
-    bVar7 = *(short *)((longlong)param_1 + in_RAX * 2) == (short)unaff_R15;
-  } while( true );
+    else if (*param_1 == 0x9800) {
+      uVar2 = 0xc0;
+    }
+    else if (*param_1 == 0x9900) {
+      uVar2 = 200;
+    }
+    else if (*param_1 == 0x9a00) {
+      uVar2 = 0xd0;
+    }
+    else {
+      if (*param_1 != 0x9b00) {
+LAB_0:
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x28,
+                   &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,*param_1);
+        }
+        di::TelemetryAssert::AssertTriggeredNoArgs();
+        return 0x800c;
+      }
+      uVar2 = 0xd8;
+    }
+    uVar1 = AdaptStructSameMajor<engine_settings_change_t>(uVar2,param_1,param_2,param_3);
+    if ((int)uVar1 != 0) {
+      return uVar1;
+    }
+  }
+  else {
+    if (param_2 < 0xe0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_ii(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x26,
+                  &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,param_2,0xe0);
+      }
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+      return 0x800c;
+    }
+    if (((0x9c00 < *(ushort *)param_1) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control))
+       && ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+      WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x27,
+                &WPP_39323fbac4d73fcd43112ad58fa6f4fe_Traceguids,*param_1,0);
+    }
+    uVar1 = *(undefined8 *)(param_1 + 2);
+    *param_3 = *(undefined8 *)param_1;
+    param_3[1] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 6);
+    param_3[2] = *(undefined8 *)(param_1 + 4);
+    param_3[3] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 10);
+    param_3[4] = *(undefined8 *)(param_1 + 8);
+    param_3[5] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0xe);
+    param_3[6] = *(undefined8 *)(param_1 + 0xc);
+    param_3[7] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x12);
+    param_3[8] = *(undefined8 *)(param_1 + 0x10);
+    param_3[9] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x16);
+    param_3[10] = *(undefined8 *)(param_1 + 0x14);
+    param_3[0xb] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x1a);
+    param_3[0xc] = *(undefined8 *)(param_1 + 0x18);
+    param_3[0xd] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x1e);
+    param_3[0xe] = *(undefined8 *)(param_1 + 0x1c);
+    param_3[0xf] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x22);
+    param_3[0x10] = *(undefined8 *)(param_1 + 0x20);
+    param_3[0x11] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x26);
+    param_3[0x12] = *(undefined8 *)(param_1 + 0x24);
+    param_3[0x13] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x2a);
+    param_3[0x14] = *(undefined8 *)(param_1 + 0x28);
+    param_3[0x15] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x2e);
+    param_3[0x16] = *(undefined8 *)(param_1 + 0x2c);
+    param_3[0x17] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x32);
+    param_3[0x18] = *(undefined8 *)(param_1 + 0x30);
+    param_3[0x19] = uVar1;
+    uVar1 = *(undefined8 *)(param_1 + 0x36);
+    param_3[0x1a] = *(undefined8 *)(param_1 + 0x34);
+    param_3[0x1b] = uVar1;
+  }
+  *(undefined4 *)param_3 = 0x9c00;
+  return 0;
 }

Array<unsigned_char>::Add

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address
ratio 0.01
i_ratio 0.67
m_ratio 0.91
b_ratio 0.91
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name Add Add
fullname Array<unsigned_char>::Add Array<unsigned_char>::Add
refcount 9 9
length 163 158
called memset
realloc		 memset
realloc
calling RarVM::Execute
RarVM::Prepare
lzstreamRAR::AddVMCode
unrar3::ReadVMCode<class_DecodeWithInStream>
unrar3::ReadVMCode<class_DecodeWithPPM>		 RarVM::Execute
RarVM::Prepare
lzstreamRAR::AddVMCode
unrar3::ReadVMCode<class_DecodeWithInStream>
unrar3::ReadVMCode<class_DecodeWithPPM>
paramcount 2 2
address 75a6bb398 75a3c5bc4
sig uncompress_error_t __thiscall Add(Array<unsigned_char> * this, __uint64 param_1) uncompress_error_t __thiscall Add(Array<unsigned_char> * this, __uint64 param_1)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

Array<unsigned_char>::Add Diff

--- Array<unsigned_char>::Add
+++ Array<unsigned_char>::Add
@@ -1,2 +1,39 @@
-Failed to decompile mpengine.dll - .ProgramDB Array<unsigned_char>::Add : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: enum uncompress_error_t __cdecl Array<unsigned char>::Add(unsigned __int64) __ptr64 */
+
+uncompress_error_t __thiscall Array<unsigned_char>::Add(Array<unsigned_char> *this,__uint64 param_1)
+
+{
+  ulonglong uVar1;
+  uncompress_error_t uVar2;
+  void *pvVar3;
+  ulonglong uVar4;
+  
+  uVar1 = *(ulonglong *)(this + 8) + param_1;
+  if (uVar1 < *(ulonglong *)(this + 8)) {
+LAB_0:
+    uVar2 = 3;
+  }
+  else {
+    uVar4 = *(ulonglong *)(this + 0x10);
+    if (uVar4 < uVar1) {
+      uVar4 = (uVar4 >> 2) + 0x20 + uVar4;
+      if (uVar4 <= uVar1) {
+        uVar4 = uVar1;
+      }
+      if (uVar4 == 0xffffffffffffffff) goto LAB_0;
+      pvVar3 = realloc(*(void **)this,uVar4);
+      if (pvVar3 == (void *)0x0) {
+        return 2;
+      }
+      memset((void *)(*(longlong *)(this + 8) + (longlong)pvVar3),0,uVar4 - *(longlong *)(this + 8))
+      ;
+      *(void **)this = pvVar3;
+      *(ulonglong *)(this + 0x10) = uVar4;
+    }
+    *(ulonglong *)(this + 8) = uVar1;
+    uVar2 = 0;
+  }
+  return uVar2;
+}
+

Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address
ratio 0.01
i_ratio 0.71
m_ratio 0.97
b_ratio 0.97
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name Add Add
fullname Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add
refcount 3 3
length 182 179
called memset
realloc		 memset
realloc
calling lzstreamRAR::AddVMCode lzstreamRAR::AddVMCode
paramcount 2 2
address 75a737a7c 75aaccf68
sig uncompress_error_t __thiscall Add(Array<class_lzstreamRAR::UnpackFilter*___ptr64> * this, __uint64 param_1) uncompress_error_t __thiscall Add(Array<class_lzstreamRAR::UnpackFilter*___ptr64> * this, __uint64 param_1)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add Diff

--- Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add
+++ Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add
@@ -1,2 +1,42 @@
-Failed to decompile mpengine.dll - .ProgramDB Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: enum uncompress_error_t __cdecl Array<class lzstreamRAR::UnpackFilter *
+   __ptr64>::Add(unsigned __int64) __ptr64 */
+
+uncompress_error_t __thiscall
+Array<class_lzstreamRAR::UnpackFilter*___ptr64>::Add
+          (Array<class_lzstreamRAR::UnpackFilter*___ptr64> *this,__uint64 param_1)
+
+{
+  ulonglong uVar1;
+  uncompress_error_t uVar2;
+  void *pvVar3;
+  ulonglong uVar4;
+  
+  uVar1 = *(ulonglong *)(this + 8) + 1;
+  if (uVar1 < *(ulonglong *)(this + 8)) {
+LAB_0:
+    uVar2 = 3;
+  }
+  else {
+    uVar4 = *(ulonglong *)(this + 0x10);
+    if (uVar4 < uVar1) {
+      uVar4 = (uVar4 >> 2) + 0x20 + uVar4;
+      if (uVar4 <= uVar1) {
+        uVar4 = uVar1;
+      }
+      if (0x1ffffffffffffffe < uVar4) goto LAB_0;
+      pvVar3 = realloc(*(void **)this,uVar4 * 8);
+      if (pvVar3 == (void *)0x0) {
+        return 2;
+      }
+      memset((void *)((longlong)pvVar3 + *(longlong *)(this + 8) * 8),0,
+             (uVar4 - *(longlong *)(this + 8)) * 8);
+      *(void **)this = pvVar3;
+      *(ulonglong *)(this + 0x10) = uVar4;
+    }
+    *(ulonglong *)(this + 8) = uVar1;
+    uVar2 = 0;
+  }
+  return uVar2;
+}
+

Array<struct_VM_PreparedCommand>::Add

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,refcount,length,address
ratio 0.01
i_ratio 0.71
m_ratio 0.97
b_ratio 0.97
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name Add Add
fullname Array<struct_VM_PreparedCommand>::Add Array<struct_VM_PreparedCommand>::Add
refcount 4 5
length 176 173
called memset
realloc		 memset
realloc
calling RarVM::Prepare RarVM::Prepare
paramcount 2 2
address 75a79bf5c 75aacebc4
sig uncompress_error_t __thiscall Add(Array<struct_VM_PreparedCommand> * this, __uint64 param_1) uncompress_error_t __thiscall Add(Array<struct_VM_PreparedCommand> * this, __uint64 param_1)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

Array<struct_VM_PreparedCommand>::Add Diff

--- Array<struct_VM_PreparedCommand>::Add
+++ Array<struct_VM_PreparedCommand>::Add
@@ -1,2 +1,41 @@
-Failed to decompile mpengine.dll - .ProgramDB Array<struct_VM_PreparedCommand>::Add : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: enum uncompress_error_t __cdecl Array<struct VM_PreparedCommand>::Add(unsigned __int64)
+   __ptr64 */
+
+uncompress_error_t __thiscall
+Array<struct_VM_PreparedCommand>::Add(Array<struct_VM_PreparedCommand> *this,__uint64 param_1)
+
+{
+  ulonglong uVar1;
+  uncompress_error_t uVar2;
+  void *pvVar3;
+  ulonglong uVar4;
+  
+  uVar1 = *(ulonglong *)(this + 8) + 1;
+  if (uVar1 < *(ulonglong *)(this + 8)) {
+LAB_0:
+    uVar2 = 3;
+  }
+  else {
+    uVar4 = *(ulonglong *)(this + 0x10);
+    if (uVar4 < uVar1) {
+      uVar4 = (uVar4 >> 2) + 0x20 + uVar4;
+      if (uVar4 <= uVar1) {
+        uVar4 = uVar1;
+      }
+      if (0x492492492492491 < uVar4) goto LAB_0;
+      pvVar3 = realloc(*(void **)this,uVar4 * 0x38);
+      if (pvVar3 == (void *)0x0) {
+        return 2;
+      }
+      memset((void *)(*(longlong *)(this + 8) * 0x38 + (longlong)pvVar3),0,
+             (uVar4 - *(longlong *)(this + 8)) * 0x38);
+      *(void **)this = pvVar3;
+      *(ulonglong *)(this + 0x10) = uVar4;
+    }
+    *(ulonglong *)(this + 8) = uVar1;
+    uVar2 = 0;
+  }
+  return uVar2;
+}
+

BmInternalInfo::AddBehavior

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,refcount,length,sig,address,calling,called
ratio 0.01
i_ratio 0.14
m_ratio 0.71
b_ratio 0.64
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddBehavior AddBehavior
fullname BmInternalInfo::AddBehavior BmInternalInfo::AddBehavior
refcount 36 7
length 155 146
called BMInternalInfo::BMInternalInfo
operator_new
std::vector<class_BMInternalInfo*___ptr64,class_std::allocator<class_BMInternalInfo*__ptr64>>::_Emplace_reallocate<class_BMInternalInfo*___ptr64_const&___ptr64>		 BmInternalInfo::AddBehavior
CommonUtil::NewSprintfW
free
calling
Expand for full list:
BmInternalInfo::AddBehavior
BmInternalInfo::AddBehavior
BmInternalInfo::AddBehavior
BmInternalInfo::BmInternalInfo
BootRecordCleanStore::BackupOperation::SendTelemetry
BootRecordCleanStore::RestoreOperation::SendTelemetry
CResmgrHookWow::TriggerBmEvent
KslDriver::DoInstall
KslDriver::UpdateRegistry
ProcessBmAmsi
ProcessBmChangePermissionsProcessBmNetworkConnectionVolume
ProcessBmNetworkPortOpen
ProcessContext::InitializeParentNotification
ProcessContext::SendIntegrityTelemetry
ProcessContext::SendPropagatingNotificationsToChild
ProcessContext::SetTainted
SMSReportAsThreat
SendBmCommandLineBlock
SendNRIDetectionToBM
TdtController::opDetectionHandler
TriggerSignature
TrySendResponseTimeoutBmReport
nUFSP_vfz::BmFileEvents
 ProcessBmChangePermissions
ProcessContext::SendIntegrityTelemetry
SMSReportAsThreat
TdtController::opDetectionHandler
paramcount 6 6
address 75a285de0 75a64a08c
sig long __thiscall AddBehavior(BmInternalInfo * this, wchar_t * param_1, wchar_t * param_2, wchar_t * param_3, ulong param_4, ulong param_5) long __thiscall AddBehavior(BmInternalInfo * this, wchar_t * param_1, ulong param_2, wchar_t * param_3, ulong param_4, ulong param_5)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

BmInternalInfo::AddBehavior Called Diff

--- BmInternalInfo::AddBehavior called
+++ BmInternalInfo::AddBehavior called
@@ -1,3 +1,3 @@
-BMInternalInfo::BMInternalInfo
-operator_new
-std::vector<class_BMInternalInfo*___ptr64,class_std::allocator<class_BMInternalInfo*___ptr64>_>::_Emplace_reallocate<class_BMInternalInfo*___ptr64_const&___ptr64>
+BmInternalInfo::AddBehavior
+CommonUtil::NewSprintfW
+free

BmInternalInfo::AddBehavior Calling Diff

--- BmInternalInfo::AddBehavior calling
+++ BmInternalInfo::AddBehavior calling
@@ -1,10 +0,0 @@
-BmInternalInfo::AddBehavior
-BmInternalInfo::AddBehavior
-BmInternalInfo::AddBehavior
-BmInternalInfo::BmInternalInfo
-BootRecordCleanStore::BackupOperation::SendTelemetry
-BootRecordCleanStore::RestoreOperation::SendTelemetry
-CResmgrHookWow::TriggerBmEvent
-KslDriver::DoInstall
-KslDriver::UpdateRegistry
-ProcessBmAmsi
@@ -12,3 +1,0 @@
-ProcessBmNetworkConnectionVolume
-ProcessBmNetworkPortOpen
-ProcessContext::InitializeParentNotification
@@ -16,2 +2,0 @@
-ProcessContext::SendPropagatingNotificationsToChild
-ProcessContext::SetTainted
@@ -19,2 +3,0 @@
-SendBmCommandLineBlock
-SendNRIDetectionToBM
@@ -22,3 +4,0 @@
-TriggerSignature
-TrySendResponseTimeoutBmReport
-nUFSP_vfz::BmFileEvents

BmInternalInfo::AddBehavior Diff

--- BmInternalInfo::AddBehavior
+++ BmInternalInfo::AddBehavior
@@ -1,2 +1,32 @@
-Failed to decompile mpengine.dll - .ProgramDB BmInternalInfo::AddBehavior : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: long __cdecl BmInternalInfo::AddBehavior(wchar_t const * __ptr64,unsigned long,wchar_t
+   const * __ptr64,unsigned long,unsigned long) __ptr64 */
+
+long __thiscall
+BmInternalInfo::AddBehavior
+          (BmInternalInfo *this,wchar_t *param_1,ulong param_2,wchar_t *param_3,ulong param_4,
+          ulong param_5)
+
+{
+  wchar_t *_Memory;
+  long lVar1;
+  undefined4 in_register_00000084;
+  wchar_t *local_res20;
+  
+  local_res20 = (wchar_t *)0x0;
+  lVar1 = CommonUtil::NewSprintfW(&local_res20,L"%lu",CONCAT44(in_register_00000084,param_2));
+  _Memory = local_res20;
+  if (lVar1 < 0) {
+    if (local_res20 != (wchar_t *)0x0) {
+      free(local_res20);
+    }
+  }
+  else {
+    lVar1 = AddBehavior(this,param_1,local_res20,(wchar_t *)0x0,param_4,param_5 | 3);
+    if (_Memory != (wchar_t *)0x0) {
+      free(_Memory);
+    }
+  }
+  return lVar1;
+}
+

spynet_wrapper::AddHeartbeat

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address,called
ratio 0.0
i_ratio 0.34
m_ratio 0.99
b_ratio 0.98
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddHeartbeat AddHeartbeat
fullname spynet_wrapper::AddHeartbeat spynet_wrapper::AddHeartbeat
refcount 3 3
length 3755 3859
called
Expand for full list:
AddASROnlyExclusions
AddASRPerRuleExclusions
AddAadDeviceId
AddAuditModeValues
AddBipData
AddBmHealthInfo
AddCustomAsrRules
AddDefenderHealthInfo
AddDeviceControlPolicyDeviceInstall
AddDeviceControlPolicyPrinter
AddErrorReportAddExclusions
AddFirmwareEnvironmentVariables
AddHeartbeatBMStats
AddMemDeviceId
AddMitigationOptions
AddNetworkConnectionInfo
AddProcessExclusions
AddProxySettings
AddQualityCompat
AddResourceMonitoringInformation
AddRtpChange
AddScanAgeValues
AddTdtInfo
AddUEFIScanStatus
AddWdFilterHealthStatus
BaseReport::AddElement
BaseReport::HrAddAttribute
CXmlValue::CXmlValue
CXmlValue::GetValue
CXmlValue::Release
CXmlValue::ToBase64Binary
CheckHeartbeatDisable
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CreateSimpleFileReport
DcQueryConfigBool
DetectionInfo::DetectionInfo
DetectionInfo::~DetectionInfo
FpGetRevision
GetDriverData
GetHeartbeatType
HrAddAttributeInteger<unsigned___int64>
IsEngineAlwaysSelected
IsEngineDeterministic
MpGenBoundedRandomDword
MpIsWindowsVersion
ReportSpynetExtraAttribute
ResetSafeReleaseMetricData
WIN32_FROM_HRESULT
WPP_SF_
WPP_SF_SL
WPP_SF_l
WPP_SF_lS
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free
spynet_wrapper::ReportError
Expand for full list:
AddASROnlyExclusions
AddASRPerRuleExclusions
AddAadDeviceId
AddAuditModeValues
AddBipData
AddBmHealthInfo
AddCustomAsrRules
AddDefenderHealthInfo
AddDeviceControlPolicyDeviceInstall
AddDeviceControlPolicyPrinter
AddErrorReportAddExclusions
AddFirmwareEnvironmentVariables
AddHeartbeatBMStats
AddIsSystemDriveSsd
AddMemDeviceId
AddMitigationOptions
AddNetworkConnectionInfo
AddProcessExclusions
AddProxySettings
AddQualityCompat
AddResourceMonitoringInformation
AddRtpChange
AddScanAgeValues
AddTdtInfo
AddUEFIScanStatus
AddWdFilterHealthStatus
BaseReport::AddElement
BaseReport::HrAddAttribute
CXmlValue::CXmlValue
CXmlValue::GetValue
CXmlValue::Release
CXmlValue::ToBase64Binary
CheckHeartbeatDisable
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CreateSimpleFileReport
DcQueryConfigBool
DetectionInfo::DetectionInfo
DetectionInfo::~DetectionInfo
FgGetState
FpGetCacheSize
FpGetRevision
GetDriverData
GetHeartbeatType
HrAddAttributeInteger<unsigned___int64>
IsEngineAlwaysSelected
IsEngineDeterministic
MpGenBoundedRandomDword
MpIsWindowsVersion
ReportSpynetExtraAttribute
ResetSafeReleaseMetricData
WIN32_FROM_HRESULT
WPP_SF_
WPP_SF_SL
WPP_SF_l
WPP_SF_lS
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free
spynet_wrapper::ReportError
calling CollectHeartbeatReport
SendCustomAsrHeartbeat		 CollectHeartbeatReport
SendCustomAsrHeartbeat
paramcount 2 2
address 75ab217fc 75ab31c4c
sig ulong __thiscall AddHeartbeat(spynet_wrapper * this, _mp_spynetextra_t * param_1) ulong __thiscall AddHeartbeat(spynet_wrapper * this, _mp_spynetextra_t * param_1)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

spynet_wrapper::AddHeartbeat Called Diff

--- spynet_wrapper::AddHeartbeat called
+++ spynet_wrapper::AddHeartbeat called
@@ -14,0 +15 @@
+AddIsSystemDriveSsd
@@ -39,0 +41,2 @@
+FgGetState
+FpGetCacheSize

spynet_wrapper::AddHeartbeat Diff

--- spynet_wrapper::AddHeartbeat
+++ spynet_wrapper::AddHeartbeat
@@ -1,2 +1,485 @@
-Failed to decompile mpengine.dll - .ProgramDB spynet_wrapper::AddHeartbeat : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* public: unsigned long __cdecl spynet_wrapper::AddHeartbeat(struct _mp_spynetextra_t * __ptr64)
+   __ptr64 */
+
+ulong __thiscall spynet_wrapper::AddHeartbeat(spynet_wrapper *this,_mp_spynetextra_t *param_1)
+
+{
+  void *_Memory;
+  bool bVar1;
+  long lVar2;
+  ulong uVar3;
+  ulong extraout_EAX;
+  ulong uVar4;
+  uint uVar5;
+  int iVar6;
+  MpHipsRuleState_t MVar7;
+  undefined8 uVar8;
+  __uint64 _Var9;
+  SpynetXmlNode *pSVar10;
+  CRetXmlValue *pCVar11;
+  _mp_spynetextra_t *p_Var12;
+  wchar_t *pwVar13;
+  ulonglong uVar14;
+  undefined auStackY_368 [32];
+  bool local_2f8 [4];
+  ulong local_2f4;
+  FriendSource local_2f0 [2];
+  void *local_2e8 [2];
+  CXmlValue local_2d8 [24];
+  CXmlValue local_2c0 [24];
+  DetectionInfo local_2a8 [608];
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStackY_368;
+  uVar14 = 0;
+  if ((*(longlong *)(this + 0x58) == 0) ||
+     (uVar8 = CheckHeartbeatDisable((longlong)param_1), (int)uVar8 < 0)) goto LAB_0;
+  local_2f4 = GetHeartbeatType(param_1);
+  if ((param_1 != (_mp_spynetextra_t *)0x0) &&
+     ((*(longlong *)(param_1 + 0xb8) != 0 && (local_2f4 == 1)))) {
+    local_2f4 = 8;
+  }
+  uVar3 = local_2f4;
+  pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+  lVar2 = HrAddAttributeInteger<unsigned___int64>
+                    (pSVar10,L"isHeartBeat",(ulonglong)local_2f4,L"%llu",0);
+  if ((lVar2 < 0) ||
+     ((_Var9 = FpGetRevision((RevisionType)CONCAT71((int7)((ulonglong)pSVar10 >> 8),1)), _Var9 != 0
+      && (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                            (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                             L"sdnrevisionnew",_Var9,L"%llu",0), lVar2 < 0)))) {
+LAB_1:
+    WIN32_FROM_HRESULT(lVar2);
+  }
+  else {
+    if (uVar3 == 0xc) {
+      do {
+        uVar3 = ReportSpynetExtraAttribute
+                          (param_1,this,*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                           *(wchar_t **)((longlong)&PTR_u_SigReleaseRepor_75adfeb10 + uVar14),
+                           *(wchar_t **)((longlong)&PTR_u_sigreleaserepor_75adfeb18 + uVar14),
+                           *(SpynetExtraAttributeValidationMode *)
+                            ((longlong)&DAT_2 + uVar14));
+        if (uVar3 != 0) {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+            WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8b,
+                     &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,uVar3);
+          }
+          goto LAB_0;
+        }
+        uVar14 = uVar14 + 0x18;
+      } while (uVar14 < 0x150);
+      CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+      CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+                ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)local_2e8,
+                 &g_csSafeReleaseMetricData,0x5adfeb10);
+      lVar2 = HrAddAttributeInteger<unsigned___int64>
+                        (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                         L"currentcrsentcount",(ulonglong)DAT_3,L"%llu",0);
+      if ((((((((lVar2 < 0) ||
+               (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                  (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                   L"currentfqsentcount",(ulonglong)_g_safeReleaseMetricData,L"%llu"
+                                   ,0), lVar2 < 0)) ||
+              (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                 (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                  L"currentremediationsuccesscount",(ulonglong)DAT_4,L"%llu"
+                                  ,0), lVar2 < 0)) ||
+             ((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                 (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                  L"currentquarantinefailurecount",(ulonglong)DAT_5,L"%llu",
+                                  0), lVar2 < 0 ||
+              (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                 (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                  L"currentremovalfailurecount",(ulonglong)DAT_6,L"%llu",0),
+              lVar2 < 0)))) ||
+            (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                               (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                L"currentcleanfailurecount",(ulonglong)DAT_7,L"%llu",0),
+            lVar2 < 0)) ||
+           (((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                 L"currentqssuccesscount",(ulonglong)DAT_8,L"%llu",0),
+             lVar2 < 0 ||
+             (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                 L"currentqsfailurecount",(ulonglong)DAT_9,L"%llu",0),
+             lVar2 < 0)) ||
+            ((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                 L"currentfssuccesscount",(ulonglong)DAT_10,L"%llu",0),
+             lVar2 < 0 ||
+             (((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                  (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                   L"currentfsfailurecount",(ulonglong)DAT_11,L"%llu",0),
+               lVar2 < 0 ||
+               (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                  (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                   L"currentresscansuccesscount",(ulonglong)DAT_12,L"%llu",0)
+               , lVar2 < 0)) ||
+              (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                                 (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                  L"currentresscanfailurecount",(ulonglong)DAT_13,L"%llu",0),
+              lVar2 < 0)))))))) ||
+          ((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                              (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                               L"currentqsresourcecount",DAT_14,L"%llu",0), lVar2 < 0 ||
+           (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                              (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                               L"currentqsdetectioncount",(ulonglong)DAT_15,L"%llu",0),
+           lVar2 < 0)))) ||
+         ((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                             (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                              L"currentinvalidrtsdcount",(ulonglong)DAT_16,L"%llu",0),
+          lVar2 < 0 ||
+          ((lVar2 = HrAddAttributeInteger<unsigned___int64>
+                              (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                               L"currentbmthreatdetcount",(ulonglong)DAT_17,L"%llu",0),
+           lVar2 < 0 ||
+           (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                              (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                               L"currentbmdetcount",(ulonglong)DAT_18,L"%llu",0), lVar2 < 0))
+          )))) {
+        WIN32_FROM_HRESULT(lVar2);
+        CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+        ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+                  ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)local_2e8);
+        goto LAB_0;
+      }
+      CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+      ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+                ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)local_2e8);
+      AddWdFilterHealthStatus(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+      ResetSafeReleaseMetricData();
+    }
+    else {
+      local_2f8[0] = false;
+      DcQueryConfigBool(L"MpCustomAsrRulesReportingEnhancedOnly",local_2f8);
+      if ((local_2f8[0] == false) || (uVar3 == 2)) {
+        if (*(longlong *)(this + 0x58) == 0) {
+          pSVar10 = (SpynetXmlNode *)0x0;
+        }
+        else {
+          pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        }
+        AddCustomAsrRules(pSVar10);
+      }
+      else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+              ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+        WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x89,
+                &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids);
+      }
+      uVar14 = 0;
+      do {
+        uVar3 = ReportSpynetExtraAttribute
+                          (param_1,this,*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                           *(wchar_t **)((longlong)&PTR_u_IsSignatureUpTo_75adfe890 + uVar14),
+                           *(wchar_t **)((longlong)&PTR_u_issignatureupto_75adfe898 + uVar14),
+                           *(SpynetExtraAttributeValidationMode *)
+                            ((longlong)&DAT_19 + uVar14));
+        if (((uVar3 != 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+           ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8a,
+                   &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,uVar3);
+        }
+        uVar3 = local_2f4;
+        uVar14 = uVar14 + 0x18;
+      } while (uVar14 < 0xd8);
+      if (local_2f4 != 0xb) {
+        if (local_2f4 == 4) {
+          if (*(longlong *)(param_1 + 0x80) == 0) {
+            if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+               ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+              WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8d,
+                      &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids);
+            }
+          }
+          else {
+            local_2e8[0] = (void *)CONCAT44(local_2e8[0]._4_4_,0xffffffff);
+            local_2f8[0] = false;
+            local_2f0[0] = 0;
+            DetectionInfo::DetectionInfo(local_2a8);
+            uVar4 = CreateSimpleFileReport
+                              (*(wchar_t **)(param_1 + 0x80),this,(ulong *)local_2e8,
+                               (ResmgrCtxT *)0x0,0,0xc,0,true,false,local_2f8,local_2f0,local_2a8,
+                               (wchar_t *)0x0,(ProcessInfoSpynet *)0x0);
+            if (uVar4 != 0) {
+              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                WPP_SF_lS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8c,
+                          &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,uVar4,
+                          *(wchar_t **)(param_1 + 0x80));
+              }
+              if (0 < (int)uVar4) {
+                uVar4 = uVar4 & 0xffff | 0x80070000;
+              }
+              ReportError(this,L"FileReport",*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998)
+                          ,L"CreateSimpleFileReport",uVar4);
+            }
+            DetectionInfo::~DetectionInfo(local_2a8);
+          }
+        }
+        uVar14 = 0;
+        if (((byte)param_1[0x24] & 0x10) != 0) {
+          if (*(wchar_t **)(param_1 + 0x80) == (wchar_t *)0x0) {
+            if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+               ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+              WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8e,
+                      &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids);
+            }
+          }
+          else {
+            BaseReport::HrAddAttribute
+                      (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),L"mapsorigin",
+                       *(wchar_t **)(param_1 + 0x80),0,0);
+          }
+        }
+        if (((byte)param_1[0x24] & 0x40) != 0) {
+          AddRtpChange(param_1,this,*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+        }
+        if ((uVar3 != 7) ||
+           (uVar8 = AddExclusions(this,param_1,0xffffffffffffffff), (char)uVar8 != '\0')) {
+          AddFirmwareEnvironmentVariables((longlong)this);
+          lVar2 = AddErrorReport((longlong)param_1,this,uVar3);
+          if (-1 < lVar2) {
+            do {
+              uVar3 = ReportSpynetExtraAttribute
+                                (param_1,this,
+                                 *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                 *(wchar_t **)((longlong)&PTR_u_MsrtHeartbeatIn_75adfe970 + uVar14),
+                                 *(wchar_t **)((longlong)&PTR_u_msrtheartbeatin_75adfe978 + uVar14),
+                                 *(SpynetExtraAttributeValidationMode *)
+                                  ((longlong)&DAT_20 + uVar14));
+              if (((uVar3 != 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+                WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8f,
+                         &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,uVar3);
+              }
+              uVar14 = uVar14 + 0x18;
+            } while (uVar14 < 0x198);
+            AddDeviceControlPolicyPrinter(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+            AddDeviceControlPolicyDeviceInstall
+                      (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+            AddAadDeviceId(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+            AddMemDeviceId(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+            pwVar13 = L"1";
+            if (((byte)param_1[0x24] & 0x20) == 0) {
+              pwVar13 = L"0";
+            }
+            BaseReport::HrAddAttribute
+                      (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                       L"stillaliveheartbeat",pwVar13,0,0);
+            local_2f8[0] = false;
+            lVar2 = DcQueryConfigBool(L"MpHeartbeatControlGroup",local_2f8);
+            uVar3 = local_2f4;
+            if (lVar2 < 0) {
+              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x90,
+                          &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,L"fIsControlGroup",
+                          (char)lVar2);
+              }
+            }
+            else {
+              pwVar13 = L"1";
+              if (local_2f8[0] == false) {
+                pwVar13 = L"0";
+              }
+              BaseReport::HrAddAttribute
+                        (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                         L"heartbeatcontrolgroup",pwVar13,0,0);
+              if (*(wchar_t **)(param_1 + 0x68) != (wchar_t *)0x0) {
+                BaseReport::HrAddAttribute
+                          (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),L"machinename",
+                           *(wchar_t **)(param_1 + 0x68),0,0);
+              }
+              AddHeartbeatBMStats(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+              AddProxySettings((longlong)param_1,this,
+                               *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+              AddScanAgeValues((longlong)param_1,this,
+                               *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+              AddQualityCompat(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+              AddWdFilterHealthStatus(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+              if ((0xb < *(uint *)(param_1 + 0xc4)) && (*(longlong *)(param_1 + 0xe0) != 0)) {
+                AddDefenderHealthInfo
+                          (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),(longlong)param_1
+                          );
+              }
+              AddAuditModeValues((longlong)param_1,this,
+                                 *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+              AddResourceMonitoringInformation(param_1,this,*(longlong *)(this + 0x58));
+              this[0x9c] = (spynet_wrapper)0x1;
+              if (uVar3 == 2) {
+                uVar5 = MpIsWindowsVersion(0x60003);
+                if (uVar5 == 0) {
+                  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                     ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                    WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x91,
+                            &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids);
+                  }
+                }
+                else {
+                  pwVar13 = (wchar_t *)0x32;
+                  p_Var12 = param_1;
+                  AddExclusions(this,param_1,0x32);
+                  AddProcessExclusions(this,p_Var12,(ENUM_LOCK_INITIAL_STATE)pwVar13);
+                  AddASROnlyExclusions((HipsManager *)this);
+                  AddASRPerRuleExclusions((HipsManager *)this,p_Var12,pwVar13);
+                  AddMitigationOptions(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+                  AddNetworkConnectionInfo((longlong)this);
+                  AddTdtInfo(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+                  AddUEFIScanStatus(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+                  local_2f4 = 0;
+                  iVar6 = MpGenBoundedRandomDword(&local_2f4,1000);
+                  bVar1 = IsEngineAlwaysSelected();
+                  if ((bVar1) ||
+                     (((bVar1 = IsEngineDeterministic(), !bVar1 && (-1 < iVar6)) && (local_2f4 < 10)
+                      ))) {
+                    local_2e8[0] = (void *)0x0;
+                    local_2f4 = 0;
+                    lVar2 = GetDriverData((CMpShutterRef<class_CTpmRegistration> *)local_2e8,
+                                          &local_2f4,*(__uint64 *)(param_1 + 0x30));
+                    _Memory = local_2e8[0];
+                    if (lVar2 < 0) {
+                      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x92,
+                                 &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,lVar2);
+                      }
+                    }
+                    else if (lVar2 == 0) {
+                      pSVar10 = BaseReport::AddElement
+                                          (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                                           L"DriverData",0);
+                      if (pSVar10 == (SpynetXmlNode *)0x0) {
+                        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                          WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x93,
+                                  &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids);
+                        }
+                        if (_Memory != (void *)0x0) {
+                          free(_Memory);
+                        }
+                        goto LAB_0;
+                      }
+                      pCVar11 = (CRetXmlValue *)
+                                CXmlValue::ToBase64Binary(local_2c0,_Memory,local_2f4);
+                      CXmlValue::CXmlValue(local_2d8,pCVar11);
+                      CXmlValue::Release(local_2c0);
+                      pwVar13 = CXmlValue::GetValue(local_2d8);
+                      lVar2 = BaseReport::HrAddAttribute(pSVar10,L"driverlog",pwVar13,0,3);
+                      if (lVar2 < 0) {
+                        WIN32_FROM_HRESULT(lVar2);
+                        CXmlValue::Release(local_2d8);
+                        if (_Memory != (void *)0x0) {
+                          free(_Memory);
+                        }
+                        goto LAB_0;
+                      }
+                      CXmlValue::Release(local_2d8);
+                    }
+                    if (_Memory != (void *)0x0) {
+                      free(_Memory);
+                    }
+                  }
+                  AddIsSystemDriveSsd(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+                  pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+                  MVar7 = FgGetState();
+                  HrAddAttributeInteger<unsigned___int64>
+                            (pSVar10,L"cfastatus",(longlong)(int)MVar7,L"%llu",0);
+                  AddBmHealthInfo(*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998));
+                  _Var9 = FpGetCacheSize();
+                  HrAddAttributeInteger<unsigned___int64>
+                            (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                             L"fastpathcachesize",_Var9,L"%llu",0);
+                  if ((gktab != (kernel_table *)0x0) &&
+                     ((gktab[0x15650] != (kernel_table)0x0 ||
+                      ((gktab[0x15651] != (kernel_table)0x0 && (gktab[0x15652] == (kernel_table)0x0)
+                       ))))) {
+                    BaseReport::HrAddAttribute
+                              (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                               L"isofflinecacheactive",L"1",0,0);
+                  }
+                }
+              }
+            }
+          }
+        }
+        goto LAB_0;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)WPP_GLOBAL_Control >> 8),2);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>(pSVar10,L"esusigversionnew",_Var9,L"%llu",0)
+        ;
+        if (lVar2 < 0) goto LAB_1;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)pSVar10 >> 8),3);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>(pSVar10,L"bfsigversionnew",_Var9,L"%llu",0);
+        if (lVar2 < 0) goto LAB_1;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)pSVar10 >> 8),8);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>
+                          (pSVar10,L"bffileallowversion",_Var9,L"%llu",0);
+        if (lVar2 < 0) goto LAB_1;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)pSVar10 >> 8),9);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>
+                          (pSVar10,L"bffileblockversion",_Var9,L"%llu",0);
+        if (lVar2 < 0) goto LAB_1;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)pSVar10 >> 8),10);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>
+                          (pSVar10,L"bfcertallowversion",_Var9,L"%llu",0);
+        if (lVar2 < 0) goto LAB_1;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)pSVar10 >> 8),0xb);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>
+                          (pSVar10,L"bfcertblockversion",_Var9,L"%llu",0);
+        if (lVar2 < 0) goto LAB_1;
+      }
+      pSVar10 = (SpynetXmlNode *)CONCAT71((int7)((ulonglong)pSVar10 >> 8),4);
+      _Var9 = FpGetRevision((RevisionType)pSVar10);
+      if (_Var9 != 0) {
+        pSVar10 = *(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998);
+        lVar2 = HrAddAttributeInteger<unsigned___int64>(pSVar10,L"rplbfsigversion",_Var9,L"%llu",0);
+        if (lVar2 < 0) goto LAB_1;
+      }
+      _Var9 = FpGetRevision((RevisionType)CONCAT71((int7)((ulonglong)pSVar10 >> 8),5));
+      if ((_Var9 != 0) &&
+         (lVar2 = HrAddAttributeInteger<unsigned___int64>
+                            (*(SpynetXmlNode **)(*(longlong *)(this + 0x58) + 0x998),
+                             L"enterprisecertversion",_Var9,L"%llu",0), lVar2 < 0))
+      goto LAB_1;
+      local_2f8[0] = false;
+      DcQueryConfigBool(L"MpDisableBipData",local_2f8);
+      if (local_2f8[0] == false) {
+        AddBipData(param_1,this);
+      }
+    }
+    this[0x9c] = (spynet_wrapper)0x1;
+  }
+LAB_0:
+  __security_check_cookie(local_48 ^ (ulonglong)auStackY_368);
+  return extraout_EAX;
+}
+

PEBMPatScanner::AddNewPattern

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,refcount,length,address,called
ratio 0.01
i_ratio 0.37
m_ratio 0.63
b_ratio 0.57
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddNewPattern AddNewPattern
fullname PEBMPatScanner::AddNewPattern PEBMPatScanner::AddNewPattern
refcount 4 3
length 1475 1152
called
Expand for full list:
BMGetPatternFlags
ComputeSigPropertiesWithNoName
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::addPattern<struct_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
WPP_SF_
WPP_SF_DLLL
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecidfrombuffex
di::TelemetryAssert::AssertTriggeredNoArgskpopobjectex
kpushobjectex
kstore_copy_buff
operator_new
operator_new
std::list<unsigned_long,class_std::allocator<unsigned_long>_>::_Emplace<unsigned_long_const&_ptr64>
std::list<unsigned_long,class_std::allocator<unsigned_long>>::list<unsigned_long,class_std::allocator<unsigned_long>>
Expand for full list:
BMGetPatternFlags
ComputeSigPropertiesWithNoName
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::addPattern<struct_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
WPP_SF_
WPP_SF_DLLL
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecidfrombuffex
di::TelemetryAssert::AssertTriggeredNoArgskpopobject
kpushobject
operator_new
operator_new
std::list<unsigned_long,class_std::allocator<unsigned_long>_>::_Emplace<unsigned_long_const&_ptr64>
std::list<unsigned_long,class_std::allocator<unsigned_long>>::list<unsigned_long,class_std::allocator<unsigned_long>>
calling
paramcount 5 5
address 75a34a0b0 75a513470
sig undefined __fastcall AddNewPattern(list<unsigned_long,class_std::allocator<unsigned_long>_> * param_1, nothrow_t * param_2, ulonglong param_3, ulong param_4, ulong param_5) undefined __fastcall AddNewPattern(list<unsigned_long,class_std::allocator<unsigned_long>_> * param_1, nothrow_t * param_2, ulonglong param_3, ulong param_4, ulong param_5)
sym_type Function Function
sym_source IMPORTED IMPORTED
external False False

PEBMPatScanner::AddNewPattern Called Diff

--- PEBMPatScanner::AddNewPattern called
+++ PEBMPatScanner::AddNewPattern called
@@ -12,3 +12,2 @@
-kpopobjectex
-kpushobjectex
-kstore_copy_buff
+kpopobject
+kpushobject

PEBMPatScanner::AddNewPattern Diff

--- PEBMPatScanner::AddNewPattern
+++ PEBMPatScanner::AddNewPattern
@@ -1,2 +1,182 @@
-Failed to decompile mpengine.dll - .ProgramDB PEBMPatScanner::AddNewPattern : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+void PEBMPatScanner::AddNewPattern
+               (list<unsigned_long,class_std::allocator<unsigned_long>_> *param_1,nothrow_t *param_2
+               ,ulonglong param_3,ulong param_4,ulong param_5)
+
+{
+  nothrow_t nVar1;
+  nothrow_t nVar2;
+  ushort uVar3;
+  bool bVar4;
+  ulong uVar5;
+  undefined8 uVar6;
+  void *pvVar7;
+  undefined2 uVar8;
+  uint uVar9;
+  nothrow_t *pnVar10;
+  ulonglong uVar11;
+  ulonglong uVar12;
+  undefined auStackY_d8 [32];
+  uchar *in_stack_ffffffffffffff60;
+  __uint64 in_stack_ffffffffffffff68;
+  byte local_88 [4];
+  ulong local_84;
+  undefined4 local_80;
+  undefined4 local_7c;
+  undefined4 local_78;
+  undefined4 local_74;
+  undefined4 local_70;
+  MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *local_68;
+  ulong local_60;
+  ulong local_5c;
+  uint local_58;
+  ulonglong local_54;
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStackY_d8;
+  local_84 = param_4;
+  if (DAT_0 ==
+      (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)0x0) {
+    param_1 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)
+              operator_new(0x8e0,param_2);
+    local_68 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+               param_1;
+    if (param_1 == (list<unsigned_long,class_std::allocator<unsigned_long>_> *)0x0) {
+      DAT_0 =
+           (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)0x0;
+    }
+    else {
+      DAT_0 =
+           (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+           MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
+           MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                     ((MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                       *)param_1,0x1000);
+      if (DAT_0 !=
+          (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)0x0)
+      goto LAB_1;
+    }
+    if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+       ((WPP_GLOBAL_Control[0x1c] & 1) == 0)) goto LAB_2;
+    uVar8 = 0xf;
+  }
+  else {
+LAB_1:
+    if (DAT_3 == (list<unsigned_long,class_std::allocator<unsigned_long>_> *)0x0) {
+      param_1 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)operator_new(0x10);
+      local_68 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+                 param_1;
+      DAT_3 =
+           (list<unsigned_long,class_std::allocator<unsigned_long>_> *)
+           std::list<unsigned_long,class_std::allocator<unsigned_long>_>::
+           list<unsigned_long,class_std::allocator<unsigned_long>_>(param_1);
+    }
+    nVar1 = *param_2;
+    if ((param_3 < 5) || (((byte)*param_2 & 0xfe) != 0)) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x10,
+                 &WPP_20e5033c21ee3a3bb8def18d867dd68a_Traceguids,param_5);
+      }
+      goto LAB_2;
+    }
+    nVar2 = param_2[1];
+    uVar3 = *(ushort *)(param_2 + 2);
+    uVar12 = (ulonglong)uVar3;
+    uVar9 = (uint)(byte)nVar2;
+    uVar11 = (ulonglong)(byte)nVar2 + 4 + uVar12;
+    if (uVar11 != param_3) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_DLLL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x11,
+                    &WPP_20e5033c21ee3a3bb8def18d867dd68a_Traceguids,uVar9,(char)uVar3,(char)param_3
+                    ,(char)uVar11);
+      }
+      goto LAB_2;
+    }
+    local_68 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)0x0
+    ;
+    local_80 = 0xeea339da;
+    local_7c = 0xd4b6b5e;
+    local_78 = 0xefbf5532;
+    local_74 = 0x90186095;
+    local_70 = 0x907d8af;
+    bVar4 = ComputeSigPropertiesWithNoName
+                      ((signature_type)CONCAT71((int7)((ulonglong)param_1 >> 8),0x95),
+                       (uchar *)param_2,param_3,(__uint64 *)&local_68,(sha1_t *)&local_80);
+    if (!bVar4) goto LAB_2;
+    local_84 = createrecidfrombuffex
+                         (local_84,param_5,(__uint64)local_68,(sha1_t *)&local_80,param_2 + 4,
+                          (ulonglong)uVar9,true,in_stack_ffffffffffffff60,in_stack_ffffffffffffff68)
+    ;
+    if (local_84 == 0xffffffff) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x12,
+                &WPP_20e5033c21ee3a3bb8def18d867dd68a_Traceguids);
+      }
+      goto LAB_2;
+    }
+    std::list<unsigned_long,class_std::allocator<unsigned_long>_>::
+    _Emplace<unsigned_long_const&___ptr64>
+              (DAT_3,*(_List_node<unsigned_long,void*___ptr64> **)DAT_3,&local_84);
+    pnVar10 = param_2 + (ulonglong)uVar9 + 4;
+    uVar11 = 0;
+    local_5c = 0;
+    local_60 = local_84;
+    local_54 = ((ulonglong)(byte)nVar1 & 1) << 0x20;
+    do {
+      if ((uVar12 <= uVar11) || (pnVar10[uVar11] == (nothrow_t)0x90)) break;
+      uVar11 = uVar11 + 1;
+    } while (uVar11 != 8);
+    if (uVar11 < 4) goto LAB_2;
+    local_88[0] = 0;
+    bVar4 = BMGetPatternFlags((uchar *)pnVar10,uVar12,local_88);
+    if (!bVar4) goto LAB_2;
+    if ((local_88[0] & 2) == 0) {
+      local_54 = (ulonglong)CONCAT14(nVar1,(undefined4)local_54) & 0x1ffffffff | 0x200000000;
+    }
+    local_5c = kpushobject(pnVar10,(uint)uVar3,0);
+    if (local_5c == 0xffffffff) {
+      if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+         ((WPP_GLOBAL_Control[0x1c] & 2) == 0)) goto LAB_2;
+      uVar8 = 0x14;
+    }
+    else {
+      local_58 = (uint)uVar3;
+      uVar5 = kpushobject(&local_60,0x14,4);
+      if (uVar5 != 0xffffffff) {
+        local_84 = 0;
+        uVar6 = MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
+                addPattern<struct_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
+                          (DAT_0,&local_84,(longlong)pnVar10,uVar11,uVar5,local_88[0]);
+        if ((int)uVar6 == 0) {
+LAB_4:
+          kpopobject(local_5c);
+        }
+        else if ((int)uVar6 == 0x585) {
+          if (local_84 == 0xffffffff) {
+            di::TelemetryAssert::AssertTriggeredNoArgs();
+          }
+          for (pvVar7 = kpopobject(local_84); pvVar7 != (void *)0x0;
+              pvVar7 = kpopobject(*(ulong *)((longlong)pvVar7 + 0xc))) {
+            if (*(ulong *)((longlong)pvVar7 + 0xc) == 0) {
+              *(ulong *)((longlong)pvVar7 + 0xc) = uVar5;
+              goto LAB_4;
+            }
+          }
+        }
+        goto LAB_2;
+      }
+      if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+         ((WPP_GLOBAL_Control[0x1c] & 2) == 0)) goto LAB_2;
+      uVar8 = 0x15;
+    }
+  }
+  WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar8,
+          &WPP_20e5033c21ee3a3bb8def18d867dd68a_Traceguids);
+LAB_2:
+  __security_check_cookie(local_48 ^ (ulonglong)auStackY_d8);
+  return;
+}
+

FopScanner::AddNewPatternCommon

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,sig,address,called
ratio 0.0
i_ratio 0.28
m_ratio 0.27
b_ratio 0.27
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddNewPatternCommon AddNewPatternCommon
fullname FopScanner::AddNewPatternCommon FopScanner::AddNewPatternCommon
refcount 9 9
length 2447 2012
called
Expand for full list:
BMGetPatternFlags
ComputeSigPropertiesWithNoName
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::addPattern<struct_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
WPP_SF_
WPP_SF_DDDDLL
WPP_SF_DLLL
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecidfrombuffexdi::TelemetryAssert::AssertTriggeredNoArgs
kpopobjectex
kpushobjectex
kstore_copy_buff
memcmp
operator_new
operator_new
std::list<unsigned_long,class_std::allocator<unsigned_long>_>::_Emplace<unsigned_long_const&_ptr64>
std::list<unsigned_long,class_std::allocator<unsigned_long>>::list<unsigned_long,class_std::allocator<unsigned_long>>
Expand for full list:
BMGetPatternFlags
ComputeSigPropertiesWithNoName
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::addPattern<struct_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
WPP_SF_
WPP_SF_DDDDLL
WPP_SF_DLLL
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecidfrombuffexdi::TelemetryAssert::AssertTriggeredNoArgs
kpopobject
kpushobject
operator_new
operator_new
std::list<unsigned_long,class_std::allocator<unsigned_long>_>::_Emplace<unsigned_long_const&_ptr64>
std::list<unsigned_long,class_std::allocator<unsigned_long>>::list<unsigned_long,class_std::allocator<unsigned_long>>
calling FopScanner::AddNewPatternEx_MSIL
FopScanner::AddNewPatternEx_VB
FopScanner::AddNewPatternEx_X64
FopScanner::AddNewPatternEx_X86
FopScanner::AddNewPattern_MSIL
FopScanner::AddNewPattern_VB
FopScanner::AddNewPattern_X64
FopScanner::AddNewPattern_X86		 FopScanner::AddNewPatternEx_MSIL
FopScanner::AddNewPatternEx_VB
FopScanner::AddNewPatternEx_X64
FopScanner::AddNewPatternEx_X86
FopScanner::AddNewPattern_MSIL
FopScanner::AddNewPattern_VB
FopScanner::AddNewPattern_X64
FopScanner::AddNewPattern_X86
paramcount 7 7
address 75a34970c 75a512c7c
sig undefined __fastcall AddNewPatternCommon(list<unsigned_long,class_std::allocator<unsigned_long>_> * param_1, nothrow_t * param_2, MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> * param_3, uint param_4, ulong param_5, longlong * param_6, char param_7) undefined __fastcall AddNewPatternCommon(list<unsigned_long,class_std::allocator<unsigned_long>_> * param_1, nothrow_t * param_2, MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> * param_3, ulong param_4, ulong param_5, longlong * param_6, char param_7)
sym_type Function Function
sym_source IMPORTED IMPORTED
external False False

FopScanner::AddNewPatternCommon Called Diff

--- FopScanner::AddNewPatternCommon called
+++ FopScanner::AddNewPatternCommon called
@@ -13,4 +13,2 @@
-kpopobjectex
-kpushobjectex
-kstore_copy_buff
-memcmp
+kpopobject
+kpushobject

FopScanner::AddNewPatternCommon Diff

--- FopScanner::AddNewPatternCommon
+++ FopScanner::AddNewPatternCommon
@@ -1,2 +1,299 @@
-Failed to decompile mpengine.dll - .ProgramDB FopScanner::AddNewPatternCommon : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+void FopScanner::AddNewPatternCommon
+               (list<unsigned_long,class_std::allocator<unsigned_long>_> *param_1,nothrow_t *param_2
+               ,MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                *param_3,ulong param_4,ulong param_5,longlong *param_6,char param_7)
+
+{
+  bool bVar1;
+  ulong uVar2;
+  void *pvVar3;
+  undefined8 uVar4;
+  longlong lVar5;
+  list<unsigned_long,class_std::allocator<unsigned_long>_> *this;
+  ushort uVar6;
+  undefined2 uVar7;
+  ushort uVar8;
+  ulonglong uVar9;
+  nothrow_t *pnVar10;
+  char cVar11;
+  ulonglong uVar12;
+  uint uVar13;
+  MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *pMVar14;
+  undefined auStackY_f8 [32];
+  undefined uVar15;
+  undefined4 in_stack_ffffffffffffff40;
+  undefined4 in_stack_ffffffffffffff44;
+  undefined4 in_stack_ffffffffffffff48;
+  undefined4 in_stack_ffffffffffffff4c;
+  byte local_a8 [4];
+  uint local_a4;
+  nothrow_t local_a0;
+  char local_9f;
+  ulong local_9c;
+  undefined4 local_98;
+  undefined4 local_94;
+  undefined4 local_90;
+  undefined4 local_8c;
+  undefined4 local_88;
+  MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *local_80;
+  list<unsigned_long,class_std::allocator<unsigned_long>_> *local_78;
+  ulong local_70;
+  ulonglong local_6c;
+  undefined8 uStack_64;
+  undefined8 local_5c;
+  undefined8 uStack_54;
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStackY_f8;
+  local_a8[0] = (byte)param_1;
+  local_9c = param_4;
+  local_78 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)param_3;
+  if (*param_6 == 0) {
+    param_1 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)
+              operator_new(0x8e0,param_2);
+    local_80 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+               param_1;
+    if (param_1 == (list<unsigned_long,class_std::allocator<unsigned_long>_> *)0x0) {
+      *param_6 = 0;
+    }
+    else {
+      lVar5 = MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
+              MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                        ((MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                          *)param_1,0x4000);
+      *param_6 = lVar5;
+      if (lVar5 != 0) goto LAB_0;
+    }
+    if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+       ((WPP_GLOBAL_Control[0x1c] & 1) == 0)) goto LAB_1;
+    uVar7 = 0x12;
+  }
+  else {
+LAB_0:
+    if (param_6[3] == 0) {
+      param_1 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)operator_new(0x10);
+      local_80 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+                 param_1;
+      lVar5 = std::list<unsigned_long,class_std::allocator<unsigned_long>_>::
+              list<unsigned_long,class_std::allocator<unsigned_long>_>(param_1);
+      param_6[3] = lVar5;
+    }
+    pMVar14 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+              ((ulonglong)(-(uint)(param_7 != '\0') & 6) + 4);
+    local_a4 = CONCAT31(local_a4._1_3_,*param_2) & 0xffffff01;
+    if ((param_3 <= pMVar14) || (((byte)*param_2 & 0xfe) != 0)) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x13,
+                 &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,param_5);
+      }
+      goto LAB_1;
+    }
+    local_a0 = param_2[1];
+    uVar12 = (ulonglong)(byte)local_a0;
+    uVar9 = (ulonglong)*(ushort *)(param_2 + 2);
+    uVar15 = (undefined)*(ushort *)(param_2 + 2);
+    if (param_7 == '\0') {
+      if (pMVar14 + uVar12 + uVar9 != param_3) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_DLLL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x14,
+                      &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,(uint)(byte)local_a0,uVar15,
+                      (char)param_3,(char)(pMVar14 + uVar12 + uVar9));
+        }
+        goto LAB_1;
+      }
+    }
+    else {
+      param_1 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)
+                (ulonglong)*(ushort *)(param_2 + 6);
+      if ((MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)param_1
+          + uVar9 + *(ushort *)(param_2 + 4) + uVar12 + (longlong)pMVar14 != param_3) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_DDDDLL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar9,WPP_GLOBAL_Control,
+                        (uint)(byte)local_a0,uVar15,(char)*(ushort *)(param_2 + 4),
+                        (char)*(ushort *)(param_2 + 6),(char)param_3,
+                        (char)((MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                                *)param_1 + uVar9 + *(ushort *)(param_2 + 4) + uVar12 +
+                              (longlong)pMVar14));
+        }
+        goto LAB_1;
+      }
+    }
+    local_80 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)0x0
+    ;
+    local_98 = 0xeea339da;
+    local_94 = 0xd4b6b5e;
+    local_90 = 0xefbf5532;
+    local_8c = 0x90186095;
+    local_88 = 0x907d8af;
+    bVar1 = ComputeSigPropertiesWithNoName
+                      ((signature_type)CONCAT71((int7)((ulonglong)param_1 >> 8),local_a8[0]),
+                       (uchar *)param_2,(__uint64)param_3,(__uint64 *)&local_80,(sha1_t *)&local_98)
+    ;
+    if (!bVar1) goto LAB_1;
+    local_9c = createrecidfrombuffex
+                         (local_9c,param_5,(__uint64)local_80,(sha1_t *)&local_98,
+                          param_2 + (longlong)pMVar14,uVar12,true,
+                          (uchar *)CONCAT44(in_stack_ffffffffffffff44,in_stack_ffffffffffffff40),
+                          CONCAT44(in_stack_ffffffffffffff4c,in_stack_ffffffffffffff48));
+    if (local_9c == 0xffffffff) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x16,
+                &WPP_6c4bee861dc9358b4853620debb96048_Traceguids);
+      }
+      goto LAB_1;
+    }
+    std::list<unsigned_long,class_std::allocator<unsigned_long>_>::
+    _Emplace<unsigned_long_const&___ptr64>
+              ((list<unsigned_long,class_std::allocator<unsigned_long>_> *)param_6[3],
+               *(_List_node<unsigned_long,void*___ptr64> **)param_6[3],&local_9c);
+    cVar11 = '\0';
+    local_9f = '\0';
+    local_6c = 0;
+    local_5c = 0;
+    uStack_54 = 0;
+    local_70 = local_9c;
+    uVar8 = (ushort)(byte)local_a4;
+    local_a4 = CONCAT22(local_a4._2_2_,uVar8 * 2);
+    uStack_64 = (ulonglong)(ushort)(uVar8 * 2) << 0x30;
+    if (param_7 != '\0') {
+      uVar8 = *(ushort *)(param_2 + 4);
+      local_6c = (ulonglong)uVar8 << 0x20;
+      pnVar10 = param_2 + (ulonglong)*(ushort *)(param_2 + 2) + (ulonglong)(byte)local_a0 +
+                (longlong)pMVar14;
+      if (uVar8 != 0) {
+        if ((nothrow_t *)(param_3 + (longlong)param_2) < pnVar10 + uVar8) {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+            WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x18,
+                     &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,(uint)uVar8);
+          }
+          goto LAB_1;
+        }
+        local_a8[0] = 0;
+        bVar1 = BMGetPatternFlags((uchar *)pnVar10,(ulonglong)uVar8,local_a8);
+        if (!bVar1) goto LAB_1;
+        if ((local_a8[0] & 2) == 0) {
+          uStack_64 = CONCAT26((undefined2)local_a4,(undefined6)uStack_64) | 0x8000000000000;
+        }
+        uVar2 = kpushobject(pnVar10,(uint)*(ushort *)(param_2 + 4),0);
+        uStack_64 = CONCAT44(uStack_64._4_4_,uVar2);
+        if (uVar2 == 0xffffffff) {
+          if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+             ((WPP_GLOBAL_Control[0x1c] & 1) == 0)) goto LAB_1;
+          uVar7 = 0x19;
+          goto LAB_2;
+        }
+        pvVar3 = kpopobject(uVar2);
+        if (pvVar3 == (void *)0x0) goto LAB_1;
+        pnVar10 = pnVar10 + (local_6c >> 0x20);
+      }
+      uVar8 = *(ushort *)(param_2 + 6);
+      uStack_54 = CONCAT44(uStack_54._4_4_,(uint)uVar8);
+      cVar11 = local_9f;
+      if (uVar8 != 0) {
+        if (local_78 + (longlong)param_2 <
+            (list<unsigned_long,class_std::allocator<unsigned_long>_> *)(pnVar10 + uVar8)) {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+            WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x1a,
+                     &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,(uint)uVar8);
+          }
+          goto LAB_1;
+        }
+        uVar2 = kpushobject(pnVar10,(uint)uVar8,0);
+        uStack_54 = CONCAT44(uVar2,(uint)uStack_54);
+        if (uVar2 == 0xffffffff) {
+          if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+             ((WPP_GLOBAL_Control[0x1c] & 1) == 0)) goto LAB_1;
+          uVar7 = 0x1b;
+          goto LAB_2;
+        }
+        uStack_64 = uStack_64 | 0x1000000000000;
+        uVar8 = 0;
+        cVar11 = '\x01';
+        if ((uint)uStack_54 != 0) {
+          do {
+            *(undefined *)((ulonglong)(byte)pnVar10[uVar8] + 0x21 + (longlong)param_6) = 0;
+            uVar8 = uVar8 + 1;
+          } while (uVar8 < (uint)uStack_54);
+        }
+      }
+      uStack_64._0_6_ = CONCAT24(*(undefined2 *)(param_2 + 8),(undefined4)uStack_64);
+    }
+    uVar9 = (ulonglong)(byte)local_a0;
+    uVar8 = *(ushort *)(param_2 + 2);
+    uVar6 = -(ushort)(8 < uVar8) & 4;
+    uStack_64 = CONCAT26(uVar6 | uStack_64._6_2_ & 0xfffb,(undefined6)uStack_64);
+    if ((cVar11 == '\0') && (uVar6 == 0)) {
+      uVar13 = local_5c._4_4_;
+    }
+    else {
+      uVar13 = (uint)uVar8;
+      uVar2 = kpushobject(param_2 + uVar9 + (longlong)pMVar14,uVar13,0);
+      local_5c = (ulonglong)CONCAT24(uVar8,uVar2);
+      if (uVar2 == 0xffffffff) {
+        if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+           ((WPP_GLOBAL_Control[0x1c] & 1) == 0)) goto LAB_1;
+        uVar7 = 0x1c;
+        goto LAB_2;
+      }
+    }
+    uVar2 = kpushobject(&local_70,(-(uint)(uVar13 != 0) & 0x10) + 0x14,4);
+    local_80 = (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)
+               CONCAT44(local_80._4_4_,uVar2);
+    if (uVar2 != 0xffffffff) {
+      local_a4 = 0;
+      if (local_5c._4_4_ == 0) {
+        if (8 < uVar8) {
+          di::TelemetryAssert::AssertTriggeredNoArgs();
+        }
+        uVar4 = MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
+                addPattern<struct_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
+                          ((MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                            *)*param_6,&local_a4,(longlong)(param_2 + uVar9 + (longlong)pMVar14),
+                           (ulonglong)uVar8,uVar2,local_9f);
+        if (((int)uVar4 != 0) && ((int)uVar4 == 0x585)) {
+          if (local_a4 == 0xffffffff) {
+            di::TelemetryAssert::AssertTriggeredNoArgs();
+          }
+          for (pvVar3 = kpopobject(local_a4); pvVar3 != (void *)0x0;
+              pvVar3 = kpopobject(*(ulong *)((longlong)pvVar3 + 4))) {
+            if (*(ulong *)((longlong)pvVar3 + 4) == 0) {
+              *(ulong *)((longlong)pvVar3 + 4) = uVar2;
+              break;
+            }
+          }
+        }
+      }
+      else {
+        this = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)param_6[2];
+        if (this == (list<unsigned_long,class_std::allocator<unsigned_long>_> *)0x0) {
+          local_78 = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)operator_new(0x10);
+          this = (list<unsigned_long,class_std::allocator<unsigned_long>_> *)
+                 std::list<unsigned_long,class_std::allocator<unsigned_long>_>::
+                 list<unsigned_long,class_std::allocator<unsigned_long>_>(local_78);
+          param_6[2] = (longlong)this;
+        }
+        std::list<unsigned_long,class_std::allocator<unsigned_long>_>::
+        _Emplace<unsigned_long_const&___ptr64>
+                  (this,*(_List_node<unsigned_long,void*___ptr64> **)this,(ulong *)&local_80);
+      }
+      goto LAB_1;
+    }
+    if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+       ((WPP_GLOBAL_Control[0x1c] & 1) == 0)) goto LAB_1;
+    uVar7 = 0x1d;
+  }
+LAB_2:
+  WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar7,
+          &WPP_6c4bee861dc9358b4853620debb96048_Traceguids);
+LAB_1:
+  __security_check_cookie(local_48 ^ (ulonglong)auStackY_f8);
+  return;
+}
+

LuaHipsLib::AddPath

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address,called
ratio 0.01
i_ratio 0.37
m_ratio 0.56
b_ratio 0.54
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddPath AddPath
fullname LuaHipsLib::AddPath LuaHipsLib::AddPath
refcount 2 2
length 998 1067
called
Expand for full list:
AsrAsimovGenericHResultDatapoint::Failure
AsrLocationInfo::PushPath
CommonUtil::CUniqueHandle<struct_CommonUtil::CAutoUniquePtrDelete<class_CPkcs7SignedData,void>>::Swap
CommonUtil::UtilExpandEnvironmentStrings
CommonUtil::UtilMultiByteToWideChar
CompileAsrRegex
EnvVarFromPath
WPP_SF_S
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgsfree
luaL_error
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator_>
Expand for full list:
AsrAsimovGenericHResultDatapoint::Failure
AsrHealthMonitor::AddBuildInPathExclusion
AsrLocationInfo::PushPath
CommonUtil::UtilExpandEnvironmentStrings
CommonUtil::UtilMultiByteToWideChar
CompileAsrRegex
EnvVarFromPath
WPP_SF_S
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgsfree
luaL_error
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
calling LuaHipsLib::LuaHipsResultHandler LuaHipsLib::LuaHipsResultHandler
paramcount 4 4
address 75a793690 75a7d4f34
sig void __thiscall AddPath(LuaHipsLib * this, lua_State * param_1, char * param_2, AsrPathHandlingFlags_t param_3) void __thiscall AddPath(LuaHipsLib * this, lua_State * param_1, char * param_2, AsrPathHandlingFlags_t param_3)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

LuaHipsLib::AddPath Called Diff

--- LuaHipsLib::AddPath called
+++ LuaHipsLib::AddPath called
@@ -1,0 +2 @@
+AsrHealthMonitor::AddBuildInPathExclusion
@@ -3 +3,0 @@
-CommonUtil::CUniqueHandle<struct_CommonUtil::CAutoUniquePtrDelete<class_CPkcs7SignedData,void>_>::Swap

LuaHipsLib::AddPath Diff

--- LuaHipsLib::AddPath
+++ LuaHipsLib::AddPath
@@ -1,2 +1,187 @@
-Failed to decompile mpengine.dll - .ProgramDB LuaHipsLib::AddPath : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* private: void __cdecl LuaHipsLib::AddPath(struct lua_State * __ptr64,char const * __ptr64,enum
+   AsrPathHandlingFlags_t) __ptr64 */
+
+void __thiscall
+LuaHipsLib::AddPath(LuaHipsLib *this,lua_State *param_1,char *param_2,AsrPathHandlingFlags_t param_3
+                   )
+
+{
+  int iVar1;
+  uint uVar2;
+  longlong lVar3;
+  long lVar4;
+  AsrAsimovGenericHResultDatapoint *pAVar5;
+  undefined8 uVar6;
+  wchar_t *pwVar7;
+  vector<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>,class_std::allocator<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>_>_>
+  *pvVar8;
+  AsrLocationInfo *this_00;
+  char ****ppppcVar9;
+  wchar_t *_Memory;
+  undefined auStackY_e8 [32];
+  wchar_t *local_b8;
+  long local_b0;
+  wchar_t *local_a8;
+  LuaHipsLib *local_a0;
+  lua_State *local_98;
+  basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_88 [32];
+  char ***local_68 [3];
+  ulonglong local_50;
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStackY_e8;
+  local_b8 = (wchar_t *)0x0;
+  local_a0 = this;
+  local_98 = param_1;
+  lVar4 = CommonUtil::UtilMultiByteToWideChar(&local_b8,0xfde9,param_2,param_3);
+  _Memory = local_b8;
+  if (lVar4 < 0) {
+                    /* WARNING: Subroutine does not return */
+    luaL_error(param_1,"UtilWideCharFromUtf8(%s) failed",param_2);
+  }
+  if (((DAT_0 != (AsrHealthMonitor *)0x0) &&
+      ((*(uint *)(*(longlong *)(this + 0x10) + 0x118) & 0x400) == 0)) &&
+     (*(int *)(*(longlong *)(this + 0x10) + 0x594) == 3)) {
+    AsrHealthMonitor::AddBuildInPathExclusion(DAT_0,*(_GUID **)(this + 0x18),local_b8);
+  }
+  local_a8 = (wchar_t *)0x0;
+  if ((param_3 & 2) != 0) {
+    if (g_ExpandEnvironmentStringsTelemetry == (AsrAsimovGenericHResultDatapoint *)0x0) {
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+    }
+    if (g_CASRExpandEnvironmentStringsTelemetry == (AsrAsimovGenericHResultDatapoint *)0x0) {
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+    }
+    local_b0 = CommonUtil::UtilExpandEnvironmentStrings(&local_a8,_Memory);
+    pwVar7 = local_a8;
+    if (local_b0 < 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xc,
+                 &WPP_02416e683dfc381ef59410906726e75d_Traceguids,_Memory);
+      }
+      if ((*(uint *)(*(longlong *)(this + 0x10) + 0x118) & 0x400) == 0) {
+        AsrAsimovGenericHResultDatapoint::Failure
+                  (g_ExpandEnvironmentStringsTelemetry,param_2,local_b0,(wchar_t *)0x0);
+      }
+      else {
+        uVar6 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+                basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                          (local_88,param_2);
+        EnvVarFromPath<char>(local_68,uVar6);
+        ppppcVar9 = local_68;
+        if (0xf < local_50) {
+          ppppcVar9 = (char ****)local_68[0];
+        }
+        AsrAsimovGenericHResultDatapoint::Failure
+                  (g_CASRExpandEnvironmentStringsTelemetry,(char *)ppppcVar9,local_b0,(wchar_t *)0x0
+                  );
+        std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+        _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                          *)local_68);
+      }
+    }
+    else {
+      local_b8 = local_a8;
+      local_a8 = _Memory;
+      param_3 = param_3 & 0xfffffffd;
+      pAVar5 = g_CASRExpandEnvironmentStringsTelemetry;
+      if ((*(uint *)(*(longlong *)(this + 0x10) + 0x118) & 0x400) == 0) {
+        pAVar5 = g_ExpandEnvironmentStringsTelemetry;
+      }
+      _Memory = pwVar7;
+      if (*pAVar5 != (AsrAsimovGenericHResultDatapoint)0x0) {
+        LOCK();
+        *(longlong *)(pAVar5 + 0x20) = *(longlong *)(pAVar5 + 0x20) + 1;
+        UNLOCK();
+      }
+    }
+  }
+  lVar3 = *(longlong *)(this + 0x10);
+  iVar1 = *(int *)(lVar3 + 0x594);
+  if (iVar1 == 2) {
+    this_00 = (AsrLocationInfo *)(lVar3 + 0x128);
+  }
+  else if (iVar1 == 3) {
+    this_00 = (AsrLocationInfo *)(lVar3 + 0x1c0);
+  }
+  else {
+    if (iVar1 != 4) {
+      if (iVar1 == 6) {
+        uVar6 = *(undefined8 *)(*(longlong *)(lVar3 + 0xd0) + 8);
+        pvVar8 = (vector<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>,class_std::allocator<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>_>_>
+                  *)(lVar3 + 0x338);
+        uVar2 = *(uint *)(lVar3 + 0x118);
+        pwVar7 = L"CmdLineRegExp";
+      }
+      else {
+        if (iVar1 != 7) {
+          if (iVar1 == 8) {
+            uVar6 = *(undefined8 *)(*(longlong *)(lVar3 + 0xd0) + 8);
+            pvVar8 = (vector<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>,class_std::allocator<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>_>_>
+                      *)(lVar3 + 0x2f0);
+            uVar2 = *(uint *)(lVar3 + 0x118);
+            pwVar7 = L"CmdLineExclusionRegExp";
+          }
+          else {
+            if (iVar1 != 9) {
+              if (iVar1 != 10) {
+                    /* WARNING: Subroutine does not return */
+                luaL_error(param_1,"HIPS Lua function type %d should not return a path");
+              }
+              uVar6 = CompileAsrRegex((vector<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>,class_std::allocator<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>_>_>
+                                       *)(lVar3 + 800),_Memory,0x500000,
+                                      *(undefined8 *)(*(longlong *)(lVar3 + 0xd0) + 8),
+                                      L"CmdLineInclusionRegExp",
+                                      ((*(uint *)(lVar3 + 0x118) & 0x400) != 0) + 1);
+              if ((int)uVar6 < 0) {
+                    /* WARNING: Subroutine does not return */
+                luaL_error(param_1,"Failed to compile cmdline inclusion regexp");
+              }
+              goto LAB_1;
+            }
+            uVar6 = *(undefined8 *)(*(longlong *)(lVar3 + 0xd0) + 8);
+            pvVar8 = (vector<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>,class_std::allocator<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>_>_>
+                      *)(lVar3 + 0x308);
+            uVar2 = *(uint *)(lVar3 + 0x118);
+            pwVar7 = L"ParentCmdLineExclusionRegExp";
+          }
+          uVar6 = CompileAsrRegex(pvVar8,_Memory,0x500000,uVar6,pwVar7,((uVar2 & 0x400) != 0) + 1);
+          if ((int)uVar6 < 0) {
+                    /* WARNING: Subroutine does not return */
+            luaL_error(param_1,"Failed to compile cmdline exclusion regexp");
+          }
+          goto LAB_1;
+        }
+        uVar6 = *(undefined8 *)(*(longlong *)(lVar3 + 0xd0) + 8);
+        pvVar8 = (vector<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>,class_std::allocator<class_boost::basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>_>_>_>_>
+                  *)(lVar3 + 0x350);
+        uVar2 = *(uint *)(lVar3 + 0x118);
+        pwVar7 = L"ParentCmdLineRegExp";
+      }
+      uVar6 = CompileAsrRegex(pvVar8,_Memory,0x100000,uVar6,pwVar7,((uVar2 & 0x400) != 0) + 1);
+      if ((int)uVar6 < 0) {
+                    /* WARNING: Subroutine does not return */
+        luaL_error(param_1,"Failed to compile cmdline regexp");
+      }
+      goto LAB_1;
+    }
+    this_00 = (AsrLocationInfo *)(lVar3 + 600);
+  }
+  lVar4 = AsrLocationInfo::PushPath(this_00,_Memory,(bool)((byte)param_3 & 1));
+  if (lVar4 < 0) {
+                    /* WARNING: Subroutine does not return */
+    luaL_error(param_1,"std::map->emplace failed");
+  }
+LAB_1:
+  if (local_a8 != (wchar_t *)0x0) {
+    free(local_a8);
+  }
+  if (_Memory != (wchar_t *)0x0) {
+    free(_Memory);
+  }
+  __security_check_cookie(local_48 ^ (ulonglong)auStackY_e8);
+  return;
+}
+

BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address,called
ratio 0.01
i_ratio 0.58
m_ratio 0.97
b_ratio 0.97
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddRelationship AddRelationship
fullname BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship
refcount 7 7
length 552 516
called
Expand for full list:
__security_check_cookie
guard_dispatch_icall$fo_default$
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::default_delete<class_web::json::details::_Value>::operator()
std::unique_ptr<class_web::json::details::_Array,struct_std::default_delete<class_web::json::details::Array>>::~unique_ptr<class_web::json::details::_Array,struct_std::default_delete<class_web::json::details::Array>>
utility::details::make_unique<class_web::json::details::_Array>
web::json::value::number
web::json::value::operator=
web::json::value::operator[]
web::json::value::operator[]web::json::value::value
 __security_check_cookie
guard_dispatch_icall$fo_default$
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::default_delete<class_web::json::details::_Value>::operator()
web::json::value::array
web::json::value::number
web::json::value::operator=
web::json::value::operator[]
web::json::value::operator[]
calling BmContextRichDataJson::BmContextRichDataJsonImpl::AddProcessOpenEvidence
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessFileResource
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessNetworkDetection
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessNetworkPortOpen<class_CommonUtil::CStdPtrVector<class_CommonUtil::CAutoUniquePtr<class_BMInternalInfo,void>>>
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessNetworkVolume
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessRegistryResource<struct_RegistryInfo*___ptr64>		 BmContextRichDataJson::BmContextRichDataJsonImpl::AddProcessOpenEvidence
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessFileResource
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessNetworkDetection
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessNetworkPortOpen<class_CommonUtil::CStdPtrVector<class_CommonUtil::CAutoUniquePtr<class_BMInternalInfo,void>>>
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessNetworkVolume
BmContextRichDataJson::BmContextRichDataJsonImpl::ProcessRegistryResource<struct_RegistryInfo*___ptr64>
paramcount 4 4
address 75a88609c 75a84b13c
sig long __thiscall AddRelationship(BmContextRichDataJsonImpl * this, ulong param_1, ulong param_2, ActionTagEnum param_3) long __thiscall AddRelationship(BmContextRichDataJsonImpl * this, ulong param_1, ulong param_2, ActionTagEnum param_3)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship Called Diff

--- BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship called
+++ BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship called
@@ -6,2 +6 @@
-std::unique_ptr<class_web::json::details::_Array,struct_std::default_delete<class_web::json::details::_Array>_>::~unique_ptr<class_web::json::details::_Array,struct_std::default_delete<class_web::json::details::_Array>_>
-utility::details::make_unique<class_web::json::details::_Array>
+web::json::value::array
@@ -12 +10,0 @@
-web::json::value::value

BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship Diff

--- BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship
+++ BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship
@@ -1,2 +1,87 @@
-Failed to decompile mpengine.dll - .ProgramDB BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* public: long __cdecl BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship(unsigned
+   long,unsigned long,enum ResourceInfo::ActionTagEnum) __ptr64 */
+
+long __thiscall
+BmContextRichDataJson::BmContextRichDataJsonImpl::AddRelationship
+          (BmContextRichDataJsonImpl *this,ulong param_1,ulong param_2,ActionTagEnum param_3)
+
+{
+  uint uVar1;
+  long extraout_EAX;
+  value *pvVar2;
+  __uint64 _Var3;
+  value *pvVar4;
+  value *pvVar5;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *this_00;
+  undefined auStack_98 [32];
+  _Value *local_78;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+  local_70 [40];
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStack_98;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            (local_70,L"relationships");
+  pvVar2 = web::json::value::operator[]((value *)this,local_70);
+  _Var3 = (**(code **)(**(longlong **)pvVar2 + 0xb8))();
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(local_70);
+  pvVar2 = web::json::value::array((value *)&local_78);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            (local_70,L"relationships");
+  pvVar4 = web::json::value::operator[]((value *)this,local_70);
+  pvVar4 = web::json::value::operator[](pvVar4,_Var3);
+  web::json::value::operator=(pvVar4,pvVar2);
+  this_00 = local_70;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(this_00);
+  if (local_78 != (_Value *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)this_00,local_78);
+  }
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            (local_70,L"relationships");
+  pvVar2 = web::json::value::operator[]((value *)this,local_70);
+  pvVar2 = web::json::value::operator[](pvVar2,_Var3);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(local_70);
+  uVar1 = *(uint *)(this + 0xc);
+  *(uint *)(this + 0xc) = uVar1 + 1;
+  pvVar4 = (value *)web::json::value::number(&local_78,uVar1);
+  pvVar5 = web::json::value::operator[](pvVar2,0);
+  web::json::value::operator=(pvVar5,pvVar4);
+  if (local_78 != (_Value *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pvVar5,local_78);
+  }
+  pvVar4 = (value *)web::json::value::number(&local_78,param_1);
+  pvVar5 = web::json::value::operator[](pvVar2,1);
+  web::json::value::operator=(pvVar5,pvVar4);
+  if (local_78 != (_Value *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pvVar5,local_78);
+  }
+  pvVar4 = (value *)web::json::value::number(&local_78,param_3);
+  pvVar5 = web::json::value::operator[](pvVar2,2);
+  web::json::value::operator=(pvVar5,pvVar4);
+  if (local_78 != (_Value *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pvVar5,local_78);
+  }
+  pvVar4 = (value *)web::json::value::number(&local_78,param_2);
+  pvVar2 = web::json::value::operator[](pvVar2,3);
+  web::json::value::operator=(pvVar2,pvVar4);
+  if (local_78 != (_Value *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pvVar2,local_78);
+  }
+  __security_check_cookie(local_48 ^ (ulonglong)auStack_98);
+  return extraout_EAX;
+}
+

LuaStandalone::AddScript

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address
ratio 0.0
i_ratio 0.6
m_ratio 0.8
b_ratio 0.77
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddScript AddScript
fullname LuaStandalone::AddScript LuaStandalone::AddScript
refcount 3 3
length 5010 5036
called
Expand for full list:
CommonUtil::HrDuplicateStringA
ComputeSigPropertiesWithNoName
DcQueryBootLoadBool
LuaScriptHolder::LuaScriptHolder
LuaScriptHolder::Release
MakeSigSha
PreLoadLuaScript
StrToULongHelper
StrToULongLongHelper
TokenizedStringExpressionEvaluator::TokenizedStringExpressionEvaluator
WPP_SF_WPP_SF_iL
WPP_SF_l
WPP_SF_sSii
WPP_SF_si
__security_check_cookie
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecid
createrecidz
di::TelemetryAssert::AssertTriggeredNoArgs
free
kstore
operator_new
std::_Allocate<16,struct_std::Default_allocate_traits,0>
std::Func_impl_no_alloc<<lambda_2fc8cc021b4f6589635d993fdeb48a36>,bool,enum_MpHipsRuleType_t>::Delete_this
std::Get_size_of_n<40>
std::Tree<class_std::Tmap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>>,0>>::_Emplace<char_const*_ptr64&ptr64,struct_LuaTimeStampData>
std::Tree<class_std::Tmap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>>,0>>::Find<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
std::Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>,void*__ptr64>::Freenode<class_std::allocator<struct_std::Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>,void*ptr64>>>
std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>>>::Extract
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::vector<struct_LuaScriptHolder,class_std::allocator<struct_LuaScriptHolder>>::_Emplace_reallocate<struct_LuaScriptHolder>
strcmp
strnchr
strncmp
strpbrk
Expand for full list:
CommonUtil::HrDuplicateStringA
ComputeSigPropertiesWithNoName
DcQueryBootLoadBool
LuaScriptHolder::LuaScriptHolder
LuaScriptHolder::Release
MakeSigSha
PreLoadLuaScript
StrToULongHelper
StrToULongLongHelper
TokenizedStringExpressionEvaluator::TokenizedStringExpressionEvaluator
WPP_SF_WPP_SF_iL
WPP_SF_l
WPP_SF_sSii
WPP_SF_si
__security_check_cookie
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
createrecid
createrecidz
di::TelemetryAssert::AssertTriggeredNoArgs
free
kstore
operator_new
std::_Allocate<16,struct_std::Default_allocate_traits,0>
std::Func_impl_no_alloc<<lambda_2fc8cc021b4f6589635d993fdeb48a36>,bool,enum_MpHipsRuleType_t>::Delete_this
std::Get_size_of_n<40>
std::Tree<class_std::Tmap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>>,0>>::_Emplace<char_const*_ptr64&ptr64,struct_LuaTimeStampData>
std::Tree<class_std::Tmap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>>,0>>::Find<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
std::Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>,void*__ptr64>::Freenode<class_std::allocator<struct_std::Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>,void*ptr64>>>
std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_LuaTimeStampData>>>::Extract
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::vector<struct_LuaScriptHolder,class_std::allocator<struct_LuaScriptHolder>>::_Emplace_reallocate<struct_LuaScriptHolder>
strcmp
strnchr
strncmp
strpbrk
calling LuaStandaloneDbReceiver
LuaStandaloneDbReceiverDynamic		 LuaStandaloneDbReceiver
LuaStandaloneDbReceiverDynamic
paramcount 6 6
address 75a6565e4 75a60d204
sig MP_ERROR __thiscall AddScript(LuaStandalone * this, uchar * param_1, __uint64 param_2, ulong param_3, ulong param_4, IFpBlobControl * param_5) MP_ERROR __thiscall AddScript(LuaStandalone * this, uchar * param_1, __uint64 param_2, ulong param_3, ulong param_4, IFpBlobControl * param_5)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

LuaStandalone::AddScript Diff

--- LuaStandalone::AddScript
+++ LuaStandalone::AddScript
@@ -1,2 +1,805 @@
-Failed to decompile mpengine.dll - .ProgramDB LuaStandalone::AddScript : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* public: enum MP_ERROR __cdecl LuaStandalone::AddScript(unsigned char const * __ptr64,unsigned
+   __int64,unsigned long,unsigned long,class IFpBlobControl * __ptr64) __ptr64 */
+
+MP_ERROR __thiscall
+LuaStandalone::AddScript
+          (LuaStandalone *this,uchar *param_1,__uint64 param_2,ulong param_3,ulong param_4,
+          IFpBlobControl *param_5)
+
+{
+  TokenizedStringExpressionEvaluator *pTVar1;
+  vector<struct_LuaScriptHolder,class_std::allocator<struct_LuaScriptHolder>_> *this_00;
+  _Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+  _Var2;
+  LuaScriptHolder LVar3;
+  bool bVar4;
+  MP_ERROR extraout_EAX;
+  int iVar5;
+  long lVar6;
+  MP_ERROR MVar7;
+  char *pcVar8;
+  undefined **ppuVar9;
+  _Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+  *p_Var10;
+  void *pvVar11;
+  TokenizedStringExpressionEvaluator *pTVar12;
+  __uint64 _Var13;
+  _Tree_node<struct_std::pair<unsigned_int_const_,class_std::shared_ptr<struct_tdt::worker_context_t>_>,void*___ptr64>
+  *p_Var14;
+  undefined8 *puVar15;
+  byte bVar16;
+  uchar *_Str1;
+  undefined ***pppuVar17;
+  LuaScriptHolder *this_01;
+  _Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+  *p_Var18;
+  char cVar19;
+  uint uVar20;
+  uint uVar21;
+  ulonglong uVar22;
+  byte *pbVar23;
+  byte *_Memory;
+  LuaScriptHolder *this_02;
+  byte *_Str;
+  longlong lVar24;
+  uchar *puVar25;
+  _Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+  *p_Var26;
+  IFpBlobControl *pIVar27;
+  byte *pbVar28;
+  ulonglong uVar29;
+  uchar *puVar30;
+  uchar *puVar31;
+  uint *puVar32;
+  uchar *puVar33;
+  undefined auStackY_248 [32];
+  undefined uVar34;
+  undefined uVar35;
+  uchar *in_stack_fffffffffffffde0;
+  uchar *in_stack_fffffffffffffde8;
+  __uint64 in_stack_fffffffffffffdf0;
+  LuaScriptHolder local_207;
+  bool local_206;
+  bool local_205 [5];
+  uchar *local_200;
+  ulong local_1f8;
+  uchar *local_1f0;
+  IFpBlobControl *local_1e8;
+  __uint64 local_1e0;
+  char *local_1d8;
+  uchar *local_1d0;
+  ulong local_1c8 [2];
+  byte *local_1c0;
+  uchar *local_1b8;
+  _Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+  *local_1b0;
+  longlong local_1a8;
+  longlong local_1a0;
+  LuaStandalone *local_198;
+  char *local_190;
+  char *local_188;
+  byte *local_180;
+  uchar *local_178;
+  void *local_170;
+  void *local_168;
+  void *local_160;
+  longlong local_158;
+  longlong local_150;
+  uchar *local_148;
+  uchar *local_140;
+  LuaStandalone *local_138;
+  uchar *local_130;
+  char *local_128;
+  TokenizedStringExpressionEvaluator *local_120;
+  TokenizedStringExpressionEvaluator *local_118;
+  undefined4 local_110;
+  undefined4 local_10c;
+  undefined4 local_108;
+  undefined **local_f8 [7];
+  undefined ***local_c0;
+  undefined8 local_b8;
+  char *local_b0;
+  undefined8 local_a8;
+  undefined8 local_a0;
+  undefined8 uStack_98;
+  undefined8 local_90;
+  undefined8 uStack_88;
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStackY_248;
+  local_1e8 = param_5;
+  local_1f8 = param_3;
+  puVar33 = local_1b8;
+  local_198 = this;
+  local_138 = this;
+  if (param_2 < 8) goto LAB_0;
+  LVar3 = *(LuaScriptHolder *)(param_1 + 1);
+  local_130 = param_1;
+  if (0x23 < (byte)LVar3) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),10,
+               &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,(uint)(byte)LVar3);
+      puVar33 = local_1b8;
+    }
+    goto LAB_0;
+  }
+  pbVar23 = (byte *)0x0;
+  local_1c8[0] = 0;
+  local_1d8 = (char *)0x0;
+  local_190 = (char *)0x0;
+  local_1e0 = 0;
+  puVar30 = (uchar *)0x0;
+  local_1d0 = (uchar *)0x0;
+  local_170 = (void *)0x0;
+  local_160 = (void *)0x0;
+  local_1a8 = 0;
+  local_158 = 0;
+  local_1a0 = 0;
+  local_150 = 0;
+  local_168 = (void *)0x0;
+  local_206 = false;
+  DcQueryBootLoadBool(L"MpDisableCustomAsrEppCloudTimeStamps",&local_206);
+  local_205[0] = false;
+  DcQueryBootLoadBool(L"EnableCustomAsrOldBlobDrop_MpRamp",local_205);
+  local_207 = (LuaScriptHolder)0x0;
+  DcQueryBootLoadBool(L"MpDisableCustomAsrReportingHeartBeat",(bool *)&local_207);
+  puVar25 = param_1 + 8;
+  local_1f0 = (uchar *)(param_2 - 8);
+  puVar33 = puVar25;
+  local_178 = puVar25;
+  if (*param_1 == '\0') {
+    if (((&DAT_1)[(ulonglong)(byte)LVar3 * 0x10] & 1) == 0) goto LAB_75a60d7a3;
+    uVar22 = 0xffffffff;
+    pbVar28 = pbVar23;
+    if (((ulonglong)param_1 & 3) != 0) {
+      pbVar28 = (byte *)(4 - (ulonglong)((uint)param_1 & 3));
+    }
+    uVar29 = param_2 - (longlong)pbVar28;
+    lVar24 = (param_2 - (longlong)pbVar28) - (uVar29 & 0xfffffffffffffff8);
+    puVar32 = (uint *)param_1;
+    for (; pbVar28 != (byte *)0x0; pbVar28 = pbVar28 + -1) {
+      uVar22 = (ulonglong)((uint)uVar22 >> 8 ^ (&CRC32_Table)[(uVar22 ^ *(byte *)puVar32) & 0xff]);
+      puVar32 = (uint *)((longlong)puVar32 + 1);
+    }
+    for (uVar29 = uVar29 >> 3; uVar29 != 0; uVar29 = uVar29 - 1) {
+      uVar20 = (uint)uVar22 ^ *puVar32;
+      uVar21 = puVar32[1];
+      uVar22 = (ulonglong)
+               ((&DAT_2)[(byte)(uVar21 >> 0x10)] ^
+                *(uint *)(&DAT_3 + (ulonglong)(byte)(uVar20 >> 0x10) * 4) ^
+                *(uint *)(&DAT_4 + (ulonglong)(byte)(uVar20 >> 8) * 4) ^
+                (&DAT_5)[(byte)(uVar21 >> 8)] ^
+                *(uint *)(&DAT_6 + (ulonglong)(uVar20 >> 0x18) * 4) ^
+                (&CRC32_Table)[uVar21 >> 0x18] ^
+                *(uint *)(&DAT_7 + (ulonglong)(uVar20 & 0xff) * 4) ^
+               *(uint *)(&DAT_8 + (ulonglong)(uVar21 & 0xff) * 4));
+      puVar32 = puVar32 + 2;
+    }
+    for (; lVar24 != 0; lVar24 = lVar24 + -1) {
+      uVar22 = (ulonglong)((uint)uVar22 >> 8 ^ (&CRC32_Table)[(uVar22 ^ *(byte *)puVar32) & 0xff]);
+      puVar32 = (uint *)((longlong)puVar32 + 1);
+    }
+LAB_9:
+    _Var13 = param_2 << 0x28 | uVar22 | 0xbd00000000;
+    local_1e0 = _Var13;
+    local_1b8 = local_178;
+    MakeSigSha(&local_118,CONCAT71((int7)(uVar22 >> 8),0xbd),param_1,param_2);
+    pbVar28 = (byte *)(ulonglong)param_4;
+    local_1f8 = createrecid(local_1f8,param_4,_Var13,(sha1_t *)&local_118,0xffffffff,
+                            in_stack_fffffffffffffde0,(__uint64)in_stack_fffffffffffffde8);
+    puVar31 = local_1f0;
+  }
+  else {
+    puVar30 = (uchar *)(ulonglong)*param_1;
+    if ((local_1f0 < puVar30) || (local_1b8 = puVar25 + (longlong)puVar30, local_1b8[-1] != '\0'))
+    goto LAB_0;
+    puVar31 = local_1f0 + -(longlong)puVar30;
+    puVar30 = puVar25;
+    local_1f0 = puVar31;
+    local_1d0 = puVar25;
+    if (((&DAT_1)[(ulonglong)(byte)LVar3 * 0x10] & 1) == 0) {
+      uVar22 = 0xffffffff;
+      pbVar28 = pbVar23;
+      if (((ulonglong)param_1 & 3) != 0) {
+        pbVar28 = (byte *)(4 - (ulonglong)((uint)param_1 & 3));
+      }
+      uVar29 = param_2 - (longlong)pbVar28;
+      lVar24 = (param_2 - (uVar29 & 0xfffffffffffffff8)) - (longlong)pbVar28;
+      puVar32 = (uint *)param_1;
+      for (; pbVar28 != (byte *)0x0; pbVar28 = pbVar28 + -1) {
+        uVar22 = (ulonglong)((uint)uVar22 >> 8 ^ (&CRC32_Table)[(uVar22 ^ *(byte *)puVar32) & 0xff])
+        ;
+        puVar32 = (uint *)((longlong)puVar32 + 1);
+      }
+      for (uVar29 = uVar29 >> 3; uVar29 != 0; uVar29 = uVar29 - 1) {
+        uVar20 = (uint)uVar22 ^ *puVar32;
+        uVar21 = puVar32[1];
+        uVar22 = (ulonglong)
+                 ((&DAT_2)[(byte)(uVar21 >> 0x10)] ^
+                  *(uint *)(&DAT_3 + (ulonglong)(byte)(uVar20 >> 0x10) * 4) ^
+                  (&DAT_5)[(byte)(uVar21 >> 8)] ^
+                  *(uint *)(&DAT_4 + (ulonglong)(byte)(uVar20 >> 8) * 4) ^
+                  (&CRC32_Table)[uVar21 >> 0x18] ^
+                  *(uint *)(&DAT_6 + (ulonglong)(uVar20 >> 0x18) * 4) ^
+                  *(uint *)(&DAT_8 + (ulonglong)(uVar21 & 0xff) * 4) ^
+                 *(uint *)(&DAT_7 + (ulonglong)(uVar20 & 0xff) * 4));
+        puVar32 = puVar32 + 2;
+      }
+      for (; local_178 = local_1b8, lVar24 != 0; lVar24 = lVar24 + -1) {
+        uVar22 = (ulonglong)((uint)uVar22 >> 8 ^ (&CRC32_Table)[(uVar22 ^ *(byte *)puVar32) & 0xff])
+        ;
+        puVar32 = (uint *)((longlong)puVar32 + 1);
+      }
+      goto LAB_9;
+    }
+    local_118 = (TokenizedStringExpressionEvaluator *)0xd4b6b5eeea339da;
+    local_110 = 0xefbf5532;
+    local_10c = 0x90186095;
+    local_108 = 0x907d8af;
+    local_178 = local_1b8;
+    bVar4 = ComputeSigPropertiesWithNoName
+                      ((signature_type)CONCAT71((int7)((ulonglong)local_1b8 >> 8),0xbd),param_1,
+                       param_2,&local_1e0,(sha1_t *)&local_118);
+    _Var13 = local_1e0;
+    puVar33 = local_1b8;
+    if (!bVar4) goto LAB_0;
+    pbVar28 = (byte *)(ulonglong)param_4;
+    in_stack_fffffffffffffde0 = puVar31;
+    local_1f8 = createrecidz(local_1f8,param_4,local_1e0,(sha1_t *)&local_118,puVar25,
+                             (__uint64)puVar31,in_stack_fffffffffffffde8,in_stack_fffffffffffffdf0);
+  }
+  uVar35 = SUB81(in_stack_fffffffffffffde0,0);
+  if (local_1f8 == 0xffffffff) {
+    puVar33 = local_1b8;
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xb,
+              &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids);
+      puVar33 = local_1b8;
+    }
+    goto LAB_0;
+  }
+  local_f8[0] = std::
+                _Func_impl_no_alloc<class_<lambda_63c6f619ec516f90754e474913882bd7>,char_const*___ptr64,char_const*___ptr64,unsigned___int64>
+                ::vftable;
+  pppuVar17 = local_f8;
+  local_c0 = pppuVar17;
+  local_1b0 = (_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+               *)(param_1 + 2);
+  puVar33 = (uchar *)(ulonglong)*(ushort *)local_1b0;
+  if (puVar31 < puVar33) {
+    std::_Func_impl_no_alloc<<lambda_2fc8cc021b4f6589635d993fdeb48a36>,bool,enum_MpHipsRuleType_t>::
+    _Delete_this(local_f8,'\0');
+    puVar33 = local_1b8;
+    goto LAB_0;
+  }
+  uVar34 = (undefined)_Var13;
+  puVar25 = local_1f0;
+  if (*(ushort *)local_1b0 != 0) {
+    local_200 = local_1b8;
+    while( true ) {
+      puVar31 = local_200;
+      _Str1 = local_200;
+      pppuVar17 = local_c0;
+      pcVar8 = strnchr((char *)local_200,(char)pbVar28,(__uint64)puVar33);
+      uVar35 = SUB81(in_stack_fffffffffffffde0,0);
+      puVar25 = local_1f0;
+      if (pcVar8 == (char *)0x0) break;
+      _Str = (byte *)(pcVar8 + 1);
+      if ((puVar33 + ((longlong)puVar31 - (longlong)pcVar8) == (uchar *)0x0) ||
+         (puVar33 = puVar33 + ((longlong)puVar31 - (longlong)pcVar8) + -1, puVar33 == (uchar *)0x0))
+      break;
+      cVar19 = -0x44;
+      local_148 = puVar31;
+      iVar5 = strncmp((char *)_Str1,"Ob",2);
+      if (iVar5 == 0) {
+        local_200 = puVar31 + 2;
+        local_148 = local_200;
+      }
+      local_128 = strnchr((char *)_Str,cVar19,(__uint64)puVar33);
+      if (local_128 == (char *)0x0) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xd,
+                  &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids);
+        }
+LAB_10:
+        puVar33 = local_1b8;
+        if (local_c0 == (undefined ***)0x0) goto LAB_0;
+        ppuVar9 = *local_c0;
+        bVar4 = local_c0 == local_f8;
+        pppuVar17 = local_c0;
+        goto LAB_11;
+      }
+      puVar33 = puVar33 + ((longlong)_Str - (longlong)local_128);
+      local_1c0 = (byte *)0x0;
+      _Memory = pbVar23;
+      local_140 = puVar33;
+      if (iVar5 == 0) {
+        local_180 = _Str;
+        lVar6 = CommonUtil::HrDuplicateStringA((char **)&local_1c0,(char *)_Str);
+        _Memory = local_1c0;
+        if (-1 < lVar6) {
+          lVar24 = -1;
+          do {
+            lVar24 = lVar24 + 1;
+          } while (local_1c0[lVar24] != 0);
+          pbVar28 = _Memory;
+          if (local_1c0 == (byte *)0x0) {
+            di::TelemetryAssert::AssertTriggeredNoArgs();
+          }
+          for (; _Str = _Memory, lVar24 != 0; lVar24 = lVar24 + -1) {
+            *pbVar28 = *(byte *)((longlong)&g_PatternDecodingTableKeepNull + (ulonglong)*pbVar28);
+            pbVar28 = pbVar28 + 1;
+          }
+          goto LAB_12;
+        }
+joined_r0x00075a60d8e1:
+        if (_Memory != (byte *)0x0) {
+          free(_Memory);
+        }
+        puVar33 = local_1b8;
+        if (local_c0 != (undefined ***)0x0) {
+          (*(code *)(*local_c0)[4])
+                    (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+          puVar33 = local_1b8;
+        }
+        goto LAB_0;
+      }
+LAB_12:
+      local_180 = _Str;
+      iVar5 = strcmp((char *)local_200,"Flags");
+      if ((iVar5 == 0) &&
+         ((lVar6 = StrToULongHelper<char>((char *)_Str,0x10,local_1c8,&local_188), lVar6 < 0 ||
+          (local_1c8[0] == 0)))) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_si(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xe,
+                    &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,(char *)_Str,uVar34);
+        }
+        if (_Memory != (byte *)0x0) {
+          free(_Memory);
+        }
+        goto LAB_10;
+      }
+      iVar5 = strcmp((char *)local_200,"TimeStamp");
+      if ((iVar5 == 0) &&
+         (lVar6 = StrToULongLongHelper<char>((char *)_Str,0x10,(__uint64 *)&local_190,&local_188),
+         lVar6 < 0)) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_si(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xf,
+                    &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,(char *)_Str,uVar34);
+        }
+        local_190 = (char *)0x0;
+      }
+      if (local_206 != false) {
+        local_1d8 = local_190;
+      }
+      local_188 = local_1d8;
+      iVar5 = strcmp((char *)local_200,"MpAttributes");
+      if (iVar5 == 0) {
+        pcVar8 = strpbrk((char *)_Str,"|&!() ");
+        if (pcVar8 == (char *)0x0) {
+          lVar24 = -1;
+          do {
+            lVar24 = lVar24 + 1;
+          } while (_Str[lVar24] != 0);
+          local_170 = kstore(_Str,(int)lVar24 + 1,0);
+          if (local_170 == (void *)0x0) goto joined_r0x00075a60d8e1;
+        }
+        else {
+          local_120 = (TokenizedStringExpressionEvaluator *)operator_new(0x20);
+          local_1a8 = TokenizedStringExpressionEvaluator::TokenizedStringExpressionEvaluator
+                                (local_120,(char *)_Str,
+                                 (function<char_const*___ptr64___cdecl(char_const*___ptr64,unsigned___int64)>
+                                  *)local_f8);
+          local_158 = local_1a8;
+        }
+      }
+      iVar5 = strcmp((char *)local_200,"Includes");
+      if (iVar5 == 0) {
+        lVar24 = -1;
+        do {
+          lVar24 = lVar24 + 1;
+        } while (_Str[lVar24] != 0);
+        local_160 = kstore(_Str,(int)lVar24 + 1,0);
+        if (local_160 == (void *)0x0) goto joined_r0x00075a60d8e1;
+      }
+      pbVar28 = (byte *)0x0;
+      iVar5 = strcmp((char *)local_200,"ProcessAttributes");
+      if (iVar5 == 0) {
+        pcVar8 = strpbrk((char *)_Str,"|&!() ");
+        if (pcVar8 == (char *)0x0) {
+          lVar24 = -1;
+          do {
+            lVar24 = lVar24 + 1;
+          } while (_Str[lVar24] != 0);
+          uVar21 = (int)lVar24 + 1;
+          pbVar28 = (byte *)(ulonglong)uVar21;
+          local_168 = kstore(_Str,uVar21,0);
+          if (local_168 == (void *)0x0) goto joined_r0x00075a60d8e1;
+        }
+        else {
+          local_118 = (TokenizedStringExpressionEvaluator *)operator_new(0x20);
+          local_1a0 = TokenizedStringExpressionEvaluator::TokenizedStringExpressionEvaluator
+                                (local_118,(char *)_Str,
+                                 (function<char_const*___ptr64___cdecl(char_const*___ptr64,unsigned___int64)>
+                                  *)local_f8);
+          pbVar28 = _Str;
+          local_150 = local_1a0;
+        }
+      }
+      puVar25 = local_1f0;
+      uVar35 = SUB81(in_stack_fffffffffffffde0,0);
+      if ((puVar33 == (uchar *)0x0) || (puVar33 = puVar33 + -1, puVar33 == (uchar *)0x0)) {
+        pppuVar17 = local_c0;
+        if (_Memory != (byte *)0x0) {
+          free(_Memory);
+          pppuVar17 = local_c0;
+        }
+        break;
+      }
+      local_200 = (uchar *)(local_128 + 1);
+      if (_Memory != (byte *)0x0) {
+        free(_Memory);
+      }
+    }
+  }
+  local_1b8 = local_1b8 + *(ushort *)local_1b0;
+  if ((longlong)puVar25 - (ulonglong)*(ushort *)local_1b0 < (ulonglong)*(uint *)(local_130 + 4)) {
+    puVar33 = local_1b8;
+    if (pppuVar17 != (undefined ***)0x0) {
+      ppuVar9 = *pppuVar17;
+      bVar4 = pppuVar17 == local_f8;
+LAB_11:
+      (*(code *)ppuVar9[4])(pppuVar17,!bVar4);
+      puVar33 = local_1b8;
+    }
+    goto LAB_0;
+  }
+  this_00 = (vector<struct_LuaScriptHolder,class_std::allocator<struct_LuaScriptHolder>_> *)
+            (local_198 + (ulonglong)(byte)LVar3 * 0x18);
+  this_01 = *(LuaScriptHolder **)(this_00 + 8);
+  this_02 = this_01;
+  pIVar27 = local_1e8;
+  if (((local_1e8 != (IFpBlobControl *)0x0) && (puVar30 != (uchar *)0x0)) && (*puVar30 != '\0')) {
+    if (local_206 == false) {
+      local_1d8 = (char *)(*(code *)**(undefined8 **)local_1e8)(local_1e8);
+    }
+    p_Var26 = (_Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+               *)(local_198 + ((ulonglong)(byte)LVar3 + 0x36) * 0x10);
+    local_1b0 = (_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+                 *)p_Var26;
+    std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+    basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+              ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+               &local_118,(char *)puVar30);
+    p_Var10 = std::
+              _Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+              ::
+              _Find<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+                        (p_Var26,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                                  *)&local_118);
+    std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+    _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+                     )&local_118);
+    pIVar27 = local_1e8;
+    if (p_Var10 !=
+        *(_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+          **)local_1b0) {
+      pcVar8 = *(char **)(p_Var10 + 0x40);
+      if (pcVar8 < local_1d8) {
+        this_02 = *(LuaScriptHolder **)this_00;
+LAB_13:
+        if (this_02 != *(LuaScriptHolder **)(this_00 + 8)) {
+          if (*(int *)(p_Var10 + 0x6c) != *(int *)(this_02 + 4)) goto code_r0x00075a60e012;
+          local_1b0 = p_Var10 + 0x58;
+          do {
+            _Var2 = local_1b0[(longlong)pbVar23];
+            bVar16 = (byte)_Var2 >> 4;
+            *(ushort *)((longlong)&local_b8 + (longlong)pbVar23 * 4) =
+                 (ushort)(byte)((-(bVar16 < 10) & 0xd9U) + 0x57 + bVar16);
+            bVar16 = (byte)_Var2 & 0xf;
+            *(ushort *)((longlong)&local_b8 + (longlong)pbVar23 * 4 + 2) =
+                 (ushort)(byte)((-(bVar16 < 10) & 0xd9U) + 0x57 + bVar16);
+            pbVar23 = pbVar23 + 1;
+          } while (pbVar23 < &DAT_14);
+          *(undefined2 *)((longlong)&local_b8 + (longlong)pbVar23 * 4) = 0;
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+            WPP_SF_sSii(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x13,pbVar23,(char *)puVar30,
+                        (wchar_t *)&local_b8);
+            uVar35 = SUB81(pcVar8,0);
+          }
+          pIVar27 = local_1e8;
+          if (local_205[0] != false) {
+            (**(code **)(*(longlong *)local_1e8 + 0x18))(local_1e8,local_1b0);
+          }
+        }
+        goto LAB_15;
+      }
+      lVar24 = (**(code **)(*(longlong *)local_1e8 + 0x10))(local_1e8);
+      do {
+        *(ushort *)((longlong)&local_b8 + (longlong)pbVar23 * 4) =
+             (ushort)(byte)((-(pbVar23[lVar24] >> 4 < 10) & 0xd9U) + (pbVar23[lVar24] >> 4) + 0x57);
+        *(ushort *)((longlong)&local_b8 + (longlong)pbVar23 * 4 + 2) =
+             (ushort)(byte)((-((pbVar23[lVar24] & 0xf) < 10) & 0xd9U) + 0x57 +
+                           (pbVar23[lVar24] & 0xf));
+        pbVar23 = pbVar23 + 1;
+      } while (pbVar23 < &DAT_14);
+      *(undefined2 *)((longlong)&local_b8 + (longlong)pbVar23 * 4) = 0;
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+        WPP_SF_sSii(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x12,local_1d8,(char *)puVar30,
+                    (wchar_t *)&local_b8);
+      }
+      if (local_205[0] != false) {
+        (**(code **)(*(longlong *)pIVar27 + 0x18))(pIVar27,0);
+      }
+      puVar33 = local_1b8;
+      if (local_c0 != (undefined ***)0x0) {
+        (*(code *)(*local_c0)[4])
+                  (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+        local_c0 = (undefined ***)0x0;
+        puVar33 = local_1b8;
+      }
+      goto LAB_0;
+    }
+LAB_15:
+    if (local_207 == (LuaScriptHolder)0x0) {
+      (**(code **)(*(longlong *)pIVar27 + 0x20))(pIVar27);
+    }
+    this_01 = *(LuaScriptHolder **)(this_00 + 8);
+  }
+  if (this_02 == this_01) {
+    local_b8 = (char *)(((ulonglong)local_b8 >> 0x18 & 0xff) << 0x18);
+    local_b0 = (char *)0x0;
+    local_a8 = 0;
+    local_a0 = 0;
+    uStack_98 = 0;
+    local_90 = 0;
+    uStack_88 = 0;
+    if (this_01 == *(LuaScriptHolder **)(this_00 + 0x10)) {
+      std::vector<struct_LuaScriptHolder,class_std::allocator<struct_LuaScriptHolder>_>::
+      _Emplace_reallocate<struct_LuaScriptHolder>(this_00,this_01,(LuaScriptHolder *)&local_b8);
+    }
+    else {
+      LuaScriptHolder::LuaScriptHolder(this_01,(LuaScriptHolder *)&local_b8);
+      *(longlong *)(this_00 + 8) = *(longlong *)(this_00 + 8) + 0x38;
+    }
+    LuaScriptHolder::Release((LuaScriptHolder *)&local_b8);
+    this_02 = (LuaScriptHolder *)(*(longlong *)(this_00 + 8) + -0x38);
+  }
+  else {
+    if (pIVar27 == (IFpBlobControl *)0x0) {
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+    }
+    LuaScriptHolder::Release(this_02);
+  }
+  local_207 = (LuaScriptHolder)0x0;
+  p_Var10 = (_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+             *)((ulonglong)(byte)LVar3 * 0x10);
+  local_1b0 = p_Var10;
+  MVar7 = PreLoadLuaScript(local_1b8,(ulonglong)*(uint *)(local_130 + 4),
+                           (bool)((byte)p_Var10[0x75ad96188] >> 4 & 1),
+                           (ProcessedLuaScript **)(this_02 + 0x20),(uchar *)&local_207,(bool)uVar35)
+  ;
+  if (MVar7 != 0) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x14,
+               &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,MVar7);
+    }
+    puVar33 = local_1b8;
+    if (local_c0 != (undefined ***)0x0) {
+      (*(code *)(*local_c0)[4])
+                (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+      local_c0 = (undefined ***)0x0;
+      puVar33 = local_1b8;
+    }
+    goto LAB_0;
+  }
+  *this_02 = LVar3;
+  this_02[1] = local_207;
+  this_02[2] = SUB41(local_1c8[0],0);
+  if ((local_1c8[0] & 0xff) != local_1c8[0]) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x15,
+               &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,local_1c8[0]);
+    }
+    puVar33 = local_1b8;
+    if (local_c0 != (undefined ***)0x0) {
+      (*(code *)(*local_c0)[4])
+                (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+      local_c0 = (undefined ***)0x0;
+      puVar33 = local_1b8;
+    }
+    goto LAB_0;
+  }
+  *(ulong *)(this_02 + 4) = local_1f8;
+  if (((byte)p_Var10[0x75ad96188] & 0xc) == 0) {
+    if (puVar30 != (uchar *)0x0) goto LAB_16;
+  }
+  else {
+    if (puVar30 == (uchar *)0x0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_iL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x16,
+                  &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,_Var13,LVar3);
+      }
+      puVar33 = local_1b8;
+      if (local_c0 != (undefined ***)0x0) {
+        (*(code *)(*local_c0)[4])
+                  (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+        local_c0 = (undefined ***)0x0;
+        puVar33 = local_1b8;
+      }
+      goto LAB_0;
+    }
+LAB_16:
+    lVar24 = -1;
+    do {
+      lVar24 = lVar24 + 1;
+    } while (puVar30[lVar24] != '\0');
+    pvVar11 = kstore(puVar30,(int)lVar24 + 1,0);
+    *(void **)(this_02 + 8) = pvVar11;
+  }
+  if ((((local_1a8 != 0) || (local_170 != (void *)0x0)) || (local_1a0 != 0)) ||
+     (local_168 != (void *)0x0)) {
+    local_118 = (TokenizedStringExpressionEvaluator *)operator_new(0x18);
+    *local_118 = (TokenizedStringExpressionEvaluator)0x0;
+    *(undefined8 *)(local_118 + 8) = 0;
+    *(undefined8 *)(local_118 + 0x10) = 0;
+    *(TokenizedStringExpressionEvaluator **)(this_02 + 0x18) = local_118;
+    if (local_1a8 == 0) {
+      if (local_170 != (void *)0x0) {
+        *(void **)(local_118 + 8) = local_170;
+      }
+    }
+    else {
+      *(longlong *)(local_118 + 8) = local_1a8;
+      **(byte **)(this_02 + 0x18) = **(byte **)(this_02 + 0x18) | 1;
+    }
+    if (local_1a0 == 0) {
+      if (local_168 != (void *)0x0) {
+        *(void **)(*(longlong *)(this_02 + 0x18) + 0x10) = local_168;
+      }
+    }
+    else {
+      *(longlong *)(*(longlong *)(this_02 + 0x18) + 0x10) = local_1a0;
+      **(byte **)(this_02 + 0x18) = **(byte **)(this_02 + 0x18) | 2;
+    }
+  }
+  if (local_160 != (void *)0x0) {
+    pTVar12 = (TokenizedStringExpressionEvaluator *)operator_new(0x18);
+    *(undefined8 *)pTVar12 = 0;
+    pTVar1 = pTVar12 + 8;
+    *(undefined8 *)pTVar1 = 0;
+    *(undefined8 *)(pTVar12 + 0x10) = 0;
+    local_120 = pTVar1;
+    local_118 = pTVar12;
+    _Var13 = std::_Get_size_of_n<40>(1);
+    pvVar11 = std::_Allocate<16,struct_std::_Default_allocate_traits,0>(_Var13);
+    *(void **)pvVar11 = pvVar11;
+    *(void **)((longlong)pvVar11 + 8) = pvVar11;
+    *(void **)((longlong)pvVar11 + 0x10) = pvVar11;
+    *(undefined2 *)((longlong)pvVar11 + 0x18) = 0x101;
+    *(void **)pTVar1 = pvVar11;
+    *(TokenizedStringExpressionEvaluator **)(this_02 + 0x28) = pTVar12;
+    *(void **)pTVar12 = local_160;
+    p_Var10 = local_1b0;
+  }
+  if (((byte)p_Var10[0x75ad96188] & 8) != 0) {
+    if (puVar30 == (uchar *)0x0) {
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+      puVar33 = local_1b8;
+      if (local_c0 != (undefined ***)0x0) {
+        (*(code *)(*local_c0)[4])
+                  (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+        local_c0 = (undefined ***)0x0;
+        puVar33 = local_1b8;
+      }
+      goto LAB_0;
+    }
+    lVar6 = StrToULongLongHelper<char>
+                      ((char *)puVar30,0x10,(__uint64 *)(this_02 + 0x10),(char **)&local_118);
+    if (lVar6 < 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_si(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x17,
+                  &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,(char *)puVar30,uVar34);
+      }
+      puVar33 = local_1b8;
+      if (local_c0 != (undefined ***)0x0) {
+        (*(code *)(*local_c0)[4])
+                  (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+        local_c0 = (undefined ***)0x0;
+        puVar33 = local_1b8;
+      }
+      goto LAB_0;
+    }
+    if ((*(longlong *)(this_02 + 0x10) == 0) || (*(longlong *)(this_02 + 0x10) == -1)) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_si(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x18,
+                  &WPP_2a047177ca753cb9223d14e6cdd39b07_Traceguids,(char *)puVar30,uVar34);
+      }
+      puVar33 = local_1b8;
+      if (local_c0 != (undefined ***)0x0) {
+        (*(code *)(*local_c0)[4])
+                  (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+        local_c0 = (undefined ***)0x0;
+        puVar33 = local_1b8;
+      }
+      goto LAB_0;
+    }
+  }
+  pIVar27 = local_1e8;
+  if (((local_1e8 != (IFpBlobControl *)0x0) && (puVar30 != (uchar *)0x0)) && (*puVar30 != '\0')) {
+    p_Var26 = (_Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+               *)(local_198 + ((ulonglong)(byte)LVar3 + 0x36) * 0x10);
+    std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+    basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+              ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+               &local_118,(char *)puVar30);
+    p_Var10 = std::
+              _Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+              ::
+              _Find<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+                        (p_Var26,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                                  *)&local_118);
+    std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+    _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+                     )&local_118);
+    if (p_Var10 !=
+        *(_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+          **)p_Var26) {
+      p_Var18 = p_Var26;
+      p_Var14 = std::
+                _Tree_val<struct_std::_Tree_simple_types<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>_>
+                ::_Extract((_Tree_val<struct_std::_Tree_simple_types<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>_>
+                            *)p_Var26,
+                           (_Tree_node<struct_std::pair<unsigned_int_const_,class_std::shared_ptr<struct_tdt::worker_context_t>_>,void*___ptr64>
+                            *)p_Var10);
+      std::
+      _Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+      ::
+      _Freenode<class_std::allocator<struct_std::_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>_>_>
+                ((allocator<struct_std::_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>_>
+                  *)p_Var18,
+                 (_Tree_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>,void*___ptr64>
+                  *)p_Var14);
+    }
+    puVar15 = (undefined8 *)(**(code **)(*(longlong *)pIVar27 + 0x10))(pIVar27);
+    local_a8 = (**(code **)(*(longlong *)pIVar27 + 8))(pIVar27);
+    local_b8 = local_1d8;
+    local_b0 = local_190;
+    local_a0 = *puVar15;
+    uStack_98 = puVar15[1];
+    local_90 = CONCAT44(local_1f8,*(undefined4 *)(puVar15 + 2));
+    std::
+    _Tree<class_std::_Tmap_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_LuaTimeStampData,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const_,struct_LuaTimeStampData>_>,0>_>
+    ::_Emplace<char_const*___ptr64&___ptr64,struct_LuaTimeStampData>
+              (p_Var26,&local_118,(char **)&local_1d0,(LuaTimeStampData *)&local_b8);
+  }
+  puVar33 = local_1b8;
+  if (local_c0 != (undefined ***)0x0) {
+    (*(code *)(*local_c0)[4])
+              (local_c0,CONCAT71((int7)((ulonglong)local_f8 >> 8),local_c0 != local_f8));
+    puVar33 = local_1b8;
+  }
+LAB_0:
+  local_1b8 = puVar33;
+  __security_check_cookie(local_48 ^ (ulonglong)auStackY_248);
+  return extraout_EAX;
+code_r0x00075a60e012:
+  this_02 = this_02 + 0x38;
+  goto LAB_13;
+}
+

PEFileWriter::AddSection

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address,called
ratio 0.02
i_ratio 0.2
m_ratio 0.19
b_ratio 0.08
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddSection AddSection
fullname PEFileWriter::AddSection PEFileWriter::AddSection
refcount 3 3
length 2190 2119
called
Expand for full list:
CAPTURED_OPTIONAL_HEADER::CAPTURED_OPTIONAL_HEADER
GetPEErrorString
PEFileReader::FileRoundUp
PEFileReader::GetImageBase
PEFileReader::GetImageSize
PEFileReader::ReadPEHeaders
PEFileReader::ReadSectionHeader
PEFileReader::SecRoundUp
PEFileWriter::RegenerateRawOffsets
PEFileWriter::ResizeImage
PEFileWriter::WriteNumberOfSectionsPEFileWriter::WriteOptionalHeader
PEFileWriter::WriteSectionHeader
PEVirtualMemory::GetRawSize
PEVirtualMemory::GetUpperBound
PtrType::CheckSameTypePointer
WPP_SF_
WPP_SF_DDL
WPP_SF_Ll
WPP_SF_dLLLL
WPP_SF_l
WPP_SF_s
WPP_SF_sL
__security_check_cookie
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
memcpy
memset
Expand for full list:
CAPTURED_PE_HEADERS::CAPTURED_PE_HEADERS
GetPEErrorString
PEFileReader::FileRoundUp
PEFileReader::GetImageBase
PEFileReader::GetImageSize
PEFileReader::ReadPEHeaders
PEFileReader::ReadSectionHeader
PEFileReader::SecRoundUp
PEFileWriter::RegenerateRawOffsets
PEFileWriter::ResizeImage
PEFileWriter::WriteNumberOfSectionsPEFileWriter::WriteOptionalHeader
PEFileWriter::WriteSectionHeader
PEVirtualMemory::GetRawSize
PEVirtualMemory::GetUpperBound
PtrType::CheckSameTypePointer
WPP_SF_
WPP_SF_DDL
WPP_SF_Ll
WPP_SF_dLLLL
WPP_SF_l
WPP_SF_s
WPP_SF_sL
__security_check_cookie
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
memcpy
calling PEImportReconstructor::DumpImports
PERelocations::WriteRelocation		 PEImportReconstructor::DumpImports
PERelocations::WriteRelocation
paramcount 5 5
address 75a512aa8 75aa1932c
sig PEError __thiscall AddSection(PEFileWriter * this, ulong param_1, ulong param_2, char * param_3, ulong * param_4) PEError __thiscall AddSection(PEFileWriter * this, ulong param_1, ulong param_2, char * param_3, ulong * param_4)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

PEFileWriter::AddSection Called Diff

--- PEFileWriter::AddSection called
+++ PEFileWriter::AddSection called
@@ -1 +1 @@
-CAPTURED_OPTIONAL_HEADER::CAPTURED_OPTIONAL_HEADER
+CAPTURED_PE_HEADERS::CAPTURED_PE_HEADERS
@@ -29 +28,0 @@
-memset

PEFileWriter::AddSection Diff

--- PEFileWriter::AddSection
+++ PEFileWriter::AddSection
@@ -1,12 +1,324 @@
+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* public: enum PEError __cdecl PEFileWriter::AddSection(unsigned long,unsigned long,char const *
+   __ptr64,unsigned long & __ptr64) __ptr64 */
 
 PEError __thiscall
-IL_x86_common::mov_ebp_disp_Ix::AddSection
+PEFileWriter::AddSection
           (PEFileWriter *this,ulong param_1,ulong param_2,char *param_3,ulong *param_4)
 
 {
-  undefined4 in_register_00000014;
+  ulonglong uVar1;
+  PEVirtualMemory *this_00;
+  char cVar2;
+  bool bVar3;
+  PEError PVar4;
+  ulong uVar5;
+  ulong uVar6;
+  ulong uVar7;
+  PEError extraout_EAX;
+  PtrType *pPVar8;
+  ulonglong *puVar9;
+  char *pcVar10;
+  longlong lVar11;
+  ulonglong uVar12;
+  uint uVar13;
+  size_t _Size;
+  ushort uVar14;
+  undefined auStackY_278 [32];
+  ulong local_238;
+  ulong local_234;
+  ulonglong local_230;
+  ulonglong local_228;
+  char *local_220;
+  longlong local_218 [2];
+  _IMAGE_SECTION_HEADER local_208;
+  _IMAGE_SECTION_HEADER local_1e0;
+  CAPTURED_PE_HEADERS local_1b8 [60];
+  int local_17c;
+  ushort local_176 [11];
+  CAPTURED_OPTIONAL_HEADER local_160 [72];
+  ulong local_118;
+  ulong local_114;
+  ulonglong local_58;
   
-                    /* WARNING: Subroutine does not return */
-  _CxxThrowException(this,(ThrowInfo *)CONCAT44(in_register_00000014,param_1));
+  local_58 = __security_cookie ^ (ulonglong)auStackY_278;
+  local_234 = param_2;
+  local_220 = param_3;
+  CAPTURED_PE_HEADERS::CAPTURED_PE_HEADERS(local_1b8);
+  PVar4 = PEFileReader::ReadPEHeaders((PEFileReader *)this,local_1b8);
+  if (PVar4 != 0) goto LAB_0;
+  uVar5 = PEFileReader::GetImageSize((PEFileReader *)this);
+  if (local_118 == uVar5) {
+    *param_4 = local_118;
+    uVar5 = PEFileReader::SecRoundUp((PEFileReader *)this,local_118);
+    if (*param_4 < uVar5) {
+      uVar5 = *param_4;
+      goto LAB_1;
+    }
+  }
+  else {
+    pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+    local_228 = 0xffffffff;
+    if (*(longlong *)(pPVar8 + 8) == -1) {
+      local_228 = 0xffffffffffffffff;
+    }
+    local_230 = local_228 & (ulonglong)local_118 + *(longlong *)pPVar8;
+    puVar9 = (ulonglong *)
+             PEVirtualMemory::GetUpperBound
+                       (*(PEVirtualMemory **)(this + 0x1f0),local_218,(PtrType *)&local_230);
+    uVar12 = *puVar9;
+    uVar1 = puVar9[1];
+    local_230 = uVar12;
+    local_228 = uVar1;
+    pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+    PtrType::CheckSameTypePointer((PtrType *)&local_230,pPVar8);
+    *param_4 = (int)uVar12 - *(int *)pPVar8 & (uint)uVar1;
+    pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+    PtrType::CheckSameTypePointer((PtrType *)&local_230,pPVar8);
+    uVar5 = *param_4;
+    if ((ulonglong)uVar5 != (uVar12 - *(longlong *)pPVar8 & uVar1)) goto LAB_0;
+LAB_1:
+    uVar5 = PEFileReader::SecRoundUp((PEFileReader *)this,uVar5);
+    *param_4 = uVar5;
+    uVar5 = PEFileReader::GetImageSize((PEFileReader *)this);
+    if (*param_4 < uVar5) goto LAB_0;
+    if (local_176[0] == 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+        WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x33,
+                &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids);
+      }
+      goto LAB_0;
+    }
+    uVar14 = local_176[0] - 1;
+    local_208.NumberOfRelocations = 0;
+    local_208.NumberOfLinenumbers = 0;
+    local_208.Characteristics = 0;
+    local_208.Name[0] = '\0';
+    local_208.Name[1] = '\0';
+    local_208.Name[2] = '\0';
+    local_208.Name[3] = '\0';
+    local_208.Name[4] = '\0';
+    local_208.Name[5] = '\0';
+    local_208.Name[6] = '\0';
+    local_208.Name[7] = '\0';
+    local_208.Misc = (_union_238)0x0;
+    local_208.VirtualAddress = 0;
+    local_208.SizeOfRawData = 0;
+    local_208.PointerToRawData = 0;
+    local_208.PointerToRelocations = 0;
+    local_208.PointerToLinenumbers = 0;
+    PVar4 = PEFileReader::ReadSectionHeader((PEFileReader *)this,uVar14,&local_208);
+    if (PVar4 != 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x34,
+                &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids);
+      }
+      goto LAB_0;
+    }
+    if (*param_4 < local_208.VirtualAddress) goto LAB_0;
+    local_238 = *param_4 - local_208.VirtualAddress;
+    this_00 = *(PEVirtualMemory **)(this + 0x1f0);
+    pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+    local_228 = 0xffffffff;
+    if (*(longlong *)(pPVar8 + 8) == -1) {
+      local_228 = 0xffffffffffffffff;
+    }
+    local_230 = local_228 & ((ulonglong)local_208._8_8_ >> 0x20) + *(longlong *)pPVar8;
+    bVar3 = PEVirtualMemory::GetRawSize(this_00,(PtrType *)&local_230,&local_238);
+    if (((!bVar3) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x36,
+              &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids);
+    }
+    local_118 = *param_4;
+    PVar4 = WriteOptionalHeader(this,local_160);
+    if (PVar4 != 0) goto LAB_0;
+    local_208.Misc.PhysicalAddress = *param_4 - local_208.VirtualAddress;
+    local_208.SizeOfRawData = local_238;
+    PVar4 = WriteSectionHeader(this,uVar14,&local_208);
+    if (PVar4 != 0) goto LAB_0;
+  }
+  if (((param_1 == 0) || (uVar13 = *param_4 + param_1, uVar13 < *param_4)) ||
+     (uVar5 = PEFileReader::SecRoundUp((PEFileReader *)this,uVar13), uVar5 == 0)) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x37,
+               &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,param_1);
+    }
+  }
+  else {
+    local_238 = PEFileReader::SecRoundUp((PEFileReader *)this,*param_4 + param_1);
+    bVar3 = ResizeImage(this,&local_238);
+    if ((bVar3) &&
+       (PVar4 = PEFileReader::ReadPEHeaders((PEFileReader *)this,local_1b8), uVar5 = local_238,
+       PVar4 == 0)) {
+      local_118 = local_238;
+      PVar4 = WriteOptionalHeader(this,local_160);
+      if ((PVar4 == 0) && (*(short *)(this + 0x32) != 0)) {
+        local_1e0.NumberOfRelocations = 0;
+        local_1e0.NumberOfLinenumbers = 0;
+        local_1e0.Characteristics = 0;
+        local_1e0.Name[0] = '\0';
+        local_1e0.Name[1] = '\0';
+        local_1e0.Name[2] = '\0';
+        local_1e0.Name[3] = '\0';
+        local_1e0.Name[4] = '\0';
+        local_1e0.Name[5] = '\0';
+        local_1e0.Name[6] = '\0';
+        local_1e0.Name[7] = '\0';
+        local_1e0.Misc = (_union_238)0x0;
+        local_1e0.VirtualAddress = 0;
+        local_1e0.SizeOfRawData = 0;
+        local_1e0.PointerToRawData = 0;
+        local_1e0.PointerToRelocations = 0;
+        local_1e0.PointerToLinenumbers = 0;
+        if ((local_176[0] < *(ushort *)(this + 0x32)) ||
+           (PVar4 = PEFileReader::ReadSectionHeader
+                              ((PEFileReader *)this,local_176[0] - 1,&local_1e0), PVar4 == 0)) {
+LAB_2:
+          uVar13 = (uint)local_176[0];
+        }
+        else {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+            cVar2 = (char)local_176[0];
+            pcVar10 = GetPEErrorString(PVar4);
+            WPP_SF_sL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x39,
+                      &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,pcVar10,cVar2 + -1);
+          }
+          uVar14 = 0;
+          uVar6 = PEFileReader::SecRoundUp((PEFileReader *)this,local_114);
+          if (local_176[0] == 0) goto LAB_0;
+          do {
+            PVar4 = PEFileReader::ReadSectionHeader((PEFileReader *)this,uVar14,&local_1e0);
+            if (PVar4 != 0) {
+              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                pcVar10 = GetPEErrorString(PVar4);
+                WPP_SF_sL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3b,
+                          &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,pcVar10,(char)uVar14);
+              }
+              goto LAB_0;
+            }
+            uVar7 = PEFileReader::SecRoundUp((PEFileReader *)this,local_1e0.Misc.PhysicalAddress);
+            if (*param_4 - local_1e0.VirtualAddress <= uVar7) {
+              uVar13 = (uint)local_176[0];
+              if (uVar13 - uVar14 != 1) {
+                if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                   ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+                  WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3d,
+                            &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,(uint)local_176[0],
+                            (char)uVar14 + '\x01');
+                }
+                local_176[0] = uVar14 + 1;
+                lVar11 = (**(code **)(*(longlong *)this + 0x38))(this,local_17c + 6,local_176,2);
+                if (lVar11 != 2) goto LAB_0;
+                goto LAB_2;
+              }
+              break;
+            }
+            if (local_1e0.VirtualAddress != uVar6) {
+              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                WPP_SF_DDL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3e,
+                           &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,(uint)uVar14,
+                           SUB81(local_1e0._8_8_,4),(char)uVar6);
+              }
+              goto LAB_0;
+            }
+            uVar6 = PEFileReader::SecRoundUp((PEFileReader *)this,local_1e0.Misc.PhysicalAddress);
+            if (uVar6 == 0) {
+              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+                WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3f,
+                          &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,(uint)uVar14,
+                          (char)local_1e0._8_8_);
+              }
+              goto LAB_0;
+            }
+            uVar6 = PEFileReader::SecRoundUp((PEFileReader *)this,local_1e0.Misc.PhysicalAddress);
+            uVar13 = (uint)local_176[0];
+            uVar14 = uVar14 + 1;
+            uVar6 = local_1e0.VirtualAddress + uVar6;
+          } while (uVar14 < local_176[0]);
+        }
+        uVar14 = (ushort)uVar13;
+        if (uVar14 < *(ushort *)(this + 0x32)) {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+            WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x40,
+                     &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,uVar13);
+            uVar14 = local_176[0];
+          }
+          local_176[0] = uVar14 + 1;
+          PVar4 = WriteNumberOfSections(this,local_176[0]);
+          if (PVar4 == 3) {
+            uVar6 = PEFileReader::FileRoundUp((PEFileReader *)this,1);
+            RegenerateRawOffsets(this,uVar6);
+          }
+          else if (PVar4 != 0) {
+            if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+               ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+              pcVar10 = GetPEErrorString(PVar4);
+              WPP_SF_s(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x41,
+                       &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,pcVar10);
+            }
+            goto LAB_0;
+          }
+          uVar13 = *param_4;
+          local_1e0.VirtualAddress = uVar13;
+          if (uVar5 <= uVar13) {
+            di::TelemetryAssert::AssertTriggeredNoArgs();
+          }
+          local_1e0.Misc.PhysicalAddress = uVar5 - *param_4;
+          local_1e0.Characteristics = local_234;
+          if (local_220 != (char *)0x0) {
+            uVar12 = 0xffffffffffffffff;
+            do {
+              uVar12 = uVar12 + 1;
+            } while (local_220[uVar12] != '\0');
+            _Size = 8;
+            if (uVar12 < 8) {
+              _Size = uVar12;
+            }
+            memcpy(&local_1e0,local_220,_Size);
+          }
+        }
+        else {
+          uVar7 = PEFileReader::SecRoundUp
+                            ((PEFileReader *)this,
+                             local_1e0.Misc.PhysicalAddress + local_1e0.VirtualAddress);
+          uVar6 = local_234;
+          if (uVar7 != *param_4) {
+            if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+               ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+              WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x42,
+                        &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,local_1e0.VirtualAddress,
+                        (char)local_1e0._8_8_);
+            }
+            goto LAB_0;
+          }
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+            WPP_SF_dLLLL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),
+                         (ulonglong)(local_234 | local_1e0.Characteristics),
+                         (ulonglong)local_1e0.Characteristics,local_176[0] - 1,(char)local_1e0._8_8_
+                         ,(char)uVar5 - SUB81(local_1e0._8_8_,4),SUB81(local_1e0._32_8_,4),
+                         (char)(local_234 | local_1e0.Characteristics));
+          }
+          local_1e0.Characteristics = local_1e0.Characteristics | uVar6;
+          local_1e0.Misc.PhysicalAddress = uVar5 - local_1e0.VirtualAddress;
+        }
+        WriteSectionHeader(this,local_176[0] - 1,&local_1e0);
+      }
+    }
+  }
+LAB_0:
+  __security_check_cookie(local_58 ^ (ulonglong)auStackY_278);
+  return extraout_EAX;
 }

nscript::AddStdMatch

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address,called
ratio 0.01
i_ratio 0.69
m_ratio 0.98
b_ratio 0.98
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddStdMatch AddStdMatch
fullname nscript::AddStdMatch nscript::AddStdMatch
refcount 4 4
length 617 571
called di::TelemetryAssert::AssertTriggeredNoArgs
kpopobjectex
nscript::RunStdMatchLuaAndCheckIfShouldContinue
realloc		 di::TelemetryAssert::AssertTriggeredNoArgs
kpopobject
nscript::RunStdMatchLuaAndCheckIfShouldContinue
realloc
calling nscript::AddToken
nscript::EndRoutine
nscript::SearchStdEndMatches		 nscript::AddToken
nscript::EndRoutine
nscript::SearchStdEndMatches
paramcount 3 3
address 75a13cc78 75a4e3e90
sig errType __thiscall AddStdMatch(nscript * this, ulong param_1, tokType param_2) errType __thiscall AddStdMatch(nscript * this, ulong param_1, tokType param_2)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

nscript::AddStdMatch Called Diff

--- nscript::AddStdMatch called
+++ nscript::AddStdMatch called
@@ -2 +2 @@
-kpopobjectex
+kpopobject

nscript::AddStdMatch Diff

--- nscript::AddStdMatch
+++ nscript::AddStdMatch
@@ -1,2 +1,94 @@
-Failed to decompile mpengine.dll - .ProgramDB nscript::AddStdMatch : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: enum errType __cdecl nscript::AddStdMatch(unsigned long,enum tokType) __ptr64 */
+
+errType __thiscall nscript::AddStdMatch(nscript *this,ulong param_1,tokType param_2)
+
+{
+  byte bVar1;
+  ulonglong uVar2;
+  char cVar3;
+  bool bVar4;
+  errType eVar5;
+  void *pvVar6;
+  void *pvVar7;
+  ulong *puVar8;
+  ulonglong uVar9;
+  longlong lVar10;
+  scanresult_t local_res18 [2];
+  
+  if (1 < param_2) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  lVar10 = (ulonglong)param_2 * 0x60;
+  uVar2 = *(ulonglong *)(this + lVar10 + 0x218);
+  for (uVar9 = 0; uVar9 < uVar2; uVar9 = uVar9 + 1) {
+    if (param_1 == *(ulong *)(*(longlong *)(this + lVar10 + 0x1e0) + uVar9 * 4)) {
+      bVar1 = *(byte *)(uVar9 + *(longlong *)(this + lVar10 + 0x1e8));
+      if (bVar1 < 2) {
+        puVar8 = (ulong *)kpopobject(param_1);
+        if (puVar8 == (ulong *)0x0) {
+          return 2;
+        }
+        local_res18[0] = 0;
+        bVar4 = RunStdMatchLuaAndCheckIfShouldContinue(this,*puVar8,true,local_res18);
+        if (!bVar4) {
+          *(undefined *)(uVar9 + *(longlong *)(this + lVar10 + 0x1e8)) = 0;
+          goto LAB_0;
+        }
+      }
+      *(byte *)(uVar9 + *(longlong *)(this + lVar10 + 0x1e8)) = bVar1 - 1;
+      goto LAB_1;
+    }
+  }
+  puVar8 = (ulong *)kpopobject(param_1);
+  if (puVar8 == (ulong *)0x0) {
+    return 2;
+  }
+  cVar3 = *(char *)(puVar8 + 1) + -1;
+  if (*(char *)(puVar8 + 1) == '\0') {
+    cVar3 = '\0';
+  }
+  if ((uVar2 & 0xfff) == 0) {
+    uVar9 = uVar2 + 0x1000;
+    if ((uVar2 <= uVar9) && (uVar9 < 0x3fffffffffffffff)) {
+      pvVar6 = realloc(*(void **)(this + lVar10 + 0x1e0),uVar9 * 4);
+      if (pvVar6 != (void *)0x0) {
+        *(void **)(this + lVar10 + 0x1e0) = pvVar6;
+      }
+      pvVar7 = realloc(*(void **)(this + lVar10 + 0x1e8),uVar9);
+      if (pvVar7 != (void *)0x0) {
+        *(void **)(this + lVar10 + 0x1e8) = pvVar7;
+      }
+      if ((pvVar6 != (void *)0x0) && (pvVar7 != (void *)0x0)) goto LAB_2;
+    }
+    eVar5 = 1;
+  }
+  else {
+LAB_2:
+    *(char *)(uVar2 + *(longlong *)(this + lVar10 + 0x1e8)) = cVar3;
+    *(ulong *)(*(longlong *)(this + lVar10 + 0x1e0) + uVar2 * 4) = param_1;
+    *(ulonglong *)(this + lVar10 + 0x218) = uVar2 + 1;
+    if (cVar3 == '\0') {
+      local_res18[0] = 0;
+      bVar4 = RunStdMatchLuaAndCheckIfShouldContinue(this,*puVar8,true,local_res18);
+      if (!bVar4) {
+LAB_0:
+        this[lVar10 + 0x234] = (nscript)0x1;
+        return 3;
+      }
+    }
+    if (((this[lVar10 + 0x234] == (nscript)0x0) &&
+        (puVar8 = (ulong *)kpopobject(param_1), puVar8 != (ulong *)0x0)) &&
+       ((*(byte *)((longlong)puVar8 + 5) & 1) == 0)) {
+      local_res18[0] = 0;
+      bVar4 = RunStdMatchLuaAndCheckIfShouldContinue(this,*puVar8,false,local_res18);
+      if (!bVar4) {
+        this[lVar10 + 0x234] = (nscript)0x2;
+      }
+    }
+LAB_1:
+    eVar5 = 0;
+  }
+  return eVar5;
+}
+

LogSkip::AddString

Match Info

Key mpengine.dll - mpengine.dll
diff_type code,length,address,called
ratio 0.0
i_ratio 0.46
m_ratio 0.99
b_ratio 0.99
match_types FullName:Param

Function Meta Diff

Key mpengine.dll mpengine.dll
name AddString AddString
fullname LogSkip::AddString LogSkip::AddString
refcount 4 4
length 3192 3227
called
Expand for full list:
ExpandEnvironmentVariables
ExpandToDevicePath
GetEFlagsFromPath
KERNEL32.DLL::MultiByteToWideChar
LogSkip::AddExcludedProcess
LogSkip::AddTrustedProcess
MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::addPattern<struct_MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
WPP_SF_S
WPP_SF_SLS
WPP_SF_l
WPP_SF_lS__security_check_cookie
wcsicmp
wcslwr_s
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
std::Deallocate<16,0>
std::Destroy_range<class_std::allocator<struct_LogSkipEntry>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::vector<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>,class_std::allocator<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>>>::Emplace_reallocate<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>>
std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>::emplace_back<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>&__ptr64,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>&___ptr64,unsigned_short&___ptr64,unsigned_long&___ptr64,unsigned_long&___ptr64,unsigned_long&___ptr64,bool&___ptr64,bool&___ptr64,bool&ptr64>
std::vector<unsigned_long,class_std::allocator<unsigned_long>>::push_back
std::vector<wchar_t,class_std::allocator<wchar_t>>::Tidy
std::vector<wchar_t,class_std::allocator<wchar_t>>::vector<wchar_t,class_std::allocator<wchar_t>>
wcschr
wcsrchr
wcsstr
Expand for full list:
ExpandEnvironmentVariables
ExpandToDevicePath
GetEFlagsFromPath
KERNEL32.DLL::MultiByteToWideChar
LogSkip::AddExcludedProcess
LogSkip::AddTrustedProcess
MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::addPattern<struct_MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
WPP_SF_S
WPP_SF_SLS
WPP_SF_l
WPP_SF_lS__security_check_cookie
wcsicmp
wcslwr_s
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
std::Deallocate<16,0>
std::Destroy_range<class_std::allocator<struct_LogSkipEntry>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::vector<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>,class_std::allocator<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>>>::Emplace_reallocate<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>>
std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>>::emplace_back<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>&__ptr64,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>&___ptr64,unsigned_short&___ptr64,unsigned_long&___ptr64,unsigned_long&___ptr64,unsigned_long&___ptr64,bool&___ptr64,bool&___ptr64,bool&ptr64>
std::vector<unsigned_long,class_std::allocator<unsigned_long>>::push_back
std::vector<wchar_t,class_std::allocator<wchar_t>>::Tidy
std::vector<wchar_t,class_std::allocator<wchar_t>>::vector<wchar_t,class_std::allocator<wchar_t>>
wcschr
wcsrchr
wcsstr
calling CAsrNotAllowedNdatCallback
LogSkipNdatCallback		 CAsrNotAllowedNdatCallback
LogSkipNdatCallback
paramcount 4 4
address 75a67b378 75a6305d8
sig MP_ERROR __thiscall AddString(LogSkip * this, uchar * param_1, ulong param_2, ulong param_3) MP_ERROR __thiscall AddString(LogSkip * this, uchar * param_1, ulong param_2, ulong param_3)
sym_type Function Function
sym_source ANALYSIS ANALYSIS
external False False

LogSkip::AddString Called Diff



LogSkip::AddString Diff


--- LogSkip::AddString
+++ LogSkip::AddString
@@ -1,2 +1,579 @@
-Failed to decompile mpengine.dll - .ProgramDB LogSkip::AddString : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: enum MP_ERROR __cdecl LogSkip::AddString(unsigned char const * __ptr64,unsigned
+   long,unsigned long) __ptr64 */
+
+MP_ERROR __thiscall LogSkip::AddString(LogSkip *this,uchar *param_1,ulong param_2,ulong param_3)
+
+{
+  vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> *pvVar1;
+  bool bVar2;
+  bool bVar3;
+  ulong uVar4;
+  LogSkip *pLVar5;
+  LogSkipEntry *pLVar6;
+  int iVar7;
+  int iVar8;
+  long lVar9;
+  MP_ERROR MVar10;
+  errno_t eVar11;
+  MP_ERROR extraout_EAX;
+  wchar_t *pwVar12;
+  wchar_t *pwVar13;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *pbVar14;
+  wchar_t *pwVar15;
+  wchar_t *****pppppwVar16;
+  undefined8 uVar17;
+  ushort uVar18;
+  ushort uVar19;
+  uint uVar20;
+  longlong lVar21;
+  ulonglong uVar22;
+  allocator<wchar_t> *paVar23;
+  vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> *pvVar24;
+  allocator<struct_LogSkipEntry> *paVar25;
+  undefined auStackY_1a8 [32];
+  LPWSTR pWVar26;
+  undefined4 uVar27;
+  undefined uVar28;
+  bool local_147;
+  bool local_146;
+  bool local_145;
+  ushort local_144 [2];
+  ulong local_140;
+  ulong local_13c;
+  LPWSTR local_138 [3];
+  uint local_120;
+  ulong local_11c [3];
+  LogSkip *local_110;
+  wchar_t ****local_f0;
+  undefined8 uStack_e8;
+  undefined8 local_e0;
+  ulonglong uStack_d8;
+  allocator<struct_LogSkipEntry> *local_d0;
+  undefined8 uStack_c8;
+  undefined8 local_c0;
+  ulonglong uStack_b8;
+  undefined8 local_b0;
+  undefined8 uStack_a8;
+  undefined8 local_a0;
+  undefined8 uStack_98;
+  LogSkipEntry *local_90;
+  LogSkipEntry *pLStack_88;
+  longlong local_80;
+  undefined8 uStack_78;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+  local_70 [48];
+  ulonglong local_40;
+  
+  local_40 = __security_cookie ^ (ulonglong)auStackY_1a8;
+  local_120 = 0;
+  local_110 = this;
+  if (param_1 == (uchar *)0x0) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  if (param_2 == 0) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  paVar23 = (allocator<wchar_t> *)param_1;
+  iVar7 = MultiByteToWideChar(0xfde9,0,(LPCSTR)param_1,param_2,(LPWSTR)0x0,0);
+  if ((iVar7 != 0) && (iVar7 < iVar7 + 1)) {
+    std::vector<wchar_t,class_std::allocator<wchar_t>_>::
+    vector<wchar_t,class_std::allocator<wchar_t>_>
+              ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138,(longlong)(iVar7 + 1),
+               paVar23);
+    uVar28 = (undefined)iVar7;
+    pWVar26 = local_138[0];
+    iVar8 = MultiByteToWideChar(0xfde9,0,(LPCSTR)param_1,param_2,local_138[0],iVar7);
+    uVar27 = (undefined4)((ulonglong)pWVar26 >> 0x20);
+    if (iVar7 == iVar8) {
+      pwVar12 = wcschr(local_138[0],L'|');
+      if (pwVar12 == (wchar_t *)0x0) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2e,
+                   &WPP_0511430ce2d83581809767838ac9eec3_Traceguids,local_138[0]);
+        }
+        lVar21 = -1;
+        do {
+          lVar21 = lVar21 + 1;
+        } while (local_138[0][lVar21] != L'\0');
+        std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                  ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+      }
+      else {
+        *pwVar12 = L'\0';
+        pwVar12 = pwVar12 + 1;
+        pwVar13 = wcschr(pwVar12,L'|');
+        if (pwVar13 != (wchar_t *)0x0) {
+          *pwVar13 = L'\0';
+          pwVar13 = pwVar13 + 1;
+        }
+        uStack_a8 = 0;
+        local_a0 = 0;
+        uStack_98 = 7;
+        local_b0 = 0;
+        if (pwVar13 == (wchar_t *)0x0) {
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b0,L"");
+        }
+        else {
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b0,pwVar13);
+        }
+        local_11c[1] = 0;
+        lVar9 = GetEFlagsFromPath(local_138[0],local_11c + 1);
+        if (lVar9 < 0) {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+            WPP_SF_lS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2f,
+                      &WPP_0511430ce2d83581809767838ac9eec3_Traceguids,lVar9,local_138[0]);
+          }
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_b0);
+          std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                    ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+        }
+        else {
+          local_11c[0] = 0;
+          lVar9 = GetEFlagsFromPath(pwVar12,local_11c);
+          if (-1 < lVar9) {
+            uStack_c8 = 0;
+            local_c0 = 0;
+            uStack_b8 = 7;
+            local_d0 = (allocator<struct_LogSkipEntry> *)0x0;
+            pbVar14 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)ExpandToDevicePath(&local_90,local_138[0]);
+            std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_d0,pbVar14);
+            std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_90);
+            local_13c = 0;
+            do {
+              uVar4 = local_13c;
+              if (*pwVar12 == L'>') {
+                local_13c = local_13c | 1;
+              }
+              else if (*pwVar12 == L'<') {
+                local_13c = local_13c | 2;
+              }
+              else if (*pwVar12 == L'!') {
+                local_13c = local_13c | 4;
+              }
+              else {
+                if (*pwVar12 != L'?') goto LAB_0;
+                local_13c = local_13c | 8;
+              }
+              pwVar12 = pwVar12 + 1;
+            } while( true );
+          }
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+            WPP_SF_lS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x30,
+                      &WPP_0511430ce2d83581809767838ac9eec3_Traceguids,lVar9,pwVar12);
+          }
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_b0);
+          std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                    ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+        }
+      }
+    }
+    else {
+      std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+    }
+  }
+  goto LAB_1;
+LAB_0:
+  uStack_e8 = 0;
+  local_e0 = 0;
+  uStack_d8 = 7;
+  local_f0 = (wchar_t ****)0x0;
+  iVar7 = _wcsicmp(pwVar12,L"%SYSTEMPROCESS%");
+  if (iVar7 != 0) {
+    pbVar14 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+               *)ExpandToDevicePath(&local_90,pwVar12);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+               *)&local_f0,pbVar14);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      *)&local_90);
+  }
+  bVar3 = false;
+  local_146 = true;
+  local_147 = false;
+  local_145 = false;
+  paVar25 = (allocator<struct_LogSkipEntry> *)&local_d0;
+  if (7 < uStack_b8) {
+    paVar25 = local_d0;
+  }
+  pwVar13 = wcsrchr((wchar_t *)paVar25,L'\\');
+  if (pwVar13 == (wchar_t *)0x0) {
+    paVar25 = (allocator<struct_LogSkipEntry> *)&local_d0;
+    if (7 < uStack_b8) {
+      paVar25 = local_d0;
+    }
+    bVar2 = true;
+    bVar3 = true;
+  }
+  else {
+    pwVar15 = wcschr(pwVar13,L'*');
+    if ((((pwVar15 == (wchar_t *)0x0) || (pwVar15 <= pwVar13 + 1)) || (pwVar15[1] == L'\0')) ||
+       ((pwVar15[1] == L'.' && (pwVar15[2] == L'\0')))) {
+      *pwVar13 = L'\0';
+    }
+    else {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+        paVar25 = (allocator<struct_LogSkipEntry> *)&local_d0;
+        if (7 < uStack_b8) {
+          paVar25 = local_d0;
+        }
+        WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x35,
+                 &WPP_0511430ce2d83581809767838ac9eec3_Traceguids,(wchar_t *)paVar25);
+      }
+      local_145 = true;
+    }
+    paVar25 = (allocator<struct_LogSkipEntry> *)(pwVar13 + 1);
+    bVar2 = false;
+  }
+  pLVar5 = local_110;
+  pvVar24 = (vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> *)0x0;
+  if (*(wchar_t *)paVar25 == L'*') {
+    local_146 = false;
+    paVar25 = paVar25 + 2;
+  }
+  uVar22 = 0xffffffffffffffff;
+  do {
+    uVar22 = uVar22 + 1;
+  } while (*(short *)(paVar25 + uVar22 * 2) != 0);
+  local_144[0] = (ushort)uVar22;
+  if (local_144[0] == 0) {
+    if (!bVar2) {
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+    }
+    pppppwVar16 = &local_f0;
+    if (7 < uStack_d8) {
+      pppppwVar16 = (wchar_t *****)local_f0;
+    }
+    pwVar13 = wcsstr((wchar_t *)pppppwVar16,L"*");
+    if (pwVar13 != (wchar_t *)0x0) {
+      di::TelemetryAssert::AssertTriggeredNoArgs();
+    }
+    pLVar5 = local_110;
+    MVar10 = AddTrustedProcess(local_110,
+                               (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                *)&local_f0,
+                               (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                *)&local_b0,uVar4,local_138[0]);
+    if (MVar10 != 0) {
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_f0);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_d0);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_b0);
+      std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+      goto LAB_1;
+    }
+    iVar7 = _wcsicmp(pwVar12,L"%SYSTEMPROCESS%");
+    if ((iVar7 != 0) && (pwVar13 = wcschr(pwVar12,L'\\'), pwVar13 != (wchar_t *)0x0)) {
+      pbVar14 = ExpandEnvironmentVariables
+                          ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                            *)&local_90,pwVar12);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)&local_f0,pbVar14);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_90);
+      MVar10 = AddTrustedProcess(pLVar5,(basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                         *)&local_f0,
+                                 (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                  *)&local_b0,uVar4,local_138[0]);
+      if (MVar10 != 0) {
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_f0);
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_d0);
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_b0);
+        std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                  ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+        goto LAB_1;
+      }
+    }
+  }
+  else {
+    if (((bVar2) && (local_144[0] == 1)) && (*(short *)paVar25 == 0x2e)) {
+      pppppwVar16 = &local_f0;
+      if (7 < uStack_d8) {
+        pppppwVar16 = (wchar_t *****)local_f0;
+      }
+      if ((*(wchar_t *)pppppwVar16 != L'*') || (*(wchar_t *)((longlong)pppppwVar16 + 2) != L'\0')) {
+        if ((uVar4 & 3) != 0) {
+          if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+             ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+            pppppwVar16 = &local_f0;
+            if (7 < uStack_d8) {
+              pppppwVar16 = (wchar_t *****)local_f0;
+            }
+            WPP_SF_SLS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2a,0,(wchar_t *)pppppwVar16,
+                       CONCAT44(uVar27,uVar4),local_138[0]);
+          }
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_f0);
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_d0);
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_b0);
+          std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                    ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+          goto LAB_1;
+        }
+        MVar10 = AddExcludedProcess(local_110,
+                                    (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                     *)&local_f0,
+                                    (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                     *)&local_b0,uVar4,local_138[0]);
+        if (MVar10 != 0) {
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_f0);
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_d0);
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_b0);
+          std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                    ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+          goto LAB_1;
+        }
+        iVar7 = _wcsicmp(pwVar12,L"%SYSTEMPROCESS%");
+        if ((iVar7 != 0) && (pwVar13 = wcschr(pwVar12,L'\\'), pwVar13 != (wchar_t *)0x0)) {
+          pbVar14 = ExpandEnvironmentVariables
+                              ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                *)&local_90,pwVar12);
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_f0,pbVar14);
+          std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::_Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_90);
+          MVar10 = AddExcludedProcess(pLVar5,(basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                              *)&local_f0,
+                                      (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                       *)&local_b0,uVar4,local_138[0]);
+          if (MVar10 != 0) {
+            std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_f0);
+            std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_d0);
+            std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                              *)&local_b0);
+            std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                      ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+            goto LAB_1;
+          }
+        }
+        goto LAB_2;
+      }
+    }
+    if (*(short *)(paVar25 + (uVar22 & 0xffff) * 2 + -2) == 0x2e) {
+      local_147 = true;
+      *(undefined2 *)(paVar25 + (uVar22 & 0xffff) * 2 + -2) = 0;
+      local_144[0] = local_144[0] - 1;
+      uVar22 = (ulonglong)local_144[0];
+    }
+    local_140 = 0;
+    uVar19 = (ushort)uVar22;
+    uVar20 = 1;
+    eVar11 = _wcslwr_s((wchar_t *)paVar25,(ulonglong)(((uint)uVar22 & 0xffff) + 1));
+    pLVar5 = local_110;
+    if (eVar11 != 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+        WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x37,
+                 &WPP_0511430ce2d83581809767838ac9eec3_Traceguids,(wchar_t *)paVar25);
+      }
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_f0);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_d0);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_b0);
+      std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+      goto LAB_1;
+    }
+    uVar18 = 0;
+    if (uVar19 == 0) {
+      local_140 = (ulong)((*(longlong *)(local_110 + 0x10) - *(longlong *)(local_110 + 8)) / 0x18);
+      std::vector<unsigned_long,class_std::allocator<unsigned_long>_>::push_back
+                ((vector<unsigned_long,class_std::allocator<unsigned_long>_> *)(local_110 + 0x900),
+                 &local_140);
+LAB_3:
+      local_90 = (LogSkipEntry *)0x0;
+      pLStack_88 = (LogSkipEntry *)0x0;
+      local_80 = 0;
+      pvVar1 = *(vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> **)
+                (pLVar5 + 0x10);
+      lVar21 = (longlong)pvVar1 - *(longlong *)(pLVar5 + 8);
+      lVar21 = lVar21 / 6 + (lVar21 >> 0x3f);
+      uVar22 = (lVar21 >> 2) - (lVar21 >> 0x3f);
+      if (pvVar1 == *(vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> **)
+                     (pLVar5 + 0x18)) {
+        pvVar24 = (vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> *)
+                  &local_90;
+        std::
+        vector<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_>,class_std::allocator<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_>_>_>
+        ::
+        _Emplace_reallocate<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_>_>
+                  ((vector<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_>,class_std::allocator<class_std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_>_>_>
+                    *)(pLVar5 + 8),pvVar1,pvVar24);
+      }
+      else {
+        *(undefined8 *)pvVar1 = 0;
+        *(undefined8 *)(pvVar1 + 8) = 0;
+        *(undefined8 *)(pvVar1 + 0x10) = 0;
+        *(longlong *)(pLVar5 + 0x10) = *(longlong *)(pLVar5 + 0x10) + 0x18;
+      }
+      lVar21 = local_80;
+      pLVar6 = local_90;
+      if (local_90 != (LogSkipEntry *)0x0) {
+        std::_Destroy_range<class_std::allocator<struct_LogSkipEntry>_>
+                  (local_90,pLStack_88,(allocator<struct_LogSkipEntry> *)pvVar24);
+        lVar21 = lVar21 - (longlong)pLVar6;
+        lVar21 = SUB168(SEXT816(-0x7777777777777777) * SEXT816(lVar21),8) + lVar21;
+        std::_Deallocate<16,0>(pLVar6,((lVar21 >> 6) - (lVar21 >> 0x3f)) * 0x78);
+      }
+    }
+    else {
+      if (uVar19 != 0) {
+        do {
+          if (*(short *)(paVar25 + (ulonglong)uVar18 * 2) == 0x2a) {
+            local_146 = false;
+            local_147 = false;
+            uVar19 = uVar18;
+            local_144[0] = uVar18;
+            break;
+          }
+          uVar18 = uVar18 + 1;
+        } while (uVar18 < uVar19);
+      }
+      uVar17 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
+               addPattern<struct_MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::DefaultNodeExplosion>
+                         ((MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>
+                           *)(local_110 + 0x20),&local_140,(longlong)paVar25,(ulonglong)uVar19,
+                          (int)((*(longlong *)(local_110 + 0x10) - *(longlong *)(local_110 + 8)) /
+                               0x18),uVar28);
+      iVar7 = (int)uVar17;
+      pvVar24 = (vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> *)paVar25;
+      if (iVar7 == 0) goto LAB_3;
+      if (iVar7 != 0x585) {
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x38,
+                   &WPP_0511430ce2d83581809767838ac9eec3_Traceguids,iVar7);
+        }
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_f0);
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_d0);
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_b0);
+        std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+                  ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+        goto LAB_1;
+      }
+      uVar22 = (ulonglong)local_140;
+    }
+    lVar21 = *(longlong *)(pLVar5 + 8);
+    if (bVar3) {
+      pLStack_88 = (LogSkipEntry *)0x0;
+      local_80 = 0;
+      uStack_78 = 7;
+      local_90 = (LogSkipEntry *)0x0;
+      pbVar14 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)&local_90;
+    }
+    else {
+      pbVar14 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)std::
+                   basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                   ::
+                   basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                             (local_70,(basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                        *)&local_d0);
+      uVar20 = 2;
+    }
+    local_120 = uVar20;
+    std::vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_>::
+    emplace_back<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>&___ptr64,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>&___ptr64,unsigned_short&___ptr64,unsigned_long&___ptr64,unsigned_long&___ptr64,unsigned_long&___ptr64,bool&___ptr64,bool&___ptr64,bool&___ptr64>
+              ((vector<struct_LogSkipEntry,class_std::allocator<struct_LogSkipEntry>_> *)
+               (lVar21 + (uVar22 & 0xffffffff) * 0x18),pbVar14,
+               (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                *)&local_f0,
+               (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                *)&local_b0,local_144,&local_13c,local_11c + 1,local_11c,&local_146,&local_147,
+               &local_145);
+    if ((uVar20 & 2) != 0) {
+      uVar20 = uVar20 & 0xfffffffd;
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate(local_70);
+    }
+    if ((uVar20 & 1) != 0) {
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        *)&local_90);
+    }
+  }
+LAB_2:
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                    *)&local_f0);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                    *)&local_d0);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                    *)&local_b0);
+  std::vector<wchar_t,class_std::allocator<wchar_t>_>::_Tidy
+            ((vector<wchar_t,class_std::allocator<wchar_t>_> *)local_138);
+LAB_1:
+  __security_check_cookie(local_40 ^ (ulonglong)auStackY_1a8);
+  return extraout_EAX;
+}
+



AddTdtInfo


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.02




i_ratio
0.25




m_ratio
0.94




b_ratio
0.94




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
AddTdtInfo
AddTdtInfo




fullname
AddTdtInfo
AddTdtInfo




refcount
3
3




length
2979
3292




called

Expand for full list:
BaseReport::HrAddAttribute
BmController::OnTDTFreeQueryEventEx
BmController::OnTDTQueryEventEx
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
GetBmController
KslMgrGetKslDetails
TDTQueryStatusEx
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
freeget_tdt_capabilities
std::basic_string<char,struct_std::char_traits,class_std::allocator_>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::_Construct_from_iter<unsigned_char*ptr64,unsigned_char*ptr64,unsigned___int64>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>><class_std::_String_iterator<class_std::String_val<struct_std::Simple_types>>,0>
std::default_delete<class_web::json::details::_Value>::operator()
web::json::value::boolean
web::json::value::number
web::json::value::operator=
web::json::value::operator[]
web::json::value::serialize
web::json::value::string
web::json::value::value


Expand for full list:
BaseReport::HrAddAttribute
BmController::OnTDTFreeQueryEventEx
BmController::OnTDTQueryEventEx
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
GetBmController
KslMgrGetKslDetails
TDTQueryStatusEx
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
freeget_tdt_capabilities
std::basic_string<char,struct_std::char_traits,class_std::allocator_>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::_Construct_from_iter<unsigned_char*ptr64,unsigned_char*ptr64,unsigned___int64>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>><class_std::_String_iterator<class_std::String_val<struct_std::Simple_types>>,0>
std::default_delete<class_web::json::details::_Value>::operator()
web::json::value::boolean
web::json::value::number
web::json::value::operator=
web::json::value::operator[]
web::json::value::serialize
web::json::value::string
web::json::value::value





calling
spynet_wrapper::AddHeartbeat
spynet_wrapper::AddHeartbeat




paramcount
1
1




address
75ab229a0
75ab33070




sig
undefined __fastcall AddTdtInfo(SpynetXmlNode * param_1)
undefined __fastcall AddTdtInfo(SpynetXmlNode * param_1)




sym_type
Function
Function




sym_source
IMPORTED
IMPORTED




external
False
False






AddTdtInfo Called Diff




AddTdtInfo Diff


--- AddTdtInfo
+++ AddTdtInfo
@@ -1,86 +1,577 @@
 
 void AddTdtInfo(SpynetXmlNode *param_1)
 
 {
-  ulonglong uVar1;
-  ulonglong *puVar2;
+  kernel_table *pkVar1;
+  MP_ERROR MVar2;
   long lVar3;
-  ValueMapToLuaTable *pVVar4;
-  ValueMap *this;
-  longlong unaff_RBP;
-  uint unaff_ESI;
-  lua_State *unaff_RDI;
-  undefined8 unaff_R12;
-  uint unaff_R13D;
-  longlong unaff_R15;
+  value *pvVar4;
+  value *pvVar5;
+  undefined8 uVar6;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *pbVar7;
+  basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *this;
+  undefined2 uVar8;
+  char ****ppppcVar9;
+  BmController *_Memory;
+  kernel_table *_Memory_00;
+  _Value *_Memory_01;
+  char ****ppppcVar10;
+  uchar *puVar11;
+  wchar_t ****ppppwVar12;
+  __uint64 _Var13;
+  undefined auStackY_1a8 [32];
+  SpynetXmlNode *local_178;
+  _Value *local_170;
+  BmController *local_168;
+  _Value *local_160;
+  kernel_table *local_158;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+  local_150 [40];
+  undefined4 local_128;
+  undefined8 local_124;
+  wchar_t local_11c [10];
+  undefined8 local_108;
+  undefined8 uStack_100;
+  undefined8 local_f8;
+  undefined8 uStack_f0;
+  undefined8 local_e8;
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+  local_d8 [32];
+  undefined8 local_b8;
+  undefined8 uStack_b0;
+  undefined8 local_a8;
+  undefined8 uStack_a0;
+  char ***local_98;
+  undefined8 uStack_90;
+  longlong local_88;
+  ulonglong local_80;
+  undefined8 local_78;
+  longlong lStack_70;
+  uchar *local_68;
+  wchar_t ***local_58 [2];
+  longlong local_48;
+  ulonglong local_40;
+  ulonglong local_38;
   
-  do {
-    puVar2 = *(ulonglong **)(unaff_RDI + 0x10);
-    *puVar2 = (ulonglong)*(ushort *)(unaff_RBP + 0x77);
-    *(undefined4 *)(puVar2 + 1) = 3;
-    *(longlong *)(unaff_RDI + 0x10) = *(longlong *)(unaff_RDI + 0x10) + 0x10;
-    this = (ValueMap *)unaff_RDI;
-    lua_setfield(unaff_RDI,-2,"Type");
-    lVar3 = (long)unaff_R12;
-    do {
-      CommonUtil::CCommonThrowHR::operator=((CCommonThrowHR *)this,lVar3);
-      lua_settable(unaff_RDI,-3);
-      CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
-      ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
-                ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)(unaff_RBP + -9));
-      if (unaff_R13D == unaff_ESI) {
-        CommonUtil::CStdRefVector<class_ProcessContext>::~CStdRefVector<class_ProcessContext>
-                  ((CStdRefVector<class_ProcessContext> *)(unaff_RBP + -0x21));
-        lua_setfield(unaff_RDI,-2,"Resources");
-        MakeTableReadonly(unaff_RDI);
-        CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
-        ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
-                  ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)(unaff_RBP + -0x49));
-        return;
+  local_38 = __security_cookie ^ (ulonglong)auStackY_1a8;
+  local_178 = param_1;
+  web::json::value::value((value *)&local_170);
+  pkVar1 = gktab;
+  local_158 = gktab;
+  if (gktab != (kernel_table *)0x0) {
+    pvVar4 = (value *)web::json::value::boolean(&local_168,gktab[0xb51]);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                *)&local_b8,L"TdtCapable");
+    pvVar5 = web::json::value::operator[]
+                       ((value *)&local_170,
+                        (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                         *)&local_b8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_168 != (BmController *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+    }
+  }
+  uStack_90 = 0;
+  local_88 = 0;
+  local_80 = 0xf;
+  local_98 = (char ***)0x0;
+  get_tdt_capabilities(&local_98,0xffffffff,3);
+  if (local_88 != 0) {
+    ppppcVar10 = &local_98;
+    if (0xf < local_80) {
+      ppppcVar10 = (char ****)local_98;
+    }
+    ppppcVar9 = &local_98;
+    if (0xf < local_80) {
+      ppppcVar9 = (char ****)local_98;
+    }
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_><class_std::_String_iterator<class_std::_String_val<struct_std::_Simple_types<char>_>_>,0>
+              ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                *)&local_78,(char *)ppppcVar9,(char *)((longlong)ppppcVar10 + local_88));
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_d8,(basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                                 *)&local_78);
+    pvVar4 = (value *)web::json::value::string(&local_168,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                *)&local_b8,L"TdtCapabilities");
+    pvVar5 = web::json::value::operator[]
+                       ((value *)&local_170,
+                        (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                         *)&local_b8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_168 != (BmController *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+    }
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      *)&local_78);
+  }
+  local_128 = 3;
+  local_124 = 0;
+  local_11c[0] = L'\0';
+  local_11c[1] = L'\0';
+  local_11c[2] = L'\0';
+  local_11c[3] = L'\0';
+  local_11c[4] = L'\0';
+  local_11c[5] = L'\0';
+  local_11c[6] = L'\0';
+  local_11c[7] = L'\0';
+  local_11c[8] = L'\0';
+  local_11c[9] = L'\0';
+  local_108 = 0;
+  uStack_100 = 0;
+  local_f8 = 0;
+  uStack_f0 = 0;
+  local_e8 = 0;
+  MVar2 = TDTQueryStatusEx(&local_128,0x48);
+  if (MVar2 != 0) {
+    pvVar4 = (value *)web::json::value::number(&local_178,0);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TdtStatus");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    pvVar4 = (value *)web::json::value::boolean(&local_178,0);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TelemetryEnabled");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,L"");
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"Mode");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    pvVar4 = (value *)web::json::value::number(&local_178,0);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TdtSiloType");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    pvVar4 = (value *)web::json::value::number(&local_178,0);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TdtLastStatus");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    goto LAB_0;
+  }
+  pvVar4 = (value *)web::json::value::number(&local_168,(uint)local_124);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8,L"TdtStatus");
+  pvVar5 = web::json::value::operator[]
+                     ((value *)&local_170,
+                      (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *)
+           &local_b8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_168 != (BmController *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+  }
+  pvVar4 = (value *)web::json::value::boolean(&local_168,local_124._4_4_ == 1);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8,L"TelemetryEnabled");
+  pvVar5 = web::json::value::operator[]
+                     ((value *)&local_170,
+                      (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *)
+           &local_b8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_168 != (BmController *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+  }
+  uVar6 = std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+          ::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                    (local_d8,local_11c);
+  pvVar4 = (value *)web::json::value::string(&local_168,uVar6);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8,L"Mode");
+  pvVar5 = web::json::value::operator[]
+                     ((value *)&local_170,
+                      (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *)
+           &local_b8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_168 != (BmController *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+  }
+  pvVar4 = (value *)web::json::value::number(&local_168,(uint)local_108);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8,L"TdtSiloType");
+  pvVar5 = web::json::value::operator[]
+                     ((value *)&local_170,
+                      (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *)
+           &local_b8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_168 != (BmController *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+  }
+  pvVar4 = (value *)web::json::value::number(&local_168,local_108._4_4_);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              *)&local_b8,L"TdtLastStatus");
+  pvVar5 = web::json::value::operator[]
+                     ((value *)&local_170,
+                      (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                       *)&local_b8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *)
+           &local_b8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_168 != (BmController *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_168);
+  }
+  local_168 = (BmController *)0x0;
+  lVar3 = GetBmController(&local_168);
+  if (lVar3 < 0) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      uVar8 = 0x73;
+      goto LAB_1;
+    }
+  }
+  else {
+    local_78 = 0;
+    lStack_70 = 0;
+    local_68 = (uchar *)0x0;
+    _Var13 = 0x18;
+    lVar3 = BmController::OnTDTQueryEventEx(local_168,0x40,&local_78,0x18);
+    if (lVar3 < 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        uVar8 = 0x74;
+LAB_1:
+        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar8,
+                 &WPP_86028bd6f0263ede84e74d401a2b0447_Traceguids,lVar3);
       }
-      this = *(ValueMap **)(unaff_R15 + (ulonglong)unaff_R13D * 8);
-      if (this != (ValueMap *)0x0) {
-        LOCK();
-        *(int *)(this + 8) = *(int *)(this + 8) + 1;
-        UNLOCK();
-        unaff_R15 = *(longlong *)(unaff_RBP + -0x21);
+    }
+    else {
+      puVar11 = local_68 + lStack_70;
+      local_b8 = 0;
+      uStack_b0 = 0;
+      local_a8 = 0;
+      uStack_a0 = 0;
+      if (local_68 == puVar11) {
+        local_a8 = 0;
+        uStack_a0 = 7;
+        local_b8 = 0;
       }
-      *(ValueMap **)(unaff_RBP + -9) = this;
-      puVar2 = *(ulonglong **)(unaff_RDI + 0x10);
-      unaff_R13D = unaff_R13D + 1;
-      *puVar2 = (ulonglong)unaff_R13D;
-      *(undefined4 *)(puVar2 + 1) = 3;
-      *(longlong *)(unaff_RDI + 0x10) = *(longlong *)(unaff_RDI + 0x10) + 0x10;
-      lua_createtable(unaff_RDI,0,4);
-      *(ValueMap **)(unaff_RBP + 0x17) = this;
-      pVVar4 = (ValueMapToLuaTable *)(unaff_RBP + 0xf);
-      lVar3 = ValueMapToLuaTable::SetField<wchar_t_const*___ptr64>(pVVar4,7,"Schema");
-      CommonUtil::CCommonThrowHR::operator=((CCommonThrowHR *)pVVar4,lVar3);
-      pVVar4 = (ValueMapToLuaTable *)(unaff_RBP + 0xf);
-      lVar3 = ValueMapToLuaTable::SetField<wchar_t_const*___ptr64>(pVVar4,8,"Path");
-      CommonUtil::CCommonThrowHR::operator=((CCommonThrowHR *)pVVar4,lVar3);
-      *(undefined8 *)(unaff_RBP + -0x39) = unaff_R12;
-      lVar3 = ValueMap::
-              GetValue<unsigned___int64,&public:_unsigned___int64___cdecl_ValueInfo::U64(void)const___ptr64,4>
-                        (this,9,(__uint64 *)(unaff_RBP + -0x39));
-      if (-1 < lVar3) {
-        uVar1 = *(ulonglong *)(unaff_RBP + -0x39);
-        puVar2 = *(ulonglong **)(unaff_RDI + 0x10);
-        *puVar2 = uVar1 & 0xffffffff;
-        *(undefined4 *)(puVar2 + 1) = 3;
-        *(longlong *)(unaff_RDI + 0x10) = *(longlong *)(unaff_RDI + 0x10) + 0x10;
-        lua_setfield(unaff_RDI,-2,"SigSeqLow");
-        puVar2 = *(ulonglong **)(unaff_RDI + 0x10);
-        *puVar2 = uVar1 >> 0x20;
-        *(undefined4 *)(puVar2 + 1) = 3;
-        *(longlong *)(unaff_RDI + 0x10) = *(longlong *)(unaff_RDI + 0x10) + 0x10;
-        lua_setfield(unaff_RDI,-2,"SigSeqHigh");
+      else {
+        _Var13 = (longlong)puVar11 - (longlong)local_68;
+        std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+        _Construct_from_iter<unsigned_char*___ptr64,unsigned_char*___ptr64,unsigned___int64>
+                  ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                    *)&local_b8,local_68,puVar11,_Var13);
       }
-      *(short *)(unaff_RBP + 0x77) = (short)unaff_R12;
-      lVar3 = ValueMap::
-              GetValue<unsigned_short,&public:_unsigned_short___cdecl_ValueInfo::U16(void)const___ptr64,2>
-                        (this,10,(ushort *)(unaff_RBP + 0x77));
-    } while (lVar3 < 0);
-  } while( true );
+      uVar6 = std::
+              basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              ::
+              basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                        (local_150,
+                         (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                          *)&local_b8);
+      pvVar4 = (value *)web::json::value::string(&local_160,uVar6);
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                (local_d8,L"TdtLastErrDetails");
+      pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+      web::json::value::operator=(pvVar5,pvVar4);
+      pbVar7 = local_d8;
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate(pbVar7);
+      if (local_160 != (_Value *)0x0) {
+        std::default_delete<class_web::json::details::_Value>::operator()
+                  ((default_delete<class_web::json::details::_Value> *)pbVar7,local_160);
+      }
+      pbVar7 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                *)&local_b8;
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      _Tidy_deallocate(pbVar7);
+      lVar3 = BmController::OnTDTFreeQueryEventEx((BmController *)pbVar7,0x40,&local_78,_Var13);
+      if (((lVar3 < 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        uVar8 = 0x76;
+        goto LAB_1;
+      }
+    }
+  }
+  CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+  ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+            ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_168);
+LAB_0:
+  local_158 = (kernel_table *)0x0;
+  local_160 = (_Value *)0x0;
+  local_168 = (BmController *)0x0;
+  lVar3 = KslMgrGetKslDetails((wchar_t **)&local_158,(wchar_t **)&local_160,(wchar_t **)&local_168);
+  _Memory_00 = local_158;
+  if (lVar3 < 0) {
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,L"");
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"KSLPath");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,L"");
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TDTDevName");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,L"0.0.0.0");
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"KSLVersion");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    _Memory = local_168;
+    _Memory_00 = local_158;
+    _Memory_01 = local_160;
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+      _Memory = local_168;
+      _Memory_00 = local_158;
+      _Memory_01 = local_160;
+    }
+  }
+  else {
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,(wchar_t *)local_158);
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"KSLPath");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    _Memory_01 = local_160;
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,(wchar_t *)local_160);
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TDTDevName");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+    _Memory = local_168;
+    uVar6 = std::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+            basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                      (local_150,(wchar_t *)local_168);
+    pvVar4 = (value *)web::json::value::string(&local_178,uVar6);
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"KSLVersion");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+  }
+  if (pkVar1 != (kernel_table *)0x0) {
+    pvVar4 = (value *)web::json::value::number(&local_178,*(uint *)(pkVar1 + 0x15bb8));
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+              (local_d8,L"TdtUserChoice");
+    pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+    web::json::value::operator=(pvVar5,pvVar4);
+    pbVar7 = local_d8;
+    std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+    _Tidy_deallocate(pbVar7);
+    if (local_178 != (SpynetXmlNode *)0x0) {
+      std::default_delete<class_web::json::details::_Value>::operator()
+                ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+    }
+  }
+  pvVar4 = (value *)web::json::value::number(&local_178,(uint)DAT_2);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            (local_d8,L"TdtMpDisableBmTdt");
+  pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = local_d8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_178 != (SpynetXmlNode *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+  }
+  pvVar4 = (value *)web::json::value::number(&local_178,(uint)DAT_3);
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+            (local_d8,L"TdtMpDisableBmTdtOnServer");
+  pvVar5 = web::json::value::operator[]((value *)&local_170,local_d8);
+  web::json::value::operator=(pvVar5,pvVar4);
+  pbVar7 = local_d8;
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate(pbVar7);
+  if (local_178 != (SpynetXmlNode *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)pbVar7,(_Value *)local_178);
+  }
+  web::json::value::serialize((value *)&local_170,local_58);
+  if (local_48 != 0) {
+    ppppwVar12 = local_58;
+    if (7 < local_40) {
+      ppppwVar12 = (wchar_t ****)local_58[0];
+    }
+    BaseReport::HrAddAttribute(param_1,L"tdtinfojson",(wchar_t *)ppppwVar12,0,2);
+  }
+  std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+  _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                    *)local_58);
+  if (_Memory != (BmController *)0x0) {
+    free(_Memory);
+  }
+  if (_Memory_01 != (_Value *)0x0) {
+    free(_Memory_01);
+  }
+  if (_Memory_00 != (kernel_table *)0x0) {
+    free(_Memory_00);
+  }
+  this = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)&local_98;
+  std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+  _Tidy_deallocate(this);
+  if (local_170 != (_Value *)0x0) {
+    std::default_delete<class_web::json::details::_Value>::operator()
+              ((default_delete<class_web::json::details::_Value> *)this,local_170);
+  }
+  __security_check_cookie(local_38 ^ (ulonglong)auStackY_1a8);
+  return;
 }
 



FopScanner::AddToResults


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.0




i_ratio
0.47




m_ratio
0.7




b_ratio
0.69




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
AddToResults
AddToResults




fullname
FopScanner::AddToResults
FopScanner::AddToResults




refcount
3
3




length
1899
1763




called

Expand for full list:
BMMatchPEMapper
FopScanner::ScanContext::GetChar
HipsManager::OnStreamDetection
MpReportLowfiMatch
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchPrefixesHelper<class_FopScanner::ScanContext,class_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::LabelMapper,1>
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchPrefixesHelper<class_FopScanner::ScanContext,struct_public:_class_std::vector<unsigned_long,class_std::allocator<unsigned_long>_>___cdecl_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchAllPrefixes<class_FopScanner::ScanContext,0>(class_FopScanner::ScanContext&___ptr64)const___ptr64'::2'::IdentityMapper,0>
ValidateSignatureWithPcode
WPP_SF_I
WPP_SF_Ll
WPP_SF_l
__security_check_cookieguard_dispatch_icall$fo_default$
DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer<br>di::TelemetryAssert::AssertTriggeredNoArgs<br>kpopobjectex<br>namefromrecid<br>sigseqfromrecid<br>sigshafromrecid<br>std::_Sort_unchecked<FopScanner::FopResultEntry_*,FopScanner::AddToResults'::__l26::ResultsComparer>
std::vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*__ptr64>>::_Emplace_reallocate<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64_const&__ptr64>
std::vector<unsigned_long,class_std::allocator<unsigned_long>>::_Tidy


Expand for full list:
BMMatchPEMapper
FopScanner::ScanContext::GetChar
HipsManager::OnStreamDetection
MpReportLowfiMatch
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchPrefixesHelper<class_FopScanner::ScanContext,class_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::LabelMapper,1>
MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchPrefixesHelper<class_FopScanner::ScanContext,struct_public:_class_std::vector<unsigned_long,class_std::allocator<unsigned_long>_>___cdecl_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchAllPrefixes<class_FopScanner::ScanContext,0>(class_FopScanner::ScanContext&___ptr64)const___ptr64'::2'::IdentityMapper,0>
ValidateSignatureWithPcode
WPP_SF_I
WPP_SF_Ll
WPP_SF_l
__security_check_cookieguard_dispatch_icall$fo_default$
DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer<br>di::TelemetryAssert::AssertTriggeredNoArgs<br>kpopobject<br>namefromrecid<br>sigseqfromrecid<br>sigshafromrecid<br>std::_Sort_unchecked<FopScanner::FopResultEntry_*,FopScanner::AddToResults'::__l26::ResultsComparer>
std::vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*__ptr64>>::_Emplace_reallocate<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64_const&__ptr64>
std::vector<unsigned_long,class_std::allocator<unsigned_long>>::_Tidy





calling
FopScanner::ScanEx
FopScanner::ScanEx




paramcount
5
5




address
75a3461e8
75a154f68




sig
void __cdecl AddToResults(fop_processor * param_1, __uint64 param_2, vector<struct_FopScanner::FopResultEntry,class_std::allocator<struct_FopScanner::FopResultEntry>_> * param_3, MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> * param_4, bool param_5)
void __cdecl AddToResults(fop_processor * param_1, __uint64 param_2, vector<struct_FopScanner::FopResultEntry,class_std::allocator<struct_FopScanner::FopResultEntry>_> * param_3, MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> * param_4, bool param_5)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






FopScanner::AddToResults Called Diff


--- FopScanner::AddToResults called
+++ FopScanner::AddToResults called
@@ -15 +15 @@
-kpopobjectex
+kpopobject


FopScanner::AddToResults Diff


--- FopScanner::AddToResults
+++ FopScanner::AddToResults
@@ -1,2 +1,373 @@
-Failed to decompile mpengine.dll - .ProgramDB FopScanner::AddToResults : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* void __cdecl FopScanner::AddToResults(class FopScanner::fop_processor * __ptr64,unsigned
+   __int64,class std::vector<struct FopScanner::FopResultEntry,class std::allocator<struct
+   FopScanner::FopResultEntry> > & __ptr64,class MultiPatternTrie<unsigned char,unsigned long,class
+   UnitStorage::VirtualMemory> * __ptr64,bool) */
+
+void __cdecl
+FopScanner::AddToResults
+          (fop_processor *param_1,__uint64 param_2,
+          vector<struct_FopScanner::FopResultEntry,class_std::allocator<struct_FopScanner::FopResultEntry>_>
+          *param_3,MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>
+                   *param_4,bool param_5)
+
+{
+  int iVar1;
+  undefined8 uVar2;
+  image_load_event_t **ppiVar3;
+  ulong *puVar4;
+  fop_processor *pfVar5;
+  bool bVar6;
+  uint uVar7;
+  uint uVar8;
+  uint uVar9;
+  undefined8 *puVar10;
+  ulong *puVar11;
+  uchar *puVar12;
+  void *pvVar13;
+  char *pcVar14;
+  sha1_t *psVar15;
+  __uint64 _Var16;
+  void *pvVar17;
+  ulong *puVar18;
+  char *pcVar19;
+  ushort uVar20;
+  ulonglong uVar21;
+  ulong uVar22;
+  bool bVar23;
+  undefined auStackY_1a8 [32];
+  undefined local_160;
+  ulong local_158;
+  undefined2 uStack_154;
+  undefined uStack_152;
+  undefined uStack_151;
+  vector<struct_FopScanner::FopResultEntry,class_std::allocator<struct_FopScanner::FopResultEntry>_>
+  *local_150;
+  __uint64 local_148;
+  ulong *local_138;
+  undefined8 uStack_130;
+  ulong *local_128;
+  ulong *local_120;
+  ulong *puStack_118;
+  undefined8 local_110;
+  fop_processor *local_108;
+  fop_processor *local_100;
+  __uint64 local_f8;
+  undefined4 local_f0;
+  ulong *local_e8;
+  ulong *puStack_e0;
+  undefined8 local_d8;
+  undefined8 local_c8;
+  undefined8 local_c0;
+  __uint64 local_b8;
+  undefined8 local_b0;
+  undefined8 uStack_a8;
+  undefined4 local_a0;
+  ulong local_9c;
+  scanresult_t local_98;
+  ulong local_94;
+  undefined4 local_90;
+  _GUID local_8c;
+  undefined8 local_78;
+  ulonglong local_68;
+  
+  local_68 = __security_cookie ^ (ulonglong)auStackY_1a8;
+  local_f0 = 0;
+  local_150 = param_3;
+  local_148 = param_2;
+  local_108 = param_1;
+  local_100 = param_1;
+  local_f8 = param_2;
+  if (3 < *(int *)(param_1 + 0x10)) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  iVar1 = *(int *)(param_1 + 0x10);
+  puVar10 = (undefined8 *)(**(code **)(**(longlong **)(param_1 + 8) + 8))();
+  if (param_4 !=
+      (MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory> *)0x0) {
+    local_120 = (ulong *)0x0;
+    puStack_118 = (ulong *)0x0;
+    local_110 = 0;
+    if (param_5) {
+      local_138 = (ulong *)(&DAT_0 + (longlong)iVar1 * 0x138);
+      uStack_130 = CONCAT44(uStack_130._4_4_,0x100);
+      if (local_138 == (ulong *)0x0) {
+        di::TelemetryAssert::AssertTriggeredNoArgs();
+      }
+      MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
+      matchPrefixesHelper<class_FopScanner::ScanContext,class_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::LabelMapper,1>
+                (param_4,(vector<unsigned_long,class_std::allocator<unsigned_long>_> *)&local_e8,
+                 (ScanContext *)&local_100,(longlong *)&local_138);
+    }
+    else {
+      MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
+      matchPrefixesHelper<class_FopScanner::ScanContext,struct__public:_class_std::vector<unsigned_long,class_std::allocator<unsigned_long>_>___cdecl_MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::matchAllPrefixes<class_FopScanner::ScanContext,0>(class_FopScanner::ScanContext&___ptr64)const___ptr64_::_2_::IdentityMapper,0>
+                (param_4,(vector<unsigned_long,class_std::allocator<unsigned_long>_> *)&local_e8,
+                 (ScanContext *)&local_100);
+    }
+    std::vector<unsigned_long,class_std::allocator<unsigned_long>_>::_Tidy
+              ((vector<unsigned_long,class_std::allocator<unsigned_long>_> *)&local_120);
+    puVar11 = puStack_e0;
+    puVar18 = local_e8;
+    local_120 = local_e8;
+    puStack_118 = puStack_e0;
+    local_110 = local_d8;
+    local_e8 = (ulong *)0x0;
+    puStack_e0 = (ulong *)0x0;
+    local_d8 = 0;
+    std::vector<unsigned_long,class_std::allocator<unsigned_long>_>::_Tidy
+              ((vector<unsigned_long,class_std::allocator<unsigned_long>_> *)&local_e8);
+    local_128 = puVar18;
+    local_138 = puVar11;
+    if (puVar18 != puVar11) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+        WPP_SF_I(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xd,
+                 &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,
+                 (longlong)puVar11 - (longlong)puVar18 >> 2);
+      }
+      while (puVar18 != local_138) {
+        puVar11 = (ulong *)kpopobject(*puVar18);
+        pfVar5 = local_108;
+        puVar4 = local_128;
+        while (local_128 = puVar18, puVar11 != (ulong *)0x0) {
+          local_128 = puVar4;
+          if ((*(byte *)((longlong)puVar11 + 0x12) & 1) == 0) {
+            if ((*(byte *)((longlong)puVar11 + 0x12) & 4) != 0) {
+              uVar22 = puVar11[6];
+              pvVar13 = kpopobject(puVar11[5]);
+              if (pvVar13 == (void *)0x0) goto LAB_1;
+              local_100 = pfVar5;
+              local_f0 = 0;
+              uVar21 = 0;
+              local_f8 = param_2;
+              do {
+                uVar7 = ScanContext::GetChar((ScanContext *)&local_100);
+                if (0xff < uVar7) {
+LAB_2:
+                  param_3 = local_150;
+                  if ((ulong)uVar21 != uVar22) goto LAB_1;
+                  break;
+                }
+                if (*(byte *)(uVar21 + (longlong)pvVar13) != uVar7) {
+                  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                     ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+                    WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x10,
+                              &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,
+                              (uint)*(byte *)(uVar21 + (longlong)pvVar13),(char)uVar7);
+                  }
+                  goto LAB_2;
+                }
+                uVar7 = (ulong)uVar21 + 1;
+                uVar21 = (ulonglong)uVar7;
+                param_3 = local_150;
+              } while (uVar7 != uVar22);
+            }
+LAB_3:
+            if ((puVar11[2] == 0) ||
+               ((puVar12 = (uchar *)kpopobject(puVar11[3]), puVar12 != (uchar *)0x0 &&
+                (bVar6 = BMMatchPEMapper(*(PEMapper **)(pfVar5 + 8),
+                                         (longlong)*(short *)(puVar11 + 4) + param_2,puVar12,
+                                         (ulonglong)puVar11[2],
+                                         (bool)(*(byte *)((longlong)puVar11 + 0x12) >> 3 & 1)),
+                bVar6)))) {
+              uVar22 = *puVar11;
+              uVar20 = *(ushort *)((longlong)puVar11 + 0x12) & 2;
+              bVar6 = uVar20 != 0;
+              if (puVar10 == (undefined8 *)0x0) goto LAB_4;
+              local_c8 = *puVar10;
+              local_c0 = 0;
+              local_b8 = 0;
+              local_b0 = 0xd4b6b5eeea339da;
+              uStack_a8 = 0x90186095efbf5532;
+              local_a0 = 0x907d8af;
+              local_9c = 0xffffffff;
+              local_98 = 0;
+              local_94 = 0xffffffff;
+              local_8c.Data1 = 0;
+              local_8c.Data2 = 0;
+              local_8c.Data3 = 0;
+              local_8c.Data4[0] = '\0';
+              local_8c.Data4[1] = '\0';
+              local_8c.Data4[2] = '\0';
+              local_8c.Data4[3] = '\0';
+              local_8c.Data4[4] = '\0';
+              local_8c.Data4[5] = '\0';
+              local_8c.Data4[6] = '\0';
+              local_8c.Data4[7] = '\0';
+              local_78 = 0;
+              local_90 = 1;
+              local_b8 = sigseqfromrecid(uVar22);
+              local_98 = (uVar20 != 0) + 1;
+              uVar2 = puVar10[0x106f6];
+              puVar10[0x106f6] = param_2;
+              local_9c = uVar22;
+              ValidateSignatureWithPcode((MPpCodeInterface *)&local_c8);
+              puVar10[0x106f6] = uVar2;
+              if (local_94 != 0xffffffff) {
+                uVar22 = local_94;
+              }
+              if ((local_98 == 3) || (local_98 == 6)) {
+                if (local_98 == 8) goto LAB_5;
+                bVar6 = false;
+              }
+              else {
+                if (local_98 != 8) {
+                  if (local_98 + 0xfffffff6 < 2) {
+                    psVar15 = (sha1_t *)sigshafromrecid(&local_100,uVar22);
+                    _Var16 = sigseqfromrecid(uVar22);
+                    if (DAT_6 != (HipsManager *)0x0) {
+                      HipsManager::OnStreamDetection
+                                (DAT_6,(SCAN_REPLY *)*puVar10,&local_8c,local_98,_Var16,
+                                 psVar15);
+                    }
+                  }
+                  else if (local_98 != 0) {
+                    bVar6 = false;
+                    if (local_98 != 1) {
+                      if (local_98 != 2) {
+                        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                           ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+                          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x11,
+                                   &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,local_98);
+                        }
+                        goto LAB_1;
+                      }
+                      bVar6 = true;
+                    }
+LAB_4:
+                    uStack_152 = bVar6;
+                    if ((*(byte *)((longlong)puVar11 + 0x12) & 5) == 0) {
+                      uStack_154 = 0;
+                    }
+                    else {
+                      uStack_154 = *(undefined2 *)(puVar11 + 6);
+                    }
+                    uStack_151 = 0;
+                    ppiVar3 = *(image_load_event_t ***)
+                               ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                                 *)param_3 + 8);
+                    local_158 = uVar22;
+                    if (ppiVar3 ==
+                        *(image_load_event_t ***)
+                         ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                           *)param_3 + 0x10)) {
+                      std::
+                      vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                      ::
+                      _Emplace_reallocate<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64_const&___ptr64>
+                                ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                                  *)param_3,ppiVar3,(image_load_event_t **)&local_158);
+                    }
+                    else {
+                      *ppiVar3 = (image_load_event_t *)
+                                 (ulonglong)CONCAT16(uStack_152,CONCAT24(uStack_154,uVar22));
+                      *(longlong *)
+                       ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                         *)param_3 + 8) =
+                           *(longlong *)
+                            ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                              *)param_3 + 8) + 8;
+                    }
+                    std::
+                    _Sort_unchecked<FopScanner::FopResultEntry_*,_FopScanner::AddToResults_::__l26::ResultsComparer>
+                              (*(undefined8 **)param_3,
+                               *(undefined8 **)
+                                ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                                  *)param_3 + 8),
+                               (longlong)
+                               *(undefined8 **)
+                                ((vector<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64,class_std::allocator<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::image_load_event_t*___ptr64>_>
+                                  *)param_3 + 8) - *(longlong *)param_3 >> 3,local_160);
+                  }
+                  goto LAB_1;
+                }
+LAB_5:
+                bVar6 = true;
+              }
+              bVar23 = local_98 == 6;
+              pcVar14 = namefromrecid(uVar22);
+              pcVar19 = "n/a";
+              if (pcVar14 != (char *)0x0) {
+                pcVar19 = pcVar14;
+              }
+              psVar15 = (sha1_t *)sigshafromrecid(&local_e8,uVar22);
+              _Var16 = sigseqfromrecid(uVar22);
+              MpReportLowfiMatch((SCAN_REPLY *)*puVar10,uVar22,_Var16,psVar15,pcVar19,bVar23,bVar6);
+            }
+          }
+          else {
+            if (!param_5) {
+              di::TelemetryAssert::AssertTriggeredNoArgs();
+            }
+            uVar22 = puVar11[6];
+            pvVar13 = kpopobject(puVar11[5]);
+            if (pvVar13 != (void *)0x0) {
+              uVar7 = puVar11[7];
+              pvVar17 = kpopobject(puVar11[8]);
+              if (pvVar17 != (void *)0x0) {
+                local_100 = pfVar5;
+                local_f8 = local_148;
+                local_f0 = 0;
+                uVar21 = 0;
+LAB_7:
+                do {
+                  uVar8 = ScanContext::GetChar((ScanContext *)&local_100);
+                  if (0xff < uVar8) {
+LAB_8:
+                    param_2 = local_148;
+                    param_3 = local_150;
+                    if ((ulong)uVar21 != uVar22) goto LAB_1;
+                    break;
+                  }
+                  for (uVar9 = 0; uVar9 < uVar7; uVar9 = uVar9 + 1) {
+                    if (*(char *)((ulonglong)uVar9 + (longlong)pvVar17) == (char)uVar8) {
+                      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                         ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+                        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xe,
+                                 &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,uVar8);
+                      }
+                      goto LAB_7;
+                    }
+                  }
+                  if (*(byte *)(uVar21 + (longlong)pvVar13) != uVar8) {
+                    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                       ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+                      WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xf,
+                                &WPP_6c4bee861dc9358b4853620debb96048_Traceguids,
+                                (uint)*(byte *)(uVar21 + (longlong)pvVar13),(char)uVar8);
+                    }
+                    goto LAB_8;
+                  }
+                  uVar8 = (ulong)uVar21 + 1;
+                  uVar21 = (ulonglong)uVar8;
+                  param_2 = local_148;
+                  param_3 = local_150;
+                } while (uVar8 != uVar22);
+                goto LAB_3;
+              }
+            }
+          }
+LAB_1:
+          param_2 = local_148;
+          param_3 = local_150;
+          if (puVar11[1] == 0) break;
+          puVar11 = (ulong *)kpopobject(puVar11[1]);
+          puVar18 = local_128;
+          param_2 = local_148;
+          param_3 = local_150;
+          puVar4 = local_128;
+        }
+        puVar18 = local_128 + 1;
+        local_128 = puVar18;
+      }
+    }
+    std::vector<unsigned_long,class_std::allocator<unsigned_long>_>::_Tidy
+              ((vector<unsigned_long,class_std::allocator<unsigned_long>_> *)&local_120);
+  }
+  __security_check_cookie(local_68 ^ (ulonglong)auStackY_1a8);
+  return;
+}
+



AllocScanReply


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address




ratio
0.01




i_ratio
0.78




m_ratio
0.98




b_ratio
0.98




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
AllocScanReply
AllocScanReply




fullname
AllocScanReply
AllocScanReply




refcount
3
3




length
553
572




called
SignatureIdentifiers::SignatureIdentifiers
SignatureIdentifiers::`default_constructor_closure'
memset
operator_new
std::list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>>::list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>>		
SignatureIdentifiers::SignatureIdentifiers
SignatureIdentifiers::`default_constructor_closure'
memset
operator_new
std::list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>>::list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>>		




calling
ScanCmdLine
ScanCmdLine




paramcount
0
0




address
75a170d10
75a1f7348




sig
void * __fastcall AllocScanReply(void)
void * __fastcall AllocScanReply(void)




sym_type
Function
Function




sym_source
IMPORTED
IMPORTED




external
False
False






AllocScanReply Diff


--- AllocScanReply
+++ AllocScanReply
@@ -1,1507 +1,74 @@
 
 void * AllocScanReply(void)
 
 {
-  wchar_t wVar1;
-  ulong uVar2;
-  ulonglong uVar3;
-  byte bVar4;
-  bool bVar5;
-  undefined4 uVar6;
-  ulong uVar7;
-  undefined8 *puVar8;
-  char *in_RAX;
-  void *extraout_RAX;
-  void *pvVar9;
-  void *extraout_RAX_00;
-  int iVar10;
-  MapNodeBytes *pMVar11;
-  uint uVar12;
-  undefined8 *puVar13;
-  MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory> *unaff_RBX;
-  longlong unaff_RBP;
-  uint uVar14;
-  int iVar15;
-  MapNodeBytes *pMVar16;
-  MapNodeBytes *unaff_RSI;
-  undefined8 uVar17;
-  uint uVar18;
-  MapNodeBytes *unaff_RDI;
-  longlong lVar19;
-  ulong unaff_R12D;
-  NodeInfoBytes *this;
-  uint unaff_R15D;
-  MapNodeBytes *local_res20;
-  NodeInfoBytes *pNStack0000000000000030;
-  int iStack0000000000000038;
-  int in_stack_00000040;
-  MapNodeBytes *in_stack_00000048;
-  undefined8 in_stack_00000050;
-  MapNodeBytes *in_stack_00000058;
-  undefined8 in_stack_00000060;
-  void *in_stack_00000068;
-  void *in_stack_00000070;
-  longlong in_stack_00000078;
+  void *_Dst;
+  longlong lVar1;
+  SignatureIdentifiers *this;
+  undefined in_stack_ffffffffffffffd8;
   
-  *in_RAX = *in_RAX + (char)in_RAX;
-code_r0x00075a170d12:
-  if (unaff_RDI == (MapNodeBytes *)0x0) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
+  _Dst = operator_new(0x29a0,0x20);
+  if (_Dst != (void *)0x0) {
+    memset((void *)((longlong)_Dst + 0x2914),0,0x8c);
+    memset(_Dst,0,0xc0);
+    memset((void *)((longlong)_Dst + 0xc0),0,0x1000);
+    memset((void *)((longlong)_Dst + 0x10c0),0,0x1000);
+    *(undefined8 *)((longlong)_Dst + 0x20c0) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x20c8) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x20d0) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x20d8) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x20e0) = 0;
+    *(undefined4 *)((longlong)_Dst + 0x20e8) = 0;
+    memset((void *)((longlong)_Dst + 0x20ec),0,0x40);
+    *(undefined4 *)((longlong)_Dst + 0x212c) = 0;
+    std::list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>_>::
+    list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>_>
+              ((list<struct_VfoInQueueEntry,class_std::allocator<struct_VfoInQueueEntry>_> *)
+               ((longlong)_Dst + 0x2130));
+    memset((void *)((longlong)_Dst + 0x2140),0,0x70);
+    SignatureIdentifiers::SignatureIdentifiers
+              ((SignatureIdentifiers *)((longlong)_Dst + 0x21b0),0,&EmptySha1,0xffffffff,
+               (bool)in_stack_ffffffffffffffd8,"");
+    memset((void *)((longlong)_Dst + 0x2230),0,0x80);
+    this = (SignatureIdentifiers *)((longlong)_Dst + 0x22b0);
+    lVar1 = 4;
+    while (lVar1 != 0) {
+      SignatureIdentifiers::_default_constructor_closure_(this);
+      this = this + 0x80;
+      lVar1 = lVar1 + -1;
+    }
+    *(undefined8 *)((longlong)_Dst + 0x24b0) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24b8) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24c0) = 0;
+    *(undefined4 *)((longlong)_Dst + 0x24c8) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24cc) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24d4) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24dc) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24e4) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24ec) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24f4) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x24fc) = 0;
+    *(undefined4 *)((longlong)_Dst + 0x2504) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2508) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2510) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2518) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2520) = 0;
+    memset((void *)((longlong)_Dst + 0x2528),0,0x40);
+    memset((void *)((longlong)_Dst + 0x2568),0,0x80);
+    *(undefined4 *)((longlong)_Dst + 0x25ec) = 0;
+    memset((void *)((longlong)_Dst + 0x25e8),0,0x44);
+    memset((void *)((longlong)_Dst + 0x262c),0,0x2a8);
+    memset((void *)((longlong)_Dst + 0x28d4),0,0x40);
+    *(undefined4 *)((longlong)_Dst + 0x291c) = 0;
+    *(undefined2 *)((longlong)_Dst + 0x2929) = 0;
+    *(undefined *)((longlong)_Dst + 0x292b) = 0;
+    *(undefined4 *)((longlong)_Dst + 0x2981) = 0;
+    *(undefined2 *)((longlong)_Dst + 0x2985) = 0;
+    *(undefined *)((longlong)_Dst + 0x2987) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2988) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2990) = 0;
+    *(undefined8 *)((longlong)_Dst + 0x2998) = 0;
   }
-LAB_0:
-  bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::MapNode::isValid
-                    ((MapNode *)&stack0x00000058);
-  if (!bVar5) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::MapNodeBytes::
-          childIndex(unaff_RDI,unaff_R15D & 0xffff);
-  if (uVar7 == unaff_R12D) goto LAB_1;
-  if (*(int *)(unaff_RBX + 0x820) == (int)unaff_RSI) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  if (*(int *)(unaff_RBX + 0x824) == (int)unaff_RSI) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-  uVar12 = *(uint *)(unaff_RBX + 0x824);
-  if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-  if (lVar19 == 0) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-  if (lVar19 == 0) {
-    *(undefined8 *)(unaff_RBP + 0x340) = 0;
-    *(undefined4 *)(unaff_RBP + 0x348) = 0xffffffff;
-  }
-  else {
-    *(longlong *)(unaff_RBP + 0x350) = lVar19;
-    *(ulong *)(unaff_RBP + 0x358) = uVar7;
-  }
-  puVar8 = (undefined8 *)(unaff_RBP + 0x340);
-  puVar13 = (undefined8 *)(unaff_RBP + 0x350);
-LAB_2:
-  if (lVar19 != 0) {
-    puVar8 = puVar13;
-  }
-  uVar7 = *(ulong *)(puVar8 + 1);
-  unaff_RSI = (MapNodeBytes *)*puVar8;
-  pMVar16 = (MapNodeBytes *)0x0;
-  do {
-    uVar2 = *(ulong *)(unaff_RBP + 0x478);
-    if (*(ulong *)(unaff_RBP + 0x480) == uVar2) {
-      if ((unaff_RSI != (MapNodeBytes *)0x0) && (uVar7 != 0xffffffff)) {
-        if (unaff_RSI == (MapNodeBytes *)0x0) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        goto LAB_3;
-      }
-      if (local_res20 == (MapNodeBytes *)0x0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::isValidNode((NodeInfoBytes *)local_res20);
-      if (!bVar5) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::NodeInfoBytes::
-      setFailIndex((NodeInfoBytes *)local_res20,uVar2);
-    }
-    else {
-LAB_3:
-      if (local_res20 == (MapNodeBytes *)0x0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::isValidNode((NodeInfoBytes *)local_res20);
-      if (!bVar5) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::NodeInfoBytes::
-      setFailIndex((NodeInfoBytes *)local_res20,uVar7);
-      pMVar16 = (MapNodeBytes *)0x0;
-    }
-    uVar12 = *(int *)(unaff_RBP + 0x488) + 1;
-    *(uint *)(unaff_RBP + 0x488) = uVar12;
-    pMVar11 = (MapNodeBytes *)(*(longlong *)(unaff_RBP + -0x58) + 1);
-    *(MapNodeBytes **)(unaff_RBP + -0x58) = pMVar11;
-    this = *(NodeInfoBytes **)(unaff_RBP + -0x50);
-    unaff_RSI = pMVar16;
-    if (*(uint *)(unaff_RBP + -0x48) <= uVar12) {
-      do {
-        pMVar11 = pMVar16;
-        if (*(longlong *)(unaff_RBP + -0x60) == 0) {
-          uVar12 = *(uint *)(unaff_RBX + 0x8a0);
-          if (uVar12 == 0xffffffff) {
-            in_stack_00000058 = (MapNodeBytes *)0x0;
-            in_stack_00000060 = CONCAT44(in_stack_00000060._4_4_,0xffffffff);
-            pMVar16 = in_stack_00000058;
-            uVar17 = in_stack_00000060;
-          }
-          else {
-            if (*(int *)(unaff_RBX + 0x820) == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(int *)(unaff_RBX + 0x824) == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-            uVar18 = *(uint *)(unaff_RBX + 0x824);
-            if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar18)) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-            if (lVar19 == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar18) + 2) * 4;
-            if (lVar19 == 0) {
-              *(undefined8 *)(unaff_RBP + 0x3e0) = 0;
-              *(undefined4 *)(unaff_RBP + 1000) = 0xffffffff;
-            }
-            else {
-              *(longlong *)(unaff_RBP + 0x3f0) = lVar19;
-              *(uint *)(unaff_RBP + 0x3f8) = uVar12;
-            }
-            puVar8 = (undefined8 *)(unaff_RBP + 0x3e0);
-            if (lVar19 != 0) {
-              puVar8 = (undefined8 *)(unaff_RBP + 0x3f0);
-            }
-            pMVar16 = (MapNodeBytes *)*puVar8;
-            uVar17 = puVar8[1];
-          }
-          *(MapNodeBytes **)(unaff_RBX + 8) = pMVar16;
-          *(undefined8 *)(unaff_RBX + 0x10) = uVar17;
-          *(undefined4 *)(unaff_RBX + 0x8a0) = 0xffffffff;
-          bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::NodeInfo
-                  ::isValidNode((NodeInfo *)(unaff_RBX + 8));
-          if (!bVar5) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          std::
-          deque<struct_FileInfoStore::NameInfo*___ptr64,class_std::allocator<struct_FileInfoStore::NameInfo*___ptr64>_>
-          ::_Tidy((deque<struct_FileInfoStore::NameInfo*___ptr64,class_std::allocator<struct_FileInfoStore::NameInfo*___ptr64>_>
-                   *)(unaff_RBP + -0x80));
-          pvVar9 = *(void **)(unaff_RBP + -0x80);
-          *(undefined8 *)(unaff_RBP + -0x80) = 0;
-          std::_Deallocate<16,0>(pvVar9,0x10);
-          pvVar9 = extraout_RAX;
-          if (in_stack_00000068 != (void *)0x0) {
-            std::_Deallocate<16,0>
-                      (in_stack_00000068,(in_stack_00000078 - (longlong)in_stack_00000068 >> 1) * 2)
-            ;
-            pvVar9 = extraout_RAX_00;
-          }
-          return pvVar9;
-        }
-        uVar3 = *(ulonglong *)(unaff_RBP + -0x68);
-        uVar12 = *(uint *)(*(longlong *)
-                            (*(longlong *)(unaff_RBP + -0x78) +
-                            (uVar3 >> 2 & *(longlong *)(unaff_RBP + -0x70) - 1U) * 8) +
-                          (ulonglong)((uint)uVar3 & 3) * 4);
-        lVar19 = *(longlong *)(unaff_RBP + -0x60) + -1;
-        *(longlong *)(unaff_RBP + -0x60) = lVar19;
-        if (lVar19 == 0) {
-          *(MapNodeBytes **)(unaff_RBP + -0x68) = pMVar11;
-        }
-        else {
-          *(ulonglong *)(unaff_RBP + -0x68) = uVar3 + 1;
-        }
-        if (uVar12 == 0xffffffff) {
-          *(MapNodeBytes **)(unaff_RBP + -0x50) = pMVar11;
-          *(MapNodeBytes **)(unaff_RBP + -0x40) = pMVar11;
-          in_stack_00000040 = -1;
-          *(undefined4 *)(unaff_RBP + -0x38) = 0xffffffff;
-          this = (NodeInfoBytes *)pMVar11;
-        }
-        else {
-          if (*(int *)(unaff_RBX + 0x820) == (int)pMVar11) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(int *)(unaff_RBX + 0x824) == (int)pMVar11) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-          uVar18 = *(uint *)(unaff_RBX + 0x824);
-          if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar18 & uVar12)) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-          if (lVar19 == 0) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = lVar19 + 8 + (ulonglong)(uVar18 & uVar12) * 4;
-          pMVar11 = (MapNodeBytes *)0x0;
-          if (lVar19 == 0) {
-            *(undefined8 *)(unaff_RBP + 0xe0) = 0;
-            *(undefined4 *)(unaff_RBP + 0xe8) = 0xffffffff;
-          }
-          else {
-            *(longlong *)(unaff_RBP + 0xf0) = lVar19;
-            *(uint *)(unaff_RBP + 0xf8) = uVar12;
-          }
-          puVar8 = (undefined8 *)(unaff_RBP + 0xe0);
-          if (lVar19 != 0) {
-            puVar8 = (undefined8 *)(unaff_RBP + 0xf0);
-          }
-          this = (NodeInfoBytes *)*puVar8;
-          uVar17 = puVar8[1];
-          *(NodeInfoBytes **)(unaff_RBP + -0x40) = this;
-          *(undefined8 *)(unaff_RBP + -0x38) = uVar17;
-          in_stack_00000040 = *(int *)(puVar8 + 1);
-          *(NodeInfoBytes **)(unaff_RBP + -0x50) = this;
-        }
-        if (in_stack_00000068 != in_stack_00000070) {
-          in_stack_00000070 = in_stack_00000068;
-        }
-        MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::copyLinkLabels
-                  (unaff_RBX,(vector<wchar_t,class_std::allocator<wchar_t>_> *)&stack0x00000068,
-                   (NodeInfo *)(unaff_RBP + -0x40));
-        lVar19 = (longlong)in_stack_00000070 - (longlong)in_stack_00000068 >> 1;
-        *(longlong *)(unaff_RBP + -0x48) = lVar19;
-        *(int *)(unaff_RBP + 0x488) = (int)pMVar11;
-        pMVar16 = pMVar11;
-      } while ((int)lVar19 == 0);
-      *(MapNodeBytes **)(unaff_RBP + -0x58) = pMVar11;
-      unaff_RSI = pMVar11;
-    }
-    wVar1 = *(wchar_t *)((longlong)in_stack_00000068 + (longlong)pMVar11 * 2);
-    unaff_R15D = (uint)(ushort)wVar1;
-    *(wchar_t *)(unaff_RBP + 0x470) = wVar1;
-    if ((this == (NodeInfoBytes *)0x0) || (in_stack_00000040 == -1)) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-LAB_4:
-      if (this == (NodeInfoBytes *)0x0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-    }
-    else if (this == (NodeInfoBytes *)0x0) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-      goto LAB_4;
-    }
-    bVar4 = (byte)*this & 0xf;
-    iVar15 = (int)unaff_RSI;
-    if (bVar4 == 2) {
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::hasLabel(this,wVar1);
-      if (bVar5) {
-        bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::isValidNode(this);
-        if (!bVar5) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::isLeaf(this);
-        if (!bVar5) {
-          bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                  NodeInfoBytes::isValidNode(this);
-          if (!bVar5) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                  NodeInfoBytes::childIndex(this);
-          if (uVar7 != 0xffffffff) {
-            if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-            uVar12 = *(uint *)(unaff_RBX + 0x824);
-            if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-            if (lVar19 == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-            if (lVar19 == 0) {
-              *(undefined8 *)(unaff_RBP + 0x100) = 0;
-              *(undefined4 *)(unaff_RBP + 0x108) = 0xffffffff;
-            }
-            else {
-              *(longlong *)(unaff_RBP + 0x110) = lVar19;
-              *(ulong *)(unaff_RBP + 0x118) = uVar7;
-            }
-            puVar8 = (undefined8 *)(unaff_RBP + 0x100);
-            puVar13 = (undefined8 *)(unaff_RBP + 0x110);
-            goto LAB_5;
-          }
-        }
-      }
-LAB_6:
-      uVar6 = 0xffffffff;
-      local_res20 = unaff_RSI;
-    }
-    else {
-      if (bVar4 != 1) {
-        if (bVar4 != 3) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        if (((byte)*this & 0xf) != 3) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::isValidNode(this);
-        if (!bVar5) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::childIndex(this);
-        if (uVar7 == 0xffffffff) {
-          uVar17 = 0xffffffff;
-        }
-        else {
-          if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-          uVar12 = *(uint *)(unaff_RBX + 0x824);
-          if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-          if (lVar19 == 0) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-          if (lVar19 == 0) {
-            *(undefined8 *)(unaff_RBP + 0x170) = 0;
-            *(undefined8 *)(unaff_RBP + 0x178) = 0xffffffff;
-            puVar8 = (undefined8 *)(unaff_RBP + 0x170);
-          }
-          else {
-            *(longlong *)(unaff_RBP + 0x160) = lVar19;
-            *(ulonglong *)(unaff_RBP + 0x168) = (ulonglong)uVar7;
-            puVar8 = (undefined8 *)(unaff_RBP + 0x160);
-          }
-          unaff_RSI = (MapNodeBytes *)*puVar8;
-          uVar17 = puVar8[1];
-          if ((unaff_RSI != (MapNodeBytes *)0x0) && ((int)uVar17 != -1)) {
-            if (unaff_RSI != (MapNodeBytes *)0x0) goto LAB_7;
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-            goto LAB_8;
-          }
-        }
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-LAB_8:
-        do {
-          iVar15 = (int)uVar17;
-          if (unaff_RSI == (MapNodeBytes *)0x0) goto LAB_9;
-LAB_7:
-          do {
-            iVar15 = (int)uVar17;
-            if (iVar15 == -1) {
-LAB_9:
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            else if (unaff_RSI == (MapNodeBytes *)0x0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            iVar10 = (uint)(ushort)wVar1 - (uint)*(ushort *)unaff_RSI;
-            if (-1 < iVar10) {
-              if (iVar10 < 1) {
-                if (iVar15 == -1) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar12 = *(uint *)(unaff_RSI + 0xc);
-                if (uVar12 != 0xffffffff) {
-                  if (*(int *)(unaff_RBX + 0x820) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(int *)(unaff_RBX + 0x824) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                  uVar18 = *(uint *)(unaff_RBX + 0x824);
-                  if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar18)) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                  if (lVar19 == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar18) + 2) * 4;
-                  if (lVar19 == 0) {
-                    *(undefined8 *)(unaff_RBP + 0x1c0) = 0;
-                    *(undefined4 *)(unaff_RBP + 0x1c8) = 0xffffffff;
-                  }
-                  else {
-                    *(longlong *)(unaff_RBP + 0x1d0) = lVar19;
-                    *(uint *)(unaff_RBP + 0x1d8) = uVar12;
-                  }
-                  puVar8 = (undefined8 *)(unaff_RBP + 0x1c0);
-                  puVar13 = (undefined8 *)(unaff_RBP + 0x1d0);
-                  goto LAB_5;
-                }
-              }
-              else {
-                if (iVar15 == -1) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar12 = *(uint *)(unaff_RSI + 8);
-                if (uVar12 != 0xffffffff) {
-                  if (*(int *)(unaff_RBX + 0x820) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(int *)(unaff_RBX + 0x824) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                  uVar18 = *(uint *)(unaff_RBX + 0x824);
-                  if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar18)) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                  if (lVar19 == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar18) + 2) * 4;
-                  if (lVar19 == 0) {
-                    *(undefined8 *)(unaff_RBP + 0x1b0) = 0;
-                    *(undefined8 *)(unaff_RBP + 0x1b8) = 0xffffffff;
-                    puVar8 = (undefined8 *)(unaff_RBP + 0x1b0);
-                  }
-                  else {
-                    *(longlong *)(unaff_RBP + 0x1a0) = lVar19;
-                    *(ulonglong *)(unaff_RBP + 0x1a8) = (ulonglong)uVar12;
-                    puVar8 = (undefined8 *)(unaff_RBP + 0x1a0);
-                  }
-                  goto LAB_10;
-                }
-              }
-LAB_11:
-              unaff_RSI = (MapNodeBytes *)0x0;
-              local_res20 = (MapNodeBytes *)0x0;
-              uVar6 = 0xffffffff;
-              goto LAB_12;
-            }
-            if (iVar15 == -1) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar12 = *(uint *)(unaff_RSI + 4);
-            if (uVar12 == 0xffffffff) goto LAB_11;
-            if (*(int *)(unaff_RBX + 0x820) == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(int *)(unaff_RBX + 0x824) == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-            uVar18 = *(uint *)(unaff_RBX + 0x824);
-            if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar18 & uVar12)) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-            if (lVar19 == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = lVar19 + ((ulonglong)(uVar18 & uVar12) + 2) * 4;
-            if (lVar19 == 0) {
-              *(undefined8 *)(unaff_RBP + 400) = 0;
-              *(undefined8 *)(unaff_RBP + 0x198) = 0xffffffff;
-              puVar8 = (undefined8 *)(unaff_RBP + 400);
-            }
-            else {
-              *(longlong *)(unaff_RBP + 0x180) = lVar19;
-              *(ulonglong *)(unaff_RBP + 0x188) = (ulonglong)uVar12;
-              puVar8 = (undefined8 *)(unaff_RBP + 0x180);
-            }
-LAB_10:
-            unaff_RSI = (MapNodeBytes *)*puVar8;
-            uVar17 = puVar8[1];
-            if ((unaff_RSI == (MapNodeBytes *)0x0) || ((int)uVar17 == -1)) goto LAB_11;
-          } while (unaff_RSI != (MapNodeBytes *)0x0);
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        } while( true );
-      }
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::isValidNode(this);
-      if (!bVar5) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::childIndex(this);
-      if (uVar7 == 0xffffffff) {
-        *(MapNodeBytes **)(unaff_RBP + -0x30) = unaff_RSI;
-        *(undefined4 *)(unaff_RBP + -0x28) = 0xffffffff;
-        pMVar16 = unaff_RSI;
-LAB_13:
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      else {
-        if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-        uVar12 = *(uint *)(unaff_RBX + 0x824);
-        if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-        if (lVar19 == 0) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-        unaff_RSI = (MapNodeBytes *)0x0;
-        if (lVar19 == 0) {
-          *(undefined8 *)(unaff_RBP + 0x120) = 0;
-          *(undefined4 *)(unaff_RBP + 0x128) = 0xffffffff;
-        }
-        else {
-          *(longlong *)(unaff_RBP + 0x130) = lVar19;
-          *(ulong *)(unaff_RBP + 0x138) = uVar7;
-        }
-        puVar8 = (undefined8 *)(unaff_RBP + 0x120);
-        if (lVar19 != 0) {
-          puVar8 = (undefined8 *)(unaff_RBP + 0x130);
-        }
-        pMVar16 = (MapNodeBytes *)*puVar8;
-        uVar17 = puVar8[1];
-        *(MapNodeBytes **)(unaff_RBP + -0x30) = pMVar16;
-        *(undefined8 *)(unaff_RBP + -0x28) = uVar17;
-        if ((pMVar16 == (MapNodeBytes *)0x0) || ((int)uVar17 == -1)) goto LAB_13;
-        if (pMVar16 == (MapNodeBytes *)0x0) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-      }
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::MapNode::
-              isValid((MapNode *)(unaff_RBP + -0x30));
-      if (!bVar5) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::MapNodeBytes
-              ::childIndex(pMVar16,(uint)(ushort)wVar1);
-      if (uVar7 == 0xffffffff) goto LAB_6;
-      if (*(int *)(unaff_RBX + 0x820) == (int)unaff_RSI) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      if (*(int *)(unaff_RBX + 0x824) == (int)unaff_RSI) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-      uVar12 = *(uint *)(unaff_RBX + 0x824);
-      if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-      if (lVar19 == 0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-      if (lVar19 == 0) {
-        *(undefined8 *)(unaff_RBP + 0x140) = 0;
-        *(undefined4 *)(unaff_RBP + 0x148) = 0xffffffff;
-      }
-      else {
-        *(longlong *)(unaff_RBP + 0x150) = lVar19;
-        *(ulong *)(unaff_RBP + 0x158) = uVar7;
-      }
-      puVar8 = (undefined8 *)(unaff_RBP + 0x140);
-      puVar13 = (undefined8 *)(unaff_RBP + 0x150);
-LAB_5:
-      unaff_RSI = (MapNodeBytes *)0x0;
-      if (lVar19 != 0) {
-        puVar8 = puVar13;
-      }
-      local_res20 = (MapNodeBytes *)*puVar8;
-      uVar6 = *(undefined4 *)(puVar8 + 1);
-    }
-LAB_12:
-    *(undefined4 *)(unaff_RBP + 0x480) = uVar6;
-    std::deque<unsigned_long,class_std::allocator<unsigned_long>_>::
-    _Emplace_back_internal<unsigned_long>
-              ((deque<unsigned_long,class_std::allocator<unsigned_long>_> *)(unaff_RBP + -0x80),
-               (ulong *)(unaff_RBP + 0x480));
-    bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::NodeInfoBytes
-            ::isValidNode(this);
-    if (!bVar5) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::NodeInfoBytes
-            ::isValidNode(this);
-    if (!bVar5) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    uVar12 = *(uint *)(this + 8);
-    *(uint *)(unaff_RBP + 0x480) = uVar12;
-    if (uVar12 == 0xffffffff) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-      iStack0000000000000038 = -1;
-      pNStack0000000000000030 = (NodeInfoBytes *)unaff_RSI;
-      goto LAB_14;
-    }
-    if (*(int *)(unaff_RBX + 0x820) == (int)unaff_RSI) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    if (*(int *)(unaff_RBX + 0x824) == (int)unaff_RSI) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-    uVar18 = *(uint *)(unaff_RBX + 0x824);
-    if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar18 & uVar12)) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-    if (lVar19 == 0) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-    }
-    lVar19 = lVar19 + ((ulonglong)(uVar18 & uVar12) + 2) * 4;
-    if (lVar19 == 0) {
-      *(undefined8 *)(unaff_RBP + 0x1e0) = 0;
-      *(undefined4 *)(unaff_RBP + 0x1e8) = 0xffffffff;
-    }
-    else {
-      *(longlong *)(unaff_RBP + 0x1f0) = lVar19;
-      *(uint *)(unaff_RBP + 0x1f8) = uVar12;
-    }
-    puVar8 = (undefined8 *)(unaff_RBP + 0x1e0);
-    if (lVar19 != 0) {
-      puVar8 = (undefined8 *)(unaff_RBP + 0x1f0);
-    }
-    pNStack0000000000000030 = (NodeInfoBytes *)*puVar8;
-    _iStack0000000000000038 = puVar8[1];
-    bVar5 = uVar12 == uVar2;
-LAB_15:
-    unaff_RSI = (MapNodeBytes *)0x0;
-    if (!bVar5) {
-LAB_14:
-      do {
-        if ((pNStack0000000000000030 == (NodeInfoBytes *)0x0) || (iStack0000000000000038 == -1)) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-LAB_16:
-          if (pNStack0000000000000030 == (NodeInfoBytes *)0x0) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-        }
-        else if (pNStack0000000000000030 == (NodeInfoBytes *)0x0) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-          goto LAB_16;
-        }
-        bVar4 = (byte)*pNStack0000000000000030 & 0xf;
-        iVar15 = (int)unaff_RSI;
-        if (bVar4 == 2) {
-          bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                  NodeInfoBytes::hasLabel(pNStack0000000000000030,(wchar_t)unaff_R15D);
-          if (bVar5) {
-            bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                    NodeInfoBytes::isValidNode(pNStack0000000000000030);
-            if (!bVar5) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                    NodeInfoBytes::isLeaf(pNStack0000000000000030);
-            if (!bVar5) {
-              bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                      NodeInfoBytes::isValidNode(pNStack0000000000000030);
-              if (!bVar5) {
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-              }
-              uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                      NodeInfoBytes::childIndex(pNStack0000000000000030);
-              if (uVar7 != 0xffffffff) {
-                if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                uVar12 = *(uint *)(unaff_RBX + 0x824);
-                if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-                if (lVar19 == 0) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-                if (lVar19 == 0) {
-                  *(undefined8 *)(unaff_RBP + 0x200) = 0;
-                  *(undefined4 *)(unaff_RBP + 0x208) = 0xffffffff;
-                }
-                else {
-                  *(longlong *)(unaff_RBP + 0x210) = lVar19;
-                  *(ulong *)(unaff_RBP + 0x218) = uVar7;
-                }
-                puVar8 = (undefined8 *)(unaff_RBP + 0x200);
-                puVar13 = (undefined8 *)(unaff_RBP + 0x210);
-                goto LAB_17;
-              }
-            }
-          }
-LAB_18:
-          in_stack_00000050 = CONCAT44(in_stack_00000050._4_4_,0xffffffff);
-          in_stack_00000048 = unaff_RSI;
-        }
-        else {
-          if (bVar4 != 1) {
-            if (bVar4 != 3) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (((byte)*pNStack0000000000000030 & 0xf) != 3) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                    NodeInfoBytes::isValidNode(pNStack0000000000000030);
-            if (!bVar5) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                    NodeInfoBytes::childIndex(pNStack0000000000000030);
-            if (uVar7 == 0xffffffff) {
-              uVar17 = 0xffffffff;
-            }
-            else {
-              if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-              }
-              if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-              }
-              uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-              uVar12 = *(uint *)(unaff_RBX + 0x824);
-              if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-              }
-              if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar7 & uVar12)) {
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-              }
-              lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-              if (lVar19 == 0) {
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-                di::TelemetryAssert::AssertTriggeredNoArgs();
-              }
-              lVar19 = lVar19 + ((ulonglong)(uVar7 & uVar12) + 2) * 4;
-              if (lVar19 == 0) {
-                *(undefined8 *)(unaff_RBP + 0x270) = 0;
-                *(undefined8 *)(unaff_RBP + 0x278) = 0xffffffff;
-                puVar8 = (undefined8 *)(unaff_RBP + 0x270);
-              }
-              else {
-                *(longlong *)(unaff_RBP + 0x260) = lVar19;
-                *(ulonglong *)(unaff_RBP + 0x268) = (ulonglong)uVar7;
-                puVar8 = (undefined8 *)(unaff_RBP + 0x260);
-              }
-              unaff_RSI = (MapNodeBytes *)*puVar8;
-              uVar17 = puVar8[1];
-              if ((unaff_RSI != (MapNodeBytes *)0x0) && ((int)uVar17 != -1)) {
-                if (unaff_RSI == (MapNodeBytes *)0x0) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                goto LAB_19;
-              }
-            }
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-LAB_19:
-            do {
-              iVar15 = (int)uVar17;
-              if (unaff_RSI == (MapNodeBytes *)0x0) goto LAB_20;
-              do {
-                iVar15 = (int)uVar17;
-                if (iVar15 == -1) {
-LAB_20:
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                else if (unaff_RSI == (MapNodeBytes *)0x0) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                if (-1 < (int)(unaff_R15D - *(ushort *)unaff_RSI)) {
-                  if ((int)(unaff_R15D - *(ushort *)unaff_RSI) < 1) {
-                    if (iVar15 == -1) {
-                      di::TelemetryAssert::AssertTriggeredNoArgs();
-                    }
-                    uVar12 = *(uint *)(unaff_RSI + 0xc);
-                    if (uVar12 != 0xffffffff) {
-                      if (*(int *)(unaff_RBX + 0x820) == 0) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      if (*(int *)(unaff_RBX + 0x824) == 0) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                      uVar18 = *(uint *)(unaff_RBX + 0x824);
-                      if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar18)) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      lVar19 = *(longlong *)
-                                (*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                      if (lVar19 == 0) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar18) + 2) * 4;
-                      if (lVar19 == 0) {
-                        *(undefined8 *)(unaff_RBP + 0x2c0) = 0;
-                        *(undefined4 *)(unaff_RBP + 0x2c8) = 0xffffffff;
-                      }
-                      else {
-                        *(longlong *)(unaff_RBP + 0x370) = lVar19;
-                        *(uint *)(unaff_RBP + 0x378) = uVar12;
-                      }
-                      puVar8 = (undefined8 *)(unaff_RBP + 0x2c0);
-                      puVar13 = (undefined8 *)(unaff_RBP + 0x370);
-                      unaff_R15D = (uint)*(ushort *)(unaff_RBP + 0x470);
-                      goto LAB_17;
-                    }
-                  }
-                  else {
-                    if (iVar15 == -1) {
-                      di::TelemetryAssert::AssertTriggeredNoArgs();
-                    }
-                    uVar12 = *(uint *)(unaff_RSI + 8);
-                    if (uVar12 != 0xffffffff) {
-                      if (*(int *)(unaff_RBX + 0x820) == 0) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      if (*(int *)(unaff_RBX + 0x824) == 0) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                      uVar18 = *(uint *)(unaff_RBX + 0x824);
-                      if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar18)) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      lVar19 = *(longlong *)
-                                (*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                      if (lVar19 == 0) {
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                        di::TelemetryAssert::AssertTriggeredNoArgs();
-                      }
-                      lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar18) + 2) * 4;
-                      if (lVar19 == 0) {
-                        *(undefined8 *)(unaff_RBP + 0x2b0) = 0;
-                        *(undefined8 *)(unaff_RBP + 0x2b8) = 0xffffffff;
-                        puVar8 = (undefined8 *)(unaff_RBP + 0x2b0);
-                      }
-                      else {
-                        *(longlong *)(unaff_RBP + 0x2a0) = lVar19;
-                        *(ulonglong *)(unaff_RBP + 0x2a8) = (ulonglong)uVar12;
-                        puVar8 = (undefined8 *)(unaff_RBP + 0x2a0);
-                      }
-                      goto LAB_21;
-                    }
-                  }
-LAB_22:
-                  unaff_RSI = (MapNodeBytes *)0x0;
-                  in_stack_00000048 = (MapNodeBytes *)0x0;
-                  in_stack_00000050 = CONCAT44(in_stack_00000050._4_4_,0xffffffff);
-                  unaff_R15D = (uint)*(ushort *)(unaff_RBP + 0x470);
-                  goto LAB_23;
-                }
-                if (iVar15 == -1) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar12 = *(uint *)(unaff_RSI + 4);
-                if (uVar12 == 0xffffffff) goto LAB_22;
-                if (*(int *)(unaff_RBX + 0x820) == 0) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                if (*(int *)(unaff_RBX + 0x824) == 0) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                uVar18 = *(uint *)(unaff_RBX + 0x824);
-                if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar18)) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                if (lVar19 == 0) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar18) + 2) * 4;
-                if (lVar19 == 0) {
-                  *(undefined8 *)(unaff_RBP + 0x290) = 0;
-                  *(undefined8 *)(unaff_RBP + 0x298) = 0xffffffff;
-                  puVar8 = (undefined8 *)(unaff_RBP + 0x290);
-                }
-                else {
-                  *(longlong *)(unaff_RBP + 0x280) = lVar19;
-                  *(ulonglong *)(unaff_RBP + 0x288) = (ulonglong)uVar12;
-                  puVar8 = (undefined8 *)(unaff_RBP + 0x280);
-                }
-LAB_21:
-                unaff_RSI = (MapNodeBytes *)*puVar8;
-                uVar17 = puVar8[1];
-                if ((unaff_RSI == (MapNodeBytes *)0x0) || ((int)uVar17 == -1)) goto LAB_22;
-              } while (unaff_RSI != (MapNodeBytes *)0x0);
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            } while( true );
-          }
-          bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                  NodeInfoBytes::isValidNode(pNStack0000000000000030);
-          if (!bVar5) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                  NodeInfoBytes::childIndex(pNStack0000000000000030);
-          if (uVar7 == 0xffffffff) {
-            *(MapNodeBytes **)(unaff_RBP + -0x20) = unaff_RSI;
-            *(undefined4 *)(unaff_RBP + -0x18) = 0xffffffff;
-            pMVar16 = unaff_RSI;
-LAB_24:
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          else {
-            if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-            uVar12 = *(uint *)(unaff_RBX + 0x824);
-            if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-            if (lVar19 == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-            unaff_RSI = (MapNodeBytes *)0x0;
-            if (lVar19 == 0) {
-              *(undefined8 *)(unaff_RBP + 0x220) = 0;
-              *(undefined4 *)(unaff_RBP + 0x228) = 0xffffffff;
-            }
-            else {
-              *(longlong *)(unaff_RBP + 0x230) = lVar19;
-              *(ulong *)(unaff_RBP + 0x238) = uVar7;
-            }
-            puVar8 = (undefined8 *)(unaff_RBP + 0x220);
-            if (lVar19 != 0) {
-              puVar8 = (undefined8 *)(unaff_RBP + 0x230);
-            }
-            pMVar16 = (MapNodeBytes *)*puVar8;
-            uVar17 = puVar8[1];
-            *(MapNodeBytes **)(unaff_RBP + -0x20) = pMVar16;
-            *(undefined8 *)(unaff_RBP + -0x18) = uVar17;
-            if ((pMVar16 == (MapNodeBytes *)0x0) || ((int)uVar17 == -1)) goto LAB_24;
-            if (pMVar16 == (MapNodeBytes *)0x0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-          }
-          bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::MapNode
-                  ::isValid((MapNode *)(unaff_RBP + -0x20));
-          if (!bVar5) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                  MapNodeBytes::childIndex(pMVar16,unaff_R15D);
-          if (uVar7 == 0xffffffff) goto LAB_18;
-          if (*(int *)(unaff_RBX + 0x820) == (int)unaff_RSI) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(int *)(unaff_RBX + 0x824) == (int)unaff_RSI) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-          uVar12 = *(uint *)(unaff_RBX + 0x824);
-          if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar7 & uVar12)) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-          if (lVar19 == 0) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = lVar19 + ((ulonglong)(uVar7 & uVar12) + 2) * 4;
-          if (lVar19 == 0) {
-            *(undefined8 *)(unaff_RBP + 0x240) = 0;
-            *(undefined4 *)(unaff_RBP + 0x248) = 0xffffffff;
-          }
-          else {
-            *(longlong *)(unaff_RBP + 0x250) = lVar19;
-            *(ulong *)(unaff_RBP + 600) = uVar7;
-          }
-          puVar8 = (undefined8 *)(unaff_RBP + 0x240);
-          puVar13 = (undefined8 *)(unaff_RBP + 0x250);
-LAB_17:
-          unaff_RSI = (MapNodeBytes *)0x0;
-          if (lVar19 != 0) {
-            puVar8 = puVar13;
-          }
-          in_stack_00000048 = (MapNodeBytes *)*puVar8;
-          in_stack_00000050 = puVar8[1];
-        }
-LAB_23:
-        bVar5 = MultiPatternTrie<unsigned_char,unsigned_long,class_UnitStorage::VirtualMemory>::
-                BinaryTreeNode::isValidNodeInfo((BinaryTreeNode *)&stack0x00000048);
-        if (bVar5) break;
-        bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::isValidNode(pNStack0000000000000030);
-        if (!bVar5) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::failIndex(pNStack0000000000000030);
-        *(ulong *)(unaff_RBP + 0x480) = uVar7;
-        if (uVar7 != 0xffffffff) goto code_r0x00075a1703af;
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-        *(MapNodeBytes **)(unaff_RBP + -0x10) = unaff_RSI;
-        *(undefined4 *)(unaff_RBP + -8) = 0xffffffff;
-        pNStack0000000000000030 = *(NodeInfoBytes **)(unaff_RBP + -0x10);
-        iStack0000000000000038 = (int)*(undefined8 *)(unaff_RBP + -8);
-      } while( true );
-    }
-    if ((pNStack0000000000000030 == (NodeInfoBytes *)0x0) || (iStack0000000000000038 == -1)) {
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-LAB_25:
-      if (pNStack0000000000000030 != (NodeInfoBytes *)0x0) goto LAB_26;
-LAB_27:
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-LAB_28:
-      if (pNStack0000000000000030 == (NodeInfoBytes *)0x0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-    }
-    else {
-      if (pNStack0000000000000030 == (NodeInfoBytes *)0x0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-        goto LAB_25;
-      }
-LAB_26:
-      if (iStack0000000000000038 == -1) goto LAB_27;
-      if (pNStack0000000000000030 == (NodeInfoBytes *)0x0) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-        goto LAB_28;
-      }
-    }
-    bVar4 = (byte)*pNStack0000000000000030 & 0xf;
-    iVar15 = (int)unaff_RSI;
-    if (bVar4 != 2) {
-      if (bVar4 != 1) {
-        if (bVar4 != 3) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        if (((byte)*pNStack0000000000000030 & 0xf) != 3) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::isValidNode(pNStack0000000000000030);
-        if (!bVar5) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::childIndex(pNStack0000000000000030);
-        if (uVar7 == 0xffffffff) {
-          uVar17 = 0xffffffff;
-        }
-        else {
-          if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-          uVar12 = *(uint *)(unaff_RBX + 0x824);
-          if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-          if (lVar19 == 0) {
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-            di::TelemetryAssert::AssertTriggeredNoArgs();
-          }
-          lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-          if (lVar19 == 0) {
-            *(undefined8 *)(unaff_RBP + 0x410) = 0;
-            *(undefined8 *)(unaff_RBP + 0x418) = 0xffffffff;
-            puVar8 = (undefined8 *)(unaff_RBP + 0x410);
-          }
-          else {
-            *(longlong *)(unaff_RBP + 0x360) = lVar19;
-            *(ulonglong *)(unaff_RBP + 0x368) = (ulonglong)uVar7;
-            puVar8 = (undefined8 *)(unaff_RBP + 0x360);
-          }
-          unaff_RSI = (MapNodeBytes *)*puVar8;
-          uVar17 = puVar8[1];
-          if ((unaff_RSI != (MapNodeBytes *)0x0) && ((int)uVar17 != -1)) {
-            pMVar16 = unaff_RSI;
-            if (unaff_RSI == (MapNodeBytes *)0x0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            goto LAB_29;
-          }
-        }
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-        pMVar16 = unaff_RSI;
-LAB_29:
-        do {
-          iVar15 = (int)uVar17;
-          if (pMVar16 == (MapNodeBytes *)0x0) goto LAB_30;
-          do {
-            iVar15 = (int)uVar17;
-            if (iVar15 == -1) {
-LAB_30:
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            else if (pMVar16 == (MapNodeBytes *)0x0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (-1 < (int)(unaff_R15D - *(ushort *)pMVar16)) {
-              if ((int)(unaff_R15D - *(ushort *)pMVar16) < 1) {
-                if (iVar15 == -1) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar12 = *(uint *)(pMVar16 + 0xc);
-                if (uVar12 != 0xffffffff) {
-                  if (*(int *)(unaff_RBX + 0x820) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(int *)(unaff_RBX + 0x824) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                  uVar18 = *(uint *)(unaff_RBX + 0x824);
-                  if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar18 & uVar12)) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                  if (lVar19 == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = lVar19 + ((ulonglong)(uVar18 & uVar12) + 2) * 4;
-                  if (lVar19 == 0) {
-                    *(undefined8 *)(unaff_RBP + 0x3c0) = 0;
-                    *(undefined4 *)(unaff_RBP + 0x3c8) = 0xffffffff;
-                  }
-                  else {
-                    *(longlong *)(unaff_RBP + 0x3d0) = lVar19;
-                    *(uint *)(unaff_RBP + 0x3d8) = uVar12;
-                  }
-                  puVar8 = (undefined8 *)(unaff_RBP + 0x3c0);
-                  puVar13 = (undefined8 *)(unaff_RBP + 0x3d0);
-                  goto LAB_2;
-                }
-              }
-              else {
-                if (iVar15 == -1) {
-                  di::TelemetryAssert::AssertTriggeredNoArgs();
-                }
-                uVar12 = *(uint *)(pMVar16 + 8);
-                if (uVar12 != 0xffffffff) {
-                  if (*(int *)(unaff_RBX + 0x820) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(int *)(unaff_RBX + 0x824) == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-                  uVar18 = *(uint *)(unaff_RBX + 0x824);
-                  if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar18 & uVar12)) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-                  if (lVar19 == 0) {
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                    di::TelemetryAssert::AssertTriggeredNoArgs();
-                  }
-                  lVar19 = lVar19 + ((ulonglong)(uVar18 & uVar12) + 2) * 4;
-                  if (lVar19 == 0) {
-                    *(undefined8 *)(unaff_RBP + 0x3b0) = 0;
-                    *(undefined8 *)(unaff_RBP + 0x3b8) = 0xffffffff;
-                    puVar8 = (undefined8 *)(unaff_RBP + 0x3b0);
-                  }
-                  else {
-                    *(longlong *)(unaff_RBP + 0x3a0) = lVar19;
-                    *(ulonglong *)(unaff_RBP + 0x3a8) = (ulonglong)uVar12;
-                    puVar8 = (undefined8 *)(unaff_RBP + 0x3a0);
-                  }
-                  goto LAB_31;
-                }
-              }
-LAB_32:
-              unaff_RSI = (MapNodeBytes *)0x0;
-              goto LAB_1;
-            }
-            if (iVar15 == -1) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar12 = *(uint *)(pMVar16 + 4);
-            if (uVar12 == 0xffffffff) goto LAB_32;
-            if (*(int *)(unaff_RBX + 0x820) == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(int *)(unaff_RBX + 0x824) == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            uVar14 = uVar12 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-            uVar18 = *(uint *)(unaff_RBX + 0x824);
-            if (*(uint *)(unaff_RBX + 0x82c) <= uVar14) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar18 & uVar12)) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar14 * 8);
-            if (lVar19 == 0) {
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-              di::TelemetryAssert::AssertTriggeredNoArgs();
-            }
-            lVar19 = lVar19 + ((ulonglong)(uVar18 & uVar12) + 2) * 4;
-            if (lVar19 == 0) {
-              *(undefined8 *)(unaff_RBP + 0x390) = 0;
-              *(undefined8 *)(unaff_RBP + 0x398) = 0xffffffff;
-              puVar8 = (undefined8 *)(unaff_RBP + 0x390);
-            }
-            else {
-              *(longlong *)(unaff_RBP + 0x380) = lVar19;
-              *(ulonglong *)(unaff_RBP + 0x388) = (ulonglong)uVar12;
-              puVar8 = (undefined8 *)(unaff_RBP + 0x380);
-            }
-LAB_31:
-            unaff_RSI = (MapNodeBytes *)0x0;
-            pMVar16 = (MapNodeBytes *)*puVar8;
-            uVar17 = puVar8[1];
-            if (pMVar16 == (MapNodeBytes *)0x0) goto LAB_1;
-            if ((int)uVar17 == -1) {
-              unaff_RSI = (MapNodeBytes *)0x0;
-              goto LAB_1;
-            }
-          } while (pMVar16 != (MapNodeBytes *)0x0);
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        } while( true );
-      }
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::isValidNode(pNStack0000000000000030);
-      if (!bVar5) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::childIndex(pNStack0000000000000030);
-      if (uVar7 == 0xffffffff) {
-        in_stack_00000060 = CONCAT44(in_stack_00000060._4_4_,0xffffffff);
-        in_stack_00000058 = unaff_RSI;
-      }
-      else {
-        if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-        uVar12 = *(uint *)(unaff_RBX + 0x824);
-        if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-        if (lVar19 == 0) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-        unaff_RSI = (MapNodeBytes *)0x0;
-        unaff_R12D = 0xffffffff;
-        if (lVar19 == 0) {
-          *(undefined8 *)(unaff_RBP + 800) = 0;
-          *(undefined4 *)(unaff_RBP + 0x328) = 0xffffffff;
-        }
-        else {
-          *(longlong *)(unaff_RBP + 0x330) = lVar19;
-          *(ulong *)(unaff_RBP + 0x338) = uVar7;
-        }
-        puVar8 = (undefined8 *)(unaff_RBP + 800);
-        if (lVar19 != 0) {
-          puVar8 = (undefined8 *)(unaff_RBP + 0x330);
-        }
-        unaff_RDI = (MapNodeBytes *)*puVar8;
-        in_stack_00000060 = puVar8[1];
-        in_stack_00000058 = unaff_RDI;
-        if ((unaff_RDI != (MapNodeBytes *)0x0) && ((int)in_stack_00000060 != -1))
-        goto code_r0x00075a170d12;
-      }
-      unaff_RDI = in_stack_00000058;
-      unaff_R12D = 0xffffffff;
-      di::TelemetryAssert::AssertTriggeredNoArgs();
-      goto LAB_0;
-    }
-    bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::NodeInfoBytes
-            ::hasLabel(pNStack0000000000000030,(wchar_t)unaff_R15D);
-    if (bVar5) {
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::isValidNode(pNStack0000000000000030);
-      if (!bVar5) {
-        di::TelemetryAssert::AssertTriggeredNoArgs();
-      }
-      bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-              NodeInfoBytes::isLeaf(pNStack0000000000000030);
-      if (!bVar5) {
-        bVar5 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::isValidNode(pNStack0000000000000030);
-        if (!bVar5) {
-          di::TelemetryAssert::AssertTriggeredNoArgs();
-        }
-        uVar7 = MultiPatternTrie<wchar_t,unsigned_long,class_UnitStorage::VirtualMemory>::
-                NodeInfoBytes::childIndex(pNStack0000000000000030);
-        if (uVar7 != 0xffffffff) goto code_r0x00075a16f969;
-      }
-    }
-LAB_1:
-    uVar7 = 0xffffffff;
-    pMVar16 = unaff_RSI;
-  } while( true );
-code_r0x00075a1703af:
-  if (*(int *)(unaff_RBX + 0x820) == (int)unaff_RSI) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  if (*(int *)(unaff_RBX + 0x824) == (int)unaff_RSI) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-  uVar12 = *(uint *)(unaff_RBX + 0x824);
-  if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar12 & uVar7)) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-  if (lVar19 == 0) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  lVar19 = lVar19 + ((ulonglong)(uVar12 & uVar7) + 2) * 4;
-  if (lVar19 == 0) {
-    *(undefined8 *)(unaff_RBP + 0x2e0) = 0;
-    *(undefined4 *)(unaff_RBP + 0x2e8) = 0xffffffff;
-  }
-  else {
-    *(longlong *)(unaff_RBP + 0x2f0) = lVar19;
-    *(ulong *)(unaff_RBP + 0x2f8) = uVar7;
-  }
-  puVar8 = (undefined8 *)(unaff_RBP + 0x2e0);
-  if (lVar19 != 0) {
-    puVar8 = (undefined8 *)(unaff_RBP + 0x2f0);
-  }
-  pNStack0000000000000030 = (NodeInfoBytes *)*puVar8;
-  _iStack0000000000000038 = puVar8[1];
-  *(NodeInfoBytes **)(unaff_RBP + -0x10) = pNStack0000000000000030;
-  *(undefined8 *)(unaff_RBP + -8) = _iStack0000000000000038;
-  bVar5 = uVar7 == *(ulong *)(unaff_RBP + 0x478);
-  goto LAB_15;
-code_r0x00075a16f969:
-  if (*(int *)(unaff_RBX + 0x820) == iVar15) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  if (*(int *)(unaff_RBX + 0x824) == iVar15) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  uVar18 = uVar7 >> ((byte)*(undefined4 *)(unaff_RBX + 0x820) & 0x1f);
-  uVar12 = *(uint *)(unaff_RBX + 0x824);
-  if (*(uint *)(unaff_RBX + 0x82c) <= uVar18) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  if (*(uint *)(unaff_RBX + 0x828) >> 2 <= (uVar7 & uVar12)) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  lVar19 = *(longlong *)(*(longlong *)(unaff_RBX + 0x840) + (ulonglong)uVar18 * 8);
-  if (lVar19 == 0) {
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-    di::TelemetryAssert::AssertTriggeredNoArgs();
-  }
-  lVar19 = lVar19 + ((ulonglong)(uVar7 & uVar12) + 2) * 4;
-  if (lVar19 == 0) {
-    *(undefined8 *)(unaff_RBP + 0x300) = 0;
-    *(undefined4 *)(unaff_RBP + 0x308) = 0xffffffff;
-  }
-  else {
-    *(longlong *)(unaff_RBP + 0x310) = lVar19;
-    *(ulong *)(unaff_RBP + 0x318) = uVar7;
-  }
-  puVar8 = (undefined8 *)(unaff_RBP + 0x300);
-  puVar13 = (undefined8 *)(unaff_RBP + 0x310);
-  goto LAB_2;
+  return _Dst;
 }
 



Array<unsigned_char>::Add


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,name,fullname,refcount,length,sig,address,calling,called,parent




ratio
0.16




i_ratio
0.08




m_ratio
0.32




b_ratio
0.44




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
Add
AmsiSessionCache




fullname
Array<unsigned_char>::Add
AmsiSessionCache::AmsiSessionCache::AmsiSessionCache




refcount
9
2




length
158
449




called
memset
realloc		
AmsiSessionCache::AmsiSessionCache::MaintenanceCallback
CommonUtil::UtilCreateTimerQueueTimer
DcQueryConfig
DcQueryConfig<unsigned___int64>
KERNEL32.DLL::DeleteTimerQueueTimer
KERNEL32.DLL::InitializeCriticalSectionAndSpinCount
WPP_SF_s
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
std::_Allocate<16,struct_std::_Default_allocate_traits,0>		




calling
RarVM::Execute
RarVM::Prepare
lzstreamRAR::AddVMCode
unrar3::ReadVMCode<class_DecodeWithInStream>
unrar3::ReadVMCode<class_DecodeWithPPM>		
AmsiSessionCache::FinalizeInitialize




paramcount
2
1




address
75a3c5bc4
75a718634




sig
uncompress_error_t __thiscall Add(Array<unsigned_char> * this, __uint64 param_1)
undefined __thiscall AmsiSessionCache(AmsiSessionCache * this)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






Array<unsigned_char>::Add Called Diff


--- Array<unsigned_char>::Add called
+++ AmsiSessionCache::AmsiSessionCache::AmsiSessionCache called
@@ -1,2 +1,9 @@
-memset
-realloc
+AmsiSessionCache::AmsiSessionCache::MaintenanceCallback
+CommonUtil::UtilCreateTimerQueueTimer
+DcQueryConfig<bool>
+DcQueryConfig<unsigned___int64>
+KERNEL32.DLL::DeleteTimerQueueTimer
+KERNEL32.DLL::InitializeCriticalSectionAndSpinCount
+WPP_SF_s
+`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
+std::_Allocate<16,struct_std::_Default_allocate_traits,0>


Array<unsigned_char>::Add Calling Diff


--- Array<unsigned_char>::Add calling
+++ AmsiSessionCache::AmsiSessionCache::AmsiSessionCache calling
@@ -1,5 +1 @@
-RarVM::Execute
-RarVM::Prepare
-lzstreamRAR::AddVMCode
-unrar3::ReadVMCode<class_DecodeWithInStream>
-unrar3::ReadVMCode<class_DecodeWithPPM>
+AmsiSessionCache::FinalizeInitialize


Array<unsigned_char>::Add Diff


--- Array<unsigned_char>::Add
+++ AmsiSessionCache::AmsiSessionCache::AmsiSessionCache
@@ -1,39 +1,74 @@
 
-/* public: enum uncompress_error_t __cdecl Array<unsigned char>::Add(unsigned __int64) __ptr64 */
+/* public: __cdecl AmsiSessionCache::AmsiSessionCache::AmsiSessionCache(void) __ptr64 */
 
-uncompress_error_t __thiscall Array<unsigned_char>::Add(Array<unsigned_char> *this,__uint64 param_1)
+AmsiSessionCache * __thiscall
+AmsiSessionCache::AmsiSessionCache::AmsiSessionCache(AmsiSessionCache *this)
 
 {
-  ulonglong uVar1;
-  uncompress_error_t uVar2;
-  void *pvVar3;
-  ulonglong uVar4;
+  AmsiSessionCache *pAVar1;
+  ulong uVar2;
+  bool bVar3;
+  AmsiSessionCache AVar4;
+  long lVar5;
+  void *pvVar6;
+  __uint64 _Var7;
+  char *pcVar8;
   
-  uVar1 = *(ulonglong *)(this + 8) + param_1;
-  if (uVar1 < *(ulonglong *)(this + 8)) {
-LAB_0:
-    uVar2 = 3;
+  *(undefined4 *)(this + 8) = 0;
+  *(undefined ***)this = vftable;
+  *(undefined8 *)(this + 0x10) = 0;
+  *(undefined8 *)(this + 0x18) = 0;
+  pvVar6 = std::_Allocate<16,struct_std::_Default_allocate_traits,0>(0x48);
+  *(void **)pvVar6 = pvVar6;
+  *(void **)((longlong)pvVar6 + 8) = pvVar6;
+  *(void **)(this + 0x10) = pvVar6;
+  *(undefined8 *)(this + 0x20) = 300000;
+  *(undefined8 *)(this + 0x28) = 0x40;
+  this[0x30] = (AmsiSessionCache)0x0;
+  InitializeCriticalSectionAndSpinCount((LPCRITICAL_SECTION)(this + 0x48),4000);
+  pAVar1 = this + 0x70;
+  *(void **)pAVar1 = (void *)0x0;
+  *(undefined4 *)(this + 0x80) = 0;
+  *(undefined ***)(this + 0x78) = CommonUtil::CMpShutterWait::vftable;
+  *(undefined8 *)(this + 0x88) = 0;
+  this[0x90] = (AmsiSessionCache)0x0;
+  this[0x91] = (AmsiSessionCache)0x0;
+  bVar3 = DcQueryConfig<bool>(L"MpDisableAmsiSessionCache");
+  if ((gktab[0xb4d] != (kernel_table)0x0) || (gktab[0xb4e] != (kernel_table)0x0)) {
+    bVar3 = true;
   }
-  else {
-    uVar4 = *(ulonglong *)(this + 0x10);
-    if (uVar4 < uVar1) {
-      uVar4 = (uVar4 >> 2) + 0x20 + uVar4;
-      if (uVar4 <= uVar1) {
-        uVar4 = uVar1;
+  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+     ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+    pcVar8 = "disabled";
+    if (bVar3 == false) {
+      pcVar8 = "enabled";
+    }
+    WPP_SF_s(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xb,
+             &WPP_2a43235048063d369590614f6096621d_Traceguids,pcVar8);
+  }
+  if (bVar3 == false) {
+    AVar4 = (AmsiSessionCache)DcQueryConfig<bool>(L"MpDisableAmsiCacheAttributes");
+    this[0x31] = AVar4;
+    _Var7 = DcQueryConfig<unsigned___int64>(L"MpAmsiSessionCacheMaxSize");
+    *(__uint64 *)(this + 0x28) = _Var7;
+    _Var7 = DcQueryConfig<unsigned___int64>(L"MpAmsiSessionCacheMaxDurationMs");
+    *(__uint64 *)(this + 0x20) = _Var7;
+    _Var7 = DcQueryConfig<unsigned___int64>(L"MpAmsiSessionCacheMaintenanceDelay");
+    *(__uint64 *)(this + 0x38) = _Var7;
+    _Var7 = DcQueryConfig<unsigned___int64>(L"MpAmsiSessionCacheMaintenanceInterval");
+    *(__uint64 *)(this + 0x40) = _Var7;
+    if (_Var7 != 0) {
+      uVar2 = *(ulong *)(this + 0x38);
+      if (*(HANDLE *)pAVar1 != (HANDLE)0x0) {
+        DeleteTimerQueueTimer((HANDLE)0x0,*(HANDLE *)pAVar1,(HANDLE)0xffffffffffffffff);
+        *(void **)pAVar1 = (void *)0x0;
       }
-      if (uVar4 == 0xffffffffffffffff) goto LAB_0;
-      pvVar3 = realloc(*(void **)this,uVar4);
-      if (pvVar3 == (void *)0x0) {
-        return 2;
-      }
-      memset((void *)(*(longlong *)(this + 8) + (longlong)pvVar3),0,uVar4 - *(longlong *)(this + 8))
-      ;
-      *(void **)this = pvVar3;
-      *(ulonglong *)(this + 0x10) = uVar4;
+      lVar5 = CommonUtil::UtilCreateTimerQueueTimer
+                        ((void **)pAVar1,uVar2,(ulong)_Var7,MaintenanceCallback,this,0);
+      m_maintenanceEnabled = -1 < lVar5;
     }
-    *(ulonglong *)(this + 8) = uVar1;
-    uVar2 = 0;
+    this[0x30] = (AmsiSessionCache)0x1;
   }
-  return uVar2;
+  return this;
 }
 



UfsClientRequest::AnalyzeLeaf


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.01




i_ratio
0.75




m_ratio
0.94




b_ratio
0.9




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
AnalyzeLeaf
AnalyzeLeaf




fullname
UfsClientRequest::AnalyzeLeaf
UfsClientRequest::AnalyzeLeaf




refcount
2
2




length
346
308




called
CommonUtil::CRefVirtualObject::Release`vtordisp{4294967292,12048}'
UfsClientRequest::AnalyzeNode
UfsClientRequest::OpenNode
UfsUtils::OpenSucceeded
guard_dispatch_icall$fo_default$
di::TelemetryAssert::AssertTriggeredNoArgs		
UfsClientRequest::AnalyzeNode
UfsClientRequest::OpenNode
UfsUtils::OpenSucceeded
guard_dispatch_icall$fo_default$
di::TelemetryAssert::AssertTriggeredNoArgs		




calling
UfsClientRequest::AnalyzePath
UfsClientRequest::AnalyzePath




paramcount
3
3




address
75a1704ec
75a1f6b78




sig
long __thiscall AnalyzeLeaf(UfsClientRequest * this, wchar_t * param_1, __uint64 param_2)
long __thiscall AnalyzeLeaf(UfsClientRequest * this, wchar_t * param_1, __uint64 param_2)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






UfsClientRequest::AnalyzeLeaf Called Diff


--- UfsClientRequest::AnalyzeLeaf called
+++ UfsClientRequest::AnalyzeLeaf called
@@ -1 +0,0 @@
-CommonUtil::CRefVirtualObject::Release`vtordisp{4294967292,12048}'


UfsClientRequest::AnalyzeLeaf Diff


--- UfsClientRequest::AnalyzeLeaf
+++ UfsClientRequest::AnalyzeLeaf
@@ -1,2 +1,58 @@
-Failed to decompile mpengine.dll - .ProgramDB UfsClientRequest::AnalyzeLeaf : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* public: long __cdecl UfsClientRequest::AnalyzeLeaf(wchar_t const * __ptr64,unsigned __int64)
+   __ptr64 */
+
+long __thiscall
+UfsClientRequest::AnalyzeLeaf(UfsClientRequest *this,wchar_t *param_1,__uint64 param_2)
+
+{
+  UfsNode *pUVar1;
+  bool bVar2;
+  long lVar3;
+  uint local_res8 [2];
+  UfsNode *local_res10;
+  undefined4 local_58;
+  undefined4 local_54;
+  undefined8 local_50;
+  undefined8 local_48;
+  undefined **local_40;
+  undefined **local_38;
+  wchar_t *local_30;
+  __uint64 local_28;
+  
+  local_res10 = (UfsNode *)0x0;
+  local_58 = 1;
+  local_54 = 0;
+  local_50 = 0;
+  local_48 = 0;
+  local_40 = FullOpenFileInfo::vftable;
+  local_38 = &PTR_vftable_75b1da1f0;
+  if (*(undefined ***)(this + 0x500) != (undefined **)0x0) {
+    local_38 = *(undefined ***)(this + 0x500);
+  }
+  local_30 = param_1;
+  local_28 = param_2;
+  if (param_1 == (wchar_t *)0x0) {
+    di::TelemetryAssert::AssertTriggeredNoArgs();
+  }
+  (**(code **)(*local_38 + 8))();
+  lVar3 = OpenNode(this,&local_res10,(UfsOpenFileInfo *)&local_40,(UfsNodeLocation *)&local_58);
+  local_40 = FullOpenFileInfo::vftable;
+  (**(code **)(*local_38 + 8))();
+  bVar2 = UfsUtils::OpenSucceeded(lVar3);
+  pUVar1 = local_res10;
+  if (bVar2) {
+    local_res8[0] = local_res8[0] | 1;
+    (**(code **)(*(longlong *)(local_res10 + *(int *)(*(longlong *)local_res10 + 8)) + 0x30))
+              (local_res10 + *(int *)(*(longlong *)local_res10 + 8),local_res8);
+    lVar3 = AnalyzeNode(this,L"",pUVar1);
+    (**(code **)(*(longlong *)(pUVar1 + *(int *)(*(longlong *)pUVar1 + 4)) + 8))();
+  }
+  else if (local_res10 != (UfsNode *)0x0) {
+    (**(code **)(*(longlong *)(local_res10 + *(int *)(*(longlong *)local_res10 + 4)) + 8))();
+  }
+  return lVar3;
+}
+



ApitableInit


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,refcount,length,address,calling




ratio
0.21




i_ratio
0.55




m_ratio
0.97




b_ratio
0.97




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
ApitableInit
ApitableInit




fullname
ApitableInit
ApitableInit




refcount
177
201




length
182
202




called
ApitableSnap
KERNEL32.DLL::GetModuleHandleW		
ApitableSnap
KERNEL32.DLL::GetModuleHandleW		




calling

Expand for full list:
ApplyDeltaW
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptGetProperty
CertGetNameStringW
CertOpenStore
CertVerifyCertificateChainPolicy
CloseCompressor
CoCreateGuid
CoTaskMemAllocCommandLineToArgvW
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATClose
CryptCATOpen
CryptMsgClose
CryptMsgGetParam
Decompress
DeriveAppContainerSidFromAppContainerName
DnsFree
DnsGetCacheDataTable
DnsQuery_W
EnumPageFilesW
EnumProcessModules
FilterDetach
FilterFindClose
FilterFindFirst
FilterInstanceFindClose
FilterUnload
FreeMibTable
GetBestInterfaceEx
GetExtendedTcpTable
GetExtendedUdpTable
GetFileVersionInfoW
GetFirmwareEnvironmentVariableA
GetIpNetTable2
GetMappedFileNameW
GetModuleBaseNameW
GetModuleInformation
GetProcessMitigationPolicy
GetStorageDependencyInformation
GetSystemMetrics
GetThreadInformation
InetPtonW
IsVolumeSnapshottedInternal
K32EnumPageFilesW
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetProcessMemoryInfo
NdrServerCall2
NetGetJoinInformation
NetUserGetInfo
PowerSettingRegisterNotification
RoActivateInstance
RoFailFastWithErrorContext
RoInitialize
RoReportUnhandledError
RpcBindingBind
RpcBindingCreateW
RpcBindingFree
RpcBindingVectorFree
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf3
SHLoadIndirectString
SetThreadInformation
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SysAllocString
SysStringLen
TryAcquireSRWLockExclusive
UrlGetPartW
VariantCopy
VariantInit
VerQueryValueA
WSAAddressToStringW
WSAStartup
WTSEnumerateSessionsW
WinVerifyTrust
WindowsCreateString
WindowsGetStringRawBuffer
WrapperBCryptCreateHash
WrapperBCryptDestroyHash
WrapperBCryptHashData
WrapperBCryptOpenAlgorithmProvider
WrapperCM_Free_Log_Conf_Handle
WrapperCM_Free_Res_Des_Handle
WrapperCM_Get_First_Log_Conf
WrapperCM_Get_Next_Res_Des
WrapperCM_Get_Res_Des_Data
WrapperCM_Get_Res_Des_Data_Size
WrapperCertAddEncodedCertificateToStore
WrapperCertCloseStore
WrapperCertCreateCertificateContext
WrapperCertDeleteCertificateFromStore
WrapperCertEnumCertificatesInStore
WrapperCertFindCertificateInStore
WrapperCertFreeCertificateContext
WrapperCertGetCertificateContextProperty
WrapperCloseDecompressor
WrapperCoCreateInstance
WrapperCoGetObjectContext
WrapperCoInitializeEx
WrapperCoSetProxyBlanket
WrapperCoTaskMemFree
WrapperCoUninitialize
WrapperCompress
WrapperCreateAppContainerProfile
WrapperCreateCompressor
WrapperCreateDXGIFactory1
WrapperCreateDecompressor
WrapperCryptCATAdminAcquireContext2
WrapperCryptCATAdminReleaseCatalogContext
WrapperCryptCATAdminReleaseContext
WrapperCryptCATCatalogInfoFromContext
WrapperCryptCATGetAttrInfo
WrapperCryptCATGetMemberInfo
WrapperCryptQueryObject
WrapperCryptStringToBinaryW
WrapperD3D11CreateDevice
WrapperDeleteAppContainerProfile
WrapperEventSetInformation
WrapperExpandEnvironmentStringsForUserW
WrapperFilterFindNext
WrapperFilterInstanceFindFirst
WrapperFilterInstanceFindNext
WrapperFreeAddrInfoW
WrapperGetAdaptersAddresses
WrapperGetAddrInfoW
WrapperGetFileVersionInfoSizeA
WrapperGetFileVersionInfoSizeW
WrapperGetFirmwareType
WrapperGetLogicalProcessorInformationEx
WrapperGetProcessImageFileNameW
WrapperGetProcessInformation
WrapperGetSystemTimePreciseAsFileTime
WrapperGetUserNameExW
WrapperIIDFromString
WrapperK32EnumProcesses
WrapperK32GetMappedFileNameW
WrapperK32GetModuleBaseNameW
WrapperK32GetModuleInformation
WrapperK32GetProcessImageFileNameW
WrapperK32QueryWorkingSetEx
WrapperLoadStringA
WrapperLoadStringW
WrapperNetApiBufferFree
WrapperNetQueryDisplayInformation
WrapperNetUserGetLocalGroups
WrapperPowerSettingUnregisterNotification
WrapperPrefetchVirtualMemory
WrapperRoUninitialize
WrapperRpcEpRegisterW
WrapperRpcEpUnregister
WrapperRpcServerUnregisterIfEx
WrapperRpcServerUseProtseqEpW
WrapperSHGetKnownFolderPath
WrapperSetProcessInformation
WrapperSetRestrictedErrorInfo
WrapperSetupDiDestroyDeviceInfoList
WrapperSetupDiGetDeviceInstanceIdA
WrapperSysFreeString
WrapperUrlUnescapeW
WrapperVariantClear
WrapperVerQueryValueW
WrapperWSACleanup
WrapperWSAGetLastError
WrapperWTSFreeMemory
WrapperWTSQuerySessionInformationW
WrapperWTSQueryUserToken
WrapperWindowsDeleteString
WrapperWofSetFileDataLocation
WrapperWofShouldCompressBinaries
ntohs


Expand for full list:
ApplyDeltaW
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptGetProperty
CertFreeCertificateChain
CertGetNameStringW
CertOpenStore
CertVerifyCertificateChainPolicy
CloseCompressor
CoCreateGuidCoTaskMemAlloc
CommandLineToArgvW
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATClose
CryptCATOpen
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
Decompress
DeriveAppContainerSidFromAppContainerName
DnsFree
DnsGetCacheDataTable
DnsQuery_W
EnumPageFilesW
EnumProcessModules
FilterDetach
FilterFindClose
FilterFindFirst
FilterInstanceFindClose
FilterUnload
FreeMibTable
FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterDeleteByKey0
FwpmFreeMemory0
FwpmProviderGetByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerGetByKey0
FwpmTransactionCommit0
GetBestInterfaceEx
GetExtendedTcpTable
GetExtendedUdpTable
GetFileVersionInfoA
GetFileVersionInfoW
GetFirmwareEnvironmentVariableA
GetIpNetTable2
GetMappedFileNameW
GetModuleBaseNameW
GetModuleInformation
GetProcessMitigationPolicy
GetStorageDependencyInformation
GetSystemMetrics
GetThreadInformation
InetPtonW
IsVolumeSnapshottedInternal
K32EnumPageFilesW
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetProcessMemoryInfo
NdrServerCall2
NetGetJoinInformation
NetUserGetInfo
PowerSettingRegisterNotification
ReadProcessMemoryInternal
RoActivateInstance
RoFailFastWithErrorContext
RoInitialize
RoReportUnhandledError
RpcBindingBind
RpcBindingCreateW
RpcBindingFree
RpcBindingVectorFree
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf3
SHLoadIndirectString
SetThreadInformation
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SysAllocString
SysStringLen
TryAcquireSRWLockExclusive
UrlGetPartW
VariantCopy
VariantInit
VerQueryValueA
WSAAddressToStringW
WSAStartup
WTSEnumerateSessionsW
WinVerifyTrust
WindowsCreateString
WindowsGetStringRawBuffer
WrapperBCryptCreateHash
WrapperBCryptDestroyHash
WrapperBCryptHashData
WrapperBCryptOpenAlgorithmProvider
WrapperCM_Free_Log_Conf_Handle
WrapperCM_Free_Res_Des_Handle
WrapperCM_Get_First_Log_Conf
WrapperCM_Get_Next_Res_Des
WrapperCM_Get_Res_Des_Data
WrapperCM_Get_Res_Des_Data_Size
WrapperCertAddEncodedCertificateToStore
WrapperCertCloseStore
WrapperCertCreateCertificateContext
WrapperCertDeleteCertificateFromStore
WrapperCertEnumCertificatesInStore
WrapperCertFindCertificateInStore
WrapperCertFreeCertificateContext
WrapperCertGetCertificateChain
WrapperCertGetCertificateContextProperty
WrapperCloseDecompressor
WrapperCoCreateInstance
WrapperCoGetObjectContext
WrapperCoInitializeEx
WrapperCoSetProxyBlanket
WrapperCoTaskMemFree
WrapperCoUninitialize
WrapperCompress
WrapperCreateAppContainerProfile
WrapperCreateCompressor
WrapperCreateDXGIFactory1
WrapperCreateDecompressor
WrapperCryptCATAdminAcquireContext2
WrapperCryptCATAdminReleaseCatalogContext
WrapperCryptCATAdminReleaseContext
WrapperCryptCATCatalogInfoFromContext
WrapperCryptCATGetAttrInfo
WrapperCryptCATGetMemberInfo
WrapperCryptMsgOpenToDecode
WrapperCryptQueryObject
WrapperCryptStringToBinaryW
WrapperD3D11CreateDevice
WrapperDeleteAppContainerProfile
WrapperEventSetInformation
WrapperExpandEnvironmentStringsForUserW
WrapperFilterFindNext
WrapperFilterInstanceFindFirst
WrapperFilterInstanceFindNext
WrapperFreeAddrInfoW
WrapperFwpmFilterAdd0
WrapperFwpmFilterCreateEnumHandle0
WrapperFwpmFilterDestroyEnumHandle0
WrapperFwpmFilterEnum0
WrapperFwpmProviderAdd0
WrapperFwpmProviderDeleteByKey0
WrapperFwpmTransactionBegin0
WrapperGetAdaptersAddresses
WrapperGetAddrInfoW
WrapperGetFileVersionInfoSizeA
WrapperGetFileVersionInfoSizeW
WrapperGetFirmwareType
WrapperGetLogicalProcessorInformationEx
WrapperGetProcessImageFileNameW
WrapperGetProcessInformation
WrapperGetSystemTimePreciseAsFileTime
WrapperGetUserNameExW
WrapperIIDFromString
WrapperK32EnumProcesses
WrapperK32GetMappedFileNameW
WrapperK32GetModuleBaseNameW
WrapperK32GetModuleInformation
WrapperK32GetProcessImageFileNameW
WrapperK32QueryWorkingSetEx
WrapperLoadStringA
WrapperLoadStringW
WrapperNetApiBufferFree
WrapperNetQueryDisplayInformation
WrapperNetUserGetLocalGroups
WrapperPowerSettingUnregisterNotification
WrapperPrefetchVirtualMemory
WrapperRoUninitialize
WrapperRpcEpRegisterW
WrapperRpcEpUnregister
WrapperRpcServerUnregisterIfEx
WrapperRpcServerUseProtseqEpW
WrapperSHGetKnownFolderPath
WrapperSetProcessInformation
WrapperSetRestrictedErrorInfo
WrapperSetupDiDestroyDeviceInfoList
WrapperSetupDiGetDeviceInstanceIdA
WrapperSysFreeString
WrapperUrlUnescapeW
WrapperVariantClear
WrapperVerQueryValueW
WrapperWSACleanup
WrapperWSAGetLastError
WrapperWTSFreeMemory
WrapperWTSQuerySessionInformationW
WrapperWTSQueryUserToken
WrapperWindowsDeleteString
WrapperWofSetFileDataLocation
WrapperWofShouldCompressBinaries
Wrapperinet_ntop
inet_pton
ntohs





paramcount
1
1




address
75a7cb690
75a77f9d0




sig
bool __fastcall ApitableInit(longlong param_1)
bool __fastcall ApitableInit(longlong param_1)




sym_type
Function
Function




sym_source
IMPORTED
IMPORTED




external
False
False






ApitableInit Calling Diff


--- ApitableInit calling
+++ ApitableInit calling
@@ -5,0 +6 @@
+CertFreeCertificateChain
@@ -18,0 +20 @@
+CryptMsgUpdate
@@ -31,0 +34,9 @@
+FwpmEngineClose0
+FwpmEngineOpen0
+FwpmFilterDeleteByKey0
+FwpmFreeMemory0
+FwpmProviderGetByKey0
+FwpmSubLayerAdd0
+FwpmSubLayerDeleteByKey0
+FwpmSubLayerGetByKey0
+FwpmTransactionCommit0
@@ -34,0 +46 @@
+GetFileVersionInfoA
@@ -54,0 +67 @@
+ReadProcessMemoryInternal
@@ -99,0 +113 @@
+WrapperCertGetCertificateChain
@@ -118,0 +133 @@
+WrapperCryptMsgOpenToDecode
@@ -128,0 +144,7 @@
+WrapperFwpmFilterAdd0
+WrapperFwpmFilterCreateEnumHandle0
+WrapperFwpmFilterDestroyEnumHandle0
+WrapperFwpmFilterEnum0
+WrapperFwpmProviderAdd0
+WrapperFwpmProviderDeleteByKey0
+WrapperFwpmTransactionBegin0
@@ -174,0 +197,2 @@
+Wrapperinet_ntop
+inet_pton


ApitableInit Diff


--- ApitableInit
+++ ApitableInit
@@ -1,10 +1,29 @@
 
-/* WARNING: Control flow encountered bad instruction data */
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
 
 bool ApitableInit(longlong param_1)
 
 {
-                    /* WARNING: Bad instruction - Truncating control flow here */
-  halt_baddata();
+  undefined *puVar1;
+  char cVar2;
+  
+  puVar1 = (&GlobalApiTable)[param_1 * 3];
+  if (((puVar1 == &DAT_0) || (puVar1 == &DAT_75add5fc0)) || (puVar1 == &DAT_75add6020)) {
+    cVar2 = ApitableSnap(&DAT_1);
+    if (((cVar2 != '\0') && (cVar2 = ApitableSnap(&DAT_2), cVar2 != '\0')) &&
+       (cVar2 = ApitableSnap(&DAT_0), cVar2 != '\0')) {
+      _g_Kernel32Handle = GetModuleHandleW(L"KERNEL32.DLL");
+      g_NtdllHandle = GetModuleHandleW(L"NTDLL.DLL");
+      goto LAB_3;
+    }
+  }
+  else {
+    cVar2 = ApitableSnap(puVar1);
+    if (cVar2 != '\0') {
+LAB_3:
+      return (&GlobalAddressTable)[param_1] != 0;
+    }
+  }
+  return false;
 }
 



ArDetectionItem::ArDetectionItem


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address




ratio
0.01




i_ratio
0.74




m_ratio
0.99




b_ratio
0.99




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
ArDetectionItem
ArDetectionItem




fullname
ArDetectionItem::ArDetectionItem
ArDetectionItem::ArDetectionItem




refcount
2
2




length
281
289




called
ArDetectionItem::GetUnfriendlyFileInfo
CommonUtil::CommonThrowHr
DetectionItem::DetectionItem
ProcessTuple::~ProcessTuple
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer		
ArDetectionItem::GetUnfriendlyFileInfo
CommonUtil::CommonThrowHr
DetectionItem::DetectionItem
ProcessTuple::~ProcessTuple
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer		




calling
ArDetectionItem::CreateInstance
ArDetectionItem::CreateInstance




paramcount
4
4




address
75a891ab0
75a856d00




sig
undefined __thiscall ArDetectionItem(ArDetectionItem * this, DetectionDescriptor * param_1, IDetectionDispatcher * param_2, ArScan * param_3)
undefined __thiscall ArDetectionItem(ArDetectionItem * this, DetectionDescriptor * param_1, IDetectionDispatcher * param_2, ArScan * param_3)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






ArDetectionItem::ArDetectionItem Diff


--- ArDetectionItem::ArDetectionItem
+++ ArDetectionItem::ArDetectionItem
@@ -1,2 +1,72 @@
-Failed to decompile mpengine.dll - .ProgramDB ArDetectionItem::ArDetectionItem : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* private: __cdecl ArDetectionItem::ArDetectionItem(struct DetectionDescriptor const &
+   __ptr64,struct IDetectionDispatcher * __ptr64,class ArScan const * __ptr64) __ptr64 */
+
+void __thiscall
+ArDetectionItem::ArDetectionItem
+          (ArDetectionItem *this,DetectionDescriptor *param_1,IDetectionDispatcher *param_2,
+          ArScan *param_3)
+
+{
+  long lVar1;
+  undefined auStack_c8 [32];
+  ArDetectionItem *local_a8;
+  undefined8 local_98;
+  undefined8 local_90;
+  undefined8 local_88;
+  undefined8 uStack_80;
+  undefined8 local_78;
+  undefined8 uStack_70;
+  undefined8 local_68;
+  undefined8 uStack_60;
+  undefined8 local_58;
+  undefined4 local_50;
+  undefined local_4c;
+  undefined4 local_48;
+  undefined local_44;
+  undefined4 local_40;
+  undefined local_3c;
+  ulonglong local_38;
+  
+  local_38 = __security_cookie ^ (ulonglong)auStack_c8;
+  local_98 = 0;
+  local_90 = 0;
+  uStack_80 = 0;
+  local_78 = 0;
+  uStack_70 = 7;
+  local_88 = 0;
+  local_68 = 0;
+  uStack_60 = 0;
+  local_58 = 0;
+  local_50 = 1;
+  local_4c = 0;
+  local_48 = 0;
+  local_44 = 0;
+  local_40 = 0;
+  local_3c = 0;
+  local_a8 = this;
+  DetectionItem::DetectionItem((DetectionItem *)this,param_1,(ProcessTuple *)&local_98,param_2);
+  ProcessTuple::~ProcessTuple((ProcessTuple *)&local_98);
+  *(undefined ***)this = vftable;
+  if (param_3 != (ArScan *)0x0) {
+    LOCK();
+    *(int *)(param_3 + 8) = *(int *)(param_3 + 8) + 1;
+    UNLOCK();
+  }
+  *(ArScan **)(this + 800) = param_3;
+  *(wchar_t **)(this + 0x328) = (wchar_t *)0x0;
+  lVar1 = GetUnfriendlyFileInfo
+                    (this,(wchar_t **)(this + 0x328),(ulong *)(this + 0x330),
+                     *(ulong *)(param_1 + 0x10));
+  if (lVar1 < 0) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),10,
+               &WPP_5e2772e653813207a827b3352925f64f_Traceguids,lVar1);
+    }
+    CommonUtil::CommonThrowHr(lVar1);
+  }
+  __security_check_cookie(local_38 ^ (ulonglong)auStack_c8);
+  return;
+}
+



AsrRuleData_t::AsrRuleData_t


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address




ratio
0.01




i_ratio
0.44




m_ratio
0.97




b_ratio
0.97




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
AsrRuleData_t
AsrRuleData_t




fullname
AsrRuleData_t::AsrRuleData_t
AsrRuleData_t::AsrRuleData_t




refcount
3
3




length
412
423




called
AsrLocationInfo::AsrLocationInfo
AsrUnkipPatternInfo::AsrUnkipPatternInfo
std::set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>>::set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>>		
AsrLocationInfo::AsrLocationInfo
AsrUnkipPatternInfo::AsrUnkipPatternInfo
std::set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>>::set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>>		




calling
std::Tree<class_std::Tmap_traits<struct__GUID,struct_AsrRuleData_t,struct_GUIDCompare,class_std::allocator<struct_std::pair<struct__GUID_const,struct_AsrRuleData_t>>,0>_>::Emplace<struct_std::pair<struct__GUID,enum_MpHipsRuleState_t>>
std::Tree<class_std::Tmap_traits<struct__GUID,struct_AsrRuleData_t,struct_GUIDCompare,class_std::allocator<struct_std::pair<struct__GUID_const,struct_AsrRuleData_t>>,0>_>::Emplace<struct_std::pair<struct__GUID,enum_MpHipsRuleState_t>>




paramcount
2
2




address
75a28b6d8
75a42a3b8




sig
undefined __thiscall AsrRuleData_t(AsrRuleData_t * this, MpHipsRuleState_t param_1)
undefined __thiscall AsrRuleData_t(AsrRuleData_t * this, MpHipsRuleState_t param_1)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






AsrRuleData_t::AsrRuleData_t Diff


--- AsrRuleData_t::AsrRuleData_t
+++ AsrRuleData_t::AsrRuleData_t
@@ -1,2 +1,64 @@
-Failed to decompile mpengine.dll - .ProgramDB AsrRuleData_t::AsrRuleData_t : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: __cdecl AsrRuleData_t::AsrRuleData_t(enum MpHipsRuleState_t) __ptr64 */
+
+AsrRuleData_t * __thiscall
+AsrRuleData_t::AsrRuleData_t(AsrRuleData_t *this,MpHipsRuleState_t param_1)
+
+{
+  *this = (AsrRuleData_t)0x0;
+  *(MpHipsRuleState_t *)(this + 4) = param_1;
+  *(MpHipsRuleState_t *)(this + 8) = param_1;
+  AsrLocationInfo::AsrLocationInfo((AsrLocationInfo *)(this + 0x10),true);
+  *(undefined8 *)(this + 0xa8) = 0;
+  *(undefined8 *)(this + 0xb0) = 0;
+  *(undefined8 *)(this + 0xb8) = 0;
+  std::
+  set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>_>
+  ::
+  set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>_>
+            ((set<struct_tdt_library_v_current::bit_shovel_plugins::feature_t,struct_std::less<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::feature_t>_>
+              *)(this + 0xc0));
+  *(undefined8 *)(this + 0xd0) = 0;
+  *(undefined8 *)(this + 0xd8) = 0;
+  *(undefined8 *)(this + 0xe0) = 0;
+  *(undefined8 *)(this + 0xe8) = 0;
+  *(undefined8 *)(this + 0xf0) = 7;
+  *(undefined2 *)(this + 0xd8) = 0;
+  *(undefined8 *)(this + 0xf8) = 0;
+  *(undefined8 *)(this + 0x100) = 0;
+  *(undefined8 *)(this + 0x108) = 0;
+  *(undefined8 *)(this + 0x110) = 7;
+  *(undefined2 *)(this + 0xf8) = 0;
+  *(undefined4 *)(this + 0x118) = 1;
+  *(undefined8 *)(this + 0x11c) = 0;
+  AsrLocationInfo::AsrLocationInfo((AsrLocationInfo *)(this + 0x128),false);
+  AsrLocationInfo::AsrLocationInfo((AsrLocationInfo *)(this + 0x1c0),false);
+  AsrLocationInfo::AsrLocationInfo((AsrLocationInfo *)(this + 600),false);
+  *(undefined8 *)(this + 0x2f0) = 0;
+  *(undefined8 *)(this + 0x2f8) = 0;
+  *(undefined8 *)(this + 0x300) = 0;
+  *(undefined8 *)(this + 0x308) = 0;
+  *(undefined8 *)(this + 0x310) = 0;
+  *(undefined8 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 800) = 0;
+  *(undefined8 *)(this + 0x328) = 0;
+  *(undefined8 *)(this + 0x330) = 0;
+  *(undefined8 *)(this + 0x338) = 0;
+  *(undefined8 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x348) = 0;
+  *(undefined8 *)(this + 0x350) = 0;
+  *(undefined8 *)(this + 0x358) = 0;
+  *(undefined8 *)(this + 0x360) = 0;
+  this[0x368] = (AsrRuleData_t)0x0;
+  AsrUnkipPatternInfo::AsrUnkipPatternInfo((AsrUnkipPatternInfo *)(this + 0x370));
+  AsrUnkipPatternInfo::AsrUnkipPatternInfo((AsrUnkipPatternInfo *)(this + 0x3f0));
+  AsrUnkipPatternInfo::AsrUnkipPatternInfo((AsrUnkipPatternInfo *)(this + 0x470));
+  AsrUnkipPatternInfo::AsrUnkipPatternInfo((AsrUnkipPatternInfo *)(this + 0x4f0));
+  *(undefined8 *)(this + 0x570) = 0;
+  *(undefined8 *)(this + 0x578) = 0;
+  *(undefined8 *)(this + 0x580) = 0;
+  *(undefined8 *)(this + 0x588) = 0;
+  *(undefined8 *)(this + 0x590) = 0;
+  return this;
+}
+



HipsManager::AutoEnableRule


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address




ratio
0.01




i_ratio
0.6




m_ratio
0.99




b_ratio
0.99




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
AutoEnableRule
AutoEnableRule




fullname
HipsManager::AutoEnableRule
HipsManager::AutoEnableRule




refcount
3
3




length
245
246




called
CommonUtil::NewSprintfW
MpLogGlobalCallback
MpLogWriter::Commit
MpLogWriter::MpLogWriter
MpLogWriter::PushString
MpLogWriter::~MpLogWriter
WPP_SF_S
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free		
CommonUtil::NewSprintfW
MpLogGlobalCallback
MpLogWriter::Commit
MpLogWriter::MpLogWriter
MpLogWriter::PushString
MpLogWriter::~MpLogWriter
WPP_SF_S
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free		




calling
HipsManager::LoadRulesFromDatabase
HipsManager::UpdateRules		
HipsManager::LoadRulesFromDatabase
HipsManager::UpdateRules		




paramcount
3
3




address
75a81fafc
75a7d541c




sig
void __thiscall AutoEnableRule(HipsManager * this, AsrRuleData_t * param_1, AsrRuleSettings_t * param_2)
void __thiscall AutoEnableRule(HipsManager * this, AsrRuleData_t * param_1, AsrRuleSettings_t * param_2)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






HipsManager::AutoEnableRule Diff


--- HipsManager::AutoEnableRule
+++ HipsManager::AutoEnableRule
@@ -1,2 +1,49 @@
-Failed to decompile mpengine.dll - .ProgramDB HipsManager::AutoEnableRule : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* private: void __cdecl HipsManager::AutoEnableRule(struct AsrRuleData_t const * __ptr64,struct
+   AsrRuleSettings_t * __ptr64) __ptr64 */
+
+void __thiscall
+HipsManager::AutoEnableRule(HipsManager *this,AsrRuleData_t *param_1,AsrRuleSettings_t *param_2)
+
+{
+  AsrRuleSettings_t *pAVar1;
+  long lVar2;
+  wchar_t *_Memory;
+  AsrRuleData_t *pAVar3;
+  wchar_t *local_res8 [4];
+  MpLogWriter local_48 [64];
+  
+  pAVar1 = param_2 + 4;
+  if (*(longlong *)(param_1 + 0x570) != 0) {
+    *(uint *)pAVar1 = *(uint *)(*(longlong *)(param_1 + 0x570) + 4);
+  }
+  if (*(uint *)pAVar1 != 5) {
+    *param_2 = (AsrRuleSettings_t)0x1;
+    local_res8[0] = (wchar_t *)0x0;
+    pAVar3 = param_1 + 0xd8;
+    if (7 < *(ulonglong *)(param_1 + 0xf0)) {
+      pAVar3 = *(AsrRuleData_t **)pAVar3;
+    }
+    lVar2 = CommonUtil::NewSprintfW
+                      (local_res8,L"Auto enabling rule %ls, state=%d",pAVar3,
+                       (ulonglong)*(uint *)pAVar1);
+    _Memory = local_res8[0];
+    if (-1 < lVar2) {
+      MpLogWriter::MpLogWriter(local_48,1,MpLogGlobalCallback);
+      _Memory = local_res8[0];
+      MpLogWriter::PushString(local_48,L"Engine-HIPS",local_res8[0],true);
+      MpLogWriter::Commit(local_48);
+      MpLogWriter::~MpLogWriter(local_48);
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+        WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x17,
+                 &WPP_02416e683dfc381ef59410906726e75d_Traceguids,_Memory);
+      }
+    }
+    if (_Memory != (wchar_t *)0x0) {
+      free(_Memory);
+    }
+  }
+  return;
+}
+



BMSRegisterBMCallbacks


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.04




i_ratio
0.49




m_ratio
0.99




b_ratio
0.99




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BMSRegisterBMCallbacks
BMSRegisterBMCallbacks




fullname
BMSRegisterBMCallbacks
BMSRegisterBMCallbacks




refcount
2
2




length
344
351




called

Expand for full list:
BMSForwardRTPNotification
BmController::AttachHandler
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
CommonUtil::CRefObject::Release
CommonUtil::ScopeGuardImpl<<lambda_55b0227a8e40577d0c46c71007fc8a19>>::~ScopeGuardImpl<<lambda_55b0227a8e40577d0c46c71007fc8a19>>
GetBmController
NoteMgr::RegisterBMCallback
WPP_SF_
WPP_SF_l
DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer<br>__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>


Expand for full list:
BMSForwardRTPNotification
BMSForwardRTPNotificationEx
BmController::AttachHandler
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
CommonUtil::CRefObject::Release
CommonUtil::ScopeGuardImpl<<lambda_55b0227a8e40577d0c46c71007fc8a19>>::~ScopeGuardImpl<<lambda_55b0227a8e40577d0c46c71007fc8a19>>
GetBmController
NoteMgr::RegisterBMCallback
WPP_SF_
WPP_SF_l
DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer</summary>__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>





calling
StartupBm
StartupBm




paramcount
0
0




address
75a754fa4
75a7077e4




sig
ulong __cdecl BMSRegisterBMCallbacks(void)
ulong __cdecl BMSRegisterBMCallbacks(void)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






BMSRegisterBMCallbacks Called Diff


--- BMSRegisterBMCallbacks called
+++ BMSRegisterBMCallbacks called
@@ -1,0 +2 @@
+BMSForwardRTPNotificationEx


BMSRegisterBMCallbacks Diff


--- BMSRegisterBMCallbacks
+++ BMSRegisterBMCallbacks
@@ -1,559 +1,73 @@
 
-/* WARNING: Instruction at (ram,0x00075a754fa7) overlaps instruction at (ram,0x00075a754fa6)
-    */
+/* unsigned long __cdecl BMSRegisterBMCallbacks(void) */
 
 ulong __cdecl BMSRegisterBMCallbacks(void)
 
 {
-  engine_configw_t *peVar1;
-  longlong lVar2;
-  ulong unaff_10000580;
-  MpOpaqueUserProfile *pMVar3;
-  ResmgrCtxT *pRVar4;
-  bool bVar5;
-  ulong uVar6;
-  PluginIdT PVar7;
-  int iVar8;
-  longlong in_RAX;
-  MpOpaqueUserProfile *pMVar9;
-  MpOpaqueUserProfile *pMVar10;
-  wchar_t *pwVar11;
-  ulonglong uVar12;
-  undefined8 *puVar13;
-  char in_CL;
-  undefined **in_RDX;
-  longlong lVar14;
-  uchar *puVar15;
-  ulong unaff_EBX;
-  longlong unaff_RSI;
-  ulonglong uVar16;
-  uint uVar17;
-  longlong lVar18;
-  ulonglong uVar19;
-  UbermgrCtxStruct *pUVar20;
-  char cVar21;
-  uint *in_R8;
-  undefined8 uVar22;
-  undefined7 uVar23;
-  _scan_t *p_Var24;
-  uint uVar25;
-  undefined **in_R10;
-  undefined **ppuVar26;
-  __mpthreat_action_t _Var27;
-  char unaff_R13B;
-  short sVar28;
-  MpOpaqueUserProfile *unaff_R14;
-  char unaff_R15B;
-  ulonglong in_stack_00000050;
-  char in_stack_00000080;
-  undefined in_stack_00000081;
-  char in_stack_00000082;
-  int in_stack_00000084;
-  uint in_stack_00000088;
-  MpOpaqueUserProfile *in_stack_00000090;
-  MpOpaqueUserProfile *in_stack_000000a0;
-  ResmgrCtxT *in_stack_000000a8;
-  undefined8 in_stack_000000b0;
-  MpOpaqueUserProfile *in_stack_000000b8;
-  MpOpaqueUserProfile *in_stack_000000c0;
-  MpOpaqueUserProfile *in_stack_000000c8;
-  void *in_stack_000000d0;
-  longlong in_stack_000000e0;
-  undefined8 in_stack_000000f0;
-  undefined8 in_stack_000000f8;
-  undefined8 in_stack_00000100;
-  longlong in_stack_00000110;
-  undefined8 in_stack_00000118;
-  undefined4 in_stack_00000120;
-  UbermgrCtxStruct *in_stack_00000190;
-  _scan_t *in_stack_00000198;
-  longlong in_stack_000001a0;
-  char in_stack_000001a8;
+  BmController *this;
+  uint uVar1;
+  long lVar2;
+  BmController *this_00;
+  ulong uVar3;
+  char local_res8 [8];
+  BmController *local_res10 [3];
   
-  out(0xa7,(char)in_RAX);
-  *(char *)(in_RAX + -0x73) = *(char *)(in_RAX + -0x73) + in_CL;
-  ppuVar26 = in_R10;
-  do {
-    uVar19 = 0;
-    uVar12 = uVar19;
-    while ((pRVar4 = in_stack_000000a8, unaff_R13B == '\0' &&
-           (uVar17 = (uint)uVar19, uVar17 < *(uint *)(unaff_RSI + 0x90)))) {
-      if ((in_stack_000001a8 != (char)uVar12) ||
-         (bVar5 = IsActed((uint)*(byte *)(uVar19 * 0x278 + 0x208 + *(longlong *)(unaff_RSI + 0x98)))
-         , !bVar5)) {
-        if ((((byte)gktab[0xad0] & 0x10) == 0) &&
-           (*(longlong *)(uVar19 * 0x278 + 0x230 + *(longlong *)(unaff_RSI + 0x98)) == 0x7ffffffe))
-        {
-          uVar16 = uVar12 & 0xffffffff;
-          in_R8 = (uint *)CONCAT71((int7)((ulonglong)in_R8 >> 8),in_stack_00000080);
-          while( true ) {
-            cVar21 = (char)in_R8;
-            lVar14 = uVar19 * 0x278;
-            lVar2 = *(longlong *)(unaff_RSI + 0x98);
-            in_stack_00000088 = uVar17;
-            if ((uint)(*(int *)(lVar14 + 0x25c + lVar2) + *(int *)(lVar14 + 0x21c + lVar2)) <=
-                (uint)uVar16) break;
-            lVar18 = 0;
-            pMVar9 = LUM_GetUserProfileHandleFromResPath
-                               (0x100,*(wchar_t **)
-                                       (uVar16 * 0x20 + 8 + *(longlong *)(lVar14 + 0x220 + lVar2)),
-                                (void *)0x0);
-            pMVar10 = in_stack_000000c0;
-            pMVar3 = in_stack_000000a0;
-            in_stack_00000090 = pMVar9;
-            if (pMVar9 != (MpOpaqueUserProfile *)0x0) {
-              LUM_CloseUserProfileHandle(&stack0x00000090);
-              pMVar3 = pMVar9;
-            }
-            lVar2 = in_stack_000001a0;
-            if ((pMVar10 == pMVar3) ||
-               ((lVar14 = *(longlong *)
-                           (*(longlong *)
-                             (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98)) +
-                            0x18 + uVar16 * 0x20), lVar14 != 0 &&
-                ((*(uint *)(lVar14 + 4) & 0x200) != 0)))) {
-              lVar14 = uVar16 * 0x20;
-              lVar18 = *(longlong *)
-                        (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98));
-              if ((*(byte *)(*(longlong *)(lVar18 + 0x18 + lVar14) + 4) & 8) == 0)
-              goto LAB_0;
-              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                 ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
-                WPP_SF_SS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2f,
-                          &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                          *(wchar_t **)(lVar18 + lVar14),*(wchar_t **)(lVar18 + 8 + lVar14));
-              }
-              lVar2 = *(longlong *)(uVar19 * 0x278 + 0x220 + *(longlong *)(lVar2 + 0x98));
-              in_stack_00000100 = 0;
-              uVar22 = 0;
-              in_stack_00000050 = in_stack_00000050 & 0xffffffffffffff00;
-              uVar6 = ResmgrProcessResource
-                                (*(wchar_t **)(lVar2 + 8 + uVar16 * 0x20),
-                                 *(undefined8 *****)(lVar2 + uVar16 * 0x20),0xd8,
-                                 (resource_node *)in_stack_000000a8,(CResmgrPlugin *)0x0,0,0,0,
-                                 (resource_node *)0x0,0,in_stack_00000050,0,
-                                 (ulonglong)&stack0x00000100);
-              uVar23 = (undefined7)((ulonglong)uVar22 >> 8);
-              if (uVar6 == 0) {
-                in_R8 = (uint *)CONCAT71(uVar23,1);
-                in_stack_00000080 = '\x01';
-              }
-              else {
-                in_R8 = (uint *)CONCAT71(uVar23,cVar21);
-                in_stack_00000080 = cVar21;
-                if (uVar6 == 0x3e3) {
-                  unaff_R13B = '\x01';
-                  unaff_10000580 = 0x3e3;
-                  unaff_RSI = in_stack_000001a0;
-                  unaff_EBX = 0x3e3;
-                  goto LAB_1;
-                }
-                if (uVar6 != 0x490) {
-                  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                     ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
-                    lVar2 = *(longlong *)
-                             (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98));
-                    in_R8 = (uint *)&WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids;
-                    WPP_SF_SSL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x30,
-                               &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                               *(wchar_t **)(lVar2 + uVar16 * 0x20),
-                               *(wchar_t **)(lVar2 + 8 + uVar16 * 0x20));
-                  }
-                  uVar12 = 0;
-                  unaff_R13B = '\x01';
-                  unaff_RSI = in_stack_000001a0;
-                  ppuVar26 = (undefined **)WPP_GLOBAL_Control;
-                  unaff_R15B = unaff_R13B;
-                  unaff_EBX = uVar6;
-                  unaff_10000580 = uVar6;
-                  break;
-                }
-              }
-            }
-            else {
-LAB_0:
-              in_R8 = (uint *)CONCAT71((int7)((ulonglong)lVar18 >> 8),in_stack_00000080);
-            }
-            uVar12 = 0;
-            uVar16 = (ulonglong)((uint)uVar16 + 1);
-            unaff_RSI = in_stack_000001a0;
-            ppuVar26 = (undefined **)WPP_GLOBAL_Control;
-          }
-        }
-        else {
-          if ((ppuVar26 != in_RDX) && ((*(byte *)((longlong)ppuVar26 + 0x1c) & 8) != 0)) {
-            lVar14 = uVar19 * 0x278;
-            lVar2 = *(longlong *)(unaff_RSI + 0x98);
-            in_R8 = (uint *)&WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids;
-            WPP_SF_Li(ppuVar26[2],0x31,&WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                      *(int *)(lVar14 + 0x25c + lVar2) + *(int *)(lVar14 + 0x21c + lVar2),
-                      (char)*(undefined8 *)(lVar14 + 0x230 + lVar2));
-            uVar12 = 0;
-          }
-          uVar16 = uVar12 & 0xffffffff;
-          while( true ) {
-            lVar14 = uVar19 * 0x278;
-            lVar2 = *(longlong *)(in_stack_000001a0 + 0x98);
-            if ((uint)(*(int *)(lVar14 + 0x25c + lVar2) + *(int *)(lVar14 + 0x21c + lVar2)) <=
-                (uint)uVar16) break;
-            in_R8 = (uint *)0x0;
-            pMVar10 = LUM_GetUserProfileHandleFromResPath
-                                (0x100,*(wchar_t **)
-                                        (uVar16 * 0x20 + 8 + *(longlong *)(lVar14 + 0x220 + lVar2)),
-                                 (void *)0x0);
-            pMVar3 = in_stack_000000c0;
-            in_stack_00000090 = pMVar10;
-            if (pMVar10 != (MpOpaqueUserProfile *)0x0) {
-              LUM_CloseUserProfileHandle(&stack0x00000090);
-              unaff_R14 = pMVar10;
-            }
-            if ((pMVar3 == unaff_R14) ||
-               ((lVar2 = *(longlong *)
-                          (*(longlong *)
-                            (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98)) +
-                           0x18 + uVar16 * 0x20), lVar2 != 0 &&
-                ((*(uint *)(lVar2 + 4) & 0x200) != 0)))) {
-              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                 ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
-                lVar2 = *(longlong *)
-                         (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98));
-                in_R8 = (uint *)&WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids;
-                WPP_SF_SS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x32,
-                          &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                          *(wchar_t **)(lVar2 + uVar16 * 0x20),
-                          *(wchar_t **)(lVar2 + 8 + uVar16 * 0x20));
-              }
-              PVar7 = ResmgrGetResIndexFromPrefix
-                                (*(wchar_t **)
-                                  (*(longlong *)
-                                    (uVar19 * 0x278 + 0x220 +
-                                    *(longlong *)(in_stack_000001a0 + 0x98)) + uVar16 * 0x20));
-              sVar28 = (short)PVar7;
-              if (in_stack_000001a8 == '\0') {
-                if ((sVar28 == 0) || (sVar28 == 0x62)) {
-                  iVar8 = IsNetworkFile(*(wchar_t **)
-                                         (*(longlong *)
-                                           (uVar19 * 0x278 + 0x220 +
-                                           *(longlong *)(in_stack_000001a0 + 0x98)) + 8 +
-                                         uVar16 * 0x20),*(void **)(in_stack_00000198 + 0x60));
-                  if (iVar8 != 0) goto LAB_2;
-                  goto LAB_3;
-                }
-              }
-              else {
-LAB_3:
-                if ((sVar28 == 0) &&
-                   (pwVar11 = wcsstr(*(wchar_t **)
-                                      (*(longlong *)
-                                        (uVar19 * 0x278 + 0x220 +
-                                        *(longlong *)(in_stack_000001a0 + 0x98)) + 8 + uVar16 * 0x20
-                                      ),(wchar_t *)&c_archiveSeparator), pwVar11 != (wchar_t *)0x0))
-                goto LAB_2;
-              }
-              lVar2 = *(longlong *)
-                       (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98));
-              if (sVar28 == 0x62) {
-                uVar12 = CRCLowerStringW(0xffffffff,*(byte **)(lVar2 + 8 + uVar16 * 0x20));
-                in_stack_00000090 =
-                     (MpOpaqueUserProfile *)CONCAT44(in_stack_00000090._4_4_,(int)uVar12);
-                in_R8 = (uint *)&stack0x00000090;
-                puVar13 = std::
-                          _Tree<class_std::_Tset_traits<unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<unsigned_long>,0>_>
-                          ::insert<0,0>((_Tree<class_std::_Tset_traits<unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<unsigned_long>,0>_>
-                                         *)&stack0x000000d0,&stack0x00000110,in_R8);
-                if (*(char *)(puVar13 + 1) == '\0') goto LAB_2;
-                *(ulonglong *)((resource_node *)in_stack_000000a8 + 0x70) =
-                     uVar16 * 0x20 +
-                     *(longlong *)(uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98))
-                ;
-                in_stack_00000090 = (MpOpaqueUserProfile *)0x0;
-                in_R8 = (uint *)0x0;
-                in_stack_00000050 = (ulonglong)in_stack_00000050._1_7_ << 8;
-                uVar6 = ResmgrProcessResource
-                                  (*(wchar_t **)
-                                    (*(longlong *)
-                                      (uVar19 * 0x278 + 0x220 +
-                                      *(longlong *)(in_stack_000001a0 + 0x98)) + 8 + uVar16 * 0x20),
-                                   (undefined8 ****)0x0,0,(resource_node *)in_stack_000000a8,
-                                   (CResmgrPlugin *)0x0,0,0,0,(resource_node *)0x0,0,
-                                   in_stack_00000050,0,(ulonglong)&stack0x00000090);
-              }
-              else {
-                *(ulonglong *)((resource_node *)in_stack_000000a8 + 0x70) = lVar2 + uVar16 * 0x20;
-                in_stack_00000090 = (MpOpaqueUserProfile *)0x0;
-                in_stack_00000050 = (ulonglong)in_stack_00000050._1_7_ << 8;
-                in_R8 = (uint *)(ulonglong)(PVar7 & 0xffff);
-                uVar6 = ResmgrProcessResource
-                                  (*(wchar_t **)
-                                    (*(longlong *)
-                                      (uVar19 * 0x278 + 0x220 +
-                                      *(longlong *)(in_stack_000001a0 + 0x98)) + 8 + uVar16 * 0x20),
-                                   (undefined8 ****)0x0,in_R8,(resource_node *)in_stack_000000a8,
-                                   (CResmgrPlugin *)0x0,0,0,0,(resource_node *)0x0,0,
-                                   in_stack_00000050,0,(ulonglong)&stack0x00000090);
-              }
-              *(undefined8 *)(in_stack_000000a8 + 0x70) = 0;
-              if (uVar6 != 0) {
-                if (uVar6 == 0x3e3) {
-                  unaff_EBX = 0x3e3;
-                }
-                else {
-                  if (uVar6 == 0x490) goto LAB_2;
-                  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                     ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
-                    lVar2 = *(longlong *)
-                             (uVar19 * 0x278 + 0x220 + *(longlong *)(in_stack_000001a0 + 0x98));
-                    in_R8 = (uint *)&WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids;
-                    WPP_SF_SSL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x33,
-                               &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                               *(wchar_t **)(lVar2 + uVar16 * 0x20),
-                               *(wchar_t **)(lVar2 + 8 + uVar16 * 0x20));
-                  }
-                  unaff_R15B = '\x01';
-                  unaff_EBX = uVar6;
-                }
-                uVar12 = 0;
-                unaff_R13B = '\x01';
-                unaff_10000580 = unaff_EBX;
-                break;
-              }
-              in_stack_00000080 = '\x01';
-            }
-LAB_2:
-            uVar12 = 0;
-            uVar16 = (ulonglong)((uint)uVar16 + 1);
-            unaff_R14 = in_stack_000000a0;
-          }
-          unaff_RSI = in_stack_000001a0;
-          _Var27 = (__mpthreat_action_t)uVar12;
-          in_R8 = (uint *)CONCAT71((int7)((ulonglong)in_R8 >> 8),0x10);
-          set_threat_runtimedata
-                    (*(threatcontext_info **)(in_stack_00000190 + 0x30),
-                     *(__uint64 *)(uVar19 * 0x278 + 0x230 + *(longlong *)(in_stack_000001a0 + 0x98))
-                     ,'\x10',0,_Var27,uVar12,_Var27,_Var27,
-                     *(ushort *)(uVar19 * 0x278 + 0x262 + *(longlong *)(in_stack_000001a0 + 0x98)));
-LAB_1:
-          uVar12 = 0;
-          ppuVar26 = (undefined **)WPP_GLOBAL_Control;
-        }
+  if (DAT_0 == (IDetectionHandler *)0x0) {
+    uVar3 = 8;
+    DAT_0 =
+         (IDetectionHandler *)`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>(8);
+    if (DAT_0 == (IDetectionHandler *)0x0) {
+      DAT_0 = (IDetectionHandler *)0x0;
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xd,
+                &WPP_f626f6e100083aa528c6b019b1b454f4_Traceguids);
       }
-      in_RDX = &WPP_GLOBAL_Control;
-      unaff_R14 = in_stack_000000a0;
-      uVar19 = (ulonglong)(uVar17 + 1);
     }
-    ResmgrFreeCurrentUser(in_stack_000000a8);
-    *(undefined8 *)(pRVar4 + 8) = in_stack_000000f8;
-    do {
-      if ((unaff_R13B != '\0') ||
-         (bVar5 = LUM_EnumUserProfiles(&stack0x000000b8,(bool)in_stack_00000081),
-         pMVar3 = in_stack_000000b8, !bVar5)) goto LAB_4;
-      in_stack_00000081 = true;
-      in_stack_00000084 = in_stack_00000084 + 1;
-      if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
-         ((WPP_GLOBAL_Control[0x1c] & 8) == 0)) {
-        in_stack_000000c0 = in_stack_000000b8;
+    else {
+      *(undefined ***)DAT_0 = BMSDetectionHandler::vftable;
+      local_res8[0] = '\0';
+      local_res10[0] = (BmController *)0x0;
+      uVar1 = GetBmController(local_res10);
+      this = local_res10[0];
+      if ((int)uVar1 < 0) {
+        uVar3 = uVar1 & 0xffff;
       }
       else {
-        in_stack_000000c0 = in_stack_000000b8;
-        WPP_SF_qll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2c,in_R8,in_stack_000000b8,
-                   (char)in_stack_00000084,(char)in_stack_000000b0);
+        this_00 = local_res10[0];
+        lVar2 = BmController::AttachHandler(local_res10[0],DAT_0);
+        if (-1 < lVar2) {
+          if (g_NoteMgr != (NoteMgr *)0x0) {
+            NoteMgr::RegisterBMCallback
+                      ((NoteMgr *)this_00,BMSForwardRTPNotification,BMSForwardRTPNotificationEx);
+          }
+          if (this != (BmController *)0x0) {
+            CommonUtil::CRefObject::Release((CRefObject *)this);
+          }
+          return 0;
+        }
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xe,
+                   &WPP_f626f6e100083aa528c6b019b1b454f4_Traceguids,lVar2);
+        }
+        uVar3 = 0x54f;
       }
-      if ((unaff_R14 == (MpOpaqueUserProfile *)0x0) &&
-         ((in_stack_00000084 == (int)in_stack_000000b0 + -1 ||
-          (iVar8 = ResIsSystemProfile(*(UfsClientRequest **)(in_stack_00000190 + 0x28),pMVar3),
-          iVar8 == 0)))) {
-        in_stack_00000081 = false;
-        in_stack_00000082 = '\x01';
-        in_stack_000000a0 = pMVar3;
-        in_stack_000000c8 = pMVar3;
-        unaff_R14 = pMVar3;
-      }
-      uVar6 = 1;
-      if (pMVar3 == unaff_R14) {
-        uVar6 = 3;
-      }
-      ResmgrSetExpandFlags(pRVar4,uVar6,0,0);
-      in_stack_000000f8 = *(undefined8 *)(pRVar4 + 8);
-      in_R8 = (uint *)0x0;
-      uVar6 = ResmgrSetCurrentUser(pRVar4,pMVar3,0);
-    } while (uVar6 == 0x490);
-    if (uVar6 != 0) break;
-    in_RDX = &WPP_GLOBAL_Control;
-    ppuVar26 = (undefined **)WPP_GLOBAL_Control;
+      CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+      ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+                ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)local_res10);
+      CommonUtil::ScopeGuardImpl<<lambda_55b0227a8e40577d0c46c71007fc8a19>_>::
+      ~ScopeGuardImpl<<lambda_55b0227a8e40577d0c46c71007fc8a19>_>(local_res8);
+    }
+  }
+  else {
     if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-       ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
-      in_R8 = (uint *)&WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids;
-      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2e,
-               &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,*(undefined4 *)(unaff_RSI + 0x90));
-      in_RDX = &WPP_GLOBAL_Control;
-      ppuVar26 = (undefined **)WPP_GLOBAL_Control;
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xc,
+              &WPP_f626f6e100083aa528c6b019b1b454f4_Traceguids);
     }
-  } while( true );
-  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-     ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
-    WPP_SF_qll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x2d,in_R8,pMVar3,(char)in_stack_00000084,
-               (char)uVar6);
+    uVar3 = 0x55;
   }
-  unaff_R15B = '\x01';
-  if ((bool)in_stack_00000081 != false) {
-    LUM_CloseUserProfileHandle(&stack0x000000b8);
-  }
-LAB_4:
-  if ((unaff_R14 != (MpOpaqueUserProfile *)0x0) && (in_stack_00000082 != '\0')) {
-    LUM_CloseUserProfileHandle(&stack0x000000c8);
-  }
-  if (in_stack_000000e0 != 0) {
-    LUM_CloseUserProfileHandle((MpOpaqueUserProfile **)&stack0x000000e8);
-  }
-  if ((in_stack_000001a8 == '\0') || (unaff_R13B != '\0')) {
-LAB_5:
-    uVar6 = unaff_EBX;
-    if (unaff_R15B == '\0') goto LAB_6;
-  }
-  else if (unaff_R15B == '\0') {
-    p_Var24 = in_stack_00000198;
-    bVar5 = ShouldReportUnknownFiles(*(engine_configw_t **)(in_stack_00000198 + 0x10));
-    pUVar20 = in_stack_00000190;
-    consolidate_scan_results
-              (p_Var24,*(threatcontext_info **)(in_stack_00000190 + 0x30),(uint)bVar5 * 0x10 + 4);
-    if ((in_stack_00000088 != 0xffffffff) && (in_stack_00000080 != '\0')) {
-      peVar1 = *(engine_configw_t **)(in_stack_00000198 + 0x10);
-      cVar21 = '\0';
-      if ((peVar1 != (engine_configw_t *)0x0) &&
-         (((*(uint *)peVar1 & 0xc000) != 0 && (bVar5 = ShouldReportUnknownFiles(peVar1), bVar5)))) {
-        bVar5 = were_threats_detected(*(threatcontext_info **)(pUVar20 + 0x30));
-        uVar12 = 0;
-        if (!bVar5) {
-          while( true ) {
-            lVar14 = (ulonglong)in_stack_00000088 * 0x278;
-            lVar2 = *(longlong *)(in_stack_000001a0 + 0x98);
-            if ((uint)(*(int *)(lVar14 + 0x21c + lVar2) + *(int *)(lVar14 + 0x25c + lVar2)) <=
-                (uint)uVar12) break;
-            lVar18 = uVar12 * 0x20;
-            lVar2 = *(longlong *)(lVar14 + 0x220 + lVar2);
-            if ((*(byte *)(*(longlong *)(lVar2 + 0x18 + lVar18) + 4) & 8) != 0) {
-              if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                 ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
-                WPP_SF_SS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x34,
-                          &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                          *(wchar_t **)(lVar2 + lVar18),*(wchar_t **)(lVar2 + 8 + lVar18));
-              }
-              lVar2 = *(longlong *)(*(longlong *)(in_stack_000001a0 + 0x98) + 0x220 + lVar14);
-              uVar6 = ResReportUnknown(in_stack_00000190,in_stack_00000198,
-                                       *(wchar_t **)(lVar2 + lVar18),
-                                       *(wchar_t **)(lVar2 + 8 + lVar18));
-              if (uVar6 == 0x3e3) {
-                unaff_10000580 = 0x3e3;
-                unaff_EBX = 0x3e3;
-                goto LAB_5;
-              }
-              if (uVar6 != 0) {
-                if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                   ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
-                  WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x35,
-                           &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,uVar6);
-                }
-                cVar21 = '\x01';
-                unaff_R15B = cVar21;
-                unaff_EBX = uVar6;
-                unaff_10000580 = uVar6;
-              }
-            }
-            uVar12 = (ulonglong)((uint)uVar12 + 1);
-          }
-          if (cVar21 != '\0') goto LAB_5;
-          pUVar20 = in_stack_00000190;
-          if (unaff_R15B != '\0') goto LAB_7;
-        }
-      }
-      peVar1 = *(engine_configw_t **)(in_stack_00000198 + 0x10);
-      if ((((peVar1 != (engine_configw_t *)0x0) && ((*(uint *)peVar1 & 0xc000) != 0)) &&
-          (bVar5 = ShouldReportUnknownFiles(peVar1), bVar5)) &&
-         ((iVar8 = is_unknown_reported(*(threatcontext_info **)(pUVar20 + 0x30)), iVar8 != 0 &&
-          (((byte)gktab[0xad0] & 0x10) == 0)))) {
-        uVar17 = 0;
-        while( true ) {
-          lVar14 = (ulonglong)in_stack_00000088 * 0x278;
-          lVar2 = *(longlong *)(in_stack_000001a0 + 0x98);
-          if ((uint)(*(int *)(lVar14 + 0x25c + lVar2) + *(int *)(lVar14 + 0x21c + lVar2)) <= uVar17)
-          break;
-          lVar18 = (ulonglong)uVar17 * 0x20;
-          lVar2 = *(longlong *)(lVar14 + 0x220 + lVar2);
-          if ((*(byte *)(*(longlong *)(lVar2 + 0x18 + lVar18) + 4) & 8) != 0) {
-            PVar7 = ResmgrGetResIndexFromPrefix(*(wchar_t **)(lVar2 + lVar18));
-            if ((short)PVar7 != 0xd8) {
-              lVar2 = *(longlong *)(*(longlong *)(in_stack_000001a0 + 0x98) + 0x220 + lVar14);
-              lVar14 = *(longlong *)(lVar2 + 0x18 + lVar18);
-              puVar15 = (uchar *)0x0;
-              if (lVar14 == 0) {
-                uVar25 = 0;
-              }
-              else {
-                uVar25 = *(uint *)(lVar14 + 0x38);
-                puVar15 = *(uchar **)(lVar14 + 0x30);
-              }
-              in_stack_00000110 = 0xd4b6b5eeea339da;
-              in_stack_00000118 = 0x90186095efbf5532;
-              in_stack_00000120 = 0x907d8af;
-              iVar8 = report_threat_component
-                                (in_stack_00000198,
-                                 *(threatcontext_info **)(in_stack_00000190 + 0x30),
-                                 (ulonglong)(PVar7 & 0xffff),*(wchar_t **)(lVar2 + 8 + lVar18),
-                                 0x7ffffffe,0xfffff,0,&stack0x00000110,1,0xd8,(wchar_t *)0x0,8,
-                                 (ulong *)0x0,uVar25,puVar15);
-              if (iVar8 == 2) {
-                if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-                   ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
-                  WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x36,
-                           &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,
-                           *(wchar_t **)
-                            (*(longlong *)
-                              ((ulonglong)in_stack_00000088 * 0x278 + 0x220 +
-                              *(longlong *)(in_stack_000001a0 + 0x98)) + 8 +
-                            (ulonglong)uVar17 * 0x20));
-                }
-                unaff_10000580 = 8;
-                unaff_R15B = '\x01';
-                unaff_EBX = 8;
-                break;
-              }
-              if (iVar8 == 3) {
-                unaff_10000580 = 0x3e3;
-                unaff_EBX = 0x3e3;
-                goto LAB_5;
-              }
-            }
-          }
-          uVar17 = uVar17 + 1;
-        }
-        if (unaff_R15B != '\0') goto LAB_7;
-        unaff_R15B = '\0';
-        pUVar20 = in_stack_00000190;
-      }
-    }
-    consolidate_scan_results(in_stack_00000198,*(threatcontext_info **)(pUVar20 + 0x30),0xb);
-    goto LAB_5;
-  }
-LAB_7:
-  uVar6 = unaff_10000580;
-  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-     ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
-    WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x38,
-             &WPP_b2ec2b2b6a9333f55912409b7b9ed86b_Traceguids,in_stack_00000084);
-  }
-  if (unaff_EBX == 0) {
-    uVar6 = 0x54f;
-  }
-LAB_6:
-  if (pRVar4 != (ResmgrCtxT *)0x0) {
-    *(undefined8 *)(pRVar4 + 0xc0) = in_stack_000000f0;
-  }
-  std::_Tree_val<struct_std::_Tree_simple_types<unsigned_long>_>::
-  _Erase_tree<class_std::allocator<struct_std::_Tree_node<unsigned_long,void*___ptr64>_>_>
-            ((_Tree_val<struct_std::_Tree_simple_types<unsigned_long>_> *)&stack0x000000d0,
-             (allocator<struct_std::_Tree_node<unsigned_long,void*___ptr64>_> *)&stack0x000000d0,
-             *(_Tree_node<unsigned_long,void*___ptr64> **)((longlong)in_stack_000000d0 + 8));
-  std::_Deallocate<16,0>(in_stack_000000d0,0x20);
-  return uVar6;
+  return uVar3;
 }
 



BMSUnRegisterBMCallbacks


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address




ratio
0.05




i_ratio
0.57




m_ratio
0.98




b_ratio
0.98




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BMSUnRegisterBMCallbacks
BMSUnRegisterBMCallbacks




fullname
BMSUnRegisterBMCallbacks
BMSUnRegisterBMCallbacks




refcount
2
2




length
119
122




called
BmController::DetachHandler
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
GetBmController
NoteMgr::RegisterBMCallback
guard_dispatch_icall$fo_default$

BmController::DetachHandler
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
GetBmController
NoteMgr::RegisterBMCallback
guard_dispatch_icall$fo_default$





calling
ShutdownBm
ShutdownBm




paramcount
0
0




address
75ab346c8
75ab45948




sig
ulong __cdecl BMSUnRegisterBMCallbacks(void)
ulong __cdecl BMSUnRegisterBMCallbacks(void)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






BMSUnRegisterBMCallbacks Diff


--- BMSUnRegisterBMCallbacks
+++ BMSUnRegisterBMCallbacks
@@ -1,121 +1,38 @@
+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* unsigned long __cdecl BMSUnRegisterBMCallbacks(void) */
 
 ulong __cdecl BMSUnRegisterBMCallbacks(void)
 
 {
-  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *pbVar1;
-  undefined8 *puVar2;
-  longlong lVar3;
-  bool bVar4;
-  ulong extraout_EAX;
-  __uint64 _Var5;
-  _Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-  *in_RCX;
-  basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *pbVar6;
-  longlong *in_RDX;
-  longlong *unaff_RBX;
-  longlong unaff_RBP;
-  ulonglong uVar7;
-  longlong unaff_RSI;
-  longlong *unaff_RDI;
-  longlong *in_R8;
-  longlong *plVar8;
-  longlong *in_R11;
-  longlong unaff_R13;
-  longlong *plVar9;
-  undefined8 uStack0000000000000058;
+  uint uVar1;
+  BmController *this;
+  ulong uVar2;
+  BmController *local_res8 [4];
   
-  do {
-    puVar2 = (undefined8 *)in_R8[1];
-    *puVar2 = in_R11;
-    in_R8[1] = (longlong)in_RCX;
-    unaff_RBX[1] = (longlong)in_RDX;
-    in_R11[1] = (longlong)puVar2;
-LAB_0:
-    do {
-      *(longlong **)(unaff_RBP + 8 + unaff_RSI * 8) = in_R11;
-      in_R11 = unaff_RBX;
-LAB_1:
-      if (in_R11 == unaff_RDI) {
-        uStack0000000000000058 = 0;
-        std::
-        _Hash<class_std::_Umap_traits<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_LifeCycleContext,class_std::_Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>,class_std::allocator<struct_std::pair<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_const_,struct_LifeCycleContext>_>,0>_>
-        ::_Clear_guard::~_Clear_guard((_Clear_guard *)&stack0x00000058);
-        return extraout_EAX;
-      }
-      unaff_RBX = (longlong *)*in_R11;
-      pbVar1 = (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
-                *)(in_R11 + 2);
-      pbVar6 = pbVar1;
-      if (7 < (ulonglong)in_R11[5]) {
-        pbVar6 = *(basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
-                   **)pbVar1;
-      }
-      _Var5 = std::_Fnv1a_append_bytes((__uint64)in_RCX,(uchar *)pbVar6,in_R11[4] * 2);
-      unaff_RBP = *(longlong *)(unaff_R13 + 0x18);
-      uVar7 = _Var5 & *(ulonglong *)(unaff_R13 + 0x30);
-      unaff_RSI = uVar7 * 2;
-      if (*(longlong **)(unaff_RBP + uVar7 * 0x10) == unaff_RDI) {
-        *(longlong **)(unaff_RBP + uVar7 * 0x10) = in_R11;
-        goto LAB_0;
-      }
-      plVar8 = *(longlong **)(unaff_RBP + 8 + uVar7 * 0x10);
-      bVar4 = std::
-              _Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-              ::
-              operator()<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>
-                        (in_RCX,pbVar1,
-                         (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
-                          *)(plVar8 + 2));
-      plVar9 = plVar8;
-      if (bVar4) {
-        do {
-          if (*(longlong **)(unaff_RBP + uVar7 * 0x10) == plVar9) {
-            plVar9 = (longlong *)in_R11[1];
-            *plVar9 = (longlong)unaff_RBX;
-            in_RCX = (_Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-                      *)unaff_RBX[1];
-            *(longlong **)in_RCX = plVar8;
-            puVar2 = (undefined8 *)plVar8[1];
-            *puVar2 = in_R11;
-            plVar8[1] = (longlong)in_RCX;
-            unaff_RBX[1] = (longlong)plVar9;
-            in_R11[1] = (longlong)puVar2;
-            *(longlong **)(unaff_RBP + uVar7 * 0x10) = in_R11;
-            in_R11 = unaff_RBX;
-            goto LAB_1;
-          }
-          plVar9 = (longlong *)plVar8[1];
-          plVar8 = plVar9;
-          bVar4 = std::
-                  _Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-                  ::
-                  operator()<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>
-                            (in_RCX,pbVar1,
-                             (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
-                              *)(plVar9 + 2));
-        } while (bVar4);
-        lVar3 = *plVar8;
-        plVar8 = (longlong *)in_R11[1];
-        *plVar8 = (longlong)unaff_RBX;
-        in_RCX = (_Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-                  *)unaff_RBX[1];
-        *(longlong *)in_RCX = lVar3;
-        puVar2 = *(undefined8 **)(lVar3 + 8);
-        *puVar2 = in_R11;
-        *(_Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-          **)(lVar3 + 8) = in_RCX;
-        unaff_RBX[1] = (longlong)plVar8;
-        in_R11[1] = (longlong)puVar2;
-        in_R11 = unaff_RBX;
-        goto LAB_1;
-      }
-      in_R8 = (longlong *)*plVar8;
-    } while (in_R8 == in_R11);
-    in_RDX = (longlong *)in_R11[1];
-    *in_RDX = (longlong)unaff_RBX;
-    in_RCX = (_Uhash_compare<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,struct_std::hash<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>,struct_std::equal_to<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
-              *)unaff_RBX[1];
-    *(longlong **)in_RCX = in_R8;
-  } while( true );
+  uVar2 = 0;
+  local_res8[0] = (BmController *)0x0;
+  uVar1 = GetBmController(local_res8);
+  if ((int)uVar1 < 0) {
+    uVar2 = uVar1 & 0xffff;
+  }
+  else {
+    this = local_res8[0];
+    BmController::DetachHandler(local_res8[0],DAT_0);
+    if (g_NoteMgr != (NoteMgr *)0x0) {
+      NoteMgr::RegisterBMCallback
+                ((NoteMgr *)this,(_func_ulong_MPRTP_NOTIFICATION_ptr *)0x0,
+                 (_func_ulong_MPRTP_NOTIFICATION_EX_ptr *)0x0);
+    }
+    if (DAT_0 != (IDetectionHandler *)0x0) {
+      (**(code **)(*(longlong *)DAT_0 + 0x20))(DAT_0,1);
+    }
+    DAT_0 = (IDetectionHandler *)0x0;
+  }
+  CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+  ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+            ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)local_res8);
+  return uVar2;
 }
 



BaseReport::BaseReport


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address




ratio
0.0




i_ratio
0.73




m_ratio
0.99




b_ratio
0.99




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BaseReport
BaseReport




fullname
BaseReport::BaseReport
BaseReport::BaseReport




refcount
15
15




length
1872
1893




called
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new		
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new		




calling

Expand for full list:
AddBipData
AddSpynetClientAttributes
BMReport::BMReport
BtrReport::BtrReport
CAdvSampleSubmission::GenerateAzSubmitFeedbackReport
CAnomalyManager::GenerateAndSendAnomalySpynetReport
CResmgrAmsiUac::CreateSpynetInfoElement
CResmgrRemediationCheckpoint::Spynet
DetectionItem::GenerateBMSpynetReport
SMSMaps::SendSMSScanReport
SendHipsMapsReportSigQueryReport::SigQueryReport
spynet_report::spynet_report
std::make_unique<class_UrlReputationReport,0>


Expand for full list:
AddBipData
AddSpynetClientAttributes
BMReport::BMReport
BtrReport::BtrReport
CAdvSampleSubmission::GenerateAzSubmitFeedbackReport
CAnomalyManager::GenerateAndSendAnomalySpynetReport
CResmgrAmsiUac::CreateSpynetInfoElement
CResmgrRemediationCheckpoint::Spynet
DetectionItem::GenerateBMSpynetReport
SMSMaps::SendSMSScanReport
SendHipsMapsReportSigQueryReport::SigQueryReport
spynet_report::spynet_report
std::make_unique<class_UrlReputationReport,0>





paramcount
2
2




address
75a2ae034
75a4107e4




sig
undefined __thiscall BaseReport(BaseReport * this, wchar_t * param_1)
undefined __thiscall BaseReport(BaseReport * this, wchar_t * param_1)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






BaseReport::BaseReport Diff


--- BaseReport::BaseReport
+++ BaseReport::BaseReport
@@ -1,2 +1,308 @@
-Failed to decompile mpengine.dll - .ProgramDB BaseReport::BaseReport : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: __cdecl BaseReport::BaseReport(wchar_t const * __ptr64) __ptr64 */
+
+BaseReport * __thiscall BaseReport::BaseReport(BaseReport *this,wchar_t *param_1)
+
+{
+  SpynetXmlNode *this_00;
+  BmProcessInfo *pBVar1;
+  
+  *(undefined ***)this = vftable;
+  *(undefined4 *)(this + 8) = 0;
+  memset(this + 0x10,0,0x82);
+  memset(this + 0x92,0,0x52);
+  memset(this + 0xe4,0,0x42);
+  memset(this + 0x126,0,0x102);
+  *(undefined8 *)(this + 0x228) = 0;
+  memset(this + 0x230,0,0x52);
+  *(undefined4 *)(this + 0x282) = 0;
+  *(undefined2 *)(this + 0x286) = 0;
+  *(undefined8 *)(this + 0x288) = 0;
+  *(undefined8 *)(this + 0x290) = 0;
+  *(undefined8 *)(this + 0x298) = 0;
+  *(undefined8 *)(this + 0x2a0) = 7;
+  *(undefined2 *)(this + 0x288) = 0;
+  *(undefined8 *)(this + 0x2a8) = 0;
+  *(undefined8 *)(this + 0x2b0) = 0;
+  *(undefined8 *)(this + 0x2b8) = 0;
+  *(undefined8 *)(this + 0x2c0) = 7;
+  *(undefined2 *)(this + 0x2a8) = 0;
+  *(undefined4 *)(this + 0x2c8) = 0xffffffff;
+  *(undefined8 *)(this + 0x2cc) = 0;
+  *(undefined4 *)(this + 0x2d4) = 0;
+  *(undefined8 *)(this + 0x2d8) = 0;
+  *(undefined8 *)(this + 0x2e0) = 0;
+  *(undefined8 *)(this + 0x2e8) = 0;
+  *(undefined8 *)(this + 0x2f0) = 7;
+  *(undefined2 *)(this + 0x2d8) = 0;
+  *(undefined8 *)(this + 0x2f8) = 0;
+  *(undefined8 *)(this + 0x300) = 0;
+  *(undefined4 *)(this + 0x308) = 0;
+  *(undefined8 *)(this + 0x30c) = 0;
+  *(undefined4 *)(this + 0x314) = 0;
+  *(undefined8 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 800) = 0;
+  *(undefined8 *)(this + 0x328) = 0;
+  *(undefined8 *)(this + 0x330) = 7;
+  *(undefined2 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 0x338) = 0;
+  *(undefined8 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x348) = 0;
+  *(undefined8 *)(this + 0x350) = 0;
+  *(undefined8 *)(this + 0x358) = 7;
+  *(undefined2 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x360) = 0;
+  *(undefined8 *)(this + 0x368) = 0;
+  *(undefined8 *)(this + 0x370) = 0;
+  *(undefined8 *)(this + 0x378) = 0;
+  *(undefined8 *)(this + 0x380) = 7;
+  *(undefined2 *)(this + 0x368) = 0;
+  *(undefined8 *)(this + 0x388) = 0;
+  *(undefined8 *)(this + 0x390) = 0;
+  *(undefined8 *)(this + 0x398) = 0;
+  *(undefined8 *)(this + 0x3a0) = 7;
+  *(undefined2 *)(this + 0x388) = 0;
+  *(undefined4 *)(this + 0x3a8) = 0;
+  this[0x3ac] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x3ad) = 0;
+  this[0x3af] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x3b0) = 0;
+  *(undefined8 *)(this + 0x3b8) = 0;
+  *(undefined8 *)(this + 0x3c0) = 0;
+  *(undefined8 *)(this + 0x3c8) = 0;
+  *(undefined8 *)(this + 0x3d0) = 7;
+  *(undefined2 *)(this + 0x3b8) = 0;
+  *(undefined8 *)(this + 0x3d8) = 0;
+  *(undefined8 *)(this + 0x3e0) = 0;
+  *(undefined8 *)(this + 1000) = 0;
+  *(undefined8 *)(this + 0x3f0) = 7;
+  *(undefined2 *)(this + 0x3d8) = 0;
+  *(undefined8 *)(this + 0x3f8) = 0;
+  *(undefined8 *)(this + 0x400) = 0;
+  *(undefined8 *)(this + 0x408) = 0;
+  *(undefined8 *)(this + 0x410) = 7;
+  *(undefined2 *)(this + 0x3f8) = 0;
+  *(undefined8 *)(this + 0x418) = 0;
+  *(undefined8 *)(this + 0x420) = 0;
+  *(undefined8 *)(this + 0x428) = 0;
+  *(undefined8 *)(this + 0x430) = 7;
+  *(undefined2 *)(this + 0x418) = 0;
+  *(undefined8 *)(this + 0x438) = 0;
+  *(undefined8 *)(this + 0x440) = 0;
+  *(undefined8 *)(this + 0x448) = 0;
+  *(undefined8 *)(this + 0x450) = 7;
+  *(undefined2 *)(this + 0x438) = 0;
+  *(undefined8 *)(this + 0x458) = 0;
+  *(undefined8 *)(this + 0x460) = 0;
+  *(undefined8 *)(this + 0x468) = 0;
+  *(undefined8 *)(this + 0x470) = 7;
+  *(undefined2 *)(this + 0x458) = 0;
+  *(undefined8 *)(this + 0x478) = 0;
+  *(undefined8 *)(this + 0x480) = 0;
+  *(undefined8 *)(this + 0x488) = 0;
+  *(undefined8 *)(this + 0x490) = 7;
+  *(undefined2 *)(this + 0x478) = 0;
+  *(undefined8 *)(this + 0x498) = 0;
+  *(undefined8 *)(this + 0x4a0) = 0;
+  *(undefined8 *)(this + 0x4a8) = 0;
+  *(undefined8 *)(this + 0x4b0) = 7;
+  *(undefined2 *)(this + 0x498) = 0;
+  *(undefined8 *)(this + 0x4b8) = 0;
+  *(undefined8 *)(this + 0x4c0) = 0;
+  *(undefined8 *)(this + 0x4c8) = 0;
+  *(undefined8 *)(this + 0x4d0) = 7;
+  *(undefined2 *)(this + 0x4b8) = 0;
+  *(undefined8 *)(this + 0x4d8) = 0;
+  *(undefined8 *)(this + 0x4e0) = 0;
+  *(undefined8 *)(this + 0x4e8) = 0;
+  *(undefined8 *)(this + 0x4f0) = 7;
+  *(undefined2 *)(this + 0x4d8) = 0;
+  *(undefined8 *)(this + 0x4f8) = 0;
+  *(undefined8 *)(this + 0x500) = 0;
+  *(undefined8 *)(this + 0x508) = 0;
+  *(undefined8 *)(this + 0x510) = 7;
+  *(undefined2 *)(this + 0x4f8) = 0;
+  *(undefined8 *)(this + 0x518) = 0;
+  *(undefined8 *)(this + 0x520) = 0;
+  *(undefined8 *)(this + 0x528) = 0;
+  *(undefined8 *)(this + 0x530) = 7;
+  *(undefined2 *)(this + 0x518) = 0;
+  *(undefined8 *)(this + 0x538) = 0;
+  *(undefined8 *)(this + 0x540) = 0;
+  *(undefined8 *)(this + 0x548) = 0;
+  *(undefined8 *)(this + 0x550) = 7;
+  *(undefined2 *)(this + 0x538) = 0;
+  this[0x558] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x559) = 0;
+  this[0x55b] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x55c) = 0;
+  this[0x564] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x565) = 0;
+  this[0x567] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x568) = 0;
+  *(undefined8 *)(this + 0x570) = 0;
+  *(undefined8 *)(this + 0x578) = 0;
+  *(undefined8 *)(this + 0x580) = 7;
+  *(undefined2 *)(this + 0x568) = 0;
+  *(undefined8 *)(this + 0x588) = 0;
+  *(undefined8 *)(this + 0x590) = 0;
+  *(undefined8 *)(this + 0x598) = 0;
+  *(undefined8 *)(this + 0x5a0) = 0;
+  *(undefined8 *)(this + 0x5a8) = 7;
+  *(undefined2 *)(this + 0x590) = 0;
+  *(undefined8 *)(this + 0x5b0) = 0;
+  *(undefined8 *)(this + 0x5b8) = 0;
+  *(undefined8 *)(this + 0x5c0) = 0;
+  *(undefined8 *)(this + 0x5c8) = 0;
+  *(undefined8 *)(this + 0x5d0) = 7;
+  *(undefined2 *)(this + 0x5b8) = 0;
+  this[0x5d8] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x5d9) = 0;
+  *(undefined2 *)(this + 0x5dd) = 0;
+  this[0x5df] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x5e0) = 0;
+  *(undefined8 *)(this + 0x5e8) = 0;
+  *(undefined8 *)(this + 0x5f0) = 0;
+  *(undefined8 *)(this + 0x5f8) = 0;
+  *(undefined8 *)(this + 0x600) = 0;
+  *(undefined8 *)(this + 0x608) = 7;
+  *(undefined2 *)(this + 0x5f0) = 0;
+  *(undefined8 *)(this + 0x610) = 0;
+  *(undefined8 *)(this + 0x618) = 0;
+  *(undefined8 *)(this + 0x620) = 0;
+  *(undefined8 *)(this + 0x628) = 7;
+  *(undefined2 *)(this + 0x610) = 0;
+  *(undefined8 *)(this + 0x630) = 0;
+  *(undefined8 *)(this + 0x638) = 0;
+  *(undefined8 *)(this + 0x640) = 0;
+  *(undefined8 *)(this + 0x648) = 7;
+  *(undefined2 *)(this + 0x630) = 0;
+  *(undefined8 *)(this + 0x650) = 0;
+  *(undefined8 *)(this + 0x658) = 0;
+  *(undefined8 *)(this + 0x660) = 0;
+  *(undefined8 *)(this + 0x668) = 7;
+  *(undefined2 *)(this + 0x650) = 0;
+  this[0x670] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x671) = 0;
+  *(undefined2 *)(this + 0x675) = 0;
+  this[0x677] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x678) = 0;
+  *(undefined8 *)(this + 0x680) = 0;
+  *(undefined8 *)(this + 0x688) = 0;
+  *(undefined8 *)(this + 0x690) = 7;
+  *(undefined2 *)(this + 0x678) = 0;
+  *(undefined2 *)(this + 0x698) = 0;
+  *(undefined4 *)(this + 0x69a) = 0;
+  *(undefined2 *)(this + 0x69e) = 0;
+  *(undefined8 *)(this + 0x6a0) = 0;
+  *(undefined8 *)(this + 0x6a8) = 0;
+  *(undefined8 *)(this + 0x6b0) = 0;
+  *(undefined8 *)(this + 0x6b8) = 7;
+  *(undefined2 *)(this + 0x6a0) = 0;
+  *(undefined4 *)(this + 0x6c0) = 0;
+  memset(this + 0x6c4,0,0x52);
+  *(undefined2 *)(this + 0x716) = 0;
+  *(undefined8 *)(this + 0x718) = 0;
+  *(undefined8 *)(this + 0x720) = 0;
+  *(undefined8 *)(this + 0x728) = 0;
+  *(undefined8 *)(this + 0x980) = 0;
+  *(undefined8 *)(this + 0x988) = 0;
+  *(undefined8 *)(this + 0x990) = 0;
+  *(undefined8 *)(this + 0x730) = 0;
+  *(undefined8 *)(this + 0x738) = 0;
+  *(undefined8 *)(this + 0x740) = 0;
+  *(undefined8 *)(this + 0x748) = 7;
+  *(undefined2 *)(this + 0x730) = 0;
+  *(undefined8 *)(this + 0x750) = 0;
+  *(undefined8 *)(this + 0x758) = 0;
+  *(undefined8 *)(this + 0x760) = 0;
+  *(undefined8 *)(this + 0x768) = 7;
+  *(undefined2 *)(this + 0x750) = 0;
+  *(undefined8 *)(this + 0x770) = 0;
+  *(undefined8 *)(this + 0x778) = 0;
+  *(undefined8 *)(this + 0x780) = 0;
+  *(undefined8 *)(this + 0x788) = 0;
+  *(undefined8 *)(this + 0x790) = 0;
+  *(undefined8 *)(this + 0x798) = 0;
+  *(undefined8 *)(this + 0x7a0) = 0;
+  *(undefined8 *)(this + 0x7a8) = 0;
+  *(undefined8 *)(this + 0x7b0) = 7;
+  *(undefined2 *)(this + 0x798) = 0;
+  *(undefined8 *)(this + 0x7b8) = 0;
+  *(undefined8 *)(this + 0x7c0) = 0;
+  *(undefined8 *)(this + 0x7c8) = 0;
+  *(undefined8 *)(this + 2000) = 7;
+  *(undefined2 *)(this + 0x7b8) = 0;
+  *(undefined8 *)(this + 0x7d8) = 0;
+  *(undefined8 *)(this + 0x7e0) = 0;
+  *(undefined8 *)(this + 0x7e8) = 0;
+  *(undefined8 *)(this + 0x7f0) = 0;
+  *(undefined8 *)(this + 0x7f8) = 0;
+  *(undefined8 *)(this + 0x800) = 7;
+  *(undefined2 *)(this + 0x7e8) = 0;
+  *(undefined8 *)(this + 0x808) = 0;
+  *(undefined8 *)(this + 0x810) = 0;
+  *(undefined8 *)(this + 0x818) = 0;
+  *(undefined8 *)(this + 0x820) = 0;
+  *(undefined8 *)(this + 0x828) = 7;
+  *(undefined2 *)(this + 0x810) = 0;
+  *(undefined8 *)(this + 0x830) = 0;
+  *(undefined8 *)(this + 0x838) = 0;
+  *(undefined8 *)(this + 0x840) = 0;
+  *(undefined8 *)(this + 0x848) = 7;
+  *(undefined2 *)(this + 0x830) = 0;
+  *(undefined8 *)(this + 0x850) = 0;
+  *(undefined8 *)(this + 0x858) = 0;
+  *(undefined8 *)(this + 0x860) = 0;
+  *(undefined8 *)(this + 0x868) = 0;
+  *(undefined8 *)(this + 0x870) = 0;
+  *(undefined8 *)(this + 0x878) = 0;
+  *(undefined8 *)(this + 0x880) = 0;
+  *(undefined8 *)(this + 0x888) = 0;
+  *(undefined8 *)(this + 0x890) = 7;
+  *(undefined2 *)(this + 0x878) = 0;
+  *(undefined8 *)(this + 0x898) = 0;
+  *(undefined8 *)(this + 0x8a0) = 0;
+  *(undefined8 *)(this + 0x8a8) = 0;
+  *(undefined8 *)(this + 0x8b0) = 7;
+  *(undefined2 *)(this + 0x898) = 0;
+  *(undefined8 *)(this + 0x8b8) = 0;
+  *(undefined8 *)(this + 0x8c0) = 0;
+  *(undefined8 *)(this + 0x8c8) = 0;
+  *(undefined8 *)(this + 0x8d0) = 7;
+  *(undefined2 *)(this + 0x8b8) = 0;
+  *(undefined8 *)(this + 0x8d8) = 0;
+  *(undefined8 *)(this + 0x8e0) = 0;
+  *(undefined8 *)(this + 0x8e8) = 0;
+  *(undefined8 *)(this + 0x8f0) = 0;
+  *(undefined8 *)(this + 0x8f8) = 0;
+  *(undefined8 *)(this + 0x900) = 7;
+  *(undefined2 *)(this + 0x8e8) = 0;
+  *(undefined8 *)(this + 0x908) = 0;
+  *(undefined8 *)(this + 0x910) = 0;
+  *(undefined8 *)(this + 0x918) = 0;
+  *(undefined8 *)(this + 0x920) = 0;
+  *(undefined8 *)(this + 0x928) = 0;
+  *(undefined8 *)(this + 0x930) = 0;
+  *(undefined8 *)(this + 0x938) = 0;
+  *(undefined8 *)(this + 0x940) = 0;
+  *(undefined8 *)(this + 0x948) = 7;
+  *(undefined2 *)(this + 0x930) = 0;
+  *(undefined8 *)(this + 0x950) = 0;
+  *(undefined8 *)(this + 0x958) = 0;
+  *(undefined8 *)(this + 0x960) = 0;
+  *(undefined8 *)(this + 0x968) = 0;
+  *(undefined8 *)(this + 0x970) = 0;
+  *(undefined8 *)(this + 0x978) = 7;
+  *(undefined2 *)(this + 0x960) = 0;
+  *(undefined2 *)(this + 0x981) = 0;
+  this[0x983] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x994) = 0;
+  *(undefined8 *)(this + 0x998) = 0;
+  this_00 = (SpynetXmlNode *)operator_new(0x90);
+  pBVar1 = (BmProcessInfo *)SpynetXmlNode::SpynetXmlNode(this_00,param_1,0);
+  CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
+            ((AutoRef<struct_BmProcessInfo> *)(this + 0x998),pBVar1);
+  return this;
+}
+



BaseReport::BaseReport


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,refcount,length,sig,address,calling




ratio
0.0




i_ratio
0.08




m_ratio
0.93




b_ratio
0.03




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BaseReport
BaseReport




fullname
BaseReport::BaseReport
BaseReport::BaseReport




refcount
15
3




length
1872
1911




called
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new		
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new		




calling

Expand for full list:
AddBipData
AddSpynetClientAttributes
BMReport::BMReport
BtrReport::BtrReport
CAdvSampleSubmission::GenerateAzSubmitFeedbackReport
CAnomalyManager::GenerateAndSendAnomalySpynetReport
CResmgrAmsiUac::CreateSpynetInfoElement
CResmgrRemediationCheckpoint::Spynet
DetectionItem::GenerateBMSpynetReport
SMSMaps::SendSMSScanReport
SendHipsMapsReportSigQueryReport::SigQueryReport
spynet_report::spynet_report
std::make_unique<class_UrlReputationReport,0>

SendFileQueryFromCoreReport




paramcount
2
2




address
75a2ae034
75ab35714




sig
undefined __thiscall BaseReport(BaseReport * this, wchar_t * param_1)
undefined __thiscall BaseReport(BaseReport * this, BaseReport * param_1)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






BaseReport::BaseReport Calling Diff


--- BaseReport::BaseReport calling
+++ BaseReport::BaseReport calling
@@ -1,14 +1 @@
-AddBipData
-AddSpynetClientAttributes
-BMReport::BMReport
-BtrReport::BtrReport
-CAdvSampleSubmission::GenerateAzSubmitFeedbackReport
-CAnomalyManager::GenerateAndSendAnomalySpynetReport
-CResmgrAmsiUac::CreateSpynetInfoElement
-CResmgrRemediationCheckpoint::Spynet
-DetectionItem::GenerateBMSpynetReport
-SMSMaps::SendSMSScanReport
-SendHipsMapsReport
-SigQueryReport::SigQueryReport
-spynet_report::spynet_report
-std::make_unique<class_UrlReputationReport,0>
+SendFileQueryFromCoreReport


BaseReport::BaseReport Diff


--- BaseReport::BaseReport
+++ BaseReport::BaseReport
@@ -1,2 +1,312 @@
-Failed to decompile mpengine.dll - .ProgramDB BaseReport::BaseReport : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: __cdecl BaseReport::BaseReport(class BaseReport const & __ptr64) __ptr64 */
+
+BaseReport * __thiscall BaseReport::BaseReport(BaseReport *this,BaseReport *param_1)
+
+{
+  SpynetXmlNode *this_00;
+  BmProcessInfo *pBVar1;
+  
+  *(undefined ***)this = vftable;
+  *(undefined4 *)(this + 8) = *(undefined4 *)(param_1 + 8);
+  memset(this + 0x10,0,0x82);
+  memset(this + 0x92,0,0x52);
+  memset(this + 0xe4,0,0x42);
+  memset(this + 0x126,0,0x102);
+  pBVar1 = (BmProcessInfo *)0x0;
+  *(undefined8 *)(this + 0x228) = 0;
+  memset(this + 0x230,0,0x52);
+  *(undefined4 *)(this + 0x282) = 0;
+  *(undefined2 *)(this + 0x286) = 0;
+  *(undefined8 *)(this + 0x288) = 0;
+  *(undefined8 *)(this + 0x290) = 0;
+  *(undefined8 *)(this + 0x298) = 0;
+  *(undefined8 *)(this + 0x2a0) = 7;
+  *(undefined2 *)(this + 0x288) = 0;
+  *(undefined8 *)(this + 0x2a8) = 0;
+  *(undefined8 *)(this + 0x2b0) = 0;
+  *(undefined8 *)(this + 0x2b8) = 0;
+  *(undefined8 *)(this + 0x2c0) = 7;
+  *(undefined2 *)(this + 0x2a8) = 0;
+  *(undefined4 *)(this + 0x2c8) = 0xffffffff;
+  *(undefined8 *)(this + 0x2cc) = 0;
+  *(undefined4 *)(this + 0x2d4) = 0;
+  *(undefined8 *)(this + 0x2d8) = 0;
+  *(undefined8 *)(this + 0x2e0) = 0;
+  *(undefined8 *)(this + 0x2e8) = 0;
+  *(undefined8 *)(this + 0x2f0) = 7;
+  *(undefined2 *)(this + 0x2d8) = 0;
+  *(undefined8 *)(this + 0x2f8) = 0;
+  *(undefined8 *)(this + 0x300) = 0;
+  *(undefined4 *)(this + 0x308) = 0;
+  *(undefined8 *)(this + 0x30c) = 0;
+  *(undefined4 *)(this + 0x314) = 0;
+  *(undefined8 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 800) = 0;
+  *(undefined8 *)(this + 0x328) = 0;
+  *(undefined8 *)(this + 0x330) = 7;
+  *(undefined2 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 0x338) = 0;
+  *(undefined8 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x348) = 0;
+  *(undefined8 *)(this + 0x350) = 0;
+  *(undefined8 *)(this + 0x358) = 7;
+  *(undefined2 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x360) = 0;
+  *(undefined8 *)(this + 0x368) = 0;
+  *(undefined8 *)(this + 0x370) = 0;
+  *(undefined8 *)(this + 0x378) = 0;
+  *(undefined8 *)(this + 0x380) = 7;
+  *(undefined2 *)(this + 0x368) = 0;
+  *(undefined8 *)(this + 0x388) = 0;
+  *(undefined8 *)(this + 0x390) = 0;
+  *(undefined8 *)(this + 0x398) = 0;
+  *(undefined8 *)(this + 0x3a0) = 7;
+  *(undefined2 *)(this + 0x388) = 0;
+  *(undefined4 *)(this + 0x3a8) = 0;
+  this[0x3ac] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x3ad) = 0;
+  this[0x3af] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x3b0) = 0;
+  *(undefined8 *)(this + 0x3b8) = 0;
+  *(undefined8 *)(this + 0x3c0) = 0;
+  *(undefined8 *)(this + 0x3c8) = 0;
+  *(undefined8 *)(this + 0x3d0) = 7;
+  *(undefined2 *)(this + 0x3b8) = 0;
+  *(undefined8 *)(this + 0x3d8) = 0;
+  *(undefined8 *)(this + 0x3e0) = 0;
+  *(undefined8 *)(this + 1000) = 0;
+  *(undefined8 *)(this + 0x3f0) = 7;
+  *(undefined2 *)(this + 0x3d8) = 0;
+  *(undefined8 *)(this + 0x3f8) = 0;
+  *(undefined8 *)(this + 0x400) = 0;
+  *(undefined8 *)(this + 0x408) = 0;
+  *(undefined8 *)(this + 0x410) = 7;
+  *(undefined2 *)(this + 0x3f8) = 0;
+  *(undefined8 *)(this + 0x418) = 0;
+  *(undefined8 *)(this + 0x420) = 0;
+  *(undefined8 *)(this + 0x428) = 0;
+  *(undefined8 *)(this + 0x430) = 7;
+  *(undefined2 *)(this + 0x418) = 0;
+  *(undefined8 *)(this + 0x438) = 0;
+  *(undefined8 *)(this + 0x440) = 0;
+  *(undefined8 *)(this + 0x448) = 0;
+  *(undefined8 *)(this + 0x450) = 7;
+  *(undefined2 *)(this + 0x438) = 0;
+  *(undefined8 *)(this + 0x458) = 0;
+  *(undefined8 *)(this + 0x460) = 0;
+  *(undefined8 *)(this + 0x468) = 0;
+  *(undefined8 *)(this + 0x470) = 7;
+  *(undefined2 *)(this + 0x458) = 0;
+  *(undefined8 *)(this + 0x478) = 0;
+  *(undefined8 *)(this + 0x480) = 0;
+  *(undefined8 *)(this + 0x488) = 0;
+  *(undefined8 *)(this + 0x490) = 7;
+  *(undefined2 *)(this + 0x478) = 0;
+  *(undefined8 *)(this + 0x498) = 0;
+  *(undefined8 *)(this + 0x4a0) = 0;
+  *(undefined8 *)(this + 0x4a8) = 0;
+  *(undefined8 *)(this + 0x4b0) = 7;
+  *(undefined2 *)(this + 0x498) = 0;
+  *(undefined8 *)(this + 0x4b8) = 0;
+  *(undefined8 *)(this + 0x4c0) = 0;
+  *(undefined8 *)(this + 0x4c8) = 0;
+  *(undefined8 *)(this + 0x4d0) = 7;
+  *(undefined2 *)(this + 0x4b8) = 0;
+  *(undefined8 *)(this + 0x4d8) = 0;
+  *(undefined8 *)(this + 0x4e0) = 0;
+  *(undefined8 *)(this + 0x4e8) = 0;
+  *(undefined8 *)(this + 0x4f0) = 7;
+  *(undefined2 *)(this + 0x4d8) = 0;
+  *(undefined8 *)(this + 0x4f8) = 0;
+  *(undefined8 *)(this + 0x500) = 0;
+  *(undefined8 *)(this + 0x508) = 0;
+  *(undefined8 *)(this + 0x510) = 7;
+  *(undefined2 *)(this + 0x4f8) = 0;
+  *(undefined8 *)(this + 0x518) = 0;
+  *(undefined8 *)(this + 0x520) = 0;
+  *(undefined8 *)(this + 0x528) = 0;
+  *(undefined8 *)(this + 0x530) = 7;
+  *(undefined2 *)(this + 0x518) = 0;
+  *(undefined8 *)(this + 0x538) = 0;
+  *(undefined8 *)(this + 0x540) = 0;
+  *(undefined8 *)(this + 0x548) = 0;
+  *(undefined8 *)(this + 0x550) = 7;
+  *(undefined2 *)(this + 0x538) = 0;
+  this[0x558] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x559) = 0;
+  this[0x55b] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x55c) = 0;
+  this[0x564] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x565) = 0;
+  this[0x567] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x568) = 0;
+  *(undefined8 *)(this + 0x570) = 0;
+  *(undefined8 *)(this + 0x578) = 0;
+  *(undefined8 *)(this + 0x580) = 7;
+  *(undefined2 *)(this + 0x568) = 0;
+  *(undefined8 *)(this + 0x588) = 0;
+  *(undefined8 *)(this + 0x590) = 0;
+  *(undefined8 *)(this + 0x598) = 0;
+  *(undefined8 *)(this + 0x5a0) = 0;
+  *(undefined8 *)(this + 0x5a8) = 7;
+  *(undefined2 *)(this + 0x590) = 0;
+  *(undefined8 *)(this + 0x5b0) = 0;
+  *(undefined8 *)(this + 0x5b8) = 0;
+  *(undefined8 *)(this + 0x5c0) = 0;
+  *(undefined8 *)(this + 0x5c8) = 0;
+  *(undefined8 *)(this + 0x5d0) = 7;
+  *(undefined2 *)(this + 0x5b8) = 0;
+  this[0x5d8] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x5d9) = 0;
+  *(undefined2 *)(this + 0x5dd) = 0;
+  this[0x5df] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x5e0) = 0;
+  *(undefined8 *)(this + 0x5e8) = 0;
+  *(undefined8 *)(this + 0x5f0) = 0;
+  *(undefined8 *)(this + 0x5f8) = 0;
+  *(undefined8 *)(this + 0x600) = 0;
+  *(undefined8 *)(this + 0x608) = 7;
+  *(undefined2 *)(this + 0x5f0) = 0;
+  *(undefined8 *)(this + 0x610) = 0;
+  *(undefined8 *)(this + 0x618) = 0;
+  *(undefined8 *)(this + 0x620) = 0;
+  *(undefined8 *)(this + 0x628) = 7;
+  *(undefined2 *)(this + 0x610) = 0;
+  *(undefined8 *)(this + 0x630) = 0;
+  *(undefined8 *)(this + 0x638) = 0;
+  *(undefined8 *)(this + 0x640) = 0;
+  *(undefined8 *)(this + 0x648) = 7;
+  *(undefined2 *)(this + 0x630) = 0;
+  *(undefined8 *)(this + 0x650) = 0;
+  *(undefined8 *)(this + 0x658) = 0;
+  *(undefined8 *)(this + 0x660) = 0;
+  *(undefined8 *)(this + 0x668) = 7;
+  *(undefined2 *)(this + 0x650) = 0;
+  this[0x670] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x671) = 0;
+  *(undefined2 *)(this + 0x675) = 0;
+  this[0x677] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x678) = 0;
+  *(undefined8 *)(this + 0x680) = 0;
+  *(undefined8 *)(this + 0x688) = 0;
+  *(undefined8 *)(this + 0x690) = 7;
+  *(undefined2 *)(this + 0x678) = 0;
+  *(undefined2 *)(this + 0x698) = 0;
+  *(undefined4 *)(this + 0x69a) = 0;
+  *(undefined2 *)(this + 0x69e) = 0;
+  *(undefined8 *)(this + 0x6a0) = 0;
+  *(undefined8 *)(this + 0x6a8) = 0;
+  *(undefined8 *)(this + 0x6b0) = 0;
+  *(undefined8 *)(this + 0x6b8) = 7;
+  *(undefined2 *)(this + 0x6a0) = 0;
+  *(undefined4 *)(this + 0x6c0) = 0;
+  memset(this + 0x6c4,0,0x52);
+  *(undefined2 *)(this + 0x716) = 0;
+  *(undefined8 *)(this + 0x718) = 0;
+  *(undefined8 *)(this + 0x720) = 0;
+  *(undefined8 *)(this + 0x728) = 0;
+  *(undefined8 *)(this + 0x980) = 0;
+  *(undefined8 *)(this + 0x988) = 0;
+  *(undefined8 *)(this + 0x990) = 0;
+  *(undefined8 *)(this + 0x730) = 0;
+  *(undefined8 *)(this + 0x738) = 0;
+  *(undefined8 *)(this + 0x740) = 0;
+  *(undefined8 *)(this + 0x748) = 7;
+  *(undefined2 *)(this + 0x730) = 0;
+  *(undefined8 *)(this + 0x750) = 0;
+  *(undefined8 *)(this + 0x758) = 0;
+  *(undefined8 *)(this + 0x760) = 0;
+  *(undefined8 *)(this + 0x768) = 7;
+  *(undefined2 *)(this + 0x750) = 0;
+  *(undefined8 *)(this + 0x770) = 0;
+  *(undefined8 *)(this + 0x778) = 0;
+  *(undefined8 *)(this + 0x780) = 0;
+  *(undefined8 *)(this + 0x788) = 0;
+  *(undefined8 *)(this + 0x790) = 0;
+  *(undefined8 *)(this + 0x798) = 0;
+  *(undefined8 *)(this + 0x7a0) = 0;
+  *(undefined8 *)(this + 0x7a8) = 0;
+  *(undefined8 *)(this + 0x7b0) = 7;
+  *(undefined2 *)(this + 0x798) = 0;
+  *(undefined8 *)(this + 0x7b8) = 0;
+  *(undefined8 *)(this + 0x7c0) = 0;
+  *(undefined8 *)(this + 0x7c8) = 0;
+  *(undefined8 *)(this + 2000) = 7;
+  *(undefined2 *)(this + 0x7b8) = 0;
+  *(undefined8 *)(this + 0x7d8) = 0;
+  *(undefined8 *)(this + 0x7e0) = 0;
+  *(undefined8 *)(this + 0x7e8) = 0;
+  *(undefined8 *)(this + 0x7f0) = 0;
+  *(undefined8 *)(this + 0x7f8) = 0;
+  *(undefined8 *)(this + 0x800) = 7;
+  *(undefined2 *)(this + 0x7e8) = 0;
+  *(undefined8 *)(this + 0x808) = 0;
+  *(undefined8 *)(this + 0x810) = 0;
+  *(undefined8 *)(this + 0x818) = 0;
+  *(undefined8 *)(this + 0x820) = 0;
+  *(undefined8 *)(this + 0x828) = 7;
+  *(undefined2 *)(this + 0x810) = 0;
+  *(undefined8 *)(this + 0x830) = 0;
+  *(undefined8 *)(this + 0x838) = 0;
+  *(undefined8 *)(this + 0x840) = 0;
+  *(undefined8 *)(this + 0x848) = 7;
+  *(undefined2 *)(this + 0x830) = 0;
+  *(undefined8 *)(this + 0x850) = 0;
+  *(undefined8 *)(this + 0x858) = 0;
+  *(undefined8 *)(this + 0x860) = 0;
+  *(undefined8 *)(this + 0x868) = 0;
+  *(undefined8 *)(this + 0x870) = 0;
+  *(undefined8 *)(this + 0x878) = 0;
+  *(undefined8 *)(this + 0x880) = 0;
+  *(undefined8 *)(this + 0x888) = 0;
+  *(undefined8 *)(this + 0x890) = 7;
+  *(undefined2 *)(this + 0x878) = 0;
+  *(undefined8 *)(this + 0x898) = 0;
+  *(undefined8 *)(this + 0x8a0) = 0;
+  *(undefined8 *)(this + 0x8a8) = 0;
+  *(undefined8 *)(this + 0x8b0) = 7;
+  *(undefined2 *)(this + 0x898) = 0;
+  *(undefined8 *)(this + 0x8b8) = 0;
+  *(undefined8 *)(this + 0x8c0) = 0;
+  *(undefined8 *)(this + 0x8c8) = 0;
+  *(undefined8 *)(this + 0x8d0) = 7;
+  *(undefined2 *)(this + 0x8b8) = 0;
+  *(undefined8 *)(this + 0x8d8) = 0;
+  *(undefined8 *)(this + 0x8e0) = 0;
+  *(undefined8 *)(this + 0x8e8) = 0;
+  *(undefined8 *)(this + 0x8f0) = 0;
+  *(undefined8 *)(this + 0x8f8) = 0;
+  *(undefined8 *)(this + 0x900) = 7;
+  *(undefined2 *)(this + 0x8e8) = 0;
+  *(undefined8 *)(this + 0x908) = 0;
+  *(undefined8 *)(this + 0x910) = 0;
+  *(undefined8 *)(this + 0x918) = 0;
+  *(undefined8 *)(this + 0x920) = 0;
+  *(undefined8 *)(this + 0x928) = 0;
+  *(undefined8 *)(this + 0x930) = 0;
+  *(undefined8 *)(this + 0x938) = 0;
+  *(undefined8 *)(this + 0x940) = 0;
+  *(undefined8 *)(this + 0x948) = 7;
+  *(undefined2 *)(this + 0x930) = 0;
+  *(undefined8 *)(this + 0x950) = 0;
+  *(undefined8 *)(this + 0x958) = 0;
+  *(undefined8 *)(this + 0x960) = 0;
+  *(undefined8 *)(this + 0x968) = 0;
+  *(undefined8 *)(this + 0x970) = 0;
+  *(undefined8 *)(this + 0x978) = 7;
+  *(undefined2 *)(this + 0x960) = 0;
+  *(undefined2 *)(this + 0x981) = 0;
+  this[0x983] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x994) = 0;
+  *(undefined8 *)(this + 0x998) = 0;
+  if (*(longlong *)(param_1 + 0x998) != 0) {
+    this_00 = (SpynetXmlNode *)operator_new(0x90);
+    pBVar1 = (BmProcessInfo *)
+             SpynetXmlNode::SpynetXmlNode(this_00,*(SpynetXmlNode **)(param_1 + 0x998));
+  }
+  CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
+            ((AutoRef<struct_BmProcessInfo> *)(this + 0x998),pBVar1);
+  return this;
+}
+



BaseReport::BaseReport


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,refcount,length,address




ratio
0.0




i_ratio
0.73




m_ratio
0.99




b_ratio
0.99




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BaseReport
BaseReport




fullname
BaseReport::BaseReport
BaseReport::BaseReport




refcount
7
6




length
1873
1894




called
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new		
CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
SpynetXmlNode::SpynetXmlNode
memset
operator_new		




calling
CResmgrBoot::GenerateSpynet
CResmgrCertStore::Spynet
CResmgrNetworkIP::Spynet
CResmgrProcess::Spynet
CResmgrRootkit::Spynet		
CResmgrBoot::GenerateSpynet
CResmgrCertStore::Spynet
CResmgrNetworkIP::Spynet
CResmgrProcess::Spynet
CResmgrRootkit::Spynet		




paramcount
3
3




address
75ab24f04
75ab35e8c




sig
undefined __thiscall BaseReport(BaseReport * this, wchar_t * param_1, ulong param_2)
undefined __thiscall BaseReport(BaseReport * this, wchar_t * param_1, ulong param_2)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






BaseReport::BaseReport Diff


--- BaseReport::BaseReport
+++ BaseReport::BaseReport
@@ -1,2 +1,308 @@
-Failed to decompile mpengine.dll - .ProgramDB BaseReport::BaseReport : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: __cdecl BaseReport::BaseReport(wchar_t const * __ptr64,unsigned long) __ptr64 */
+
+BaseReport * __thiscall BaseReport::BaseReport(BaseReport *this,wchar_t *param_1,ulong param_2)
+
+{
+  SpynetXmlNode *this_00;
+  BmProcessInfo *pBVar1;
+  
+  *(undefined ***)this = vftable;
+  *(ulong *)(this + 8) = param_2;
+  memset(this + 0x10,0,0x82);
+  memset(this + 0x92,0,0x52);
+  memset(this + 0xe4,0,0x42);
+  memset(this + 0x126,0,0x102);
+  *(undefined8 *)(this + 0x228) = 0;
+  memset(this + 0x230,0,0x52);
+  *(undefined4 *)(this + 0x282) = 0;
+  *(undefined2 *)(this + 0x286) = 0;
+  *(undefined8 *)(this + 0x288) = 0;
+  *(undefined8 *)(this + 0x290) = 0;
+  *(undefined8 *)(this + 0x298) = 0;
+  *(undefined8 *)(this + 0x2a0) = 7;
+  *(undefined2 *)(this + 0x288) = 0;
+  *(undefined8 *)(this + 0x2a8) = 0;
+  *(undefined8 *)(this + 0x2b0) = 0;
+  *(undefined8 *)(this + 0x2b8) = 0;
+  *(undefined8 *)(this + 0x2c0) = 7;
+  *(undefined2 *)(this + 0x2a8) = 0;
+  *(undefined4 *)(this + 0x2c8) = 0xffffffff;
+  *(undefined8 *)(this + 0x2cc) = 0;
+  *(undefined4 *)(this + 0x2d4) = 0;
+  *(undefined8 *)(this + 0x2d8) = 0;
+  *(undefined8 *)(this + 0x2e0) = 0;
+  *(undefined8 *)(this + 0x2e8) = 0;
+  *(undefined8 *)(this + 0x2f0) = 7;
+  *(undefined2 *)(this + 0x2d8) = 0;
+  *(undefined8 *)(this + 0x2f8) = 0;
+  *(undefined8 *)(this + 0x300) = 0;
+  *(undefined4 *)(this + 0x308) = 0;
+  *(undefined8 *)(this + 0x30c) = 0;
+  *(undefined4 *)(this + 0x314) = 0;
+  *(undefined8 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 800) = 0;
+  *(undefined8 *)(this + 0x328) = 0;
+  *(undefined8 *)(this + 0x330) = 7;
+  *(undefined2 *)(this + 0x318) = 0;
+  *(undefined8 *)(this + 0x338) = 0;
+  *(undefined8 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x348) = 0;
+  *(undefined8 *)(this + 0x350) = 0;
+  *(undefined8 *)(this + 0x358) = 7;
+  *(undefined2 *)(this + 0x340) = 0;
+  *(undefined8 *)(this + 0x360) = 0;
+  *(undefined8 *)(this + 0x368) = 0;
+  *(undefined8 *)(this + 0x370) = 0;
+  *(undefined8 *)(this + 0x378) = 0;
+  *(undefined8 *)(this + 0x380) = 7;
+  *(undefined2 *)(this + 0x368) = 0;
+  *(undefined8 *)(this + 0x388) = 0;
+  *(undefined8 *)(this + 0x390) = 0;
+  *(undefined8 *)(this + 0x398) = 0;
+  *(undefined8 *)(this + 0x3a0) = 7;
+  *(undefined2 *)(this + 0x388) = 0;
+  *(undefined4 *)(this + 0x3a8) = 0;
+  this[0x3ac] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x3ad) = 0;
+  this[0x3af] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x3b0) = 0;
+  *(undefined8 *)(this + 0x3b8) = 0;
+  *(undefined8 *)(this + 0x3c0) = 0;
+  *(undefined8 *)(this + 0x3c8) = 0;
+  *(undefined8 *)(this + 0x3d0) = 7;
+  *(undefined2 *)(this + 0x3b8) = 0;
+  *(undefined8 *)(this + 0x3d8) = 0;
+  *(undefined8 *)(this + 0x3e0) = 0;
+  *(undefined8 *)(this + 1000) = 0;
+  *(undefined8 *)(this + 0x3f0) = 7;
+  *(undefined2 *)(this + 0x3d8) = 0;
+  *(undefined8 *)(this + 0x3f8) = 0;
+  *(undefined8 *)(this + 0x400) = 0;
+  *(undefined8 *)(this + 0x408) = 0;
+  *(undefined8 *)(this + 0x410) = 7;
+  *(undefined2 *)(this + 0x3f8) = 0;
+  *(undefined8 *)(this + 0x418) = 0;
+  *(undefined8 *)(this + 0x420) = 0;
+  *(undefined8 *)(this + 0x428) = 0;
+  *(undefined8 *)(this + 0x430) = 7;
+  *(undefined2 *)(this + 0x418) = 0;
+  *(undefined8 *)(this + 0x438) = 0;
+  *(undefined8 *)(this + 0x440) = 0;
+  *(undefined8 *)(this + 0x448) = 0;
+  *(undefined8 *)(this + 0x450) = 7;
+  *(undefined2 *)(this + 0x438) = 0;
+  *(undefined8 *)(this + 0x458) = 0;
+  *(undefined8 *)(this + 0x460) = 0;
+  *(undefined8 *)(this + 0x468) = 0;
+  *(undefined8 *)(this + 0x470) = 7;
+  *(undefined2 *)(this + 0x458) = 0;
+  *(undefined8 *)(this + 0x478) = 0;
+  *(undefined8 *)(this + 0x480) = 0;
+  *(undefined8 *)(this + 0x488) = 0;
+  *(undefined8 *)(this + 0x490) = 7;
+  *(undefined2 *)(this + 0x478) = 0;
+  *(undefined8 *)(this + 0x498) = 0;
+  *(undefined8 *)(this + 0x4a0) = 0;
+  *(undefined8 *)(this + 0x4a8) = 0;
+  *(undefined8 *)(this + 0x4b0) = 7;
+  *(undefined2 *)(this + 0x498) = 0;
+  *(undefined8 *)(this + 0x4b8) = 0;
+  *(undefined8 *)(this + 0x4c0) = 0;
+  *(undefined8 *)(this + 0x4c8) = 0;
+  *(undefined8 *)(this + 0x4d0) = 7;
+  *(undefined2 *)(this + 0x4b8) = 0;
+  *(undefined8 *)(this + 0x4d8) = 0;
+  *(undefined8 *)(this + 0x4e0) = 0;
+  *(undefined8 *)(this + 0x4e8) = 0;
+  *(undefined8 *)(this + 0x4f0) = 7;
+  *(undefined2 *)(this + 0x4d8) = 0;
+  *(undefined8 *)(this + 0x4f8) = 0;
+  *(undefined8 *)(this + 0x500) = 0;
+  *(undefined8 *)(this + 0x508) = 0;
+  *(undefined8 *)(this + 0x510) = 7;
+  *(undefined2 *)(this + 0x4f8) = 0;
+  *(undefined8 *)(this + 0x518) = 0;
+  *(undefined8 *)(this + 0x520) = 0;
+  *(undefined8 *)(this + 0x528) = 0;
+  *(undefined8 *)(this + 0x530) = 7;
+  *(undefined2 *)(this + 0x518) = 0;
+  *(undefined8 *)(this + 0x538) = 0;
+  *(undefined8 *)(this + 0x540) = 0;
+  *(undefined8 *)(this + 0x548) = 0;
+  *(undefined8 *)(this + 0x550) = 7;
+  *(undefined2 *)(this + 0x538) = 0;
+  this[0x558] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x559) = 0;
+  this[0x55b] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x55c) = 0;
+  this[0x564] = (BaseReport)0x0;
+  *(undefined2 *)(this + 0x565) = 0;
+  this[0x567] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x568) = 0;
+  *(undefined8 *)(this + 0x570) = 0;
+  *(undefined8 *)(this + 0x578) = 0;
+  *(undefined8 *)(this + 0x580) = 7;
+  *(undefined2 *)(this + 0x568) = 0;
+  *(undefined8 *)(this + 0x588) = 0;
+  *(undefined8 *)(this + 0x590) = 0;
+  *(undefined8 *)(this + 0x598) = 0;
+  *(undefined8 *)(this + 0x5a0) = 0;
+  *(undefined8 *)(this + 0x5a8) = 7;
+  *(undefined2 *)(this + 0x590) = 0;
+  *(undefined8 *)(this + 0x5b0) = 0;
+  *(undefined8 *)(this + 0x5b8) = 0;
+  *(undefined8 *)(this + 0x5c0) = 0;
+  *(undefined8 *)(this + 0x5c8) = 0;
+  *(undefined8 *)(this + 0x5d0) = 7;
+  *(undefined2 *)(this + 0x5b8) = 0;
+  this[0x5d8] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x5d9) = 0;
+  *(undefined2 *)(this + 0x5dd) = 0;
+  this[0x5df] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x5e0) = 0;
+  *(undefined8 *)(this + 0x5e8) = 0;
+  *(undefined8 *)(this + 0x5f0) = 0;
+  *(undefined8 *)(this + 0x5f8) = 0;
+  *(undefined8 *)(this + 0x600) = 0;
+  *(undefined8 *)(this + 0x608) = 7;
+  *(undefined2 *)(this + 0x5f0) = 0;
+  *(undefined8 *)(this + 0x610) = 0;
+  *(undefined8 *)(this + 0x618) = 0;
+  *(undefined8 *)(this + 0x620) = 0;
+  *(undefined8 *)(this + 0x628) = 7;
+  *(undefined2 *)(this + 0x610) = 0;
+  *(undefined8 *)(this + 0x630) = 0;
+  *(undefined8 *)(this + 0x638) = 0;
+  *(undefined8 *)(this + 0x640) = 0;
+  *(undefined8 *)(this + 0x648) = 7;
+  *(undefined2 *)(this + 0x630) = 0;
+  *(undefined8 *)(this + 0x650) = 0;
+  *(undefined8 *)(this + 0x658) = 0;
+  *(undefined8 *)(this + 0x660) = 0;
+  *(undefined8 *)(this + 0x668) = 7;
+  *(undefined2 *)(this + 0x650) = 0;
+  this[0x670] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x671) = 0;
+  *(undefined2 *)(this + 0x675) = 0;
+  this[0x677] = (BaseReport)0x0;
+  *(undefined8 *)(this + 0x678) = 0;
+  *(undefined8 *)(this + 0x680) = 0;
+  *(undefined8 *)(this + 0x688) = 0;
+  *(undefined8 *)(this + 0x690) = 7;
+  *(undefined2 *)(this + 0x678) = 0;
+  *(undefined2 *)(this + 0x698) = 0;
+  *(undefined4 *)(this + 0x69a) = 0;
+  *(undefined2 *)(this + 0x69e) = 0;
+  *(undefined8 *)(this + 0x6a0) = 0;
+  *(undefined8 *)(this + 0x6a8) = 0;
+  *(undefined8 *)(this + 0x6b0) = 0;
+  *(undefined8 *)(this + 0x6b8) = 7;
+  *(undefined2 *)(this + 0x6a0) = 0;
+  *(undefined4 *)(this + 0x6c0) = 0;
+  memset(this + 0x6c4,0,0x52);
+  *(undefined2 *)(this + 0x716) = 0;
+  *(undefined8 *)(this + 0x718) = 0;
+  *(undefined8 *)(this + 0x720) = 0;
+  *(undefined8 *)(this + 0x728) = 0;
+  *(undefined8 *)(this + 0x980) = 0;
+  *(undefined8 *)(this + 0x988) = 0;
+  *(undefined8 *)(this + 0x990) = 0;
+  *(undefined8 *)(this + 0x730) = 0;
+  *(undefined8 *)(this + 0x738) = 0;
+  *(undefined8 *)(this + 0x740) = 0;
+  *(undefined8 *)(this + 0x748) = 7;
+  *(undefined2 *)(this + 0x730) = 0;
+  *(undefined8 *)(this + 0x750) = 0;
+  *(undefined8 *)(this + 0x758) = 0;
+  *(undefined8 *)(this + 0x760) = 0;
+  *(undefined8 *)(this + 0x768) = 7;
+  *(undefined2 *)(this + 0x750) = 0;
+  *(undefined8 *)(this + 0x770) = 0;
+  *(undefined8 *)(this + 0x778) = 0;
+  *(undefined8 *)(this + 0x780) = 0;
+  *(undefined8 *)(this + 0x788) = 0;
+  *(undefined8 *)(this + 0x790) = 0;
+  *(undefined8 *)(this + 0x798) = 0;
+  *(undefined8 *)(this + 0x7a0) = 0;
+  *(undefined8 *)(this + 0x7a8) = 0;
+  *(undefined8 *)(this + 0x7b0) = 7;
+  *(undefined2 *)(this + 0x798) = 0;
+  *(undefined8 *)(this + 0x7b8) = 0;
+  *(undefined8 *)(this + 0x7c0) = 0;
+  *(undefined8 *)(this + 0x7c8) = 0;
+  *(undefined8 *)(this + 2000) = 7;
+  *(undefined2 *)(this + 0x7b8) = 0;
+  *(undefined8 *)(this + 0x7d8) = 0;
+  *(undefined8 *)(this + 0x7e0) = 0;
+  *(undefined8 *)(this + 0x7e8) = 0;
+  *(undefined8 *)(this + 0x7f0) = 0;
+  *(undefined8 *)(this + 0x7f8) = 0;
+  *(undefined8 *)(this + 0x800) = 7;
+  *(undefined2 *)(this + 0x7e8) = 0;
+  *(undefined8 *)(this + 0x808) = 0;
+  *(undefined8 *)(this + 0x810) = 0;
+  *(undefined8 *)(this + 0x818) = 0;
+  *(undefined8 *)(this + 0x820) = 0;
+  *(undefined8 *)(this + 0x828) = 7;
+  *(undefined2 *)(this + 0x810) = 0;
+  *(undefined8 *)(this + 0x830) = 0;
+  *(undefined8 *)(this + 0x838) = 0;
+  *(undefined8 *)(this + 0x840) = 0;
+  *(undefined8 *)(this + 0x848) = 7;
+  *(undefined2 *)(this + 0x830) = 0;
+  *(undefined8 *)(this + 0x850) = 0;
+  *(undefined8 *)(this + 0x858) = 0;
+  *(undefined8 *)(this + 0x860) = 0;
+  *(undefined8 *)(this + 0x868) = 0;
+  *(undefined8 *)(this + 0x870) = 0;
+  *(undefined8 *)(this + 0x878) = 0;
+  *(undefined8 *)(this + 0x880) = 0;
+  *(undefined8 *)(this + 0x888) = 0;
+  *(undefined8 *)(this + 0x890) = 7;
+  *(undefined2 *)(this + 0x878) = 0;
+  *(undefined8 *)(this + 0x898) = 0;
+  *(undefined8 *)(this + 0x8a0) = 0;
+  *(undefined8 *)(this + 0x8a8) = 0;
+  *(undefined8 *)(this + 0x8b0) = 7;
+  *(undefined2 *)(this + 0x898) = 0;
+  *(undefined8 *)(this + 0x8b8) = 0;
+  *(undefined8 *)(this + 0x8c0) = 0;
+  *(undefined8 *)(this + 0x8c8) = 0;
+  *(undefined8 *)(this + 0x8d0) = 7;
+  *(undefined2 *)(this + 0x8b8) = 0;
+  *(undefined8 *)(this + 0x8d8) = 0;
+  *(undefined8 *)(this + 0x8e0) = 0;
+  *(undefined8 *)(this + 0x8e8) = 0;
+  *(undefined8 *)(this + 0x8f0) = 0;
+  *(undefined8 *)(this + 0x8f8) = 0;
+  *(undefined8 *)(this + 0x900) = 7;
+  *(undefined2 *)(this + 0x8e8) = 0;
+  *(undefined8 *)(this + 0x908) = 0;
+  *(undefined8 *)(this + 0x910) = 0;
+  *(undefined8 *)(this + 0x918) = 0;
+  *(undefined8 *)(this + 0x920) = 0;
+  *(undefined8 *)(this + 0x928) = 0;
+  *(undefined8 *)(this + 0x930) = 0;
+  *(undefined8 *)(this + 0x938) = 0;
+  *(undefined8 *)(this + 0x940) = 0;
+  *(undefined8 *)(this + 0x948) = 7;
+  *(undefined2 *)(this + 0x930) = 0;
+  *(undefined8 *)(this + 0x950) = 0;
+  *(undefined8 *)(this + 0x958) = 0;
+  *(undefined8 *)(this + 0x960) = 0;
+  *(undefined8 *)(this + 0x968) = 0;
+  *(undefined8 *)(this + 0x970) = 0;
+  *(undefined8 *)(this + 0x978) = 7;
+  *(undefined2 *)(this + 0x960) = 0;
+  *(undefined2 *)(this + 0x981) = 0;
+  this[0x983] = (BaseReport)0x0;
+  *(undefined4 *)(this + 0x994) = 0;
+  *(undefined8 *)(this + 0x998) = 0;
+  this_00 = (SpynetXmlNode *)operator_new(0x90);
+  pBVar1 = (BmProcessInfo *)SpynetXmlNode::SpynetXmlNode(this_00,param_1,0);
+  CommonUtil::AutoRef<struct_BmProcessInfo>::operator=
+            ((AutoRef<struct_BmProcessInfo> *)(this + 0x998),pBVar1);
+  return this;
+}
+



CX509CertificateParser::BinaryElement


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.0




i_ratio
0.65




m_ratio
0.99




b_ratio
0.98




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BinaryElement
BinaryElement




fullname
CX509CertificateParser::BinaryElement
CX509CertificateParser::BinaryElement




refcount
3
3




length
3006
2977




called

Expand for full list:
CAuthenticodeContentInfo::SetHash
CDistinguishedName::GetDistinguishedName
CEccPublicKey::CEccPublicKey
CEccPublicKey::SetCustomCurve
CEccPublicKey::SetDefinedCurve
CHash::GenerateHash
CHash::scalar_deleting_destructor'<br>CPkcs6Certificate::SetPublicKey<br>CPkcs6Certificate::SetSerialNumber<br>CPkcs7SignerInfo::SetAuthHash<br>CRsaPublicKey::ReadKey</summary>CRsaPublicKeyParser::~CRsaPublicKeyParser<br>CSerialNumber::GetSerialNumber<br>CSerialNumber::ToString<br>CSignature::GetSignature<br>CommonUtil::TrDuplicateBuffer<unsigned_char><br>IsAsimovKillBitted<br>IsEngineAlwaysSelected<br>IsEngineDeterministic<br>IsEngineFinalized<br>KERNEL32.DLL::EnterCriticalSection<br>KERNEL32.DLL::LeaveCriticalSection<br>ParseAsn1Ber<br>WPP_SF_<br>WPP_SF_l<br>_guard_dispatch_icall_$fo_default$<br>_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>_><br>DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>
free
operator_delete[]
operator_new
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::operator=
std::vector<struct_vdll_section_data_t,class_std::allocator<struct_vdll_section_data_t>>::_Tidy


Expand for full list:
CAuthenticodeContentInfo::SetHash
CDistinguishedName::GetDistinguishedName
CEccPublicKey::CEccPublicKey
CEccPublicKey::SetCustomCurve
CEccPublicKey::SetDefinedCurve
CHash::GenerateHash
CPkcs6Certificate::SetPublicKey
CPkcs6Certificate::SetSerialNumber
CPkcs7SignerInfo::SetAuthHash
CRsaPublicKey::ReadKey
CRsaPublicKeyParser::~CRsaPublicKeyParserCSerialNumber::GetSerialNumber
CSerialNumber::ToString
CSignature::GetSignature
CommonUtil::TrDuplicateBuffer<unsigned_char>
KERNEL32.DLL::EnterCriticalSection
KERNEL32.DLL::LeaveCriticalSection
MemQueryInfo::scalar_deleting_destructor'<br>ParseAsn1Ber<br>ShouldLogToAsimov<br>WPP_SF_<br>WPP_SF_l<br>_guard_dispatch_icall_$fo_default$<br>_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>_><br>DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>
free
operator_delete[]
operator_new
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator=
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::operator=
std::vector<struct_vdll_section_data_t,class_std::allocator<struct_vdll_section_data_t>>::_Tidy





calling






paramcount
5
5




address
75a1b51b0
75a1891a0




sig
CallbackResult __thiscall BinaryElement(CX509CertificateParser * this, Asn1ElementType param_1, uchar * param_2, ulong param_3, uchar param_4)
CallbackResult __thiscall BinaryElement(CX509CertificateParser * this, Asn1ElementType param_1, uchar * param_2, ulong param_3, uchar param_4)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






CX509CertificateParser::BinaryElement Called Diff


--- CX509CertificateParser::BinaryElement called
+++ CX509CertificateParser::BinaryElement called
@@ -7 +6,0 @@
-CHash::`scalar_deleting_destructor'
@@ -17,4 +15,0 @@
-IsAsimovKillBitted
-IsEngineAlwaysSelected
-IsEngineDeterministic
-IsEngineFinalized
@@ -22,0 +18 @@
+MemQueryInfo::`scalar_deleting_destructor'
@@ -23,0 +20 @@
+ShouldLogToAsimov


CX509CertificateParser::BinaryElement Diff


--- CX509CertificateParser::BinaryElement
+++ CX509CertificateParser::BinaryElement
@@ -1,2 +1,486 @@
-Failed to decompile mpengine.dll - .ProgramDB CX509CertificateParser::BinaryElement : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* public: virtual enum IAsn1Callback::CallbackResult __cdecl
+   CX509CertificateParser::BinaryElement(enum Asn1ElementType,unsigned char const * __ptr64,unsigned
+   long,unsigned char) __ptr64 */
+
+CallbackResult __thiscall
+CX509CertificateParser::BinaryElement
+          (CX509CertificateParser *this,Asn1ElementType param_1,uchar *param_2,ulong param_3,
+          uchar param_4)
+
+{
+  CCommonThrowHR *pCVar1;
+  CMpCriticalSection *lpCriticalSection;
+  CHash *pCVar2;
+  bool bVar3;
+  long lVar4;
+  ulong uVar5;
+  int iVar6;
+  IAsn1Callback *pIVar7;
+  CEccPublicKey *this_00;
+  CSignature *pCVar8;
+  undefined2 uVar9;
+  undefined8 *puVar10;
+  char *pcVar11;
+  undefined3 in_stack_00000029;
+  CEccPublicKey *local_f8;
+  CHash *local_f0;
+  CRsaPublicKey *local_e8;
+  IAsn1Callback *local_e0;
+  uint local_d8 [2];
+  CSignature *local_d0;
+  undefined4 local_c8;
+  undefined4 local_c4;
+  uint local_c0;
+  uint local_bc;
+  uint local_b8;
+  uint local_b4;
+  undefined8 local_b0;
+  CRsaPublicKey *local_a8;
+  CEccPublicKey *local_a0;
+  longlong local_98;
+  CMpCriticalSection *local_90;
+  undefined8 uStack_88;
+  undefined8 local_80;
+  undefined **local_78;
+  undefined local_70;
+  undefined4 local_68;
+  uchar *local_60;
+  __uint64 local_58;
+  uchar *local_50;
+  __uint64 local_48;
+  undefined8 local_40;
+  undefined8 local_38;
+  undefined8 local_30;
+  undefined8 local_28;
+  undefined8 local_20;
+  undefined8 local_18 [2];
+  
+  pCVar1 = (CCommonThrowHR *)(ulonglong)param_3;
+  pCVar8 = (CSignature *)0x0;
+  local_d8[0] = 0;
+  if (param_4 != '\0') {
+    return 1;
+  }
+  iVar6 = *(int *)(this + 0x10);
+  if (iVar6 == 2) {
+    if (param_1 != 2) {
+      return 1;
+    }
+    local_f0 = (CHash *)0x0;
+    lVar4 = CSerialNumber::GetSerialNumber(param_2,(__uint64)pCVar1,(CSerialNumber **)&local_f0);
+    if ((-1 < lVar4) &&
+       (bVar3 = CPkcs6Certificate::SetSerialNumber
+                          ((CPkcs6Certificate *)(this + -0x118),
+                           (CAutoUniquePtr<class_CSerialNumber,void> *)&local_f0), pCVar2 = local_f0
+       , bVar3)) {
+      *(undefined4 *)(this + 0x10) = 3;
+      if (local_f0 == (CHash *)0x0) {
+        return 0;
+      }
+      if (*(void **)local_f0 != (void *)0x0) {
+        free(*(void **)local_f0);
+      }
+      operator_delete__(pCVar2,0x10);
+      return 0;
+    }
+    pCVar2 = local_f0;
+    if (local_f0 == (CHash *)0x0) {
+      return 1;
+    }
+    if (*(void **)local_f0 != (void *)0x0) {
+      free(*(void **)local_f0);
+    }
+    operator_delete__(pCVar2,0x10);
+    return 1;
+  }
+  if (iVar6 == 0xb) {
+    if (param_1 != 3) {
+      return 1;
+    }
+    if (this[0x14] != (CX509CertificateParser)0x0) {
+      return 0;
+    }
+    if (*(int *)(this + 0x2c) == 1) {
+      local_70 = 0;
+      local_78 = CRsaPublicKeyParser::vftable;
+      local_68 = 0;
+      local_60 = (uchar *)0x0;
+      local_58 = 0;
+      local_50 = (uchar *)0x0;
+      local_48 = 0;
+      lVar4 = ParseAsn1Ber(param_2,(__uint64)pCVar1,(IAsn1Callback *)&local_78,true,(__uint64 *)0x0)
+      ;
+      if (-1 < lVar4) {
+        local_e8 = (CRsaPublicKey *)0x0;
+        lVar4 = CRsaPublicKey::ReadKey(local_60,local_58,local_50,local_48,&local_e8);
+        if (-1 < lVar4) {
+          local_f8 = (CEccPublicKey *)local_e8;
+          bVar3 = CPkcs6Certificate::SetPublicKey
+                            ((CPkcs6Certificate *)(this + -0x118),
+                             (CAutoUniquePtr<class_IPublicKey,void> *)&local_f8);
+          if (!bVar3) {
+            if (local_f8 != (CEccPublicKey *)0x0) {
+              (**(code **)*(CRsaPublicKey **)local_f8)(local_f8,1);
+            }
+            if (local_50 != (uchar *)0x0) {
+              free(local_50);
+            }
+            if (local_60 == (uchar *)0x0) {
+              return 1;
+            }
+            free(local_60);
+            return 1;
+          }
+          if (local_f8 != (CEccPublicKey *)0x0) {
+            (**(code **)*(CRsaPublicKey **)local_f8)(local_f8,1);
+          }
+          if (local_50 != (uchar *)0x0) {
+            free(local_50);
+          }
+          if (local_60 != (uchar *)0x0) {
+            free(local_60);
+          }
+          goto LAB_0;
+        }
+      }
+      CRsaPublicKeyParser::~CRsaPublicKeyParser((CRsaPublicKeyParser *)&local_78);
+      return 1;
+    }
+    if (*(int *)(this + 0x2c) != 2) {
+LAB_0:
+      *(undefined4 *)(this + 0x10) = 9;
+      return 0;
+    }
+    this_00 = (CEccPublicKey *)operator_new(0x40);
+    local_a8 = (CRsaPublicKey *)&local_e8;
+    local_e8 = (CRsaPublicKey *)0x0;
+    local_90 = (CMpCriticalSection *)0x0;
+    uStack_88 = 0;
+    local_80 = 0;
+    local_d8[0] = 1;
+    local_a0 = this_00;
+    puVar10 = CommonUtil::TrDuplicateBuffer<unsigned_char>(&local_e0,pCVar1,param_2);
+    pCVar8 = (CSignature *)
+             CEccPublicKey::CEccPublicKey
+                       (this_00,puVar10,pCVar1,
+                        (vector<unsigned_int,class_std::allocator<unsigned_int>_> *)&local_90,
+                        &local_e8,0);
+    std::vector<struct_vdll_section_data_t,class_std::allocator<struct_vdll_section_data_t>_>::_Tidy
+              ((vector<struct_vdll_section_data_t,class_std::allocator<struct_vdll_section_data_t>_>
+                *)&local_90);
+    local_f8 = (CEccPublicKey *)pCVar8;
+    if (*(uchar **)(this + 0x50) == (uchar *)0x0) {
+      local_a0 = *(CEccPublicKey **)(this + 0x38);
+      local_98 = *(longlong *)(this + 0x40) - (longlong)local_a0 >> 2;
+      iVar6 = CEccPublicKey::SetDefinedCurve((CEccPublicKey *)pCVar8,(CObjectId *)&local_a0);
+    }
+    else {
+      iVar6 = CEccPublicKey::SetCustomCurve
+                        ((CEccPublicKey *)pCVar8,*(uchar **)(this + 0x50),*(__uint64 *)(this + 0x58)
+                        );
+    }
+    if (iVar6 < 0) {
+      if (pCVar8 == (CSignature *)0x0) {
+        return 1;
+      }
+      puVar10 = *(undefined8 **)pCVar8;
+      goto LAB_1;
+    }
+    bVar3 = CPkcs6Certificate::SetPublicKey
+                      ((CPkcs6Certificate *)(this + -0x118),
+                       (CAutoUniquePtr<class_IPublicKey,void> *)&local_f8);
+    pCVar8 = (CSignature *)local_f8;
+    if (bVar3) {
+      if (local_f8 != (CEccPublicKey *)0x0) {
+        (*(code *)**(undefined8 **)local_f8)(local_f8,1);
+      }
+      goto LAB_0;
+    }
+    goto LAB_2;
+  }
+  if (iVar6 == 0x10) {
+    *(undefined4 *)(this + 0x10) = 0xe;
+    return 0;
+  }
+  if (iVar6 == 0x11) {
+    pIVar7 = (IAsn1Callback *)`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>(0x58)
+    ;
+    if (pIVar7 != (IAsn1Callback *)0x0) {
+      pIVar7[8] = (IAsn1Callback)0x0;
+      *(undefined ***)pIVar7 = CAuthorityInfoAccessParser::vftable;
+      *(undefined8 *)(pIVar7 + 0x10) = 0;
+      *(undefined8 *)(pIVar7 + 0x18) = 0;
+      *(undefined8 *)(pIVar7 + 0x20) = 0;
+      *(undefined8 *)(pIVar7 + 0x28) = 0;
+      *(undefined8 *)(pIVar7 + 0x30) = 7;
+      *(undefined2 *)(pIVar7 + 0x18) = 0;
+      *(undefined8 *)(pIVar7 + 0x38) = 0;
+      *(undefined8 *)(pIVar7 + 0x40) = 0;
+      *(undefined8 *)(pIVar7 + 0x48) = 0;
+      *(undefined8 *)(pIVar7 + 0x50) = 7;
+      *(undefined2 *)(pIVar7 + 0x38) = 0;
+      pCVar8 = (CSignature *)pIVar7;
+    }
+    if (pCVar8 == (CSignature *)0x0) {
+      if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) {
+        return 1;
+      }
+      if ((WPP_GLOBAL_Control[0x1c] & 1) == 0) {
+        return 1;
+      }
+      uVar9 = 0x14;
+LAB_3:
+      local_e0 = (IAsn1Callback *)0x0;
+      WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar9,
+              &WPP_898e43e22c273a9cb0ad17202c7d4d38_Traceguids);
+      return 1;
+    }
+    local_e0 = (IAsn1Callback *)pCVar8;
+    lVar4 = ParseAsn1Ber(param_2,(__uint64)pCVar1,(IAsn1Callback *)pCVar8,true,(__uint64 *)0x0);
+    if (-1 < lVar4) {
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)(this + -0x60),
+                (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)((IAsn1Callback *)pCVar8 + 0x18));
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)(this + -0x40),
+                (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)((IAsn1Callback *)pCVar8 + 0x38));
+    }
+    *(undefined4 *)(this + 0x10) = 0xe;
+  }
+  else if (iVar6 == 0x12) {
+    pIVar7 = (IAsn1Callback *)`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>(0x38)
+    ;
+    if (pIVar7 != (IAsn1Callback *)0x0) {
+      pIVar7[8] = (IAsn1Callback)0x0;
+      *(undefined ***)pIVar7 = CSubjectAltNameParser::vftable;
+      *(undefined4 *)(pIVar7 + 0x10) = 0;
+      *(undefined8 *)(pIVar7 + 0x18) = 0;
+      *(undefined8 *)(pIVar7 + 0x20) = 0;
+      *(undefined8 *)(pIVar7 + 0x28) = 0;
+      *(undefined8 *)(pIVar7 + 0x30) = 7;
+      *(undefined2 *)(pIVar7 + 0x18) = 0;
+      pCVar8 = (CSignature *)pIVar7;
+    }
+    if (pCVar8 == (CSignature *)0x0) {
+      if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) {
+        return 1;
+      }
+      if ((WPP_GLOBAL_Control[0x1c] & 1) == 0) {
+        return 1;
+      }
+      uVar9 = 0x15;
+      goto LAB_3;
+    }
+    local_e0 = (IAsn1Callback *)pCVar8;
+    lVar4 = ParseAsn1Ber(param_2,(__uint64)pCVar1,(IAsn1Callback *)pCVar8,true,(__uint64 *)0x0);
+    if (-1 < lVar4) {
+      std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+      operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)(this + -0x20),
+                (basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
+                 *)((IAsn1Callback *)pCVar8 + 0x18));
+    }
+    *(undefined4 *)(this + 0x10) = 0xe;
+  }
+  else {
+    if (iVar6 != 0x13) {
+      if (iVar6 != 0x15) {
+        if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) {
+          return 1;
+        }
+        if ((WPP_GLOBAL_Control[0x1c] & 8) == 0) {
+          return 1;
+        }
+        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x18,
+                 &WPP_898e43e22c273a9cb0ad17202c7d4d38_Traceguids,iVar6);
+        return 1;
+      }
+      if (param_1 != 3) {
+        return 1;
+      }
+      *(undefined4 *)(this + 0x10) = 0x16;
+      if (this[0x14] != (CX509CertificateParser)0x0) {
+        return 0;
+      }
+      local_d0 = (CSignature *)0x0;
+      lVar4 = CSignature::GetSignature
+                        (*(HashType *)(this + 0x80),*(EncryptionType *)(this + 0x7c),param_2,
+                         (__uint64)pCVar1,&local_d0);
+      pCVar8 = local_d0;
+      if (-1 < lVar4) {
+        bVar3 = CPkcs7SignerInfo::SetAuthHash
+                          ((CPkcs7SignerInfo *)(this + -0x118),
+                           (CAutoUniquePtr<class_CHash,void> *)&local_d0);
+        pCVar8 = local_d0;
+        if (bVar3) {
+          local_f0 = (CHash *)0x0;
+          lVar4 = CHash::GenerateHash(*(HashType *)(this + 0x80),*(uchar **)(this + 0xb8),
+                                      *(__uint64 *)(this + 0xc0),&local_f0);
+          if ((lVar4 < 0) ||
+             (bVar3 = CAuthenticodeContentInfo::SetHash
+                                ((CAuthenticodeContentInfo *)(this + -0x118),
+                                 (CAutoUniquePtr<class_CHash,void> *)&local_f0), bVar3)) {
+            if (this[0xb0] != (CX509CertificateParser)0x0) {
+              if ((*(CDistinguishedName **)(this + -0xd8) == (CDistinguishedName *)0x0) ||
+                 (*(longlong *)(this + -0xe0) == 0)) {
+                if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                   ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+                  WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x16,
+                          &WPP_898e43e22c273a9cb0ad17202c7d4d38_Traceguids);
+                }
+              }
+              else {
+                local_f8 = (CEccPublicKey *)0x0;
+                uVar5 = CDistinguishedName::GetDistinguishedName
+                                  (*(CDistinguishedName **)(this + -0xd8),(wchar_t **)&local_f8,0);
+                if (uVar5 != 0) {
+                  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+                     ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+                    WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x17,
+                            &WPP_898e43e22c273a9cb0ad17202c7d4d38_Traceguids);
+                  }
+                  if (local_f8 != (CEccPublicKey *)0x0) {
+                    free(local_f8);
+                  }
+                  goto LAB_4;
+                }
+                puVar10 = CSerialNumber::ToString(*(CSerialNumber **)(this + -0xe0),&local_e8);
+                pcVar11 = "Engine.Pkcs.BadRsaParameters";
+                bVar3 = ShouldLogToAsimov(false,SUB81(puVar10,0),"Engine.Pkcs.BadRsaParameters");
+                lpCriticalSection = g_pcsAsimovLock;
+                if ((bVar3) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+                  local_90 = g_pcsAsimovLock;
+                  EnterCriticalSection((LPCRITICAL_SECTION)g_pcsAsimovLock);
+                  uStack_88 = CONCAT71(uStack_88._1_7_,1);
+                  if ((5 < DAT_5) &&
+                     (((_DAT_6 & 0x400000000000) != 0 &&
+                      ((DAT_7 & 0x400000000000) == DAT_7)))) {
+                    _param_4 = *(undefined4 *)(g_aAsimov + 0x48);
+                    local_c8 = *(undefined4 *)(g_aAsimov + 0x44);
+                    local_c4 = *(undefined4 *)(g_aAsimov + 0x40);
+                    local_c0 = (uint)(byte)g_aAsimov[0x3c];
+                    local_bc = (uint)(byte)g_aAsimov[0x3b];
+                    local_b8 = (uint)(byte)g_aAsimov[0x3a];
+                    local_b4 = (uint)(byte)g_aAsimov[0x39];
+                    local_d8[0] = (uint)(byte)g_aAsimov[0x38];
+                    local_40 = *(undefined8 *)(g_aAsimov + 0x30);
+                    local_38 = *(undefined8 *)(g_aAsimov + 0x28);
+                    local_30 = *(undefined8 *)(g_aAsimov + 0x20);
+                    local_28 = *(undefined8 *)(g_aAsimov + 0x18);
+                    local_20 = *(undefined8 *)(g_aAsimov + 0x10);
+                    local_18[0] = *(undefined8 *)(g_aAsimov + 8);
+                    local_b0 = 0x1000000;
+                    local_a8 = local_e8;
+                    local_a0 = local_f8;
+                    local_e0 = (IAsn1Callback *)&DAT_8;
+                    _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+                    ::
+                    Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>_>
+                              ((_tlgProvider_t *)g_aAsimov,&DAT_9,pcVar11,
+                               (_tlgWrapperByVal<8> *)&local_e0,(_tlgWrapSz<wchar_t> *)&local_a0,
+                               (_tlgWrapSz<wchar_t> *)&local_a8,(_tlgWrapperByVal<8> *)&local_b0,
+                               (_tlgWrapSz<wchar_t> *)local_18,(_tlgWrapSz<wchar_t> *)&local_20,
+                               (_tlgWrapSz<wchar_t> *)&local_28,(_tlgWrapSz<wchar_t> *)&local_30,
+                               (_tlgWrapSz<wchar_t> *)&local_38,(_tlgWrapSz<wchar_t> *)&local_40,
+                               (_tlgWrapperByVal<4> *)local_d8,(_tlgWrapperByVal<4> *)&local_b4,
+                               (_tlgWrapperByVal<4> *)&local_b8,(_tlgWrapperByVal<4> *)&local_bc,
+                               (_tlgWrapperByVal<4> *)&local_c0,(_tlgWrapperByVal<4> *)&local_c4,
+                               (_tlgWrapperByVal<4> *)&local_c8,(_tlgWrapperByVal<4> *)&param_4);
+                  }
+                  LeaveCriticalSection((LPCRITICAL_SECTION)lpCriticalSection);
+                }
+                if (local_e8 != (CRsaPublicKey *)0x0) {
+                  free(local_e8);
+                }
+                if (local_f8 != (CEccPublicKey *)0x0) {
+                  free(local_f8);
+                }
+              }
+            }
+            if (local_f0 != (CHash *)0x0) {
+              if ((code *)**(undefined8 **)local_f0 == MemQueryInfo::_scalar_deleting_destructor_) {
+                MemQueryInfo::_scalar_deleting_destructor_((MemQueryInfo *)local_f0,1);
+              }
+              else {
+                (*(code *)**(undefined8 **)local_f0)();
+              }
+            }
+            if (local_d0 == (CSignature *)0x0) {
+              return 0;
+            }
+            puVar10 = *(undefined8 **)local_d0;
+            pCVar8 = local_d0;
+            goto LAB_10;
+          }
+LAB_4:
+          pCVar8 = local_d0;
+          if (local_f0 != (CHash *)0x0) {
+            if ((code *)**(undefined8 **)local_f0 == MemQueryInfo::_scalar_deleting_destructor_) {
+              MemQueryInfo::_scalar_deleting_destructor_((MemQueryInfo *)local_f0,1);
+              pCVar8 = local_d0;
+            }
+            else {
+              (*(code *)**(undefined8 **)local_f0)();
+              pCVar8 = local_d0;
+            }
+          }
+        }
+      }
+LAB_2:
+      if (pCVar8 == (CSignature *)0x0) {
+        return 1;
+      }
+      puVar10 = *(undefined8 **)pCVar8;
+LAB_1:
+      (*(code *)*puVar10)(pCVar8,1);
+      return 1;
+    }
+    pIVar7 = (IAsn1Callback *)`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>(0x30)
+    ;
+    if (pIVar7 != (IAsn1Callback *)0x0) {
+      pIVar7[8] = (IAsn1Callback)0x0;
+      *(undefined ***)pIVar7 = CEnhancedKeyUsageParser::vftable;
+      *(undefined4 *)(pIVar7 + 0x10) = 0;
+      pIVar7[0x14] = (IAsn1Callback)0x0;
+      *(undefined8 *)(pIVar7 + 0x18) = 0;
+      *(undefined8 *)(pIVar7 + 0x20) = 0;
+      *(undefined8 *)(pIVar7 + 0x28) = 0;
+      pCVar8 = (CSignature *)pIVar7;
+    }
+    if (pCVar8 == (CSignature *)0x0) {
+      if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) {
+        return 1;
+      }
+      if ((WPP_GLOBAL_Control[0x1c] & 1) == 0) {
+        return 1;
+      }
+      uVar9 = 0x13;
+      goto LAB_3;
+    }
+    local_e0 = (IAsn1Callback *)pCVar8;
+    lVar4 = ParseAsn1Ber(param_2,(__uint64)pCVar1,(IAsn1Callback *)pCVar8,true,(__uint64 *)0x0);
+    if (-1 < lVar4) {
+      this[-0x90] = *(CX509CertificateParser *)((IAsn1Callback *)pCVar8 + 0x14);
+      std::
+      vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
+      ::operator=((vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
+                   *)(this + -0x78),
+                  (vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_>_>
+                   *)((IAsn1Callback *)pCVar8 + 0x18));
+    }
+    *(undefined4 *)(this + 0x10) = 0xe;
+  }
+  puVar10 = *(undefined8 **)pCVar8;
+LAB_10:
+  (*(code *)*puVar10)(pCVar8,1);
+  return 0;
+}
+



CAsn1Parser::BinaryElement


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.01




i_ratio
0.27




m_ratio
0.46




b_ratio
0.46




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BinaryElement
BinaryElement




fullname
CAsn1Parser::BinaryElement
CAsn1Parser::BinaryElement




refcount
3
3




length
727
650




called

Expand for full list:
CAsn1Data::SetValue
WPP_SF_
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
operator_delete[]
std::basic_ostream<char,struct_std::char_traits>::operator<<
std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate
std::basic_string<char,struct_std::char_traits,class_std::allocator>::append
std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator>
std::basic_stringbuf<char,struct_std::char_traits,class_std::allocator>::strstd::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::basic_stringstream<char,struct_std::char_traits,class_std::allocator>
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::~basic_stringstream<char,struct_std::char_traits,class_std::allocator_>
std::hex
std::ios_base::_Tidy
std::locale::~locale
std::swfun


Expand for full list:
CAsn1Data::SetValue
WPP_SF_
WPP_SF_l
__security_check_cookie
DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer<br>std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<<br>std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<<br>std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate<br>std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::append<br>std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_><br>std::basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_>::str</summary>std::basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::vbase_destructor'
std::basic_stringstream<char,struct_std::char_traits,class_std::allocator>::basic_stringstream<char,struct_std::char_traits,class_std::allocator>
std::hex
std::operator<<<char,struct_std::char_traits_>
std::swfun





calling






paramcount
5
5




address
75a438710
75acd1780




sig
CallbackResult __thiscall BinaryElement(CAsn1Parser * this, Asn1ElementType param_1, uchar * param_2, ulong param_3, uchar param_4)
CallbackResult __thiscall BinaryElement(CAsn1Parser * this, Asn1ElementType param_1, uchar * param_2, ulong param_3, uchar param_4)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






CAsn1Parser::BinaryElement Called Diff


--- CAsn1Parser::BinaryElement called
+++ CAsn1Parser::BinaryElement called
@@ -6 +6 @@
-operator_delete[]
+std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<
@@ -11,0 +12 @@
+std::basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::`vbase_destructor'
@@ -13 +13,0 @@
-std::basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::~basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>
@@ -15,2 +15 @@
-std::ios_base::_Tidy
-std::locale::~locale
+std::operator<<<char,struct_std::char_traits<char>_>


CAsn1Parser::BinaryElement Diff


--- CAsn1Parser::BinaryElement
+++ CAsn1Parser::BinaryElement
@@ -1,2 +1,146 @@
-Failed to decompile mpengine.dll - .ProgramDB CAsn1Parser::BinaryElement : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* public: virtual enum IAsn1Callback::CallbackResult __cdecl CAsn1Parser::BinaryElement(enum
+   Asn1ElementType,unsigned char const * __ptr64,unsigned long,unsigned char) __ptr64 */
+
+CallbackResult __thiscall
+CAsn1Parser::BinaryElement
+          (CAsn1Parser *this,Asn1ElementType param_1,uchar *param_2,ulong param_3,uchar param_4)
+
+{
+  uchar *puVar1;
+  CallbackResult extraout_EAX;
+  basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar2;
+  basic_ostream<char,struct_std::char_traits<char>_> *pbVar3;
+  undefined2 uVar4;
+  int iVar5;
+  char *pcVar6;
+  ulonglong uVar7;
+  uint uVar8;
+  ulonglong uVar9;
+  __uint64 _Var10;
+  uchar uVar11;
+  ulonglong uVar12;
+  undefined auStack_1b8 [32];
+  uchar *local_198;
+  basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_188 [32];
+  basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_168 [16];
+  basic_ostream<char,struct_std::char_traits<char>_> local_158 [8];
+  basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_150 [232];
+  code *local_68;
+  undefined8 uStack_60;
+  undefined8 local_58;
+  undefined8 uStack_50;
+  ulonglong local_48;
+  
+  local_48 = __security_cookie ^ (ulonglong)auStack_1b8;
+  uVar12 = 0;
+  local_198 = param_2;
+  if (param_1 == 3) {
+    if (param_4 < 8) {
+      uVar8 = param_3 * 8 - (uint)param_4;
+      uVar9 = (ulonglong)uVar8;
+      uStack_60 = 0;
+      local_58 = 0;
+      uStack_50 = 0xf;
+      local_68 = (code *)0x0;
+      if (uVar8 != 0) {
+        do {
+          if (param_3 <= uVar12) break;
+          uVar7 = uVar9;
+          if (8 < uVar9) {
+            uVar7 = 8;
+          }
+          uVar11 = param_2[uVar12];
+          uVar12 = uVar12 + 1;
+          if (uVar7 != 0) {
+            do {
+              pcVar6 = "1";
+              if (-1 < (char)uVar11) {
+                pcVar6 = "0";
+              }
+              _Var10 = 0xffffffffffffffff;
+              do {
+                _Var10 = _Var10 + 1;
+              } while (pcVar6[_Var10] != '\0');
+              std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+              append((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+                     )&local_68,pcVar6,_Var10);
+              uVar11 = uVar11 * '\x02';
+              uVar7 = uVar7 - 1;
+            } while (uVar7 != 0);
+            uVar7 = 0;
+            param_2 = local_198;
+          }
+          uVar9 = uVar9 - uVar7;
+        } while (uVar9 != 0);
+      }
+      pbVar2 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+               std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+               basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                         (local_188,
+                          (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                           *)&local_68);
+      CAsn1Data::SetValue((CAsn1Data *)(this + 0x10),10,3,pbVar2);
+      std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+      _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                        *)&local_68);
+      goto LAB_0;
+    }
+    if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+       ((WPP_GLOBAL_Control[0x1c] & 2) == 0)) goto LAB_0;
+    uVar4 = 0xc;
+  }
+  else {
+    if ((param_1 + 0xfffffffe & 0xfffffffd) != 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0xe,
+                 &WPP_f146ee562f2a3cf8b837ef25d911d6f0_Traceguids,param_1);
+      }
+      goto LAB_0;
+    }
+    if (param_4 == '\0') {
+      std::basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+      basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_168);
+      puVar1 = local_198;
+      if (param_3 != 0) {
+        local_68 = std::swfun;
+        uStack_60 = 2;
+        do {
+          pbVar3 = std::operator<<<char,struct_std::char_traits<char>_>
+                             (local_158,(_Smanip<__int64> *)&local_68);
+          pbVar3[(longlong)*(int *)(*(longlong *)pbVar3 + 4) + 0x58] =
+               (basic_ostream<char,struct_std::char_traits<char>_>)0x30;
+          pbVar3 = std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<
+                             (pbVar3,std::hex);
+          std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<
+                    (pbVar3,(uint)puVar1[uVar12]);
+          uVar12 = uVar12 + 1;
+        } while (uVar12 < param_3);
+      }
+      std::basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_>::str
+                (local_150,
+                 (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+                 &local_68);
+      iVar5 = 10;
+      if (param_1 != 4) {
+        iVar5 = 5;
+      }
+      CAsn1Data::SetValue((CAsn1Data *)(this + 0x10),iVar5,param_1,
+                          (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+                           *)&local_68);
+      std::basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+      _vbase_destructor_(local_168);
+      goto LAB_0;
+    }
+    if (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
+       ((WPP_GLOBAL_Control[0x1c] & 2) == 0)) goto LAB_0;
+    uVar4 = 0xd;
+  }
+  WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar4,
+          &WPP_f146ee562f2a3cf8b837ef25d911d6f0_Traceguids);
+LAB_0:
+  __security_check_cookie(local_48 ^ (ulonglong)auStack_1b8);
+  return extraout_EAX;
+}
+



BmCloudContext::BmCloudCompletion


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,calling




ratio
0.01




i_ratio
0.14




m_ratio
0.71




b_ratio
0.57




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BmCloudCompletion
BmCloudCompletion




fullname
BmCloudContext::BmCloudCompletion
BmCloudContext::BmCloudCompletion




refcount
2
2




length
33
20




called

guard_dispatch_icall$fo_default$


guard_dispatch_icall$fo_default$





calling
SignatureContainer::BmCloudCompletion
SignatureContainer::BmCloudCompletion		
SignatureContainer::BmCloudCompletion
SignatureContainer::BmCloudCompletion		




paramcount
1
1




address
75a8b11b8
75a878598




sig
void __thiscall BmCloudCompletion(BmCloudContext * this)
void __thiscall BmCloudCompletion(BmCloudContext * this)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






BmCloudContext::BmCloudCompletion Calling Diff




BmCloudContext::BmCloudCompletion Diff


--- BmCloudContext::BmCloudCompletion
+++ BmCloudContext::BmCloudCompletion
@@ -1,2 +1,13 @@
-Failed to decompile mpengine.dll - .ProgramDB BmCloudContext::BmCloudCompletion : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* public: void __cdecl BmCloudContext::BmCloudCompletion(void) __ptr64 */
+
+void __thiscall BmCloudContext::BmCloudCompletion(BmCloudContext *this)
+
+{
+  (**(code **)(**(longlong **)(this + 0x10) + 0x70))
+            (*(longlong **)(this + 0x10),*(undefined8 *)(this + 0x20));
+  return;
+}
+



DetectionItem::BmCloudResponse


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,sig,address,called




ratio
0.0




i_ratio
0.24




m_ratio
0.72




b_ratio
0.74




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BmCloudResponse
BmCloudResponse




fullname
DetectionItem::BmCloudResponse
DetectionItem::BmCloudResponse




refcount
4
4




length
1365
2231




called

Expand for full list:
AsyncScanResource
BmDetectionDetails::ParseAction
CAsyncQueueCounter::Dismiss
CDelayedBmAction::CDelayedBmAction
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
CommonUtil::NewSprintfW
CommonUtil::ScopeGuardImpl<<lambda_1b3476c017327f749016dc15adf2a305>>::~ScopeGuardImpl<<lambda_1b3476c017327f749016dc15adf2a305>>
FindDetectionDetails
GetDetectionActions
HandleThreatDetection
PerformDetectionActionsTriggerSignature
WPP_SF_
WPP_SF_SL
WPP_SF_l
WPP_SF_s
guard_dispatch_icall$fo_default$
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
free
operator_new
strstr


Expand for full list:
AsyncScanResource
BmDetectionDetails::ParseAction
BmInternalInfo::BmInternalInfo
BmInternalInfo::Send
BmInternalInfo::~BmInternalInfo
CAsyncQueueCounter::Dismiss
CDelayedBmAction::CDelayedBmAction
CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
CommonUtil::CCommonThrowHR::operator=
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>CommonUtil::ScopeGuardImpl<<lambda_c3e71470731c50b00c30343ca7f96410>>::~ScopeGuardImpl<<lambda_c3e71470731c50b00c30343ca7f96410>>
FindDetectionDetails
GetDetectionActions
HandleThreatDetection
PerformDetectionActions
ShouldLogToAsimov
TriggerSignature
WPP_SF_
WPP_SF_S
WPP_SF_SL
WPP_SF_l
__security_check_cookie
guard_dispatch_icall$fo_default$
_tlgKeywordOn
_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz>
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
operator_new
wcsstr





calling






paramcount
2
2




address
75a870a90
75a82e440




sig
void __thiscall BmCloudResponse(DetectionItem * this, char * param_1)
void __thiscall BmCloudResponse(DetectionItem * this, wchar_t * param_1)




sym_type
Function
Function




sym_source
ANALYSIS
ANALYSIS




external
False
False






DetectionItem::BmCloudResponse Called Diff


--- DetectionItem::BmCloudResponse called
+++ DetectionItem::BmCloudResponse called
@@ -2,0 +3,3 @@
+BmInternalInfo::BmInternalInfo
+BmInternalInfo::Send
+BmInternalInfo::~BmInternalInfo
@@ -6,2 +9,4 @@
-CommonUtil::NewSprintfW
-CommonUtil::ScopeGuardImpl<<lambda_1b3476c017327f749016dc15adf2a305>_>::~ScopeGuardImpl<<lambda_1b3476c017327f749016dc15adf2a305>_>
+CommonUtil::CCommonThrowHR::operator=
+CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+CommonUtil::ScopeGuardImpl<<lambda_c3e71470731c50b00c30343ca7f96410>_>::~ScopeGuardImpl<<lambda_c3e71470731c50b00c30343ca7f96410>_>
@@ -11,0 +17 @@
+ShouldLogToAsimov
@@ -13,0 +20 @@
+WPP_SF_S
@@ -16 +23 @@
-WPP_SF_s
+__security_check_cookie
@@ -17,0 +25,2 @@
+_tlgKeywordOn
+_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>_>
@@ -19 +27,0 @@
-free
@@ -21 +29 @@
-strstr
+wcsstr


DetectionItem::BmCloudResponse Diff


--- DetectionItem::BmCloudResponse
+++ DetectionItem::BmCloudResponse
@@ -1,2 +1,310 @@
-Failed to decompile mpengine.dll - .ProgramDB DetectionItem::BmCloudResponse : Error: Decompile error: 
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+   guard_dispatch_icall */
+/* public: virtual void __cdecl DetectionItem::BmCloudResponse(wchar_t const * __ptr64) __ptr64 */
+
+void __thiscall DetectionItem::BmCloudResponse(DetectionItem *this,wchar_t *param_1)
+
+{
+  ulong *puVar1;
+  ulong uVar2;
+  bool bVar3;
+  char cVar4;
+  long lVar5;
+  long lVar6;
+  wchar_t *pwVar7;
+  longlong lVar8;
+  __uint64 _Var9;
+  BmInternalInfo *this_00;
+  wchar_t *pwVar10;
+  wchar_t *pwVar11;
+  undefined8 *puVar12;
+  long lVar13;
+  wchar_t *pwVar14;
+  char *pcVar15;
+  undefined auStackY_2d8 [32];
+  wchar_t *in_stack_fffffffffffffd48;
+  undefined local_218 [4];
+  undefined4 local_214;
+  wchar_t *local_210;
+  DetectionItem *local_208;
+  BmDetectionDetails *local_200;
+  ProcessContext *local_1f8;
+  undefined4 local_1f0;
+  undefined4 local_1ec;
+  uint local_1e8;
+  uint local_1e4;
+  uint local_1e0;
+  uint local_1dc;
+  uint local_1d8 [2];
+  ulong *local_1d0;
+  CDelayedBmAction *local_1c8;
+  longlong local_1c0;
+  char *local_1b8;
+  ulong *local_1b0;
+  DetectionItem *local_1a8;
+  char local_1a0 [8];
+  undefined *local_198;
+  DetectionItem *local_190;
+  char *local_188;
+  undefined8 local_180;
+  undefined8 local_178;
+  undefined8 local_170;
+  undefined8 local_168;
+  undefined8 local_160;
+  undefined8 local_158;
+  undefined8 local_150;
+  wchar_t *local_148;
+  undefined8 local_140;
+  undefined8 local_138;
+  undefined8 local_130;
+  wchar_t *local_128;
+  undefined8 local_120;
+  undefined4 local_118;
+  char *local_110;
+  CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> local_108 [16];
+  CDelayedBmAction *local_f8;
+  BmInternalInfo local_e8 [128];
+  undefined4 local_68;
+  undefined4 local_64;
+  uint local_60;
+  undefined4 local_5c;
+  ulonglong local_38;
+  
+  local_38 = __security_cookie ^ (ulonglong)auStackY_2d8;
+  pwVar14 = (wchar_t *)0x0;
+  local_218[0] = 0;
+  local_1a0[0] = '\0';
+  local_198 = local_218;
+  local_210 = param_1;
+  local_208 = this;
+  local_190 = this;
+  if ((param_1 == (wchar_t *)0x0) || (*param_1 == L'\0')) {
+    pwVar10 = param_1;
+    if (*(short *)(this + 0x314) == 0) {
+      *(undefined2 *)(this + 0x314) = 1;
+    }
+  }
+  else {
+    BmInternalInfo::BmInternalInfo
+              (local_e8,0x2b,param_1,(wchar_t *)0x0,in_stack_fffffffffffffd48,false);
+    local_60 = *(uint *)(this + 0x9c);
+    local_68 = (undefined4)*(undefined8 *)(this + 0x94);
+    local_64 = (undefined4)((ulonglong)*(undefined8 *)(this + 0x94) >> 0x20);
+    lVar13 = 0;
+    local_5c = 0;
+    CommonUtil::CCommonThrowHR::operator=((CCommonThrowHR *)(ulonglong)local_60,0);
+    this_00 = local_e8;
+    lVar5 = BmInternalInfo::Send(this_00);
+    CommonUtil::CCommonThrowHR::operator=((CCommonThrowHR *)this_00,lVar5);
+    BmInternalInfo::~BmInternalInfo(local_e8);
+    pwVar10 = L"!";
+    pwVar7 = wcsstr(param_1,L"!");
+    if ((pwVar7 != (wchar_t *)0x0) && (*pwVar7 != L'\0')) {
+      pcVar15 = "Engine.BM.CloudRequest";
+      bVar3 = ShouldLogToAsimov(false,SUB81(pwVar10,0),"Engine.BM.CloudRequest");
+      if ((bVar3) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+        CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+        CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+                  (local_108,g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar15);
+        if ((5 < DAT_0) &&
+           (cVar4 = _tlgKeywordOn(0x75b1d6288,0x400000000000), cVar4 != '\0')) {
+          local_110 = "CloudRequest";
+          local_188 = "BM";
+          local_214 = *(undefined4 *)(g_aAsimov + 0x48);
+          local_1f0 = *(undefined4 *)(g_aAsimov + 0x44);
+          local_1ec = *(undefined4 *)(g_aAsimov + 0x40);
+          local_1e8 = (uint)(byte)g_aAsimov[0x3c];
+          local_1e4 = (uint)(byte)g_aAsimov[0x3b];
+          local_1e0 = (uint)(byte)g_aAsimov[0x3a];
+          local_1dc = (uint)(byte)g_aAsimov[0x39];
+          local_1d8[0] = (uint)(byte)g_aAsimov[0x38];
+          local_180 = *(undefined8 *)(g_aAsimov + 0x30);
+          local_178 = *(undefined8 *)(g_aAsimov + 0x28);
+          local_170 = *(undefined8 *)(g_aAsimov + 0x20);
+          local_168 = *(undefined8 *)(g_aAsimov + 0x18);
+          local_160 = *(undefined8 *)(g_aAsimov + 0x10);
+          local_158 = *(undefined8 *)(g_aAsimov + 8);
+          local_150 = 0x1000000;
+          local_210 = (wchar_t *)CONCAT44(local_210._4_4_,(uint)*(ushort *)(this + 0x314));
+          local_140 = *(undefined8 *)(this + 0x80);
+          local_138 = 1;
+          local_148 = pwVar7;
+          _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+          ::
+          Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>_>
+                    ((_tlgProvider_t *)g_aAsimov,&DAT_1,pcVar15,
+                     (_tlgWrapperByVal<8> *)&local_138,(_tlgWrapperByVal<8> *)&local_140,
+                     (_tlgWrapperByVal<4> *)&local_210,(_tlgWrapSz<wchar_t> *)&local_148,
+                     (_tlgWrapperByVal<8> *)&local_150,(_tlgWrapSz<wchar_t> *)&local_158,
+                     (_tlgWrapSz<wchar_t> *)&local_160,(_tlgWrapSz<wchar_t> *)&local_168,
+                     (_tlgWrapSz<wchar_t> *)&local_170,(_tlgWrapSz<wchar_t> *)&local_178,
+                     (_tlgWrapSz<wchar_t> *)&local_180,(_tlgWrapperByVal<4> *)local_1d8,
+                     (_tlgWrapperByVal<4> *)&local_1dc,(_tlgWrapperByVal<4> *)&local_1e0,
+                     (_tlgWrapperByVal<4> *)&local_1e4,(_tlgWrapperByVal<4> *)&local_1e8,
+                     (_tlgWrapperByVal<4> *)&local_1ec,(_tlgWrapperByVal<4> *)&local_1f0,
+                     (_tlgWrapperByVal<4> *)&local_214,(_tlgWrapSz<char> *)&local_188,
+                     (_tlgWrapSz<char> *)&local_110);
+        }
+        CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+        ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>(local_108);
+      }
+      *(undefined2 *)(this + 0x314) = 1;
+      pwVar11 = L"signature";
+      pwVar10 = wcsstr(pwVar7,L"signature");
+      if (pwVar10 == (wchar_t *)0x0) {
+        *(undefined2 *)(this + 0x314) = 3;
+        CAsyncQueueCounter::Dismiss((CAsyncQueueCounter *)(this + 0x18),pwVar11);
+        if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x38,
+                   &WPP_c145a18ef95439c3fd66c499e92a5fdd_Traceguids,pwVar7);
+        }
+        puVar12 = *(undefined8 **)(this + 0x300);
+        if (puVar12 != (undefined8 *)0x0) {
+          *(undefined8 *)(this + 0x300) = 0;
+          (**(code **)*puVar12)(puVar12,1);
+        }
+      }
+      else {
+        local_218[0] = 1;
+        lVar8 = (**(code **)(*(longlong *)this + 0x18))(this);
+        local_1b8 = (char *)(lVar8 + 0x250);
+        pwVar10 = L"THREAT";
+        if (*local_1b8 == '\0') {
+          pwVar10 = L"INFECTED";
+        }
+        pwVar7 = (wchar_t *)(lVar8 + 0x40);
+        if (7 < *(ulonglong *)(lVar8 + 0x58)) {
+          pwVar7 = *(wchar_t **)pwVar7;
+        }
+        local_120 = *(undefined8 *)(lVar8 + 0x74);
+        local_118 = *(undefined4 *)(lVar8 + 0x7c);
+        local_1c0 = lVar8;
+        lVar6 = TriggerSignature((PersistentProcessID *)&local_120,pwVar7,pwVar10,false,false);
+        lVar5 = lVar6;
+        if (((lVar6 < 0) &&
+            (lVar5 = lVar13, (undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+           ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+          WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x33,
+                   &WPP_c145a18ef95439c3fd66c499e92a5fdd_Traceguids,lVar6);
+        }
+        puVar1 = (ulong *)(lVar8 + 0x70);
+        local_1d0 = (ulong *)(lVar8 + 0x34);
+        local_1b0 = puVar1;
+        FindDetectionDetails(&local_200,*local_1d0,*puVar1);
+        if (local_200 != (BmDetectionDetails *)0x0) {
+          local_1a8 = this + 0x10;
+          local_1f8 = *(ProcessContext **)local_1a8;
+          if (local_1f8 == (ProcessContext *)0x0) {
+            if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+               ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+              WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x34,
+                      &WPP_c145a18ef95439c3fd66c499e92a5fdd_Traceguids);
+            }
+          }
+          else {
+            if (*local_1b8 != '\0') {
+              pwVar10 = (wchar_t *)(lVar8 + 0x100);
+              if (7 < *(ulonglong *)(lVar8 + 0x118)) {
+                pwVar10 = *(wchar_t **)pwVar10;
+              }
+              HandleThreatDetection
+                        (local_1f8,*local_1d0,*(__uint64 *)(lVar8 + 0x60),(sha1_t *)(lVar8 + 0x120),
+                         *(__uint64 *)(lVar8 + 0x68),local_200,(DetectionFlags *)(lVar8 + 0x24),
+                         (vector<struct_NotificationContainer,class_std::allocator<struct_NotificationContainer>_>
+                          *)(this + 0x2e8),
+                         (bool)((byte)((uint)*(undefined4 *)(lVar8 + 0x24) >> 0x1c) & 1),*puVar1,
+                         pwVar10,(vector<struct_RelatedFirewallRuleInfo,class_std::allocator<struct_RelatedFirewallRuleInfo>_>
+                                  *)(lVar8 + 0x1c0));
+            }
+            local_128 = *(wchar_t **)(lVar8 + 0x208);
+            for (pwVar10 = *(wchar_t **)(lVar8 + 0x200); pwVar10 != local_128;
+                pwVar10 = pwVar10 + 0x14) {
+              pwVar7 = pwVar10;
+              if (7 < *(ulonglong *)(pwVar10 + 0xc)) {
+                pwVar7 = *(wchar_t **)pwVar10;
+              }
+              _Var9 = BmDetectionDetails::ParseAction(pwVar7);
+              GetDetectionActions((uint *)&local_130,_Var9);
+              local_f8 = (CDelayedBmAction *)operator_new(0xa0);
+              puVar12 = (undefined8 *)(lVar8 + 0x100);
+              if (7 < *(ulonglong *)(lVar8 + 0x118)) {
+                puVar12 = (undefined8 *)*puVar12;
+              }
+              local_1f8 = (ProcessContext *)
+                          CDelayedBmAction::CDelayedBmAction
+                                    (local_f8,*(ProcessContext **)local_1a8,local_130,
+                                     (longlong *)(this + 0x2e8),*(void **)(lVar8 + 0x68),*local_1d0,
+                                     *local_1b0,puVar12,(undefined8 *)(lVar8 + 0x120));
+              if (local_1f8 != (ProcessContext *)0x0) {
+                LOCK();
+                *(int *)((CDelayedBmAction *)local_1f8 + 8) =
+                     *(int *)((CDelayedBmAction *)local_1f8 + 8) + 1;
+                UNLOCK();
+              }
+              uVar2 = *(ulong *)(pwVar10 + 0x10);
+              if (local_1f8 != (ProcessContext *)0x0) {
+                LOCK();
+                *(int *)((CDelayedBmAction *)local_1f8 + 8) =
+                     *(int *)((CDelayedBmAction *)local_1f8 + 8) + 1;
+                UNLOCK();
+              }
+              local_1c8 = (CDelayedBmAction *)local_1f8;
+              lVar6 = AsyncScanResource((AutoRef<class_IAsyncResource> *)&local_1c8,uVar2);
+              CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+              ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+                        ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_1c8);
+              lVar5 = lVar6;
+              if (((lVar6 < 0) &&
+                  (lVar5 = lVar13, (undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+                 ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+                pwVar7 = pwVar10;
+                if (7 < *(ulonglong *)(pwVar10 + 0xc)) {
+                  pwVar7 = *(wchar_t **)pwVar10;
+                }
+                WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x35,
+                          &WPP_c145a18ef95439c3fd66c499e92a5fdd_Traceguids,pwVar7,(char)lVar6);
+              }
+              CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+              ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+                        ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_1f8);
+            }
+            if (((lVar5 < 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+               ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+              WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x37,
+                       &WPP_c145a18ef95439c3fd66c499e92a5fdd_Traceguids,lVar5);
+            }
+            pwVar10 = (wchar_t *)(lVar8 + 0x100);
+            if (7 < *(ulonglong *)(lVar8 + 0x118)) {
+              pwVar10 = *(wchar_t **)pwVar10;
+            }
+            if ((*(longlong *)(lVar8 + 0xa0) != 0) &&
+               (pwVar14 = (wchar_t *)(lVar8 + 0x90), 7 < *(ulonglong *)(lVar8 + 0xa8))) {
+              pwVar14 = *(wchar_t **)pwVar14;
+            }
+            PerformDetectionActions
+                      (*(ProcessContext **)local_1a8,(DetectionFlags *)(lVar8 + 0x24),
+                       *(__uint64 *)(lVar8 + 0x68),pwVar14,pwVar10,*local_1d0,*local_1b0,
+                       (vector<struct_NotificationContainer,class_std::allocator<struct_NotificationContainer>_>
+                        *)(this + 0x2e8),(bool)*local_1b8);
+          }
+        }
+        CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+        ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+                  ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_200);
+      }
+      goto LAB_2;
+    }
+    if (*(short *)(this + 0x314) == 0) {
+      *(undefined2 *)(this + 0x314) = 1;
+    }
+  }
+  CAsyncQueueCounter::Dismiss((CAsyncQueueCounter *)(this + 0x18),pwVar10);
+LAB_2:
+  CommonUtil::ScopeGuardImpl<<lambda_c3e71470731c50b00c30343ca7f96410>_>::
+  ~ScopeGuardImpl<<lambda_c3e71470731c50b00c30343ca7f96410>_>(local_1a0);
+  __security_check_cookie(local_38 ^ (ulonglong)auStackY_2d8);
+  return;
+}
+



BmDopplegang


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,length,address,called




ratio
0.12




i_ratio
0.66




m_ratio
0.94




b_ratio
0.93




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BmDopplegang
BmDopplegang




fullname
BmDopplegang
BmDopplegang




refcount
2
2




length
804
868




called

Expand for full list:
BmInternalInfo::BmInternalInfo
BmInternalInfo::Send
BmInternalInfo::~BmInternalInfo
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
ShouldLogToAsimov
WPP_SF_l
__security_check_cookie
_tlgKeywordOn
_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz>
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer


Expand for full list:
BmInternalInfo::AddProcessInfo
BmInternalInfo::BmInternalInfo
BmInternalInfo::Send
BmInternalInfo::~BmInternalInfo
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
ShouldLogToAsimov
WPP_SF_l
__security_check_cookie
_tlgKeywordOn
_tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*__ptr64>::Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz,struct__tlgWrapSz>`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer





calling
GetImageNameConfigurationExAtSyncStart
GetImageNameConfigurationExAtSyncStart




paramcount
2
2




address
75a86922c
75a82523c




sig
undefined __fastcall BmDopplegang(longlong param_1, bool param_2)
undefined __fastcall BmDopplegang(longlong param_1, bool param_2)




sym_type
Function
Function




sym_source
IMPORTED
IMPORTED




external
False
False






BmDopplegang Called Diff


--- BmDopplegang called
+++ BmDopplegang called
@@ -0,0 +1 @@
+BmInternalInfo::AddProcessInfo


BmDopplegang Diff


--- BmDopplegang
+++ BmDopplegang
@@ -1,30 +1,112 @@
 
 void BmDopplegang(longlong param_1,bool param_2)
 
 {
-  void *unaff_RBX;
-  byte unaff_SIL;
-  void *in_stack_00000078;
-  ulonglong in_stack_00000398;
+  bool bVar1;
+  char cVar2;
+  long lVar3;
+  char *pcVar4;
+  short sVar5;
+  undefined auStackY_1e8 [32];
+  _tlgWrapperByVal<8> *in_stack_fffffffffffffe38;
+  undefined4 local_138;
+  undefined4 local_134;
+  undefined4 local_130;
+  uint local_12c;
+  uint local_128;
+  uint local_124;
+  uint local_120;
+  uint local_11c;
+  char *local_118;
+  char *local_110;
+  undefined8 local_108;
+  undefined8 local_100;
+  undefined8 local_f8;
+  undefined8 local_f0;
+  undefined8 local_e8;
+  undefined8 local_e0;
+  undefined8 local_d8;
+  undefined8 local_d0;
+  CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> local_c8 [16];
+  BmInternalInfo local_b8 [168];
+  ulonglong local_10;
   
-  if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
-     ((WPP_GLOBAL_Control[0x1c] & unaff_SIL) != 0)) {
-    WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x1ba,
-            &WPP_f6d3ecbaea4a39b9ecabebc012feea09_Traceguids);
+  local_10 = __security_cookie ^ (ulonglong)auStackY_1e8;
+  pcVar4 = "Engine.BM.Doppleganging";
+  bVar1 = ShouldLogToAsimov(false,param_2,"Engine.BM.Doppleganging");
+  if ((bVar1) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+    CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+    CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+              (local_c8,g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar4);
+    if (5 < DAT_0) {
+      cVar2 = _tlgKeywordOn(0x75b1d6288,0x400000000000);
+      if (cVar2 != '\0') {
+        local_118 = "Doppleganging";
+        local_110 = "BM";
+        local_138 = *(undefined4 *)(g_aAsimov + 0x48);
+        local_134 = *(undefined4 *)(g_aAsimov + 0x44);
+        local_130 = *(undefined4 *)(g_aAsimov + 0x40);
+        local_12c = (uint)(byte)g_aAsimov[0x3c];
+        local_128 = (uint)(byte)g_aAsimov[0x3b];
+        local_124 = (uint)(byte)g_aAsimov[0x3a];
+        local_120 = (uint)(byte)g_aAsimov[0x39];
+        local_11c = (uint)(byte)g_aAsimov[0x38];
+        local_108 = *(undefined8 *)(g_aAsimov + 0x30);
+        local_100 = *(undefined8 *)(g_aAsimov + 0x28);
+        local_f8 = *(undefined8 *)(g_aAsimov + 0x20);
+        local_f0 = *(undefined8 *)(g_aAsimov + 0x18);
+        local_e8 = *(undefined8 *)(g_aAsimov + 0x10);
+        local_e0 = *(undefined8 *)(g_aAsimov + 8);
+        local_d8 = 0x1000000;
+        local_d0 = 1;
+        in_stack_fffffffffffffe38 = (_tlgWrapperByVal<8> *)&local_d8;
+        _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+        ::
+        Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>_>
+                  ((_tlgProvider_t *)g_aAsimov,&DAT_1,pcVar4,
+                   (_tlgWrapperByVal<8> *)&local_d0,in_stack_fffffffffffffe38,
+                   (_tlgWrapSz<wchar_t> *)&local_e0,(_tlgWrapSz<wchar_t> *)&local_e8,
+                   (_tlgWrapSz<wchar_t> *)&local_f0,(_tlgWrapSz<wchar_t> *)&local_f8,
+                   (_tlgWrapSz<wchar_t> *)&local_100,(_tlgWrapSz<wchar_t> *)&local_108,
+                   (_tlgWrapperByVal<4> *)&local_11c,(_tlgWrapperByVal<4> *)&local_120,
+                   (_tlgWrapperByVal<4> *)&local_124,(_tlgWrapperByVal<4> *)&local_128,
+                   (_tlgWrapperByVal<4> *)&local_12c,(_tlgWrapperByVal<4> *)&local_130,
+                   (_tlgWrapperByVal<4> *)&local_134,(_tlgWrapperByVal<4> *)&local_138,
+                   (_tlgWrapSz<char> *)&local_110,(_tlgWrapSz<char> *)&local_118);
+      }
+    }
+    CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+    ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>(local_c8);
   }
-  if (in_stack_00000078 != (void *)0x0) {
-    free(in_stack_00000078);
+  BmInternalInfo::BmInternalInfo
+            (local_b8,0xf,L"DOPPLEGANGING",(wchar_t *)0x0,(wchar_t *)in_stack_fffffffffffffe38,false
+            );
+  sVar5 = 0;
+  lVar3 = BmInternalInfo::AddProcessInfo
+                    (local_b8,*(_FILETIME *)(param_1 + 0x38),*(ulong *)(param_1 + 0x40),0);
+  if (lVar3 < 0) {
+    if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+       ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+      WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),sVar5 + 0x2f,
+               &WPP_e179814355ea3cffd18b55115ed63d05_Traceguids,lVar3);
+    }
+    BmInternalInfo::~BmInternalInfo(local_b8);
   }
-  std::basic_stringstream<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
-  _vbase_destructor_((basic_stringstream<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
-                      *)&stack0x000000b0);
-  std::basic_stringstream<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
-  _vbase_destructor_((basic_stringstream<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
-                      *)&stack0x000001b0);
-  if (unaff_RBX != (void *)0x0) {
-    free(unaff_RBX);
+  else {
+    lVar3 = BmInternalInfo::Send(local_b8);
+    if (lVar3 < 0) {
+      if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+         ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+        WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x30,
+                 &WPP_e179814355ea3cffd18b55115ed63d05_Traceguids,lVar3);
+      }
+      BmInternalInfo::~BmInternalInfo(local_b8);
+    }
+    else {
+      BmInternalInfo::~BmInternalInfo(local_b8);
+    }
   }
-  __security_check_cookie(in_stack_00000398 ^ (ulonglong)&stack0x00000000);
+  __security_check_cookie(local_10 ^ (ulonglong)auStackY_1e8);
   return;
 }
 



nUFSP_vfz::BmFileEvents


Match Info






Key
mpengine.dll - mpengine.dll






diff_type
code,refcount,length,address,called




ratio
0.0




i_ratio
0.07




m_ratio
0.08




b_ratio
0.08




match_types
FullName:Param






Function Meta Diff






Key
mpengine.dll
mpengine.dll






name
BmFileEvents
BmFileEvents




fullname
nUFSP_vfz::BmFileEvents
nUFSP_vfz::BmFileEvents




refcount
3
2




length
2181
1828




called

Expand for full list:
AttributePersistContext::GetContext
AttributePersistContext::MakeRawContextString<wchar_t>
AttributePersistContext::PropagateContext
BmFileOpenEvent
BmInternalInfo::AddBehavior
BmInternalInfo::AddFile
BmInternalInfo::BmInternalInfo
BmInternalInfo::Send
BmInternalInfo::~BmInternalInfo
DriveUtils::DevicePathTransform::ToWin32
KERNEL32.DLL::CloseHandleStreamBufferWrapper::GetAttribute
StreamBufferWrapper::GetFileOperationPPID
StreamBufferWrapper::SetAttribute
WPP_SF_
WPP_SF_S
WPP_SF_l
__security_check_cookie
`DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer
di::TelemetryAssert::AssertTriggeredNoArgs
free
nUFSP_vfz::GetOriginalFileCopyPath
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::_Tidy
wcsstr


Expand for full list:
AttributePersistContext::GetContext
AttributePersistContext::MakeRawContextString<wchar_t>
AttributePersistContext::PropagateContext
BmFileOpenEvent
BmInternalInfo::AddBehavior
BmInternalInfo::AddFile
BmInternalInfo::BmInternalInfo
BmInternalInfo::Send
BmInternalInfo::~BmInternalInfo
DriveUtils::DevicePathTransform::ToWin32
DriveUtils::DevicePathTransform::~DevicePathTransformGetPersistentPID
StreamBufferWrapper::GetAttribute
StreamBufferWrapper::GetFileOperationPID
StreamBufferWrapper::GetFileOperationPPID
StreamBufferWrapper::SetAttribute
WPP_SF_
WPP_SF_S
WPP_SF_l
__security_check_cookie
`








  


  





        
        

          

            

              









            


            

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment