- Visual Chart Diff
- Metadata
- Deleted
- tdt_library_v_current::bit_shovel_plugins::internal::`dynamic_initializer_for_'isv_sample_description''
- CommonUtil::CSprintfAlloc<struct_CommonUtil::CNewSprintfPolicy<wchar_t>,260>::DoFormating
- tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>
- tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>
- std::_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger>::_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger><>
- ProcessContext::GetCfaReason
- unlzmaBase<class_lzmaBitStream>::Init
- std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>
- <lambda_e0b316cc40eb5d101a892dedc51db4ec>::operator()
- tdt_library_v_current::bit_shovel_plugins::normalizer::register_refresh_callback
- std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64>
- std::Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>
- ZSTD_referenceExternalSequences
- kcrce_t::Enumerator
- std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::classifier>::operator=<class_tdt_library_v_next::bit_shovel_plugins::classifier,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::classifier>,0>
- tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>
- <lambda_0f9762a6c82734cc8c0c6edb2ce7b823>::<lambda_0f9762a6c82734cc8c0c6edb2ce7b823>
- ProcessNotification::ProcessNotification
- ExtractStartupParameters
- boost::regex_match<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>
- boost::regex_match<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>
- <lambda_ab4896eea3dda5dcb30d00db0dd69d6a>::operator()
- tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::get_memory_usage_info
- ERR_isError
- ZSTD_countLeadingZeros32
- <lambda_b109789c927efe5b167c2c56ccf13c09>::operator()
- tdt_library_v_next::bit_shovel_plugins::normalizer::enable_cpu_mode_data_throttling
- std::search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>
- get_severity
- ProcessContext::InitializeCbpNamespacesTracking
- std::Construct_in_place<class_tdt_library_v_current::bit_shovel::internal::manifest_profile_impl,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64>
- <lambda_58dc01438a89ee0f93db9ac1773df0c2>::operator()<unsigned_int>
- isprime
- std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::driver_thread_handler,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64)>&___ptr64,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64)>&___ptr64,0>
- tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::driver_thread_handler
- tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::get_driver_stats
- <lambda_0ecd438b0ae0830926a4a2907280c33b>::operator()
- <lambda_5de480ac5052e7a6c29da0bb261e687c>::operator()
- KstoreUnlocker::KstoreUnlocker
- kstore_unpin
- kstore_pin
- AsrRuleContainer::AsrRuleContainer
- std::_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger>::_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger><>
- <lambda_091b22df2017f17e232e72bdb61857f3>::operator()
- ProcessNotification::CreateInstance<struct_ProcessForkSetup>
- <lambda_4779b7e98c341a68831230402777e48b>::operator()
- <lambda_efc146e1925f504b8e368bb21ece150f>::operator()
- tdt_library_v_current::bit_shovel_plugins::classifier_plugin::_refresh_agents
- std::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>
- std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Erase<unsigned___int64>
- std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>
- tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::sliding_score_bucket<float,unsigned_int>
- tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>
- std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Range_eraser::_Bump_erased
- std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Forced_rehash
- tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::add_value
- tdt_library_v_current::bit_shovel_plugins::known_folders_imp::get_system_folders
- std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Erase<unsigned___int64>
- std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>
- tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t::counters_per_pid_tid_t
- std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Clear_guard::~_Clear_guard
- std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased
- std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Forced_rehash
- std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase
- tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::dispatch_callbacks
- <lambda_c1894fd93ab2f9e19b6044618d42b5d1>::operator()
- <lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<float,class_std::allocator>>
- <lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<double,class_std::allocator>>
- tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64>
- tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::get_driver_stats
- tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::pause
- tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::resume
- std::make_shared<class_tdt_library_v_next::bit_shovel_plugins::detection_filter,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>&__ptr64,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp>>
- <lambda_c3cacfba70cb363f6a0b9ed181941be3>::operator()
- <lambda_d8838b0f4fa45cad863edfb1880d780c>::operator()
- tdt_library_v_next::tdt_app_profiling::time_update_service_api_impl::update_if_newer
- std::Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>
- kcrcex_t::Enumerator
- WPP_SF_dddd
- ZSTD_readMINMATCH
- maybeSplitSequence
- ZSTD_hash4PtrS
- ZSTD_hash5PtrS
- ZSTD_hash6PtrS
- ZSTD_hash7PtrS
- ZSTD_hash8PtrS
- McTemplateU0pz_MPEventWriteTransfer
- McTemplateU0pzq_MPEventWriteTransfer
- `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$130
- `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$131
- `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::_load_model'::__l1::catch$107
- `tdt_library_v_next::bit_shovel_plugins::library_reporter::init'::__l1::catch$56
- `tdt_library_v_next::bit_shovel_plugins::library_reporter::init'::__l1::catch$57
- `tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$57
- `tdt_library_v_next::bit_shovel_plugins::normalizer::init'::__l1::catch$120
- `tdt_library_v_next::bit_shovel_plugins::classifier_plugin::init'::__l1::catch$23
- `tdt_library_v_next::bit_shovel_plugins::internal::core_telemetry_preprocessor_config_impl::_configure_compute_device'::__l1::catch$51
- `tdt_library_v_current::bit_shovel_plugins::internal::classifier_config_impl::configure'::__l1::catch$186
- `tdt_library_v_current::bit_shovel_plugins::internal::classifier_config_impl::_configure_compute_device'::__l1::catch$50
- `tdt_library_v_current::bit_shovel_plugins::normalizer_config_impl::_load_model'::__l1::catch$79
- `tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$57
- `tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$58
- `<lambda_13e479488405a98c43e4e5aa70ca8d39>::operator()'::__l1::catch$8
- `tdt_library_v_current::bit_shovel_plugins::classifier_plugin::init'::__l1::catch$25
- `<lambda_58fab4f05f9fe402bba8675704d18494>::operator()'::__l1::catch$13
- `<lambda_d85c7ca3f97e3706e4f0a734d4e58d2a>::operator()'::__l1::catch$12
- `<lambda_2821effc6a6193929ab5d8bf0c3ba95b>::operator()'::__l1::catch$8
- `<lambda_92f9044a153b57eedfd872be940a6bcc>::operator()'::__l1::catch$12
- `tdt_library_v_current::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$47
- `tdt_library_v_current::bit_shovel_plugins::normalizer::init'::__l1::catch$58
- `<lambda_13aa2ba6b500961b5c30312d9c78c382>::operator()'::__l1::catch$12
- `<lambda_7d89ce293df0537485e879585b616a19>::operator()'::__l1::catch$8
- `<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()'::__l1::catch$111
- `<lambda_1a682fce10b0f4ad2e39a71dd1b87029>::operator()'::__l1::catch$13
- `<lambda_ccd9645b91b6da65dcd2e949cac25088>::operator()'::__l1::catch$12
- `tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_abd::_check_and_add_process'::__l1::catch$76
- `<lambda_2e19177984e714482baac494227fadc2>::operator()'::__l1::catch$8
- `<lambda_8c7c8f37b6a539e82a56c8a89e5de135>::operator()'::__l1::catch$12
- `<lambda_fc2301dc8476246e53d79082dc22c469>::operator()'::__l1::catch$14
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
- `dynamic_initializer_for_'tdt_library_v_current::logger_client::logger::m_instance''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals''
- tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types''
- `dynamic_initializer_for_'tdt_library_v_next::logger_client::logger::m_instance''
- SigDetectionContext::SigDetectionContext
- SigtreeHelper::TestForDetection
- lzmaBitStreamBase<class_lzma2BitStream>::getReverse
- std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::library_reporter,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::json_reporter,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::json_reporter>>,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder>>,0>
- ProcessTuple::operator=
- boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>_>::get
- StringVPrintfWorkerW
- StringValidateDestW
- exestream::getcBytesToCompletion
- msl::utilities::operator+<unsigned___int64,unsigned___int64,class_HResultSafeIntExceptionHandler>
- QueueController::Submit
- AddLuaConstants
- CMpContainerHandle::InitConfig
- tdt_library_v_current::tdt_normalizer_lib::data_model::data_model
- element
- NoteMgr::SendToAsyncProcessScan
- CommonUtil::AutoRef<class_FileNotification>::operator=
- std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>_>::_Check_rehash_required_1
- std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>
- tdt_library_v_current::bit_shovel::channel_registry::get_sinks<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>
- tdt_library_v_current::bit_shovel::channel_registry::get_sinks<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record>>>_>
- peemusig_t::operator<
- std::vector<class_CommonUtil::AutoRef<struct_INotification>,class_std::allocator<class_CommonUtil::AutoRef<struct_INotification>>>::clear
- CHSTRMatchHelper::InitMatchLevel
- nUFSP_vfz::GetFileUSN
- std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>><char16_t_const*___ptr64,0>
- std::make_shared<class_tdt_library_v_current::virtual_filesystem_config_imp,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64>
- std::_Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp>::Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp><class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64>
- std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::_Reallocate_exactly
- StreamBufferWrapper::GetFileOperationPID
- std::num_put<char,class_std::ostreambuf_iterator<char,struct_std::char_traits>>::put
- tdt_api::tdt_silo_functions_t::tdt_silo_functions_t
- std::make_shared<class_tdt_library_v_next::logger_client::logger>
- tdt_library_v_current::logger_client::logger::logger
- HUF_alignUpWorkspace
- McTemplateU0pU16sdqqzzmx_MPEventWriteTransfer
- web::json::details::JSON_StringParser<wchar_t>::JSON_StringParser<wchar_t>
- HUF_initCStream
- ZSTD_ldm_getMaxNbSeq
- std::sort<struct_kcrce_t*___ptr64>
- std::sort<struct_peemusig_t*___ptr64>
- std::make_shared<class_tdt_library_v_current::logger_client::logger>
- std::sort<struct_trustedpublisher_t*___ptr64>
- std::sort<struct_snidex_entry_t*___ptr64>
- std::sort<struct_staticrec_t*___ptr64>
- std::sort<struct_nid64_entry_t*___ptr64>
- CertFreeCertificateChain
- WrapperCertGetCertificateChain
- WrapperCryptMsgOpenToDecode
- CryptMsgUpdate
- FwpmEngineOpen0
- WrapperFwpmFilterAdd0
- WrapperFwpmFilterCreateEnumHandle0
- FwpmFilterDeleteByKey0
- WrapperFwpmFilterDestroyEnumHandle0
- WrapperFwpmFilterEnum0
- FwpmFreeMemory0
- WrapperFwpmProviderAdd0
- WrapperFwpmProviderDeleteByKey0
- FwpmProviderGetByKey0
- FwpmSubLayerAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerGetByKey0
- WrapperFwpmTransactionBegin0
- FwpmTransactionCommit0
- GetFileVersionInfoA
- Wrapperinet_ntop
- inet_pton
- ReadProcessMemoryInternal
- Max Deleted Section Functions Reached Error
- Added
- Modified
- PEFileWriter::AddSection
- MetaStore::`anonymous_namespace'::MetaStore::InitDatabase
- MergeFlags
- LoadAllowedPUAFiles
- ProcessContext::SetTainted
- tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params
- tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback
- tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start
- MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register
- tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init
- tdt_library_v_current::tdt_os_apis::os_api_t::resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)>
- HUF_compress_internal
- ZSTD_decompressFrame
- tdt_library_v_next::tdt_agent_impl::start
- MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails
- tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify
- ZSTD_estimateCCtxSize_usingCCtxParams_internal
- ProcessContext::SendParentNotification
- nscript_give_infos
- std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array
- NoteMgr::RegisterBMCallback
- tdt_library_v_current::tdt_agent_impl::_set_single_profile_config
- MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker
- ZSTD_decodeFrameHeader
- tdt_library_v_current::tdt_app_profiling::cfi_model::reload_from_database
- CommonUtil::detail::InvokeThrowingFunction<long_(__cdecl&)(void)>
- WrapperNetQueryDisplayInformation
- tdt_library_v_next::tdt_app_profiling::dll_file::parse
- MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::LoadCache
- CResmgrSpecialfolder::Scan
- NSPack::LoadUnpackParamsV26
- tdt_library_v_current::bit_shovel_plugins::incompatible_processes_imp::is_incompatible_process_running
- CommonUtil::CStdRefVector<class_ProcessContext>::~CStdRefVector<class_ProcessContext>
- ProcessInfoContainer::CollectStats
- tdt_library_v_current::bit_shovel_plugins::authenticode_check_imp::verify
- CommonUtil::StringVPrintfW
- xpress::Init
- CAsn1Parser::BinaryElement
- tdt_library_v_next::bit_shovel_plugins::detection_filter::_install_time_check
- WPP_SF_DDDDDDDDDDDDDDDDLL
- tdt_library_v_current::telemetry_publisher::process_scanner::_scan_for_child_processes
- CResmgrCommandline::ScanEx
- pefile_init_module
- SignatureHandler::ReportDetection
- UfsClientRequest::OpenNode
- tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::_set_incompat_process_list
- tdt_library_v_current::bit_shovel_plugins::driver_thread_handler::get_abd_stats
- ValidateTrust::ValidateTrustPluginMachO::ValidateArchitecture
- DetectionInfo::operator=
- tdt_library_v_current::bit_shovel_plugins::normalizer_config_params_t::normalizer_config_params_t
- tdt_library_v_current::tdt_agent_impl::set_configuration
- ProcessContext::FirstProcessNotification
- `tdt_library_v_current::bit_shovel_plugins::reporter_filter::init'::__l1::catch$51
- DetectionItem::~DetectionItem
- AntiRootkit::Win64ObjMgr::FindObTypeIndexTableEmulation
- MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::Lookup<struct_RevokedCertProvider>
- tdt_library_v_next::feature_extraction::feature_extraction_graph::_configure_signals
- CResmgrRegkey::Remove
- `HipsManager::LoadRulesFromDatabase'::__l1::catch$10
- ZSTD_writeEpilogue
- ZSTD_DUBT_findBestMatch
- `tdt_library_v_next::tdt_agent_impl::_get_profiles_json'::__l1::catch$45
- UfsClientRequest::FindNextInNode
- CDeferredBMActionStor::NotifyActions
- CommonUtil::detail::InvokeThrowingFunction<<lambda_9af9a6bbb7b2e31e68263a0fbfc224c6>_>
- tdt_library_v_current::bit_shovel::internal::manifest_platform_impl::try_get_value<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_>
- PUA_appmap_receiver
- ZSTD_compressEnd_public
- CPathExclusionCtx::CheckXclRestriction
- LoadLuaDynamicSignatures
- `tdt_library_v_current::bit_shovel_plugins::reporter_filter::init'::__l1::catch$52
- std::Uninitialized_value_construct_n<class_std::allocator<struct_MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::ChunkEntry>>
- ZSTD_deriveBlockSplitsHelper
- CFolderGuardController::UpdateProtectedFolders
- std::_Partition_by_median_guess_unchecked<struct_kcrcex_t*__ptr64,struct_std::less>
- UfsNode::OpenFile
- LogMatchedInternalDetection
- ShouldLogToAsimov
- kstore_copy_buff
- BaseReport::BaseReport
- tdt_library_v_next::bit_shovel::data_network::add_callback<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>
- get_pGD
- tdt_library_v_next::tdt_os_apis::os_api_t::resolve_os_api<unsigned_long(__cdecl*)(void)>
- ProcessInfoContainer::~ProcessInfoContainer
- std::Alloc_construct_ptr<class_std::allocator<struct_std::Tree_node<struct_std::pair<struct_FilteredTrie<unsigned_long,class_FilteredTrieSerializer<unsigned_long>>::SubtreeKey_const,unsigned_long>,void*_ptr64>>>::~Alloc_construct_ptr<class_std::allocator<struct_std::Tree_node<struct_std::pair<struct_FilteredTrie<unsigned_long,class_FilteredTrieSerializer<unsigned_long>>::SubtreeKey_const,unsigned_long>,void*_ptr64>>>
- tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_abd::agent_init
- nscript::lexForStdAndTarg
- StreamContainerLib::StreamContainerInsert
- tdt_library_v_current::bit_shovel_plugins::internal::processor_trace_decoder_impl::_fallback_to_cpu_on_api_fail
- std::_Sort_unchecked<struct_nid_entry_t*__ptr64,struct_std::less>
- WrapperCoGetObjectContext
- std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::_Tidy
- SetHipsBootData
- std::_Med3_unchecked<struct_pestaticex_t*__ptr64,struct_std::less>
- SignatureHandler::HandleNotification
- ThrottlingAgent::dispatchLoop
- tdt_library_v_next::bit_shovel_plugins::internal::processor_trace_decoder_impl::decode_async
- std::_Pop_heap_hole_by_index<struct_trustedpublisher_t*__ptr64,struct_trustedpublisher_t,struct_std::less>
- ProcessContextLogger::WriteDomain
- `CommonUtil::detail::InvokeThrowingFunction<<lambda_092fdb98e16a0e9be73490eeabb1a706>_>'::__l1::catch$9
- ScanRequestEtwHelper::ScanRequestEtwHelper
- tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params
- ReadVmAggregator
- tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure
- tdt_library_v_current::tdt_app_profiling::dll_file::parse
- tdt_library_v_next::bit_shovel_plugins::detection_filter::_should_report_system_folders
- NetGetJoinInformation
- kernel_validate_feature
- tdt_library_v_next::bit_shovel_plugins::message_processing_agent::_decode_async_callback
- UpdateInternalRingsIfNeeded
- tdt_library_v_next::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_init_gpu_device_sync
- `boost::any::holder<boost::property_tree::string_path<std::basic_string<char,std::char_traits,std::allocator>,boost::property_tree::id_translator<std::basic_string<char,std::char_traits,std::allocator>>>_>::clone'::__l1::dtor$0
- ScanRequestEtwHelper::OnEndRundown
- CanDoSyncQuery
- InternalNotification::InternalNotification
- tdt_library_v_current::bit_shovel_plugins::internal::lbr_config_agent_impl::try_get_value_if_key_equals
- CResmgrListval::Scan
- UpdateSignatureRingInternal
- `tdt_library_v_next::tdt_app_profiling::static_cfi_model::init'::__l1::catch$10
- tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::stop
- ProcessBmNetworkSetSocketOption
- tdt_library_v_current::tdt_create_agent_instance
- tdt_library_v_next::feature_extraction::feature_extraction_graph::_print_signals
- tdt_library_v_current::bit_shovel_plugins::isv_sample_agent_abd::agent_init
- SignatureContainer::RegisterBmCloudContext
- ZSTD_compressBlock_btlazy2_dictMatchState
- ZSTD_compressBlock_lazy_row
- ZSTD_DUBT_findBetterDictMatch
- UpdateStateDueToRemoteAddressSpaceAccess
- tdt_library_v_next::feature_extraction::feature_extraction_graph::_print_nodes
- tdt_library_v_next::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_init_classifier
- std::Hash<class_std::Umap_traits<unsigned_long,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::Uhash_compare<unsigned_long,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>>,class_std::allocator<struct_std::pair<unsigned_long_const,class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>,0>>::_Clear_guard::~_Clear_guard
- tdt_library_v_next::logger_client::get_curr_log_level
- CResmgrRegkey::Quarantine
- tdt_library_v_next::`dynamic_initializer_for_'error_strings''
- BmFileOpenEvent
- BmSignatureLoader_init_module
- MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::Lookup<struct_ExplicitResourceHashProvider>
- tdt_library_v_current::bit_shovel_plugins::json_reporter::_load_config
- std::vector<wchar_t_const*___ptr64,class_std::allocator<wchar_t_const*__ptr64>>::_Calculate_growth
- ReadVmDispatcher
- FirewallHelpers::CleanupWFPFiltersByDirection
- tdt_library_v_current::bit_shovel_plugins::local_telemetry_server_impl::init
- RtpImageNameConfigEx
- EtwTraceHelper::~EtwTraceHelper
- MpSignatureSubType<struct_kcrcex_t,unsigned_long,3,1,0,0,struct_kcrcex_t,0,0,1>::Register
- tdt_library_v_current::bit_shovel_plugins::normalizer_agent::normalizer_agent
- LogSkip::AddString
- SMS_init_module
- MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::PostProcessRecordsWorker
- NotificationImpl::IsInterestingNotification
- unlzmaBase<class_lzma2BitStream>::GetDistance
- mp_lua_api_SR_ReportLowfi
- UfsNode::GetNextFileSystemParser
- GetEventName
- tdt_library_v_next::tdt_app_profiling::dll_database::add_dll_info
- MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::Register
- Array<unsigned_char>::Add
- ZSTD_compressBlock_btlazy2
- tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp::verify_os_signed
- tdt_library_v_current::tdt_threads::thread_pool_imp::init
- tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::deinit
- CDeferredBMActionStor::NotifyActions
- EtwControllerImpl::ProcessEtwEvent
- MpSignatureSubType<struct_explicitresource_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresource_record>,0,0,1>::LoadCache
- ProcessState::Update
- LUA_init_module
- tdt_library_v_current::bit_shovel_plugins::authenticode_check_imp::verify_os_signed
- GetShortDescriptionId
- std::List_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_tdt_library_v_current::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t>,void*___ptr64>::_Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_tdt_library_v_current::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t>,void*_ptr64>>>
- BackupStore::UpdateImpactedNameSpacesForProcess
- UfsClientRequest::FinalizeTopFind
- tdt_library_v_next::tdt_telemetry_blob::tdt_compressor_imp::compress_data
- std::_Ref_count_resource<struct_tdt_library_v_current::tdt_app_profiling::preprocessed_events::thread_event_t*_ptr64,class<lambda_ec2a7309dd043a8ddbc7599917048c63>>::`scalar_deleting_destructor'
- SignatureHandler::FileDeleteNotificationHelper
- tdt_library_v_next::bit_shovel_plugins::core_telemetry_publisher::~core_telemetry_publisher
- tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::add_thread_to_throttled_threads_list
- tdt_library_v_current::bit_shovel_plugins::reporter_filter::init
- std::vector<class_std::function<void___cdecl(struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_const*___ptr64)>,class_std::allocator<class_std::function<void___cdecl(struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_const*_ptr64)>>>::_Emplace_reallocate<class_std::function<void___cdecl(struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_const*___ptr64)>_const&___ptr64>
- BmController::HandleTrustedInstallerMoacAdd
- CLsaRemediationLib::Load
- ZSTD_RowFindBestMatch_noDict_4_4
- ZSTD_RowFindBestMatch_noDict_4_5
- MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::LoadCache
- HUF_decompress4X1_usingDTable_internal
- CResmgrHookWow::ReportLowfi
- ZSTD_RowFindBestMatch_noDict_5_5
- ZSTD_RowFindBestMatch_noDict_5_6
- ZSTD_RowFindBestMatch_noDict_5_4
- std::Hash<class_std::Umap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_rolling_queue,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_rolling_queue>>,0>>::Find_last<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>
- SymCryptFdefModulusInitMontgomery256
- AttributePersistContext::`anonymous_namespace'::SetOrOverwriteContext
- MpSignatureSubType<struct_snidex_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex_entry_t>,0,0,1>::UnloadRecords
- ZSTD_RowFindBestMatch_noDict_6_4
- ZSTD_RowFindBestMatch_noDict_6_5
- tdt_library_v_current::plugin_loader::create_plugin
- tdt_library_v_next::bit_shovel_plugins::internal::processor_trace_decoder_impl::decode_control_flow<class_std::vector<struct_tdt_control_flow_freq_,class_std::allocator<struct_tdt_control_flow_freq_>>>
- BB_code_stor::get_new_exe_size
- CommonUtil::detail::InvokeThrowingFunction<<lambda_b017cd6f13d61ba20ca8ade3c45e1bc7>_>
- sigshafromrecid
- tdt_library_v_next::bit_shovel_plugins::isv_sample_agent::agent_push_configs
- Max Modified Section Functions Reached Error
- Modified (No Code Changes)
flowchart LR
PEFileWriterAddSection-5-old<--Match 8%-->PEFileWriterAddSection-5-new
MetaStoreanonymous_namespaceMetaStoreInitDatabase-2-old<--Match 99%-->MetaStoreanonymous_namespaceMetaStoreInitDatabase-2-new
MergeFlags-3-old<--Match 67%-->MergeFlags-3-new
LoadAllowedPUAFiles-1-old<--Match 87%-->LoadAllowedPUAFiles-1-new
ProcessContextSetTainted-7-old<--Match 72%-->ProcessContextSetTainted-7-new
tdt_library_v_nexttdt_app_profilingtime_series_heuristic_print_config_params-5-old<--Match 74%-->tdt_library_v_nexttdt_app_profilingtime_series_heuristic_print_config_params-5-new
tdt_library_v_nextbit_shovel_pluginsnormalizerregister_callback-3-old<--Match 51%-->tdt_library_v_nextbit_shovel_pluginsnormalizerregister_callback-3-new
tdt_library_v_nextbit_shovelinternalpipeline_manager_implstart-5-old<--Match 36%-->tdt_library_v_nextbit_shovelinternalpipeline_manager_implstart-5-new
MpSignatureSubTypestruct_nid64_entry_tunsigned___int641000struct_MpEmptyEnumeratorstruct_nid64_entry_t001Register-2-old<--Match 86%-->MpSignatureSubTypestruct_nid64_entry_tunsigned___int641000struct_MpEmptyEnumeratorstruct_nid64_entry_t001Register-2-new
tdt_library_v_nextbit_shovel_pluginsisv_sample_agent_tbdagent_init-5-old<--Match 74%-->tdt_library_v_nextbit_shovel_pluginsisv_sample_agent_tbdagent_init-5-new
tdt_library_v_currenttdt_os_apisos_api_t_resolve_os_apiint___cdeclwchar_t_const___ptr64wchar_t_const___ptr64struct__LUID___ptr64-3-old<--Match 73%-->tdt_library_v_currenttdt_os_apisos_api_t_resolve_os_apiint___cdeclwchar_t_const___ptr64wchar_t_const___ptr64struct__LUID___ptr64-3-new
HUF_compress_internal-12-old<--Match 12%-->HUF_compress_internal-12-new
ZSTD_decompressFrame-5-old<--Match 70%-->ZSTD_decompressFrame-5-new
tdt_library_v_nexttdt_agent_implstart-1-old<--Match 25%-->tdt_library_v_nexttdt_agent_implstart-1-new
MpSignatureSubTypestruct_staticrec_tunsigned_long4000struct_MpEmptyEnumeratorstruct_staticrec_t001GetThreatDetails-6-old<--Match 98%-->MpSignatureSubTypestruct_staticrec_tunsigned_long4000struct_MpEmptyEnumeratorstruct_staticrec_t001GetThreatDetails-6-new
tdt_library_v_currentbit_shovel_pluginsinternalvail_random_forest_classifier_impl_classify-5-old<--Match 91%-->tdt_library_v_currentbit_shovel_pluginsinternalvail_random_forest_classifier_impl_classify-5-new
ZSTD_estimateCCtxSize_usingCCtxParams_internal-9-old<--Match 62%-->ZSTD_estimateCCtxSize_usingCCtxParams_internal-9-new
ProcessContextSendParentNotification-2-old<--Match 99%-->ProcessContextSendParentNotification-2-new
nscript_give_infos-2-old<--Match 99%-->nscript_give_infos-2-new
stdvectorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntryclass_stdallocatorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntry__Change_array-4-old<--Match 74%-->stdvectorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntryclass_stdallocatorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntry__Change_array-4-new
NoteMgrRegisterBMCallback-2-old<--Match 76%-->NoteMgrRegisterBMCallback-2-new
tdt_library_v_currenttdt_agent_impl_set_single_profile_config-3-old<--Match 92%-->tdt_library_v_currenttdt_agent_impl_set_single_profile_config-3-new
MpSignatureSubTypestruct_friendlyfilesha256_tunsigned_long1000struct_MpEmptyEnumeratorstruct_friendlyfilesha256_t001PostProcessRecordsWorker-1-old<--Match 6%-->MpSignatureSubTypestruct_friendlyfilesha256_tunsigned_long1000struct_MpEmptyEnumeratorstruct_friendlyfilesha256_t001PostProcessRecordsWorker-1-new
ZSTD_decodeFrameHeader-3-old<--Match 66%-->ZSTD_decodeFrameHeader-3-new
tdt_library_v_currenttdt_app_profilingcfi_modelreload_from_database-2-old<--Match 87%-->tdt_library_v_currenttdt_app_profilingcfi_modelreload_from_database-2-new
CommonUtildetailInvokeThrowingFunctionlong___cdeclvoid-2-old<--Match 53%-->CommonUtildetailInvokeThrowingFunctionlong___cdeclvoid-2-new
mpengine.dll<--4743ommited-->mpengine.dll
subgraph mpengine.dll
PEFileWriterAddSection-5-new
MetaStoreanonymous_namespaceMetaStoreInitDatabase-2-new
MergeFlags-3-new
LoadAllowedPUAFiles-1-new
ProcessContextSetTainted-7-new
tdt_library_v_nexttdt_app_profilingtime_series_heuristic_print_config_params-5-new
tdt_library_v_nextbit_shovel_pluginsnormalizerregister_callback-3-new
tdt_library_v_nextbit_shovelinternalpipeline_manager_implstart-5-new
MpSignatureSubTypestruct_nid64_entry_tunsigned___int641000struct_MpEmptyEnumeratorstruct_nid64_entry_t001Register-2-new
tdt_library_v_nextbit_shovel_pluginsisv_sample_agent_tbdagent_init-5-new
tdt_library_v_currenttdt_os_apisos_api_t_resolve_os_apiint___cdeclwchar_t_const___ptr64wchar_t_const___ptr64struct__LUID___ptr64-3-new
HUF_compress_internal-12-new
ZSTD_decompressFrame-5-new
tdt_library_v_nexttdt_agent_implstart-1-new
MpSignatureSubTypestruct_staticrec_tunsigned_long4000struct_MpEmptyEnumeratorstruct_staticrec_t001GetThreatDetails-6-new
tdt_library_v_currentbit_shovel_pluginsinternalvail_random_forest_classifier_impl_classify-5-new
ZSTD_estimateCCtxSize_usingCCtxParams_internal-9-new
ProcessContextSendParentNotification-2-new
nscript_give_infos-2-new
stdvectorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntryclass_stdallocatorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntry__Change_array-4-new
NoteMgrRegisterBMCallback-2-new
tdt_library_v_currenttdt_agent_impl_set_single_profile_config-3-new
MpSignatureSubTypestruct_friendlyfilesha256_tunsigned_long1000struct_MpEmptyEnumeratorstruct_friendlyfilesha256_t001PostProcessRecordsWorker-1-new
ZSTD_decodeFrameHeader-3-new
tdt_library_v_currenttdt_app_profilingcfi_modelreload_from_database-2-new
CommonUtildetailInvokeThrowingFunctionlong___cdeclvoid-2-new
end
subgraph mpengine.dll
PEFileWriterAddSection-5-old
MetaStoreanonymous_namespaceMetaStoreInitDatabase-2-old
MergeFlags-3-old
LoadAllowedPUAFiles-1-old
ProcessContextSetTainted-7-old
tdt_library_v_nexttdt_app_profilingtime_series_heuristic_print_config_params-5-old
tdt_library_v_nextbit_shovel_pluginsnormalizerregister_callback-3-old
tdt_library_v_nextbit_shovelinternalpipeline_manager_implstart-5-old
MpSignatureSubTypestruct_nid64_entry_tunsigned___int641000struct_MpEmptyEnumeratorstruct_nid64_entry_t001Register-2-old
tdt_library_v_nextbit_shovel_pluginsisv_sample_agent_tbdagent_init-5-old
tdt_library_v_currenttdt_os_apisos_api_t_resolve_os_apiint___cdeclwchar_t_const___ptr64wchar_t_const___ptr64struct__LUID___ptr64-3-old
HUF_compress_internal-12-old
ZSTD_decompressFrame-5-old
tdt_library_v_nexttdt_agent_implstart-1-old
MpSignatureSubTypestruct_staticrec_tunsigned_long4000struct_MpEmptyEnumeratorstruct_staticrec_t001GetThreatDetails-6-old
tdt_library_v_currentbit_shovel_pluginsinternalvail_random_forest_classifier_impl_classify-5-old
ZSTD_estimateCCtxSize_usingCCtxParams_internal-9-old
ProcessContextSendParentNotification-2-old
nscript_give_infos-2-old
stdvectorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntryclass_stdallocatorstruct_MpSignatureSubTypestruct_revokedcert_tunsigned_long1000struct_MpEmptyEnumeratorstruct_revokedcert_t001ChunkEntry__Change_array-4-old
NoteMgrRegisterBMCallback-2-old
tdt_library_v_currenttdt_agent_impl_set_single_profile_config-3-old
MpSignatureSubTypestruct_friendlyfilesha256_tunsigned_long1000struct_MpEmptyEnumeratorstruct_friendlyfilesha256_t001PostProcessRecordsWorker-1-old
ZSTD_decodeFrameHeader-3-old
tdt_library_v_currenttdt_app_profilingcfi_modelreload_from_database-2-old
CommonUtildetailInvokeThrowingFunctionlong___cdeclvoid-2-old
subgraph Deleted
direction LR
tdt_library_v_current-bit_shovel_plugins-internal-dynamic_initializer_for_isv_sample_description
CommonUtil-CSprintfAllocstruct_CommonUtil-CNewSprintfPolicywchar_t260-DoFormating
tdt_library_v_next-bit_shovel-internal-plugin_async_callback_executorclass_tdt_library_v_next-tdt_app_profiling-process_monitor_service_update_api___ptr64-plugin_async_callback_executorclass_tdt_library_v_next-tdt_app_profiling-process_monitor_service_update_api___ptr64
tdt_library_v_next-bit_shovel-internal-plugin_async_callback_executorclass_tdt_library_v_next-tdt_app_profiling-time_update_service_update_api___ptr64-plugin_async_callback_executorclass_tdt_library_v_next-tdt_app_profiling-time_update_service_update_api___ptr64
std-_Ref_count_obj2class_tdt_library_v_next-logger_client-logger-_Ref_count_obj2class_tdt_library_v_next-logger_client-logger
ProcessContext-GetCfaReason
unlzmaBaseclass_lzmaBitStream-Init
std-_List_nodestruct_std-pairunsigned___int64_const_struct_tdt_library_v_current-bit_shovel_plugins-internal-counters_per_pid_tid_tvoid___ptr64-_Free_non_headclass_std-allocatorstruct_std-_List_nodestruct_std-pairunsigned___int64_const_struct_tdt_library_v_current-bit_shovel_plugins-internal-counters_per_pid_tid_tvoid___ptr64__
lambda_e0b316cc40eb5d101a892dedc51db4ec-operator
tdt_library_v_current-bit_shovel_plugins-normalizer-register_refresh_callback
std-vectorclass_std-functionvoid___cdeclclass_std-vectorunsigned___int64class_std-allocatorunsigned___int64__const___ptr64class_std-allocatorclass_std-functionvoid___cdeclclass_std-vectorunsigned___int64class_std-allocatorunsigned___int64__const___ptr64__-_Emplace_reallocateclass_std-functionvoid___cdeclclass_std-vectorunsigned___int64class_std-allocatorunsigned___int64__const___ptr64_const___ptr64
std-_Uninitialized_moveclass_std-functionvoid___cdeclclass_std-vectorunsigned___int64class_std-allocatorunsigned___int64__const___ptr64___ptr64class_std-allocatorclass_std-functionvoid___cdeclclass_std-vectorunsigned___int64class_std-allocatorunsigned___int64__const___ptr64__
ZSTD_referenceExternalSequences
kcrce_t-Enumerator
std-shared_ptrclass_tdt_library_v_next-bit_shovel_plugins-classifier-operatorclass_tdt_library_v_next-bit_shovel_plugins-classifierstruct_std-default_deleteclass_tdt_library_v_next-bit_shovel_plugins-classifier0
tdt_library_v_next-bit_shovel-internal-plugin_async_callback_executorclass_tdt_library_v_next-tdt_app_profiling-process_monitor_service_query_api___ptr64-plugin_async_callback_executorclass_tdt_library_v_next-tdt_app_profiling-process_monitor_service_query_api___ptr64
lambda_0f9762a6c82734cc8c0c6edb2ce7b823-lambda_0f9762a6c82734cc8c0c6edb2ce7b823
ProcessNotification-ProcessNotification
ExtractStartupParameters
boost-regex_matchwchar_tstruct_boost-regex_traitswchar_tclass_boost-w32_regex_traitswchar_t__
boost-regex_matchwchar_t_const___ptr64class_std-allocatorstruct_boost-sub_matchwchar_t_const___ptr64_wchar_tstruct_boost-regex_traitswchar_tclass_boost-w32_regex_traitswchar_t__
lambda_ab4896eea3dda5dcb30d00db0dd69d6a-operator
tdt_library_v_current-bit_shovel_plugins-time_series_common-time_series_pipelinestruct_tdt_library_v_current-bit_shovel_plugins-time_series_common-time_series_pipeline_configclass_tdt_library_v_current-bit_shovel_plugins-time_series_common-sliding_score_bucketfloatunsigned_int__-get_memory_usage_info
ERR_isError
ZSTD_countLeadingZeros32
lambda_b109789c927efe5b167c2c56ccf13c09-operator
tdt_library_v_next-bit_shovel_plugins-normalizer-enable_cpu_mode_data_throttling
890_more_deleted_funcs_omitted
end
end
pie showData
title Function Matches - 99.1931%
"unmatched_funcs_len" : 915
"matched_funcs_len" : 112476
pie showData
title Matched Function Similarity - 37.0026%
"matched_funcs_with_code_changes_len" : 4768
"matched_funcs_with_non_code_changes_len" : 66089
"matched_funcs_no_changes_len" : 41619
ghidriff --project-location ghidra_projects --project-name ghidriff --symbols-path /symbols --threaded --force-diff --log-level INFO --file-log-level INFO --log-path ghidriff.log --min-func-len 10 --gdt [] --bsim --max-ram-percent 60.0 --max-section-funcs 200 mpengine.dll mpengine.dll
--old ['/dummy/engine_files/64/1.1.24030.4/mpengine.dll'] --new [['/dummy/engine_files/64/1.1.24060.5/mpengine.dll']] --engine VersionTrackingDiff --output-path /tmp/ghdriff_out --summary False --project-location ghidra_projects --project-name ghidriff --symbols-path /symbols --threaded True --force-analysis False --force-diff True --no-symbols False --log-level INFO --file-log-level INFO --log-path ghidriff.log --va False --min-func-len 10 --use-calling-counts False --gdt [] --bsim True --bsim-full False --max-ram-percent 60.0 --print-flags False --jvm-args None --side-by-side False --max-section-funcs 200 --md-title None
wget https://msdl.microsoft.com/download/symbols/mpengine.dll/073DC37C128B000/mpengine.dll -O mpengine.dll.x64.1.1.24030.4
wget https://msdl.microsoft.com/download/symbols/mpengine.dll/568F151012C3000/mpengine.dll -O mpengine.dll.x64.1.1.24060.5
--- mpengine.dll Meta
+++ mpengine.dll Meta
@@ -1,44 +1,44 @@
Program Name: mpengine.dll
Language ID: x86:LE:64:default (4.1)
Compiler ID: windows
Processor: x86
Endian: Little
Address Size: 64
Minimum Address: 75a100000
Maximum Address: ff0000184f
-# of Bytes: 19449888
+# of Bytes: 19676448
# of Memory Blocks: 8
-# of Instructions: 3240180
-# of Defined Data: 163180
-# of Functions: 56164
-# of Symbols: 580826
-# of Data Types: 17909
-# of Data Type Categories: 751
+# of Instructions: 3289352
+# of Defined Data: 164732
+# of Functions: 57227
+# of Symbols: 590675
+# of Data Types: 18198
+# of Data Type Categories: 758
Analyzed: true
Compiler: visualstudio:unknown
Created With Ghidra Version: 11.2
-Date Created: Sun Jan 26 17:02:46 CET 2025
+Date Created: Sun Jan 26 17:02:53 CET 2025
Executable Format: Portable Executable (PE)
-Executable Location: /dummy/engine_files/64/1.1.24030.4/mpengine.dll
-Executable MD5: 394f8bc026b2bb8aeae7205a07bbd667
-Executable SHA256: c22200e499fb2d7cef1a3092773221ad89b0627fe5b2c244bcbb41895b76d6d0
-FSRL: file:///dummy/engine_files/64/1.1.24030.4/mpengine.dll?MD5=394f8bc026b2bb8aeae7205a07bbd667
+Executable Location: /dummy/engine_files/64/1.1.24060.5/mpengine.dll
+Executable MD5: 984836eb2eceb2554d9a91b8eadeb544
+Executable SHA256: dc1e3f25aacac110b79268648355612db457809b7b4a95fef87c85c2785a7e4f
+FSRL: file:///dummy/engine_files/64/1.1.24060.5/mpengine.dll?MD5=984836eb2eceb2554d9a91b8eadeb544
PDB Age: 1
PDB File: mpengine.pdb
-PDB GUID: 466c72e7-d685-3e47-d6eb-a950401d3793
+PDB GUID: 09025bc7-7df1-f906-c4a3-89ed3b3dbc74
PDB Loaded: true
PDB Version: RSDS
PE Property[CompanyName]: Microsoft Corporation
PE Property[FileDescription]: Microsoft Malware Protection Engine
-PE Property[FileVersion]: 1.1.24030.4 (1a01e339f67f879ed387740375fff418bee36191)
+PE Property[FileVersion]: 1.1.24060.5 (237fa10f982d874c9fdbe79cf68e0047ba27fd2b)
PE Property[InternalName]: mpengine
PE Property[LegalCopyright]: © Microsoft Corporation. All rights reserved.
PE Property[OriginalFilename]: mpengine.dll
PE Property[ProductName]: Microsoft Malware Protection
-PE Property[ProductVersion]: 1.1.24030.4
+PE Property[ProductVersion]: 1.1.24060.5
PE Property[Translation]: 4b00409
Preferred Root Namespace Category:
RTTI Found: true
Relocatable: true
SectionAlignment: 4096
Should Ask To Analyze: false
Ghidra mpengine.dll Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra mpengine.dll Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra mpengine.dll Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | true |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search untrusted symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search untrusted symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | false |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 256 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
| Stat | Value |
|---|---|
| added_funcs_len | 0 |
| deleted_funcs_len | 915 |
| modified_funcs_len | 70857 |
| added_symbols_len | 221 |
| deleted_symbols_len | 217 |
| diff_time | 10612.001635074615 |
| deleted_strings_len | 91 |
| added_strings_len | 319 |
| match_types | Counter({'BulkBasicBlockMnemonicHash': 187576, 'SymbolsHash': 53697, 'StructuralGraphHash': 10688, 'ExternalsName': 450, 'ExactInstructionsFunctionHasher': 293, 'Implied Match': 215, 'SigCallingCalledHasher': 149, 'ExactBytesFunctionHasher': 91, 'BSIM': 26, 'StructuralGraphExactHash': 13, 'StrUniqueFuncRefsHasher': 11, 'StringsRefsHasher': 10, 'ExactMnemonicsFunctionHasher': 6}) |
| items_to_process | 72210 |
| diff_types | Counter({'address': 70842, 'fullname': 65593, 'parent': 65436, 'refcount': 64113, 'called': 63232, 'sig': 60799, 'name': 59694, 'length': 11599, 'code': 4768, 'calling': 3379}) |
| unmatched_funcs_len | 915 |
| total_funcs_len | 113391 |
| matched_funcs_len | 112476 |
| matched_funcs_with_code_changes_len | 4768 |
| matched_funcs_with_non_code_changes_len | 66089 |
| matched_funcs_no_changes_len | 41619 |
| match_func_similarity_percent | 37.0026% |
| func_match_overall_percent | 99.1931% |
| first_matches | Counter({'BulkBasicBlockMnemonicHash': 187576, 'SymbolsHash': 53697, 'StructuralGraphHash': 10688, 'ExactInstructionsFunctionHasher': 293, 'Implied Match': 215, 'SigCallingCalledHasher': 149, 'ExactBytesFunctionHasher': 91, 'BSIM': 26, 'StructuralGraphExactHash': 13, 'StrUniqueFuncRefsHasher': 11, 'StringsRefsHasher': 10, 'ExactMnemonicsFunctionHasher': 6}) |
pie showData
title All Matches
"SymbolsHash" : 53697
"ExternalsName" : 450
"ExactBytesFunctionHasher" : 91
"ExactInstructionsFunctionHasher" : 293
"StructuralGraphExactHash" : 13
"ExactMnemonicsFunctionHasher" : 6
"BSIM" : 26
"SigCallingCalledHasher" : 149
"StringsRefsHasher" : 10
"StrUniqueFuncRefsHasher" : 11
"StructuralGraphHash" : 10688
"BulkBasicBlockMnemonicHash" : 187576
"Implied-Match" : 215
pie showData
title First Matches
"SymbolsHash" : 53697
"ExactBytesFunctionHasher" : 91
"ExactInstructionsFunctionHasher" : 293
"StructuralGraphExactHash" : 13
"ExactMnemonicsFunctionHasher" : 6
"BSIM" : 26
"SigCallingCalledHasher" : 149
"StringsRefsHasher" : 10
"StrUniqueFuncRefsHasher" : 11
"StructuralGraphHash" : 10688
"BulkBasicBlockMnemonicHash" : 187576
"Implied-Match" : 215
pie showData
title Diff Stats
"added_funcs_len" : 0
"deleted_funcs_len" : 915
"modified_funcs_len" : 70857
pie showData
title Symbols
"added_symbols_len" : 221
"deleted_symbols_len" : 217
pie showData
title Strings
"deleted_strings_len" : 91
"added_strings_len" : 319
--- deleted strings
+++ added strings
@@ -1,91 +1,319 @@
-s_(SfxCab_29ef55d8)
-s_(SfxCab_3042dbd6)
-s_(SfxCab_c7f925e5)
-s_,"detector_name":"
-s_,"return_code_details":"
-s_-crypted.exe.ucc~HERE~1337_Exe_C
-s_1.1.24030.4
-s_4.5.0.317
-s_4.7.1.317
-s_:_falling_back_to_using_CPU;
-s_>[%ls]
-s_@_fast
-s_B64_ALLOW_EXTRA_PADDING
-s_BM_TAINT_MODULE
-s_CPU_device_handle_=_%u
-s_DirtyUnload
-s_DnsDomainsFindFirst_(domain)
-s_DnsDomainsFindFirst_(master_lis
-s_Engine.AttribPersist.Operation
-s_Engine.Core.DirtyUnload
-s_Engine.Lua.SkipScriptFailure
-s_Engine.Lua.SkipScriptIncludeFai
-s_GPU_and_CPU_device_handles_are
-s_GPU_device_handle_=_%u
-s_GetQuery
-s_GetQueryOperation
-s_GetRemove
-s_GetRemoveOperation
-s_MPRESOURCE_TYPE_CONCRETE
-s_MP_BEHAVIORAL_NETWORK_BLOCK_BRU
-s_MP_BEHAVIORAL_NETWORK_BLOCK_DIS
-s_Model_%s_:
-s_PropagateInsert
-s_PropagateInsertOperation
-s_PropagateQuery
-s_PropagateQueryOperation
-s_SCANREASON_ONMOUNT
-s_SMS_SCAN_LOW
-s_STATE_DELETED
-s_SetInsert
-s_SetInsertOperation
-s_SetRemove
-s_SetRemoveOperation
-s_SkipScriptFailure
-s_SkipScriptIncludeFailure
-s_THREAT_HISTORY_CATEGORY_ASR
-s_TOKEN_ELEVATION_TYPE_FULL
-s_Using_CPU_device/model_handles
-s_WTSInitialProgram
-s_\\.\IntelTDT
-s__bytes
-s__entries
-s__entries_and_total_window_size
-s__entries_upon_destruction
-s_among_those,_the_largest_histor
-s_among_those,_the_largest_window
-s_calling__init_classifier()
-s_calling_set_current_classifier
-s_classifier_detect:_calling_set
-s_failed_to_load_model.
-s_failed_to_load_model_for_device
-s_found_invalid_plugin_data
-s_loaded_model_for_device:_CPU.
-s_loaded_model_for_device:_GPU.
-s_mapscreateconnectiontime
-s_model_config->tdt_model_cpu_han
-s_model_config->tdt_model_handle
-s_model_is_corrupted.
-s_newvalueaccountinfo_scrubbed
-s_nodeValue
-s_normalizer_agent_for_model_'%s'
-s_setMinutes
-s_split
-s_task_struct
-s_tdt_CPU_device_handle_loaded_su
-s_tdt_GPU_device_handle_loaded_su
-s_tdt_dt_init()_failed_with_m_tdt
-s_thstndrd
-s_time_series_pipeline_m_thread
-s_total_capacity_of_all_windows_i
-s_{"version":_"4.5.0.317"
-s_{"version":_"4.7.1.317"
-u_%USERNAME%
-u_Fork
-u_MdDiskSensorThr
-u_PassThroughNoti
-u_ProcessFork
-u_Will_not_logski
-u_\TYPELIB\\VERSI
-u_no_response
-u_{0,_%ls,___attr
+BM_INTERNAL_CHANGE_OWNER
+BM_INTERNAL_CHANGE_OWNER_FILE_OWNERS
+BM_INTERNAL_CHANGE_OWNER_FILE_PATH
+s_!#BLKEXC:
+s_":"0x
+s_"bene":{
+s_%s:_%lf
+s_%s:_%u
+s_+-0123456789ABCDEFGHIJKLMNOPQRST
+s_,"process_path":"
+s_,"profile_date":"
+s_,"profile_name":"
+s_1.0
+s_1.1.24060.5
+s_1.3.6.1.4.1.311.2.4.1
+s_4.7.1.334
+s_4.7.3.334
+s_@_x86
+s_ASR
+s_AddStudyId
+s_Adding_%zu_processes_to_ignore
+s_AsrOnlyExclusion
+s_AsrOnlyPerRuleExclusion
+s_BENE:_Filtering_detection_for:
+s_BENE_dynamic_throttled_process
+s_BENE_high_compute:_Add_process
+s_BENE_high_compute:_Delete_proce
+s_BENE_suppressed_detection
+s_BENE_trusted_high_compute_proce
+s_BmSequentialFileReadExcludedPat
+s_BmSequentialFileReadIncludedExt
+s_BmSequentialFileReadIncludedPat
+s_BuildIn
+s_CheckAttributeForRegion
+s_CheckAttributeForRegion_is_only
+s_CryptMsgOpenToDecode
+s_CryptMsgUpdate
+s_CustomAsrNotAllowedBlock
+s_CustomAsrNotAllowedRemediation
+s_ELF.GetSectionName():_Failed_to
+s_ELF.GetSectionName():_Not_an_EL
+s_ELF.GetSectionName():_Offset_ou
+s_ELFGen
+s_EN_MATCH
+s_ERROR:_CryptMsgGetParam_failed:
+s_ERROR:_CryptMsgOpenToDecode_fai
+s_ERROR:_CryptMsgUpdate_failed:_%
+s_Empty_attribute_name_in_CheckAt
+s_Empty_attribute_name_in_SetAttr
+s_Empty_attribute_prefix_name_in
+s_Engine.ASR.ExclusionFailure
+s_Error_querying_certificate_in_s
+s_Exception_caught_while_plugin_%
+s_Exclusion_failure
+s_Failed_to_load_ImageConfig_lib
+s_Failed_to_load_mpcommon_lib
+s_FilePath
+s_Filtering_detection_after_restr
+s_FormatMessageA
+s_FwpmEngineClose0
+s_FwpmEngineOpen0
+s_FwpmFilterAdd0
+s_FwpmFilterCreateEnumHandle0
+s_FwpmFilterDeleteByKey0
+s_FwpmFilterDestroyEnumHandle0
+s_FwpmFilterEnum0
+s_FwpmFreeMemory0
+s_FwpmProviderAdd0
+s_FwpmProviderDeleteByKey0
+s_FwpmProviderGetByKey0
+s_FwpmSubLayerAdd0
+s_FwpmSubLayerDeleteByKey0
+s_FwpmSubLayerGetByKey0
+s_FwpmTransactionBegin0
+s_FwpmTransactionCommit0
+s_GPU_initialization_requirement:
+s_GetAttributesForRegion
+s_GetAttributesForRegion_is_only
+s_GetAttributesWithPrefixForRegio
+s_GetCommandLine
+s_GetImagePath
+s_GetModAddress
+s_GetModAddress_called_with_an_em
+s_GetModAddress_is_only_available
+s_GetOfficeConfigRing
+s_GetParentPpid
+s_GetPlatformBuild
+s_GetPpid
+s_GetProcAddress
+s_GetProcAddress(%s,_%s)_failed
+s_GetProcAddress_called_with_an
+s_GetProcAddress_is_only_availabl
+s_GetProcInfo_not_available_in_Ch
+s_GetSafeReleaseGroup
+s_GetSafeReleaseRing
+s_GetSectionName
+s_GetSidSubAuthority
+s_GetSidSubAuthorityCount
+s_High_compute_process_NOT_BENE_t
+s_Invalid_index_in_ephdrs:_%d
+s_Invalid_index_in_esec:_%d
+s_Invalid_region_index_in_CheckAt
+s_Invalid_region_index_in_GetAttr
+s_Invalid_segment:_macho_segment.
+s_Invalid_value_for_config:_%s
+s_IssuerUtf8
+s_LC_SYMTAB
+s_Located_in_a_system_directory:
+s_LuaGetModAddress(%s)_failed
+s_MemQueryRegion
+s_MemoryQuery
+s_Memory_allocation_failed
+s_Missing_configuration_setting:
+s_MpDeviceLevelAuditMode
+s_MpDiag
+s_MpExhaustiveAppleScriptScanning
+s_MpPublicDisallowedThumbs
+s_MpPublicRootThumbs
+s_MpTrustCheck_CatalogSigned
+s_MpTrustCheck_Corrupt
+s_MpTrustCheck_HasBadSignature
+s_MpTrustCheck_HasBrokenChain
+s_MpTrustCheck_HasCodeDirectoryMi
+s_MpTrustCheck_HasContentInOverla
+s_MpTrustCheck_HasExpired
+s_MpTrustCheck_HasHashMismatch
+s_MpTrustCheck_HasImproperUsage
+s_MpTrustCheck_HasInvalidChain
+s_MpTrustCheck_HasInvalidSignatur
+s_MpTrustCheck_HasMalformedSignat
+s_MpTrustCheck_HasMissingRoot
+s_MpTrustCheck_HasMultipleSignatu
+s_MpTrustCheck_HasOtherInvalidRea
+s_MpTrustCheck_HasUnsupportedSign
+s_MpTrustCheck_HasValidSignature
+s_MpTrustCheck_InvalidlySigned
+s_MpTrustCheck_IsAppleRootSigned
+s_MpTrustCheck_IsMicrosoftRootSig
+s_MpTrustCheck_NotDigitallySigned
+s_MpTrustCheck_RevokedCert
+s_MpTrustCheck_TrustedPublisher
+s_MpTrustCheck_TrustedViaCodeInte
+s_MpTrustCheck_ValidlySigned
+s_MpTrustChecked
+s_No_memory_ranges_available_in_C
+s_No_memory_ranges_available_in_G
+s_No_process_handle_is_available
+s_NtReadVirtualMemoryEx
+s_ObCheckObjectAccess
+s_OnImageConfig
+s_OpenProcess(PROCESS_QUERY_LIMIT
+s_PROCESS_ATTRIBUTE_DOPPLEGANGING
+s_PROCESS_ATTRIBUTE_NONE
+s_QueryFullProcessImageNameW
+s_RefreshTrustAnchors
+s_Removing_%zu_processes_from_ign
+s_Restricted_folder_check_for:_%s
+s_SCAN_REPLY_not_available_in_Che
+s_SCAN_REPLY_not_available_in_Set
+s_SIGNATURE_TYPE_ASCRIPTHSTR_EXT
+s_SIGNATURE_TYPE_DATABASE_CERT3
+s_SMSSetAttributeForRegion_failed
+s_Scanned_process_info_not_availa
+s_SetAttributeForRegion
+s_SetAttributeForRegion_is_only
+s_SetDetectionString
+s_SignatureRing
+s_SubjectUtf8
+s_System_folder_check_not_passing
+s_TDT_Driver_configuration_versio
+s_TDT_cannot_find_a_profile/model
+s_TrustAnchor_%ls
+s_Unknown_member:_elfhdr.%s
+s__exception_caught_in_cpu_intens
+s_addralign
+s_align
+s_allocprotectionflags
+s_authenticode_check
+s_authenticode_check_error_code
+s_charAt
+s_cume_dist
+s_directory_type
+s_ehsize
+s_elf_vars_not_available
+s_elfhdr
+s_enable_high_compute
+s_entsize
+s_environment
+s_ephdrs
+s_esec
+s_file_attributes
+s_file_change_time
+s_file_create_time
+s_file_last_access_time
+s_file_last_write_time
+s_filesz
+s_filter
+s_hashType
+s_high_compute_measurement_interv
+s_high_compute_min_pmi_count
+s_high_compute_notification
+s_high_compute_threshold
+s_high_compute_throttling
+s_high_compute_timeout
+s_high_compute_timeout_cannot
+s_include_bene
+s_inet_ntop
+s_inet_pton
+s_install_time
+s_intThumbs
+s_link
+s_manageddefenderproducttype
+s_memsz
+s_mp.SetDetectionString():_UtilWi
+s_mp.SetDetectionString():_string
+s_newvaluepath_scrubbed
+s_paddr
+s_process_monitor_query_API_or_pr
+s_processinfoid
+s_protected
+s_report_filtering.bene.enable
+s_report_filtering.bene.notify_su
+s_restricted
+s_rootThumbs
+s_running_time
+s_system-restricted
+s_system\currentcontrolset
+s_toUTCString
+s_trustanchors
+s_usage
+s_vaddr
+s_{"root":{"level":"off"}}
+s_{"version":_"4.7.1.334"
+s_{"version":_"4.7.3.334"
+u_!
+u_%hs|%ls|%ls|%hs
+u_%ls:%ls:%ls
+u_<nonexistent>
+u_ASR_exclusion
+u_ASR_exclusion_n
+u_AllocProtection
+u_Asr-Exclusions
+u_Asr-Health
+u_BCDE
+u_BM_ChangeOwner
+u_BM_CloudRespons
+u_BM_DeleteXattr
+u_BM_Etw_WMICreat
+u_BM_InitializeFr
+u_BaseVirtualAddr
+u_CfaStatus
+u_ChangeOwner
+u_CloudResponse
+u_CreatedProcess
+u_CurrProtectionF
+u_CurrentProtecti
+u_DeleteXattr
+u_Device_level_au
+u_FastpathCacheSi
+u_IsSystemDriveSs
+u_Lua_IsKnownFrie
+u_Lua_IsSignedFil
+u_MacFQDN
+u_MdDiskSensorHig
+u_MdDiskSensorLow
+u_MemQuery
+u_MemQueryRegion
+u_MemQueryRegions
+u_MemoryQueries
+u_MemoryQuery
+u_MpDisableAsrHea
+u_MpDisableBlobCa
+u_MpDisableBmChan
+u_MpDisableBmDele
+u_MpDisableCiEaCh
+u_MpDisableDevice
+u_MpDisableMacLUA
+u_MpDisableOverwr
+u_MpDisablePidVer
+u_MpDisableTrustA
+u_MpFastpathExpec
+u_MpMaxMemQueryNa
+u_MpSMSKillbitMem
+u_MpSMSMemQueryCo
+u_NTDLL.DLL
+u_NotificationTim
+u_Origin
+u_PPID
+u_Possible_invali
+u_ProcessInfoId
+u_RegionCount
+u_ScanType:
+u_SmartLockerMode
+u_SmsFlags
+u_TdtMpDisableBmT
+u_TdtUserChoice
+u_Unconfigured
+u_WMIActivityEven
+u_WMICreateProces
+u_WMIInfo
+u_]
+u_^[0-9]+$
+u_allocprotection
+u_basevirtualaddr
+u_cfastatus
+u_currentprotecti
+u_disabled
+u_fastpath.wdcp.m
+u_fastpath.wdcppp
+u_fastpathcachesi
+u_issystemdrivess
+u_modulemightbefr
+u_processinfoid
+u_quick
+u_smartlockermode
+u_smsflags
+u_wmicreateproces
+u_{"version":1,"e
+u_{%llu,_%ls,
| String | Ref Count | Ref Func |
|---|---|---|
| s_Using_CPU_device/model_handles | 1 | _set_model |
| s_,"detector_name":" | 1 | create_api_status_notification |
| s_model_config->tdt_model_cpu_han | 1 | _set_model |
| s_DnsDomainsFindFirst_(domain) | 2 | NetworkHipsDnsDomainsEnum |
| s_SMS_SCAN_LOW | 2 | Load |
| s_SkipScriptFailure | 2 | CallLuaSkipRules2 |
| s_Engine.Lua.SkipScriptIncludeFai | 1 | CallLuaSkipRules2 |
| s_classifier_detect:calling_set | 1 | _is_invoke_classifier_for_dynamic_device |
| s__bytes | 1 | get_memory_usage_info |
| s_DnsDomainsFindFirst_(master_lis | 2 | NetworkHipsDnsDomainsEnum |
| s_setMinutes | 1 | |
| s_normalizer_agent_for_model_'%s' | 2 | print_memory_usage_info |
| s_STATE_DELETED | 1 | |
| s_B64_ALLOW_EXTRA_PADDING | 2 | Load |
| s_thstndrd_75afdd478 | 2 | sqlite3_str_vappendf |
| s_SCANREASON_ONMOUNT | 2 | Load |
| s_SetInsert | 2 | SetOrOverwriteContext |
| s_PropagateQueryOperation | 2 | PropagateContext |
| s_(SfxCab_c7f925e5) | 1 | |
| s_@_fast | 1 | |
| s_GPU_and_CPU_device_handles_are_ | 1 | _init_classifier |
| s_>[%ls]_75ae6725c | 1 | output_json |
| s_,"return_code_details":" | 1 | create_api_status_notification |
| s_(SfxCab_3042dbd6) | 1 | |
| s_mapscreateconnectiontime | 2 | GetAttributePriority |
| s_among_those,_the_largest_window | 1 | get_memory_usage_info |
| u_ProcessFork | 1 | NotificationTagToString |
| s__entries | 1 | get_memory_usage_info |
| s_MP_BEHAVIORAL_NETWORK_BLOCK_BRU | 2 | Load |
| s_MPRESOURCE_TYPE_CONCRETE | 2 | Load |
| s_Engine.Core.DirtyUnload | 1 | ShutdownOnProcessDetach |
| s_model_is_corrupted. | 1 | _set_model |
| s_{"version":_"4.5.0.317" | 1 | discover |
| s_SetRemoveOperation | 2 | SetOrOverwriteContext |
| s_{"version":_"4.7.1.317" | 1 | discover |
| s_split | 1 | |
| s_among_those,_the_largest_histor | 2 | print_memory_usage_info |
| s_failed_to_load_model. | 1 | _set_model |
| s_WTSInitialProgram | 2 | Load |
| s_GetQueryOperation | 2 | GetContextRaw |
| s_total_capacity_of_all_windows_i | 1 | get_memory_usage_info |
| s_Engine.Lua.SkipScriptFailure | 1 | CallLuaSkipRules2 |
| s_TOKEN_ELEVATION_TYPE_FULL | 2 | Load |
| s_tdt_CPU_device_handle_loaded_su | 1 | _init_classifier |
| s_GetQuery | 2 | GetContextRaw |
| s_model_config->tdt_model_handle_ | 1 | _set_model |
| s_SkipScriptIncludeFailure | 2 | CallLuaSkipRules2 |
| s_newvalueaccountinfo_scrubbed | 2 | GetAttributePriority |
| u_Fork | 1 | GetTagName |
| s_THREAT_HISTORY_CATEGORY_ASR | 2 | Load |
| u_{0,_%ls,___attr | 1 | GetEvent |
| s_GetRemove | 4 | GetContextsRawForPrefix,GetContextRaw |
| s_DirtyUnload | 2 | ShutdownOnProcessDetach |
| u_MdDiskSensorThr | 2 | SigDataInit |
| u_no_response | 1 | ~DetectionItem |
| u_%USERNAME% | 1 | |
| s_tdt_dt_init()_failed_with_m_tdt | 1 | _init_classifier |
| s__entries_upon_destruction | 1 | get_memory_usage_info |
| s_calling_set_current_classifier_ | 1 | set_current_classifier_device |
| s_4.5.0.317 | 4 | tdt_agent_impl,start,get_platform_information |
| s_(SfxCab_29ef55d8) | 1 | |
| s_loaded_model_for_device:_CPU. | 1 | _set_model |
| s_PropagateQuery | 2 | PropagateContext |
| s_failed_to_load_model_for_device | 1 | _set_model |
| s_loaded_model_for_device:_GPU. | 1 | _set_model |
| s_4.7.1.317 | 6 | tdt_agent_impl,start,_init_tdt_version,get_platform_information |
| s_GetRemoveOperation | 4 | GetContextsRawForPrefix,GetContextRaw |
| s_PropagateInsert | 2 | PropagateContext |
| s_SetRemove | 2 | SetOrOverwriteContext |
| s_GPU_device_handle_=_%u | 4 | _init_classifier |
| s_1.1.24030.4 | 3 | InitializeMpEngineUtils,modprobe_init_worker |
| u_PassThroughNoti | 1 | |
| u_\TYPELIB\VERSI | 1 | |
| s_time_series_pipeline_m_thread_b | 1 | get_memory_usage_info |
| s_PropagateInsertOperation | 2 | PropagateContext |
| s_Model_%s_: | 2 | _set_model |
| s_Engine.AttribPersist.Operation | 7 | GetContextsRawForPrefix,SetOrOverwriteContext,PropagateContext,GetContextRaw |
| s_-crypted.exe.ucc |
1 | RetrieveUCCFileOffset |
| s_CPU_device_handle_=_%u | 4 | _init_classifier |
| s_SetInsertOperation | 2 | SetOrOverwriteContext |
| s_calling__init_classifier() | 1 | _init_classifier |
| s_nodeValue | 1 | |
| s_found_invalid_plugin_data | 1 | |
| u_Will_not_logski | 1 | ShouldUnskipPath |
| s__entries_and_total_window_size_ | 1 | get_memory_usage_info |
| s_\.\IntelTDT | 2 | init |
| s_:falling_back_to_using_CPU; | 1 | _fallback_to_cpu_all_models |
| s_BM_TAINT_MODULE | 2 | Load |
| s_tdt_GPU_device_handle_loaded_su | 1 | _init_classifier |
| s_MP_BEHAVIORAL_NETWORK_BLOCK_DIS | 2 | Load |
| s_task_struct | 2 | search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to> |
| String | Ref Count | Ref Func |
|---|---|---|
| s_System_folder_check_not_passing | 1 | _should_report_system_folders |
| s_CryptMsgOpenToDecode | 4 | init,get_dll_id,`dynamic_initializer_for_'g_tdt_os_shim_api_list'' |
| s_TrustAnchor_%ls | 1 | FromDBVar |
| s_FormatMessageA | 3 | init,get_dll_id,`dynamic_initializer_for_'g_tdt_os_shim_api_list'' |
| s_AddStudyId | 1 | |
| s_file_change_time | 1 | SigattrlogToBmInfoKey |
| u_Device_level_au | 1 | LogAsrDeviceModeAuditForRule |
| s_FwpmFilterAdd0 | 1 | |
| s_file_create_time | 1 | SigattrlogToBmInfoKey |
| s_BuildIn | 2 | IsExcludedPath |
| s_MpTrustCheck_HasImproperUsage | 1 | AddMpAttributes |
| s_MpTrustCheck_Corrupt | 1 | AddMpAttributes |
| s_MpDiag | 1 | LUA_init_module |
| s_GetSectionName | 1 | |
| u_ASR_exclusion_n | 1 | CheckIfValidPathExclusion |
| u_ScanType: | 2 | CheckXclRestriction |
| s_Exception_caught_while_plugin_% | 2 | catch$155 |
| u_disabled | 1 | LogAsrDeviceModeAuditForRule |
| s_FwpmEngineOpen0 | 1 | |
| s_rootThumbs | 3 | FromJSON |
| s_@_x86 | 1 | |
| s_GetSafeReleaseGroup | 1 | |
| u_Lua_IsKnownFrie | 1 | mp_lua_api_IsKnownFriendlyFileWorker |
| s_EN_MATCH_75afc0738 | 2 | handle_perl_verb |
| s_align | 1 | ephdrs___index |
| s_,"profile_name":" | 1 | create_suppressed_detection_status_notification |
| s_esec | 3 | lmp_CreateGlobalELFTables |
| s_GetModAddress | 2 | |
| s_MpTrustCheck_HasMultipleSignatu | 1 | AddMpAttributes |
| s_GetProcAddress(%s,_%s)_failed | 2 | mp_lua_api_GetProcAddress,bm_lua_api_GetProcAddress |
| u_CurrProtectionF | 2 | GenerateBMSpynetReport,GetMemQueryInfo |
| s_Error_querying_certificate_in_s | 2 | verify_os_signed |
| s_mp.SetDetectionString():_string | 1 | mp_lua_api_SetDetectionString |
| s_protected | 1 | _should_report_protected_folders |
| s_vaddr | 1 | ephdrs___index |
| s_processinfoid | 1 | |
| u_modulemightbefr | 1 | |
| s_FwpmProviderAdd0 | 1 | |
| u_WMIActivityEven | 1 | ProcessEtwEvent |
| s_high_compute_timeout_cannot_be_ | 1 | init |
| s_%s:_%u | 2 | log_config_values<unsigned_int> |
| u_MpDisableBlobCa | 2 | LoadBlobCore,SpynetSigLoader_init_module |
| s_No_memory_ranges_available_in_C | 1 | mp_lua_api_CheckAttributeForRegion |
| s_MpDeviceLevelAuditMode | 1 | |
| s_Empty_attribute_name_in_SetAttr | 1 | mp_lua_api_SetAttributeForRegion |
| u_MpFastpathExpec | 2 | fastpath_init_module,FpChainIsTrusted |
| s_Failed_to_load_ImageConfig_lib | 2 | CallOnImageConfigScriptsImpl |
| s_intThumbs | 3 | FromJSON |
| s_MpTrustCheck_ValidlySigned | 1 | AddMpAttributes |
| u_Asr-Exclusions | 1 | CheckIfValidPathExclusion |
| s_MpTrustCheck_NotDigitallySigned | 1 | AddMpAttributes |
| s_ehsize | 1 | |
| s_":"0x | 1 | _build_json_telemetry_helper |
| s_paddr | 1 | ephdrs___index |
| u_CurrentProtecti | 2 | ConvertMemQueryDataToJson |
| s_%s:_%lf | 2 | log_config_values |
| u_WMICreateProces | 1 | |
| u_Origin | 2 | ProcessWMIActivity |
| u_ChangeOwner | 1 | CollectStates |
| s_OnImageConfig | 1 | LUA_init_module |
| u_Asr-Health | 1 | EmitDiagnostic |
| u_Lua_IsSignedFil | 1 | mp_lua_api_IsTrustedFile |
| s_high_compute_measurement_interv | 1 | init |
| u_MpDisableTrustA | 2 | trustanchors_init_module,TrustAnchorHolder |
| s_include_bene | 1 | init |
| s_IssuerUtf8 | 1 | CreateCertificateInfoTable |
| s_MpExhaustiveAppleScriptScanning | 2 | __macappl_scanfile,macappl_scanfile_legacy |
| s_RefreshTrustAnchors | 2 | completeEngineInitialization |
| s_MpTrustCheck_IsMicrosoftRootSig | 1 | AddMpAttributes |
| s_CustomAsrNotAllowedRemediation | 2 | OnStreamDetection,ProcessRuleOnImageConfig |
| s_SMSSetAttributeForRegion_failed | 1 | mp_lua_api_SetAttributeForRegion |
| u_MdDiskSensorHig | 2 | SigDataInit |
| s_MpTrustCheck_TrustedPublisher | 1 | AddMpAttributes |
| s_authenticode_check | 1 | _build_json_telemetry_helper |
| s_1.1.24060.5 | 3 | InitializeMpEngineUtils,modprobe_init_worker |
| s_ELF.GetSectionName():_Offset_ou | 1 | elfo_lua_api_GetSectionName |
| s_BENE:Filtering_detection_for: | 2 | should_report |
| s_TDT_Driver_configuration_versio | 2 | `dynamic_initializer_for_'error_strings'' |
| s_FwpmSubLayerAdd0 | 1 | |
| s_FwpmEngineClose0 | 1 | |
| s_SignatureRing_75b10b501 | 1 | modprobe_init |
| u_allocprotection | 2 | AddMemoryQuery |
| u_MpDisableOverwr | 2 | RegisterBmDynConfigValues,ReadBmDynConfigValues |
| s__exception_caught_in_cpu_intens | 1 | local_telemetry_server_impl |
| u_smsflags | 2 | AddMemoryQuery |
| u_MpMaxMemQueryNa | 2 | ConvertMemQueryDataToJson,SpynetSigLoader_init_module |
| s_BENE_high_compute:_Delete_proce | 2 | _timer_cleanup_callback |
| s_inet_pton | 1 | |
| s_authenticode_check_error_code | 1 | _build_json_telemetry_helper |
| s_CryptMsgUpdate | 4 | init,get_dll_id,`dynamic_initializer_for_'g_tdt_os_shim_api_list'' |
| s_elfhdr | 3 | lmp_CreateGlobalELFTables |
| u_SmsFlags | 4 | GenerateBMSpynetReport,ConvertMemQueryDataToJson,GetMemQueryInfo |
| u_MpDisableAsrHea | 4 | FromMpHipsRule,OnAsrNotification,FromMpHipsRuleEx,FromMpHipsRuleEx2 |
| s_Engine.ASR.ExclusionFailure | 1 | EmitDiagnostic |
| s_MpTrustCheck_HasContentInOverla | 1 | AddMpAttributes |
| u_PPID | 2 | ProcessWMIActivity |
| s_Invalid_region_index_in_CheckAt | 1 | mp_lua_api_CheckAttributeForRegion |
| s_high_compute_notification | 1 | init |
| s_FwpmFilterDeleteByKey0 | 1 | |
| s_system\currentcontrolset | 1 | |
| s_Invalid_segment:_macho_segment. | 1 | macho_segment_entry___index |
| u_MemQuery | 1 | operator() |
| u_MemoryQueries | 1 | |
| u_DeleteXattr | 1 | CollectStates |
| s_Failed_to_load_mpcommon_lib | 2 | LoadLuaDynamicSignatures |
| s_CustomAsrNotAllowedBlock | 2 | OnStreamDetection,ProcessRuleOnImageConfig |
| s_SCAN_REPLY_not_available_in_Che | 1 | mp_lua_api_CheckAttributeForRegion |
| s_Invalid_value_for_config:_%s | 4 | catch$10 |
| s_high_compute_threshold | 1 | init |
| s_"bene":{ | 1 | _build_json_telemetry_helper |
| u_SmartLockerMode | 2 | |
| s_Missing_configuration_setting:_ | 4 | catch$9 |
| u_BM_DeleteXattr | 1 | GetEventName |
| s_GetSidSubAuthorityCount | 3 | init,get_dll_id,`dynamic_initializer_for_'g_tdt_os_shim_api_list'' |
| s_system-restricted | 1 | _should_report_restricted_folders |
| s_MpTrustCheck_HasMissingRoot | 1 | AddMpAttributes |
| s_hashType | 2 | FromJSON |
| s_FwpmTransactionBegin0 | 1 | |
| s_report_filtering.bene.enable_be | 1 | init |
| u_{%llu,_%ls,___a | 1 | GetEvent |
| s_PROCESS_ATTRIBUTE_DOPPLEGANGING | 2 | Load |
| u_%hs|%ls|%ls|%hs | 1 | ReportSenseExclusionEvent |
| s_usage | 2 | FromJSON |
| u_ | 3 | HandleEtwWmiCreateProcess |
| s_running_time | 1 | _build_json_telemetry_helper |
| s_{"root":{"level":"off"}} | 2 | ~tdt_agent_impl |
| s_MpPublicRootThumbs | 1 | |
| u_wmicreateproces | 2 | ProcessBMResource |
| u_MpDisableCiEaCh | 2 | LoadTrustedContentDynamicConfigs,trustedcontent_init_module |
| s_high_compute_min_pmi_count | 1 | init |
| s_ASR | 3 | McTemplateU0ssszzsz_MPEventWriteTransfer |
| s_memsz | 1 | ephdrs___index |
| s_GetParentPpid | 1 | |
| s_High_compute_process_NOT_BENE_t | 2 | _process_high_compute_process |
| s_Scanned_process_info_not_availa | 1 | mp_lua_api_CheckAttributeForRegion |
| s_FwpmFreeMemory0 | 1 | |
| s_BENE_high_compute:Add_process | 2 | _process_high_compute_process |
| s_MpTrustCheck_InvalidlySigned | 2 | AddMpAttributes |
| s_CheckAttributeForRegion_is_only | 1 | mp_lua_api_CheckAttributeForRegion |
| s_GetProcAddress | 2 | |
| u_BCDE_75b0108a0 | 1 | sqlite3ExprCodeTarget |
| u_MpDisablePidVer | 2 | RegisterBmDynConfigValues,ReadBmDynConfigValues |
| s_high_compute_timeout | 1 | init |
| s_GetAttributesForRegion | 1 | |
| s_cume_dist_75b010660 | 2 | sqlite3WindowUpdate |
| s_Removing_%zu_processes_from_ign | 2 | _timer_cleanup_callback |
| BM_INTERNAL_CHANGE_OWNER | 1 | ProcessBmChangeOwner |
| s_MpTrustCheck_HasCodeDirectoryMi | 1 | AddMpAttributes |
| s_MpTrustCheck_HasBadSignature | 1 | AddMpAttributes |
| u_MpDisableMacLUA | 1 | LUA_init_module |
| s_MpTrustCheck_RevokedCert | 1 | AddMpAttributes |
| s_restricted | 1 | _should_report_restricted_folders |
| s_enable_high_compute | 1 | init |
| u_AllocProtection | 4 | GenerateBMSpynetReport,ConvertMemQueryDataToJson,GetMemQueryInfo |
| s_install_time | 1 | _build_json_telemetry_helper |
| s_GetCommandLine | 1 | |
| s_MpTrustCheck_HasInvalidChain | 1 | AddMpAttributes |
| s_filesz | 1 | ephdrs___index |
| s_SetDetectionString | 1 | |
| s_MemQueryRegion | 2 | |
| s_GetImagePath | 1 | |
| s_GetAttributesWithPrefixForRegio | 1 | mp_lua_api_GetAttributesWithPrefixForRegion |
| s_MemoryQuery | 3 | GetElementPriority |
| s_AsrOnlyExclusion | 2 | IsExcludedPath |
| u_quick | 2 | CheckXclRestriction |
| s_,"process_path":" | 2 | create_dynamic_throttle_status_notification,create_suppressed_detection_status_notification |
| s_FwpmFilterCreateEnumHandle0 | 1 | |
| s_ephdrs | 3 | lmp_CreateGlobalELFTables |
| s_Invalid_index_in_esec:_%d | 1 | esec___index |
| u_Possible_invali | 1 | CheckIfValidPathExclusion |
| s_4.7.1.334 | 5 | tdt_agent_impl,start,_init_tdt_version,get_platform_information |
| s_Empty_attribute_name_in_CheckAt | 1 | mp_lua_api_CheckAttributeForRegion |
| s_1.3.6.1.4.1.311.2.4.1 | 1 | _retrieve_nested_signature_information |
| s_mp.SetDetectionString():_UtilWi | 1 | mp_lua_api_SetDetectionString |
| u_TdtUserChoice | 1 | AddTdtInfo |
| s_{"version":_"4.7.1.334" | 1 | discover |
| s_Adding_%zu_processes_to_ignore_ | 2 | high_compute_process_callback |
| s_inet_ntop | 1 | |
| s_GetProcInfo_not_available_in_Ch | 1 | mp_lua_api_CheckAttributeForRegion |
| u_BM_Etw_WMICreat | 1 | GetEventName |
| u_issystemdrivess | 2 | AddIsSystemDriveSsd |
| s_AsrOnlyPerRuleExclusion | 2 | IsExcludedPath |
| s_GetPpid | 1 | |
| u_RegionCount | 2 | GenerateBMSpynetReport,GetMemQueryInfo |
| s_MpTrustCheck_IsAppleRootSigned | 1 | AddMpAttributes |
| u_TdtMpDisableBmT | 1 | AddTdtInfo |
| BM_INTERNAL_CHANGE_OWNER_FILE_OWNERS | 4 | ProcessBmChangeOwner,HandleChangeOwner |
| s_,"profile_date":" | 1 | create_suppressed_detection_status_notification |
| u_^[0-9]+$ | 1 | GetWFPRangeFromPorts |
| s_BENE_suppressed_detection | 1 | create_suppressed_detection_status_notification |
| s_No_process_handle_is_available_ | 1 | mp_lua_api_GetProcAddress |
| u_MpDisableBmChan | 2 | RegisterBmDynConfigValues,ReadBmDynConfigValues |
| s_MpTrustCheck_HasValidSignature | 1 | AddMpAttributes |
| s_Exclusion_failure | 4 | IsExcludedPath |
| s_GetAttributesForRegion_is_only_ | 1 | mp_lua_api_GetAttributesForRegion |
| s_newvaluepath_scrubbed | 2 | GetAttributePriority |
| u_Unconfigured | 1 | TrustAnchorSerialize |
| s_Unknown_member:_elfhdr.%s | 1 | elfhdr___index |
| s_GetProcAddress_called_with_an_e | 2 | mp_lua_api_GetProcAddress,bm_lua_api_GetProcAddress |
| s_{"version":_"4.7.3.334" | 1 | discover |
| s_SCAN_REPLY_not_available_in_Set | 1 | mp_lua_api_SetAttributeForRegion |
| s_Filtering_detection_after_restr | 2 | _should_report_restricted_folders |
| u_MemoryQuery | 4 | ParseAction,AddMemoryQuery |
| BM_INTERNAL_CHANGE_OWNER_FILE_PATH | 4 | ProcessBmChangeOwner,HandleChangeOwner |
| s_filter | 1 | _build_json_telemetry_helper |
| s_high_compute_throttling | 1 | init |
| u_fastpath.wdcppp | 2 | fastpath_init_module |
| s_TDT_cannot_find_a_profile/model | 2 | `dynamic_initializer_for_'error_strings'' |
| u_BM_InitializeFr | 1 | Create<wchar_t_const_(&___ptr64)[47],wchar_t*___ptr64_const&___ptr64> |
| u_IsSystemDriveSs | 1 | |
| s_MpTrustCheck_HasHashMismatch | 1 | AddMpAttributes |
| s_LC_SYMTAB | 3 | macho_lua_api_GetSegment |
| s_Located_in_a_system_directory:_ | 2 | verify_system_folder_authenticode_check |
| s_PROCESS_ATTRIBUTE_NONE | 2 | Load |
| s_ELFGen | 1 | elf_init_module |
| s_MpTrustCheck_HasUnsupportedSign | 1 | AddMpAttributes |
| s_allocprotectionflags | 1 | |
| s_FwpmSubLayerDeleteByKey0 | 1 | |
| s_file_last_access_time | 1 | SigattrlogToBmInfoKey |
| s_MpPublicDisallowedThumbs | 1 | |
| u_BM_ChangeOwner | 1 | GetEventName |
| s_BmSequentialFileReadExcludedPat | 1 | |
| s_ELF.GetSectionName():_Failed_to | 1 | elfo_lua_api_GetSectionName |
| u_NotificationTim | 1 | WriteDomain |
| u_%ls:%ls:%ls | 1 | InitializeParentNotificationForWMI |
| s_GetProcAddress_is_only_availabl | 1 | mp_lua_api_GetProcAddress |
| u_basevirtualaddr | 2 | AddMemoryQuery |
| s_MpTrustCheck_HasInvalidSignatur | 1 | AddMpAttributes |
| u_{"version":1,"e | 1 | SerializeNotFound |
| s_FwpmFilterEnum0 | 1 | |
| u_cfastatus | 2 | AddHeartbeat |
| s_GetSidSubAuthority | 3 | init,get_dll_id,`dynamic_initializer_for_'g_tdt_os_shim_api_list'' |
| s_MpTrustCheck_TrustedViaCodeInte | 1 | AddMpAttributes |
| s_charAt | 1 | |
| u_smartlockermode | 2 | |
| u_ProcessInfoId | 2 | ConvertMemQueryDataToJson |
| s_GetModAddress_is_only_available | 1 | mp_lua_api_GetModAddress |
| s_SetAttributeForRegion_is_only_a | 1 | mp_lua_api_SetAttributeForRegion |
| s_toUTCString | 1 | |
| u_BaseVirtualAddr | 4 | GenerateBMSpynetReport,ConvertMemQueryDataToJson,SetAttributeHelper<unsigned___int64> |
| s_report_filtering.bene.notify_su | 1 | init |
| u_fastpathcachesi | 2 | AddHeartbeat |
| s_GetOfficeConfigRing | 1 | |
| s_FwpmProviderGetByKey0 | 1 | |
| s_link | 1 | esec___index |
| s_elf_vars_not_available | 1 | lua_get_elfvars |
| s_directory_type | 1 | _build_json_telemetry_helper |
| s_Invalid_index_in_ephdrs:_%d | 1 | ephdrs___index |
| u_NTDLL.DLL | 1 | ApitableInit |
| u_CfaStatus | 1 | |
| s_BENE_dynamic_throttled_process | 1 | create_dynamic_throttle_status_notification |
| s_process_monitor_query_API_or_pr | 1 | high_compute_process_callback |
| s_manageddefenderproducttype | 4 | GetAttributePriority |
| s_SetAttributeForRegion | 1 | |
| s_file_attributes | 1 | SigattrlogToBmInfoKey |
| s_FwpmSubLayerGetByKey0 | 1 | |
| s_Invalid_region_index_in_GetAttr | 1 | mp_lua_api_GetAttributesForRegion |
| s_GPU_initialization_requirement: | 2 | get_dependencies |
| u_MacFQDN | 2 | ProcessWMIActivity |
| s_ERROR:_CryptMsgOpenToDecode_fai | 2 | _retrieve_nested_signature_information |
| u_CreatedProcess | 1 | CollectStates |
| s_environment | 2 | FromJSON |
| s_trustanchors | 1 | |
| s_FwpmProviderDeleteByKey0 | 1 | |
| s_!#BLKEXC: | 1 | CallOnImageConfigScriptsImpl |
| s_GetPlatformBuild | 1 | |
| u_MemQueryRegion | 3 | AddMemoryQuery |
| s_LuaGetModAddress(%s)_failed | 2 | bm_lua_api_GetModAddress,mp_lua_api_GetModAddress |
| s_MpTrustCheck_HasExpired | 1 | AddMpAttributes |
| u_CloudResponse | 1 | CollectStates |
| s_MpTrustChecked | 2 | AddMpAttributes |
| s_FwpmTransactionCommit0 | 1 | |
| u_MpDisableDevice | 4 | LoadRulesFromDatabase,UpdateRules,SetDeviceAuditMode,hips_init_module |
| s_SIGNATURE_TYPE_DATABASE_CERT3 | 2 | getsigtype |
| u_MpSMSMemQueryCo | 2 | SMS_init_module,AddMemQuery |
| s_NtReadVirtualMemoryEx | 1 | ReadProcessMemoryInternal |
| s_GetSafeReleaseRing | 1 | |
| s_4.7.3.334 | 6 | tdt_agent_impl,start,get_tdt_version,get_platform_information |
| u_MemQueryRegions | 2 | ConvertMemQueryDataToJson |
| s_OpenProcess(PROCESS_QUERY_LIMIT | 2 | _get_process_info |
| s_FilePath | 2 | McTemplateU0ssszzsz_MPEventWriteTransfer |
| u_MpSMSKillbitMem | 2 | GetMemQueryInfo,SMS_init_module |
| u_! | 1 | BmCloudResponse |
| s_+-0123456789ABCDEFGHIJKLMNOPQRST_75b049600 | 7 | encodeXXD |
| s_SIGNATURE_TYPE_ASCRIPTHSTR_EXT | 2 | getsigtype |
| s_1.0 | 1 | _build_json_telemetry_helper |
| s_MpTrustCheck_CatalogSigned | 1 | AddMpAttributes |
| u_MpDisableBmDele | 2 | RegisterBmDynConfigValues,ReadBmDynConfigValues |
| s_QueryFullProcessImageNameW | 3 | init,get_dll_id,`dynamic_initializer_for_'g_tdt_os_shim_api_list'' |
| s_SubjectUtf8 | 1 | CreateCertificateInfoTable |
| s_ERROR:_CryptMsgGetParam_failed: | 4 | _retrieve_nested_signature_information |
| s_BmSequentialFileReadIncludedExt | 1 | |
| s_addralign | 1 | esec___index |
| u_processinfoid | 2 | AddMemoryQuery |
| s_Empty_attribute_prefix_name_in_ | 1 | mp_lua_api_GetAttributesWithPrefixForRegion |
| s_ELF.GetSectionName():_Not_an_EL | 1 | elfo_lua_api_GetSectionName |
| u_fastpath.wdcp.m | 2 | fastpath_init_module |
| u_WMIInfo | 1 | InitializeParentNotificationForWMI |
| s_CheckAttributeForRegion | 1 | |
| s_MpTrustCheck_HasOtherInvalidRea | 1 | AddMpAttributes |
| s_MpTrustCheck_HasMalformedSignat | 1 | AddMpAttributes |
| s_No_memory_ranges_available_in_G | 1 | mp_lua_api_GetAttributesForRegion |
| u_MdDiskSensorLow | 2 | SigDataInit |
| s_BmSequentialFileReadIncludedPat | 1 | |
| s_Memory_allocation_failed_ | 1 | _retrieve_nested_signature_information |
| s_FwpmFilterDestroyEnumHandle0 | 1 | |
| u_FastpathCacheSi | 1 | |
| s_Restricted_folder_check_for:_%s | 2 | _should_report_restricted_folders |
| u_ASR_exclusion_f | 1 | EmitDiagnostic |
| s_ObCheckObjectAccess | 1 | FindObTypeIndexTableEmulation |
| s_entsize | 1 | esec___index |
| u_currentprotecti | 2 | AddMemoryQuery |
| s_GetModAddress_called_with_an_em | 2 | bm_lua_api_GetModAddress,mp_lua_api_GetModAddress |
| s_BENE_trusted_high_compute_proce | 2 | _process_high_compute_process |
| u_] | 1 | GetInfoFromFilter |
| s_MpTrustCheck_HasBrokenChain | 1 | AddMpAttributes |
| u_BM_CloudRespons | 1 | GetEventName |
| s_file_last_write_time | 1 | SigattrlogToBmInfoKey |
| s_ERROR:CryptMsgUpdate_failed:% | 2 | _retrieve_nested_signature_information |
tdt_library_v_current::bit_shovel_plugins::internal::`dynamic_initializer_for_'isv_sample_description''
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'isv_sample_description'' |
| fullname | tdt_library_v_current::bit_shovel_plugins::internal::`dynamic_initializer_for_'isv_sample_description'' |
| refcount | 4 |
| length | 39 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::bit_shovel_plugins::internal::`dynamic_atexit_destructor_for_'isv_sample_description'' |
| calling | |
| paramcount | 0 |
| address | 75a122900 |
| sig | undefined _fastcall `dynamic_initializer_for'isv_sample_description''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | DoFormating |
| fullname | CommonUtil::CSprintfAlloc<struct_CommonUtil::CNewSprintfPolicy<wchar_t>,260>::DoFormating |
| refcount | 3 |
| length | 512 |
| called | CommonUtil::CNewSprintfPolicy<wchar_t>::ReAllocateNoCopy MpUtilsExports::MpStringCchVPrintfWImpl __local_stdio_printf_options __security_check_cookie __stdio_common_vswprintf _vscwprintf_l `__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl> free memcpy |
| calling | CommonUtil::NewSprintfW CommonUtil::NewVSprintfW |
| paramcount | 5 |
| address | 75a188ccc |
| sig | long __cdecl DoFormating(__uint64 * param_1, wchar_t * * param_2, wchar_t * param_3, char * param_4, __uint64 param_5) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>
| Key | mpengine.dll |
|---|---|
| name | plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64> |
| fullname | tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64> |
| refcount | 2 |
| length | 153 |
| called | _Mtx_init_in_situ std::_Container_base12::_Alloc_proxy<class_std::allocator<struct_std::Container_proxy>> std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject> |
| calling | std::make_shared<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>,class_std::function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64_const&___ptr64)>_const&___ptr64,class_std::shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool>&___ptr64> |
| paramcount | 3 |
| address | 75a1999cc |
| sig | undefined __thiscall plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64>(plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64> * this, function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_update_api*___ptr64_const&___ptr64)> * param_1, shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>
| Key | mpengine.dll |
|---|---|
| name | plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64> |
| fullname | tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64> |
| refcount | 2 |
| length | 153 |
| called | _Mtx_init_in_situ std::_Container_base12::_Alloc_proxy<class_std::allocator<struct_std::Container_proxy>> std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject> |
| calling | std::make_shared<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>,class_std::function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>_const&___ptr64,class_std::shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool>&___ptr64> |
| paramcount | 3 |
| address | 75a19a118 |
| sig | undefined __thiscall plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64>(plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64> * this, function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> * param_1, shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger>::_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger><>
| Key | mpengine.dll |
|---|---|
| name | _Ref_count_obj2<class_tdt_library_v_next::logger_client::logger><> |
| fullname | std::_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger>::_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger><> |
| refcount | 3 |
| length | 135 |
| called | _Mtx_init_in_situ memset |
| calling | tdt_library_v_next::logger_client::logger::set_logger |
| paramcount | 1 |
| address | 75a19a728 |
| sig | undefined __thiscall _Ref_count_obj2<class_tdt_library_v_next::logger_client::logger><>(_Ref_count_obj2<class_tdt_library_v_next::logger_client::logger> * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | GetCfaReason |
| fullname | ProcessContext::GetCfaReason |
| refcount | 2 |
| length | 80 |
| called |
guard_dispatch_icall |
| calling | NotifyServiceOfASRViolation |
| paramcount | 2 |
| address | 75a237d7c |
| sig | ulong __thiscall GetCfaReason(ProcessContext * this, bool * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | Init |
| fullname | unlzmaBase<class_lzmaBitStream>::Init |
| refcount | 3 |
| length | 261 |
| called | lzmaOutStream::ResetLZWindow lzma_t::operator= lzma_t::valid lzstream::Init rstream::Init |
| calling | |
| paramcount | 2 |
| address | 75a2cb120 |
| sig | uncompress_error_t __thiscall Init(unlzmaBase<class_lzmaBitStream> * this, unpackdata_t * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>
| Key | mpengine.dll |
|---|---|
| name | _Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>> |
| fullname | std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>> |
| refcount | 4 |
| length | 44 |
| called | std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>> |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>>::Clear_guard:: std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>>:: std::list<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,class_std::allocator<struct_std::pair<unsigned___int64_const_,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>>::~list<struct_std::pair<unsigned___int64_const_,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,class_std::allocator<struct_std::pair<unsigned___int64_const_,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>> |
| paramcount | 2 |
| address | 75a335120 |
| sig | void __cdecl _Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>(allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*__ptr64>> * param_1, List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_e0b316cc40eb5d101a892dedc51db4ec>::operator() |
| refcount | 3 |
| length | 133 |
| called | CommonUtil::CCommonThrowHR::operator= KERNEL32.DLL::AcquireSRWLockExclusive KERNEL32.DLL::ReleaseSRWLockExclusive MetaStore::MetaVaultStorageSQLite::DoRemove mpsqlite::AMSQLiteDB::begin_transaction mpsqlite::AMSQLiteDB::commit mpsqlite::db_rollback_guard::~db_rollback_guard |
| calling | CommonUtil::detail::InvokeThrowingFunction<<lambda_e0b316cc40eb5d101a892dedc51db4ec>_> |
| paramcount | 4 |
| address | 75a388600 |
| sig | undefined8 __fastcall operator()(longlong * param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | register_refresh_callback |
| fullname | tdt_library_v_current::bit_shovel_plugins::normalizer::register_refresh_callback |
| refcount | 3 |
| length | 65 |
| called | std::_Default_allocator_traits<class_std::allocator<class_std::function<void___cdecl(float_const*___ptr64,unsigned___int64,struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_context_t_const*___ptr64,void*_ptr64)>>>::construct<class_std::function<void___cdecl(float_const*___ptr64,unsigned___int64,struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_context_t_const*___ptr64,void*___ptr64)>,class_std::function<void___cdecl(float_const*___ptr64,unsigned___int64,struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_context_t_const*___ptr64,void*___ptr64)>_const&__ptr64> std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64> |
| calling | |
| paramcount | 2 |
| address | 75a43a750 |
| sig | bool __thiscall register_refresh_callback(normalizer * this, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&___ptr64)> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64>
| Key | mpengine.dll |
|---|---|
| name | Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64> |
| fullname | std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64> |
| refcount | 2 |
| length | 303 |
| called |
guard_dispatch_icall std::_Allocate<16,struct_std::_Default_allocate_traits,0> std::_Get_size_of_n<64> std::Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>> std::Xlength_error std::vector<class_std::function<void___cdecl(void)>,class_std::allocator<class_std::function<void___cdecl(void)>>>::_Change_array |
| calling | tdt_library_v_current::bit_shovel_plugins::normalizer::register_refresh_callback |
| paramcount | 3 |
| address | 75a43a9c0 |
| sig | function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&___ptr64)> * __thiscall Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&__ptr64>(vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>> * this, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)> * param_1, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>
| Key | mpengine.dll |
|---|---|
| name | Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>> |
| fullname | std::Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>> |
| refcount | 3 |
| length | 187 |
| called |
guard_dispatch_icall std::_Destroy_range<class_std::allocator<class_std::function<void___cdecl(float_const*___ptr64,unsigned___int64,struct_tdt_library_v_next::bit_shovel_plugins::normalized_record_context_t_const*___ptr64,void*_ptr64)>>> |
| calling | std::vector<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&__ptr64)>,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&_ptr64)>>>::Emplace_reallocate<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>_const&___ptr64> |
| paramcount | 4 |
| address | 75a43aff0 |
| sig | function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>_>_const&___ptr64)> * __cdecl Uninitialized_move<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&___ptr64)>*__ptr64,class_std::allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&ptr64)>>>(function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)> * param_1, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)> * param_2, function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)> * param_3, allocator<class_std::function<void___cdecl(class_std::vector<unsigned___int64,class_std::allocator<unsigned___int64>>_const&__ptr64)>> * param_4) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_referenceExternalSequences |
| fullname | ZSTD_referenceExternalSequences |
| refcount | 1 |
| length | 68 |
| called | |
| calling | ZSTD_resetCCtx_internal |
| paramcount | 3 |
| address | 75a4439c0 |
| sig | __uint64 __cdecl ZSTD_referenceExternalSequences(ZSTD_CCtx_s * param_1, rawSeq * param_2, __uint64 param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | Enumerator |
| fullname | kcrce_t::Enumerator |
| refcount | 3 |
| length | 50 |
| called | MpSignatureStore<struct_kcrce_t,unsigned_long,3,1,1,1,0,0,struct_kcrce_t,0,0>::Set di::TelemetryAssert::AssertTriggeredNoArgs |
| calling | MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a4b6a50 |
| sig | void __cdecl Enumerator(MpSignatureClasses param_1, kcrce_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::classifier>::operator=<class_tdt_library_v_next::bit_shovel_plugins::classifier,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::classifier>,0>
| Key | mpengine.dll |
|---|---|
| name | operator=<class_tdt_library_v_next::bit_shovel_plugins::classifier,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::classifier>,0> |
| fullname | std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::classifier>::operator=<class_tdt_library_v_next::bit_shovel_plugins::classifier,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::classifier>,0> |
| refcount | 2 |
| length | 140 |
| called | operator_new std::_Ref_count_base::_Decref |
| calling | tdt_library_v_next::bit_shovel_plugins::classifier_plugin::_create_detection_agents |
| paramcount | 2 |
| address | 75a50b47c |
| sig | shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::classifier> * __thiscall operator=<class_tdt_library_v_next::bit_shovel_plugins::classifier,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::classifier>,0>(shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::classifier> * this, unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::classifier,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::classifier>_> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>
| Key | mpengine.dll |
|---|---|
| name | plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64> |
| fullname | tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64> |
| refcount | 3 |
| length | 153 |
| called | _Mtx_init_in_situ std::_Container_base12::_Alloc_proxy<class_std::allocator<struct_std::Container_proxy>> std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject> |
| calling | std::make_shared<class_tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>,class_std::function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64_const&___ptr64)>_const&___ptr64,class_std::shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool>&___ptr64> |
| paramcount | 3 |
| address | 75a50c6ec |
| sig | undefined __thiscall plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64>(plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64> * this, function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::process_monitor_service_query_api*___ptr64_const&___ptr64)> * param_1, shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | <lambda_0f9762a6c82734cc8c0c6edb2ce7b823> |
| fullname | <lambda_0f9762a6c82734cc8c0c6edb2ce7b823>::<lambda_0f9762a6c82734cc8c0c6edb2ce7b823> |
| refcount | 2 |
| length | 51 |
| called | |
| calling | HipsManager::OnImageConfig |
| paramcount | 8 |
| address | 75a53b3a8 |
| sig | undefined8 * __fastcall <lambda_0f9762a6c82734cc8c0c6edb2ce7b823>(undefined8 * param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, undefined8 param_5, undefined8 param_6, undefined8 param_7, undefined8 param_8) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ProcessNotification |
| fullname | ProcessNotification::ProcessNotification |
| refcount | 2 |
| length | 111 |
| called | NotificationImpl::NotificationImpl ProcessNotificationInfo::ProcessNotificationInfo di::TelemetryAssert::AssertTriggeredNoArgs |
| calling | ProcessNotification::CreateInstance<struct_ProcessForkSetup> |
| paramcount | 3 |
| address | 75a553ec0 |
| sig | undefined __thiscall ProcessNotification(ProcessNotification * this, NotificationSetup * param_1, ProcessForkSetup * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ExtractStartupParameters |
| fullname | ExtractStartupParameters |
| refcount | 3 |
| length | 103 |
| called | MpIsWindowsVistaSP1 |
| calling | NotificationFactory::CreateInstanceForProcessFork NotificationFactory::CreateInstancesForProcessStartAndCreate |
| paramcount | 2 |
| address | 75a5546fc |
| sig | undefined4 * __fastcall ExtractStartupParameters(undefined4 * param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
boost::regex_match<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>
| Key | mpengine.dll |
|---|---|
| name | regex_match<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> |
| fullname | boost::regex_match<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> |
| refcount | 2 |
| length | 141 |
| called | boost::regex_match<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> std::_Ref_count_base::_Decref std::vector<struct_boost::sub_match<unsigned_char_const*___ptr64>,class_std::allocator<struct_boost::sub_match<unsigned_char_const*_ptr64>>>::_Tidy |
| calling | ShouldCollectDsnInfo |
| paramcount | 3 |
| address | 75a55d15c |
| sig | bool __cdecl regex_match<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>(wchar_t * param_1, basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> * param_2, _match_flags param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
boost::regex_match<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>
| Key | mpengine.dll |
|---|---|
| name | regex_match<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> |
| fullname | boost::regex_match<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> |
| refcount | 2 |
| length | 83 |
| called | boost::re_detail_500::perl_matcher<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>::match_imp boost::re_detail_500::perl_matcher<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>::perl_matcher<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> boost::re_detail_500::perl_matcher<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>::~perl_matcher<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> |
| calling | boost::regex_match<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> |
| paramcount | 5 |
| address | 75a55d1ec |
| sig | bool __cdecl regex_match<wchar_t_const*___ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>,wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>>(wchar_t * param_1, wchar_t * param_2, match_results<wchar_t_const*__ptr64,class_std::allocator<struct_boost::sub_match<wchar_t_const*ptr64>>> * param_3, basic_regex<wchar_t,struct_boost::regex_traits<wchar_t,class_boost::w32_regex_traits<wchar_t>>> * param_4, _match_flags param_5) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_ab4896eea3dda5dcb30d00db0dd69d6a>::operator() |
| refcount | 2 |
| length | 280 |
| called | __security_check_cookie guard_dispatch_icall std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::to_string tdt_library_v_current::bit_shovel::data_network::push<struct_tdt_library_v_current::bit_shovel::pipeline_message_t> tdt_library_v_current::bit_shovel_plugins::message_processing_agent::process_tlv tdt_library_v_next::bit_shovel::result_type::operator_bool |
| calling | std::_Func_impl_no_alloc<<lambda_ab4896eea3dda5dcb30d00db0dd69d6a>,void,std::shared_ptr<tdt_library_v_current::bit_shovel_plugins::core_telemetry_data_buffer_base_t>const&>::_Do_call |
| paramcount | 2 |
| address | 75a562348 |
| sig | undefined __fastcall operator()(longlong * param_1, undefined8 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::get_memory_usage_info
| Key | mpengine.dll |
|---|---|
| name | get_memory_usage_info |
| fullname | tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::get_memory_usage_info |
| refcount | 2 |
| length | 768 |
| called | Expand for full list: |
| calling | tdt_library_v_current::bit_shovel_plugins::internal::classifier_detect_impl::log_statistics |
| paramcount | 2 |
| address | 75a56d158 |
| sig | vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> __thiscall get_memory_usage_info(time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>> * this, vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ERR_isError |
| fullname | ERR_isError |
| refcount | 8 |
| length | 10 |
| called | |
| calling | HUF_decompress4X1_usingDTable_internal_default HUF_decompress4X2_usingDTable_internal_default |
| paramcount | 1 |
| address | 75a5b485c |
| sig | bool __fastcall ERR_isError(ulonglong param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_countLeadingZeros32 |
| fullname | ZSTD_countLeadingZeros32 |
| refcount | 124 |
| length | 11 |
| called | |
| calling | Expand for full list:ZSTD_compressBlock_lazy2 |
| paramcount | 1 |
| address | 75a5c79b4 |
| sig | int __fastcall ZSTD_countLeadingZeros32(uint param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_b109789c927efe5b167c2c56ccf13c09>::operator() |
| refcount | 2 |
| length | 91 |
| called | MetaStore::`anonymous_namespace'::MetaStore::InitVault |
| calling | CommonUtil::detail::InvokeThrowingFunction<<lambda_b109789c927efe5b167c2c56ccf13c09>_> |
| paramcount | 1 |
| address | 75a5de938 |
| sig | undefined __fastcall operator()(longlong * param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | enable_cpu_mode_data_throttling |
| fullname | tdt_library_v_next::bit_shovel_plugins::normalizer::enable_cpu_mode_data_throttling |
| refcount | 4 |
| length | 59 |
| called | std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_std::pair<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>const,class_std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>>>>>,struct_std::_Iterator_base0>::operator++ |
| calling | |
| paramcount | 1 |
| address | 75a5eaec0 |
| sig | void __thiscall enable_cpu_mode_data_throttling(normalizer * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to> |
| fullname | std::search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to> |
| refcount | 3 |
| length | 122 |
| called | memcmp |
| calling | elffile_scan |
| paramcount | 4 |
| address | 75a5f3a5c |
| sig | void * __cdecl search<char_const*___ptr64,char_const*__ptr64,struct_std::equal_to>(void * param_1, void * param_2, undefined8 param_3, longlong param_4) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | get_severity |
| fullname | get_severity |
| refcount | 2 |
| length | 85 |
| called | kpopobjectex |
| calling | GetSeverity |
| paramcount | 1 |
| address | 75a60ebc0 |
| sig | uchar __cdecl get_severity(t_mini_threat_record * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | InitializeCbpNamespacesTracking |
| fullname | ProcessContext::InitializeCbpNamespacesTracking |
| refcount | 2 |
| length | 438 |
| called | FgGetState GetDosPathFromNormalizedPath IsKnownFriendly IsKnownFriendlyWin32Path ProcessContext::GetImagePathUnlocked free |
| calling | ProcessContext::ProcessContext |
| paramcount | 1 |
| address | 75a61e140 |
| sig | void __thiscall InitializeCbpNamespacesTracking(ProcessContext * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Construct_in_place<class_tdt_library_v_current::bit_shovel::internal::manifest_profile_impl,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64>
| Key | mpengine.dll |
|---|---|
| name | Construct_in_place<class_tdt_library_v_current::bit_shovel::internal::manifest_profile_impl,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64> |
| fullname | std::Construct_in_place<class_tdt_library_v_current::bit_shovel::internal::manifest_profile_impl,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64> |
| refcount | 2 |
| length | 96 |
| called | std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> tdt_library_v_current::bit_shovel::internal::manifest_profile_impl::manifest_profile_impl |
| calling | std::make_shared<class_tdt_library_v_current::bit_shovel::internal::manifest_profile_impl,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64> |
| paramcount | 5 |
| address | 75a689448 |
| sig | void __cdecl Construct_in_place<class_tdt_library_v_current::bit_shovel::internal::manifest_profile_impl,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&ptr64>(manifest_profile_impl * param_1, basic_string<char,struct_std::char_traits,class_std::allocator> * param_2, basic_string<char,struct_std::char_traits,class_std::allocator> * param_3, function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)> * param_4, __int64 * param_5) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator()<unsigned_int> |
| fullname | <lambda_58dc01438a89ee0f93db9ac1773df0c2>::operator()<unsigned_int> |
| refcount | 2 |
| length | 279 |
| called | __security_check_cookie boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::walk_path boost::property_tree::stream_translator<char,struct_std::char_traits,class_std::allocator,int>::stream_translator<char,struct_std::char_traits,class_std::allocator,int> boost::property_tree::stream_translator<char,struct_std::char_traits,class_std::allocator,unsigned_int>::get_value std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator_> std::locale::_Init std::locale::~locale |
| calling | <lambda_6fafff7b3ac3d9e480437146482f9cd7>::operator() |
| paramcount | 2 |
| address | 75a6a6b40 |
| sig | undefined __fastcall operator()<unsigned_int>(undefined8 * param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | isprime |
| fullname | isprime |
| refcount | 1 |
| length | 106 |
| called | |
| calling | kstore_copy_buff |
| paramcount | 1 |
| address | 75a6b6ee0 |
| sig | undefined8 __fastcall isprime(ulonglong param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::driver_thread_handler,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64)>&___ptr64,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64)>&___ptr64,0>
| Key | mpengine.dll |
|---|---|
| name | make_unique<class_tdt_library_v_next::bit_shovel_plugins::driver_thread_handler,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64)>&___ptr64,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64)>&___ptr64,0> |
| fullname | std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::driver_thread_handler,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64)>&___ptr64,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64)>&___ptr64,0> |
| refcount | 2 |
| length | 185 |
| called |
guard_dispatch_icall operator_new tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::driver_thread_handler |
| calling | tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::init |
| paramcount | 3 |
| address | 75a6b82f4 |
| sig | undefined8 * __cdecl make_unique<class_tdt_library_v_next::bit_shovel_plugins::driver_thread_handler,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64)>&___ptr64,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64)>&___ptr64,0>(undefined8 * param_1, longlong param_2, longlong param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | driver_thread_handler |
| fullname | tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::driver_thread_handler |
| refcount | 2 |
| length | 206 |
| called | _Mtx_init_in_situ memset std::_Func_class<class_tdt_library_v_next::bit_shovel::result_type,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>::_Reset_move std::Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64>::_Tidy tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::driver_interface_impl tdt_library_v_next::tdt_app_profiling::file_path_preprocessor::file_path_preprocessor |
| calling | std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::driver_thread_handler,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64)>&___ptr64,class_std::function<class_tdt_library_v_next::bit_shovel::result_type___cdecl(class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64)>&___ptr64,0> |
| paramcount | 3 |
| address | 75a6b83b0 |
| sig | driver_thread_handler * __thiscall driver_thread_handler(driver_thread_handler * this, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_1, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | get_driver_stats |
| fullname | tdt_library_v_next::bit_shovel_plugins::driver_thread_handler::get_driver_stats |
| refcount | 2 |
| length | 98 |
| called |
guard_dispatch_icall |
| calling | tdt_library_v_next::bit_shovel_plugins::local_telemetry_server_impl::get_driver_stats |
| paramcount | 4 |
| address | 75a6c49f0 |
| sig | undefined4 * __thiscall get_driver_stats(driver_thread_handler * this, undefined4 * param_1, undefined8 param_2, undefined4 param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_0ecd438b0ae0830926a4a2907280c33b>::operator() |
| refcount | 2 |
| length | 280 |
| called | __security_check_cookie guard_dispatch_icall std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::to_string tdt_library_v_next::bit_shovel::data_network::push<struct_tdt_library_v_next::bit_shovel::pipeline_message_t> tdt_library_v_next::bit_shovel::result_type::operator_bool tdt_library_v_next::bit_shovel_plugins::message_processing_agent::process_tlv |
| calling | std::_Func_impl_no_alloc<<lambda_0ecd438b0ae0830926a4a2907280c33b>,void,std::shared_ptr<tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>const&>::_Do_call |
| paramcount | 2 |
| address | 75a6c56c0 |
| sig | undefined __fastcall operator()(longlong * param_1, undefined8 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_5de480ac5052e7a6c29da0bb261e687c>::operator() |
| refcount | 2 |
| length | 96 |
| called | MetaStore::`anonymous_namespace'::MetaStore::InitVault |
| calling | CommonUtil::detail::InvokeThrowingFunction<<lambda_5de480ac5052e7a6c29da0bb261e687c>_> |
| paramcount | 1 |
| address | 75a6d18f0 |
| sig | undefined __fastcall operator()(longlong * param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | KstoreUnlocker |
| fullname | KstoreUnlocker::KstoreUnlocker |
| refcount | 3 |
| length | 45 |
| called | kstore_unpin |
| calling | FpNotifyBlobUnload LoadBlobCore |
| paramcount | 1 |
| address | 75a70a7c8 |
| sig | undefined __thiscall KstoreUnlocker(KstoreUnlocker * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | kstore_unpin |
| fullname | kstore_unpin |
| refcount | 2 |
| length | 210 |
| called | KERNEL32.DLL::GetLastError KERNEL32.DLL::VirtualProtect WPP_SF_l `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer |
| calling | KstoreUnlocker::KstoreUnlocker |
| paramcount | 0 |
| address | 75a70a7f8 |
| sig | bool __cdecl kstore_unpin(void) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | kstore_pin |
| fullname | kstore_pin |
| refcount | 2 |
| length | 210 |
| called | KERNEL32.DLL::GetLastError KERNEL32.DLL::VirtualProtect WPP_SF_l `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer |
| calling | KstoreUnlocker::~KstoreUnlocker |
| paramcount | 0 |
| address | 75a70be60 |
| sig | bool __cdecl kstore_pin(void) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | AsrRuleContainer |
| fullname | AsrRuleContainer::AsrRuleContainer |
| refcount | 2 |
| length | 96 |
| called | operator_new std::map<struct__GUID,struct_AsrRuleData_t,struct_GUIDCompare,class_std::allocator<struct_std::pair<struct__GUID_const_,struct_AsrRuleData_t>>>::map<struct__GUID,struct_AsrRuleData_t,struct_GUIDCompare,class_std::allocator<struct_std::pair<struct__GUID_const_,struct_AsrRuleData_t>>> |
| calling | HipsManager::HipsManager |
| paramcount | 1 |
| address | 75a711aa0 |
| sig | undefined __thiscall AsrRuleContainer(AsrRuleContainer * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger>::_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger><>
| Key | mpengine.dll |
|---|---|
| name | _Ref_count_obj2<class_tdt_library_v_current::logger_client::logger><> |
| fullname | std::_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger>::_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger><> |
| refcount | 3 |
| length | 135 |
| called | _Mtx_init_in_situ memset |
| calling | tdt_library_v_current::logger_client::logger::set_logger |
| paramcount | 1 |
| address | 75a791c9c |
| sig | undefined __thiscall _Ref_count_obj2<class_tdt_library_v_current::logger_client::logger><>(_Ref_count_obj2<class_tdt_library_v_current::logger_client::logger> * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_091b22df2017f17e232e72bdb61857f3>::operator() |
| refcount | 2 |
| length | 394 |
| called | Expand for full list: |
| calling | std::_Func_impl_no_alloc<<lambda_091b22df2017f17e232e72bdb61857f3>,void,std::shared_ptr<tdt_library_v_current::tdt_app_profiling::preprocessed_events::event_base_t>const&,bool>::_Do_call |
| paramcount | 2 |
| address | 75a7a0598 |
| sig | undefined __fastcall operator()(undefined8 * param_1, longlong * param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | CreateInstance<struct_ProcessForkSetup> |
| fullname | ProcessNotification::CreateInstance<struct_ProcessForkSetup> |
| refcount | 2 |
| length | 141 |
| called | CommonUtil::AutoRef<class_IUfsNodeCallbacks>::~AutoRef<class_IUfsNodeCallbacks> ProcessNotification::ProcessNotification guard_dispatch_icall di::TelemetryAssert::AssertTriggeredNoArgs operator_new |
| calling | NotificationFactory::CreateInstanceForProcessFork |
| paramcount | 3 |
| address | 75a7a50d4 |
| sig | long __cdecl CreateInstance<struct_ProcessForkSetup>(ProcessNotification * * param_1, NotificationSetup * param_2, ProcessForkSetup * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_4779b7e98c341a68831230402777e48b>::operator() |
| refcount | 2 |
| length | 394 |
| called | Expand for full list: |
| calling | std::_Func_impl_no_alloc<<lambda_4779b7e98c341a68831230402777e48b>,void,std::shared_ptr<tdt_library_v_next::tdt_app_profiling::preprocessed_events::event_base_t>const&,bool>::_Do_call |
| paramcount | 2 |
| address | 75a7b7fbc |
| sig | undefined __fastcall operator()(undefined8 * param_1, longlong * param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_efc146e1925f504b8e368bb21ece150f>::operator() |
| refcount | 3 |
| length | 208 |
| called | __security_check_cookie guard_dispatch_icall std::Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64>::_Tidy |
| calling | tdt_library_v_current::bit_shovel_plugins::classifier_plugin::push_configs |
| paramcount | 2 |
| address | 75a902f78 |
| sig | undefined __fastcall operator()(undefined8 * param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | _refresh_agents |
| fullname | tdt_library_v_current::bit_shovel_plugins::classifier_plugin::_refresh_agents |
| refcount | 2 |
| length | 138 |
| called | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Erase<unsigned___int64> |
| calling | std::Func_impl_no_alloc<<lambda_c6320d5bae4a8a1caa5a57618aaaf0fd>,void,std::vector<unsigned___int64,std::allocator<unsigned___int64>>const&>::_Do_call |
| paramcount | 2 |
| address | 75a903e0c |
| sig | void __thiscall refresh_agents(classifier_plugin * this, vector<unsigned___int64,class_std::allocator<unsigned___int64>> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>
| Key | mpengine.dll |
|---|---|
| name | List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| fullname | std::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| refcount | 3 |
| length | 157 |
| called | std::Allocate<16,struct_std::Default_allocate_traits,0> std::map<unsigned___int64,class_std::shared_ptr<struct_ObjectManager::Object>,struct_std::less<unsigned___int64>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_std::shared_ptr<struct_ObjectManager::Object>>>>::map<unsigned___int64,class_std::shared_ptr<struct_ObjectManager::Object>,struct_std::less<unsigned___int64>,class_std::allocator<struct_std::pair<unsigned___int64_const_,class_std::shared_ptr<struct_ObjectManager::Object>>>> tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>_> tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config::sliding_score_bucket_config |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| paramcount | 4 |
| address | 75a9058fc |
| sig | undefined __thiscall List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>(List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*ptr64>>> * this, allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*__ptr64>> * param_1, __uint64 * param_2, sliding_score_bucket<float,unsigned_int> * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Erase<unsigned___int64>
| Key | mpengine.dll |
|---|---|
| name | _Erase<unsigned___int64> |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Erase<unsigned___int64> |
| refcount | 2 |
| length | 157 |
| called | std::_Hash<class_std::_Umap_traits<unsigned___int64,class_std::vector<void*___ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*_ptr64>>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_std::vector<void*__ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*ptr64>>>>,0>>::Find_last<unsigned___int64> std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*___ptr64>::Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>> std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> |
| calling | tdt_library_v_current::bit_shovel_plugins::classifier_plugin::_refresh_agents |
| paramcount | 2 |
| address | 75a905c84 |
| sig | __uint64 __thiscall Erase<unsigned___int64>(Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>_> * this, __uint64 * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>
| Key | mpengine.dll |
|---|---|
| name | emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| refcount | 2 |
| length | 361 |
| called | std::Hash<class_std::Umap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_tdt_library_v_next::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_tdt_library_v_next::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t>>,0>>::Desired_grow_bucket_count std::Hash<class_std::Umap_traits<struct_PersistentProcessID,class_CommonUtil::AutoRefWrapper<struct_ProcessInfoBase>,class_std::Uhash_compare<struct_PersistentProcessID,struct_CommonUtil::CStdHashMapCompare<struct_PersistentProcessID,struct_CommonUtil::CStdRefHashMapAdapter<struct_PersistentProcessID,struct_ProcessInfoBase,struct_CommonUtil::CStdDefaultCompare<struct_PersistentProcessID,struct_std::hash<struct_PersistentProcessID>>>::CPolicy>,struct_CommonUtil::CStdHashMapCompare<struct_PersistentProcessID,struct_CommonUtil::CStdRefHashMapAdapter<struct_PersistentProcessID,struct_ProcessInfoBase,struct_CommonUtil::CStdDefaultCompare<struct_PersistentProcessID,struct_std::hash<struct_PersistentProcessID>>>::CPolicy>>,class_std::allocator<struct_std::pair<struct_PersistentProcessID_const_,class_CommonUtil::AutoRefWrapper<struct_ProcessInfoBase>>>,0>_>::_Insert_new_node_before std::_Hash<class_std::_Umap_traits<unsigned___int64,class_std::vector<void*___ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*_ptr64>>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_std::vector<void*_ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*ptr64>>>>,0>>::Find_last<unsigned___int64> std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Forced_rehash std::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> std::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>::~List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>> std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> std::_Xlength_error |
| calling | tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::add_value |
| paramcount | 4 |
| address | 75a906460 |
| sig | longlong * __thiscall emplace<unsigned___int64_const&ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>(Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>> * this, longlong * param_1, __uint64 * param_2, sliding_score_bucket<float,unsigned_int> * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::sliding_score_bucket<float,unsigned_int>
| Key | mpengine.dll |
|---|---|
| name | sliding_score_bucket<float,unsigned_int> |
| fullname | tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::sliding_score_bucket<float,unsigned_int> |
| refcount | 3 |
| length | 235 |
| called | __security_check_cookie std::Tree<class_std::Tmap_traits<enum_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_status,class_std::list<struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_info_t,class_std::allocator<struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_info_t>>,struct_std::less<enum_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_status>,class_std::allocator<struct_std::pair<enum_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_status_const,class_std::list<struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_info_t,class_std::allocator<struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::time_series_bucket_result_info_t>>>>,0>>::Alloc_sentinel_and_proxy tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config> tdt_library_v_next::bit_shovel_plugins::time_series_common::detail::time_window<float,unsigned_int,class_tdt_library_v_next::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>::time_window<float,unsigned_int,class_tdt_library_v_next::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>_> tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config::sliding_score_bucket_config tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config::~sliding_score_bucket_config |
| calling | tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::add_value |
| paramcount | 4 |
| address | 75a906b94 |
| sig | undefined __thiscall sliding_score_bucket<float,unsigned_int>(sliding_score_bucket<float,unsigned_int> * this, sliding_score_bucket_config * param_1, sliding_score_bucket_config * param_2, void * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>
| Key | mpengine.dll |
|---|---|
| name | time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>> |
| fullname | tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>::time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>> |
| refcount | 2 |
| length | 176 |
| called | tdt_library_v_next::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config> |
| calling | std::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>>::List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>><unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| paramcount | 2 |
| address | 75a906c80 |
| sig | undefined __thiscall time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>>(time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>> * this, time_window<float,unsigned_int,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Range_eraser::_Bump_erased
| Key | mpengine.dll |
|---|---|
| name | _Bump_erased |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Range_eraser::_Bump_erased |
| refcount | 3 |
| length | 38 |
| called | std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>_>,void*___ptr64>::Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>,void*_ptr64>>> |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Unchecked_erase |
| paramcount | 1 |
| address | 75a90776c |
| sig | void __thiscall _Bump_erased(_Range_eraser * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Forced_rehash
| Key | mpengine.dll |
|---|---|
| name | _Forced_rehash |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::_Forced_rehash |
| refcount | 2 |
| length | 383 |
| called | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::Clear_guard::~Clear_guard std::Hash_vec<class_std::allocator<class_std::List_unchecked_iterator<class_std::List_val<struct_std::List_simple_types<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>>>>_>::_Assign_grow std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> std::_Xlength_error |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>>::emplace<unsigned___int64_const&__ptr64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>> |
| paramcount | 2 |
| address | 75a90787c |
| sig | void __thiscall Forced_rehash(Hash<class_std::Umap_traits<unsigned___int64,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>,0>_> * this, __uint64 param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::add_value
| Key | mpengine.dll |
|---|---|
| name | add_value |
| fullname | tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::add_value |
| refcount | 2 |
| length | 123 |
| called | tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>::eval tdt_library_v_next::bit_shovel_plugins::time_series_common::detail::time_window<float,unsigned_int,class_tdt_library_v_next::bit_shovel_plugins::time_series_common::detail::time_window_score_stats<float,unsigned_int,struct_tdt_library_v_next::bit_shovel_plugins::time_series_common::sliding_score_bucket_config>_>::push_back |
| calling | tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline<struct_tdt_library_v_current::bit_shovel_plugins::time_series_common::time_series_pipeline_config<class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>::add_value |
| paramcount | 4 |
| address | 75a90909c |
| sig | void __thiscall add_value(sliding_score_bucket<float,unsigned_int> * this, __uint64 param_1, float param_2, uint param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | get_system_folders |
| fullname | tdt_library_v_current::bit_shovel_plugins::known_folders_imp::get_system_folders |
| refcount | 3 |
| length | 167 |
| called | __security_check_cookie std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::Tidy_deallocate std::vector<struct_std::pair<enum_tdt_library_v_next::bit_shovel_plugins::match_type_t,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<enum_tdt_library_v_next::bit_shovel_plugins::match_type_t,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>>::push_back tdt_library_v_next::bit_shovel_plugins::known_folders_imp::_format_folder tdt_library_v_next::bit_shovel_plugins::known_folders_imp::_get_known_folder |
| calling | |
| paramcount | 2 |
| address | 75a9490c0 |
| sig | bool __thiscall get_system_folders(known_folders_imp * this, vector<struct_std::pair<enum_tdt_library_v_current::bit_shovel_plugins::match_type_t,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,class_std::allocator<struct_std::pair<enum_tdt_library_v_current::bit_shovel_plugins::match_type_t,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Erase<unsigned___int64>
| Key | mpengine.dll |
|---|---|
| name | _Erase<unsigned___int64> |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Erase<unsigned___int64> |
| refcount | 2 |
| length | 157 |
| called | std::_Hash<class_std::_Umap_traits<unsigned___int64,class_std::vector<void*___ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*_ptr64>>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_std::vector<void*__ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*ptr64>>>>,0>>::_Find_last<unsigned___int64> std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>> std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> |
| calling | tdt_library_v_current::bit_shovel_plugins::normalizer::_process_pmi_event |
| paramcount | 2 |
| address | 75a94fb00 |
| sig | __uint64 __thiscall Erase<unsigned___int64>(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, __uint64 * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>
| Key | mpengine.dll |
|---|---|
| name | emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t> |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t> |
| refcount | 2 |
| length | 392 |
| called | std::Allocate<16,struct_std::Default_allocate_traits,0> std::Hash<class_std::Umap_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_tdt_library_v_next::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<struct_std::pair<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>const,struct_tdt_library_v_next::tdt_profile_blob::profile_blob_vfs_impl::section_content_info_t>>,0>>::Desired_grow_bucket_count std::Hash<class_std::Umap_traits<struct_PersistentProcessID,class_CommonUtil::AutoRefWrapper<struct_ProcessInfoBase>,class_std::Uhash_compare<struct_PersistentProcessID,struct_CommonUtil::CStdHashMapCompare<struct_PersistentProcessID,struct_CommonUtil::CStdRefHashMapAdapter<struct_PersistentProcessID,struct_ProcessInfoBase,struct_CommonUtil::CStdDefaultCompare<struct_PersistentProcessID,struct_std::hash<struct_PersistentProcessID>>>::CPolicy>,struct_CommonUtil::CStdHashMapCompare<struct_PersistentProcessID,struct_CommonUtil::CStdRefHashMapAdapter<struct_PersistentProcessID,struct_ProcessInfoBase,struct_CommonUtil::CStdDefaultCompare<struct_PersistentProcessID,struct_std::hash<struct_PersistentProcessID>>>::CPolicy>>,class_std::allocator<struct_std::pair<struct_PersistentProcessID_const_,class_CommonUtil::AutoRefWrapper<struct_ProcessInfoBase>>>,0>_>::_Insert_new_node_before std::_Hash<class_std::_Umap_traits<unsigned___int64,class_std::vector<void*___ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*_ptr64>>,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,class_std::vector<void*__ptr64,class_tdt_library_v_next::bit_shovel_plugins::custom_heap_allocator<void*ptr64>>>>,0>>::Find_last<unsigned___int64> std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>>::_Forced_rehash std::_List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>>::~_List_node_emplace_op2<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>> std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> std::_Xlength_error tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t::counters_per_pid_tid_t |
| calling | tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::_find_counters_per_pid_tid |
| paramcount | 4 |
| address | 75a94fca4 |
| sig | longlong * __thiscall emplace<unsigned___int64_const&__ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, longlong * param_1, __uint64 * param_2, counters_per_pid_tid_t * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | counters_per_pid_tid_t |
| fullname | tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t::counters_per_pid_tid_t |
| refcount | 3 |
| length | 199 |
| called | std::list<struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_t,class_tdt_library_v_current::bit_shovel_plugins::custom_heap_allocator<struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_t>_>::_Alloc_sentinel_and_proxy |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t> |
| paramcount | 2 |
| address | 75a950210 |
| sig | undefined __thiscall counters_per_pid_tid_t(counters_per_pid_tid_t * this, counters_per_pid_tid_t * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Clear_guard::~_Clear_guard
| Key | mpengine.dll |
|---|---|
| name | ~_Clear_guard |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Clear_guard::~_Clear_guard |
| refcount | 2 |
| length | 116 |
| called | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Free_non_head<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*ptr64>>> std::fill<class_std::List_unchecked_iterator<class_std::List_val<struct_std::List_simple_types<struct_std::pair<unsigned___int64_const,struct_ConnectionCacheInfo>>>>*_ptr64,class_std::List_unchecked_iterator<class_std::List_val<struct_std::List_simple_types<struct_std::pair<unsigned___int64_const,struct_ConnectionCacheInfo>>>>> |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Forced_rehash |
| paramcount | 1 |
| address | 75a950524 |
| sig | void __thiscall ~_Clear_guard(_Clear_guard * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased
| Key | mpengine.dll |
|---|---|
| name | _Bump_erased |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased |
| refcount | 3 |
| length | 38 |
| called | std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64>::_Freenode<class_std::allocator<struct_std::List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*_ptr64>>> |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase |
| paramcount | 1 |
| address | 75a950620 |
| sig | void __thiscall _Bump_erased(_Range_eraser * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Forced_rehash
| Key | mpengine.dll |
|---|---|
| name | _Forced_rehash |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Forced_rehash |
| refcount | 2 |
| length | 383 |
| called | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>>::Clear_guard::~Clear_guard std::Hash_vec<class_std::allocator<class_std::List_unchecked_iterator<class_std::List_val<struct_std::List_simple_types<struct_std::pair<unsigned___int64_const,class_tdt_library_v_current::bit_shovel_plugins::time_series_common::sliding_score_bucket<float,unsigned_int>>>>>>>::_Assign_grow std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> std::_Xlength_error |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::emplace<unsigned___int64_const&___ptr64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t> |
| paramcount | 2 |
| address | 75a950678 |
| sig | void __thiscall Forced_rehash(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, __uint64 param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase
| Key | mpengine.dll |
|---|---|
| name | _Unchecked_erase |
| fullname | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Unchecked_erase |
| refcount | 2 |
| length | 303 |
| called | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Range_eraser::_Bump_erased std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>::operator()<unsigned___int64> |
| calling | std::Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>_>::_Clear_guard::~_Clear_guard |
| paramcount | 3 |
| address | 75a950818 |
| sig | List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * __thiscall Unchecked_erase(Hash<class_std::Umap_traits<unsigned___int64,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t,class_std::Uhash_compare<unsigned___int64,struct_std::hash<unsigned___int64>,struct_std::equal_to<unsigned___int64>>,class_std::allocator<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>>,0>> * this, List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * param_1, List_node<struct_std::pair<unsigned___int64_const,struct_tdt_library_v_current::bit_shovel_plugins::internal::counters_per_pid_tid_t>,void*___ptr64> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | dispatch_callbacks |
| fullname | tdt_library_v_current::bit_shovel_plugins::internal::normalizer_agent_impl::dispatch_callbacks |
| refcount | 3 |
| length | 154 |
| called | __security_check_cookie guard_dispatch_icall std::Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64>::_Tidy std::_Xbad_function_call std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> |
| calling | <lambda_79857a4267a1fb48e2b96de209c1aaa2>::operator() <lambda_d27148a34bacf5a8b47ec6b97e7088fc>::operator() |
| paramcount | 2 |
| address | 75a9515d4 |
| sig | void __thiscall dispatch_callbacks(normalizer_agent_impl * this, normalized_record * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_c1894fd93ab2f9e19b6044618d42b5d1>::operator() |
| refcount | 2 |
| length | 38 |
| called | |
| calling | std::condition_variable::Wait_until1<std::chrono::steady_clock,std::chrono::duration<__int64,std::ratio<1,1000000000>>,<lambda_c1894fd93ab2f9e19b6044618d42b5d1>_> |
| paramcount | 1 |
| address | 75a9799c4 |
| sig | undefined8 __fastcall operator()(longlong * param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
<lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<float,class_std::allocator>>
| Key | mpengine.dll |
|---|---|
| name | operator()<class_std::vector<float,class_std::allocator>> |
| fullname | <lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<float,class_std::allocator>> |
| refcount | 2 |
| length | 159 |
| called | tdt_dt_classify_stream |
| calling | tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model |
| paramcount | 2 |
| address | 75a979ed8 |
| sig | tdt_status_ __thiscall operator()<class_std::vector<float,class_std::allocator>>(<lambda_8b8e3fe099d26a3f46ff4def3b5c236f> * this, vector<float,class_std::allocator_> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
<lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<double,class_std::allocator>>
| Key | mpengine.dll |
|---|---|
| name | operator()<class_std::vector<double,class_std::allocator>> |
| fullname | <lambda_8b8e3fe099d26a3f46ff4def3b5c236f>::operator()<class_std::vector<double,class_std::allocator>> |
| refcount | 2 |
| length | 167 |
| called | tdt_dt_classify_stream |
| calling | tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model |
| paramcount | 2 |
| address | 75a979f78 |
| sig | tdt_status_ __thiscall operator()<class_std::vector<double,class_std::allocator>>(<lambda_8b8e3fe099d26a3f46ff4def3b5c236f> * this, vector<double,class_std::allocator_> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64>
| Key | mpengine.dll |
|---|---|
| name | plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64> |
| fullname | tdt_library_v_next::bit_shovel::internal::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64>::plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64> |
| refcount | 2 |
| length | 153 |
| called | _Mtx_init_in_situ std::_Container_base12::_Alloc_proxy<class_std::allocator<struct_std::Container_proxy>> std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject> |
| calling | tdt_library_v_next::bit_shovel::data_network::add_callback<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64> |
| paramcount | 3 |
| address | 75a98d110 |
| sig | undefined __thiscall plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64>(plugin_async_callback_executor<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64> * this, function<void___cdecl(class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api*___ptr64_const&___ptr64)> * param_1, shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | get_driver_stats |
| fullname | tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::get_driver_stats |
| refcount | 3 |
| length | 89 |
| called | tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::device_io_control |
| calling | |
| paramcount | 2 |
| address | 75a99b500 |
| sig | bool __thiscall get_driver_stats(driver_interface_impl * this, _abd_stats_t * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | pause |
| fullname | tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::pause |
| refcount | 3 |
| length | 154 |
| called | _Mtx_unlock std::_Mutex_base::lock tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::device_io_control |
| calling | |
| paramcount | 1 |
| address | 75a99bbf0 |
| sig | bool __thiscall pause(driver_interface_impl * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | resume |
| fullname | tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::resume |
| refcount | 3 |
| length | 196 |
| called | KERNEL32.DLL::GetLastError _Mtx_unlock std::_Mutex_base::lock tdt_library_v_next::bit_shovel_plugins::driver_interface_impl::device_io_control |
| calling | |
| paramcount | 2 |
| address | 75a99be30 |
| sig | bool __thiscall resume(driver_interface_impl * this, uint * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::make_shared<class_tdt_library_v_next::bit_shovel_plugins::detection_filter,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>&__ptr64,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp>>
| Key | mpengine.dll |
|---|---|
| name | make_shared<class_tdt_library_v_next::bit_shovel_plugins::detection_filter,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>&__ptr64,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp>> |
| fullname | std::make_shared<class_tdt_library_v_next::bit_shovel_plugins::detection_filter,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>&__ptr64,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp>> |
| refcount | 2 |
| length | 155 |
| called | operator_new std::Construct_in_place<class_tdt_library_v_next::bit_shovel_plugins::detection_filter,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>&__ptr64,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp>> |
| calling | tdt_library_v_next::bit_shovel_plugins::json_reporter::_load_config |
| paramcount | 5 |
| address | 75a9c048c |
| sig | undefined8 * __cdecl make_shared<class_tdt_library_v_next::bit_shovel_plugins::detection_filter,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>&_ptr64,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp>,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp>>(undefined8 * param_1, basic_string<char,struct_std::char_traits,class_std::allocator> * param_2, shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::known_folders_imp> * param_3, shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::authenticode_check_imp> * param_4, shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::executable_properties_imp> * param_5) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_c3cacfba70cb363f6a0b9ed181941be3>::operator() |
| refcount | 5 |
| length | 550 |
| called | Expand for full list:std::operator+<char,struct_std::char_traits,class_std::allocator> |
| calling | tdt_library_v_next::bit_shovel_plugins::detection_filter::init |
| paramcount | 4 |
| address | 75a9c3d7c |
| sig | undefined __fastcall operator()(undefined8 * param_1, char * param_2, __uint64 * param_3, __uint64 param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator() |
| fullname | <lambda_d8838b0f4fa45cad863edfb1880d780c>::operator() |
| refcount | 8 |
| length | 596 |
| called | Expand for full list:std::operator+<char,struct_std::char_traits,class_std::allocator> |
| calling | tdt_library_v_next::bit_shovel_plugins::detection_filter::init |
| paramcount | 4 |
| address | 75a9c3fa4 |
| sig | undefined __fastcall operator()(undefined8 * param_1, char * param_2, char * param_3, undefined param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | update_if_newer |
| fullname | tdt_library_v_next::tdt_app_profiling::time_update_service_api_impl::update_if_newer |
| refcount | 4 |
| length | 90 |
| called | _Cnd_broadcast _Mtx_unlock std::_Mutex_base::lock |
| calling | |
| paramcount | 2 |
| address | 75a9eb5a0 |
| sig | void __thiscall update_if_newer(time_update_service_api_impl * this, __uint64 param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces> |
| fullname | std::Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces> |
| refcount | 4 |
| length | 304 |
| called | std::Insertion_sort_unchecked<scan_object_t,__macappl_scanfile'::__l2::compare_resouces><br>std::_Make_heap_unchecked<scan_object_t_*,__macappl_scanfile'::__l2::compare_resouces>std::Partition_by_median_guess_unchecked<scan_object_t, __macappl_scanfile'::__l2::compare_resouces><br>std::_Pop_heap_unchecked<scan_object_t_*,__macappl_scanfile'::__l2::compare_resouces>std::Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces> |
| calling | __macappl_scanfile std::Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces> |
| paramcount | 4 |
| address | 75aa716a4 |
| sig | undefined __fastcall Sort_unchecked<scan_object_t*,`__macappl_scanfile'::__l2::compare_resouces>(uint * param_1, uint * param_2, longlong param_3, undefined param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | Enumerator |
| fullname | kcrcex_t::Enumerator |
| refcount | 2 |
| length | 50 |
| called | MpSignatureStore<struct_kcrcex_t,unsigned_long,3,0,1,1,0,0,struct_kcrcex_t,0,0>::Set di::TelemetryAssert::AssertTriggeredNoArgs |
| calling | MpSignatureSubType<struct_kcrcex_t,unsigned_long,3,1,0,0,struct_kcrcex_t,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75aa8e500 |
| sig | void __cdecl Enumerator(MpSignatureClasses param_1, kcrcex_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WPP_SF_dddd |
| fullname | WPP_SF_dddd |
| refcount | 2 |
| length | 115 |
| called | ADVAPI32.DLL::TraceMessage |
| calling | sysclean_push |
| paramcount | 5 |
| address | 75ab5893c |
| sig | undefined __fastcall WPP_SF_dddd(undefined8 param_1, undefined8 param_2, undefined8 param_3, undefined4 param_4, undefined1 param_5) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_readMINMATCH |
| fullname | ZSTD_readMINMATCH |
| refcount | 40 |
| length | 11 |
| called | |
| calling | Expand for full list:ZSTD_btGetAllMatches_noDict_6 |
| paramcount | 2 |
| address | 75abd9880 |
| sig | int __fastcall ZSTD_readMINMATCH(int * param_1, int param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | maybeSplitSequence |
| fullname | maybeSplitSequence |
| refcount | 2 |
| length | 115 |
| called | ZSTD_ldm_skipSequences |
| calling | ZSTD_ldm_blockCompress |
| paramcount | 4 |
| address | 75abda988 |
| sig | undefined8 * __fastcall maybeSplitSequence(undefined8 * param_1, longlong * param_2, uint param_3, uint param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_hash4PtrS |
| fullname | ZSTD_hash4PtrS |
| refcount | 24 |
| length | 23 |
| called | |
| calling | Expand for full list:ZSTD_compressBlock_lazy_row |
| paramcount | 3 |
| address | 75abf7924 |
| sig | uint __fastcall ZSTD_hash4PtrS(int * param_1, char param_2, uint param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_hash5PtrS |
| fullname | ZSTD_hash5PtrS |
| refcount | 24 |
| length | 31 |
| called | |
| calling | Expand for full list:ZSTD_compressBlock_lazy_row |
| paramcount | 3 |
| address | 75abf793c |
| sig | ulonglong __fastcall ZSTD_hash5PtrS(longlong * param_1, char param_2, ulonglong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_hash6PtrS |
| fullname | ZSTD_hash6PtrS |
| refcount | 24 |
| length | 31 |
| called | |
| calling | Expand for full list:ZSTD_compressBlock_lazy_row |
| paramcount | 3 |
| address | 75abf795c |
| sig | ulonglong __fastcall ZSTD_hash6PtrS(longlong * param_1, char param_2, ulonglong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_hash7PtrS |
| fullname | ZSTD_hash7PtrS |
| refcount | 24 |
| length | 31 |
| called | |
| calling | Expand for full list:ZSTD_compressBlock_lazy_row |
| paramcount | 3 |
| address | 75abf797c |
| sig | ulonglong __fastcall ZSTD_hash7PtrS(longlong * param_1, char param_2, ulonglong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_hash8PtrS |
| fullname | ZSTD_hash8PtrS |
| refcount | 24 |
| length | 31 |
| called | |
| calling | Expand for full list:ZSTD_compressBlock_lazy_row |
| paramcount | 3 |
| address | 75abf799c |
| sig | ulonglong __fastcall ZSTD_hash8PtrS(longlong * param_1, char param_2, ulonglong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | McTemplateU0pz_MPEventWriteTransfer |
| fullname | McTemplateU0pz_MPEventWriteTransfer |
| refcount | 3 |
| length | 152 |
| called | McGenEventWrite_MPEventWriteTransfer __security_check_cookie |
| calling | EtwTraceHelper::OnEndRundown EtwTraceHelper::OnStartRundown |
| paramcount | 4 |
| address | 75abfa438 |
| sig | undefined __fastcall McTemplateU0pz_MPEventWriteTransfer(undefined8 param_1, PCEVENT_DESCRIPTOR param_2, undefined8 param_3, wchar_t * param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | McTemplateU0pzq_MPEventWriteTransfer |
| fullname | McTemplateU0pzq_MPEventWriteTransfer |
| refcount | 4 |
| length | 167 |
| called | McGenEventWrite_MPEventWriteTransfer __security_check_cookie |
| calling | EtwTraceHelper::OnEndRundown EtwTraceHelper::OnStartRundown |
| paramcount | 5 |
| address | 75abfa4d0 |
| sig | undefined __fastcall McTemplateU0pzq_MPEventWriteTransfer(undefined8 param_1, PCEVENT_DESCRIPTOR param_2, undefined8 param_3, wchar_t * param_4, undefined1 param_5) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$130 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$130 |
| refcount | 1 |
| length | 424 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad1dccc |
| sig | undefined8 __fastcall catch$130(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$131 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::configure'::__l1::catch$131 |
| refcount | 2 |
| length | 424 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad1de75 |
| sig | undefined8 __fastcall catch$131(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$107 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::normalizer_config_impl::_load_model'::__l1::catch$107 |
| refcount | 2 |
| length | 415 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad1e11d |
| sig | undefined8 __fastcall catch$107(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$56 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::library_reporter::init'::__l1::catch$56 |
| refcount | 1 |
| length | 366 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad1fcb4 |
| sig | undefined8 __fastcall catch$56(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$57 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::library_reporter::init'::__l1::catch$57 |
| refcount | 2 |
| length | 366 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad1fe23 |
| sig | undefined8 __fastcall catch$57(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$57 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$57 |
| refcount | 2 |
| length | 354 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad1ff92 |
| sig | undefined8 __fastcall catch$57(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$120 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::normalizer::init'::__l1::catch$120 |
| refcount | 1 |
| length | 418 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad29e52 |
| sig | undefined8 __fastcall catch$120(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$23 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::classifier_plugin::init'::__l1::catch$23 |
| refcount | 2 |
| length | 375 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad2a07c |
| sig | undefined8 __fastcall catch$23(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
`tdt_library_v_next::bit_shovel_plugins::internal::core_telemetry_preprocessor_config_impl::_configure_compute_device'::__l1::catch$51
| Key | mpengine.dll |
|---|---|
| name | catch$51 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::internal::core_telemetry_preprocessor_config_impl::_configure_compute_device'::__l1::catch$51 |
| refcount | 1 |
| length | 424 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad2c3b6 |
| sig | undefined8 __fastcall catch$51(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
`tdt_library_v_current::bit_shovel_plugins::internal::classifier_config_impl::configure'::__l1::catch$186
| Key | mpengine.dll |
|---|---|
| name | catch$186 |
| fullname | `tdt_library_v_current::bit_shovel_plugins::internal::classifier_config_impl::configure'::__l1::catch$186 |
| refcount | 1 |
| length | 345 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad2cc87 |
| sig | undefined8 __fastcall catch$186(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
`tdt_library_v_current::bit_shovel_plugins::internal::classifier_config_impl::_configure_compute_device'::__l1::catch$50
| Key | mpengine.dll |
|---|---|
| name | catch$50 |
| fullname | `tdt_library_v_current::bit_shovel_plugins::internal::classifier_config_impl::_configure_compute_device'::__l1::catch$50 |
| refcount | 2 |
| length | 375 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad2ce48 |
| sig | undefined8 __fastcall catch$50(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$79 |
| fullname | `tdt_library_v_current::bit_shovel_plugins::normalizer_config_impl::_load_model'::__l1::catch$79 |
| refcount | 2 |
| length | 415 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad30466 |
| sig | undefined8 __fastcall catch$79(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$57 |
| fullname | `tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$57 |
| refcount | 1 |
| length | 336 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad34edd |
| sig | undefined8 __fastcall catch$57(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$58 |
| fullname | `tdt_library_v_next::tdt_agent_impl::_is_os_supported'::__l1::catch$58 |
| refcount | 2 |
| length | 336 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad3502e |
| sig | undefined8 __fastcall catch$58(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$8 |
| fullname | `<lambda_13e479488405a98c43e4e5aa70ca8d39>::operator()'::__l1::catch$8 |
| refcount | 1 |
| length | 336 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad41460 |
| sig | undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$25 |
| fullname | `tdt_library_v_current::bit_shovel_plugins::classifier_plugin::init'::__l1::catch$25 |
| refcount | 2 |
| length | 415 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad436a6 |
| sig | undefined8 __fastcall catch$25(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$13 |
| fullname | `<lambda_58fab4f05f9fe402bba8675704d18494>::operator()'::__l1::catch$13 |
| refcount | 1 |
| length | 355 |
| called | snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4484a |
| sig | undefined8 __fastcall catch$13(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$12 |
| fullname | `<lambda_d85c7ca3f97e3706e4f0a734d4e58d2a>::operator()'::__l1::catch$12 |
| refcount | 2 |
| length | 420 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad449ae |
| sig | undefined8 __fastcall catch$12(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$8 |
| fullname | `<lambda_2821effc6a6193929ab5d8bf0c3ba95b>::operator()'::__l1::catch$8 |
| refcount | 1 |
| length | 390 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad44f37 |
| sig | undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$12 |
| fullname | `<lambda_92f9044a153b57eedfd872be940a6bcc>::operator()'::__l1::catch$12 |
| refcount | 2 |
| length | 420 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad450be |
| sig | undefined8 __fastcall catch$12(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$47 |
| fullname | `tdt_library_v_current::bit_shovel_plugins::detection_tlv_recorder::init'::__l1::catch$47 |
| refcount | 1 |
| length | 354 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad45415 |
| sig | undefined8 __fastcall catch$47(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$58 |
| fullname | `tdt_library_v_current::bit_shovel_plugins::normalizer::init'::__l1::catch$58 |
| refcount | 1 |
| length | 375 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad46088 |
| sig | undefined8 __fastcall catch$58(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$12 |
| fullname | `<lambda_13aa2ba6b500961b5c30312d9c78c382>::operator()'::__l1::catch$12 |
| refcount | 1 |
| length | 346 |
| called | snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_current::logger_client::logger::get_logger tdt_library_v_current::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad48eba |
| sig | undefined8 __fastcall catch$12(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$8 |
| fullname | `<lambda_7d89ce293df0537485e879585b616a19>::operator()'::__l1::catch$8 |
| refcount | 1 |
| length | 336 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad49614 |
| sig | undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$111 |
| fullname | `<lambda_b1e9274e9beaea281bf0116a6bfc616c>::operator()'::__l1::catch$111 |
| refcount | 1 |
| length | 460 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4b30a |
| sig | undefined8 __fastcall catch$111(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$13 |
| fullname | `<lambda_1a682fce10b0f4ad2e39a71dd1b87029>::operator()'::__l1::catch$13 |
| refcount | 1 |
| length | 355 |
| called | snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4c443 |
| sig | undefined8 __fastcall catch$13(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$12 |
| fullname | `<lambda_ccd9645b91b6da65dcd2e949cac25088>::operator()'::__l1::catch$12 |
| refcount | 2 |
| length | 420 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4c5a7 |
| sig | undefined8 __fastcall catch$12(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
`tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_abd::_check_and_add_process'::__l1::catch$76
| Key | mpengine.dll |
|---|---|
| name | catch$76 |
| fullname | `tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_abd::_check_and_add_process'::__l1::catch$76 |
| refcount | 2 |
| length | 422 |
| called | snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4c74c |
| sig | undefined8 __fastcall catch$76(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$8 |
| fullname | `<lambda_2e19177984e714482baac494227fadc2>::operator()'::__l1::catch$8 |
| refcount | 2 |
| length | 390 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4ca97 |
| sig | undefined8 __fastcall catch$8(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$12 |
| fullname | `<lambda_8c7c8f37b6a539e82a56c8a89e5de135>::operator()'::__l1::catch$12 |
| refcount | 2 |
| length | 420 |
| called |
guard_dispatch_icall snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4cc1e |
| sig | undefined8 __fastcall catch$12(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | catch$14 |
| fullname | `<lambda_fc2301dc8476246e53d79082dc22c469>::operator()'::__l1::catch$14 |
| refcount | 1 |
| length | 346 |
| called | snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log |
| calling | |
| paramcount | 2 |
| address | 75ad4ebca |
| sig | undefined8 __fastcall catch$14(undefined8 param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'known_node_types'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types'' |
| refcount | 3 |
| length | 200 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types'' |
| calling | |
| paramcount | 0 |
| address | 75a122a40 |
| sig | undefined _fastcall `dynamic_initializer_for'known_node_types''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | m_instance'' |
| fullname | `dynamic_initializer_for_'tdt_library_v_current::logger_client::logger::m_instance'' |
| refcount | 3 |
| length | 37 |
| called | Mtx_init_in_situ `dynamic_atexit_destructor_for'tdt_library_v_current::logger_client::logger::m_instance'' atexit |
| calling | |
| paramcount | 0 |
| address | 75a122b70 |
| sig | undefined __fastcall m_instance''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'builtin_signals'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals'' |
| refcount | 3 |
| length | 300 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals'' |
| calling | |
| paramcount | 0 |
| address | 75a122e00 |
| sig | undefined _fastcall `dynamic_initializer_for'builtin_signals''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'known_node_types'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types'' |
| refcount | 3 |
| length | 200 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types'' |
| calling | |
| paramcount | 0 |
| address | 75a122f30 |
| sig | undefined _fastcall `dynamic_initializer_for'known_node_types''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'builtin_signals'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals'' |
| refcount | 3 |
| length | 300 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals'' |
| calling | |
| paramcount | 0 |
| address | 75a123000 |
| sig | undefined _fastcall `dynamic_initializer_for'builtin_signals''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'known_node_types'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types'' |
| refcount | 3 |
| length | 200 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types'' |
| calling | |
| paramcount | 0 |
| address | 75a123130 |
| sig | undefined _fastcall `dynamic_initializer_for'known_node_types''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'builtin_signals'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals'' |
| refcount | 3 |
| length | 300 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals'' |
| calling | |
| paramcount | 0 |
| address | 75a123200 |
| sig | undefined _fastcall `dynamic_initializer_for'builtin_signals''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'known_node_types'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types'' |
| refcount | 3 |
| length | 200 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types'' |
| calling | |
| paramcount | 0 |
| address | 75a123330 |
| sig | undefined _fastcall `dynamic_initializer_for'known_node_types''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'builtin_signals'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals'' |
| refcount | 3 |
| length | 300 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals'' |
| calling | |
| paramcount | 0 |
| address | 75a123400 |
| sig | undefined _fastcall `dynamic_initializer_for'builtin_signals''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'known_node_types'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types'' |
| refcount | 3 |
| length | 200 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types'' |
| calling | |
| paramcount | 0 |
| address | 75a123530 |
| sig | undefined _fastcall `dynamic_initializer_for'known_node_types''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'builtin_signals'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'builtin_signals'' |
| refcount | 3 |
| length | 300 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'builtin_signals'' |
| calling | |
| paramcount | 0 |
| address | 75a123600 |
| sig | undefined _fastcall `dynamic_initializer_for'builtin_signals''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | `dynamic_initializer_for_'known_node_types'' |
| fullname | tdt_library_v_current::feature_extraction::internal::`dynamic_initializer_for_'known_node_types'' |
| refcount | 3 |
| length | 200 |
| called | atexit std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::feature_extraction::internal::`dynamic_atexit_destructor_for_'known_node_types'' |
| calling | |
| paramcount | 0 |
| address | 75a123730 |
| sig | undefined _fastcall `dynamic_initializer_for'known_node_types''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | m_instance'' |
| fullname | `dynamic_initializer_for_'tdt_library_v_next::logger_client::logger::m_instance'' |
| refcount | 3 |
| length | 37 |
| called | Mtx_init_in_situ `dynamic_atexit_destructor_for'tdt_library_v_next::logger_client::logger::m_instance'' atexit |
| calling | |
| paramcount | 0 |
| address | 75a1245b0 |
| sig | undefined __fastcall m_instance''(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | SigDetectionContext |
| fullname | SigDetectionContext::SigDetectionContext |
| refcount | 3 |
| length | 242 |
| called | CommonUtil::AutoRef<class_CCheckpoint>::InitPtr CommonUtil::CCommonThrowHR::operator= GetBmController std::unordered_map<unsigned_long,bool,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,bool>>>::unordered_map<unsigned_long,bool,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,bool>>> std::unordered_map<unsigned_long,class_std::list<struct_AdditionalAction,class_std::allocator<struct_AdditionalAction>>,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const,class_std::list<struct_AdditionalAction,class_std::allocator<struct_AdditionalAction>>>>>::unordered_map<unsigned_long,class_std::list<struct_AdditionalAction,class_std::allocator<struct_AdditionalAction>>,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const,class_std::list<struct_AdditionalAction,class_std::allocator<struct_AdditionalAction>>>>> std::unordered_map<unsigned_long,unsigned_long,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>>>::unordered_map<unsigned_long,unsigned_long,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>>> std::unordered_set<unsigned_long,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<unsigned_long>>::unordered_set<unsigned_long,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<unsigned_long>> |
| calling | SignatureHandler::TestForDetection |
| paramcount | 4 |
| address | 75a18ebdc |
| sig | undefined __thiscall SigDetectionContext(SigDetectionContext * this, ProcessContext * param_1, INotification * param_2, DelayedTrigger * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | TestForDetection |
| fullname | SigtreeHelper::TestForDetection |
| refcount | 2 |
| length | 151 |
| called | KERNEL32.DLL::EnterCriticalSection KERNEL32.DLL::LeaveCriticalSection SigtreeHandlerInstance::siga_cksig |
| calling | SignatureHandler::TestForDetection |
| paramcount | 3 |
| address | 75a193a00 |
| sig | void __thiscall TestForDetection(SigtreeHelper * this, SigDetectionContext * param_1, src_attribute_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | getReverse |
| fullname | lzmaBitStreamBase<class_lzma2BitStream>::getReverse |
| refcount | 2 |
| length | 358 |
| called | di::TelemetryAssert::AssertTriggeredNoArgs rInStream::fill rInStream::updateReg<unsigned_char> reverse_u32 |
| calling | unlzmaBase<class_lzma2BitStream>::GetDistance |
| paramcount | 4 |
| address | 75a282c28 |
| sig | uncompress_error_t __thiscall getReverse(lzmaBitStreamBase<class_lzma2BitStream> * this, __uint64 param_1, ulong param_2, ulong * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::library_reporter,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::json_reporter,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::json_reporter>>,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder>>,0>
| Key | mpengine.dll |
|---|---|
| name | make_unique<class_tdt_library_v_next::bit_shovel_plugins::library_reporter,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::json_reporter,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::json_reporter>>,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder>>,0> |
| fullname | std::make_unique<class_tdt_library_v_next::bit_shovel_plugins::library_reporter,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::json_reporter,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::json_reporter>>,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder>>,0> |
| refcount | 2 |
| length | 109 |
| called | operator_new tdt_library_v_next::bit_shovel_plugins::library_reporter::library_reporter |
| calling | tdt_library_v_next::bit_shovel_plugins::isv_sample_agent::agent_init |
| paramcount | 3 |
| address | 75a2a5fc0 |
| sig | undefined8 * __cdecl make_unique<class_tdt_library_v_next::bit_shovel_plugins::library_reporter,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::json_reporter,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::json_reporter>>,class_std::unique_ptr<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder,struct_std::default_delete<class_tdt_library_v_next::bit_shovel_plugins::detection_tlv_recorder>>,0>(undefined8 * param_1, undefined8 * param_2, undefined8 * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator= |
| fullname | ProcessTuple::operator= |
| refcount | 3 |
| length | 97 |
| called | std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::operator= std::vector<wchar_t,class_std::allocator<wchar_t>>::operator= |
| calling | ProcessContext::GetProcessTuple |
| paramcount | 2 |
| address | 75a325af8 |
| sig | ProcessTuple * __thiscall operator=(ProcessTuple * this, ProcessTuple * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>_>::get
| Key | mpengine.dll |
|---|---|
| name | get |
| fullname | boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>_>::get |
| refcount | 3 |
| length | 58 |
| called | boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get_child boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get_value<bool,class_boost::property_tree::stream_translator<char,struct_std::char_traits,class_std::allocator,bool>_> boost::property_tree::stream_translator<char,struct_std::char_traits,class_std::allocator,int>::stream_translator<char,struct_std::char_traits,class_std::allocator,int> std::locale::_Init |
| calling | tdt_library_v_next::config_util::get_and_log |
| paramcount | 2 |
| address | 75a34b864 |
| sig | bool __thiscall get(basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> * this, string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>_> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | StringVPrintfWorkerW |
| fullname | StringVPrintfWorkerW |
| refcount | 5 |
| length | 94 |
| called | _vsnwprintf_l |
| calling | CommonUtil::NewVSprintfW CommonUtil::StringVPrintfW MpUtilsExports::MpStringCchVPrintfWImpl StringCchVPrintfW |
| paramcount | 5 |
| address | 75a37dc68 |
| sig | HRESULT __stdcall StringVPrintfWorkerW(STRSAFE_LPWSTR pszDest, size_t cchDest, size_t * pcchNewDestLength, STRSAFE_LPCWSTR pszFormat, va_list argList) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | StringValidateDestW |
| fullname | StringValidateDestW |
| refcount | 4 |
| length | 22 |
| called | |
| calling | CommonUtil::NewVSprintfW CommonUtil::StringVPrintfW MpUtilsExports::MpStringCchVPrintfWImpl StringCchVPrintfW |
| paramcount | 3 |
| address | 75a37dcc8 |
| sig | HRESULT __stdcall StringValidateDestW(STRSAFE_PCNZWCH pszDest, size_t cchDest, size_t cchMax) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | getcBytesToCompletion |
| fullname | exestream::getcBytesToCompletion |
| refcount | 2 |
| length | 63 |
| called | rOutStream::GetDirtyDistance |
| calling | LZX::OnTheFly |
| paramcount | 1 |
| address | 75a3c4164 |
| sig | ulong __thiscall getcBytesToCompletion(exestream * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator+<unsigned___int64,unsigned___int64,class_HResultSafeIntExceptionHandler> |
| fullname | msl::utilities::operator+<unsigned___int64,unsigned___int64,class_HResultSafeIntExceptionHandler> |
| refcount | 2 |
| length | 35 |
| called | CommonUtil::CommonThrowHr |
| calling | AttributePersistContext::`anonymous_namespace'::SetOrOverwriteContext |
| paramcount | 3 |
| address | 75a4dd854 |
| sig | ulonglong * __cdecl operator+<unsigned___int64,unsigned___int64,class_HResultSafeIntExceptionHandler>(ulonglong * param_1, longlong param_2, ulonglong param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | Submit |
| fullname | QueueController::Submit |
| refcount | 2 |
| length | 74 |
| called | AsyncWork::Call CommonUtil::CRefObject::Release di::TelemetryAssert::AssertTriggeredNoArgs |
| calling | ProcessContext::SubmitNotification |
| paramcount | 2 |
| address | 75a514f80 |
| sig | void __thiscall Submit(QueueController * this, AutoRef<class_AsyncWork::CItem> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | AddLuaConstants |
| fullname | AddLuaConstants |
| refcount | 11 |
| length | 94 |
| called | lua_setfield |
| calling | LsaMpCommonLib::Load |
| paramcount | 3 |
| address | 75a5286dc |
| sig | undefined __fastcall AddLuaConstants(lua_State * param_1, undefined8 * param_2, longlong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | InitConfig |
| fullname | CMpContainerHandle::InitConfig |
| refcount | 2 |
| length | 214 |
| called | WPP_SF_ WPP_SF_l `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer memset |
| calling | CMpContainerHandle::Init |
| paramcount | 2 |
| address | 75a5559a0 |
| sig | engine_configw_t * __thiscall InitConfig(CMpContainerHandle * this, _SMpContainerConfig * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | data_model |
| fullname | tdt_library_v_current::tdt_normalizer_lib::data_model::data_model |
| refcount | 3 |
| length | 55 |
| called | tdt_library_v_current::tdt_normalizer_lib::data_model::reset |
| calling | std::make_shared<class_tdt_library_v_current::feature_extraction::statistical_distributions_node,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::vector<unsigned_int,class_std::allocator<unsigned_int>>_const&__ptr64,class_std::vector<unsigned_int,class_std::allocator<unsigned_int>>_const&___ptr64> tdt_library_v_current::bit_shovel_plugins::normalizer_config_params_t::normalizer_config_params_t |
| paramcount | 1 |
| address | 75a56c0c8 |
| sig | undefined __thiscall data_model(data_model * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | element |
| fullname | element |
| refcount | 2 |
| length | 46 |
| called |
guard_dispatch_icall |
| calling | binTree::build |
| paramcount | 2 |
| address | 75a597924 |
| sig | longlong * __fastcall element(longlong * param_1, longlong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | SendToAsyncProcessScan |
| fullname | NoteMgr::SendToAsyncProcessScan |
| refcount | 1 |
| length | 35 |
| called | AsyncProcessScanNotification guard_dispatch_icall |
| calling | NoteMgrProcessPlugin::ProcessNotificationEx |
| paramcount | 2 |
| address | 75a59bb3c |
| sig | long __thiscall SendToAsyncProcessScan(NoteMgr * this, MPRTP_NOTIFICATION * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator= |
| fullname | CommonUtil::AutoRef<class_FileNotification>::operator= |
| refcount | 2 |
| length | 72 |
| called |
guard_dispatch_icall |
| calling | NotificationFactory::CreateInstanceForFileModifyEx |
| paramcount | 2 |
| address | 75a5c1c18 |
| sig | AutoRef<class_FileNotification> * __thiscall operator=(AutoRef<class_FileNotification> * this, FileNotification * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>_>::_Check_rehash_required_1
| Key | mpengine.dll |
|---|---|
| name | _Check_rehash_required_1 |
| fullname | std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>_>::_Check_rehash_required_1 |
| refcount | 2 |
| length | 96 |
| called | |
| calling | std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>>::emplace<char_const*ptr64&ptr64> std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>>::emplace<class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&___ptr64> |
| paramcount | 1 |
| address | 75a5c5178 |
| sig | bool __thiscall Check_rehash_required_1(Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>> * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>
| Key | mpengine.dll |
|---|---|
| name | vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>> |
| fullname | std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>> |
| refcount | 3 |
| length | 122 |
| called | std::Destroy_range<class_std::allocator<class_std::filesystem::path>> std::vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>::_Buy_nonzero |
| calling | ExtractSigData ExtractSigDataWithEnvExpansion |
| paramcount | 3 |
| address | 75a5c7c28 |
| sig | undefined __thiscall vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>>(vector<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>,class_std::allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>>> * this, __uint64 param_1, allocator<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>> * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_current::bit_shovel::channel_registry::get_sinks<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>
| Key | mpengine.dll |
|---|---|
| name | get_sinks<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>> |
| fullname | tdt_library_v_current::bit_shovel::channel_registry::get_sinks<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>> |
| refcount | 2 |
| length | 93 |
| called | boost::any_cast<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel::internal::channel_registration<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>>> std::Ref_count_base::Decref std::map<unsigned_int,class_boost::any,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,class_boost::any>>>::Try_emplace<unsigned_int> tdt_library_v_current::bit_shovel::channel_registry::has_channel<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>> |
| calling | tdt_library_v_current::bit_shovel_plugins::classifier_plugin::init |
| paramcount | 1 |
| address | 75a5cc328 |
| sig | vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> * __thiscall get_sinks<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>>(channel_registry * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
tdt_library_v_current::bit_shovel::channel_registry::get_sinks<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record>>>_>
| Key | mpengine.dll |
|---|---|
| name | get_sinks<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record>>>_> |
| fullname | tdt_library_v_current::bit_shovel::channel_registry::get_sinks<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record>>>_> |
| refcount | 3 |
| length | 93 |
| called | boost::any_cast<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel::internal::channel_registration<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record>>>>>> std::Ref_count_base::Decref std::map<unsigned_int,class_boost::any,struct_std::less<unsigned_int>,class_std::allocator<struct_std::pair<unsigned_int_const,class_boost::any>>>::Try_emplace<unsigned_int> tdt_library_v_next::bit_shovel::channel_registry::has_channel<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_next::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_next::bit_shovel_plugins::normalized_record>>>> |
| calling | tdt_library_v_current::bit_shovel_plugins::feature_extraction_plugin::init tdt_library_v_current::bit_shovel_plugins::normalizer::init |
| paramcount | 1 |
| address | 75a5cd1c4 |
| sig | vector<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> * __thiscall get_sinks<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record,class_std::allocator<struct_tdt_library_v_current::bit_shovel_plugins::normalized_record>>>_>(channel_registry * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | operator< |
| fullname | peemusig_t::operator< |
| refcount | 21 |
| length | 70 |
| called | |
| calling | std::_Buffered_inplace_merge_unchecked<struct_peemusig_t*__ptr64,struct_std::less> std::_Inplace_merge_buffer_left<struct_peemusig_t*__ptr64,struct_std::less> std::_Inplace_merge_buffer_right<struct_peemusig_t*__ptr64,struct_std::less> std::_Med3_unchecked<struct_peemusig_t*__ptr64,struct_std::less> std::_Partition_by_median_guess_unchecked<struct_peemusig_t*__ptr64,struct_std::less> std::_Pop_heap_hole_by_index<struct_peemusig_t*__ptr64,struct_peemusig_t,struct_std::less> std::inplace_merge<struct_peemusig_t*__ptr64,struct_std::less> std::lower_bound<struct_peemusig_t*__ptr64,struct_peemusig_t,struct_std::less> std::upper_bound<struct_peemusig_t*__ptr64,struct_peemusig_t,struct_std::less> |
| paramcount | 2 |
| address | 75a5d22f8 |
| sig | bool __thiscall operator<(peemusig_t * this, peemusig_t * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::vector<class_CommonUtil::AutoRef<struct_INotification>,class_std::allocator<class_CommonUtil::AutoRef<struct_INotification>>>::clear
| Key | mpengine.dll |
|---|---|
| name | clear |
| fullname | std::vector<class_CommonUtil::AutoRef<struct_INotification>,class_std::allocator<class_CommonUtil::AutoRef<struct_INotification>>>::clear |
| refcount | 2 |
| length | 39 |
| called | std::Destroy_range<class_std::allocator<class_CommonUtil::AutoRef<struct_IDelayedObject>>_> |
| calling | ProcessContext::FirstProcessNotification |
| paramcount | 1 |
| address | 75a5eb778 |
| sig | void __thiscall clear(vector<class_CommonUtil::AutoRef<struct_INotification>,class_std::allocator<class_CommonUtil::AutoRef<struct_INotification>>> * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | InitMatchLevel |
| fullname | CHSTRMatchHelper::InitMatchLevel |
| refcount | 1 |
| length | 73 |
| called | |
| calling | hstr_internal_report_match_worker |
| paramcount | 2 |
| address | 75a612664 |
| sig | void __thiscall InitMatchLevel(CHSTRMatchHelper * this, match_state_t * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | GetFileUSN |
| fullname | nUFSP_vfz::GetFileUSN |
| refcount | 2 |
| length | 40 |
| called | StreamBufferWrapper::GetFileUSN di::TelemetryAssert::AssertTriggeredNoArgs |
| calling | troj_scan |
| paramcount | 2 |
| address | 75a613b3c |
| sig | long __thiscall GetFileUSN(nUFSP_vfz * this, __uint64 * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>><char16_t_const*___ptr64,0>
| Key | mpengine.dll |
|---|---|
| name | basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_><char16_t_const*___ptr64,0> |
| fullname | std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>>::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>><char16_t_const*___ptr64,0> |
| refcount | 3 |
| length | 66 |
| called | std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::_Construct_from_iter<char16_t_const*___ptr64,char16_t_const*___ptr64,unsigned___int64> |
| calling | ExtractSigData ExtractSigDataWithEnvExpansion |
| paramcount | 4 |
| address | 75a63fa08 |
| sig | undefined __thiscall basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_><char16_t_const*__ptr64,0>(basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>> * this, wchar16 * param_1, wchar16 * param_2, allocator<wchar_t> * param_3) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::make_shared<class_tdt_library_v_current::virtual_filesystem_config_imp,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64>
| Key | mpengine.dll |
|---|---|
| name | make_shared<class_tdt_library_v_current::virtual_filesystem_config_imp,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64> |
| fullname | std::make_shared<class_tdt_library_v_current::virtual_filesystem_config_imp,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64> |
| refcount | 2 |
| length | 126 |
| called | operator_new std::_Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp>::Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp><class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64> |
| calling | tdt_library_v_current::tdt_agent_impl::set_configuration |
| paramcount | 6 |
| address | 75a655d94 |
| sig | longlong * __cdecl make_shared<class_tdt_library_v_current::virtual_filesystem_config_imp,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&ptr64>(longlong * param_1, basic_string<char,struct_std::char_traits,class_std::allocator> * param_2, basic_string<char,struct_std::char_traits,class_std::allocator> * param_3, function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)> * param_4, __int64 * param_5, tdt_platform_t * param_6) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::_Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp>::Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp><class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64>
| Key | mpengine.dll |
|---|---|
| name | Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp><class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64> |
| fullname | std::_Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp>::Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp><class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64> |
| refcount | 2 |
| length | 136 |
| called | std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> tdt_library_v_current::virtual_filesystem_config_imp::virtual_filesystem_config_imp |
| calling | std::make_shared<class_tdt_library_v_current::virtual_filesystem_config_imp,class_std::basic_string<char,struct_std::char_traits,class_std::allocator_>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&___ptr64> |
| paramcount | 6 |
| address | 75a655e14 |
| sig | undefined __thiscall Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp><class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64,class_std::function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)>&___ptr64,__int64&___ptr64,struct_tdt_library_v_current::bit_shovel::tdt_platform_t&_ptr64>(Ref_count_obj2<class_tdt_library_v_current::virtual_filesystem_config_imp> * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, basic_string<char,struct_std::char_traits,class_std::allocator> * param_2, function<enum_tdt_api::tdt_file_read_error_code____cdecl(__int64,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&___ptr64,unsigned_char*___ptr64,unsigned___int64,unsigned___int64*___ptr64)> * param_3, __int64 * param_4, tdt_platform_t * param_5) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::_Reallocate_exactly
| Key | mpengine.dll |
|---|---|
| name | _Reallocate_exactly |
| fullname | std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::_Reallocate_exactly |
| refcount | 19 |
| length | 134 |
| called | memcpy std::_Allocate<16,struct_std::_Default_allocate_traits,0> std::Get_size_of_n<40> std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>>::_Change_array |
| calling | Expand for full list:MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a65637c |
| sig | void __thiscall Reallocate_exactly(vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>> * this, __uint64 param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | GetFileOperationPID |
| fullname | StreamBufferWrapper::GetFileOperationPID |
| refcount | 2 |
| length | 72 |
| called | StreamBufferWrapper::GetAttribute di::TelemetryAssert::AssertTriggeredNoArgs |
| calling | nUFSP_vfz::BmFileEvents |
| paramcount | 2 |
| address | 75a6661bc |
| sig | long __thiscall GetFileOperationPID(StreamBufferWrapper * this, ulong * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | put |
| fullname | std::num_put<char,class_std::ostreambuf_iterator<char,struct_std::char_traits>>::put |
| refcount | 2 |
| length | 71 |
| called |
guard_dispatch_icall |
| calling | std::basic_ostream<char,struct_std::char_traits_>::operator<< |
| paramcount | 6 |
| address | 75a6685f0 |
| sig | undefined8 __thiscall put(num_put<char,class_std::ostreambuf_iterator<char,struct_std::char_traits>> * this, undefined8 param_1, undefined4 * param_2, undefined8 param_3, undefined param_4, undefined4 param_5) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | tdt_silo_functions_t |
| fullname | tdt_api::tdt_silo_functions_t::tdt_silo_functions_t |
| refcount | 4 |
| length | 35 |
| called | |
| calling | get_tdt_capabilities tdt_get_agent tdt_get_error_string |
| paramcount | 1 |
| address | 75a66b104 |
| sig | undefined __thiscall tdt_silo_functions_t(tdt_silo_functions_t * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | make_shared<class_tdt_library_v_next::logger_client::logger> |
| fullname | std::make_shared<class_tdt_library_v_next::logger_client::logger> |
| refcount | 2 |
| length | 115 |
| called | memset operator_new tdt_library_v_current::logger_client::logger::logger |
| calling | tdt_library_v_next::logger_client::logger::set_logger |
| paramcount | 1 |
| address | 75a68c8cc |
| sig | undefined8 * __cdecl make_shared<class_tdt_library_v_next::logger_client::logger>(undefined8 * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | logger |
| fullname | tdt_library_v_current::logger_client::logger::logger |
| refcount | 2 |
| length | 50 |
| called | |
| calling | std::make_shared<class_tdt_library_v_current::logger_client::logger> std::make_shared<class_tdt_library_v_next::logger_client::logger> |
| paramcount | 1 |
| address | 75a68c940 |
| sig | undefined __thiscall logger(logger * this) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | HUF_alignUpWorkspace |
| fullname | HUF_alignUpWorkspace |
| refcount | 4 |
| length | 42 |
| called | |
| calling | HUF_buildCTable_wksp HUF_compressWeights HUF_compress_internal HUF_writeCTable_wksp |
| paramcount | 3 |
| address | 75a68ff1c |
| sig | longlong __fastcall HUF_alignUpWorkspace(ulonglong param_1, ulonglong * param_2, longlong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | McTemplateU0pU16sdqqzzmx_MPEventWriteTransfer |
| fullname | McTemplateU0pU16sdqqzzmx_MPEventWriteTransfer |
| refcount | 2 |
| length | 380 |
| called | McGenEventWrite_MPEventWriteTransfer __security_check_cookie |
| calling | ScanRequestEtwHelper::~ScanRequestEtwHelper |
| paramcount | 5 |
| address | 75a691624 |
| sig | undefined __fastcall McTemplateU0pU16sdqqzzmx_MPEventWriteTransfer(REGHANDLE * param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, char * param_5) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | JSON_StringParser<wchar_t> |
| fullname | web::json::details::JSON_StringParser<wchar_t>::JSON_StringParser<wchar_t> |
| refcount | 1 |
| length | 68 |
| called | |
| calling | _parse_string<wchar_t> |
| paramcount | 2 |
| address | 75a69eaa4 |
| sig | undefined __thiscall JSON_StringParser<wchar_t>(JSON_StringParser<wchar_t> * this, basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | HUF_initCStream |
| fullname | HUF_initCStream |
| refcount | 2 |
| length | 49 |
| called | |
| calling | HUF_compress4X_usingCTable_internal |
| paramcount | 3 |
| address | 75a69f398 |
| sig | undefined8 __fastcall HUF_initCStream(undefined8 * param_1, longlong param_2, ulonglong param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ZSTD_ldm_getMaxNbSeq |
| fullname | ZSTD_ldm_getMaxNbSeq |
| refcount | 2 |
| length | 20 |
| called | |
| calling | ZSTD_estimateCCtxSize_usingCCtxParams_internal ZSTD_resetCCtx_internal |
| paramcount | 2 |
| address | 75a6e5420 |
| sig | ulonglong __fastcall ZSTD_ldm_getMaxNbSeq(int * param_1, ulonglong param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | sort<struct_kcrce_t*___ptr64> |
| fullname | std::sort<struct_kcrce_t*___ptr64> |
| refcount | 2 |
| length | 47 |
| called | std::_Sort_unchecked<struct_kcrce_t*__ptr64,struct_std::less> |
| calling | MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a6f04ec |
| sig | void __cdecl sort<struct_kcrce_t*___ptr64>(kcrce_t * param_1, kcrce_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | sort<struct_peemusig_t*___ptr64> |
| fullname | std::sort<struct_peemusig_t*___ptr64> |
| refcount | 2 |
| length | 47 |
| called | std::_Sort_unchecked<struct_peemusig_t*__ptr64,struct_std::less> |
| calling | MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a6f051c |
| sig | void __cdecl sort<struct_peemusig_t*___ptr64>(peemusig_t * param_1, peemusig_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | make_shared<class_tdt_library_v_current::logger_client::logger> |
| fullname | std::make_shared<class_tdt_library_v_current::logger_client::logger> |
| refcount | 2 |
| length | 115 |
| called | memset operator_new tdt_library_v_current::logger_client::logger::logger |
| calling | tdt_library_v_current::logger_client::logger::set_logger |
| paramcount | 1 |
| address | 75a741eb4 |
| sig | undefined8 * __cdecl make_shared<class_tdt_library_v_current::logger_client::logger>(undefined8 * param_1) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | sort<struct_trustedpublisher_t*___ptr64> |
| fullname | std::sort<struct_trustedpublisher_t*___ptr64> |
| refcount | 2 |
| length | 47 |
| called | std::_Sort_unchecked<struct_trustedpublisher_t*__ptr64,struct_std::less> |
| calling | MpSignatureSubType<struct_trustedpublisher_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_trustedpublisher_t>,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a772db0 |
| sig | void __cdecl sort<struct_trustedpublisher_t*___ptr64>(trustedpublisher_t * param_1, trustedpublisher_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | sort<struct_snidex_entry_t*___ptr64> |
| fullname | std::sort<struct_snidex_entry_t*___ptr64> |
| refcount | 3 |
| length | 47 |
| called | std::_Sort_unchecked<struct_snidex_entry_t*__ptr64,struct_std::less> |
| calling | MpSignatureSubType<struct_snidex_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex_entry_t>,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a7733c0 |
| sig | void __cdecl sort<struct_snidex_entry_t*___ptr64>(snidex_entry_t * param_1, snidex_entry_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | sort<struct_staticrec_t*___ptr64> |
| fullname | std::sort<struct_staticrec_t*___ptr64> |
| refcount | 2 |
| length | 47 |
| called | std::_Sort_unchecked<struct_staticrec_t*__ptr64,struct_std::less> |
| calling | MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a777fac |
| sig | void __cdecl sort<struct_staticrec_t*___ptr64>(staticrec_t * param_1, staticrec_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | sort<struct_nid64_entry_t*___ptr64> |
| fullname | std::sort<struct_nid64_entry_t*___ptr64> |
| refcount | 3 |
| length | 47 |
| called | std::_Sort_unchecked<struct_nid64_entry_t*__ptr64,struct_std::less> |
| calling | MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::PostProcessRecordsWorker |
| paramcount | 2 |
| address | 75a778320 |
| sig | void __cdecl sort<struct_nid64_entry_t*___ptr64>(nid64_entry_t * param_1, nid64_entry_t * param_2) |
| sym_type | Function |
| sym_source | ANALYSIS |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | CertFreeCertificateChain |
| fullname | CertFreeCertificateChain |
| refcount | 3 |
| length | 54 |
| called | ApitableInit guard_dispatch_icall |
| calling | platform_services_sample::CertFreeCertificateChain_shim |
| paramcount | 1 |
| address | 75a77b150 |
| sig | void __stdcall CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperCertGetCertificateChain |
| fullname | WrapperCertGetCertificateChain |
| refcount | 3 |
| length | 166 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | platform_services_sample::CertGetCertificateChain_shim |
| paramcount | 8 |
| address | 75a77b1e0 |
| sig | BOOL __stdcall WrapperCertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT * ppChainContext) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperCryptMsgOpenToDecode |
| fullname | WrapperCryptMsgOpenToDecode |
| refcount | 3 |
| length | 132 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | platform_services_sample::CryptMsgOpenToDecode_shim |
| paramcount | 6 |
| address | 75a77bf60 |
| sig | HCRYPTMSG __stdcall WrapperCryptMsgOpenToDecode(DWORD dwMsgEncodingType, DWORD dwFlags, DWORD dwMsgType, HCRYPTPROV_LEGACY hCryptProv, PCERT_INFO pRecipientInfo, PCMSG_STREAM_INFO pStreamInfo) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | CryptMsgUpdate |
| fullname | CryptMsgUpdate |
| refcount | 3 |
| length | 116 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | platform_services_sample::CryptMsgUpdate_shim |
| paramcount | 4 |
| address | 75a77bff0 |
| sig | BOOL __stdcall CryptMsgUpdate(HCRYPTMSG hCryptMsg, BYTE * pbData, DWORD cbData, BOOL fFinal) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmEngineOpen0 |
| fullname | FwpmEngineOpen0 |
| refcount | 7 |
| length | 124 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::CleanupWFPFiltersByDirection FirewallHelpers::GetWFPEngine FirewallHelpers::GetWFPFiltersByDirection FirewallHelpers::RemoveWFPFilter FirewallHelpers::UninstallWFPProvider |
| paramcount | 5 |
| address | 75a77ca50 |
| sig | undefined8 __fastcall FwpmEngineOpen0(undefined8 param_1, undefined4 param_2, undefined8 param_3, undefined8 param_4, undefined8 param_5) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmFilterAdd0 |
| fullname | WrapperFwpmFilterAdd0 |
| refcount | 3 |
| length | 116 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::CreateWFPFilterIpAddress |
| paramcount | 4 |
| address | 75a77cacc |
| sig | undefined8 __fastcall WrapperFwpmFilterAdd0(undefined8 param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmFilterCreateEnumHandle0 |
| fullname | WrapperFwpmFilterCreateEnumHandle0 |
| refcount | 4 |
| length | 100 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::CleanupWFPFiltersByDirection FirewallHelpers::GetWFPFiltersByDirection |
| paramcount | 3 |
| address | 75a77cb40 |
| sig | undefined8 __fastcall WrapperFwpmFilterCreateEnumHandle0(undefined8 param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmFilterDeleteByKey0 |
| fullname | FwpmFilterDeleteByKey0 |
| refcount | 3 |
| length | 84 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::RemoveWFPFilter |
| paramcount | 2 |
| address | 75a77cba4 |
| sig | undefined8 __fastcall FwpmFilterDeleteByKey0(undefined8 param_1, undefined8 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmFilterDestroyEnumHandle0 |
| fullname | WrapperFwpmFilterDestroyEnumHandle0 |
| refcount | 4 |
| length | 84 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | <lambda_b370b5850c69c833ca1723c69e741f7c>::operator() CommonUtil::ScopeGuardImpl<<lambda_f78b881198d4a938f15a19890072de63>>::~ScopeGuardImpl<<lambda_f78b881198d4a938f15a19890072de63>> |
| paramcount | 2 |
| address | 75a77cbf8 |
| sig | undefined8 __fastcall WrapperFwpmFilterDestroyEnumHandle0(undefined8 param_1, undefined8 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmFilterEnum0 |
| fullname | WrapperFwpmFilterEnum0 |
| refcount | 4 |
| length | 126 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::CleanupWFPFiltersByDirection FirewallHelpers::GetWFPFiltersByDirection |
| paramcount | 5 |
| address | 75a77cc4c |
| sig | undefined8 __fastcall WrapperFwpmFilterEnum0(undefined8 param_1, undefined8 param_2, undefined4 param_3, undefined8 param_4, undefined8 param_5) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmFreeMemory0 |
| fullname | FwpmFreeMemory0 |
| refcount | 5 |
| length | 54 |
| called | ApitableInit guard_dispatch_icall |
| calling | <lambda_b370b5850c69c833ca1723c69e741f7c>::operator() CommonUtil::ScopeGuardImpl<<lambda_f78b881198d4a938f15a19890072de63>>::~ScopeGuardImpl<<lambda_f78b881198d4a938f15a19890072de63>> FirewallHelpers::GetWFPEngine |
| paramcount | 1 |
| address | 75a77cccc |
| sig | undefined __fastcall FwpmFreeMemory0(undefined8 param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmProviderAdd0 |
| fullname | WrapperFwpmProviderAdd0 |
| refcount | 2 |
| length | 100 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetWFPEngine |
| paramcount | 3 |
| address | 75a77cd04 |
| sig | undefined8 __fastcall WrapperFwpmProviderAdd0(undefined8 param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmProviderDeleteByKey0 |
| fullname | WrapperFwpmProviderDeleteByKey0 |
| refcount | 3 |
| length | 84 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::UninstallWFPProvider |
| paramcount | 2 |
| address | 75a77cd68 |
| sig | undefined8 __fastcall WrapperFwpmProviderDeleteByKey0(undefined8 param_1, undefined8 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmProviderGetByKey0 |
| fullname | FwpmProviderGetByKey0 |
| refcount | 3 |
| length | 100 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetWFPEngine |
| paramcount | 3 |
| address | 75a77cdbc |
| sig | undefined8 __fastcall FwpmProviderGetByKey0(undefined8 param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmSubLayerAdd0 |
| fullname | FwpmSubLayerAdd0 |
| refcount | 3 |
| length | 100 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetWFPEngine |
| paramcount | 3 |
| address | 75a77ce20 |
| sig | undefined8 __fastcall FwpmSubLayerAdd0(undefined8 param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmSubLayerDeleteByKey0 |
| fullname | FwpmSubLayerDeleteByKey0 |
| refcount | 3 |
| length | 84 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::UninstallWFPProvider |
| paramcount | 2 |
| address | 75a77ce84 |
| sig | undefined8 __fastcall FwpmSubLayerDeleteByKey0(undefined8 param_1, undefined8 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmSubLayerGetByKey0 |
| fullname | FwpmSubLayerGetByKey0 |
| refcount | 3 |
| length | 100 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetWFPEngine |
| paramcount | 3 |
| address | 75a77ced8 |
| sig | undefined8 __fastcall FwpmSubLayerGetByKey0(undefined8 param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | WrapperFwpmTransactionBegin0 |
| fullname | WrapperFwpmTransactionBegin0 |
| refcount | 4 |
| length | 82 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetWFPEngine FirewallHelpers::UninstallWFPProvider |
| paramcount | 2 |
| address | 75a77cf3c |
| sig | undefined8 __fastcall WrapperFwpmTransactionBegin0(undefined8 param_1, undefined4 param_2) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | FwpmTransactionCommit0 |
| fullname | FwpmTransactionCommit0 |
| refcount | 3 |
| length | 72 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetWFPEngine FirewallHelpers::UninstallWFPProvider |
| paramcount | 1 |
| address | 75a77cf90 |
| sig | undefined8 __fastcall FwpmTransactionCommit0(undefined8 param_1) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | GetFileVersionInfoA |
| fullname | GetFileVersionInfoA |
| refcount | 4 |
| length | 116 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | platform_services_sample::GetFileVersionInfoA_shim tdt_utils::get_file_info |
| paramcount | 4 |
| address | 75a77d254 |
| sig | BOOL __stdcall GetFileVersionInfoA(LPCSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | Wrapperinet_ntop |
| fullname | Wrapperinet_ntop |
| refcount | 2 |
| length | 116 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::GetInfoFromFilter |
| paramcount | 4 |
| address | 75a77f7c4 |
| sig | undefined8 __fastcall Wrapperinet_ntop(undefined4 param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | inet_pton |
| fullname | inet_pton |
| refcount | 4 |
| length | 100 |
| called | ApitableInit KERNEL32.DLL::SetLastError guard_dispatch_icall |
| calling | FirewallHelpers::CreateWFPFilterIpAddress |
| paramcount | 3 |
| address | 75a77f840 |
| sig | undefined8 __fastcall inet_pton(undefined4 param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
| Key | mpengine.dll |
|---|---|
| name | ReadProcessMemoryInternal |
| fullname | ReadProcessMemoryInternal |
| refcount | 4 |
| length | 311 |
| called | ApitableInit FailStubNtReadVirtualMemoryEx KERNEL32.DLL::GetProcAddress KERNEL32.DLL::SetLastError NTDLL.DLL::RtlNtStatusToDosError guard_dispatch_icall |
| calling | ReadProcessMemory |
| paramcount | 5 |
| address | 75a77ff10 |
| sig | undefined8 __fastcall ReadProcessMemoryInternal(undefined8 param_1, undefined8 param_2, undefined8 param_3, undefined8 param_4, undefined8 * param_5) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
715 Deleted Functions Ommited...
Modified functions contain code changes
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.02 |
| i_ratio | 0.2 |
| m_ratio | 0.19 |
| b_ratio | 0.08 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | AddSection | AddSection |
| fullname | PEFileWriter::AddSection | PEFileWriter::AddSection |
| refcount | 3 | 3 |
length |
2190 | 2119 |
called |
Expand for full list:PEFileWriter::WriteOptionalHeader |
Expand for full list:PEFileWriter::WriteOptionalHeader |
| calling | PEImportReconstructor::DumpImports PERelocations::WriteRelocation |
PEImportReconstructor::DumpImports PERelocations::WriteRelocation |
| paramcount | 5 | 5 |
address |
75a512aa8 | 75aa1932c |
| sig | PEError __thiscall AddSection(PEFileWriter * this, ulong param_1, ulong param_2, char * param_3, ulong * param_4) | PEError __thiscall AddSection(PEFileWriter * this, ulong param_1, ulong param_2, char * param_3, ulong * param_4) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- PEFileWriter::AddSection called
+++ PEFileWriter::AddSection called
@@ -1 +1 @@
-CAPTURED_OPTIONAL_HEADER::CAPTURED_OPTIONAL_HEADER
+CAPTURED_PE_HEADERS::CAPTURED_PE_HEADERS
@@ -29 +28,0 @@
-memset--- PEFileWriter::AddSection
+++ PEFileWriter::AddSection
@@ -1,12 +1,324 @@
+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+ guard_dispatch_icall */
+/* public: enum PEError __cdecl PEFileWriter::AddSection(unsigned long,unsigned long,char const *
+ __ptr64,unsigned long & __ptr64) __ptr64 */
PEError __thiscall
-IL_x86_common::mov_ebp_disp_Ix::AddSection
+PEFileWriter::AddSection
(PEFileWriter *this,ulong param_1,ulong param_2,char *param_3,ulong *param_4)
{
- undefined4 in_register_00000014;
+ ulonglong uVar1;
+ PEVirtualMemory *this_00;
+ char cVar2;
+ bool bVar3;
+ PEError PVar4;
+ ulong uVar5;
+ ulong uVar6;
+ ulong uVar7;
+ PEError extraout_EAX;
+ PtrType *pPVar8;
+ ulonglong *puVar9;
+ char *pcVar10;
+ longlong lVar11;
+ ulonglong uVar12;
+ uint uVar13;
+ size_t _Size;
+ ushort uVar14;
+ undefined auStackY_278 [32];
+ ulong local_238;
+ ulong local_234;
+ ulonglong local_230;
+ ulonglong local_228;
+ char *local_220;
+ longlong local_218 [2];
+ _IMAGE_SECTION_HEADER local_208;
+ _IMAGE_SECTION_HEADER local_1e0;
+ CAPTURED_PE_HEADERS local_1b8 [60];
+ int local_17c;
+ ushort local_176 [11];
+ CAPTURED_OPTIONAL_HEADER local_160 [72];
+ ulong local_118;
+ ulong local_114;
+ ulonglong local_58;
- /* WARNING: Subroutine does not return */
- _CxxThrowException(this,(ThrowInfo *)CONCAT44(in_register_00000014,param_1));
+ local_58 = __security_cookie ^ (ulonglong)auStackY_278;
+ local_234 = param_2;
+ local_220 = param_3;
+ CAPTURED_PE_HEADERS::CAPTURED_PE_HEADERS(local_1b8);
+ PVar4 = PEFileReader::ReadPEHeaders((PEFileReader *)this,local_1b8);
+ if (PVar4 != 0) goto LAB_0;
+ uVar5 = PEFileReader::GetImageSize((PEFileReader *)this);
+ if (local_118 == uVar5) {
+ *param_4 = local_118;
+ uVar5 = PEFileReader::SecRoundUp((PEFileReader *)this,local_118);
+ if (*param_4 < uVar5) {
+ uVar5 = *param_4;
+ goto LAB_1;
+ }
+ }
+ else {
+ pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+ local_228 = 0xffffffff;
+ if (*(longlong *)(pPVar8 + 8) == -1) {
+ local_228 = 0xffffffffffffffff;
+ }
+ local_230 = local_228 & (ulonglong)local_118 + *(longlong *)pPVar8;
+ puVar9 = (ulonglong *)
+ PEVirtualMemory::GetUpperBound
+ (*(PEVirtualMemory **)(this + 0x1f0),local_218,(PtrType *)&local_230);
+ uVar12 = *puVar9;
+ uVar1 = puVar9[1];
+ local_230 = uVar12;
+ local_228 = uVar1;
+ pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+ PtrType::CheckSameTypePointer((PtrType *)&local_230,pPVar8);
+ *param_4 = (int)uVar12 - *(int *)pPVar8 & (uint)uVar1;
+ pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+ PtrType::CheckSameTypePointer((PtrType *)&local_230,pPVar8);
+ uVar5 = *param_4;
+ if ((ulonglong)uVar5 != (uVar12 - *(longlong *)pPVar8 & uVar1)) goto LAB_0;
+LAB_1:
+ uVar5 = PEFileReader::SecRoundUp((PEFileReader *)this,uVar5);
+ *param_4 = uVar5;
+ uVar5 = PEFileReader::GetImageSize((PEFileReader *)this);
+ if (*param_4 < uVar5) goto LAB_0;
+ if (local_176[0] == 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x33,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids);
+ }
+ goto LAB_0;
+ }
+ uVar14 = local_176[0] - 1;
+ local_208.NumberOfRelocations = 0;
+ local_208.NumberOfLinenumbers = 0;
+ local_208.Characteristics = 0;
+ local_208.Name[0] = '\0';
+ local_208.Name[1] = '\0';
+ local_208.Name[2] = '\0';
+ local_208.Name[3] = '\0';
+ local_208.Name[4] = '\0';
+ local_208.Name[5] = '\0';
+ local_208.Name[6] = '\0';
+ local_208.Name[7] = '\0';
+ local_208.Misc = (_union_238)0x0;
+ local_208.VirtualAddress = 0;
+ local_208.SizeOfRawData = 0;
+ local_208.PointerToRawData = 0;
+ local_208.PointerToRelocations = 0;
+ local_208.PointerToLinenumbers = 0;
+ PVar4 = PEFileReader::ReadSectionHeader((PEFileReader *)this,uVar14,&local_208);
+ if (PVar4 != 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x34,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids);
+ }
+ goto LAB_0;
+ }
+ if (*param_4 < local_208.VirtualAddress) goto LAB_0;
+ local_238 = *param_4 - local_208.VirtualAddress;
+ this_00 = *(PEVirtualMemory **)(this + 0x1f0);
+ pPVar8 = PEFileReader::GetImageBase((PEFileReader *)this);
+ local_228 = 0xffffffff;
+ if (*(longlong *)(pPVar8 + 8) == -1) {
+ local_228 = 0xffffffffffffffff;
+ }
+ local_230 = local_228 & ((ulonglong)local_208._8_8_ >> 0x20) + *(longlong *)pPVar8;
+ bVar3 = PEVirtualMemory::GetRawSize(this_00,(PtrType *)&local_230,&local_238);
+ if (((!bVar3) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x36,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids);
+ }
+ local_118 = *param_4;
+ PVar4 = WriteOptionalHeader(this,local_160);
+ if (PVar4 != 0) goto LAB_0;
+ local_208.Misc.PhysicalAddress = *param_4 - local_208.VirtualAddress;
+ local_208.SizeOfRawData = local_238;
+ PVar4 = WriteSectionHeader(this,uVar14,&local_208);
+ if (PVar4 != 0) goto LAB_0;
+ }
+ if (((param_1 == 0) || (uVar13 = *param_4 + param_1, uVar13 < *param_4)) ||
+ (uVar5 = PEFileReader::SecRoundUp((PEFileReader *)this,uVar13), uVar5 == 0)) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x37,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,param_1);
+ }
+ }
+ else {
+ local_238 = PEFileReader::SecRoundUp((PEFileReader *)this,*param_4 + param_1);
+ bVar3 = ResizeImage(this,&local_238);
+ if ((bVar3) &&
+ (PVar4 = PEFileReader::ReadPEHeaders((PEFileReader *)this,local_1b8), uVar5 = local_238,
+ PVar4 == 0)) {
+ local_118 = local_238;
+ PVar4 = WriteOptionalHeader(this,local_160);
+ if ((PVar4 == 0) && (*(short *)(this + 0x32) != 0)) {
+ local_1e0.NumberOfRelocations = 0;
+ local_1e0.NumberOfLinenumbers = 0;
+ local_1e0.Characteristics = 0;
+ local_1e0.Name[0] = '\0';
+ local_1e0.Name[1] = '\0';
+ local_1e0.Name[2] = '\0';
+ local_1e0.Name[3] = '\0';
+ local_1e0.Name[4] = '\0';
+ local_1e0.Name[5] = '\0';
+ local_1e0.Name[6] = '\0';
+ local_1e0.Name[7] = '\0';
+ local_1e0.Misc = (_union_238)0x0;
+ local_1e0.VirtualAddress = 0;
+ local_1e0.SizeOfRawData = 0;
+ local_1e0.PointerToRawData = 0;
+ local_1e0.PointerToRelocations = 0;
+ local_1e0.PointerToLinenumbers = 0;
+ if ((local_176[0] < *(ushort *)(this + 0x32)) ||
+ (PVar4 = PEFileReader::ReadSectionHeader
+ ((PEFileReader *)this,local_176[0] - 1,&local_1e0), PVar4 == 0)) {
+LAB_2:
+ uVar13 = (uint)local_176[0];
+ }
+ else {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+ cVar2 = (char)local_176[0];
+ pcVar10 = GetPEErrorString(PVar4);
+ WPP_SF_sL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x39,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,pcVar10,cVar2 + -1);
+ }
+ uVar14 = 0;
+ uVar6 = PEFileReader::SecRoundUp((PEFileReader *)this,local_114);
+ if (local_176[0] == 0) goto LAB_0;
+ do {
+ PVar4 = PEFileReader::ReadSectionHeader((PEFileReader *)this,uVar14,&local_1e0);
+ if (PVar4 != 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ pcVar10 = GetPEErrorString(PVar4);
+ WPP_SF_sL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3b,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,pcVar10,(char)uVar14);
+ }
+ goto LAB_0;
+ }
+ uVar7 = PEFileReader::SecRoundUp((PEFileReader *)this,local_1e0.Misc.PhysicalAddress);
+ if (*param_4 - local_1e0.VirtualAddress <= uVar7) {
+ uVar13 = (uint)local_176[0];
+ if (uVar13 - uVar14 != 1) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3d,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,(uint)local_176[0],
+ (char)uVar14 + '\x01');
+ }
+ local_176[0] = uVar14 + 1;
+ lVar11 = (**(code **)(*(longlong *)this + 0x38))(this,local_17c + 6,local_176,2);
+ if (lVar11 != 2) goto LAB_0;
+ goto LAB_2;
+ }
+ break;
+ }
+ if (local_1e0.VirtualAddress != uVar6) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_DDL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3e,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,(uint)uVar14,
+ SUB81(local_1e0._8_8_,4),(char)uVar6);
+ }
+ goto LAB_0;
+ }
+ uVar6 = PEFileReader::SecRoundUp((PEFileReader *)this,local_1e0.Misc.PhysicalAddress);
+ if (uVar6 == 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x3f,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,(uint)uVar14,
+ (char)local_1e0._8_8_);
+ }
+ goto LAB_0;
+ }
+ uVar6 = PEFileReader::SecRoundUp((PEFileReader *)this,local_1e0.Misc.PhysicalAddress);
+ uVar13 = (uint)local_176[0];
+ uVar14 = uVar14 + 1;
+ uVar6 = local_1e0.VirtualAddress + uVar6;
+ } while (uVar14 < local_176[0]);
+ }
+ uVar14 = (ushort)uVar13;
+ if (uVar14 < *(ushort *)(this + 0x32)) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x40,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,uVar13);
+ uVar14 = local_176[0];
+ }
+ local_176[0] = uVar14 + 1;
+ PVar4 = WriteNumberOfSections(this,local_176[0]);
+ if (PVar4 == 3) {
+ uVar6 = PEFileReader::FileRoundUp((PEFileReader *)this,1);
+ RegenerateRawOffsets(this,uVar6);
+ }
+ else if (PVar4 != 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ pcVar10 = GetPEErrorString(PVar4);
+ WPP_SF_s(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x41,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,pcVar10);
+ }
+ goto LAB_0;
+ }
+ uVar13 = *param_4;
+ local_1e0.VirtualAddress = uVar13;
+ if (uVar5 <= uVar13) {
+ di::TelemetryAssert::AssertTriggeredNoArgs();
+ }
+ local_1e0.Misc.PhysicalAddress = uVar5 - *param_4;
+ local_1e0.Characteristics = local_234;
+ if (local_220 != (char *)0x0) {
+ uVar12 = 0xffffffffffffffff;
+ do {
+ uVar12 = uVar12 + 1;
+ } while (local_220[uVar12] != '\0');
+ _Size = 8;
+ if (uVar12 < 8) {
+ _Size = uVar12;
+ }
+ memcpy(&local_1e0,local_220,_Size);
+ }
+ }
+ else {
+ uVar7 = PEFileReader::SecRoundUp
+ ((PEFileReader *)this,
+ local_1e0.Misc.PhysicalAddress + local_1e0.VirtualAddress);
+ uVar6 = local_234;
+ if (uVar7 != *param_4) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_Ll(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x42,
+ &WPP_d1ca09dcb01b3a260f39bd5935da637e_Traceguids,local_1e0.VirtualAddress,
+ (char)local_1e0._8_8_);
+ }
+ goto LAB_0;
+ }
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ WPP_SF_dLLLL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),
+ (ulonglong)(local_234 | local_1e0.Characteristics),
+ (ulonglong)local_1e0.Characteristics,local_176[0] - 1,(char)local_1e0._8_8_
+ ,(char)uVar5 - SUB81(local_1e0._8_8_,4),SUB81(local_1e0._32_8_,4),
+ (char)(local_234 | local_1e0.Characteristics));
+ }
+ local_1e0.Characteristics = local_1e0.Characteristics | uVar6;
+ local_1e0.Misc.PhysicalAddress = uVar5 - local_1e0.VirtualAddress;
+ }
+ WriteSectionHeader(this,local_176[0] - 1,&local_1e0);
+ }
+ }
+ }
+LAB_0:
+ __security_check_cookie(local_58 ^ (ulonglong)auStackY_278);
+ return extraout_EAX;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.0 |
| i_ratio | 0.72 |
| m_ratio | 0.99 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | InitDatabase | InitDatabase |
| fullname | MetaStore::`anonymous_namespace'::MetaStore::InitDatabase | MetaStore::`anonymous_namespace'::MetaStore::InitDatabase |
| refcount | 3 | 3 |
length |
3789 | 3747 |
called |
Expand for full list:IsEngineDeterministic |
Expand for full list:MetaStore:: |
| calling | MetaStore::`anonymous_namespace'::MetaStore::Initialize | MetaStore::`anonymous_namespace'::MetaStore::Initialize |
| paramcount | 2 | 2 |
address |
75a57a030 | 75a3e6970 |
| sig | uint __fastcall InitDatabase(longlong param_1, undefined8 * param_2) | uint __fastcall InitDatabase(longlong param_1, undefined8 * param_2) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- MetaStore::`anonymous_namespace'::MetaStore::InitDatabase called
+++ MetaStore::`anonymous_namespace'::MetaStore::InitDatabase called
@@ -10,4 +9,0 @@
-IsAsimovKillBitted
-IsEngineAlwaysSelected
-IsEngineDeterministic
-IsEngineFinalized
@@ -19 +14,0 @@
-ShouldSampleAsimovReport--- MetaStore::`anonymous_namespace'::MetaStore::InitDatabase
+++ MetaStore::`anonymous_namespace'::MetaStore::InitDatabase
@@ -1,2 +1,548 @@
-Failed to decompile mpengine.dll - .ProgramDB MetaStore::`anonymous_namespace'::MetaStore::InitDatabase : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+uint MetaStore::`anonymous_namespace'::MetaStore::InitDatabase(longlong param_1,undefined8 *param_2)
+
+{
+ LARGE_INTEGER _Memory;
+ LARGE_INTEGER _Memory_00;
+ bool bVar1;
+ char cVar2;
+ long lVar3;
+ uint uVar4;
+ DWORD DVar5;
+ BOOL BVar6;
+ int iVar7;
+ LARGE_INTEGER LVar8;
+ undefined uVar9;
+ undefined uVar10;
+ CMpCriticalSection *pCVar11;
+ PLARGE_INTEGER lpFileSize;
+ LARGE_INTEGER *pLVar12;
+ uint unaff_EDI;
+ LARGE_INTEGER LVar13;
+ char *pcVar14;
+ LARGE_INTEGER LVar15;
+ LARGE_INTEGER *pLVar16;
+ undefined uVar17;
+ LARGE_INTEGER *pLVar18;
+ LARGE_INTEGER local_res10;
+ LARGE_INTEGER local_res18;
+ uchar local_res20 [8];
+ undefined8 in_stack_fffffffffffffe58;
+ undefined4 uVar19;
+ _SECURITY_ATTRIBUTES *in_stack_fffffffffffffe68;
+ _tlgWrapSz<wchar_t> *in_stack_fffffffffffffe70;
+ uint local_108;
+ uint local_104;
+ uint local_100;
+ uint local_fc;
+ uint local_f8;
+ uint local_f4 [3];
+ char ******local_e8;
+ LARGE_INTEGER *pLStack_e0;
+ uint local_d8 [2];
+ LARGE_INTEGER local_d0;
+ LARGE_INTEGER local_c8;
+ LARGE_INTEGER local_c0;
+ undefined8 local_b8;
+ undefined8 local_b0;
+ undefined8 local_a8;
+ undefined local_a0 [8];
+ LPVOID local_98;
+ char *local_90;
+ LARGE_INTEGER local_88;
+ uchar *puStack_80;
+ LARGE_INTEGER local_78;
+ undefined8 uStack_70;
+ char ******local_68;
+ LARGE_INTEGER *pLStack_60;
+ LARGE_INTEGER local_58;
+
+ uVar19 = (undefined4)((ulonglong)in_stack_fffffffffffffe58 >> 0x20);
+ LVar8 = (LARGE_INTEGER)mpsqlite::AMSQLiteDB::getInstance();
+ local_res10.QuadPart = 0;
+ local_58 = LVar8;
+ lVar3 = CommonUtil::NewSprintfW
+ ((wchar_t **)&local_res10,L"%.*ls",(ulonglong)*(uint *)(param_2 + 1),*param_2);
+ _Memory = local_res10;
+ if (lVar3 < 0) {
+ if ((_GUID *)local_res10.QuadPart == (_GUID *)0x0) {
+ return unaff_EDI;
+ }
+ free((void *)local_res10);
+ return unaff_EDI;
+ }
+ lVar3 = CommonUtil::UtilIsDirectoryExists((wchar_t *)local_res10);
+ pLVar18 = (LARGE_INTEGER *)0xffffffffffffffff;
+ if ((lVar3 < 0) &&
+ (lVar3 = CommonUtil::UtilCreateDirectoryExImpl((wchar_t *)_Memory,0xffffffffffffffff),
+ lVar3 < 0)) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
+ WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x20,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids,(wchar_t *)_Memory,(char)lVar3);
+ }
+LAB_0:
+ if ((_GUID *)_Memory.QuadPart != (_GUID *)0x0) {
+ free((void *)_Memory);
+ }
+ return unaff_EDI;
+ }
+ local_res10.QuadPart = 0;
+ LVar15.QuadPart = (LONGLONG)&u__;
+ LVar13 = _Memory;
+ lVar3 = CommonUtil::NewSprintfW
+ ((wchar_t **)&local_res10,L"%ls%ls%.*ls",_Memory.QuadPart,&u__,
+ CONCAT44(uVar19,0xd),L"mpenginedb.db");
+ _Memory_00 = local_res10;
+ if (lVar3 < 0) {
+ if ((_GUID *)local_res10.QuadPart != (_GUID *)0x0) {
+ free((void *)local_res10);
+ }
+ goto LAB_0;
+ }
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ LVar13.QuadPart = (LONGLONG)&WPP_add94525a7fb3c99a5538222e254c516_Traceguids;
+ LVar15 = local_res10;
+ WPP_SF_S(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x21,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids,(wchar_t *)local_res10);
+ }
+ uVar4 = mpsqlite::AMSQLiteDB::Open((AMSQLiteDB *)LVar8,(wchar_t *)_Memory_00,LVar13.s.LowPart);
+ if ((int)uVar4 < 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ LVar15.s.HighPart = 0;
+ LVar15.s.LowPart = uVar4;
+ LVar13.QuadPart = (LONGLONG)&WPP_add94525a7fb3c99a5538222e254c516_Traceguids;
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x22,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids,uVar4);
+ }
+ if (uVar4 != 0x87af001a) goto LAB_1;
+ local_e8 = (char ******)0x75b0116d4;
+ pLStack_e0 = (LARGE_INTEGER *)&DAT_2;
+ pCVar11 = (CMpCriticalSection *)&local_e8;
+ lVar3 = RecreateCorruptedDb((wchar_t *)_Memory_00,pCVar11,LVar13,(_GUID *)LVar15);
+ pcVar14 = "Engine.MetaStore.SQLiteRecreate1";
+ bVar1 = ShouldLogToAsimov(false,SUB81(pCVar11,0),"Engine.MetaStore.SQLiteRecreate1");
+ if ((bVar1) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_e8,
+ g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar14);
+ if ((5 < DAT_3) && (cVar2 = _tlgKeywordOn(0x75b1d6288,0x400000000000), cVar2 != '\0'))
+ {
+ local_res10.QuadPart._0_4_ = lVar3;
+ local_c0.QuadPart = 0x75b011610;
+ local_c8.QuadPart = 0x75b0113fc;
+ local_res18.s.LowPart = *(undefined4 *)(g_aAsimov + 0x48);
+ local_d8[0] = *(uint *)(g_aAsimov + 0x44);
+ local_108 = *(uint *)(g_aAsimov + 0x40);
+ local_104 = (uint)(byte)g_aAsimov[0x3c];
+ local_100 = (uint)(byte)g_aAsimov[0x3b];
+ local_fc = (uint)(byte)g_aAsimov[0x3a];
+ local_f8 = (uint)(byte)g_aAsimov[0x39];
+ local_f4[0] = (uint)(byte)g_aAsimov[0x38];
+ local_d0 = *(LARGE_INTEGER *)(g_aAsimov + 0x30);
+ local_b8 = *(undefined8 *)(g_aAsimov + 0x28);
+ local_b0 = *(undefined8 *)(g_aAsimov + 0x20);
+ local_a8 = *(undefined8 *)(g_aAsimov + 0x18);
+ local_a0 = *(undefined (*) [8])(g_aAsimov + 0x10);
+ local_98 = *(LPVOID *)(g_aAsimov + 8);
+ local_90 = (char *)0x1000000;
+ local_78.QuadPart = (LONGLONG)&DAT_4;
+ in_stack_fffffffffffffe70 = (_tlgWrapSz<wchar_t> *)&local_a8;
+ in_stack_fffffffffffffe68 = (_SECURITY_ATTRIBUTES *)local_a0;
+ _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+ ::
+ Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>,struct__tlgWrapperByVal<4>_>
+ ((_tlgProvider_t *)g_aAsimov,&DAT_5,pcVar14,
+ (_tlgWrapperByVal<8> *)&local_78.s,(_tlgWrapperByVal<8> *)&local_90,
+ (_tlgWrapSz<wchar_t> *)&local_98,(_tlgWrapSz<wchar_t> *)in_stack_fffffffffffffe68
+ ,in_stack_fffffffffffffe70,(_tlgWrapSz<wchar_t> *)&local_b0,
+ (_tlgWrapSz<wchar_t> *)&local_b8,(_tlgWrapSz<wchar_t> *)&local_d0.s,
+ (_tlgWrapperByVal<4> *)local_f4,(_tlgWrapperByVal<4> *)&local_f8,
+ (_tlgWrapperByVal<4> *)&local_fc,(_tlgWrapperByVal<4> *)&local_100,
+ (_tlgWrapperByVal<4> *)&local_104,(_tlgWrapperByVal<4> *)&local_108,
+ (_tlgWrapperByVal<4> *)local_d8,(_tlgWrapperByVal<4> *)&local_res18.s,
+ (_tlgWrapSz<char> *)&local_c8.s,(_tlgWrapSz<char> *)&local_c0.s,
+ (_tlgWrapperByVal<4> *)&local_res10.s);
+ }
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_e8);
+ }
+ if (lVar3 < 0) goto LAB_1;
+ }
+ local_res10.QuadPart = 0;
+ local_res18.QuadPart = -1;
+ LVar13 = _Memory_00;
+ DVar5 = CommonUtil::UtilCreateFile
+ ((void **)&local_res18,(wchar_t *)_Memory_00,0x80000000,7,3,0,
+ in_stack_fffffffffffffe68,in_stack_fffffffffffffe70);
+ LVar8 = local_res18;
+ uVar9 = LVar13.s.LowPart;
+ if (-1 < (int)DVar5) {
+ local_res18.QuadPart = 0;
+ lpFileSize = &local_res18;
+ BVar6 = GetFileSizeEx((HANDLE)LVar8,lpFileSize);
+ uVar9 = SUB81(lpFileSize,0);
+ if (BVar6 == 0) {
+ DVar5 = HrGetLastFailure();
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ uVar9 = 0x19;
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x19,
+ &WPP_3e279659c93f3415c88365c2433e5f2e_Traceguids,DVar5);
+ }
+ }
+ else {
+ local_res10.s = local_res18.s;
+ DVar5 = 0;
+ }
+ }
+ if ((_GUID *)LVar8.QuadPart != (_GUID *)0xffffffffffffffff) {
+ CloseHandle((HANDLE)LVar8);
+ }
+ LVar8 = local_res10;
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ uVar9 = 0x23;
+ WPP_SF_iL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x23,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids,local_res10,(char)DVar5);
+ }
+ pcVar14 = "Engine.MetaStore.DBFileSize";
+ bVar1 = ShouldLogToAsimov(true,(bool)uVar9,"Engine.MetaStore.DBFileSize");
+ if ((bVar1) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_e8,
+ g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar14);
+ if ((5 < DAT_3) && (cVar2 = _tlgKeywordOn(0x75b1d6288,0x400000000000), cVar2 != '\0')) {
+ local_res10.s.LowPart = DVar5;
+ local_78.QuadPart = 0x75b011600;
+ local_90 = "MetaStore";
+ local_res18.s.LowPart = *(undefined4 *)(g_aAsimov + 0x48);
+ local_f4[0] = *(uint *)(g_aAsimov + 0x44);
+ local_f8 = *(uint *)(g_aAsimov + 0x40);
+ local_fc = (uint)(byte)g_aAsimov[0x3c];
+ local_100 = (uint)(byte)g_aAsimov[0x3b];
+ local_104 = (uint)(byte)g_aAsimov[0x3a];
+ local_108 = (uint)(byte)g_aAsimov[0x39];
+ local_d8[0] = (uint)(byte)g_aAsimov[0x38];
+ local_98 = *(LPVOID *)(g_aAsimov + 0x30);
+ local_a0 = *(undefined (*) [8])(g_aAsimov + 0x28);
+ local_a8 = *(undefined8 *)(g_aAsimov + 0x20);
+ local_b0 = *(undefined8 *)(g_aAsimov + 0x18);
+ local_b8 = *(undefined8 *)(g_aAsimov + 0x10);
+ local_c0 = *(LARGE_INTEGER *)(g_aAsimov + 8);
+ local_c8.QuadPart = 0x1000000;
+ local_d0.s = LVar8.s;
+ local_88.QuadPart = (LONGLONG)&DAT_4;
+ _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+ ::
+ Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>,struct__tlgWrapperByVal<4>_>
+ ((_tlgProvider_t *)g_aAsimov,&DAT_6,pcVar14,
+ (_tlgWrapperByVal<8> *)&local_88.s,(_tlgWrapperByVal<8> *)&local_d0.s,
+ (_tlgWrapperByVal<8> *)&local_c8.s,(_tlgWrapSz<wchar_t> *)&local_c0.s,
+ (_tlgWrapSz<wchar_t> *)&local_b8,(_tlgWrapSz<wchar_t> *)&local_b0,
+ (_tlgWrapSz<wchar_t> *)&local_a8,(_tlgWrapSz<wchar_t> *)local_a0,
+ (_tlgWrapSz<wchar_t> *)&local_98,(_tlgWrapperByVal<4> *)local_d8,
+ (_tlgWrapperByVal<4> *)&local_108,(_tlgWrapperByVal<4> *)&local_104,
+ (_tlgWrapperByVal<4> *)&local_100,(_tlgWrapperByVal<4> *)&local_fc,
+ (_tlgWrapperByVal<4> *)&local_f8,(_tlgWrapperByVal<4> *)local_f4,
+ (_tlgWrapperByVal<4> *)&local_res18.s,(_tlgWrapSz<char> *)&local_90,
+ (_tlgWrapSz<char> *)&local_78.s,(_tlgWrapperByVal<4> *)&local_res10.s);
+ }
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_e8);
+ }
+ local_res18.QuadPart = local_res18.QuadPart & 0xffffffffffffff00;
+ local_e8 = (char ******)0x75ae97818;
+ pLStack_e0 = (LARGE_INTEGER *)0xd;
+ local_88.QuadPart = 0x75aeab6c8;
+ puStack_80 = (uchar *)0x5;
+ pLVar16 = &local_res18;
+ pcVar14 = (char *)&local_e8;
+ LVar8 = local_58;
+ uVar4 = mpsqlite::AMSQLiteDB::ObjectExists
+ ((AMSQLiteDB *)local_58,&local_88,(undefined8 *)pcVar14,(bool *)pLVar16);
+ if ((int)uVar4 < 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x24,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids,uVar4);
+ }
+ goto LAB_1;
+ }
+ local_res10.QuadPart = local_res10.QuadPart & 0xffffffffffffff00;
+ uVar17 = local_res18.s.LowPart._0_1_;
+ uVar10 = '\0';
+ if (local_res18.s.LowPart._0_1_ != '\0') {
+ local_c0.QuadPart = 0;
+ local_c8.QuadPart = 0;
+ do {
+ pLVar12 = &local_c0;
+ uVar4 = MigrateDatabase(LVar8.QuadPart,&pLVar12->QuadPart,&local_c8.QuadPart);
+ pcVar14 = "Engine.MetaStore.SQLDbUpgrade";
+ LVar8._1_7_ = (undefined7)((ulonglong)LVar8 >> 8);
+ LVar8.s.LowPart._0_1_ = 1;
+ bVar1 = ShouldLogToAsimov(true,SUB81(pLVar12,0),"Engine.MetaStore.SQLDbUpgrade");
+ if ((bVar1) &&
+ (pLVar12 = (LARGE_INTEGER *)g_pcsAsimovLock, g_pcsAsimovLock != (CMpCriticalSection *)0x0))
+ {
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_68,
+ g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar14);
+ if (5 < DAT_3) {
+ pLVar12 = (LARGE_INTEGER *)0x0;
+ cVar2 = _tlgKeywordOn(0x75b1d6288,0x400000000000);
+ LVar8 = local_d0;
+ if (cVar2 != '\0') {
+ local_88 = local_c8;
+ local_78 = local_c0;
+ local_res18.QuadPart._0_4_ = uVar4;
+ local_f4[0] = *(uint *)(g_aAsimov + 0x48);
+ local_f8 = *(uint *)(g_aAsimov + 0x44);
+ local_fc = *(uint *)(g_aAsimov + 0x40);
+ local_100 = (uint)(byte)g_aAsimov[0x3c];
+ local_104 = (uint)(byte)g_aAsimov[0x3b];
+ local_108 = (uint)(byte)g_aAsimov[0x3a];
+ local_d8[0] = (uint)(byte)g_aAsimov[0x39];
+ local_d0.s.LowPart._1_3_ = 0;
+ local_d0.s.LowPart._0_1_ = g_aAsimov[0x38];
+ local_d0.s.HighPart = LVar8.s.HighPart;
+ local_90 = *(char **)(g_aAsimov + 0x30);
+ local_98 = *(LPVOID *)(g_aAsimov + 0x28);
+ local_a0 = *(undefined (*) [8])(g_aAsimov + 0x20);
+ local_a8 = *(undefined8 *)(g_aAsimov + 0x18);
+ local_b0 = *(undefined8 *)(g_aAsimov + 0x10);
+ local_b8 = *(undefined8 *)(g_aAsimov + 8);
+ local_e8 = (char ******)0x1000000;
+ pLVar12 = (LARGE_INTEGER *)&DAT_7;
+ _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteTransfer_EventWriteTransfer(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,struct__GUID_const*___ptr64,struct__GUID_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),struct__GUID_const*___ptr64,struct__GUID_const*___ptr64>
+ ::
+ Write<struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>_>
+ ((_tlgProvider_t *)g_aAsimov,&DAT_7,(_GUID *)pcVar14,
+ (_GUID *)&pLVar16->s,(_tlgWrapperByVal<8> *)&local_e8,
+ (_tlgWrapSz<wchar_t> *)&local_b8,(_tlgWrapSz<wchar_t> *)&local_b0,
+ (_tlgWrapSz<wchar_t> *)&local_a8,(_tlgWrapSz<wchar_t> *)local_a0,
+ (_tlgWrapSz<wchar_t> *)&local_98,(_tlgWrapSz<wchar_t> *)&local_90,
+ (_tlgWrapperByVal<4> *)&local_d0.s,(_tlgWrapperByVal<4> *)local_d8,
+ (_tlgWrapperByVal<4> *)&local_108,(_tlgWrapperByVal<4> *)&local_104,
+ (_tlgWrapperByVal<4> *)&local_100,(_tlgWrapperByVal<4> *)&local_fc,
+ (_tlgWrapperByVal<4> *)&local_f8,(_tlgWrapperByVal<4> *)local_f4,
+ (_tlgWrapperByVal<4> *)&local_res18.s,(_tlgWrapperByVal<8> *)&local_78.s,
+ (_tlgWrapperByVal<8> *)&local_88.s);
+ }
+ }
+ LVar8.QuadPart = (LONGLONG)&local_68;
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)LVar8);
+ }
+ } while ((-1 < (int)uVar4) && ((ulonglong)local_c0 < (ulonglong)local_c8));
+ pcVar14 = "Engine.MetaStore.SQLiteUpgrade";
+ bVar1 = ShouldLogToAsimov(false,SUB81(pLVar12,0),"Engine.MetaStore.SQLiteUpgrade");
+ if ((bVar1) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_68,
+ g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar14);
+ if ((5 < DAT_3) && (cVar2 = _tlgKeywordOn(0x75b1d6288,0x400000000000), cVar2 != '\0'))
+ {
+ local_res18.QuadPart._0_4_ = uVar4;
+ local_e8 = (char ******)0x75b011658;
+ local_88.QuadPart = 0x75b0113fc;
+ local_d0.s.LowPart = *(undefined4 *)(g_aAsimov + 0x48);
+ local_f4[0] = *(uint *)(g_aAsimov + 0x44);
+ local_f8 = *(uint *)(g_aAsimov + 0x40);
+ local_fc = (uint)(byte)g_aAsimov[0x3c];
+ local_100 = (uint)(byte)g_aAsimov[0x3b];
+ local_104 = (uint)(byte)g_aAsimov[0x3a];
+ local_108 = (uint)(byte)g_aAsimov[0x39];
+ local_d8[0] = (uint)(byte)g_aAsimov[0x38];
+ local_78 = *(LARGE_INTEGER *)(g_aAsimov + 0x30);
+ local_90 = *(char **)(g_aAsimov + 0x28);
+ local_98 = *(LPVOID *)(g_aAsimov + 0x20);
+ local_a0 = *(undefined (*) [8])(g_aAsimov + 0x18);
+ local_a8 = *(undefined8 *)(g_aAsimov + 0x10);
+ local_b0 = *(undefined8 *)(g_aAsimov + 8);
+ local_b8 = 0x1000000;
+ local_c8.QuadPart = (LONGLONG)&DAT_4;
+ pLVar16 = &local_c8;
+ _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+ ::
+ Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>,struct__tlgWrapperByVal<4>_>
+ ((_tlgProvider_t *)g_aAsimov,&DAT_5,pcVar14,
+ (_tlgWrapperByVal<8> *)&pLVar16->s,(_tlgWrapperByVal<8> *)&local_b8,
+ (_tlgWrapSz<wchar_t> *)&local_b0,(_tlgWrapSz<wchar_t> *)&local_a8,
+ (_tlgWrapSz<wchar_t> *)local_a0,(_tlgWrapSz<wchar_t> *)&local_98,
+ (_tlgWrapSz<wchar_t> *)&local_90,(_tlgWrapSz<wchar_t> *)&local_78.s,
+ (_tlgWrapperByVal<4> *)local_d8,(_tlgWrapperByVal<4> *)&local_108,
+ (_tlgWrapperByVal<4> *)&local_104,(_tlgWrapperByVal<4> *)&local_100,
+ (_tlgWrapperByVal<4> *)&local_fc,(_tlgWrapperByVal<4> *)&local_f8,
+ (_tlgWrapperByVal<4> *)local_f4,(_tlgWrapperByVal<4> *)&local_d0.s,
+ (_tlgWrapSz<char> *)&local_88.s,(_tlgWrapSz<char> *)&local_e8,
+ (_tlgWrapperByVal<4> *)&local_res18.s);
+ }
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_68);
+ }
+ if ((int)uVar4 < 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ pLVar16 = (LARGE_INTEGER *)(ulonglong)uVar4;
+ pcVar14 = &WPP_add94525a7fb3c99a5538222e254c516_Traceguids;
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x25,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids,uVar4);
+ }
+ uVar17 = '\0';
+ local_res10.s.LowPart._0_1_ = 1;
+ uVar10 = '\x01';
+ }
+ else {
+ uVar10 = local_res10.s.LowPart._0_1_;
+ }
+ }
+ local_res20[0] = '\0';
+ if (uVar17 == '\0') {
+LAB_8:
+ if (uVar10 != '\0') goto LAB_9;
+ }
+ else {
+ local_88 = local_58;
+ puStack_80 = local_res20;
+ local_78.QuadPart = 0;
+ uStack_70 = 0;
+ local_68 = (char ******)0x75b011648;
+ pLStack_60 = (LARGE_INTEGER *)0xa;
+ local_e8 = (char ******)&local_68;
+ pLStack_e0 = &local_78;
+ iVar7 = CommonUtil::
+ MpCatchAll<<lambda_bfa99e477510eb7099c1243a78eee94d>,<lambda_6d3eef408c3317a7786beb1964030834>_>
+ (&local_88,(longlong *)&local_e8);
+ local_res18.s.LowPart = iVar7;
+ if (iVar7 < 0) {
+ if ((_GUID *)_Memory_00.QuadPart != (_GUID *)0x0) {
+ free((void *)_Memory_00);
+ }
+ if ((_GUID *)_Memory.QuadPart == (_GUID *)0x0) {
+ return unaff_EDI;
+ }
+ free((void *)_Memory);
+ return unaff_EDI;
+ }
+ if (local_res20[0] == '\0') {
+ uVar10 = local_res10.s.LowPart._0_1_;
+ goto LAB_8;
+ }
+LAB_9:
+ local_e8 = (char ******)"TableCheck";
+ if (local_res20[0] == '\0') {
+ local_e8 = (char ******)0x75b011598;
+ }
+ do {
+ pLVar18 = (LARGE_INTEGER *)((longlong)pLVar18 + 1);
+ } while (*(_tlgWrapperByVal<8> *)((longlong)local_e8 + (longlong)pLVar18) !=
+ (_tlgWrapperByVal<8>)0x0);
+ pCVar11 = (CMpCriticalSection *)&local_68;
+ pLStack_e0 = pLVar18;
+ local_68 = local_e8;
+ pLStack_60 = pLVar18;
+ lVar3 = RecreateCorruptedDb((wchar_t *)_Memory_00,pCVar11,pcVar14,(_GUID *)&pLVar16->s);
+ pcVar14 = "Engine.MetaStore.SQLiteRecreate2";
+ bVar1 = ShouldLogToAsimov(false,SUB81(pCVar11,0),"Engine.MetaStore.SQLiteRecreate2");
+ if ((bVar1) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_68,
+ g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar14);
+ if ((5 < DAT_3) && (cVar2 = _tlgKeywordOn(0x75b1d6288,0x400000000000), cVar2 != '\0'))
+ {
+ local_res10.QuadPart._0_4_ = lVar3;
+ local_e8 = (char ******)0x75b011560;
+ local_88.QuadPart = 0x75b0113fc;
+ local_res18.s.LowPart = *(undefined4 *)(g_aAsimov + 0x48);
+ local_d0.s.LowPart = *(undefined4 *)(g_aAsimov + 0x44);
+ local_f4[0] = *(uint *)(g_aAsimov + 0x40);
+ local_f8 = (uint)(byte)g_aAsimov[0x3c];
+ local_fc = (uint)(byte)g_aAsimov[0x3b];
+ local_100 = (uint)(byte)g_aAsimov[0x3a];
+ local_104 = (uint)(byte)g_aAsimov[0x39];
+ local_108 = (uint)(byte)g_aAsimov[0x38];
+ local_78 = *(LARGE_INTEGER *)(g_aAsimov + 0x30);
+ local_90 = *(char **)(g_aAsimov + 0x28);
+ local_98 = *(LPVOID *)(g_aAsimov + 0x20);
+ local_a0 = *(undefined (*) [8])(g_aAsimov + 0x18);
+ local_a8 = *(undefined8 *)(g_aAsimov + 0x10);
+ local_b0 = *(undefined8 *)(g_aAsimov + 8);
+ local_b8 = 0x1000000;
+ local_c0.QuadPart = (LONGLONG)&DAT_4;
+ pLVar16 = &local_c0;
+ _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+ ::
+ Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>,struct__tlgWrapperByVal<4>_>
+ ((_tlgProvider_t *)g_aAsimov,&DAT_5,pcVar14,
+ (_tlgWrapperByVal<8> *)&pLVar16->s,(_tlgWrapperByVal<8> *)&local_b8,
+ (_tlgWrapSz<wchar_t> *)&local_b0,(_tlgWrapSz<wchar_t> *)&local_a8,
+ (_tlgWrapSz<wchar_t> *)local_a0,(_tlgWrapSz<wchar_t> *)&local_98,
+ (_tlgWrapSz<wchar_t> *)&local_90,(_tlgWrapSz<wchar_t> *)&local_78.s,
+ (_tlgWrapperByVal<4> *)&local_108,(_tlgWrapperByVal<4> *)&local_104,
+ (_tlgWrapperByVal<4> *)&local_100,(_tlgWrapperByVal<4> *)&local_fc,
+ (_tlgWrapperByVal<4> *)&local_f8,(_tlgWrapperByVal<4> *)local_f4,
+ (_tlgWrapperByVal<4> *)&local_d0.s,(_tlgWrapperByVal<4> *)&local_res18.s,
+ (_tlgWrapSz<char> *)&local_88.s,(_tlgWrapSz<char> *)&local_e8,
+ (_tlgWrapperByVal<4> *)&local_res10.s);
+ }
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ ((CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *)&local_68);
+ }
+ if (lVar3 < 0) goto LAB_1;
+ uVar17 = '\0';
+ }
+ if (uVar17 == '\0') {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ pcVar14 = &WPP_add94525a7fb3c99a5538222e254c516_Traceguids;
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x26,
+ &WPP_add94525a7fb3c99a5538222e254c516_Traceguids);
+ }
+ local_res10 = local_58;
+ local_88.QuadPart = 0;
+ puStack_80 = (uchar *)0x0;
+ local_68 = (char ******)0x75b011550;
+ pLStack_60 = (LARGE_INTEGER *)0xb;
+ local_e8 = (char ******)&local_68;
+ pLStack_e0 = &local_88;
+ iVar7 = CommonUtil::
+ MpCatchAll<<lambda_3e4d7ff58608373799b3a107c3518776>,<lambda_b453f5373976d511f98ae2d4003bbaf1>_>
+ (&local_res10,(longlong *)&local_e8,pcVar14,(ulonglong *)&pLVar16->QuadPart);
+ if (iVar7 < 0) {
+LAB_1:
+ if ((_GUID *)_Memory_00.QuadPart != (_GUID *)0x0) {
+ free((void *)_Memory_00);
+ }
+ if ((_GUID *)_Memory.QuadPart == (_GUID *)0x0) {
+ return unaff_EDI;
+ }
+ free((void *)_Memory);
+ return unaff_EDI;
+ }
+ }
+ std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
+ operator=((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_> *
+ )(param_1 + 0x108),(wchar_t *)_Memory_00);
+ if ((_GUID *)_Memory_00.QuadPart != (_GUID *)0x0) {
+ free((void *)_Memory_00);
+ }
+ if ((_GUID *)_Memory.QuadPart == (_GUID *)0x0) {
+ return unaff_EDI;
+ }
+ free((void *)_Memory);
+ return unaff_EDI;
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address |
| ratio | 0.19 |
| i_ratio | 0.27 |
| m_ratio | 0.58 |
| b_ratio | 0.67 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | MergeFlags | MergeFlags |
| fullname | MergeFlags | MergeFlags |
| refcount | 1 | 1 |
length |
55 | 103 |
| called | ||
| calling | ProcessAdditionalActions | ProcessAdditionalActions |
| paramcount | 3 | 3 |
address |
75a8805ac | 75a845624 |
| sig | uint * __fastcall MergeFlags(uint * param_1, undefined8 param_2, undefined8 param_3) | uint * __fastcall MergeFlags(uint * param_1, undefined8 param_2, undefined8 param_3) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- MergeFlags
+++ MergeFlags
@@ -1,38 +1,13 @@
-/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
- guard_dispatch_icall */
-
-uint * MergeFlags(uint *param_1,undefined8 param_2,undefined8 param_3)
+uint * MergeFlags(uint *param_1,ulonglong param_2,ulonglong param_3)
{
- char *pcVar1;
- undefined8 *puVar2;
- ulonglong unaff_RBX;
- longlong unaff_RBP;
- wchar_t *in_R9;
- HANDLE unaff_R12;
- void *unaff_R15;
+ uint uVar1;
- pcVar1 = (char *)((unaff_RBX - 0x38) + (longlong)param_1 * 4);
- *pcVar1 = *pcVar1 + (char)param_1;
- WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),(undefined2)param_2,param_3,in_R9,
- (char)unaff_RBX);
- if (*(longlong **)(unaff_RBP + -0x31) != (longlong *)0x0) {
- (**(code **)(**(longlong **)(unaff_RBP + -0x31) + 0x30))();
- puVar2 = *(undefined8 **)(unaff_RBP + -0x31);
- if (puVar2 != (undefined8 *)0x0) {
- (**(code **)*puVar2)(puVar2,1);
- }
- }
- if (unaff_R15 != (void *)0x0) {
- free(unaff_R15);
- }
- if (unaff_R12 != (HANDLE)0xffffffffffffffff) {
- CloseHandle(unaff_R12);
- }
- if (*(PVOID *)(unaff_RBP + -9) != (PVOID)0x0) {
- CloseEncryptedFileRaw(*(PVOID *)(unaff_RBP + -9));
- }
- return (uint *)(unaff_RBX & 0xffffffff);
+ uVar1 = (uint)((param_2 | param_3) >> 0x20);
+ *param_1 = (uint)(param_2 | param_3) & 0x3f47fff;
+ param_1[1] = uVar1 & 0x10 ^ (uVar1 & 2 ^ (param_1[1] & 0xfffff000 | uVar1 & 0x100) | uVar1 & 0x40)
+ | uVar1 & 0x800;
+ return param_1;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.03 |
| i_ratio | 0.2 |
| m_ratio | 0.87 |
| b_ratio | 0.87 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | LoadAllowedPUAFiles | LoadAllowedPUAFiles |
| fullname | LoadAllowedPUAFiles | LoadAllowedPUAFiles |
| refcount | 2 | 2 |
length |
925 | 926 |
called |
Expand for full list:KERNEL32.DLL::GetCurrentProcess |
Expand for full list:KERNEL32.DLL::GetCurrentProcess |
| calling | PUA_appmap_init_module | PUA_appmap_init_module |
| paramcount | 1 | 1 |
address |
75a73fb9c | 75a6f56c8 |
| sig | bool __cdecl LoadAllowedPUAFiles(MP_ERROR * param_1) | bool __cdecl LoadAllowedPUAFiles(MP_ERROR * param_1) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- LoadAllowedPUAFiles called
+++ LoadAllowedPUAFiles called
@@ -4 +4 @@
-AttributeMap::GetAttribute<struct_ValueInfo::DataBlob,&public:_struct_ValueInfo::DataBlob___cdecl_ValueInfo::Blob(void)const___ptr64,8>
+AttributeMap::GetAttribute<char>--- LoadAllowedPUAFiles
+++ LoadAllowedPUAFiles
@@ -1,10 +1,191 @@
-/* WARNING: Control flow encountered bad instruction data */
+/* bool __cdecl LoadAllowedPUAFiles(enum MP_ERROR & __ptr64) */
bool __cdecl LoadAllowedPUAFiles(MP_ERROR *param_1)
{
- /* WARNING: Bad instruction - Truncating control flow here */
- halt_baddata();
+ long lVar1;
+ DbErrorT DVar2;
+ MP_ERROR MVar3;
+ HANDLE pvVar4;
+ AttributeMap *pAVar5;
+ uint in_EDX;
+ uint uVar6;
+ uint *puVar7;
+ bool bVar8;
+ AttributeMap *local_res10;
+ AttributeMap *local_res18;
+ uint *local_res20;
+ __uint64 local_38;
+ undefined *local_30;
+ char local_28 [8];
+ MP_ERROR *local_20 [2];
+
+ *param_1 = 0;
+ local_28[0] = '\0';
+ local_20[0] = param_1;
+ if (g_AllowedPUAFiles == (CAllowedPUAFiles *)0x0) {
+ local_res10 = (AttributeMap *)operator_new(0x88);
+ g_AllowedPUAFiles =
+ (CAllowedPUAFiles *)CAllowedPUAFiles::CAllowedPUAFiles((CAllowedPUAFiles *)local_res10);
+ if (gPersObjectsLT == (AttributeDatabase *)0x0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x1b,
+ &WPP_ac129fbe5f0535b45e607951c1023c50_Traceguids);
+ }
+ pvVar4 = GetCurrentProcess();
+ uVar6 = 6;
+ WrapperSetProcessInformation(pvVar4,6,&PTR_s_Defender_Engine_PUA_XclLoad_Use_75b1d97a8,0x18);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ bVar8 = true;
+ }
+ else {
+ local_res10 = (AttributeMap *)0x0;
+ local_res18 = (AttributeMap *)operator_new(0x50);
+ pAVar5 = (AttributeMap *)AttributeMap::AttributeMap(local_res18);
+ if (pAVar5 != (AttributeMap *)0x0) {
+ LOCK();
+ *(int *)(pAVar5 + 8) = *(int *)(pAVar5 + 8) + 1;
+ UNLOCK();
+ }
+ local_38 = 0x10;
+ local_30 = &DAT_0;
+ uVar6 = 0x5ae95e58;
+ local_res18 = pAVar5;
+ lVar1 = AttributeMap::SetAttribute<struct_ValueInfo::DataBlob>
+ (pAVar5,L"Id",(DataBlob *)&local_38);
+ if (lVar1 < 0) {
+ *param_1 = 0x8007;
+ if (pAVar5 != (AttributeMap *)0x0) {
+ CommonUtil::CRefObject::Release((CRefObject *)pAVar5);
+ }
+ <lambda_ab7c58f60a7263bb65ecba288a4b1b48>::operator()(local_20,uVar6);
+ bVar8 = false;
+ }
+ else {
+ DVar2 = AttributeDatabase::Get(gPersObjectsLT,pAVar5,&local_res10);
+ uVar6 = (uint)pAVar5;
+ if (DVar2 == 1) {
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res18);
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res10);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ bVar8 = true;
+ }
+ else if (DVar2 == 0) {
+ local_res20 = (uint *)0x0;
+ local_38 = 0;
+ pAVar5 = local_res10;
+ lVar1 = AttributeMap::GetAttribute<char>
+ (local_res10,L"AllowInfo",(char **)&local_res20,&local_38);
+ if (lVar1 < 0) {
+ pvVar4 = GetCurrentProcess();
+ uVar6 = 6;
+ WrapperSetProcessInformation
+ (pvVar4,6,&PTR_s_Defender_Engine_PUA_XclLoad_Att_75b1d97c0,0x18);
+ *param_1 = 0xa004;
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res18);
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res10);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ bVar8 = true;
+ }
+ else if (local_38 == *local_res20) {
+ puVar7 = local_res20 + 1;
+ bVar8 = CAllowedPUAFiles::Deserialize
+ ((CAllowedPUAFiles *)pAVar5,(uchar *)puVar7,(ulong)local_38);
+ uVar6 = (uint)puVar7;
+ if (bVar8) {
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res18);
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res10);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ bVar8 = true;
+ }
+ else {
+ pvVar4 = GetCurrentProcess();
+ uVar6 = 6;
+ WrapperSetProcessInformation
+ (pvVar4,6,&PTR_s_Defender_Engine_PUA_XclLoad_Des_75b1d9880,0x18);
+ *param_1 = 0xa004;
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res18);
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res10);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ bVar8 = true;
+ }
+ }
+ else {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x1d,
+ &WPP_ac129fbe5f0535b45e607951c1023c50_Traceguids);
+ }
+ pvVar4 = GetCurrentProcess();
+ uVar6 = 6;
+ WrapperSetProcessInformation
+ (pvVar4,6,&PTR_s_Defender_Engine_PUA_XclLoad_Bad_75b1d9820,0x18);
+ *param_1 = 0xa004;
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res18);
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res10);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ bVar8 = true;
+ }
+ }
+ else {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x1c,
+ &WPP_ac129fbe5f0535b45e607951c1023c50_Traceguids,DVar2);
+ }
+ pvVar4 = GetCurrentProcess();
+ uVar6 = 6;
+ WrapperSetProcessInformation
+ (pvVar4,6,&PTR_s_Defender_Engine_PUA_XclLoad_DBE_75b1d9790,0x18);
+ MVar3 = GetMpErrorFromDbError(DVar2);
+ *param_1 = MVar3;
+ bVar8 = MVar3 != 0x8007;
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res18);
+ CommonUtil::AutoRef<class_ThrottlingAgent::CompletedOverlapped>::
+ ~AutoRef<class_ThrottlingAgent::CompletedOverlapped>
+ ((AutoRef<class_ThrottlingAgent::CompletedOverlapped> *)&local_res10);
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,uVar6);
+ }
+ }
+ }
+ }
+ else {
+ di::TelemetryAssert::AssertTriggeredNoArgs();
+ CommonUtil::ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>::
+ ~ScopeGuardImpl<<lambda_ab7c58f60a7263bb65ecba288a4b1b48>_>(local_28,in_EDX);
+ bVar8 = true;
+ }
+ return bVar8;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.04 |
| i_ratio | 0.47 |
| m_ratio | 0.73 |
| b_ratio | 0.72 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | SetTainted | SetTainted |
| fullname | ProcessContext::SetTainted | ProcessContext::SetTainted |
| refcount | 6 | 6 |
length |
2784 | 2864 |
called |
Expand for full list:KERNEL32.DLL::LeaveCriticalSection |
Expand for full list:KERNEL32.DLL::EnterCriticalSection |
| calling | HandleThreatDetection PerformDetectionActions SetTaintedProcess SignatureHandler::HandleNotification UpdateStateDueToRemoteAddressSpaceAccess |
HandleThreatDetection PerformDetectionActions SetTaintedProcess SignatureHandler::HandleNotification UpdateStateDueToRemoteAddressSpaceAccess |
| paramcount | 7 | 7 |
address |
75a28f170 | 75a39e0bc |
| sig | void __thiscall SetTainted(ProcessContext * this, __uint64 param_1, wchar_t * param_2, bool param_3, ulong param_4, wchar_t * param_5, __uint64 * param_6) | void __thiscall SetTainted(ProcessContext * this, __uint64 param_1, wchar_t * param_2, bool param_3, ulong param_4, wchar_t * param_5, __uint64 * param_6) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- ProcessContext::SetTainted called
+++ ProcessContext::SetTainted called
@@ -1,2 +1,2 @@
-<lambda_a1788039a02254a39e8531cd0cb9385a>::<lambda_a1788039a02254a39e8531cd0cb9385a>
-<lambda_c1629c1746b2dbcba0c8457c346a01bb>::operator()
+<lambda_595085824d08cda4faca7aba254da0d7>::operator()
+<lambda_eaaa39a20be2fbe6a7fa4347c42c8e0b>::<lambda_eaaa39a20be2fbe6a7fa4347c42c8e0b>
@@ -4,0 +5 @@
+BmInternalInfo::AddProcessInfo--- ProcessContext::SetTainted
+++ ProcessContext::SetTainted
@@ -1,95 +1,378 @@
/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
guard_dispatch_icall */
+/* public: void __cdecl ProcessContext::SetTainted(unsigned __int64,wchar_t const *
+ __ptr64,bool,unsigned long,wchar_t const * __ptr64,unsigned __int64 const & __ptr64) __ptr64 */
void __thiscall
-CommonUtil::CRefObjectFor<class_ILuaStandaloneLibrary>::SetTainted
+ProcessContext::SetTainted
(ProcessContext *this,__uint64 param_1,wchar_t *param_2,bool param_3,ulong param_4,
wchar_t *param_5,__uint64 *param_6)
{
- uint uVar1;
- char *in_RAX;
- ulonglong uVar2;
- ulonglong unaff_RBX;
- longlong unaff_RBP;
- longlong unaff_RSI;
- uint unaff_EDI;
- uint uVar3;
- longlong lVar4;
- undefined7 in_register_00000089;
- longlong lVar5;
- uint *puVar6;
- _Ref_count_base *unaff_R12;
- longlong *unaff_R13;
- uint *unaff_R14;
- _Ref_count_base *unaff_R15;
+ longlong *plVar1;
+ code *pcVar2;
+ wchar_t *_Memory;
+ bool bVar3;
+ char cVar4;
+ MPENG_INTERNAL_FILE_FLAGS MVar5;
+ int iVar6;
+ MpHipsRuleState_t MVar7;
+ ulong uVar8;
+ ulonglong uVar9;
+ ulonglong uVar10;
+ undefined uVar11;
+ undefined2 uVar12;
+ ulonglong uVar13;
+ __uint64 *p_Var14;
+ MPENG_INTERNAL_FILE_FLAGS MVar16;
+ ulonglong uVar17;
+ short sVar18;
+ wchar_t *pwVar19;
+ char *pcVar20;
+ wchar_t *pwVar21;
+ MPENG_INTERNAL_FILE_FLAGS MVar22;
+ wchar_t *pwVar23;
+ undefined auStackY_478 [32];
+ wchar_t *in_stack_fffffffffffffba8;
+ uint in_stack_fffffffffffffbb0;
+ uint local_3b8 [2];
+ wchar_t *local_3b0;
+ undefined8 local_3a8;
+ undefined4 local_3a0;
+ wchar_t *local_398;
+ __uint64 local_390;
+ undefined4 local_388;
+ undefined4 local_384;
+ uint local_380;
+ uint local_37c;
+ uint local_378 [2];
+ ProcessContext *local_370;
+ wchar_t *local_368;
+ LPCRITICAL_SECTION local_360;
+ undefined local_358;
+ char *local_350;
+ char *local_348;
+ undefined8 local_340;
+ undefined8 local_338;
+ undefined8 local_330;
+ undefined8 local_328;
+ undefined8 local_320;
+ undefined8 local_318;
+ undefined8 local_310;
+ __uint64 local_308;
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> local_300 [24];
+ BmInternalInfo local_2e8 [160];
+ wchar_t local_248 [260];
+ ulonglong local_40;
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor> *pCVar15;
- lVar5 = CONCAT71(in_register_00000089,param_3);
- *in_RAX = *in_RAX + (char)in_RAX;
- puVar6 = unaff_R14;
- if (*(longlong *)(unaff_RBP + -0x49) == 0) {
- uVar2 = unaff_RBX >> 3;
+ local_40 = __security_cookie ^ (ulonglong)auStackY_478;
+ local_368 = param_5;
+ uVar17 = 0;
+ local_3b0 = param_2;
+ local_390 = param_1;
+ local_370 = this;
+ if ((param_1 == 0) || (param_1 == 7)) goto LAB_0;
+ if (param_1 == 9) {
+ if (param_2 != (wchar_t *)0x0) {
+ AddRelatedFile(this,param_2,0x19,0);
+ }
+ goto LAB_0;
+ }
+ if (param_1 == 1) {
+ this[0x9cb] = (ProcessContext)0x1;
+ }
+ else if (this[0x9cc] == (ProcessContext)0x0) {
+ ReportTaintedProcess(this,param_1);
+ this[0x9cc] = (ProcessContext)0x1;
+ }
+ MVar16 = 0;
+ local_398 = (wchar_t *)0x0;
+ MVar5 = GetDosImagePath(this,&local_398);
+ MVar22 = MVar5;
+ if ((((int)MVar5 < 0) &&
+ (MVar22 = MVar16, (undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x82,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,MVar5);
+ }
+ _Memory = local_398;
+ if ((((byte)Microsoft_Antimalware_EngineEnableBits & 1) != 0) || (g_SyncPLIEnabled != false)) {
+ in_stack_fffffffffffffba8 = L"n/a";
+ if (local_398 != (wchar_t *)0x0) {
+ in_stack_fffffffffffffba8 = local_398;
+ }
+ pwVar23 = local_3b0;
+ if (local_3b0 == (wchar_t *)0x0) {
+ pwVar23 = L"n/a";
+ }
+ McTemplateU0xzz_MPEventWriteTransfer(local_3b0,L"n/a",param_1,pwVar23,in_stack_fffffffffffffba8)
+ ;
+ }
+ pwVar23 = local_3b0;
+ if (param_1 == 1) {
+ local_3b8[0] = 0x10;
+ MVar5 = 0xf;
+ }
+ else if (((param_1 == 2) || (param_1 == 3)) ||
+ ((param_1 == 4 || (((param_1 == 5 || (param_1 == 6)) || (param_1 == 8)))))) {
+ local_3b8[0] = 8;
+ MVar5 = (-(uint)param_3 & 0x1a) + 1;
+ }
+ else if (param_1 == 9) {
+ local_3b8[0] = 0x40;
+ MVar5 = 0x19;
}
else {
- lVar4 = 4 - *(longlong *)(unaff_RBP + -0x49);
- uVar2 = unaff_RBX - lVar4;
- lVar5 = (unaff_RBX - (uVar2 & 0xfffffffffffffff8)) - lVar4;
- if (lVar4 != 0) {
- do {
- unaff_EDI = unaff_EDI >> 8 ^
- (&CRC32_Table)[((ulonglong)unaff_EDI ^ (ulonglong)*(byte *)puVar6) & 0xff];
- puVar6 = (uint *)((longlong)puVar6 + 1);
- lVar4 = lVar4 + -1;
- } while (lVar4 != 0);
- unaff_RSI = *(longlong *)(unaff_RBP + -0x51);
- unaff_R12 = *(_Ref_count_base **)(unaff_RBP + -0x61);
- }
- uVar2 = uVar2 >> 3;
- if (uVar2 == 0) goto LAB_0;
- }
+ local_3b8[0] = 0x20;
+ MVar5 = MVar16;
+ }
+ if (local_3b0 != (wchar_t *)0x0) {
+ if ((MVar5 < 0x1c) && ((0xa008002U >> (MVar5 & 0x1f) & 1) != 0)) {
+ AddRelatedFile(this,local_3b0,MVar5,0);
+ }
+ else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_I(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x83,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,param_1);
+ pwVar23 = local_3b0;
+ }
+ }
+ local_360 = (LPCRITICAL_SECTION)(this + 0x468);
+ EnterCriticalSection(local_360);
+ local_358 = 1;
+ *(uint *)(this + 0x798) = *(uint *)(this + 0x798) | local_3b8[0];
+ sVar18 = (short)param_1;
+ local_3b8[0] = CONCAT22(local_3b8[0]._2_2_,sVar18);
+ uVar13 = 0xcbf29ce484222325;
+ uVar10 = uVar17;
do {
- uVar3 = unaff_EDI ^ *puVar6;
- uVar1 = puVar6[1];
- unaff_EDI = *(uint *)(&DAT_1 + (ulonglong)(byte)(uVar3 >> 8) * 4) ^
- (&DAT_2)[(byte)(uVar1 >> 8)] ^ (&DAT_75af0d110)[(byte)(uVar1 >> 0x10)] ^
- *(uint *)(&DAT_3 + (ulonglong)(byte)(uVar3 >> 0x10) * 4) ^
- *(uint *)(&DAT_4 + (ulonglong)(uVar3 >> 0x18) * 4) ^
- (&CRC32_Table)[uVar1 >> 0x18] ^
- *(uint *)(&DAT_5 + (ulonglong)(uVar3 & 0xff) * 4) ^
- *(uint *)(&DAT_6 + (ulonglong)(uVar1 & 0xff) * 4);
- puVar6 = puVar6 + 2;
- uVar2 = uVar2 - 1;
- } while (uVar2 != 0);
- unaff_R12 = *(_Ref_count_base **)(unaff_RBP + -0x61);
- unaff_R13 = *(longlong **)(unaff_RBP + -0x31);
+ uVar13 = (uVar13 ^ *(byte *)((longlong)local_3b8 + uVar10)) * 0x100000001b3;
+ uVar10 = uVar10 + 1;
+ } while (uVar10 < 2);
+ uVar10 = *(ulonglong *)
+ (*(longlong *)(this + 0x440) + 8 + (*(ulonglong *)(this + 0x458) & uVar13) * 0x10);
+ uVar9 = uVar17;
+ if (uVar10 != *(ulonglong *)(this + 0x430)) {
+ for (; (uVar9 = uVar10, sVar18 != *(short *)(uVar10 + 0x10) &&
+ (uVar9 = uVar17,
+ uVar10 != *(ulonglong *)
+ (*(longlong *)(this + 0x440) + (*(ulonglong *)(this + 0x458) & uVar13) * 0x10)
+ )); uVar10 = *(ulonglong *)(uVar10 + 8)) {
+ }
+ }
+ if ((uVar9 == 0) || (uVar9 == *(ulonglong *)(this + 0x430))) {
+ <lambda_eaaa39a20be2fbe6a7fa4347c42c8e0b>::<lambda_eaaa39a20be2fbe6a7fa4347c42c8e0b>
+ (&local_3b0,this);
+ p_Var14 = param_6;
+ pwVar19 = local_368;
+ if (*param_6 == 0) {
+ p_Var14 = &local_390;
+ pwVar19 = (wchar_t *)(-(ulonglong)(pwVar23 != (wchar_t *)0x0) & (ulonglong)pwVar23);
+ }
+ <lambda_595085824d08cda4faca7aba254da0d7>::operator()
+ ((longlong *)&local_3b0,(longlong *)p_Var14,pwVar19);
+ pwVar19 = pwVar23;
+ if (pwVar23 == (wchar_t *)0x0) {
+ pwVar19 = L"";
+ }
+ uVar8 = in_stack_fffffffffffffbb0 & 0xffffff00;
+ BmInternalInfo::BmInternalInfo
+ (local_2e8,0x14,pwVar19,(wchar_t *)0x0,in_stack_fffffffffffffba8,false);
+ if ((param_1 < 0xb) || (param_1 == 999)) {
+ iVar6 = BmInternalInfo::AddBehavior(local_2e8,L"TaintType",param_1,(wchar_t *)0x0,0,uVar8);
+ }
+ else {
+ get_threat_nameW((ulonglong)param_4,local_248);
+ iVar6 = BmInternalInfo::AddBehavior(local_2e8,L"TaintType",local_248,(wchar_t *)0x0,0,0);
+ }
+ if (iVar6 < 0) {
+ MVar22 = MVar16;
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ uVar12 = 0x88;
+LAB_1:
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar12,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,iVar6);
+ MVar22 = MVar16;
+ }
+ }
+ else {
+ iVar6 = BmInternalInfo::AddProcessInfo
+ (local_2e8,*(_FILETIME *)(this + 0x198),*(ulong *)(this + 0x1a0),0);
+ if (iVar6 < 0) {
+ MVar22 = MVar16;
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ uVar12 = 0x87;
+ goto LAB_1;
+ }
+ }
+ else {
+ MVar5 = BmInternalInfo::Send(local_2e8);
+ MVar22 = MVar5;
+ if ((((int)MVar5 < 0) &&
+ (MVar22 = MVar16, (undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x86,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,MVar5);
+ }
+ local_3b8[0] = CONCAT22(local_3b8[0]._2_2_,sVar18);
+ std::
+ _Hash<class_std::_Uset_traits<unsigned_short,class_std::_Uhash_compare<unsigned_short,struct_std::hash<unsigned_short>,struct_std::equal_to<unsigned_short>_>,class_std::allocator<unsigned_short>,0>_>
+ ::emplace<unsigned_short>
+ ((_Hash<class_std::_Uset_traits<unsigned_short,class_std::_Uhash_compare<unsigned_short,struct_std::hash<unsigned_short>,struct_std::equal_to<unsigned_short>_>,class_std::allocator<unsigned_short>,0>_>
+ *)(this + 0x428),(longlong *)local_300,(ushort *)local_3b8);
+ }
+ }
+ BmInternalInfo::~BmInternalInfo(local_2e8);
+ }
+ if ((((this[0x9c9] == (ProcessContext)0x0) || (MVar7 = FgGetState(), MVar7 == 1)) ||
+ ((MVar7 = FgGetState(), MVar7 == 3 ||
+ ((MVar7 = FgGetState(), MVar7 == 6 || (MVar7 = FgGetState(), MVar7 == 2)))))) ||
+ (MVar7 = FgGetState(), MVar7 == 4)) {
+ if (param_3) {
+ this[0x9ca] = (ProcessContext)0x1;
+ }
+ else {
+ this[0x9c9] = (ProcessContext)0x1;
+ }
+ if (pwVar23 == (wchar_t *)0x0) {
+ pwVar23 = L"n/a";
+ }
+ local_3a8 = *(undefined8 *)(this + 0x198);
+ local_3a0 = *(undefined4 *)(this + 0x1a0);
+ pwVar19 = L"n/a";
+ if (_Memory != (wchar_t *)0x0) {
+ pwVar19 = _Memory;
+ }
+ SupportLog(L"Engine",
+ L"Process %ls (PPID:%lu:%llu) is tainted: TaintType:0x%llX. TaintReason:%ls",pwVar19,
+ (ulonglong)*(uint *)(this + 0x1a0));
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ local_3a8 = *(undefined8 *)(this + 0x198);
+ local_3a0 = *(undefined4 *)(this + 0x1a0);
+ pwVar21 = L"n/a";
+ if (_Memory != (wchar_t *)0x0) {
+ pwVar21 = _Memory;
+ }
+ WPP_SF_SLIiS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),WPP_GLOBAL_Control,pwVar19,pwVar21,
+ (char)*(undefined4 *)(this + 0x1a0),(char)local_3a8,(char)param_1,pwVar23);
+ }
+ if (*param_6 != 0) {
+ pwVar23 = L"n/a";
+ if (_Memory != (wchar_t *)0x0) {
+ pwVar23 = _Memory;
+ }
+ SupportLog(L"Engine",L"Process %ls originally tainted by: TaintType:0x%llX, TaintReason:%ls",
+ pwVar23,*(undefined8 *)(this + 0x4a8));
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ pwVar19 = L"n/a";
+ if (*(wchar_t **)(this + 0x4b0) != (wchar_t *)0x0) {
+ pwVar19 = *(wchar_t **)(this + 0x4b0);
+ }
+ pwVar21 = L"n/a";
+ if (_Memory != (wchar_t *)0x0) {
+ pwVar21 = _Memory;
+ }
+ WPP_SF_SiS(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),pwVar19,pwVar23,pwVar21,
+ *(undefined8 *)(this + 0x4a8),pwVar19);
+ }
+ }
+ *(__uint64 *)(this + 0x490) = param_1;
+ pCVar15 = local_300;
+ std::
+ _Tree<class_std::_Tset_traits<unsigned___int64,struct_std::less<unsigned___int64>,class_std::allocator<unsigned___int64>,0>_>
+ ::_Emplace<unsigned___int64_const&___ptr64>
+ ((_Tree<class_std::_Tset_traits<unsigned___int64,struct_std::less<unsigned___int64>,class_std::allocator<unsigned___int64>,0>_>
+ *)(this + 0x498),(longlong *)pCVar15,&local_390);
+ uVar11 = SUB81(pCVar15,0);
+ if ((int)MVar22 < 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8b,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,MVar22);
+ }
+ goto LAB_2;
+ }
+ if (((byte)this[0x980] & 0x81) != 0) {
+ RemoveInstallerMoacEntries(this);
+ pcVar20 = "Engine.BM.InstallerTainted";
+ bVar3 = ShouldLogToAsimov(false,(bool)uVar11,"Engine.BM.InstallerTainted");
+ if ((bVar3) && (g_pcsAsimovLock != (CMpCriticalSection *)0x0)) {
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>
+ (local_300,g_pcsAsimovLock,(ENUM_LOCK_INITIAL_STATE)pcVar20);
+ if ((5 < DAT_3) &&
+ (cVar4 = _tlgKeywordOn(0x75b1d6288,0x400000000000), cVar4 != '\0')) {
+ local_350 = "InstallerTainted";
+ local_348 = "BM";
+ local_3b8[0] = *(uint *)(g_aAsimov + 0x48);
+ local_388 = *(undefined4 *)(g_aAsimov + 0x44);
+ local_384 = *(undefined4 *)(g_aAsimov + 0x40);
+ local_380 = (uint)(byte)g_aAsimov[0x3c];
+ local_37c = (uint)(byte)g_aAsimov[0x3b];
+ local_378[0] = (uint)(byte)g_aAsimov[0x3a];
+ local_370 = (ProcessContext *)CONCAT44(local_370._4_4_,(uint)(byte)g_aAsimov[0x39]);
+ local_368 = (wchar_t *)CONCAT44(local_368._4_4_,(uint)(byte)g_aAsimov[0x38]);
+ local_340 = *(undefined8 *)(g_aAsimov + 0x30);
+ local_338 = *(undefined8 *)(g_aAsimov + 0x28);
+ local_330 = *(undefined8 *)(g_aAsimov + 0x20);
+ local_328 = *(undefined8 *)(g_aAsimov + 0x18);
+ local_320 = *(undefined8 *)(g_aAsimov + 0x10);
+ local_318 = *(undefined8 *)(g_aAsimov + 8);
+ local_310 = 0x1000000;
+ local_3b0 = (wchar_t *)CONCAT44(local_3b0._4_4_,(uint)param_3);
+ local_308 = local_390;
+ local_3a8 = 1;
+ _tlgWriteTemplate<long___cdecl(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),&long___cdecl__tlgWriteAgg(struct__tlgProvider_t_const*___ptr64,void_const*___ptr64,void_const*___ptr64,unsigned_int,struct__EVENT_DATA_DESCRIPTOR*___ptr64),void_const*___ptr64>
+ ::
+ Write<struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<8>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<8>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapSz<wchar_t>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapperByVal<4>,struct__tlgWrapSz<char>,struct__tlgWrapSz<char>_>
+ ((_tlgProvider_t *)g_aAsimov,&DAT_4,pcVar20,
+ (_tlgWrapperByVal<8> *)&local_3a8,(_tlgWrapperByVal<8> *)&local_308,
+ (_tlgWrapperByVal<4> *)&local_3b0,(_tlgWrapperByVal<8> *)&local_310,
+ (_tlgWrapSz<wchar_t> *)&local_318,(_tlgWrapSz<wchar_t> *)&local_320,
+ (_tlgWrapSz<wchar_t> *)&local_328,(_tlgWrapSz<wchar_t> *)&local_330,
+ (_tlgWrapSz<wchar_t> *)&local_338,(_tlgWrapSz<wchar_t> *)&local_340,
+ (_tlgWrapperByVal<4> *)&local_368,(_tlgWrapperByVal<4> *)&local_370,
+ (_tlgWrapperByVal<4> *)local_378,(_tlgWrapperByVal<4> *)&local_37c,
+ (_tlgWrapperByVal<4> *)&local_380,(_tlgWrapperByVal<4> *)&local_384,
+ (_tlgWrapperByVal<4> *)&local_388,(_tlgWrapperByVal<4> *)local_3b8,
+ (_tlgWrapSz<char> *)&local_348,(_tlgWrapSz<char> *)&local_350);
+ }
+ CommonUtil::CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>::
+ ~CGenericAutoLock<struct_CommonUtil::CMpCriticalSectionFunctor>(local_300);
+ }
+ }
+ LeaveCriticalSection(local_360);
+ plVar1 = *(longlong **)(this + 0xa88);
+ if (plVar1 == (longlong *)0x0) {
+LAB_5:
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x8c,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids);
+ }
+ }
+ else {
+ pcVar2 = *(code **)(*plVar1 + 0x68);
+ uVar8 = GetSessionId(this);
+ iVar6 = (*pcVar2)(plVar1,local_390,uVar8,_Memory);
+ if (iVar6 < 0) goto LAB_5;
+ }
+ }
+ else {
+LAB_2:
+ LeaveCriticalSection(local_360);
+ }
+ if (_Memory != (wchar_t *)0x0) {
+ free(_Memory);
+ }
LAB_0:
- if (lVar5 != 0) {
- do {
- unaff_EDI = unaff_EDI >> 8 ^
- (&CRC32_Table)[((ulonglong)unaff_EDI ^ (ulonglong)*(byte *)puVar6) & 0xff];
- puVar6 = (uint *)((longlong)puVar6 + 1);
- lVar5 = lVar5 + -1;
- } while (lVar5 != 0);
- unaff_RSI = *(longlong *)(unaff_RBP + -0x51);
- unaff_R12 = *(_Ref_count_base **)(unaff_RBP + -0x61);
- }
- *(uint *)(unaff_RSI + 0x2614) = unaff_EDI;
- lVar5 = (**(code **)(*unaff_R13 + 0x28))(unaff_R13,*(undefined4 *)(unaff_RBP + 0x13));
- if (lVar5 == 0x1000) {
- uVar1 = CRC_1(unaff_R14,0x1000);
- *(uint *)(unaff_RSI + 0x2618) = uVar1;
- }
- *(undefined4 *)(unaff_RSI + 0x261c) = 1;
- if (unaff_R15 != (_Ref_count_base *)0x0) {
- std::_Ref_count_base::_Decref(unaff_R15);
- }
- free(unaff_R14);
- if (unaff_R15 != (_Ref_count_base *)0x0) {
- std::_Ref_count_base::_Decref(unaff_R15);
- }
- std::_Ref_count_base::_Decref(unaff_R12);
- __security_check_cookie(*(ulonglong *)(unaff_RBP + 0x2f) ^ (ulonglong)&stack0x00000000);
+ __security_check_cookie(local_40 ^ (ulonglong)auStackY_478);
return;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.0 |
| i_ratio | 0.29 |
| m_ratio | 0.7 |
| b_ratio | 0.74 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | _print_config_params | _print_config_params |
| fullname | tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params | tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params |
| refcount | 4 | 4 |
length |
1358 | 1354 |
called |
__security_check_cookie snprintf std::Ref_count_base::Decref std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::get_logger tdt_library_v_next::logger_client::logger::log tdt_library_v_next::logger_client::logger::log_message |
Mtx_unlock __security_check_cookie snprintf std::Mutex_base::lock std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::basic_string<char,struct_std::char_traits,class_std::allocator>::resize tdt_library_v_next::logger_client::logger::log tdt_library_v_next::logger_client::logger::log_message |
| calling | tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params | tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params |
| paramcount | 5 | 5 |
address |
75a9e507c | 75a9d6a00 |
| sig | void __thiscall print_config_params(time_series_heuristic * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::time_series_config_t> * param_2, bool param_3, bool param_4) | void __thiscall print_config_params(time_series_heuristic * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::time_series_config_t> * param_2, bool param_3, bool param_4) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params called
+++ tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params called
@@ -0,0 +1 @@
+_Mtx_unlock
@@ -3 +4 @@
-std::_Ref_count_base::_Decref
+std::_Mutex_base::lock
@@ -8 +8,0 @@
-tdt_library_v_next::logger_client::logger::get_logger--- tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params
+++ tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params
@@ -1,2 +1,249 @@
-Failed to decompile mpengine.dll - .ProgramDB tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* private: void __cdecl
+ tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params(class
+ std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const &
+ __ptr64,class std::shared_ptr<struct tdt_library_v_next::tdt_app_profiling::time_series_config_t>
+ const & __ptr64,bool,bool) __ptr64 */
+
+void __thiscall
+tdt_library_v_next::tdt_app_profiling::time_series_heuristic::_print_config_params
+ (time_series_heuristic *this,
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *param_1,
+ shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::time_series_config_t> *param_2,
+ bool param_3,bool param_4)
+
+{
+ undefined8 *puVar1;
+ logger *plVar2;
+ int iVar3;
+ undefined8 ***pppuVar4;
+ longlong lVar5;
+ char cVar6;
+ undefined auStack_e8 [32];
+ undefined8 local_c8;
+ undefined8 uStack_c0;
+ undefined8 local_b8;
+ undefined8 local_b0;
+ undefined8 local_a8;
+ undefined8 local_a0;
+ undefined8 local_98;
+ undefined8 *local_88;
+ undefined8 **local_80;
+ undefined8 uStack_78;
+ longlong local_70;
+ ulonglong local_68;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_60 [32];
+ ulonglong local_40;
+
+ local_40 = __security_cookie ^ (ulonglong)auStack_e8;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,"root");
+ logger_client::logger::log_message
+ (2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,param_1);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80);
+ if ((param_3) || (param_4)) {
+ local_88 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
+ uStack_78 = 0;
+ local_70 = 0;
+ local_68 = 0xf;
+ local_80 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,"ERROR: formatting message!");
+ puVar1 = *(undefined8 **)param_2;
+ local_a8 = puVar1[5];
+ local_b0 = puVar1[4];
+ local_b8 = puVar1[3];
+ local_c8 = puVar1[1];
+ uStack_c0 = puVar1[2];
+ cVar6 = ' ';
+ iVar3 = snprintf((undefined *)0x0,0,0x75af07a20,*puVar1);
+ iVar3 = iVar3 + 1;
+ if (0 < iVar3) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,(longlong)iVar3,cVar6);
+ puVar1 = *(undefined8 **)param_2;
+ local_a8 = puVar1[5];
+ local_b0 = puVar1[4];
+ local_b8 = puVar1[3];
+ local_c8 = puVar1[1];
+ uStack_c0 = puVar1[2];
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ snprintf((undefined *)pppuVar4,(longlong)iVar3,0x75af07a20,*puVar1);
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ lVar5 = local_70 + -1;
+ if (*(char *)(lVar5 + (longlong)pppuVar4) == '\0') {
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ local_70 = lVar5;
+ *(undefined *)((longlong)pppuVar4 + lVar5) = 0;
+ }
+ }
+ plVar2 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_60,"root");
+ logger_client::logger::log
+ (plVar2,2,local_60,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_60);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_80);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ if (param_3) goto LAB_1;
+ }
+ local_88 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
+ uStack_78 = 0;
+ local_70 = 0;
+ local_68 = 0xf;
+ local_80 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,"ERROR: formatting message!");
+ lVar5 = *(longlong *)param_2;
+ local_a8 = *(undefined8 *)(lVar5 + 0x58);
+ local_b0 = *(undefined8 *)(lVar5 + 0x50);
+ local_b8 = *(undefined8 *)(lVar5 + 0x48);
+ local_c8 = *(undefined8 *)(lVar5 + 0x38);
+ uStack_c0 = *(undefined8 *)(lVar5 + 0x40);
+ cVar6 = '\x10';
+ iVar3 = snprintf((undefined *)0x0,0,0x75af08010,*(undefined8 *)(lVar5 + 0x30));
+ iVar3 = iVar3 + 1;
+ if (0 < iVar3) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,(longlong)iVar3,cVar6);
+ lVar5 = *(longlong *)param_2;
+ local_a8 = *(undefined8 *)(lVar5 + 0x58);
+ local_b0 = *(undefined8 *)(lVar5 + 0x50);
+ local_b8 = *(undefined8 *)(lVar5 + 0x48);
+ local_c8 = *(undefined8 *)(lVar5 + 0x38);
+ uStack_c0 = *(undefined8 *)(lVar5 + 0x40);
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ snprintf((undefined *)pppuVar4,(longlong)iVar3,0x75af08010,*(undefined8 *)(lVar5 + 0x30));
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ lVar5 = local_70 + -1;
+ if (*(char *)(lVar5 + (longlong)pppuVar4) == '\0') {
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ local_70 = lVar5;
+ *(undefined *)((longlong)pppuVar4 + lVar5) = 0;
+ }
+ }
+ plVar2 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_60,"root");
+ logger_client::logger::log
+ (plVar2,2,local_60,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_60);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_80);
+ }
+ _Mtx_unlock(0x75b251fb0);
+LAB_1:
+ if (param_4) {
+ local_88 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
+ uStack_78 = 0;
+ local_70 = 0;
+ local_68 = 0xf;
+ local_80 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,"ERROR: formatting message!");
+ lVar5 = *(longlong *)param_2;
+ local_98 = *(undefined8 *)(lVar5 + 0x98);
+ local_a0 = *(undefined8 *)(lVar5 + 0x90);
+ local_a8 = *(undefined8 *)(lVar5 + 0x88);
+ local_b0 = *(undefined8 *)(lVar5 + 0x68);
+ local_b8 = *(undefined8 *)(lVar5 + 0x80);
+ uStack_c0 = *(undefined8 *)(lVar5 + 0x78);
+ local_c8 = *(undefined8 *)(lVar5 + 0x70);
+ cVar6 = 'p';
+ iVar3 = snprintf((undefined *)0x0,0,0x75af07e70,*(undefined8 *)(lVar5 + 0x60));
+ iVar3 = iVar3 + 1;
+ if (0 < iVar3) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80,(longlong)iVar3,cVar6);
+ lVar5 = *(longlong *)param_2;
+ local_98 = *(undefined8 *)(lVar5 + 0x98);
+ local_a0 = *(undefined8 *)(lVar5 + 0x90);
+ local_a8 = *(undefined8 *)(lVar5 + 0x88);
+ local_b0 = *(undefined8 *)(lVar5 + 0x68);
+ local_b8 = *(undefined8 *)(lVar5 + 0x80);
+ uStack_c0 = *(undefined8 *)(lVar5 + 0x78);
+ local_c8 = *(undefined8 *)(lVar5 + 0x70);
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ snprintf((undefined *)pppuVar4,(longlong)iVar3,0x75af07e70,*(undefined8 *)(lVar5 + 0x60));
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ lVar5 = local_70 + -1;
+ if (*(char *)((longlong)pppuVar4 + lVar5) == '\0') {
+ pppuVar4 = &local_80;
+ if (0xf < local_68) {
+ pppuVar4 = (undefined8 ***)local_80;
+ }
+ local_70 = lVar5;
+ *(undefined *)((longlong)pppuVar4 + lVar5) = 0;
+ }
+ }
+ plVar2 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_60,"root");
+ logger_client::logger::log
+ (plVar2,2,local_60,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_80);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_60);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_80);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ }
+ __security_check_cookie(local_40 ^ (ulonglong)auStack_e8);
+ return;
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.02 |
| i_ratio | 0.11 |
| m_ratio | 0.5 |
| b_ratio | 0.51 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | register_callback | register_callback |
| fullname | tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback | tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback |
| refcount | 3 | 3 |
length |
1022 | 869 |
called |
Expand for full list:std::basic_string<char,struct_std::char_traits,class_std::allocator>::assign |
Expand for full list:std::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>::function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)> |
| calling | ||
| paramcount | 3 | 3 |
address |
75a534870 | 75a9bba70 |
| sig | bool __thiscall register_callback(normalizer * this, char * param_1, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_2) | bool __thiscall register_callback(normalizer * this, char * param_1, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_2) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback called
+++ tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback called
@@ -0,0 +1 @@
+_Mtx_unlock
@@ -2 +2,0 @@
-memset
@@ -5 +5 @@
-std::_Ref_count_base::_Decref
+std::_Mutex_base::lock
@@ -8,3 +7,0 @@
-std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Construct<1,char_const*___ptr64>
-std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Reallocate_for<class_<lambda_66f57f934f28d61049862f64df852ff0>,char_const*___ptr64>
-std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Reallocate_grow_by<class_<lambda_e1befb086ad3257e3f042a63030725f7>,unsigned___int64,char>
@@ -16 +13,2 @@
-tdt_library_v_next::bit_shovel_plugins::normalizer_agent::register_callback
+std::function<void___cdecl(struct_tdt_library_v_current::bit_shovel_plugins::normalized_record_const*___ptr64)>::function<void___cdecl(struct_tdt_library_v_current::bit_shovel_plugins::normalized_record_const*___ptr64)>
+tdt_library_v_next::bit_shovel_plugins::internal::normalizer_agent_impl::register_callback--- tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback
+++ tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback
@@ -1,338 +1,220 @@
-/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
- guard_dispatch_icall */
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* public: virtual bool __cdecl
+ tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback(class
+ std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const &
+ __ptr64,class std::function<void __cdecl(struct
+ tdt_library_v_next::bit_shovel_plugins::normalized_record const * __ptr64)>) __ptr64 */
bool __thiscall
-<lambda_4e1932c4a2416d6fdc56c1876dc481c5>::register_callback
+tdt_library_v_next::bit_shovel_plugins::normalizer::register_callback
(normalizer *this,char *param_1,
_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
*param_2)
{
- longlong *plVar1;
- ULONG ulFlags;
- BOOL BVar2;
- DWORD DVar3;
- ulong uVar4;
- int iVar5;
- undefined8 *puVar6;
- longlong lVar7;
- LPCWSTR pWVar8;
- ulonglong uVar9;
- wchar_t *pwVar10;
- void *pvVar11;
- HANDLE pvVar12;
- uint uVar13;
- undefined2 uVar14;
- DWORD unaff_EBX;
- longlong unaff_RBP;
- longlong *unaff_RSI;
- DWORD unaff_EDI;
- char unaff_R12B;
- longlong *unaff_R13;
- void *unaff_R14;
- LPBYTE unaff_R15;
- LPDWORD in_stack_00000030;
- LPOVERLAPPED in_stack_00000038;
+ normalizer_agent_impl *this_00;
+ logger *plVar1;
+ bool bVar2;
+ undefined extraout_AL;
+ int iVar3;
+ undefined8 ***pppuVar4;
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *p_Var5;
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *p_Var6;
+ char *pcVar7;
+ char cVar8;
+ char *pcVar9;
+ longlong lVar10;
+ longlong lVar11;
+ undefined auStack_e8 [32];
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *local_c8;
+ undefined8 *local_c0;
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *local_b8;
+ undefined8 **local_b0;
+ undefined8 uStack_a8;
+ longlong local_a0;
+ ulonglong local_98;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_70 [64];
+ ulonglong local_30;
-code_r0x00075a534870:
- BVar2 = DeviceIoControl(this,0x9c040,(LPVOID)(unaff_RBP + 0x77),unaff_EBX,(LPVOID)0x0,0,
- in_stack_00000030,in_stack_00000038);
- if (((BVar2 == 0) &&
- (DVar3 = GetLastError(), (undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
- ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
- pwVar10 = (wchar_t *)(**(code **)(*unaff_RSI + 0x10))();
- WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x4d,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,pwVar10,(char)DVar3);
+ local_30 = __security_cookie ^ (ulonglong)auStack_e8;
+ local_b8 = param_2;
+ if (*(longlong *)(param_2 + 0x38) != 0) {
+ p_Var5 = *(_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ **)(this + 8);
+ local_c8 = *(_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ **)p_Var5;
+ while (local_c8 != p_Var5) {
+ lVar11 = *(longlong *)(local_c8 + 0x28);
+ lVar10 = *(longlong *)(lVar11 + 8);
+ pcVar7 = (char *)(lVar10 + 0x20);
+ pcVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pcVar9 = *(char **)param_1;
+ }
+ if (0xf < *(ulonglong *)(lVar10 + 0x38)) {
+ pcVar7 = *(char **)pcVar7;
+ }
+ bVar2 = std::_Traits_equal<struct_std::char_traits<char>_>
+ (pcVar7,*(__uint64 *)(lVar10 + 0x30),pcVar9,*(__uint64 *)(param_1 + 0x10));
+ if (bVar2) {
+ local_c8 = (_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)&DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
+ uStack_a8 = 0;
+ local_a0 = 0;
+ local_98 = 0xf;
+ local_b0 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_b0,"ERROR: formatting message!");
+ pcVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pcVar9 = *(char **)param_1;
+ }
+ cVar8 = '\x18';
+ iVar3 = snprintf((undefined *)0x0,0,0x75af00018,pcVar9);
+ iVar3 = iVar3 + 1;
+ if (0 < iVar3) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ resize((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_b0,(longlong)iVar3,cVar8);
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ param_1 = *(char **)param_1;
+ }
+ pppuVar4 = &local_b0;
+ if (0xf < local_98) {
+ pppuVar4 = (undefined8 ***)local_b0;
+ }
+ snprintf((undefined *)pppuVar4,(longlong)iVar3,0x75af00018,param_1);
+ pppuVar4 = &local_b0;
+ if (0xf < local_98) {
+ pppuVar4 = (undefined8 ***)local_b0;
+ }
+ lVar10 = local_a0 + -1;
+ if (*(char *)(lVar10 + (longlong)pppuVar4) == '\0') {
+ pppuVar4 = &local_b0;
+ if (0xf < local_98) {
+ pppuVar4 = (undefined8 ***)local_b0;
+ }
+ local_a0 = lVar10;
+ *(undefined *)((longlong)pppuVar4 + lVar10) = 0;
+ }
+ }
+ plVar1 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_70,"root");
+ logger_client::logger::log
+ (plVar1,2,local_70,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_b0);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_70);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_b0);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ p_Var5 = (_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)std::
+ function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ ::
+ function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ ((function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ *)local_70,
+ (function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ *)param_2);
+ this_00 = *(normalizer_agent_impl **)(lVar11 + 8);
+ local_c8 = p_Var5;
+ p_Var6 = (_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)std::
+ function<void___cdecl(struct_tdt_library_v_current::bit_shovel_plugins::normalized_record_const*___ptr64)>
+ ::
+ function<void___cdecl(struct_tdt_library_v_current::bit_shovel_plugins::normalized_record_const*___ptr64)>
+ ((function<void___cdecl(struct_tdt_library_v_current::bit_shovel_plugins::normalized_record_const*___ptr64)>
+ *)&local_b0,
+ (function<void___cdecl(struct_tdt_library_v_current::bit_shovel_plugins::normalized_record_const*___ptr64)>
+ *)p_Var5);
+ bit_shovel_plugins::internal::normalizer_agent_impl::register_callback(this_00,p_Var6);
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy(p_Var5);
+ goto LAB_1;
+ }
+ std::
+ _Tree_unchecked_const_iterator<class_std::_Tree_val<struct_std::_Tree_simple_types<struct_std::pair<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_const_,class_std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>_>_>_>_>,struct_std::_Iterator_base0>
+ ::operator++((_Tree_unchecked_const_iterator<class_std::_Tree_val<struct_std::_Tree_simple_types<struct_std::pair<class_std::basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>_const_,class_std::basic_string<char16_t,struct_std::char_traits<char16_t>,class_std::allocator<char16_t>_>_>_>_>,struct_std::_Iterator_base0>
+ *)&local_c8);
+ }
+ local_c0 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 5)) {
+ uStack_a8 = 0;
+ local_a0 = 0;
+ local_98 = 0xf;
+ local_b0 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_b0,"ERROR: formatting message!");
+ pcVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pcVar9 = *(char **)param_1;
+ }
+ cVar8 = -8;
+ iVar3 = snprintf((undefined *)0x0,0,0x75af000f8,pcVar9);
+ iVar3 = iVar3 + 1;
+ if (0 < iVar3) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_b0,(longlong)iVar3,cVar8);
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ param_1 = *(char **)param_1;
+ }
+ pppuVar4 = &local_b0;
+ if (0xf < local_98) {
+ pppuVar4 = (undefined8 ***)local_b0;
+ }
+ snprintf((undefined *)pppuVar4,(longlong)iVar3,0x75af000f8,param_1);
+ pppuVar4 = &local_b0;
+ if (0xf < local_98) {
+ pppuVar4 = (undefined8 ***)local_b0;
+ }
+ lVar11 = local_a0 + -1;
+ if (*(char *)(lVar11 + (longlong)pppuVar4) == '\0') {
+ pppuVar4 = &local_b0;
+ if (0xf < local_98) {
+ pppuVar4 = (undefined8 ***)local_b0;
+ }
+ local_a0 = lVar11;
+ *(undefined *)((longlong)pppuVar4 + lVar11) = 0;
+ }
+ }
+ plVar1 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_70,"root");
+ logger_client::logger::log
+ (plVar1,4,local_70,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_b0);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_70);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_b0);
+ }
+ _Mtx_unlock(0x75b251fb0);
}
- uVar13 = *(uint *)(unaff_RBP + 0x7f);
- pvVar11 = (void *)(**(code **)(**(longlong **)(unaff_RBP + -0x59) + 0x70))();
- uVar4 = SetFileAttributesUsingHandle(pvVar11,uVar13 & 0x31a7);
- if (((uVar4 != 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
- ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
- pwVar10 = (wchar_t *)(**(code **)(*unaff_RSI + 0x10))();
- WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x4e,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,pwVar10,(char)uVar4);
- }
-LAB_0:
- iVar5 = (**(code **)(*unaff_RSI + 0x68))();
- if (iVar5 != 0) goto LAB_1;
- iVar5 = (**(code **)(*unaff_RSI + 0x68))();
- if (iVar5 != 0) goto LAB_1;
- iVar5 = (**(code **)(*unaff_RSI + 0x68))();
- if (iVar5 != 0) goto LAB_1;
- *(int *)(unaff_RBP + -1) = (int)*(undefined8 *)(unaff_RBP + -9);
- *(int *)(unaff_RBP + 3) = (int)((ulonglong)*(undefined8 *)(unaff_RBP + -9) >> 0x20);
- *(undefined8 *)(unaff_RBP + -0x19) = *(undefined8 *)(unaff_RBP + -1);
- *(int *)(unaff_RBP + 0xf) = (int)*(undefined8 *)(unaff_RBP + 7);
- *(int *)(unaff_RBP + 0x13) = (int)((ulonglong)*(undefined8 *)(unaff_RBP + 7) >> 0x20);
- *(undefined8 *)(unaff_RBP + -0x21) = *(undefined8 *)(unaff_RBP + 0xf);
- *(int *)(unaff_RBP + 0x1f) = (int)*(undefined8 *)(unaff_RBP + 0x17);
- *(int *)(unaff_RBP + 0x23) = (int)((ulonglong)*(undefined8 *)(unaff_RBP + 0x17) >> 0x20);
- *(undefined8 *)(unaff_RBP + -0x29) = *(undefined8 *)(unaff_RBP + 0x1f);
- if (*(longlong **)(unaff_RBP + -0x59) == (longlong *)0x0) goto LAB_1;
- pvVar12 = (HANDLE)(**(code **)(**(longlong **)(unaff_RBP + -0x59) + 0x70))();
- BVar2 = SetFileTime(pvVar12,(FILETIME *)(unaff_RBP + -0x19),(FILETIME *)(unaff_RBP + -0x21),
- (FILETIME *)(unaff_RBP + -0x29));
- if (BVar2 != 0) goto LAB_1;
- if ((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) goto LAB_1;
- if ((WPP_GLOBAL_Control[0x1c] & 2) == 0) goto LAB_1;
- DVar3 = GetLastError();
- uVar14 = 0x4f;
-LAB_2:
- do {
- WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar14,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,DVar3);
LAB_1:
- do {
- do {
- free(unaff_R15);
- free(unaff_R14);
- if (*(PVOID *)(unaff_RBP + -0x31) != (PVOID)0x0) {
- CloseEncryptedFileRaw(*(PVOID *)(unaff_RBP + -0x31));
- }
- if ((unaff_R12B != '\0') || (unaff_EDI != 0x51b)) {
-LAB_3:
- if (*(longlong **)(unaff_RBP + -0x59) != (longlong *)0x0) {
- (**(code **)(**(longlong **)(unaff_RBP + -0x59) + 8))();
- }
- return SUB41(unaff_EDI,0);
- }
- puVar6 = (undefined8 *)(**(code **)(*unaff_R13 + 0x28))();
- lVar7 = (**(code **)(*(longlong *)*puVar6 + 0x18))();
- if (lVar7 == 0) goto LAB_3;
- *(undefined *)(unaff_RBP + 0x67) = 1;
- uVar13 = *(uint *)(unaff_RBP + 0x7f);
- pwVar10 = (wchar_t *)(**(code **)(*unaff_RSI + 0x10))();
- unaff_EDI = OpenFileHandleRestore
- (pwVar10,unaff_R13,uVar13,(char *)(unaff_RBP + 0x67),
- (AutoRef<class_IVolumeFile> *)(unaff_RBP + -0x59));
- unaff_R12B = *(char *)(unaff_RBP + 0x67);
- } while (unaff_EDI != 0);
- if ((*(uint *)(unaff_RBP + 0x7f) & 0x4000) == 0) {
- pvVar12 = (HANDLE)(**(code **)(**(longlong **)(unaff_RBP + -0x59) + 0x70))();
- if (pvVar12 == (HANDLE)0xffffffffffffffff) {
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x44,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids);
- }
- unaff_EDI = 0x32;
- }
- else {
- unaff_R15 = (LPBYTE)`__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>
- (0x10000);
- if (unaff_R15 != (LPBYTE)0x0) {
- *(undefined8 *)(unaff_RBP + -0x61) = 0;
- unaff_EDI = (**(code **)(*unaff_RSI + 0x48))();
- if (unaff_EDI != 0) {
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- uVar14 = 0x46;
- DVar3 = unaff_EDI;
- goto LAB_2;
- }
- goto LAB_1;
- }
- unaff_EDI = (**(code **)(**(longlong **)(unaff_RBP + -0x61) + 0x38))();
- if (unaff_EDI == 0) {
- unaff_EDI = (**(code **)(**(longlong **)(unaff_RBP + -0x61) + 0x10))();
- if (unaff_EDI == 0) {
- *(undefined *)(unaff_RBP + 0x67) = 0;
- if (unaff_R12B != '\0') {
- puVar6 = (undefined8 *)(**(code **)(*unaff_R13 + 0x28))();
- pvVar11 = (void *)(**(code **)(*(longlong *)*puVar6 + 0x18))();
- uVar4 = CAutoImpersonate2::Impersonate
- ((CAutoImpersonate2 *)(unaff_RBP + 0x67),pvVar11);
- if (((uVar4 != 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x49,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,uVar4);
- }
- }
- *(undefined8 *)(unaff_RBP + -0x11) = 0;
- *(undefined4 *)(unaff_RBP + -0x51) = 0;
- do {
- *(undefined8 *)(unaff_RBP + -0x49) = 0x10000;
- unaff_EDI = (**(code **)(**(longlong **)(unaff_RBP + -0x61) + 0x18))
- (*(longlong **)(unaff_RBP + -0x61),unaff_RBP + -0x49,
- unaff_R15);
- if (unaff_EDI != 0) {
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x4a,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,unaff_EDI);
- }
- break;
- }
- uVar9 = *(ulonglong *)(unaff_RBP + -0x49);
- if (0xfffffffe < uVar9) {
- di::TelemetryAssert::AssertTriggeredNoArgs();
- uVar9 = *(ulonglong *)(unaff_RBP + -0x49);
- }
- if (uVar9 == 0) break;
- BVar2 = BackupWrite(pvVar12,unaff_R15,(DWORD)uVar9,(LPDWORD)(unaff_RBP + -0x51),0,
- 1,(LPVOID *)(unaff_RBP + -0x11));
- if (BVar2 == 0) {
- unaff_EDI = GetLastError();
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- pwVar10 = (wchar_t *)(**(code **)(*unaff_RSI + 0x10))();
- WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x4b,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,pwVar10,
- (char)unaff_EDI);
- }
- break;
- }
- } while (*(longlong *)(unaff_RBP + -0x49) != 0);
- BackupWrite((HANDLE)0xffffffffffffffff,unaff_R15,0,(LPDWORD)(unaff_RBP + -0x51),1,0,
- (LPVOID *)(unaff_RBP + -0x11));
- plVar1 = *(longlong **)(unaff_RBP + -0x61);
- if (unaff_EDI == 0) {
- unaff_EDI = (**(code **)(*plVar1 + 0x30))();
- if (unaff_EDI == 0) {
- puVar6 = *(undefined8 **)(unaff_RBP + -0x61);
- if (puVar6 != (undefined8 *)0x0) {
- (**(code **)*puVar6)(puVar6,1);
- }
- CAutoImpersonate2::Revert((CAutoImpersonate2 *)(unaff_RBP + 0x67));
-LAB_4:
- if ((*(uint *)(unaff_RBP + 0x7f) & 0x4000) != 0) goto LAB_0;
- lVar7 = (**(code **)(**(longlong **)(unaff_RBP + -0x59) + 0x70))();
- if (lVar7 == -1) {
- di::TelemetryAssert::AssertTriggeredNoArgs();
- }
- unaff_EBX = 2;
- *(ushort *)(unaff_RBP + 0x77) = (ushort)(*(uint *)(unaff_RBP + 0x7f) >> 10) & 2;
- *(undefined4 *)(unaff_RBP + -0x41) = 0;
- this = (normalizer *)(**(code **)(**(longlong **)(unaff_RBP + -0x59) + 0x70))();
- in_stack_00000038 = (LPOVERLAPPED)0x0;
- in_stack_00000030 = (LPDWORD)(unaff_RBP + -0x41);
- goto code_r0x00075a534870;
- }
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x4c,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,unaff_EDI);
- }
- puVar6 = *(undefined8 **)(unaff_RBP + -0x61);
- if (puVar6 != (undefined8 *)0x0) {
- (**(code **)*puVar6)(puVar6,1);
- }
- CAutoImpersonate2::Revert((CAutoImpersonate2 *)(unaff_RBP + 0x67));
- }
- else {
- if (plVar1 != (longlong *)0x0) {
- (**(code **)*plVar1)(plVar1,1);
- }
- if (*(char *)(unaff_RBP + 0x67) != '\0') {
- SetThreadToken((PHANDLE)0x0,(HANDLE)0x0);
- }
- }
- goto LAB_1;
- }
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- uVar14 = 0x48;
- goto LAB_5;
- }
- }
- else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- uVar14 = 0x47;
-LAB_5:
- WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar14,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,unaff_EDI);
- }
- puVar6 = *(undefined8 **)(unaff_RBP + -0x61);
-LAB_6:
- if (puVar6 != (undefined8 *)0x0) {
- (**(code **)*puVar6)(puVar6,1);
- }
- goto LAB_1;
- }
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x45,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids);
- }
- unaff_EDI = 8;
- }
- goto LAB_1;
- }
- CommonUtil::AutoRef<class_IVolumeFile>::Release
- ((AutoRef<class_IVolumeFile> *)(unaff_RBP + -0x59));
- pWVar8 = (LPCWSTR)(**(code **)(*unaff_RSI + 0x10))();
- DeleteFileW(pWVar8);
- uVar13 = (*(uint *)(unaff_RBP + 0x7f) & 0x10 | 8) >> 3;
- ulFlags = uVar13 | 4;
- if ((*(byte *)(unaff_RBP + 0x7f) & 2) == 0) {
- ulFlags = uVar13;
- }
- *(undefined8 *)(unaff_RBP + -0x69) = 0;
- unaff_EDI = (**(code **)(*unaff_RSI + 0x48))();
- if (unaff_EDI == 0) {
- unaff_EDI = (**(code **)(**(longlong **)(unaff_RBP + -0x69) + 0x38))();
- if (unaff_EDI == 0) {
- pWVar8 = (LPCWSTR)(**(code **)(*unaff_RSI + 0x10))();
- unaff_EDI = OpenEncryptedFileRawW(pWVar8,ulFlags,(PVOID *)(unaff_RBP + -0x31));
- if (unaff_EDI == 0) {
- unaff_EDI = (**(code **)(**(longlong **)(unaff_RBP + -0x69) + 0x10))();
- if (unaff_EDI == 0) {
- unaff_EDI = WriteEncryptedFileRaw
- (EncryptedWriteCallback,*(PVOID *)(unaff_RBP + -0x69),
- *(PVOID *)(unaff_RBP + -0x31));
- if (unaff_EDI == 0) {
- unaff_EDI = (**(code **)(**(longlong **)(unaff_RBP + -0x69) + 0x30))();
- if (unaff_EDI == 0) {
- puVar6 = *(undefined8 **)(unaff_RBP + -0x69);
- if (puVar6 != (undefined8 *)0x0) {
- (**(code **)*puVar6)(puVar6,1);
- }
- goto LAB_4;
- }
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- uVar14 = 0x43;
- goto LAB_7;
- }
- }
- else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- pwVar10 = (wchar_t *)(**(code **)(*unaff_RSI + 0x10))();
- uVar14 = 0x42;
- goto LAB_8;
- }
- }
- else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- uVar14 = 0x41;
- goto LAB_7;
- }
- }
- else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- pwVar10 = (wchar_t *)(**(code **)(*unaff_RSI + 0x10))();
- uVar14 = 0x40;
-LAB_8:
- WPP_SF_SL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar14,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,pwVar10,(char)unaff_EDI);
- }
- }
- else if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
- uVar14 = 0x3f;
-LAB_7:
- WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),uVar14,
- &WPP_b8638e06718b3fdef726c8ef88dd6a73_Traceguids,unaff_EDI);
- }
- puVar6 = *(undefined8 **)(unaff_RBP + -0x69);
- goto LAB_6;
- }
- } while (((undefined **)WPP_GLOBAL_Control == &WPP_GLOBAL_Control) ||
- ((WPP_GLOBAL_Control[0x1c] & 1) == 0));
- uVar14 = 0x3e;
- DVar3 = unaff_EDI;
- } while( true );
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy(param_2);
+ __security_check_cookie(local_30 ^ (ulonglong)auStack_e8);
+ return (bool)extraout_AL;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.0 |
| i_ratio | 0.15 |
| m_ratio | 0.49 |
| b_ratio | 0.36 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | start | start |
| fullname | tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start | tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start |
| refcount | 2 | 2 |
length |
3680 | 4183 |
called |
Expand for full list:std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate |
Expand for full list:std::State_manager::valid |
| calling | tdt_library_v_next::bit_shovel::pipeline_manager::start | tdt_library_v_next::bit_shovel::pipeline_manager::start |
| paramcount | 5 | 5 |
address |
75a9844bc | 75a969fdc |
| sig | result_type __thiscall start(pipeline_manager_impl * this, int * param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2, undefined8 * param_3, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_4) | result_type __thiscall start(pipeline_manager_impl * this, int * param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2, undefined8 * param_3, Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>>_const&___ptr64> * param_4) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start called
+++ tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start called
@@ -1,0 +2 @@
+_Mtx_unlock
@@ -8,0 +10 @@
+std::_Mutex_base::lock
@@ -37 +38,0 @@
-tdt_library_v_next::logger_client::logger::get_logger--- tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start
+++ tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start
@@ -1,2 +1,782 @@
-Failed to decompile mpengine.dll - .ProgramDB tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+ guard_dispatch_icall */
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* public: class tdt_library_v_next::bit_shovel::result_type __cdecl
+ tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start(class
+ std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const &
+ __ptr64,class std::shared_ptr<class tdt_library_v_next::tdt_config> const & __ptr64,class
+ std::function<bool __cdecl(class std::basic_string<char,struct std::char_traits<char>,class
+ std::allocator<char> > const & __ptr64)>) __ptr64 */
+
+void __thiscall
+tdt_library_v_next::bit_shovel::internal::pipeline_manager_impl::start
+ (pipeline_manager_impl *this,int *param_1,
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *param_2,
+ undefined8 *param_3,
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *param_4)
+
+{
+ undefined8 uVar1;
+ _Ref_count_base *p_Var2;
+ longlong *plVar3;
+ undefined8 *puVar4;
+ logger *plVar5;
+ bool bVar6;
+ int iVar7;
+ int iVar8;
+ longlong *plVar9;
+ undefined8 uVar10;
+ int *piVar11;
+ shared_ptr<struct_ObjectManager::MutantObject> *psVar12;
+ undefined8 ****ppppuVar13;
+ os_api_t *this_00;
+ longlong lVar14;
+ pipeline_manager_impl *ppVar15;
+ char cVar16;
+ undefined8 *puVar17;
+ pipeline_manager_impl *ppVar18;
+ undefined auStack_6b8 [32];
+ pipeline_manager_impl *local_698;
+ longlong *local_688;
+ longlong *local_680;
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *local_678;
+ pipeline_manager_impl *local_670;
+ int *local_668;
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *local_660;
+ pipeline_manager_impl *local_658;
+ channel_registry_ex local_648 [16];
+ longlong *local_638;
+ _Ref_count_base *local_630;
+ unique_lock<class_std::mutex> local_628 [32];
+ undefined8 *local_608;
+ undefined8 *local_5f0;
+ undefined8 *local_5e8;
+ shared_ptr<struct_ObjectManager::MutantObject> local_5e0 [16];
+ undefined **local_5d0;
+ pipeline_manager_impl *local_5c8;
+ undefined ***local_598;
+ pipeline_manager_impl local_590 [16];
+ _Func_class<class_tdt_library_v_next::bit_shovel::result_type,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>
+ local_580 [56];
+ undefined8 local_548;
+ int local_540;
+ ulonglong local_538;
+ undefined8 uStack_530;
+ undefined8 local_528;
+ undefined8 uStack_520;
+ undefined8 ***local_4f8;
+ undefined8 uStack_4f0;
+ longlong local_4e8;
+ ulonglong local_4e0;
+ undefined8 ***local_4b8;
+ undefined8 uStack_4b0;
+ longlong local_4a8;
+ ulonglong local_4a0;
+ undefined8 ***local_498;
+ undefined8 uStack_490;
+ longlong local_488;
+ ulonglong local_480;
+ undefined8 ***local_478;
+ undefined8 uStack_470;
+ longlong local_468;
+ ulonglong local_460;
+ undefined8 local_458;
+ undefined8 uStack_450;
+ undefined8 local_448;
+ undefined8 local_440;
+ undefined8 local_438;
+ undefined8 uStack_430;
+ undefined8 local_428;
+ undefined8 local_420;
+ undefined8 local_418;
+ undefined8 uStack_410;
+ undefined8 local_408;
+ undefined8 local_400;
+ undefined8 local_3f8;
+ undefined8 uStack_3f0;
+ undefined8 local_3e8;
+ undefined8 local_3e0;
+ channel_registry_ex *local_3d8;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_3d0 [32];
+ undefined4 local_3b0 [2];
+ undefined8 local_3a8;
+ undefined8 uStack_3a0;
+ undefined8 local_398;
+ undefined8 local_390;
+ int local_388 [2];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_380 [64];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_340 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_320 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_300 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_2e0 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_2c0 [64];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_280 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_260 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_240 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_220 [40];
+ undefined **local_1f8;
+ pipeline_manager_impl *local_1f0;
+ undefined ***local_1c0;
+ undefined **local_1b8;
+ pipeline_manager_impl *local_1b0;
+ undefined ***local_180;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_178 [32];
+ undefined local_158 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_150 [32];
+ undefined local_130 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_128 [32];
+ undefined local_108 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_100 [32];
+ undefined local_e0 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_d8 [32];
+ undefined local_b8 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_b0 [32];
+ undefined local_90 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_88 [32];
+ undefined4 local_68 [2];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_60 [32];
+ ulonglong local_40;
+
+ local_40 = __security_cookie ^ (ulonglong)auStack_6b8;
+ local_678 = param_4;
+ local_660 = param_4;
+ uVar10 = 0;
+ local_540 = 0;
+ uStack_530 = 0;
+ local_528 = 0;
+ uStack_520 = 0xf;
+ local_538 = 0;
+ local_670 = this;
+ local_668 = param_1;
+ local_658 = this;
+ if (*(longlong *)(this + 0x30) == *(longlong *)(this + 0x38)) {
+ *param_1 = 1;
+ param_1[2] = 0;
+ param_1[3] = 0;
+ param_1[4] = 0;
+ param_1[5] = 0;
+ param_1[6] = 0;
+ param_1[7] = 0;
+ param_1[8] = 0xf;
+ param_1[9] = 0;
+ *(undefined *)(param_1 + 2) = 0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_538);
+ goto LAB_0;
+ }
+ if (*(int *)(this + 0x138) == 1) {
+ *param_1 = 2;
+ param_1[2] = 0;
+ param_1[3] = 0;
+ param_1[4] = 0;
+ param_1[5] = 0;
+ param_1[6] = 0;
+ param_1[7] = 0;
+ param_1[8] = 0xf;
+ param_1[9] = 0;
+ *(undefined *)(param_1 + 2) = 0;
+ }
+ else {
+ std::unique_lock<class_std::mutex>::unique_lock<class_std::mutex>
+ (local_628,(mutex *)(this + 0x98));
+ data_network_impl::set_thread_pool
+ (*(data_network_impl **)this,
+ (shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool> *)(this + 0x180));
+ this[0x48] = (pipeline_manager_impl)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (*(longlong *)this + 0xb0),param_2);
+ local_548 = 0;
+ std::
+ _Func_class<class_tdt_library_v_next::bit_shovel::result_type,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>
+ ::_Reset_move(local_580,
+ (_Func_class<class_tdt_library_v_next::bit_shovel::result_type,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>
+ *)local_678);
+ data_network::set_verify_callback((data_network *)this,local_580);
+ lVar14 = *(longlong *)this;
+ if (param_3[1] != 0) {
+ LOCK();
+ piVar11 = (int *)(param_3[1] + 8);
+ *piVar11 = *piVar11 + 1;
+ UNLOCK();
+ }
+ uVar1 = param_3[1];
+ *(undefined8 *)(lVar14 + 0x110) = *param_3;
+ p_Var2 = *(_Ref_count_base **)(lVar14 + 0x118);
+ *(undefined8 *)(lVar14 + 0x118) = uVar1;
+ if (p_Var2 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(p_Var2);
+ }
+ local_5d0 = std::
+ _Func_impl_no_alloc<class_<lambda_01ad08b7d2ee2b9afbd8d6044b3f1104>,void,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const&___ptr64>
+ ::vftable;
+ local_598 = &local_5d0;
+ local_5c8 = this;
+ data_network::set_runtime_error_callback
+ ((data_network *)this,
+ (_Func_class<class_tdt_library_v_next::bit_shovel::result_type,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>
+ *)&local_5d0);
+ LOCK();
+ *(undefined4 *)(this + 0x138) = 0;
+ UNLOCK();
+ uStack_450 = 0;
+ local_448 = 0;
+ local_440 = 0xf;
+ local_458 = 0;
+ uStack_430 = 0;
+ local_428 = 0;
+ local_420 = 0xf;
+ local_438 = 0;
+ pipeline_plugin_exit_details_t::operator=
+ ((pipeline_plugin_exit_details_t *)(this + 0x140),
+ (pipeline_plugin_exit_details_t *)&local_458);
+ AntiRootkit::PeFileImportInfo::~PeFileImportInfo((PeFileImportInfo *)&local_458);
+ ppVar15 = this + 0xe8;
+ if (ppVar15 != local_590) {
+ if (*(longlong *)ppVar15 != 0) {
+ std::_Associated_state<int>::_Release(*(_Associated_state<int> **)ppVar15);
+ }
+ *(longlong *)ppVar15 = 0;
+ this[0xf0] = (pipeline_manager_impl)0x0;
+ }
+ channel_registry_ex::channel_registry_ex(local_648);
+ plVar9 = (longlong *)operator_new(0x1c8);
+ *plVar9 = 0;
+ plVar9[1] = 0;
+ *(undefined4 *)(plVar9 + 1) = 1;
+ *(undefined4 *)((longlong)plVar9 + 0xc) = 1;
+ *plVar9 = (longlong)
+ std::_Ref_count_obj2<class_tdt_library_v_next::tdt_os_apis::os_api_t>::vftable;
+ this_00 = (os_api_t *)(plVar9 + 2);
+ local_688 = plVar9;
+ tdt_os_apis::os_api_t::os_api_t(this_00);
+ *(os_api_t **)(this + 0x268) = this_00;
+ p_Var2 = *(_Ref_count_base **)(this + 0x270);
+ *(longlong **)(this + 0x270) = plVar9;
+ if (p_Var2 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(p_Var2);
+ }
+ data_network::
+ get_api<class_std::shared_ptr<class_tdt_library_v_next::tdt_app_profiling::platform_service_t>_>
+ ((data_network *)this,(shared_ptr<struct_ObjectManager::MutantObject> *)&local_638);
+ if (local_638 != (longlong *)0x0) {
+ uVar10 = (**(code **)(*local_638 + 8))(local_638,5,this + 0x278);
+ }
+ piVar11 = (int *)tdt_os_apis::os_api_t::init
+ (*(os_api_t **)(this + 0x268),local_158,uVar10,
+ *(undefined8 *)(this + 0x278));
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_150);
+ if (local_540 == 0) {
+ psVar12 = (shared_ptr<struct_ObjectManager::MutantObject> *)
+ std::shared_ptr<struct_ObjectManager::MutantObject>::
+ shared_ptr<struct_ObjectManager::MutantObject>
+ (local_5e0,
+ (shared_ptr<struct_ObjectManager::MutantObject> *)(this + 0x268));
+ piVar11 = data_network::
+ register_api<class_std::shared_ptr<class_tdt_library_v_next::tdt_os_apis::os_api_t>_>
+ ((data_network *)this,local_68,psVar12);
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_60);
+ }
+ iVar8 = local_540;
+ if (local_540 == 0) {
+ plVar3 = *(longlong **)(this + 0x38);
+ for (plVar9 = *(longlong **)(this + 0x30); plVar9 != plVar3; plVar9 = plVar9 + 2) {
+ local_3d8 = local_648;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_3d0,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (*plVar9 + 8));
+ local_3b0[0] = 0;
+ uStack_3a0 = 0;
+ local_398 = 0;
+ local_390 = 0xf;
+ local_3a8 = 0;
+ (**(code **)(*(longlong *)*plVar9 + 8))((longlong *)*plVar9,&local_3d8);
+ tdt_library_v_current::bit_shovel::result_type::result_type
+ ((result_type *)local_388,(result_type *)local_3b0);
+ local_540 = local_388[0];
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,local_380);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_380);
+ iVar8 = local_540;
+ tdt_library_v_current::bit_shovel::plugin_type_registry::~plugin_type_registry
+ ((plugin_type_registry *)&local_3d8);
+ if (iVar8 != 0) goto LAB_1;
+ }
+ if (iVar8 == 0) {
+ plVar3 = *(longlong **)(this + 0x38);
+ local_688 = plVar3;
+ for (plVar9 = *(longlong **)(this + 0x30); local_680 = plVar9, plVar9 != plVar3;
+ plVar9 = plVar9 + 2) {
+ local_698 = this + 0x18;
+ piVar11 = (int *)(**(code **)(*(longlong *)*plVar9 + 0x10))
+ ((longlong *)*plVar9,local_130,local_648,this);
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ operator=((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_128);
+ iVar8 = local_540;
+ if (local_540 != 0) {
+ local_608 = &DAT_2;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_2);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 5)) {
+ uStack_4f0 = 0;
+ local_4e8 = 0;
+ local_4e0 = 0xf;
+ local_4f8 = (undefined8 ****)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ assign((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_4f8,"ERROR: formatting message!");
+ puVar17 = (undefined8 *)(*plVar9 + 8);
+ if (0xf < *(ulonglong *)(*plVar9 + 0x20)) {
+ puVar17 = (undefined8 *)*puVar17;
+ }
+ cVar16 = -0x78;
+ iVar7 = snprintf((undefined *)0x0,0,0x75aefa388,puVar17);
+ if (0 < iVar7 + 1) {
+ local_688 = (longlong *)(longlong)(iVar7 + 1);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ resize((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_4f8,(__uint64)local_688,cVar16);
+ puVar17 = (undefined8 *)(*plVar9 + 8);
+ if (0xf < *(ulonglong *)(*plVar9 + 0x20)) {
+ puVar17 = (undefined8 *)*puVar17;
+ }
+ ppppuVar13 = &local_4f8;
+ if (0xf < local_4e0) {
+ ppppuVar13 = (undefined8 ****)local_4f8;
+ }
+ snprintf((undefined *)ppppuVar13,(ulonglong)local_688,0x75aefa388,puVar17);
+ ppppuVar13 = &local_4f8;
+ if (0xf < local_4e0) {
+ ppppuVar13 = (undefined8 ****)local_4f8;
+ }
+ lVar14 = local_4e8 + -1;
+ if (*(char *)(lVar14 + (longlong)ppppuVar13) == '\0') {
+ ppppuVar13 = &local_4f8;
+ if (0xf < local_4e0) {
+ ppppuVar13 = (undefined8 ****)local_4f8;
+ }
+ local_4e8 = lVar14;
+ *(undefined *)((longlong)ppppuVar13 + lVar14) = 0;
+ }
+ }
+ plVar5 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_260,"root");
+ logger_client::logger::log
+ (plVar5,4,local_260,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_4f8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_260);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_4f8);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ break;
+ }
+ }
+ }
+ }
+LAB_1:
+ if (iVar8 == 0) {
+ local_1f8 = std::
+ _Func_impl_no_alloc<class_<lambda_32fdf254f5933dc84a7678471e6a5a7a>,void,struct_tdt_library_v_next::bit_shovel::pipeline_message_t_const&___ptr64>
+ ::vftable;
+ local_1c0 = &local_1f8;
+ local_1f0 = this;
+ piVar11 = (int *)data_network::
+ add_callback<struct_tdt_library_v_next::bit_shovel::pipeline_message_t>
+ ((data_network *)this,local_108,&local_1f8);
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_100);
+ iVar8 = local_540;
+ if (local_540 != 0) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_240,
+ "Unable to add pipeline message handling callback during pipeline startup.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_280,"root");
+ logger_client::logger::log_message(4,local_280,local_240);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_280);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_240);
+ }
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)&local_1f8);
+ }
+ if (iVar8 == 0) {
+ local_1b8 = std::
+ _Func_impl_no_alloc<class_<lambda_b214934e424f21e649ee5267d2a3c494>,void,struct_tdt_library_v_next::bit_shovel::detection_notification_message_with_telemetry_blob_t_const&___ptr64>
+ ::vftable;
+ local_180 = &local_1b8;
+ local_1b0 = this;
+ piVar11 = (int *)data_network::
+ add_callback<struct_tdt_library_v_next::bit_shovel::detection_notification_message_with_telemetry_blob_t>
+ ((data_network *)this,local_e0,&local_1b8);
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_d8);
+ iVar8 = local_540;
+ if (local_540 != 0) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_178,
+ "Unable to add detection message handling callback during pipeline startup.\n");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_220,"root");
+ logger_client::logger::log_message(4,local_220,local_178);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_220);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_178);
+ }
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)&local_1b8);
+ }
+ std::unique_lock<class_std::mutex>::unlock(local_628);
+ if (iVar8 == 0) {
+ **(undefined **)this = 1;
+ local_688 = *(longlong **)(this + 0x38);
+ iVar8 = 0;
+ for (plVar9 = *(longlong **)(this + 0x30); local_680 = plVar9, plVar9 != local_688;
+ plVar9 = plVar9 + 2) {
+ piVar11 = (int *)(**(code **)(*(longlong *)*plVar9 + 0x18))
+ ((longlong *)*plVar9,local_b8,this);
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_b0);
+ iVar8 = local_540;
+ if (local_540 != 0) {
+ local_668 = (int *)&DAT_2;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_2);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 5)) {
+ uStack_4b0 = 0;
+ local_4a8 = 0;
+ local_4a0 = 0xf;
+ local_4b8 = (undefined8 ****)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ assign((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_4b8,"ERROR: formatting message!");
+ puVar17 = (undefined8 *)(*plVar9 + 8);
+ if (0xf < *(ulonglong *)(*plVar9 + 0x20)) {
+ puVar17 = (undefined8 *)*puVar17;
+ }
+ cVar16 = 'P';
+ iVar7 = snprintf((undefined *)0x0,0,0x75aefa450,puVar17);
+ if (0 < iVar7 + 1) {
+ local_670 = (pipeline_manager_impl *)(longlong)(iVar7 + 1);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ resize((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_4b8,(__uint64)local_670,cVar16);
+ puVar17 = (undefined8 *)(*plVar9 + 8);
+ if (0xf < *(ulonglong *)(*plVar9 + 0x20)) {
+ puVar17 = (undefined8 *)*puVar17;
+ }
+ ppppuVar13 = &local_4b8;
+ if (0xf < local_4a0) {
+ ppppuVar13 = (undefined8 ****)local_4b8;
+ }
+ snprintf((undefined *)ppppuVar13,(ulonglong)local_670,0x75aefa450,puVar17);
+ ppppuVar13 = &local_4b8;
+ if (0xf < local_4a0) {
+ ppppuVar13 = (undefined8 ****)local_4b8;
+ }
+ lVar14 = local_4a8 + -1;
+ if (*(char *)(lVar14 + (longlong)ppppuVar13) == '\0') {
+ ppppuVar13 = &local_4b8;
+ if (0xf < local_4a0) {
+ ppppuVar13 = (undefined8 ****)local_4b8;
+ }
+ local_4a8 = lVar14;
+ *(undefined *)((longlong)ppppuVar13 + lVar14) = 0;
+ }
+ }
+ plVar5 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_340,"root");
+ logger_client::logger::log
+ (plVar5,4,local_340,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_4b8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_340);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_4b8);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ break;
+ }
+ }
+ if (iVar8 != 0) goto LAB_3;
+ data_network::wait_for_completion((data_network *)this);
+ bVar6 = std::_State_manager<int>::valid((_State_manager<int> *)(this + 0xe8));
+ if (bVar6) {
+ std::_State_manager<int>::wait((_State_manager<int> *)(this + 0xe8));
+ }
+ if (*(int *)(this + 0x138) != 0) {
+ if (*(longlong *)(this + 0x170) != 0) {
+ local_5f0 = &DAT_2;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_2);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 5)) {
+ uStack_490 = 0;
+ local_488 = 0;
+ local_480 = 0xf;
+ local_498 = (undefined8 ****)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ assign((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_498,"ERROR: formatting message!");
+ ppVar15 = this + 0x160;
+ ppVar18 = ppVar15;
+ if (0xf < *(ulonglong *)(this + 0x178)) {
+ ppVar18 = *(pipeline_manager_impl **)ppVar15;
+ }
+ cVar16 = '(';
+ iVar8 = snprintf((undefined *)0x0,0,0x75ae41a28,ppVar18);
+ iVar8 = iVar8 + 1;
+ if (0 < iVar8) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ resize((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_498,(longlong)iVar8,cVar16);
+ if (0xf < *(ulonglong *)(this + 0x178)) {
+ ppVar15 = *(pipeline_manager_impl **)ppVar15;
+ }
+ ppppuVar13 = &local_498;
+ if (0xf < local_480) {
+ ppppuVar13 = (undefined8 ****)local_498;
+ }
+ snprintf((undefined *)ppppuVar13,(longlong)iVar8,0x75ae41a28,ppVar15);
+ ppppuVar13 = &local_498;
+ if (0xf < local_480) {
+ ppppuVar13 = (undefined8 ****)local_498;
+ }
+ lVar14 = local_488 + -1;
+ if (*(char *)((longlong)ppppuVar13 + lVar14) == '\0') {
+ ppppuVar13 = &local_498;
+ if (0xf < local_480) {
+ ppppuVar13 = (undefined8 ****)local_498;
+ }
+ local_488 = lVar14;
+ *(undefined *)((longlong)ppppuVar13 + lVar14) = 0;
+ }
+ }
+ plVar5 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_320,"root");
+ logger_client::logger::log
+ (plVar5,4,local_320,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_498);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_320);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_498);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ }
+ if (*(longlong *)(this + 0x150) != 0) {
+ local_5e8 = &DAT_2;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_2);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 5)) {
+ uStack_470 = 0;
+ local_468 = 0;
+ local_460 = 0xf;
+ local_478 = (undefined8 ****)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ assign((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_478,"ERROR: formatting message!");
+ ppVar15 = this + 0x140;
+ if (0xf < *(ulonglong *)(this + 0x158)) {
+ ppVar15 = *(pipeline_manager_impl **)ppVar15;
+ }
+ cVar16 = -0x80;
+ iVar8 = snprintf((undefined *)0x0,0,0x75aefa480,ppVar15);
+ iVar8 = iVar8 + 1;
+ if (0 < iVar8) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ resize((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_478,(longlong)iVar8,cVar16);
+ ppVar15 = this + 0x140;
+ if (0xf < *(ulonglong *)(this + 0x158)) {
+ ppVar15 = *(pipeline_manager_impl **)ppVar15;
+ }
+ ppppuVar13 = &local_478;
+ if (0xf < local_460) {
+ ppppuVar13 = (undefined8 ****)local_478;
+ }
+ snprintf((undefined *)ppppuVar13,(longlong)iVar8,0x75aefa480,ppVar15);
+ ppppuVar13 = &local_478;
+ if (0xf < local_460) {
+ ppppuVar13 = (undefined8 ****)local_478;
+ }
+ lVar14 = local_468 + -1;
+ if (*(char *)((longlong)ppppuVar13 + lVar14) == '\0') {
+ ppppuVar13 = &local_478;
+ if (0xf < local_460) {
+ ppppuVar13 = (undefined8 ****)local_478;
+ }
+ local_468 = lVar14;
+ *(undefined *)((longlong)ppppuVar13 + lVar14) = 0;
+ }
+ }
+ plVar5 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_300,"root");
+ logger_client::logger::log
+ (plVar5,4,local_300,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_478);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_300);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_478);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ }
+ local_540 = 3;
+ }
+ if (local_540 != 0) goto LAB_3;
+ puVar4 = *(undefined8 **)(this + 0x20);
+ for (puVar17 = *(undefined8 **)(this + 0x18); iVar8 = local_540, puVar17 != puVar4;
+ puVar17 = puVar17 + 2) {
+ piVar11 = (int *)(**(code **)(*(longlong *)*puVar17 + 8))((longlong *)*puVar17,local_90);
+ local_540 = *piVar11;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar11 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_88);
+ iVar8 = local_540;
+ if (local_540 != 0) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_2c0,"A data source failed to start.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_2e0,"root");
+ logger_client::logger::log_message(4,local_2e0,local_2c0);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_2e0);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_2c0);
+ break;
+ }
+ }
+ if (iVar8 != 0) goto LAB_3;
+ LOCK();
+ if (*(int *)(local_658 + 0x138) == 0) {
+ *(int *)(local_658 + 0x138) = 1;
+ }
+ UNLOCK();
+ }
+ else {
+LAB_3:
+ LOCK();
+ *(undefined4 *)(local_658 + 0x138) = 0;
+ UNLOCK();
+ uStack_410 = 0;
+ local_408 = 0;
+ local_400 = 0xf;
+ local_418 = 0;
+ uStack_3f0 = 0;
+ local_3e8 = 0;
+ local_3e0 = 0xf;
+ local_3f8 = 0;
+ pipeline_plugin_exit_details_t::operator=
+ ((pipeline_plugin_exit_details_t *)(this + 0x140),
+ (pipeline_plugin_exit_details_t *)&local_418);
+ AntiRootkit::PeFileImportInfo::~PeFileImportInfo((PeFileImportInfo *)&local_418);
+ _reset(this,true);
+ }
+ *param_1 = local_540;
+ *(ulonglong *)(param_1 + 2) = local_538;
+ *(undefined8 *)(param_1 + 4) = uStack_530;
+ *(undefined8 *)(param_1 + 6) = local_528;
+ *(undefined8 *)(param_1 + 8) = uStack_520;
+ local_528 = 0;
+ uStack_520 = 0xf;
+ local_538 = local_538 & 0xffffffffffffff00;
+ if (local_630 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(local_630);
+ }
+ std::
+ shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>_>_>_>
+ ::
+ ~shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>_>_>_>
+ ((shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>_>_>_>
+ *)local_648);
+ std::unique_lock<class_std::mutex>::~unique_lock<class_std::mutex>(local_628);
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_538);
+ param_4 = local_678;
+LAB_0:
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy(param_4);
+ __security_check_cookie(local_40 ^ (ulonglong)auStack_6b8);
+ return;
+}
+
MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.0 |
| i_ratio | 0.56 |
| m_ratio | 0.69 |
| b_ratio | 0.86 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | Register | Register |
| fullname | MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register | MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register |
| refcount | 3 | 3 |
length |
934 | 873 |
called |
Expand for full list:CxxThrowException |
Expand for full list:CxxThrowException |
| calling | MpSignatureStore<struct_nid64_entry_t,unsigned___int64,1,0,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0>::MpSignatureStore<struct_nid64_entry_t,unsigned___int64,1,0,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0> | MpSignatureStore<struct_nid64_entry_t,unsigned___int64,1,0,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0>::MpSignatureStore<struct_nid64_entry_t,unsigned___int64,1,0,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0> |
| paramcount | 2 | 2 |
address |
75a79f988 | 75a2218e4 |
| sig | void __thiscall Register(MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1> * this, undefined2 param_1) | void __thiscall Register(MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1> * this, undefined2 param_1) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register Called Diff
--- MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register called
+++ MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register called
@@ -16,2 +16 @@
-std::_Uninitialized_value_construct_n<class_std::allocator<struct_MpSignatureSubType<struct_peemusig_t,unsigned_long,3,0,1,0,struct_MpEmptyEnumerator<struct_peemusig_t>,0,0,1>::ChunkEntry>_>
-std::vector<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry>_>::_Resize_reallocate<struct_std::_Value_init_tag>
+std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::_Resize<struct_std::_Value_init_tag>MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register Diff
--- MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register
+++ MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register
@@ -1,2 +1,172 @@
-Failed to decompile mpengine.dll - .ProgramDB MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>::Register : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* public: void __cdecl MpSignatureSubType<struct nid64_entry_t,unsigned __int64,1,0,0,0,struct
+ MpEmptyEnumerator<struct nid64_entry_t>,0,0,1>::Register(class CRecordType,bool) __ptr64 */
+
+void __thiscall
+MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+::Register(MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ *this,undefined2 param_1)
+
+{
+ vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>
+ *this_00;
+ undefined auVar1 [16];
+ undefined auVar2 [16];
+ ulonglong uVar3;
+ MP_ERROR MVar4;
+ uint uVar5;
+ LPVOID pvVar6;
+ undefined *puVar7;
+ longlong lVar8;
+ ulong uVar9;
+ ulonglong uVar10;
+ RMID_TYPE RVar11;
+ _Value_init_tag *p_Var12;
+ longlong lVar13;
+ ulonglong uVar14;
+ ulonglong uVar15;
+ code *local_78;
+ MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ *local_70;
+ undefined8 local_68;
+ code *local_60;
+ code *local_58;
+ MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ *local_50;
+ undefined **local_48;
+ undefined8 local_40;
+ undefined8 uStack_38;
+ char *local_30;
+
+ uVar10 = 0;
+ *(undefined2 *)(this + 100) = param_1;
+ this[0x41] = (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ )0x0;
+ local_78 = MpSignatureSubType<struct_snidex_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex_entry_t>,0,0,1>
+ ::InfoVir;
+ local_68 = 0;
+ p_Var12 = (_Value_init_tag *)&DAT_0;
+ local_70 = this;
+ MVar4 = regcntl(&local_78,0x18,0x14);
+ if (MVar4 != 0) {
+ local_48 = MpStdException::vftable;
+ local_30 = "Failed to register infovir callback";
+ local_40 = 0;
+ uStack_38 = 0;
+ /* WARNING: Subroutine does not return */
+ _CxxThrowException(&local_48,(ThrowInfo *)&_TI2_AVMpStdException__);
+ }
+ if (this[0x41] !=
+ (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ )0x0) {
+ if (gktab[0x15650] != (kernel_table)0x0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x21,
+ &WPP_7f154ba6bfc3328924459802a4bebb9a_Traceguids,(uint)(byte)this[100]);
+ }
+ MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>
+ ::LoadCache((MpSignatureSubType<struct_propertybag_entry_t,unsigned___int64,1,0,0,1,struct_MpEmptyEnumerator<struct_propertybag_entry_t>,0,0,1>
+ *)this);
+ if (*(int *)this == 0) {
+ return;
+ }
+ uVar9 = *(int *)this + g_RecIDBase;
+ puVar7 = WPP_GLOBAL_Control;
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ puVar7 = *(undefined **)(WPP_GLOBAL_Control + 0x10);
+ WPP_SF_DDL(puVar7,0x22,&WPP_7f154ba6bfc3328924459802a4bebb9a_Traceguids,g_RecIDBase,
+ (char)uVar9,this[100]);
+ }
+ *(ulong *)(this + 0x20) = g_RecIDBase;
+ RegisterRecIDHandler((ulong)puVar7,uVar9,GetThreatDetails,this);
+ g_RecIDBase = uVar9;
+ return;
+ }
+ if (gktab[0x15651] != (kernel_table)0x0) {
+ this[0x40] = (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ )0x1;
+ }
+ }
+ if (this[0x65] ==
+ (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ )0x0) {
+ uVar5 = ESTIMATED_RECORDS(*(undefined2 *)(this + 100));
+ uVar15 = CONCAT44(0,uVar5);
+ if (uVar5 != 0) {
+ auVar1._8_8_ = 0;
+ auVar1._0_8_ = uVar15 + 0xaaaaa9;
+ lVar8 = SUB168(ZEXT816(0x8000018000018001) * auVar1,8);
+ this_00 = (vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>
+ *)(this + 8);
+ std::
+ vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>
+ ::_Resize<struct_std::_Value_init_tag>
+ (this_00,lVar8 + ((uVar15 + 0xaaaaa9) - lVar8 >> 1) >> 0x17,p_Var12);
+ uVar14 = uVar10;
+ while (uVar3 = (*(longlong *)(this + 0x10) - *(longlong *)this_00) / 0x28, uVar14 < uVar3) {
+ auVar2._8_8_ = 0;
+ auVar2._0_8_ = uVar15;
+ lVar8 = SUB168(ZEXT816(0x8000018000018001) * auVar2,8);
+ lVar8 = uVar15 + ((uVar15 - lVar8 >> 1) + lVar8 >> 0x17) * -0xaaaaaa;
+ uVar14 = uVar14 + 1;
+ if (lVar8 == 0) {
+ lVar8 = 0xaaaaaa;
+ }
+ lVar13 = 0xaaaaaa;
+ if (uVar14 == uVar3) {
+ lVar13 = lVar8;
+ }
+ pvVar6 = `__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>(lVar13 * 0x18);
+ *(LPVOID *)(uVar10 + *(longlong *)this_00) = pvVar6;
+ if (*(longlong *)(uVar10 + *(longlong *)this_00) == 0) {
+ local_48 = MpStdException::vftable;
+ local_30 = "Failed to allocate memory";
+ local_40 = 0;
+ uStack_38 = 0;
+ /* WARNING: Subroutine does not return */
+ _CxxThrowException(&local_48,(ThrowInfo *)&_TI2_AVMpStdException__);
+ }
+ *(longlong *)(uVar10 + 0x18 + *(longlong *)this_00) = lVar13;
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 8) != 0)) {
+ WPP_SF_iL(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x23,
+ &WPP_7f154ba6bfc3328924459802a4bebb9a_Traceguids,
+ *(undefined8 *)(uVar10 + 0x18 + *(longlong *)this_00),this[100]);
+ }
+ uVar10 = uVar10 + 0x28;
+ }
+ }
+ }
+ local_70 = (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ *)0x0;
+ local_78 = RecordPush;
+ local_68 = CONCAT71(local_68._1_7_,this[100]);
+ local_60 = PostProcessRecords;
+ local_58 = (code *)0x0;
+ if (this[0x65] ==
+ (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ )0x0) {
+ RVar11 = (-(uint)(this[0x40] !=
+ (MpSignatureSubType<struct_nid64_entry_t,unsigned___int64,1,0,0,0,struct_MpEmptyEnumerator<struct_nid64_entry_t>,0,0,1>
+ )0x0) & 2) + 0xc;
+ }
+ else {
+ RVar11 = 0xd;
+ local_58 = MpSignatureSubType<struct_snidex_entry_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_snidex_entry_t>,0,0,1>
+ ::UnloadRecords;
+ }
+ local_50 = this;
+ MVar4 = regcntl(&local_78,0x30,RVar11);
+ if (MVar4 == 0) {
+ return;
+ }
+ local_48 = MpStdException::vftable;
+ local_30 = "Failed to register receiver callback";
+ local_40 = 0;
+ uStack_38 = 0;
+ /* WARNING: Subroutine does not return */
+ _CxxThrowException(&local_48,(ThrowInfo *)&_TI2_AVMpStdException__);
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,refcount,length,address,called |
| ratio | 0.02 |
| i_ratio | 0.33 |
| m_ratio | 0.76 |
| b_ratio | 0.74 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | agent_init | agent_init |
| fullname | tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init | tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init |
refcount |
4 | 3 |
length |
1375 | 1547 |
called |
Expand for full list:std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> |
Expand for full list:std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> |
| calling | ||
| paramcount | 5 | 5 |
address |
75a9bf7f0 | 75a9aa7e0 |
| sig | result_type __thiscall agent_init(isv_sample_agent_tbd * this, int * param_1, channel_registry * param_2, basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>_> * param_3, data_network * param_4) | result_type __thiscall agent_init(isv_sample_agent_tbd * this, int * param_1, channel_registry * param_2, basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>_> * param_3, data_network * param_4) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init called
+++ tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init called
@@ -9,0 +10 @@
+std::_Ref_count_base::_Decref
@@ -16,0 +18 @@
+std::shared_ptr<struct_ObjectManager::MutantObject>::shared_ptr<struct_ObjectManager::MutantObject>
@@ -21,0 +24 @@
+tdt_library_v_next::bit_shovel::data_network::get_api<class_std::shared_ptr<class_tdt_library_v_next::tdt_os_apis::os_api_t>_>
@@ -24 +27 @@
-tdt_utils::toupper
+tdt_library_v_next::tdt_utils::toupper--- tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init
+++ tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init
@@ -1,467 +1,416 @@
/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
guard_dispatch_icall */
-/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* public: virtual class tdt_library_v_next::bit_shovel::result_type __cdecl
+ tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init(class
+ tdt_library_v_next::bit_shovel::channel_registry const & __ptr64,class
+ boost::property_tree::basic_ptree<class std::basic_string<char,struct
+ std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct
+ std::char_traits<char>,class std::allocator<char> >,struct std::less<class
+ std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > &
+ __ptr64,class tdt_library_v_next::bit_shovel::data_network & __ptr64) __ptr64 */
void __thiscall
-std::_Ref_count<class_tdt::tdt_pt_decode>::agent_init
- (isv_sample_agent_tbd *this,undefined8 *param_1)
+tdt_library_v_next::bit_shovel_plugins::isv_sample_agent_tbd::agent_init
+ (isv_sample_agent_tbd *this,int *param_1,channel_registry *param_2,
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *param_3,data_network *param_4)
{
- default_delete<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl>
- *this_00;
- profiling_database_service_api_impl *ppVar1;
- logger *plVar2;
- bool bVar3;
- char cVar4;
- int iVar5;
- path *this_01;
+ longlong lVar1;
+ data_network *pdVar2;
+ isv_sample_agent_tbd iVar3;
+ int iVar4;
+ vector<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *pvVar5;
basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar6;
- shared_ptr<struct_ObjectManager::MutantObject> *psVar7;
- longlong lVar8;
- longlong *plVar9;
- longlong *plVar10;
- int *piVar11;
- undefined *puVar12;
- longlong lVar13;
- undefined8 *puVar14;
- longlong unaff_RBP;
- uint unaff_ESI;
- int *unaff_RDI;
- undefined8 uVar15;
- data_network *unaff_R12;
- basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
- *unaff_R13;
- int unaff_R14D;
- _Ref_count_base *this_02;
- longlong unaff_R15;
- dll_database in_stack_00000030;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar7;
+ int *piVar8;
+ ulonglong uVar9;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar10;
+ undefined auStack_1a8 [32];
+ data_network *local_188;
+ bool local_178;
+ isv_sample_agent_tbd local_177;
+ undefined4 local_174;
+ longlong local_170;
+ _Ref_count_base *local_168;
+ int *local_160;
+ isv_sample_agent_tbd *local_158;
+ undefined8 uStack_150;
+ longlong local_148;
+ undefined **local_138;
+ isv_sample_agent_tbd *local_130;
+ data_network *local_128;
+ longlong local_120;
+ undefined ***local_100;
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ local_f8 [8];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_f0 [40];
+ undefined **local_c8;
+ undefined8 local_c0;
+ undefined4 uStack_b8;
+ undefined4 uStack_b4;
+ undefined ***local_90;
+ undefined **local_88;
+ isv_sample_agent_tbd *local_80;
+ undefined ***local_50;
+ ulonglong local_48;
- filesystem::
- _Convert_Source_to_wide<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::filesystem::_Normal_conversion>
- ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
- *)this,param_1);
- filesystem::
- _Convert_Source_to_wide<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::filesystem::_Normal_conversion>
- ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
- *)(unaff_RBP + 0x60),(undefined8 *)(unaff_RBP + 0x188));
- this_01 = filesystem::path::operator/=((path *)(unaff_RBP + 0x60),(path *)(unaff_RBP + 0xe8));
- pbVar6 = filesystem::path::string
- (this_01,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0xa0));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x108),pbVar6);
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0));
- basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
- _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
- *)(unaff_RBP + 0x60));
- basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
- _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
- *)(unaff_RBP + 0xe8));
- *(undefined8 *)(unaff_RBP + 0xe8) = 0;
- *(undefined8 *)(unaff_RBP + 0xf0) = 0;
- if (*unaff_RDI == unaff_R14D) {
- psVar7 = tdt_library_v_next::bit_shovel::data_network::
- get_api<class_std::shared_ptr<class_tdt_library_v_next::tdt_app_profiling::platform_service_t>_>
- (unaff_R12,
- (shared_ptr<struct_ObjectManager::MutantObject> *)(unaff_RBP + 200));
- lVar8 = *(longlong *)psVar7;
- this_02 = *(_Ref_count_base **)(psVar7 + 8);
- *(undefined8 *)psVar7 = 0;
- *(undefined8 *)(psVar7 + 8) = 0;
- *(longlong *)(unaff_RBP + 0xe8) = lVar8;
- *(_Ref_count_base **)(unaff_RBP + 0xf0) = this_02;
- if (*(_Ref_count_base **)(unaff_RBP + 0xd0) != (_Ref_count_base *)0x0) {
- _Ref_count_base::_Decref(*(_Ref_count_base **)(unaff_RBP + 0xd0));
+ local_48 = __security_cookie ^ (ulonglong)auStack_1a8;
+ local_174 = 1;
+ local_188 = param_4;
+ local_160 = param_1;
+ isv_sample_agent::agent_init();
+ local_174 = 1;
+ if (*param_1 == 0) {
+ bit_shovel::data_network::
+ get_api<class_std::shared_ptr<class_tdt_library_v_next::tdt_os_apis::os_api_t>_>
+ (param_4,(shared_ptr<struct_ObjectManager::MutantObject> *)&local_170);
+ if (local_170 == 0) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158,"OS APIs missing in network");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_138,"root");
+ logger_client::logger::log_message
+ (4,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_138,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ *param_1 = 0x1adba;
}
- if (lVar8 == 0) {
- *unaff_RDI = 0x1d4c4;
+ else {
+ pvVar5 = bit_shovel::channel_registry::
+ get_sources<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_>
+ (param_2);
+ if (*(longlong *)pvVar5 == *(longlong *)(pvVar5 + 8)) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158,"No source for core_telemetry_data_message_t data type.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_138,"root");
+ logger_client::logger::log_message
+ (2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_138,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ }
+ pvVar5 = bit_shovel::channel_registry::
+ get_sources<class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::publisher_monitor_response_t>_>
+ (param_2);
+ if (*(longlong *)pvVar5 == *(longlong *)(pvVar5 + 8)) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158,"No source for core_telemetry_publisher_monitor_response_t data type."
+ );
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_138,"root");
+ logger_client::logger::log_message
+ (2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_138,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ }
+ pvVar5 = bit_shovel::channel_registry::
+ get_sinks<class_std::shared_ptr<class_std::vector<struct_tdt_library_v_next::tdt_app_profiling::publisher_monitor_command_t,class_std::allocator<struct_tdt_library_v_next::tdt_app_profiling::publisher_monitor_command_t>_>_>_>
+ (param_2);
+ if (*(longlong *)pvVar5 == *(longlong *)(pvVar5 + 8)) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158,
+ "No sink for core_telemetry_publisher_monitor_command_list_t data type.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_138,"root");
+ logger_client::logger::log_message
+ (2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_138,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ }
+ if (this[0x6a] == (isv_sample_agent_tbd)0x0) {
+ uVar9 = *(ulonglong *)(*(longlong *)(this + 0x60) + 0x100);
+ if (uVar9 != 0) {
+ uVar9 = (ulonglong)*(uint *)(uVar9 + 0x40);
+ }
+ *(int *)(this + 0xb4) = (int)uVar9;
+ if ((int)uVar9 != 0) {
+ pbVar6 = std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_f8,&DAT_0,0x75af02ee8);
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ((string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)&local_c8,pbVar6);
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get_optional<bool>(param_3,&local_178);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_c8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_f8);
+ if (local_178 != false) {
+ this[0xc0] = local_177;
+ }
+ local_158 = this;
+ std::shared_ptr<struct_ObjectManager::MutantObject>::
+ shared_ptr<struct_ObjectManager::MutantObject>
+ ((shared_ptr<struct_ObjectManager::MutantObject> *)&uStack_150,
+ (shared_ptr<struct_ObjectManager::MutantObject> *)&local_170);
+ local_138 = std::
+ _Func_impl_no_alloc<class_<lambda_5f1968e343caaf36182fad2d6526cfbd>,void,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>
+ ::vftable;
+ local_130 = local_158;
+ local_128 = uStack_150;
+ local_120 = local_148;
+ local_100 = &local_138;
+ piVar8 = (int *)bit_shovel::data_network::
+ add_callback<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_>
+ (param_4,local_f8,&local_138,0);
+ *param_1 = *piVar8;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ operator=((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (param_1 + 2),
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar8 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_f0);
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)&local_138);
+ }
+ }
+ else {
+ local_178 = false;
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ (local_f8,
+ "core_telemetry_publisher.pmu_event_settings.enable_pmu_per_process_monitoring");
+ iVar3 = (isv_sample_agent_tbd)
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get<bool>(param_3,local_f8,&local_178);
+ this[0xb0] = iVar3;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_f8);
+ pbVar6 = std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138,&DAT_0,0x75af01d18);
+ pbVar6 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((undefined8 *)local_f8,pbVar6,"windows");
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ((string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)&local_c8,pbVar6);
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get_child_optional(param_3,&local_158,&local_c8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_c8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_f8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ if (local_158 == (isv_sample_agent_tbd *)0x0) {
+ *param_1 = 0x1adb1;
+ }
+ if (*param_1 == 0) {
+ uVar9 = *(ulonglong *)(local_158 + 0x20);
+ lVar1 = *(longlong *)
+ (*(longlong *)((-(ulonglong)(uVar9 != 0xffffffffffffffef) & uVar9) + 8) + 0x68);
+ pbVar6 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **
+ )((-(ulonglong)(uVar9 != 0xffffffffffffffef) & uVar9) + 8);
+ pbVar10 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (-(ulonglong)(lVar1 != 0) & lVar1 - 0x60U);
+ while (pbVar10 != pbVar6) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138,pbVar10);
+ if (local_128 == (data_network *)0x0) {
+ *param_1 = 0x1adb4;
+LAB_1:
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ break;
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_f8,"");
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ((string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)&local_c8,"process_path");
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ get<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+ ((basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)(pbVar10 + 0x20),&local_158,&local_c8,local_f8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_c8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_f8);
+ if (local_148 == 0) {
+ *param_1 = 0x1adb6;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ goto LAB_1;
+ }
+ tdt_utils::toupper((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ std::
+ list<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ _Emplace<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const&___ptr64>
+ ((list<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)(this + 0xa0),
+ *(_List_node<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,void*___ptr64>
+ **)(this + 0xa0),
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_138);
+ pbVar7 = pbVar10 + 0x68;
+ if (pbVar10 ==
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)0x0)
+ {
+ pbVar7 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&DAT_2;
+ }
+ pbVar10 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)(-(ulonglong)(*(longlong *)pbVar7 != 0) & *(longlong *)pbVar7 - 0x60U);
+ }
+ }
+ local_c0 = (isv_sample_agent_tbd *)CONCAT44(local_c0._4_4_,(undefined4)local_c0);
+ if (*param_1 == 0) {
+ iVar4 = 0;
+ if (*(longlong *)(this + 0xa8) == 0) {
+ iVar4 = 0x1adb2;
+ *param_1 = 0x1adb2;
+ }
+ local_c0 = (isv_sample_agent_tbd *)CONCAT44(local_c0._4_4_,(undefined4)local_c0);
+ if (iVar4 == 0) {
+ uStack_150 = param_4;
+ pdVar2 = uStack_150;
+ local_c8 = std::
+ _Func_impl_no_alloc<class_<lambda_2c98c2c7a16b33ecf6fb98d2454b7752>,void,class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_const&___ptr64>
+ ::vftable;
+ uStack_150._0_4_ = SUB84(param_4,0);
+ uStack_150._4_4_ = (undefined4)((ulonglong)param_4 >> 0x20);
+ uStack_b8 = (undefined4)uStack_150;
+ uStack_b4 = uStack_150._4_4_;
+ local_90 = &local_c8;
+ local_158 = this;
+ uStack_150 = pdVar2;
+ local_c0 = this;
+ piVar8 = (int *)bit_shovel::data_network::
+ add_callback<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_base_t>_>
+ (param_4,local_f8,&local_c8,1);
+ *param_1 = *piVar8;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ operator=((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)(param_1 + 2),
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)(piVar8 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_f0);
+ std::
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)&local_c8);
+ }
+ }
+ if (*param_1 == 0) {
+ local_88 = std::
+ _Func_impl_no_alloc<class_<lambda_e5f4a8203d32a0a83cd2e97a4a8014d3>,void,class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::publisher_monitor_response_t>_const&___ptr64>
+ ::vftable;
+ local_50 = &local_88;
+ local_80 = this;
+ piVar8 = (int *)bit_shovel::data_network::
+ add_callback<class_std::shared_ptr<struct_tdt_library_v_next::tdt_app_profiling::publisher_monitor_response_t>_>
+ (param_4,local_f8,&local_88);
+ *param_1 = *piVar8;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ operator=((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (param_1 + 2),
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ (piVar8 + 2));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_f0);
+ if (local_50 != (undefined ***)0x0) {
+ (*(code *)(*local_50)[4])
+ (local_50,CONCAT71((int7)((ulonglong)&local_88 >> 8),local_50 != &local_88));
+ }
+ }
+ }
+ }
+ if (local_168 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(local_168);
}
}
- else {
- this_02 = *(_Ref_count_base **)(unaff_RBP + 0xf0);
- }
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 200),"Configuration parameters");
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),"root");
- tdt_library_v_next::logger_client::logger::log_message
- (2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 200));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 200));
- *(undefined8 **)(unaff_RBP + 200) = &DAT_0;
- _Mutex_base::lock((_Mutex_base *)&DAT_0);
- if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
- *(undefined8 *)(unaff_RBP + 0x60) = 0;
- *(undefined8 *)(unaff_RBP + 0x68) = 0;
- *(undefined8 *)(unaff_RBP + 0x70) = 0;
- *(undefined8 *)(unaff_RBP + 0x78) = 0xf;
- *(undefined *)(unaff_RBP + 0x60) = 0;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),"ERROR: formatting message!");
- cVar4 = -0x20;
- iVar5 = snprintf((undefined *)0x0,0,0x75af04ee0,(ulonglong)unaff_ESI);
- iVar5 = iVar5 + 1;
- if (0 < iVar5) {
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),(longlong)iVar5,cVar4);
- puVar12 = (undefined *)(unaff_RBP + 0x60);
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- puVar12 = *(undefined **)(unaff_RBP + 0x60);
- }
- snprintf(puVar12,(longlong)iVar5,0x75af04ee0,(ulonglong)unaff_ESI);
- lVar8 = unaff_RBP + 0x60;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x60);
- }
- lVar13 = *(longlong *)(unaff_RBP + 0x70) + -1;
- if (*(char *)(lVar8 + lVar13) == '\0') {
- lVar8 = unaff_RBP + 0x60;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x60);
- }
- *(longlong *)(unaff_RBP + 0x70) = lVar13;
- *(undefined *)(lVar8 + lVar13) = 0;
- }
- }
- plVar2 = _m_instance;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0),"root");
- tdt_library_v_next::logger_client::logger::log
- (plVar2,2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0xa0),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- }
- _Mtx_unlock(0x75b251fb0);
- *(undefined8 **)(unaff_RBP + 200) = &DAT_0;
- _Mutex_base::lock((_Mutex_base *)&DAT_0);
- if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
- *(undefined8 *)(unaff_RBP + 0x60) = 0;
- *(undefined8 *)(unaff_RBP + 0x68) = 0;
- *(undefined8 *)(unaff_RBP + 0x70) = 0;
- *(undefined8 *)(unaff_RBP + 0x78) = 0xf;
- *(undefined *)(unaff_RBP + 0x60) = 0;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),"ERROR: formatting message!");
- lVar8 = unaff_RBP + 0x128;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x140)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x128);
- }
- cVar4 = -0x40;
- iVar5 = snprintf((undefined *)0x0,0,0x75af04ec0,lVar8);
- iVar5 = iVar5 + 1;
- if (0 < iVar5) {
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),(longlong)iVar5,cVar4);
- lVar8 = unaff_RBP + 0x128;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x140)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x128);
- }
- puVar12 = (undefined *)(unaff_RBP + 0x60);
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- puVar12 = *(undefined **)(unaff_RBP + 0x60);
- }
- snprintf(puVar12,(longlong)iVar5,0x75af04ec0,lVar8);
- lVar8 = unaff_RBP + 0x60;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x60);
- }
- lVar13 = *(longlong *)(unaff_RBP + 0x70) + -1;
- if (*(char *)(lVar8 + lVar13) == '\0') {
- lVar8 = unaff_RBP + 0x60;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x60);
- }
- *(longlong *)(unaff_RBP + 0x70) = lVar13;
- *(undefined *)(lVar8 + lVar13) = 0;
- }
- }
- plVar2 = _m_instance;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0),"root");
- tdt_library_v_next::logger_client::logger::log
- (plVar2,2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0xa0),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- }
- _Mtx_unlock(0x75b251fb0);
- *(undefined8 **)(unaff_RBP + 200) = &DAT_0;
- _Mutex_base::lock((_Mutex_base *)&DAT_0);
- if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
- *(undefined8 *)(unaff_RBP + 0x60) = 0;
- *(undefined8 *)(unaff_RBP + 0x68) = 0;
- *(undefined8 *)(unaff_RBP + 0x70) = 0;
- *(undefined8 *)(unaff_RBP + 0x78) = 0xf;
- *(undefined *)(unaff_RBP + 0x60) = 0;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),"ERROR: formatting message!");
- lVar8 = unaff_RBP + 0x108;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x120)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x108);
- }
- cVar4 = -0x60;
- iVar5 = snprintf((undefined *)0x0,0,0x75af04ea0,lVar8);
- iVar5 = iVar5 + 1;
- if (0 < iVar5) {
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60),(longlong)iVar5,cVar4);
- lVar8 = unaff_RBP + 0x108;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x120)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x108);
- }
- puVar12 = (undefined *)(unaff_RBP + 0x60);
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- puVar12 = *(undefined **)(unaff_RBP + 0x60);
- }
- snprintf(puVar12,(longlong)iVar5,0x75af04ea0,lVar8);
- lVar8 = unaff_RBP + 0x60;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x60);
- }
- lVar13 = *(longlong *)(unaff_RBP + 0x70) + -1;
- if (*(char *)(lVar8 + lVar13) == '\0') {
- lVar8 = unaff_RBP + 0x60;
- if (0xf < *(ulonglong *)(unaff_RBP + 0x78)) {
- lVar8 = *(longlong *)(unaff_RBP + 0x60);
- }
- *(longlong *)(unaff_RBP + 0x70) = lVar13;
- *(undefined *)(lVar8 + lVar13) = 0;
- }
- }
- plVar2 = _m_instance;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0),"root");
- tdt_library_v_next::logger_client::logger::log
- (plVar2,2,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0xa0),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- }
- _Mtx_unlock(0x75b251fb0);
- if (*unaff_RDI != 0) goto LAB_1;
- psVar7 = (shared_ptr<struct_ObjectManager::MutantObject> *)(unaff_RBP + 200);
- plVar9 = (longlong *)
- shared_ptr<struct_ObjectManager::MutantObject>::
- shared_ptr<struct_ObjectManager::MutantObject>
- (psVar7,(shared_ptr<struct_ObjectManager::MutantObject> *)(unaff_RBP + 0xe8));
- bVar3 = tdt_library_v_next::bit_shovel_plugins::profiling_database_service::_import_database
- (psVar7,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0x108),(undefined8 *)(unaff_RBP + 0x148),unaff_R12,
- plVar9);
- if (!bVar3) {
- *unaff_RDI = 0x1d4c5;
- }
- if (*unaff_RDI != 0) goto LAB_1;
- psVar7 = (shared_ptr<struct_ObjectManager::MutantObject> *)(unaff_RBP + 200);
- plVar9 = (longlong *)
- shared_ptr<struct_ObjectManager::MutantObject>::
- shared_ptr<struct_ObjectManager::MutantObject>
- (psVar7,(shared_ptr<struct_ObjectManager::MutantObject> *)(unaff_RBP + 0xe8));
- bVar3 = tdt_library_v_next::bit_shovel_plugins::profiling_database_service::_import_database
- (psVar7,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0x128),(undefined8 *)(unaff_RBP + 0x168),unaff_R12,
- plVar9);
- iVar5 = (int)unaff_R12;
- if (!bVar3) {
- *unaff_RDI = 0x1d4c5;
- }
- if (*unaff_RDI != 0) goto LAB_1;
- if ((unaff_ESI & 1) == 0) {
- bVar3 = false;
-LAB_2:
- if (!bVar3) {
- filesystem::
- _Convert_Source_to_wide<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::filesystem::_Normal_conversion>
- ((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
- *)(unaff_RBP + 0xa0),(undefined8 *)(unaff_RBP + 0x108));
- bVar3 = filesystem::exists((path *)(unaff_RBP + 0xa0));
- basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>::
- _Tidy_deallocate((basic_string<wchar_t,struct_std::char_traits<wchar_t>,class_std::allocator<wchar_t>_>
- *)(unaff_RBP + 0xa0));
- if (bVar3) {
- pbVar6 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x108);
- basic_ifstream<char,struct_std::char_traits<char>_>::
- basic_ifstream<char,struct_std::char_traits<char>_>
- ((basic_ifstream<char,struct_std::char_traits<char>_> *)&stack0x00000050,pbVar6,
- 0x24,iVar5);
- uVar15 = 2;
- basic_istream<char,struct_std::char_traits<char>_>::seekg
- ((basic_istream<char,struct_std::char_traits<char>_> *)&stack0x00000050,
- (__int64)pbVar6,2);
- puVar14 = basic_istream<char,struct_std::char_traits<char>_>::tellg
- ((basic_istream<char,struct_std::char_traits<char>_> *)&stack0x00000050,
- (undefined8 *)(unaff_RBP + 200),uVar15);
- if (*(longlong *)(unaff_RBP + 200) + *(longlong *)(unaff_RBP + 0xd0) == 0) {
- *unaff_RDI = 0x1d4c7;
- }
- basic_istream<char,struct_std::char_traits<char>_>::seekg
- ((basic_istream<char,struct_std::char_traits<char>_> *)&stack0x00000050,
- (__int64)puVar14,0);
- basic_ifstream<char,struct_std::char_traits<char>_>::_vbase_destructor_
- ((basic_ifstream<char,struct_std::char_traits<char>_> *)&stack0x00000050);
- }
- else {
- *unaff_RDI = 0x1d4c6;
- }
- }
- }
- else {
- bVar3 = true;
- if ((unaff_ESI & 0x20) == 0) goto LAB_2;
- *unaff_RDI = 0x1d4c9;
- }
- if (*unaff_RDI == 0) {
- in_stack_00000030 = (dll_database)0x1;
- pbVar6 = operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)(unaff_RBP + 0xa0),(undefined8 *)(unaff_R15 + 8),0x75af04e90);
- boost::property_tree::
- string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
- ::
- string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
- ((string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
- *)(unaff_RBP + 0x60),pbVar6);
- in_stack_00000030 =
- (dll_database)
- boost::property_tree::
- basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
- ::get<bool>(unaff_R13,
- (string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
- *)(unaff_RBP + 0x60),(bool *)&stack0x00000030);
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x60));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa0));
- plVar10 = make_unique<class_tdt_library_v_next::tdt_app_profiling::profiling_database_service_api_impl,class_std::shared_ptr<class_tdt_library_v_next::tdt_app_profiling::platform_service_t>&___ptr64,unsigned_int&___ptr64,bool_const&___ptr64,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>&___ptr64,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>&___ptr64,0>
- ((undefined8 *)(unaff_RBP + 200),
- (shared_ptr<struct_ObjectManager::MutantObject> *)(unaff_RBP + 0xe8),
- (uint *)&stack0x00000038,&stack0x00000030,(undefined8 *)(unaff_RBP + 0x128)
- ,(undefined8 *)(unaff_RBP + 0x108));
- plVar9 = (longlong *)(unaff_R15 + 0x50);
- if (plVar9 != plVar10) {
- this_00 = (default_delete<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl>
- *)*plVar10;
- *plVar10 = 0;
- ppVar1 = (profiling_database_service_api_impl *)*plVar9;
- *plVar9 = (longlong)this_00;
- if (ppVar1 != (profiling_database_service_api_impl *)0x0) {
- default_delete<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl>
- ::operator()(this_00,ppVar1);
- }
- }
- unique_ptr<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl,struct_std::default_delete<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl>_>
- ::
- ~unique_ptr<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl,struct_std::default_delete<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl>_>
- ((unique_ptr<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl,struct_std::default_delete<class_tdt_library_v_current::tdt_app_profiling::profiling_database_service_api_impl>_>
- *)(unaff_RBP + 200));
- plVar9 = (longlong *)*plVar9;
- if (plVar9 == (longlong *)0x0) {
- *unaff_RDI = 0x1d4c2;
- }
- else if ((*(char *)(plVar9 + 0x81) == '\0') || (*(char *)(plVar9 + 0xa1) == '\0')) {
- *unaff_RDI = 0x1d4c3;
- }
- else {
- cVar4 = (**(code **)(*plVar9 + 0xd8))();
- if (cVar4 == '\0') {
- cVar4 = (**(code **)(**(longlong **)(unaff_R15 + 0x50) + 200))();
- if (cVar4 != '\0') {
- *unaff_RDI = 0x1d4c8;
- }
- }
- }
- if (*unaff_RDI == 0) {
- *(undefined ***)(unaff_RBP + 0x60) =
- _Func_impl_no_alloc<class_<lambda_ac4eef62dbde7d7667584abb74b257db>,void,class_tdt_library_v_next::tdt_app_profiling::time_update_service_query_api*___ptr64_const&___ptr64>
- ::vftable;
- *(longlong *)(unaff_RBP + 0x68) = unaff_R15;
- *(longlong *)(unaff_RBP + 0x98) = unaff_RBP + 0x60;
- piVar11 = (int *)tdt_library_v_next::bit_shovel::data_network::
- add_callback<class_tdt_library_v_next::tdt_app_profiling::time_update_service_query_api*___ptr64>
- ();
- *unaff_RDI = *piVar11;
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RDI + 2),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (piVar11 + 2));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0xa8));
- _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- *)(unaff_RBP + 0x60));
- }
- }
-LAB_1:
- if (this_02 != (_Ref_count_base *)0x0) {
- _Ref_count_base::_Decref(this_02);
- }
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x148));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x168));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x188));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x108));
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::_Tidy_deallocate
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x128));
- __security_check_cookie(*(ulonglong *)(unaff_RBP + 0x1a8) ^ (ulonglong)&stack0x00000000);
+ __security_check_cookie(local_48 ^ (ulonglong)auStack_1a8);
return;
}
tdt_library_v_current::tdt_os_apis::os_api_t::resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)>
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.0 |
| i_ratio | 0.2 |
| m_ratio | 0.59 |
| b_ratio | 0.73 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> | resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> |
| fullname | tdt_library_v_current::tdt_os_apis::os_api_t::resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> | tdt_library_v_current::tdt_os_apis::os_api_t::resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> |
| refcount | 40 | 40 |
length |
1044 | 1073 |
called |
Expand for full list:std::basic_string<char,struct_std::char_traits,class_std::allocator>::data |
Expand for full list:std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> |
| calling | tdt_library_v_current::tdt_os_apis::os_api_t::init | tdt_library_v_current::tdt_os_apis::os_api_t::init |
| paramcount | 3 | 3 |
address |
75a8ff5b8 | 75a8d0988 |
| sig | void __thiscall resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*__ptr64)>(os_api_t * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, _func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr * * param_2) | void __thiscall resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*__ptr64)>(os_api_t * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, _func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr * * param_2) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
tdt_library_v_current::tdt_os_apis::os_api_t::resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> Called Diff
--- tdt_library_v_current::tdt_os_apis::os_api_t::_resolve_os_api<int_(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> called
+++ tdt_library_v_current::tdt_os_apis::os_api_t::_resolve_os_api<int_(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> called
@@ -1,0 +2 @@
+_Mtx_unlock
@@ -4 +5 @@
-`<lambda_f2278183a0c285f5fcf141a901c5e4bf>::operator()'::__l2::plugin_dependencies_t::~plugin_dependencies_t
+`<lambda_1c2246951f31262cb88a460ce640838a>::operator()'::__l2::plugin_dependencies_t::~plugin_dependencies_t
@@ -6 +7 @@
-std::_Ref_count_base::_Decref
+std::_Mutex_base::lock
@@ -15,0 +17 @@
+std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
@@ -16,0 +19 @@
+std::scoped_lock<class_std::mutex>::~scoped_lock<class_std::mutex>
@@ -18 +20,0 @@
-std::shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>_>_>_>::~shared_ptr<class_tdt_library_v_next::tdt_app_profiling::cache_entry<unsigned_int,struct_tdt_library_v_next::core_telemetry::heuristic_caches::cache_info_t<class_tdt_library_v_next::tdt_app_profiling::two_way_lru_cache<2048,struct_tdt_library_v_next::core_telemetry::heuristic_caches::violation_cache_key_t,enum_tdt_library_v_next::tdt_app_profiling::cfi_violation_type_t>_>_>_>tdt_library_v_current::tdt_os_apis::os_api_t::resolve_os_api<int(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> Diff
--- tdt_library_v_current::tdt_os_apis::os_api_t::_resolve_os_api<int_(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)>
+++ tdt_library_v_current::tdt_os_apis::os_api_t::_resolve_os_api<int_(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)>
@@ -1,2 +1,252 @@
-Failed to decompile mpengine.dll - .ProgramDB tdt_library_v_current::tdt_os_apis::os_api_t::_resolve_os_api<int_(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)> : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+ guard_dispatch_icall */
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* private: void __cdecl tdt_library_v_current::tdt_os_apis::os_api_t::_resolve_os_api<int
+ (__cdecl*)(wchar_t const * __ptr64,wchar_t const * __ptr64,struct _LUID * __ptr64)>(class
+ std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const &
+ __ptr64,int (__cdecl*& __ptr64)(wchar_t const * __ptr64,wchar_t const * __ptr64,struct _LUID *
+ __ptr64))const __ptr64 */
+
+void __thiscall
+tdt_library_v_current::tdt_os_apis::os_api_t::
+_resolve_os_api<int_(__cdecl*)(wchar_t_const*___ptr64,wchar_t_const*___ptr64,struct__LUID*___ptr64)>
+ (os_api_t *this,
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *param_1,
+ _func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr **param_2)
+
+{
+ bool bVar1;
+ int iVar2;
+ undefined8 ***pppuVar3;
+ _func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr *p_Var4;
+ logger_instance_t *this_00;
+ logger *plVar5;
+ char *pcVar6;
+ char *pcVar7;
+ logger_instance_t *this_01;
+ longlong lVar8;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar9;
+ char cVar10;
+ undefined auStack_98 [32];
+ undefined8 *local_78;
+ undefined8 **local_70;
+ undefined8 uStack_68;
+ longlong local_60;
+ ulonglong local_58;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_50 [32];
+ ulonglong local_30;
+
+ local_30 = __security_cookie ^ (ulonglong)auStack_98;
+ local_78 = &DAT_0;
+ if (*(longlong *)(this + 0x138) == 0) {
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 2)) {
+ uStack_68 = 0;
+ local_60 = 0;
+ local_58 = 0xf;
+ local_70 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70,"ERROR: formatting message!");
+ pbVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pbVar9 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **)
+ param_1;
+ }
+ cVar10 = -0x48;
+ iVar2 = snprintf((undefined *)0x0,0,0x75aefb0b8,pbVar9);
+ iVar2 = iVar2 + 1;
+ if (0 < iVar2) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70,(longlong)iVar2,cVar10);
+ pbVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pbVar9 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **
+ )param_1;
+ }
+ pppuVar3 = &local_70;
+ if (0xf < local_58) {
+ pppuVar3 = (undefined8 ***)local_70;
+ }
+ snprintf((undefined *)pppuVar3,(longlong)iVar2,0x75aefb0b8,pbVar9);
+ pppuVar3 = &local_70;
+ if (0xf < local_58) {
+ pppuVar3 = (undefined8 ***)local_70;
+ }
+ lVar8 = local_60 + -1;
+ if (*(char *)(lVar8 + (longlong)pppuVar3) == '\0') {
+ pppuVar3 = &local_70;
+ if (0xf < local_58) {
+ pppuVar3 = (undefined8 ***)local_70;
+ }
+ local_60 = lVar8;
+ *(undefined *)((longlong)pppuVar3 + lVar8) = 0;
+ }
+ }
+ plVar5 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_50,"root");
+ logger_client::logger::log
+ (plVar5,1,local_50,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_50);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_70);
+ }
+ _Mtx_unlock(0x75b24f7c0);
+ local_78 = (undefined8 *)((ulonglong)local_78 & 0xffffffff00000000);
+ bVar1 = get_dll_id(param_1,(win_os_api_dll_t *)&local_78);
+ if (bVar1) {
+ p_Var4 = (_func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr *)
+ tdt_get_proc_address((win_os_api_dll_t)local_78,param_1);
+ }
+ else {
+ p_Var4 = (_func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr *)0x0;
+ }
+ }
+ else {
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 2)) {
+ uStack_68 = 0;
+ local_60 = 0;
+ local_58 = 0xf;
+ local_70 = (undefined8 ***)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70,"ERROR: formatting message!");
+ pbVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pbVar9 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **)
+ param_1;
+ }
+ cVar10 = 'X';
+ iVar2 = snprintf((undefined *)0x0,0,0x75aefb058,pbVar9);
+ iVar2 = iVar2 + 1;
+ if (0 < iVar2) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70,(longlong)iVar2,cVar10);
+ pbVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pbVar9 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **
+ )param_1;
+ }
+ pppuVar3 = &local_70;
+ if (0xf < local_58) {
+ pppuVar3 = (undefined8 ***)local_70;
+ }
+ snprintf((undefined *)pppuVar3,(longlong)iVar2,0x75aefb058,pbVar9);
+ pppuVar3 = &local_70;
+ if (0xf < local_58) {
+ pppuVar3 = (undefined8 ***)local_70;
+ }
+ lVar8 = local_60 + -1;
+ if (*(char *)(lVar8 + (longlong)pppuVar3) == '\0') {
+ pppuVar3 = &local_70;
+ if (0xf < local_58) {
+ pppuVar3 = (undefined8 ***)local_70;
+ }
+ local_60 = lVar8;
+ *(undefined *)((longlong)pppuVar3 + lVar8) = 0;
+ }
+ }
+ plVar5 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_50,"root");
+ logger_client::logger::log
+ (plVar5,1,local_50,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_50);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_70);
+ }
+ _Mtx_unlock(0x75b24f7c0);
+ pbVar9 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pbVar9 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **)
+ param_1;
+ }
+ p_Var4 = (_func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr *)
+ (**(code **)(this + 0x138))
+ (*(undefined8 *)(this + 0x130),pbVar9,*(undefined8 *)(param_1 + 0x10));
+ }
+ *param_2 = p_Var4;
+ if (p_Var4 != (_func_int_wchar_t_ptr_wchar_t_ptr__LUID_ptr *)0x0) {
+ __security_check_cookie(local_30 ^ (ulonglong)auStack_98);
+ return;
+ }
+ this_00 = logger_client::logger::get_logger();
+ std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
+ ((lock_guard<class_std::mutex> *)&local_78,(mutex *)(this_00 + 0x10));
+ this_01 = this_00;
+ bVar1 = std::unique_ptr<class_ISigtreeHandle,struct_std::default_delete<class_ISigtreeHandle>_>::
+ operator_bool((unique_ptr<class_ISigtreeHandle,struct_std::default_delete<class_ISigtreeHandle>_>
+ *)this_00);
+ if (bVar1) {
+ plVar5 = std::shared_ptr<class_tdt_library_v_current::logger_client::logger>::
+ operator-><class_tdt_library_v_current::logger_client::logger,0>
+ ((shared_ptr<class_tdt_library_v_current::logger_client::logger> *)this_01);
+ bVar1 = logger_client::logger::is_level_enabled(plVar5,4);
+ if (bVar1) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::operator=
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70,"ERROR: formatting message!");
+ pcVar6 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ data(param_1);
+ cVar10 = -0x68;
+ iVar2 = snprintf((undefined *)0x0,0,0x75aefb098,pcVar6);
+ iVar2 = iVar2 + 1;
+ if (0 < iVar2) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70,(longlong)iVar2,cVar10);
+ pcVar6 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ data(param_1);
+ pcVar7 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_70);
+ snprintf(pcVar7,(longlong)iVar2,0x75aefb098,pcVar6);
+ pcVar6 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_70);
+ if (*pcVar6 == '\0') {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ pop_back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70);
+ }
+ }
+ plVar5 = std::shared_ptr<class_tdt_library_v_current::logger_client::logger>::
+ operator-><class_tdt_library_v_current::logger_client::logger,0>
+ ((shared_ptr<class_tdt_library_v_current::logger_client::logger> *)this_00)
+ ;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_50,"root");
+ logger_client::logger::log
+ (plVar5,4,local_50,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_70);
+ `<lambda_1c2246951f31262cb88a460ce640838a>::operator()'::__l2::plugin_dependencies_t::
+ ~plugin_dependencies_t((longlong *)local_50);
+ `<lambda_1c2246951f31262cb88a460ce640838a>::operator()'::__l2::plugin_dependencies_t::
+ ~plugin_dependencies_t((longlong *)&local_70);
+ }
+ }
+ std::scoped_lock<class_std::mutex>::~scoped_lock<class_std::mutex>
+ ((scoped_lock<class_std::mutex> *)&local_78);
+ std::runtime_error::runtime_error((runtime_error *)&local_70,"Error retrieving OS API");
+ /* WARNING: Subroutine does not return */
+ _CxxThrowException(&local_70,(ThrowInfo *)&_TI2_AVruntime_error_std__);
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,sig,address,called |
| ratio | 0.11 |
| i_ratio | 0.23 |
| m_ratio | 0.09 |
| b_ratio | 0.12 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | HUF_compress_internal | HUF_compress_internal |
| fullname | HUF_compress_internal | HUF_compress_internal |
| refcount | 3 | 3 |
length |
1112 | 925 |
called |
HIST_count_parallel_wksp HIST_count_simple HUF_buildCTable_wksp HUF_compressCTable_internal HUF_estimateCompressedSize HUF_optimalTableLog HUF_validateCTable HUF_writeCTable_wksp memcpy memset |
HIST_count_simple HIST_count_wksp HUF_alignUpWorkspace HUF_buildCTable_wksp HUF_compressCTable_internal HUF_estimateCompressedSize HUF_optimalTableLog HUF_validateCTable HUF_writeCTable_wksp memcpy |
| calling | HUF_compress1X_repeat HUF_compress4X_repeat |
HUF_compress1X_repeat HUF_compress4X_repeat |
| paramcount | 12 | 12 |
address |
75a446e7c | 75abd6d84 |
sig |
undefined * __fastcall HUF_compress_internal(ulonglong * param_1, undefined * param_2, uint * param_3, undefined * param_4, uint param_5, uint param_6, int param_7, ulonglong * param_8, undefined * param_9, ulonglong * param_10, int * param_11, uint param_12) | undefined * __fastcall HUF_compress_internal(ulonglong * param_1, undefined * param_2, char * param_3, undefined * param_4, uint param_5, uint param_6, int param_7, ulonglong param_8, ulonglong param_9, ulonglong * param_10, int * param_11, uint param_12) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- HUF_compress_internal called
+++ HUF_compress_internal called
@@ -1 +0,0 @@
-HIST_count_parallel_wksp
@@ -2,0 +2,2 @@
+HIST_count_wksp
+HUF_alignUpWorkspace
@@ -10 +10,0 @@
-memset--- HUF_compress_internal
+++ HUF_compress_internal
@@ -1,64 +1,129 @@
undefined *
HUF_compress_internal
- (ulonglong *param_1,undefined *param_2,uint *param_3,undefined *param_4,uint param_5,
- uint param_6,int param_7,ulonglong *param_8,undefined *param_9,ulonglong *param_10,
+ (ulonglong *param_1,undefined *param_2,char *param_3,undefined *param_4,uint param_5,
+ uint param_6,int param_7,ulonglong param_8,ulonglong param_9,ulonglong *param_10,
int *param_11,uint param_12)
{
- uint *puVar1;
- uint uVar2;
- ulonglong uVar3;
- undefined *in_RAX;
- uint *puVar4;
- uint *unaff_RBX;
- int unaff_EBP;
- int in_R10D;
- short unaff_R15W;
+ ulonglong *_Src;
+ ulonglong *_Dst;
+ int *piVar1;
+ bool bVar2;
+ uint uVar3;
+ uint uVar4;
+ uint uVar5;
+ uint uVar6;
+ uint *puVar7;
+ undefined *puVar8;
+ undefined *puVar9;
+ undefined7 extraout_var;
+ ulonglong uVar10;
+ undefined *puVar11;
+ ulonglong *puVar12;
+ __uint64 in_stack_ffffffffffffffa0;
+ ulonglong *puVar13;
+ puVar8 = param_2;
+ uVar4 = param_6;
+ puVar7 = (uint *)HUF_alignUpWorkspace(param_8,¶m_9,8);
+ piVar1 = param_11;
+ if (param_9 < 0x1f08) {
+ return (undefined *)0xffffffffffffffbe;
+ }
+ if ((param_4 == (undefined *)0x0) || (puVar8 == (undefined *)0x0)) {
LAB_0:
- do {
- puVar4 = unaff_RBX;
- if (param_2 < in_RAX) {
- uVar3 = (ulonglong)
- (uint)((*(int *)(param_4 + (longlong)in_R10D * 0x28 + 0x4048) -
- *(int *)(param_4 + (longlong)in_R10D * 0x28 + 0x4040)) + (int)param_2);
-LAB_1:
- return (undefined *)CONCAT71((int7)(uVar3 >> 8),(int)uVar3 != -1);
+ puVar8 = (undefined *)0x0;
+ }
+ else {
+ if (&DAT_1 < param_4) {
+ return (undefined *)0xffffffffffffffb8;
}
- do {
- in_R10D = in_R10D + 1;
- unaff_RBX = puVar4 + 10;
- uVar2 = (uint)param_3;
- if ((unaff_EBP <= in_R10D) || (param_2 < (undefined *)(ulonglong)*unaff_RBX)) {
- if ((*(short *)(param_4 + 0x2052) == unaff_R15W) && (*(uint *)(param_4 + 0x2084) < uVar2)) {
- uVar2 = *(uint *)(param_4 + 0x209c);
+ if (0xc < uVar4) {
+ return (undefined *)0xffffffffffffffd4;
+ }
+ if (0xff < param_5) {
+ return (undefined *)0xffffffffffffffd2;
+ }
+ uVar6 = param_5;
+ if (param_5 == 0) {
+ uVar6 = 0xff;
+ }
+ uVar3 = 0xb;
+ if (uVar4 != 0) {
+ uVar3 = uVar4;
+ }
+ uVar4 = param_12 & 4;
+ puVar12 = param_1;
+ param_5 = uVar6;
+ if (((uVar4 == 0) || (param_11 == (int *)0x0)) || (puVar13 = param_10, *param_11 != 2)) {
+ if (((param_12 & 8) != 0) && ((undefined *)0x9fff < param_4)) {
+ param_9._0_4_ = uVar6;
+ uVar5 = HIST_count_simple(puVar7,(uint *)¶m_9,param_3,0x1000);
+ param_9._0_4_ = uVar6;
+ uVar6 = HIST_count_simple(puVar7,(uint *)¶m_9,param_4 + -0x1000 + (longlong)param_3,
+ 0x1000);
+ if ((ulonglong)uVar6 + (ulonglong)uVar5 < 0x45) goto LAB_0;
+ }
+ puVar9 = (undefined *)
+ HIST_count_wksp(puVar7,¶m_5,param_3,(__uint64)param_4,puVar7 + 0x302,
+ in_stack_ffffffffffffffa0);
+ _Dst = param_10;
+ uVar6 = param_5;
+ if ((undefined *)0xffffffffffffff88 < puVar9) {
+ return puVar9;
+ }
+ if (puVar9 == param_4) {
+ *(char *)param_1 = *param_3;
+ return &DAT_2;
+ }
+ if (puVar9 <= (undefined *)(((ulonglong)param_4 >> 7) + 4)) goto LAB_0;
+ if ((piVar1 != (int *)0x0) && (*piVar1 == 1)) {
+ bVar2 = HUF_validateCTable((uint *)param_10,(int *)puVar7,param_5);
+ if ((int)CONCAT71(extraout_var,bVar2) == 0) {
+ *piVar1 = 0;
}
- else {
- if (uVar2 < *(uint *)(param_4 + 0x20a0)) {
- uVar2 = *(uint *)(param_4 + 0x20a0);
- }
- uVar2 = uVar2 + 0xfff & 0xfffff000;
+ }
+ puVar13 = _Dst;
+ if (((uVar4 == 0) || (piVar1 == (int *)0x0)) || (*piVar1 == 0)) {
+ _Src = (ulonglong *)(puVar7 + 0x100);
+ uVar4 = HUF_optimalTableLog(uVar3,(uint)param_4,uVar6,(ulonglong)(puVar7 + 0x302),0x1300,
+ _Src,puVar7,(byte)param_12);
+ puVar8 = (undefined *)
+ HUF_buildCTable_wksp(_Src,puVar7,uVar6,uVar4,(ulonglong)(puVar7 + 0x302),0x1300);
+ if ((undefined *)0xffffffffffffff88 < puVar8) {
+ return puVar8;
}
- if ((undefined *)(ulonglong)uVar2 <= param_2) {
- return (undefined *)((ulonglong)(uVar2 >> 8) << 8);
+ puVar9 = HUF_writeCTable_wksp
+ ((char *)param_1,param_2,(longlong)_Src,uVar6,(int)puVar8,
+ (ulonglong)(puVar7 + 0x302),0x2ec);
+ if ((undefined *)0xffffffffffffff88 < puVar9) {
+ return puVar9;
}
- uVar3 = (ulonglong)param_2 & 0xffffffff;
- goto LAB_1;
+ if ((piVar1 != (int *)0x0) && (*piVar1 != 0)) {
+ uVar10 = HUF_estimateCompressedSize((longlong)_Src,puVar7,uVar6);
+ puVar11 = (undefined *)HUF_estimateCompressedSize((longlong)_Dst,puVar7,param_5);
+ puVar8 = param_2;
+ if ((puVar11 <= puVar9 + uVar10) || (param_4 <= puVar9 + 0xc)) goto LAB_3;
+ }
+ if (param_4 <= puVar9 + 0xc) goto LAB_0;
+ if (piVar1 != (int *)0x0) {
+ *piVar1 = 0;
+ }
+ puVar12 = (ulonglong *)(puVar9 + (longlong)param_1);
+ puVar8 = param_2;
+ puVar13 = _Src;
+ if (_Dst != (ulonglong *)0x0) {
+ memcpy(_Dst,_Src,0x808);
+ }
}
- if (*(uint *)(param_4 + 0x2084) < uVar2) {
- if (in_R10D < (int)(*(ushort *)(param_4 + 0x2052) - 1)) {
- in_RAX = (undefined *)(ulonglong)puVar4[0x14];
- }
- else {
- in_RAX = *(undefined **)(param_4 + 0x837a0);
- }
- goto LAB_0;
- }
- puVar1 = puVar4 + 9;
- puVar4 = unaff_RBX;
- } while (*puVar1 == 0);
- in_RAX = (undefined *)(ulonglong)(*unaff_RBX + *puVar1);
- } while( true );
+ }
+LAB_3:
+ puVar8 = (undefined *)
+ HUF_compressCTable_internal
+ ((longlong)param_1,puVar12,(longlong)((longlong)param_1 + (longlong)puVar8),
+ (longlong)param_3,(ulonglong)param_4,param_7,(byte *)puVar13);
+ }
+ return puVar8;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address |
| ratio | 0.09 |
| i_ratio | 0.59 |
| m_ratio | 0.71 |
| b_ratio | 0.7 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | ZSTD_decompressFrame | ZSTD_decompressFrame |
| fullname | ZSTD_decompressFrame | ZSTD_decompressFrame |
| refcount | 2 | 2 |
length |
655 | 596 |
| called | XXH_INLINE_XXH64_digest XXH_INLINE_XXH64_update ZSTD_copyRawBlock ZSTD_decodeFrameHeader ZSTD_decompressBlock_internal ZSTD_frameHeaderSize_internal ZSTD_getcBlockSize ZSTD_setRleBlock |
XXH_INLINE_XXH64_digest XXH_INLINE_XXH64_update ZSTD_copyRawBlock ZSTD_decodeFrameHeader ZSTD_decompressBlock_internal ZSTD_frameHeaderSize_internal ZSTD_getcBlockSize ZSTD_setRleBlock |
| calling | ZSTD_decompressMultiFrame | ZSTD_decompressMultiFrame |
| paramcount | 5 | 5 |
address |
75a40236c | 75abf5f74 |
| sig | ulonglong __fastcall ZSTD_decompressFrame(ZSTD_DCtx_s * param_1, byte * param_2, longlong param_3, undefined8 * param_4, ulonglong * param_5) | ulonglong __fastcall ZSTD_decompressFrame(ZSTD_DCtx_s * param_1, byte * param_2, longlong param_3, undefined8 * param_4, ulonglong * param_5) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ZSTD_decompressFrame
+++ ZSTD_decompressFrame
@@ -1,145 +1,111 @@
ulonglong ZSTD_decompressFrame
(ZSTD_DCtx_s *param_1,byte *param_2,longlong param_3,undefined8 *param_4,
ulonglong *param_5)
{
- ZSTD_DCtx_s *pZVar1;
- uintptr_t _StackCookie;
- bool bVar2;
- scanresult_t sVar3;
- long lVar4;
- ulonglong uVar5;
- trojan_varpool_t *this;
- ulonglong uVar6;
- __uint64 _Var7;
- ulonglong extraout_RAX;
- trojan_varpool_t *ptVar8;
- ZSTD_DCtx_s *pZVar9;
- wchar_t *pwVar10;
- bool bVar11;
- longlong lVar12;
- undefined8 in_stack_00000020;
- undefined8 uVar13;
- undefined4 uVar14;
- bool in_stack_00000540;
- bool in_stack_00000548;
- bool in_stack_00000550;
- bool in_stack_00000558;
+ uint *puVar1;
+ int iVar2;
+ ulonglong uVar3;
+ ulonglong uVar4;
+ uint uVar5;
+ ushort *puVar6;
+ byte *pbVar7;
+ ulonglong uVar8;
+ byte *pbVar9;
+ byte *pbVar10;
+ byte *pbVar11;
+ uint local_38 [4];
- _StackCookie = __security_cookie;
- uVar14 = (undefined4)((ulonglong)in_stack_00000020 >> 0x20);
- uVar5 = (ulonglong)param_2 & 0xff ^ 1;
- uVar6 = uVar5 + 2;
- if (in_stack_00000548 == false) {
- uVar6 = uVar5;
+ puVar1 = (uint *)*param_4;
+ iVar2 = *(int *)(param_1 + 0x7598);
+ pbVar11 = param_2 + param_3;
+ if (param_3 == 0) {
+ pbVar11 = param_2;
}
- lVar12 = uVar6 * 0x80;
- if (*(longlong *)(param_1 + lVar12 + 0x22b0) != 0) {
- *(longlong *)param_3 = *(longlong *)(param_1 + lVar12 + 0x22b0);
- uVar13 = *(undefined8 *)(param_1 + lVar12 + 0x22d4 + 8);
- *param_4 = *(undefined8 *)(param_1 + lVar12 + 0x22d4);
- param_4[1] = uVar13;
- *(undefined4 *)(param_4 + 2) = *(undefined4 *)(param_1 + lVar12 + 0x22e4);
- goto LAB_0;
- }
- if ((uVar6 != 0) && (*(longlong *)(param_1 + 0x22b0) != 0)) {
- *(longlong *)param_3 = *(longlong *)(param_1 + 0x22b0);
- uVar13 = *(undefined8 *)(param_1 + 0x22dc);
- *param_4 = *(undefined8 *)(param_1 + 0x22d4);
- param_4[1] = uVar13;
- *(undefined4 *)(param_4 + 2) = *(undefined4 *)(param_1 + 0x22e4);
- goto LAB_0;
- }
- pZVar1 = param_1 + 0x70;
- pZVar9 = pZVar1;
- AutoEtwExpensiveOperation::Create<wchar_t_const_(&___ptr64)[13],wchar_t_const*___ptr64&___ptr64>
- (&stack0x00000060,param_2,pZVar1,*(undefined8 *)(param_1 + 0x50));
- bVar11 = SUB81(param_2,0);
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 4) != 0)) {
- uVar13 = *(undefined8 *)(param_1 + 0x50);
- WPP_SF_SiDDDD(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),(ulonglong)in_stack_00000540,pZVar9,
- *(wchar_t **)pZVar1,(char)uVar13,bVar11,in_stack_00000540,in_stack_00000548,
- in_stack_00000550);
- uVar14 = (undefined4)((ulonglong)uVar13 >> 0x20);
- }
- this = (trojan_varpool_t *)
- `__std_type_info_name'::__l2::<lambda_1>::<lambda_invoker_cdecl>(0x937d0);
- if (this == (trojan_varpool_t *)0x0) {
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 2) != 0)) {
- WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x21,
- &WPP_effc7b89ea1f376ba89cfa57ff6901aa_Traceguids);
+ uVar8 = *param_5;
+ if ((-(ulonglong)(iVar2 != 0) & 0xfffffffffffffffc) + 9 <= uVar8) {
+ uVar3 = ZSTD_frameHeaderSize_internal
+ ((longlong)puVar1,(-(ulonglong)(iVar2 != 0) & 0xfffffffffffffffc) + 5,iVar2);
+ if (0xffffffffffffff88 < uVar3) {
+ return uVar3;
}
- goto LAB_1;
- }
- ptVar8 = this;
- trojan_varpool_t::initialize(this,(SCAN_REPLY *)param_1);
- uVar6 = GetFriendlyRequiredFlags((longlong *)ptVar8,'\x01');
- GetHashes(this,0,*(__uint64 *)(*(longlong *)this + 0x50),(ulong)uVar6);
- bVar2 = IsFriendlyFileEntry(this,(__uint64 *)param_3,(sha1_t *)param_4);
- if (bVar2) {
- *(undefined8 *)(param_1 + lVar12 + 0x22b0) = *(undefined8 *)param_3;
- uVar13 = param_4[1];
- *(undefined8 *)(param_1 + lVar12 + 0x22d4) = *param_4;
- *(undefined8 *)(param_1 + lVar12 + 0x22d4 + 8) = uVar13;
- *(undefined4 *)(param_1 + lVar12 + 0x22e4) = *(undefined4 *)(param_4 + 2);
-LAB_2:
- MpSetAttribute(*(SCAN_REPLY **)this,"MpMoacFriendlyAdd",0,&EmptySha1,0xffffffff,
- *(__uint64 *)param_3);
- _Var7 = GetSignatureCustomTTL(*(__uint64 *)(param_1 + 0x90));
- if (_Var7 != 0) {
- MpSetAttribute(*(SCAN_REPLY **)this,"MpMoacFriendlyAddTTL",0,&EmptySha1,0xffffffff,_Var7);
- }
- }
- else if ((*(int *)(this + 0x90) == 0) ||
- (sVar3 = IsTrustedFile((SCAN_REPLY *)param_1,(uchar *)(this + 0x70),(__uint64 *)param_3,
- (sha1_t *)param_4,bVar11,in_stack_00000540,in_stack_00000548,
- in_stack_00000550,in_stack_00000558), sVar3 != 1)) {
- if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
- ((WPP_GLOBAL_Control[0x1c] & 4) != 0)) {
- uVar13 = *(undefined8 *)(param_1 + 0x50);
- WPP_SF_Si(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x22,
- &WPP_effc7b89ea1f376ba89cfa57ff6901aa_Traceguids,*(wchar_t **)pZVar1,(char)uVar13);
- uVar14 = (undefined4)((ulonglong)uVar13 >> 0x20);
- }
- if (((DAT_3 != 0) && (2 < (byte)(DAT_75b1d61a8 - 1U))) || (g_SyncPLIEnabled != false)) {
- lVar4 = StringCchPrintfW((wchar_t *)&stack0x000000c0,0x200,
- L"IsSignedFile failed on %ls (CheckTrust=%d)",*(undefined8 *)pZVar1,
- CONCAT44(uVar14,(int)((ulonglong)param_2 & 0xff)));
- if (lVar4 < 0) {
- if ((((byte)Microsoft_Antimalware_EngineEnableBits & 1) != 0) || (g_SyncPLIEnabled != false)
- ) {
- pwVar10 = L"String too long";
- goto LAB_4;
+ if (uVar3 + 3 <= uVar8) {
+ uVar4 = ZSTD_decodeFrameHeader((longlong)param_1,puVar1,uVar3);
+ if (0xffffffffffffff88 < uVar4) {
+ return uVar4;
+ }
+ uVar5 = *(uint *)(param_1 + 0x7618);
+ puVar6 = (ushort *)((longlong)puVar1 + uVar3);
+ uVar8 = uVar8 - uVar3;
+ pbVar9 = param_2;
+ if (uVar5 != 0) {
+ if (*(uint *)(param_1 + 0x74f8) < uVar5) {
+ uVar5 = *(uint *)(param_1 + 0x74f8);
}
+ *(uint *)(param_1 + 0x74f8) = uVar5;
}
- else if ((((byte)Microsoft_Antimalware_EngineEnableBits & 1) != 0) ||
- (g_SyncPLIEnabled != false)) {
- pwVar10 = (wchar_t *)&stack0x000000c0;
-LAB_4:
- McTemplateU0z_MPEventWriteTransfer
- (&MicrosoftAntimalwareEngine_Context,(PCEVENT_DESCRIPTOR)&GenericMessageEvent,
- pwVar10);
+ while( true ) {
+ local_38[0] = 0;
+ local_38[1] = 0;
+ local_38[2] = 0;
+ pbVar10 = pbVar11;
+ uVar3 = ZSTD_getcBlockSize(puVar6,uVar8,local_38);
+ if (0xffffffffffffff88 < uVar3) {
+ return uVar3;
+ }
+ pbVar7 = (byte *)((longlong)puVar6 + 3);
+ if (uVar8 - 3 < uVar3) break;
+ if ((pbVar9 <= pbVar7) && (pbVar7 < pbVar11)) {
+ pbVar10 = pbVar7;
+ }
+ if (local_38[0] == 0) {
+ uVar4 = ZSTD_copyRawBlock(pbVar9,(longlong)pbVar11 - (longlong)pbVar9,pbVar7,uVar3);
+ }
+ else if (local_38[0] == 1) {
+ uVar4 = ZSTD_setRleBlock(pbVar9,(longlong)pbVar10 - (longlong)pbVar9,*pbVar7,
+ (ulonglong)local_38[2]);
+ }
+ else {
+ if (local_38[0] != 2) {
+ return 0xffffffffffffffec;
+ }
+ uVar4 = ZSTD_decompressBlock_internal
+ (param_1,pbVar9,(longlong)pbVar10 - (longlong)pbVar9,pbVar7,uVar3,0);
+ }
+ if (0xffffffffffffff88 < uVar4) {
+ return uVar4;
+ }
+ if (*(int *)(param_1 + 0x75a0) != 0) {
+ XXH_INLINE_XXH64_update((longlong *)(param_1 + 0x7538),(longlong *)pbVar9,uVar4);
+ }
+ if (uVar4 != 0) {
+ pbVar9 = pbVar9 + uVar4;
+ }
+ puVar6 = (ushort *)(pbVar7 + uVar3);
+ uVar8 = (uVar8 - 3) - uVar3;
+ if (local_38[1] != 0) {
+ if ((*(ulonglong *)(param_1 + 0x74e8) != 0xffffffffffffffff) &&
+ ((longlong)pbVar9 - (longlong)param_2 != *(ulonglong *)(param_1 + 0x74e8))) {
+ return 0xffffffffffffffec;
+ }
+ if (*(int *)(param_1 + 0x7508) != 0) {
+ if ((uVar8 < 4) ||
+ ((*(int *)(param_1 + 0x759c) == 0 &&
+ (iVar2 = XXH_INLINE_XXH64_digest((ulonglong *)(param_1 + 0x7538)),
+ *(int *)puVar6 != iVar2)))) {
+ return 0xffffffffffffffea;
+ }
+ puVar6 = puVar6 + 2;
+ uVar8 = uVar8 - 4;
+ }
+ *param_4 = puVar6;
+ *param_5 = uVar8;
+ return (longlong)pbVar9 - (longlong)param_2;
+ }
}
}
}
- else {
- *(undefined8 *)(param_1 + lVar12 + 0x22b0) = *(undefined8 *)param_3;
- uVar13 = param_4[1];
- *(undefined8 *)(param_1 + lVar12 + 0x22d4) = *param_4;
- *(undefined8 *)(param_1 + lVar12 + 0x22d4 + 8) = uVar13;
- *(undefined4 *)(param_1 + lVar12 + 0x22e4) = *(undefined4 *)(param_4 + 2);
- if (bVar11 != false) goto LAB_2;
- }
-LAB_1:
- free(this);
- std::_Optional_destruct_base<class_AutoEtwExpensiveOperation,0>::
- ~_Optional_destruct_base<class_AutoEtwExpensiveOperation,0>
- ((_Optional_destruct_base<class_AutoEtwExpensiveOperation,0> *)&stack0x00000060);
-LAB_0:
- __security_check_cookie(_StackCookie);
- return extraout_RAX;
+ return 0xffffffffffffffb8;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.03 |
| i_ratio | 0.23 |
| m_ratio | 0.4 |
| b_ratio | 0.25 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | start | start |
| fullname | tdt_library_v_next::tdt_agent_impl::start | tdt_library_v_next::tdt_agent_impl::start |
| refcount | 3 | 3 |
length |
3723 | 3799 |
called |
Expand for full list:std::Ref_count_base::Decref |
Expand for full list:std::Ref_count_base::Decref |
| calling | ||
| paramcount | 1 | 1 |
address |
75a981be0 | 75a966f20 |
| sig | tdt_return_code_ __thiscall start(tdt_agent_impl * this) | tdt_return_code_ __thiscall start(tdt_agent_impl * this) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- tdt_library_v_next::tdt_agent_impl::start called
+++ tdt_library_v_next::tdt_agent_impl::start called
@@ -34 +33,0 @@
-tdt_library_v_next::logger_client::logger::get_logger--- tdt_library_v_next::tdt_agent_impl::start
+++ tdt_library_v_next::tdt_agent_impl::start
@@ -1,734 +1,723 @@
/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
guard_dispatch_icall */
/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* public: virtual enum tdt_api::tdt_return_code_ __cdecl
+ tdt_library_v_next::tdt_agent_impl::start(void) __ptr64 */
-tdt_return_code_ __thiscall DllUsageAutoHandler::start(tdt_agent_impl *this)
+tdt_return_code_ __thiscall tdt_library_v_next::tdt_agent_impl::start(tdt_agent_impl *this)
{
- logger *plVar1;
- int iVar2;
+ undefined8 *puVar1;
+ logger *plVar2;
+ bool bVar3;
+ char cVar4;
+ int iVar5;
+ uint uVar6;
tdt_return_code_ extraout_EAX;
- char *pcVar3;
- byte *pbVar4;
- ulonglong unaff_RBX;
- longlong unaff_RBP;
- char *unaff_RSI;
- mutex *unaff_RDI;
- char cVar5;
- byte unaff_R12B;
- tdt_logging_level_ unaff_R13D;
- int unaff_R14D;
- char *unaff_R15;
- longlong in_stack_00000030;
- longlong in_stack_00000058;
- ulonglong in_stack_00000078;
- undefined8 in_stack_00000080;
+ basic_ostream<char,struct_std::char_traits<char>_> *pbVar7;
+ __uint64 _Var8;
+ _List_node<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,void*___ptr64>
+ *p_Var9;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar10;
+ tdt_agent_impl *this_00;
+ _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *p_Var11;
+ undefined8 ****ppppuVar12;
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_> *this_01;
+ longlong lVar13;
+ char *pcVar14;
+ undefined8 *puVar15;
+ uint uVar16;
+ tdt_return_code_ tVar17;
+ uint uVar18;
+ undefined auStackY_808 [32];
+ uint local_7c8 [3];
+ undefined2 local_7bb;
+ undefined local_7b9;
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *local_7b8;
+ _Ref_count_base *local_7b0;
+ longlong local_7a8;
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *local_7a0;
+ undefined8 *local_798;
+ _Ref_count_base *p_Stack_790;
+ _Mutex_base *local_788;
+ undefined8 *local_778;
+ _Ref_count_base *p_Stack_770;
+ undefined8 local_768;
+ undefined8 uStack_760;
+ undefined8 local_758;
+ undefined8 *local_750;
+ undefined8 *local_748;
+ _SYSTEM_INFO local_738;
+ _SYSTEM_INFO local_708;
+ function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ local_6d8 [64];
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_698 [16];
+ basic_ostream<char,struct_std::char_traits<char>_> local_688 [8];
+ basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_680 [232];
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_598 [16];
+ basic_ostream<char,struct_std::char_traits<char>_> local_588 [8];
+ basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_580 [232];
+ undefined8 ***local_498;
+ undefined8 uStack_490;
+ longlong local_488;
+ ulonglong local_480;
+ undefined8 ***local_478;
+ undefined8 uStack_470;
+ longlong local_468;
+ ulonglong local_460;
+ undefined8 ***local_458;
+ undefined8 uStack_450;
+ longlong local_448;
+ ulonglong local_440;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_438 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_418 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_3f8 [32];
+ undefined8 local_3d8;
+ undefined8 uStack_3d0;
+ undefined8 local_3c8;
+ undefined8 uStack_3c0;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_3b8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_398 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_378 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_358 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_338 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_318 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_2f8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_2d8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_2b8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_298 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_278 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_258 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_238 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_218 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_1f8 [32];
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ local_1d8 [48];
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ local_1a8 [48];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_178 [32];
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ local_158 [48];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_128 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_108 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_e8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_c8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_a8 [32];
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_88 [32];
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ local_68 [48];
+ ulonglong local_38;
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::data
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- snprintf(pcVar3,unaff_RBX,0x75aefe118,*(undefined8 *)(unaff_RBP + 0x168));
- pbVar4 = (byte *)std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
+ local_38 = __security_cookie ^ (ulonglong)auStackY_808;
+ local_788 = (_Mutex_base *)(this + 0x128);
+ std::_Mutex_base::lock(local_788);
+ local_750 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ uVar16 = 1;
+ if ((_m_instance != (logger *)0x0) && (*(int *)(_m_instance + 0x6c) == 0)) {
+ uStack_490 = 0;
+ local_488 = 0;
+ local_480 = 0xf;
+ local_498 = (undefined8 ****)0x0;
std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = -0x38;
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe1c8,*(undefined8 *)(unaff_RBP + 0x170));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
+ &local_498,"ERROR: formatting message!");
+ cVar4 = '0';
+ iVar5 = snprintf((undefined *)0x0,0,0x75aef9530,"4.7.3.334");
+ iVar5 = iVar5 + 1;
+ if (0 < iVar5) {
std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe1c8,*(undefined8 *)(unaff_RBP + 0x170));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
+ &local_498,(longlong)iVar5,cVar4);
+ ppppuVar12 = &local_498;
+ if (0xf < local_480) {
+ ppppuVar12 = (undefined8 ****)local_498;
+ }
+ snprintf((undefined *)ppppuVar12,(longlong)iVar5,0x75aef9530,"4.7.3.334");
+ ppppuVar12 = &local_498;
+ if (0xf < local_480) {
+ ppppuVar12 = (undefined8 ****)local_498;
+ }
+ lVar13 = local_488 + -1;
+ if (*(char *)((longlong)ppppuVar12 + lVar13) == '\0') {
+ ppppuVar12 = &local_498;
+ if (0xf < local_480) {
+ ppppuVar12 = (undefined8 ****)local_498;
+ }
+ local_488 = lVar13;
+ *(undefined *)((longlong)ppppuVar12 + lVar13) = 0;
}
}
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
+ plVar2 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_3f8,"root");
+ logger_client::logger::log
+ (plVar2,0,local_3f8,
(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
+ &local_498);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_3f8);
std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
_Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
+ )&local_498);
}
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
+ _Mtx_unlock(0x75b251fb0);
+ local_778 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(int *)(_m_instance + 0x6c) == 0)) {
+ uStack_470 = 0;
+ local_468 = 0;
+ local_460 = 0xf;
+ local_478 = (undefined8 ****)0x0;
std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = -0x70;
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe190,*(undefined8 *)(unaff_RBP + 0x178));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
+ &local_478,"ERROR: formatting message!");
+ cVar4 = -0x10;
+ iVar5 = snprintf((undefined *)0x0,0,0x75aef94f0,
+ "enum tdt_api::tdt_return_code_ __cdecl tdt_library_v_next::tdt_agent_impl::start(void)"
+ );
+ iVar5 = iVar5 + 1;
+ if (0 < iVar5) {
std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe190,*(undefined8 *)(unaff_RBP + 0x178));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
+ &local_478,(longlong)iVar5,cVar4);
+ ppppuVar12 = &local_478;
+ if (0xf < local_460) {
+ ppppuVar12 = (undefined8 ****)local_478;
+ }
+ snprintf((undefined *)ppppuVar12,(longlong)iVar5,0x75aef94f0,
+ "enum tdt_api::tdt_return_code_ __cdecl tdt_library_v_next::tdt_agent_impl::start(void)"
+ );
+ ppppuVar12 = &local_478;
+ if (0xf < local_460) {
+ ppppuVar12 = (undefined8 ****)local_478;
+ }
+ lVar13 = local_468 + -1;
+ if (*(char *)((longlong)ppppuVar12 + lVar13) == '\0') {
+ ppppuVar12 = &local_478;
+ if (0xf < local_460) {
+ ppppuVar12 = (undefined8 ****)local_478;
+ }
+ local_468 = lVar13;
+ *(undefined *)((longlong)ppppuVar12 + lVar13) = 0;
}
}
- plVar1 = _m_instance;
+ plVar2 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_418,"root");
+ logger_client::logger::log
+ (plVar2,0,local_418,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_478);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_418);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_478);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ uVar6 = 0;
+ if ((*(longlong **)(this + 0x98) == (longlong *)0x0) ||
+ (*(int *)(**(longlong **)(this + 0x98) + 0x138) != 1)) {
+ if (*(longlong *)(this + 0xf8) == 0) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_3f8,"No profiles have been set to run!");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_418,"root")
+ ;
+ logger_client::logger::log_message(4,local_418,local_3f8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_418);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_3f8);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>
+ (*(basic_ostream<char,struct_std::char_traits<char>_> **)(this + 0x2c8),
+ "No profiles have been set to run!");
+ std::operator<<<struct_std::char_traits<char>_>(pbVar7,"\n\n");
+ }
+ else {
+ local_768 = 0;
+ uStack_760 = 0;
+ local_758 = 0;
+ tVar17 = 0;
+ uVar18 = 0;
+ if (this[0x178] != (tdt_agent_impl)0x0) {
+ lVar13 = (**(code **)(**(longlong **)(this + 0x1a0) + 0x10))();
+ puVar1 = *(undefined8 **)(lVar13 + 8);
+ for (puVar15 = (undefined8 *)*puVar1; tVar17 = 4, uVar18 = 0, puVar15 != puVar1;
+ puVar15 = (undefined8 *)*puVar15) {
+ std::shared_ptr<struct_ObjectManager::MutantObject>::
+ shared_ptr<struct_ObjectManager::MutantObject>
+ ((shared_ptr<struct_ObjectManager::MutantObject> *)&local_7b8,
+ (shared_ptr<struct_ObjectManager::MutantObject> *)(puVar15 + 6));
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ (local_1d8,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )(this + 0x30));
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ get<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+ (local_7b8,local_438,local_1d8);
+ pbVar10 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ local_1d8;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(pbVar10);
+ _Var8 = std::
+ _Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ operator()<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+ ((_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)pbVar10,local_438);
+ p_Var9 = std::
+ _Hash<class_std::_Uset_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,0>_>
+ ::
+ _Find<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+ ((_Hash<class_std::_Uset_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,0>_>
+ *)(this + 0xe8),local_438,_Var8);
+ if (p_Var9 != *(_List_node<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,void*___ptr64>
+ **)(this + 0xf0)) {
+ bVar3 = _is_os_supported(this,(shared_ptr<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>
+ *)&local_7b8,local_438);
+ if (bVar3) {
+ bVar3 = _is_platform_support
+ (this,(shared_ptr<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>
+ *)&local_7b8,local_438);
+ if (!bVar3) {
+ local_7c8[0] = 0;
+ local_7c8[1] = 0;
+ local_7c8[2] = 0;
+ local_7bb = 0;
+ local_7b9 = 0;
+ tdt_lib_common_utils::get_cpu_model_features((cpuid_model_features_t *)local_7c8);
+ std::
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_698);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>
+ (local_688,"Platform family ");
+ pbVar7 = std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<
+ (pbVar7,local_7c8[0]);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>(pbVar7," model ");
+ pbVar7 = std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<
+ (pbVar7,local_7c8[1]);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>(pbVar7," stepping ");
+ pbVar7 = std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<
+ (pbVar7,local_7c8[2]);
+ std::operator<<<struct_std::char_traits<char>_>
+ (pbVar7," is NOT supported by this profile.");
+ std::basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ::str(local_680,local_218);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_238,"root");
+ logger_client::logger::log_message(4,local_238,local_218);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_238);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_218);
+ pbVar7 = *(basic_ostream<char,struct_std::char_traits<char>_> **)(this + 0x2c8);
+ std::basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ::str(local_680,local_3b8);
+ pbVar7 = std::
+ operator<<<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (pbVar7,local_3b8);
+ std::operator<<<struct_std::char_traits<char>_>(pbVar7,"\n");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_3b8);
+ tVar17 = 0x14;
+ this_01 = local_698;
+ goto LAB_1;
+ }
+ pbVar10 = std::
+ operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_88,(undefined8 *)local_438,0x75aef90b8);
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ (local_1a8,pbVar10);
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get_child_optional(local_7b8,&local_7a8,local_1a8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_1a8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_88);
+ if (local_7a8 == 0) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_378,"No plugins specified in configuration profile!");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_398,"root");
+ logger_client::logger::log_message(4,local_398,local_378);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_398);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_378);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>
+ (*(basic_ostream<char,struct_std::char_traits<char>_> **)
+ (this + 0x2c8),"No plugins specified in configuration profile!"
+ );
+ std::operator<<<struct_std::char_traits<char>_>(pbVar7,"\n");
+ tVar17 = 9;
+ }
+ else {
+ std::
+ make_unique<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>&___ptr64,0>
+ (&local_7a0,local_7b8);
+ pbVar10 = std::
+ operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_1f8,(undefined8 *)local_438,0x75aef9268);
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ (local_68,pbVar10);
+ uVar6 = boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get<unsigned_int>(local_7b8,local_68,(uint *)&DAT_2);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_68);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_1f8);
+ pbVar10 = std::
+ operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_178,(undefined8 *)local_438,0x75aef9568);
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ (local_158,pbVar10);
+ uVar16 = boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get<unsigned_int>(local_7b8,local_158,(uint *)&DAT_3);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_158);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_178);
+ if (uVar6 == 0) {
+ if (uVar16 == 0) {
+ std::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_2f8,"thread_pool_num_cpus_per_thread cannot be zero!");
+ std::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_318,"root");
+ logger_client::logger::log_message(4,local_318,local_2f8);
+ std::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_318);
+ std::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_2f8);
+ pcVar14 = "thread_pool_num_cpus_per_thread cannot be zero!";
+ goto LAB_4;
+ }
+LAB_5:
+ p_Var11 = (_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
+ *)std::
+ function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ ::
+ function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ (local_6d8,
+ (function<void___cdecl(class_tdt_library_v_current::tdt_app_profiling::time_update_service_update_api*___ptr64_const&___ptr64)>
+ *)(this + 0x1b0));
+ this_00 = this;
+ tVar17 = _load_plugins(this,&local_7a8,
+ (allocator<class_boost::function<class_std::shared_ptr<class_tdt_library_v_current::bit_shovel::plugin_base>___cdecl(class_std::unique_ptr<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,struct_std::default_delete<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>_>)>_>
+ *)&local_7a0,p_Var11,(allocator<char> *)&local_768);
+ }
+ else {
+ if (uVar16 == 1) goto LAB_5;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_338,
+ "threads and thread_pool_num_cpus_per_thread cannot both be specified!"
+ );
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_358,"root");
+ logger_client::logger::log_message(4,local_358,local_338);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ::_Tidy_deallocate(local_358);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ::_Tidy_deallocate(local_338);
+ pcVar14 = "threads and thread_pool_num_cpus_per_thread cannot both be specified!";
+LAB_4:
+ this_00 = (tdt_agent_impl *)
+ std::operator<<<struct_std::char_traits<char>_>
+ (*(basic_ostream<char,struct_std::char_traits<char>_> **)
+ (this + 0x2c8),pcVar14);
+ std::operator<<<struct_std::char_traits<char>_>
+ ((basic_ostream<char,struct_std::char_traits<char>_> *)this_00,"\n");
+ tVar17 = 9;
+ }
+ if (local_7a0 !=
+ (basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *)0x0) {
+ std::
+ default_delete<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>
+ ::operator()((default_delete<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>
+ *)this_00,local_7a0);
+ }
+ }
+ }
+ else {
+ std::
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_598);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>
+ (local_588,"Windows OS build ");
+ pbVar10 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)tdt_library_v_current::tdt_lib_common_utils::get_os_info(local_128);
+ pbVar7 = std::
+ operator<<<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (pbVar7,pbVar10);
+ std::operator<<<struct_std::char_traits<char>_>
+ (pbVar7," is NOT supported by this profile.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_128);
+ std::basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ str(local_580,local_278);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_298,"root");
+ logger_client::logger::log_message(4,local_298,local_278);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_298);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_278);
+ pbVar7 = *(basic_ostream<char,struct_std::char_traits<char>_> **)(this + 0x2c8);
+ std::basic_stringbuf<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ str(local_580,local_258);
+ pbVar7 = std::
+ operator<<<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (pbVar7,local_258);
+ std::operator<<<struct_std::char_traits<char>_>(pbVar7,"\n");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_258);
+ tVar17 = 0x15;
+ this_01 = local_598;
+LAB_1:
+ std::
+ basic_stringstream<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _vbase_destructor_(this_01);
+ uVar6 = 0;
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_438);
+ uVar18 = uVar6;
+ if (local_7b0 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(local_7b0);
+ }
+ break;
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_438);
+ if (local_7b0 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(local_7b0);
+ }
+ }
+ }
+ std::make_shared<class_tdt_library_v_next::tdt_threads::thread_pool_imp>(&local_798);
+ if (tVar17 == 0) {
+ if (uVar18 == 0) {
+ if (uVar16 == 1) {
+ local_708.u = (_union_552)0x0;
+ local_708.dwPageSize = 0;
+ local_708.lpMinimumApplicationAddress = (LPVOID)0x0;
+ local_708.lpMaximumApplicationAddress = (LPVOID)0x0;
+ local_708.dwActiveProcessorMask = 0;
+ local_708.dwNumberOfProcessors = 0;
+ local_708.dwProcessorType = 0;
+ local_708.dwAllocationGranularity = 0;
+ local_708.wProcessorLevel = 0;
+ local_708.wProcessorRevision = 0;
+ GetNativeSystemInfo(&local_708);
+ uVar18 = local_708.dwNumberOfProcessors;
+ }
+ else {
+ local_738.u = (_union_552)0x0;
+ local_738.dwPageSize = 0;
+ local_738.lpMinimumApplicationAddress = (LPVOID)0x0;
+ local_738.lpMaximumApplicationAddress = (LPVOID)0x0;
+ local_738.dwActiveProcessorMask = 0;
+ local_738.dwNumberOfProcessors = 0;
+ local_738.dwProcessorType = 0;
+ local_738.dwAllocationGranularity = 0;
+ local_738.wProcessorLevel = 0;
+ local_738.wProcessorRevision = 0;
+ GetNativeSystemInfo(&local_738);
+ uVar18 = local_738.dwNumberOfProcessors / uVar16;
+ }
+ }
+ if (uVar18 < 2) {
+ uVar18 = 2;
+ }
+ local_748 = &DAT_0;
+ std::_Mutex_base::lock((_Mutex_base *)&DAT_0);
+ if ((_m_instance != (logger *)0x0) && (*(uint *)(_m_instance + 0x6c) < 3)) {
+ uStack_450 = 0;
+ local_448 = 0;
+ local_440 = 0xf;
+ local_458 = (undefined8 ****)0x0;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_458,"ERROR: formatting message!");
+ cVar4 = '8';
+ iVar5 = snprintf((undefined *)0x0,0,0x75aef9638,(ulonglong)uVar18);
+ iVar5 = iVar5 + 1;
+ if (0 < iVar5) {
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ resize((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_458,(longlong)iVar5,cVar4);
+ ppppuVar12 = &local_458;
+ if (0xf < local_440) {
+ ppppuVar12 = (undefined8 ****)local_458;
+ }
+ snprintf((undefined *)ppppuVar12,(longlong)iVar5,0x75aef9638,(ulonglong)uVar18);
+ ppppuVar12 = &local_458;
+ if (0xf < local_440) {
+ ppppuVar12 = (undefined8 ****)local_458;
+ }
+ lVar13 = local_448 + -1;
+ if (*(char *)((longlong)ppppuVar12 + lVar13) == '\0') {
+ ppppuVar12 = &local_458;
+ if (0xf < local_440) {
+ ppppuVar12 = (undefined8 ****)local_458;
+ }
+ local_448 = lVar13;
+ *(undefined *)((longlong)ppppuVar12 + lVar13) = 0;
+ }
+ }
+ plVar2 = _m_instance;
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_2d8,"root");
+ logger_client::logger::log
+ (plVar2,2,local_2d8,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )&local_458);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_2d8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_458);
+ }
+ _Mtx_unlock(0x75b251fb0);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>
+ (*(basic_ostream<char,struct_std::char_traits<char>_> **)(this + 0x2c8),
+ "Configuring the thread pool with ");
+ pbVar7 = std::basic_ostream<char,struct_std::char_traits<char>_>::operator<<(pbVar7,uVar18);
+ std::operator<<<struct_std::char_traits<char>_>(pbVar7," threads\n");
+ if ((local_798 == (undefined8 *)0x0) ||
+ (cVar4 = (**(code **)*local_798)(local_798,uVar18), cVar4 == '\0')) {
+ std::operator<<<struct_std::char_traits<char>_>
+ (*(basic_ostream<char,struct_std::char_traits<char>_> **)(this + 0x2c8),
+ "Error allocating or configuring thread pool\n");
+ tVar17 = 3;
+ }
+ }
+ uStack_3d0 = 0;
+ local_3c8 = 0;
+ uStack_3c0 = 0xf;
+ local_3d8 = 0;
+ if (tVar17 == 0) {
+ LOCK();
+ this[0x178] = (tdt_agent_impl)0x0;
+ UNLOCK();
+ if (p_Stack_790 != (_Ref_count_base *)0x0) {
+ LOCK();
+ *(int *)(p_Stack_790 + 8) = *(int *)(p_Stack_790 + 8) + 1;
+ UNLOCK();
+ }
+ local_778 = local_798;
+ p_Stack_770 = p_Stack_790;
+ _run_pipeline(this,(vector<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::plugin_base>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel::plugin_base>_>_>
+ *)&local_768,
+ (shared_ptr<class_tdt_library_v_next::tdt_threads::thread_pool> *)&local_778,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_3d8);
+ if (p_Stack_770 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(p_Stack_770);
+ }
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_108,
+ (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_3d8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_e8,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)(this + 0x310));
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_c8,"");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_a8,"");
+ _retrieve_active_profile_settings(this,local_c8,local_a8);
+ bVar3 = tdt_library_v_current::tdt_agent_impl::_is_pipeline_running((tdt_agent_impl *)this);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_418,"start status notification");
+ tdt_status_notification::create_api_status_notification(local_2b8,3,local_418,bVar3);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_418);
+ _invoke_notification_callback
+ (this,*(__int64 *)(this + 0xe0),local_2b8,
+ (vector<unsigned_char,class_std::allocator<unsigned_char>_> *)&DAT_6);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_2b8);
+ tdt_status_notification::api_additional_notification_fields_t::
+ ~api_additional_notification_fields_t((api_additional_notification_fields_t *)local_108);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_3d8);
+ if (p_Stack_790 != (_Ref_count_base *)0x0) {
+ std::_Ref_count_base::_Decref(p_Stack_790);
+ }
+ std::
+ vector<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::isv_sample_agent>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::isv_sample_agent>_>_>
+ ::
+ ~vector<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::isv_sample_agent>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::isv_sample_agent>_>_>
+ ((vector<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::isv_sample_agent>,class_std::allocator<class_std::shared_ptr<class_tdt_library_v_next::bit_shovel_plugins::isv_sample_agent>_>_>
+ *)&local_768);
+ }
+ }
+ else {
std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
+ (local_3f8,"TDT Agent is already running!");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>(local_418,"root");
+ logger_client::logger::log_message(4,local_418,local_3f8);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_418);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_3f8);
+ pbVar7 = std::operator<<<struct_std::char_traits<char>_>
+ (*(basic_ostream<char,struct_std::char_traits<char>_> **)(this + 0x2c8),
+ "TDT Agent is already running!");
+ std::operator<<<struct_std::char_traits<char>_>(pbVar7,"\n\n");
}
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = '8';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe238,*(undefined8 *)(unaff_RBP + 0x180));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe238,*(undefined8 *)(unaff_RBP + 0x180));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = '\0';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe200,*(undefined8 *)(unaff_RBP + 0x188));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe200,*(undefined8 *)(unaff_RBP + 0x188));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = '8';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefdf38,*(undefined8 *)(unaff_RBP + 400));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefdf38,*(undefined8 *)(unaff_RBP + 400));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = '\0';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefdf00,*(undefined8 *)(unaff_RBP + 0x198));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefdf00,*(undefined8 *)(unaff_RBP + 0x198));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = -0x60;
- iVar2 = snprintf((undefined *)0x0,0,0x75aefdfa0,*(undefined8 *)(unaff_RBP + 0x1a0));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefdfa0,*(undefined8 *)(unaff_RBP + 0x1a0));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = 'p';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefdf70,*(undefined8 *)(unaff_RBP + 0x1a8));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefdf70,*(undefined8 *)(unaff_RBP + 0x1a8));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = '\x10';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe010,*(undefined8 *)(unaff_RBP + 0x1b0));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe010,*(undefined8 *)(unaff_RBP + 0x1b0));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = -0x28;
- iVar2 = snprintf((undefined *)0x0,0,0x75aefdfd8,*(undefined8 *)(unaff_RBP + 0x1b8));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefdfd8,*(undefined8 *)(unaff_RBP + 0x1b8));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = 'x';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe078,*(undefined8 *)(unaff_RBP + 0x1c0));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe078,*(undefined8 *)(unaff_RBP + 0x1c0));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = '@';
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe040,*(undefined8 *)(unaff_RBP + 0x1c8));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe040,*(undefined8 *)(unaff_RBP + 0x1c8));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- std::lock_guard<class_std::mutex>::lock_guard<class_std::mutex>
- ((lock_guard<class_std::mutex> *)&stack0x00000030,unaff_RDI);
- if ((_m_instance != (logger *)0x0) && (*(tdt_logging_level_ *)(_m_instance + 0x6c) <= unaff_R13D))
- {
- in_stack_00000080 = 0;
- *(undefined8 *)(unaff_RBP + -0x78) = 0;
- *(undefined8 *)(unaff_RBP + -0x70) = 0xf;
- in_stack_00000078 = (ulonglong)unaff_R12B;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::assign
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,unaff_R15);
- cVar5 = -0x68;
- iVar2 = snprintf((undefined *)0x0,0,0x75aefe298,*(undefined8 *)(unaff_RBP + 0x1d0));
- iVar2 = iVar2 + unaff_R14D;
- if (0 < iVar2) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::resize
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078,(longlong)iVar2,cVar5);
- pcVar3 = std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- data((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- snprintf(pcVar3,(longlong)iVar2,0x75aefe298,*(undefined8 *)(unaff_RBP + 0x1d0));
- pbVar4 = (byte *)std::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ::back((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- *)&stack0x00000078);
- if (*pbVar4 == unaff_R12B) {
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::pop_back
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- }
- }
- plVar1 = _m_instance;
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
- ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),unaff_RSI);
- tdt_library_v_next::logger_client::logger::log
- (plVar1,unaff_R13D,
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x68),
- (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- &stack0x00000078);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )(unaff_RBP + -0x68));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
- )&stack0x00000078);
- }
- _Mtx_unlock(in_stack_00000030);
- (**(code **)(**(longlong **)(in_stack_00000058 + 0x610) + 0x20))
- (*(longlong **)(in_stack_00000058 + 0x610),unaff_RBP + -0x68);
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + -0x60));
- std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
- _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
- (unaff_RBP + 0x38));
- std::vector<char,class_std::allocator<char>_>::_Tidy
- ((vector<char,class_std::allocator<char>_> *)&stack0x00000060);
- __security_check_cookie(*(ulonglong *)(unaff_RBP + 0x1e0) ^ (ulonglong)&stack0x00000000);
+ _Mtx_unlock((longlong)local_788);
+ __security_check_cookie(local_38 ^ (ulonglong)auStackY_808);
return extraout_EAX;
}
MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address |
| ratio | 0.01 |
| i_ratio | 0.83 |
| m_ratio | 0.98 |
| b_ratio | 0.98 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | GetThreatDetails | GetThreatDetails |
| fullname | MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails | MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails |
| refcount | 2 | 2 |
length |
244 | 241 |
| called | __security_check_cookie staticrec_t::GetSigSeq staticrec_t::GetSigSha |
__security_check_cookie staticrec_t::GetSigSeq staticrec_t::GetSigSha |
| calling | MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails | MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails |
| paramcount | 6 | 6 |
address |
75aa2a564 | 75aa215b4 |
| sig | void __thiscall GetThreatDetails(MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1> * this, ulong param_1, ulong * param_2, ulong * param_3, __uint64 * param_4, sha1_t * param_5) | void __thiscall GetThreatDetails(MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1> * this, ulong param_1, ulong * param_2, ulong * param_3, __uint64 * param_4, sha1_t * param_5) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails Diff
--- MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails
+++ MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails
@@ -1,2 +1,61 @@
-Failed to decompile mpengine.dll - .ProgramDB MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>::GetThreatDetails : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* public: void __cdecl MpSignatureSubType<struct staticrec_t,unsigned long,4,0,0,0,struct
+ MpEmptyEnumerator<struct staticrec_t>,0,0,1>::GetThreatDetails(unsigned long,unsigned long &
+ __ptr64,unsigned long & __ptr64,unsigned __int64 & __ptr64,struct sha1_t & __ptr64) __ptr64 */
+
+void __thiscall
+MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>
+::GetThreatDetails(MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>
+ *this,ulong param_1,ulong *param_2,ulong *param_3,__uint64 *param_4,
+ sha1_t *param_5)
+
+{
+ staticrec_t *this_00;
+ undefined auVar1 [16];
+ undefined8 uVar2;
+ undefined4 uVar3;
+ ulonglong uVar4;
+ __uint64 _Var5;
+ undefined8 *puVar6;
+ ulonglong uVar7;
+ longlong lVar8;
+ undefined auStack_58 [32];
+ undefined local_38 [24];
+ ulonglong local_20;
+
+ local_20 = __security_cookie ^ (ulonglong)auStack_58;
+ if ((param_1 < *(uint *)(this + 0x20)) ||
+ ((uint)(*(int *)this + *(int *)(this + 0x20)) <= param_1)) {
+ *param_2 = 0x80000000;
+ *param_3 = 0;
+ *param_4 = 0;
+ *(undefined8 *)param_5 = 0xd4b6b5eeea339da;
+ *(undefined8 *)(param_5 + 8) = 0x90186095efbf5532;
+ uVar3 = 0x907d8af;
+ }
+ else {
+ uVar7 = CONCAT44(0,param_1 - *(int *)(this + 0x20));
+ auVar1._8_8_ = 0;
+ auVar1._0_8_ = uVar7;
+ lVar8 = SUB168(ZEXT816(0x8000018000018001) * auVar1,8);
+ uVar4 = (uVar7 - lVar8 >> 1) + lVar8 >> 0x17;
+ this_00 = (staticrec_t *)
+ (*(longlong *)(*(longlong *)(this + 8) + uVar4 * 0x28) +
+ (uVar7 + uVar4 * -0xaaaaaa) * 0x18);
+ *param_2 = *(ulong *)(this_00 + 0x10);
+ *param_3 = -(uint)(this[0x65] !=
+ (MpSignatureSubType<struct_staticrec_t,unsigned_long,4,0,0,0,struct_MpEmptyEnumerator<struct_staticrec_t>,0,0,1>
+ )0x0) & 0xffffe;
+ _Var5 = staticrec_t::GetSigSeq(this_00);
+ *param_4 = _Var5;
+ puVar6 = (undefined8 *)staticrec_t::GetSigSha(this_00,local_38);
+ uVar2 = puVar6[1];
+ *(undefined8 *)param_5 = *puVar6;
+ *(undefined8 *)(param_5 + 8) = uVar2;
+ uVar3 = *(undefined4 *)(puVar6 + 2);
+ }
+ *(undefined4 *)(param_5 + 0x10) = uVar3;
+ __security_check_cookie(local_20 ^ (ulonglong)auStack_58);
+ return;
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,refcount,length,address,called |
| ratio | 0.08 |
| i_ratio | 0.33 |
| m_ratio | 0.91 |
| b_ratio | 0.91 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | _classify | _classify |
| fullname | tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify | tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify |
refcount |
3 | 5 |
length |
433 | 448 |
called |
__security_check_cookie std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::operator+<char,struct_std::char_traits,class_std::allocator> std::operator+<char,struct_std::char_traits,class_std::allocator> tdt_dt_classify_stream tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model tdt_library_v_current::logger_client::logger::log_message |
__security_check_cookie guard_dispatch_icall std::basic_string<char,struct_std::char_traits,class_std::allocator>::Tidy_deallocate std::basic_string<char,struct_std::char_traits,class_std::allocator>::basic_string<char,struct_std::char_traits,class_std::allocator> std::operator+<char,struct_std::char_traits,class_std::allocator> std::operator+<char,struct_std::char_traits,class_std::allocator> tdt_library_v_current::logger_client::logger::log_message tdt_library_v_next::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model |
| calling | tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_fallback_classify tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::classify |
tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_fallback_classify tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::classify |
| paramcount | 5 | 5 |
address |
75a97a2b0 | 75a95df3c |
| sig | classifier_status_t __thiscall classify(vail_random_forest_classifier_impl * this, __uint64 param_1, vector<float,class_std::allocator> * param_2, vector<float,class_std::allocator_> * param_3, shared_ptr<struct_tdt_library_v_current::bit_shovel_plugins::internal::classifier_model_config> * param_4) | classifier_status_t __thiscall classify(vail_random_forest_classifier_impl * this, __uint64 param_1, vector<float,class_std::allocator> * param_2, vector<float,class_std::allocator_> * param_3, shared_ptr<struct_tdt_library_v_current::bit_shovel_plugins::internal::classifier_model_config> * param_4) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify Called Diff
--- tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify called
+++ tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify called
@@ -1,0 +2 @@
+_guard_dispatch_icall_$fo_default$
@@ -6,2 +6,0 @@
-tdt_dt_classify_stream
-tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_model
@@ -8,0 +8 @@
+tdt_library_v_next::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify_records_using_legacy_modeltdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify Diff
--- tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify
+++ tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify
@@ -1,20 +1,107 @@
-/* WARNING: Control flow encountered bad instruction data */
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+ guard_dispatch_icall */
+/* private: enum tdt_library_v_current::bit_shovel_plugins::classifier_status_t __cdecl
+ tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify(unsigned
+ __int64,class std::vector<float,class std::allocator<float> > const & __ptr64,class
+ std::vector<float,class std::allocator<float> > & __ptr64,class std::shared_ptr<struct
+ tdt_library_v_current::bit_shovel_plugins::internal::classifier_model_config> & __ptr64) __ptr64
+ */
classifier_status_t __thiscall
-tdt_library_v_next::bit_shovel_plugins::core_telemetry_data_buffer_t::_classify
+tdt_library_v_current::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::_classify
(vail_random_forest_classifier_impl *this,__uint64 param_1,
vector<float,class_std::allocator<float>_> *param_2,
vector<float,class_std::allocator<float>_> *param_3,
shared_ptr<struct_tdt_library_v_current::bit_shovel_plugins::internal::classifier_model_config>
*param_4)
{
- longlong in_RAX;
- char in_CF;
+ uint uVar1;
+ uint *puVar2;
+ tdt_status_ tVar3;
+ classifier_status_t extraout_EAX;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar4;
+ uint uVar5;
+ undefined auStackY_d8 [32];
+ ulonglong local_98;
+ longlong local_90;
+ ulonglong local_78;
+ longlong local_70;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> local_58 [32];
+ ulonglong local_38;
- *(char *)(in_RAX + 0xf) = *(char *)(in_RAX + 0xf) + (char)this + in_CF;
- /* WARNING: Bad instruction - Truncating control flow here */
- halt_baddata();
+ local_38 = __security_cookie ^ (ulonglong)auStackY_d8;
+ uVar5 = *(uint *)(this + 0x30);
+ puVar2 = *(uint **)param_4;
+ uVar1 = *puVar2;
+ if (puVar2[0x1c] == 1) {
+ uVar5 = *(uint *)(this + 0x5c);
+ uVar1 = puVar2[1];
+ }
+ if (*(char *)(puVar2 + 0x1f) == '\0') {
+ tVar3 = tdt_library_v_next::bit_shovel_plugins::internal::vail_random_forest_classifier_impl::
+ _classify_records_using_legacy_model
+ ((vail_random_forest_classifier_impl *)this,uVar5,uVar1,param_1,param_2,
+ param_3,(shared_ptr<struct_tdt_library_v_next::bit_shovel_plugins::internal::classifier_model_config>
+ *)param_4);
+ }
+ else {
+ local_90 = *(longlong *)param_2;
+ local_98 = *(longlong *)(param_2 + 8) - local_90 & 0xfffffffffffffffc;
+ local_70 = *(longlong *)param_3;
+ local_78 = *(longlong *)(param_3 + 8) - local_70 & 0xfffffffffffffffc;
+ tVar3 = (**(code **)(this + 0x88))(uVar5,uVar1,param_1,&local_98);
+ }
+ *(tdt_status_ *)(*(longlong *)param_4 + 0x88) = tVar3;
+ if (*(int *)(*(longlong *)param_4 + 0x88) != 0) {
+ if (*(int *)(*(longlong *)param_4 + 0x88) == 4) {
+ pbVar4 = std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (local_58,(undefined8 *)(this + 8),0x75ae39f9c);
+ pbVar4 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ (&local_78,pbVar4,"classifier init was not called.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_98,"root");
+ logger_client::logger::log_message
+ (4,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_98,pbVar4);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_98);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_78);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_58);
+ }
+ else {
+ pbVar4 = std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_78,(undefined8 *)(this + 8),0x75ae39f9c);
+ pbVar4 = (basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ std::operator+<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((undefined8 *)local_58,pbVar4,"classification failed.");
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ ((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_98,"root");
+ logger_client::logger::log_message
+ (4,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *)
+ &local_98,pbVar4);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_98);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate(local_58);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)&local_78);
+ }
+ }
+ __security_check_cookie(local_38 ^ (ulonglong)auStackY_d8);
+ return extraout_EAX;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,sig,address,called |
| ratio | 0.12 |
| i_ratio | 0.59 |
| m_ratio | 0.61 |
| b_ratio | 0.62 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | ZSTD_estimateCCtxSize_usingCCtxParams_internal | ZSTD_estimateCCtxSize_usingCCtxParams_internal |
| fullname | ZSTD_estimateCCtxSize_usingCCtxParams_internal | ZSTD_estimateCCtxSize_usingCCtxParams_internal |
| refcount | 3 | 3 |
length |
483 | 461 |
called |
ZSTD_maxNbSeq ZSTD_sizeof_matchState |
ZSTD_ldm_getMaxNbSeq ZSTD_maxNbSeq ZSTD_sizeof_matchState |
| calling | ZSTD_resetCCtx_internal | ZSTD_resetCCtx_internal |
| paramcount | 9 | 9 |
address |
75a4436f8 | 75abfa5b8 |
sig |
longlong __fastcall ZSTD_estimateCCtxSize_usingCCtxParams_internal(uint * param_1, undefined[16] * param_2, int param_3, int param_4, longlong param_5, longlong param_6, ulonglong param_7, int param_8, ulonglong param_9) | longlong __fastcall ZSTD_estimateCCtxSize_usingCCtxParams_internal(uint * param_1, int * param_2, int param_3, int param_4, longlong param_5, longlong param_6, ulonglong param_7, int param_8, ulonglong param_9) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ZSTD_estimateCCtxSize_usingCCtxParams_internal called
+++ ZSTD_estimateCCtxSize_usingCCtxParams_internal called
@@ -0,0 +1 @@
+ZSTD_ldm_getMaxNbSeq--- ZSTD_estimateCCtxSize_usingCCtxParams_internal
+++ ZSTD_estimateCCtxSize_usingCCtxParams_internal
@@ -1,11 +1,65 @@
longlong ZSTD_estimateCCtxSize_usingCCtxParams_internal
- (uint *param_1,undefined (*param_2) [16],int param_3,int param_4,longlong param_5
- ,longlong param_6,ulonglong param_7,int param_8,ulonglong param_9)
+ (uint *param_1,int *param_2,int param_3,int param_4,longlong param_5,
+ longlong param_6,ulonglong param_7,int param_8,ulonglong param_9)
{
- longlong in_RAX;
+ ulonglong uVar1;
+ longlong lVar2;
+ uint uVar3;
+ ulonglong uVar4;
+ ulonglong uVar5;
+ ulonglong uVar6;
+ int local_38;
+ uint uStack_34;
+ int iStack_30;
+ int iStack_2c;
+ undefined8 local_28;
- return in_RAX;
+ uVar6 = 1L << ((byte)*param_1 & 0x3f);
+ uVar1 = param_7;
+ if (uVar6 < param_7) {
+ uVar1 = uVar6;
+ }
+ if (uVar1 == 0) {
+ param_7 = 1;
+ }
+ else if (uVar6 < param_7) {
+ param_7 = uVar6;
+ }
+ uVar6 = 0;
+ uVar1 = 0x20000;
+ if (param_9 != 0) {
+ uVar1 = param_9;
+ }
+ if (uVar1 < param_7) {
+ param_7 = uVar1;
+ }
+ uVar1 = ZSTD_maxNbSeq(param_7,param_1[4],param_8);
+ lVar2 = ZSTD_sizeof_matchState(param_1,param_4,0,1);
+ local_38 = *param_2;
+ uStack_34 = param_2[1];
+ iStack_30 = param_2[2];
+ iStack_2c = param_2[3];
+ uVar3 = uStack_34;
+ if ((uint)param_2[2] < uStack_34) {
+ uVar3 = param_2[2];
+ }
+ uVar4 = (1L << ((byte)uStack_34 & 0x3f)) * 8;
+ uVar5 = uVar6;
+ if (local_38 == 1) {
+ uVar5 = (1L << ((byte)uStack_34 - (char)uVar3 & 0x3f)) + (-(ulonglong)(uVar4 != 0) & uVar4);
+ }
+ local_28 = *(undefined8 *)(param_2 + 4);
+ uVar4 = uVar6;
+ if (*param_2 == 1) {
+ uVar4 = ZSTD_ldm_getMaxNbSeq(&local_38,param_7);
+ uVar4 = uVar4 * 0xc + 0x3f & 0xffffffffffffffc0;
+ }
+ if (param_8 != 0) {
+ uVar6 = ((param_7 >> 10) + param_7 / 3) * 0x10 + 0x5f & 0xffffffffffffffc0;
+ }
+ return (ulonglong)(-(uint)(param_3 != 0) & 0x1478) + param_5 + param_6 + lVar2 + uVar6 + uVar4 +
+ uVar5 + (uVar1 * 8 + 0x3f & 0xffffffffffffffc0) + uVar1 * 3 + param_7 + 0x4ef8;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address |
| ratio | 0.02 |
| i_ratio | 0.44 |
| m_ratio | 0.99 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | SendParentNotification | SendParentNotification |
| fullname | ProcessContext::SendParentNotification | ProcessContext::SendParentNotification |
| refcount | 2 | 2 |
length |
221 | 237 |
| called | BmInternalInfo::Send ProcessContext::InitializeParentNotification WPP_SF_l `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer |
BmInternalInfo::Send ProcessContext::InitializeParentNotification WPP_SF_l `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer |
| calling | SignatureHandler::HandleNotification | SignatureHandler::HandleNotification |
| paramcount | 2 | 2 |
address |
75a87cdc4 | 75a83eae8 |
| sig | void __thiscall SendParentNotification(ProcessContext * this, PersistentProcessID * param_1) | void __thiscall SendParentNotification(ProcessContext * this, PersistentProcessID * param_1) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- ProcessContext::SendParentNotification
+++ ProcessContext::SendParentNotification
@@ -1,819 +1,40 @@
+
+/* public: void __cdecl ProcessContext::SendParentNotification(struct PersistentProcessID const &
+ __ptr64) __ptr64 */
void __thiscall
-CommonUtil::CRefObjectFor<class_ILuaStandaloneLibrary>::SendParentNotification
- (ProcessContext *this,PersistentProcessID *param_1)
+ProcessContext::SendParentNotification(ProcessContext *this,PersistentProcessID *param_1)
{
- undefined *puVar1;
- long lVar2;
- MP_ERROR MVar3;
- undefined8 *puVar4;
- unordered_map<unsigned_long,unsigned___int64,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned___int64>_>_>
- *this_00;
- wchar_t *pwVar5;
- function<void___cdecl(void)> *pfVar6;
- unordered_map<unsigned_long,unsigned___int64,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned___int64>_>_>
- *this_01;
- CMpSRWLock *pCVar7;
- undefined8 *unaff_RBX;
- longlong unaff_RBP;
- RMID_TYPE RVar8;
- undefined *unaff_RSI;
- AutoInitModules *unaff_RDI;
- undefined uVar9;
- undefined2 uVar10;
- undefined8 unaff_R14;
+ longlong lVar1;
+ undefined8 uVar2;
+ long lVar3;
+ int iVar4;
- puVar1 = unaff_RSI + 1;
- out(*unaff_RSI,(short)param_1);
- param_1[0x4d8b48ff] = (PersistentProcessID)((char)param_1[0x4d8b48ff] >> 7);
- *unaff_RBX = this;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = unaff_RBX;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_CAMP_BmFileOpenByNameList_75b1d6808;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_CAMP_BmFileOpenByNameList_75b1d6808,(_func_MP_ERROR_void_ptr *)0x0,
- (void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_CAMP_MacBMFileOpenExclusions_75b1d6cd0;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_CAMP_MacBMFileOpenExclusions_75b1d6cd0,
- (_func_MP_ERROR_void_ptr *)0x0,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_BmFileChangeOverwriteExclusions_75b1d69b8;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_BmFileChangeOverwriteExclusions_75b1d69b8,
- LoadBmFileOverwriteExclusionsDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_BmFileChangeOverwriteExtensionI_75b1d6b98;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_BmFileChangeOverwriteExtensionI_75b1d6b98,
- LoadBmFileOverwriteInclusionsDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_NpAutoExclusions_75b1d6910;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_NpAutoExclusions_75b1d6910,LoadNpAutoExclusionsDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_NpSettings_75b1d6bc8;
- RegisterForDatabaseVar((DBVarType *)&PTR_s_NpSettings_75b1d6bc8,LoadNpSettingsDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_NpNriSuppressionList_75b1d6b20;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_NpNriSuppressionList_75b1d6b20,LoadNpNriSuppressionListDbVar,
- (void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_BmStartupSlowFriendlyScanSet_75b1d6a48;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_BmStartupSlowFriendlyScanSet_75b1d6a48,
- LoadBmStartupSlowFriendlyScanSetDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_BmTrustedPerfList_75b1d6be0;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_BmTrustedPerfList_75b1d6be0,LoadBmTrustedPerfDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_RegistryWhiteList_75b1d6aa8;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_RegistryWhiteList_75b1d6aa8,LoadRegistryAllowListDbVar,(void *)0x0)
- ;
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_VmProcessProtection_75b1d6a90;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_VmProcessProtection_75b1d6a90,LoadVmProcessProtectionDataDbVar,
- (void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_CfaExemptProcessesByScenario_75b1d68b0;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_CfaExemptProcessesByScenario_75b1d68b0,
- LoadCfaExemptProcessesByScenarioDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_TPTrustedProcesses_75b1d69e8;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_TPTrustedProcesses_75b1d69e8,LoadTPTrustedProcessesDbVar,
- (void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_TPMonitorBlockProcesses_75b1d68e0;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_TPMonitorBlockProcesses_75b1d68e0,LoadTPMonitorBlockProcessesDbVar,
- (void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_TPTrustedProcessesByParent_75b1d6c28;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_TPTrustedProcessesByParent_75b1d6c28,
- LoadTPTrustedProcessesByParentDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_AmsiProcessList_75b1d6d18;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_AmsiProcessList_75b1d6d18,LoadAmsiProcessDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_DlpBlanketPolicyExemption_75b1d6ad8;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_DlpBlanketPolicyExemption_75b1d6ad8,
- LoadDlpBlanketPolicyExemptionDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_DlpBlanketPolicyProcesses_75b1d6958;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_DlpBlanketPolicyProcesses_75b1d6958,
- LoadDlpBlanketPolicyProcessesDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(longlong *)(unaff_RBP + -0x71) = unaff_RBP + -0x79;
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- puVar4 = (undefined8 *)
- std::_Allocate<16,struct_std::_Default_allocate_traits,0>((ulonglong)puVar1 & 0xffffffff)
- ;
- *(undefined8 **)(unaff_RBP + -0x69) = puVar4;
- puVar4[1] = &PTR_s_DlpPrintFileHeuristicPolicyExem_75b1d6bf8;
- RegisterForDatabaseVar
- ((DBVarType *)&PTR_s_DlpPrintFileHeuristicPolicyExem_75b1d6bf8,
- LoadDlpPrintFileHeuristicPolicyExemptionDbVar,(void *)0x0);
- *puVar4 = *(undefined8 *)(unaff_RBP + -0x79);
- *(undefined8 *)(unaff_RBP + -0x69) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x79) = puVar4;
- std::
- _Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ::
- ~_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- ((_Alloc_construct_ptr<class_std::allocator<struct_std::_Flist_node<class_PDBVarTypeWrapper,void*___ptr64>_>_>
- *)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x51) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpPrintFileHeuristicPolicyProcessesDbVar;
- *(undefined ***)(unaff_RBP + -0x71) = &PTR_s_DlpPrintFileHeuristicPolicyProc_75b1d6b80;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x71),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x51));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpDetoursInjectionPolicyInclusionProcessesDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpDetoursInjectionPolicyInclus_75b1d6d30;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpDetoursInjectionPolicyExclusionProcessesDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpDetoursInjectionPolicyExclus_75b1d6a60;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpProcessesExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpProcessesExclusionList_75b1d6b68;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpProcessesCommandLineExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpProcessesCommandLineExclusio_75b1d68c8;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpClipboardApplicationSettingsDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpClipboardApplicationSettings_75b1d67a8;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadAsimovKillBitDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_AsimovKillBitList_75b1d6820;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadModMonEnforceBlockLoadDLLListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_ModMonEnforceBlockLoadDLLList_75b1d6b08;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadModMonEnforceSecureDLLListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_ModMonEnforceSecureDLLList_75b1d6970;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpCloudSyncExclusionPathsDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpCloudSyncExclusionPathList_75b1d6c70;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpUnallowedRDPAppsListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpUnallowedRDPAppsList_75b1d67c0;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpSetWindowsHooksUsedListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpSetWindowsHooksUsedList_75b1d6bb0;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadFsHardeningExclusionProcessListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_FsHardeningExclusionProcessList_75b1d6ac0;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadObHardeningExclusionProcessListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_ObHardeningExclusionProcessList_75b1d6cb8;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadTrustedInstallerHardeningExcludeFlagsDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_MpTrustedInstallerHardeningExcl_75b1d67f0;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDCGroupsDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DeviceControlGroups_75b1d68f8;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDynamicFsHardeningItemsDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_MpDynamicFsHardeningItems_75b1d6af0;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadTrustLabelProtectionItemsDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_MpTrustLabelProtectionItems_75b1d6838;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpJitFileExtensionExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpJitFileExtensionExclusionLis_75b1d6a00;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpJitPathExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpJitPathExclusionList_75b1d6868;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpJitFileExtensionAllowListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpJitFileExtensionAllowList_75b1d6a18;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpJitProcessAllowListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpJitProcessAllowList_75b1d6c88;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpJitProcessExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpJitProcessExclusionList_75b1d6b38;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpAnyAppProcessExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpAnyAppProcessExclusionList_75b1d6880;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpAnyFileProcessExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpAnyFileProcessExclusionList_75b1d6928;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpAnyFileExtensionExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpAnyFileExtensionExclusionLis_75b1d6b50;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = LoadDlpAnyFilePathExclusionListDbVar;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_DlpAnyFilePathExclusionList_75b1d6898;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = ConfigureAuditMode;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_MpDeviceLevelAuditMode_75b1d6940;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(code **)(unaff_RBP + -0x61) = MpBmSequentialFileReadRulesEnd;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_BmSequentialFileReadIncludedExt_75b1d67d8;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = 1;
- *(code **)(unaff_RBP + -0x61) = MpBmSequentialFileReadRulesEnd;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_BmSequentialFileReadIncludedPat_75b1d69a0;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -0x71) = 2;
- *(code **)(unaff_RBP + -0x61) = MpBmSequentialFileReadRulesEnd;
- *(undefined ***)(unaff_RBP + -0x51) = &PTR_s_BmSequentialFileReadExcludedPat_75b1d6c10;
- std::forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_>::
- emplace_front<struct_DBVarType*___ptr64&___ptr64,enum_MP_ERROR_(__cdecl*&___ptr64)(void*___ptr64),void*___ptr64&___ptr64>
- ((forward_list<class_PDBVarTypeWrapper,class_std::allocator<class_PDBVarTypeWrapper>_> *
- )(unaff_RBP + -0x79),(DBVarType **)(unaff_RBP + -0x51),
- (_func_MP_ERROR_void_ptr **)(unaff_RBP + -0x61),(void **)(unaff_RBP + -0x71));
- *(undefined8 *)(unaff_RBP + -9) = unaff_R14;
- *(undefined *)(unaff_RBP + 7) = 1;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- uVar10 = (undefined2)unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x18) = uVar10;
- *(undefined *)(unaff_RBP + 0x17) = 1;
- pwVar5 = L"MpDisableArSensors";
- lVar2 = DcRegisterConfig(L"MpDisableArSensors",(DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(undefined ***)(unaff_RBP + -9) =
- std::_Func_impl_no_alloc<class_<lambda_b571e042799791b545e9627707bd3edd>,void>::vftable;
- *(longlong *)(unaff_RBP + 0x2f) = unaff_RBP + -9;
- pfVar6 = (function<void___cdecl(void)> *)(unaff_RBP + -9);
- lVar2 = DcRegisterReadyCallback(pfVar6);
- CCommonThrowHR::operator=((CCommonThrowHR *)pfVar6,lVar2);
- std::
- _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- *)(unaff_RBP + -9));
- uVar9 = (undefined)unaff_R14;
- *(undefined *)(unaff_RBP + -9) = uVar9;
- *(undefined *)(unaff_RBP + 7) = uVar9;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x17) = uVar10;
- *(undefined *)(unaff_RBP + 0x19) = uVar9;
- pwVar5 = L"MpDisableCopyAcceleration";
- lVar2 = DcRegisterConfig(L"MpDisableCopyAcceleration",(DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(wchar_t **)(unaff_RBP + -9) = L"";
- *(undefined *)(unaff_RBP + 7) = 2;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x17) = uVar10;
- *(undefined *)(unaff_RBP + 0x19) = uVar9;
- pwVar5 = L"MpCopyAccelerationExclusionList";
- lVar2 = DcRegisterConfig(L"MpCopyAccelerationExclusionList",
- (DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(wchar_t **)(unaff_RBP + -9) = L"";
- *(undefined *)(unaff_RBP + 7) = 2;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x17) = uVar10;
- *(undefined *)(unaff_RBP + 0x19) = uVar9;
- pwVar5 = L"MpCopyAccelerationExclusionListByProcessName";
- lVar2 = DcRegisterConfig(L"MpCopyAccelerationExclusionListByProcessName",
- (DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(wchar_t **)(unaff_RBP + -9) = L"";
- *(undefined *)(unaff_RBP + 7) = 2;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x17) = uVar10;
- *(undefined *)(unaff_RBP + 0x19) = uVar9;
- pwVar5 = L"MpCopyAccelerationInclusionList";
- lVar2 = DcRegisterConfig(L"MpCopyAccelerationInclusionList",
- (DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(undefined ***)(unaff_RBP + -9) =
- std::_Func_impl_no_alloc<class_<lambda_363c727d8cddbaa00e589da5723f5c65>,void>::vftable;
- *(longlong *)(unaff_RBP + 0x2f) = unaff_RBP + -9;
- pfVar6 = (function<void___cdecl(void)> *)(unaff_RBP + -9);
- lVar2 = DcRegisterReadyCallback(pfVar6);
- CCommonThrowHR::operator=((CCommonThrowHR *)pfVar6,lVar2);
- std::
- _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- *)(unaff_RBP + -9));
- *(undefined8 *)(unaff_RBP + -9) = 5;
- *(undefined *)(unaff_RBP + 7) = 1;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x18) = uVar10;
- *(undefined *)(unaff_RBP + 0x17) = 1;
- pwVar5 = L"MpCopyAccelerationDynInjectionThreshold";
- lVar2 = DcRegisterConfig(L"MpCopyAccelerationDynInjectionThreshold",
- (DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(undefined8 *)(unaff_RBP + -9) = 0x1e;
- *(undefined *)(unaff_RBP + 7) = 1;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined2 *)(unaff_RBP + 0x18) = uVar10;
- *(undefined *)(unaff_RBP + 0x17) = 1;
- pwVar5 = L"MpCopyAccelerationDynInjectionTimeWindow";
- lVar2 = DcRegisterConfig(L"MpCopyAccelerationDynInjectionTimeWindow",
- (DcRegistrationSettings *)(unaff_RBP + -9));
- CCommonThrowHR::operator=((CCommonThrowHR *)pwVar5,lVar2);
- *(undefined ***)(unaff_RBP + -9) =
- std::_Func_impl_no_alloc<class_<lambda_05f10f943bd5cc760aae78b1b26a94c0>,void>::vftable;
- *(longlong *)(unaff_RBP + 0x2f) = unaff_RBP + -9;
- pfVar6 = (function<void___cdecl(void)> *)(unaff_RBP + -9);
- lVar2 = DcRegisterReadyCallback(pfVar6);
- CCommonThrowHR::operator=((CCommonThrowHR *)pfVar6,lVar2);
- std::
- _Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- ::_Tidy((_Func_class<void,class_std::shared_ptr<class_tdt_library_v_current::bit_shovel_plugins::detection_event_report<0>_>_const&___ptr64>
- *)(unaff_RBP + -9));
- *(undefined8 *)(unaff_RBP + -0x39) = unaff_R14;
- *(undefined8 *)(unaff_RBP + -0x21) = unaff_R14;
- *(undefined8 *)(unaff_RBP + -0x19) = unaff_R14;
- *(code **)(unaff_RBP + -0x41) = BMDetectionReceiver;
- *(undefined *)(unaff_RBP + -0x31) = 0xa8;
- *(code **)(unaff_RBP + -0x29) = BMCreateSignatureMap;
- RVar8 = (int)unaff_R14 + 0xc;
- MVar3 = regcntl((void *)(unaff_RBP + -0x41),(ulonglong)((int)unaff_R14 + 0x30),RVar8);
- if (MVar3 == 0) {
- *(undefined8 *)(unaff_RBP + -9) = unaff_R14;
- *(undefined8 *)(unaff_RBP + -1) = unaff_R14;
- *(undefined *)(unaff_RBP + 7) = 1;
- *(undefined8 *)(unaff_RBP + 0xf) = unaff_R14;
- *(undefined8 *)(unaff_RBP + 0x17) = unaff_R14;
- *(undefined8 *)(unaff_RBP + 0x1f) = unaff_R14;
- *(undefined8 *)(unaff_RBP + -0x41) = *(undefined8 *)(unaff_RBP + -9);
- *(undefined8 *)(unaff_RBP + -0x39) = *(undefined8 *)(unaff_RBP + -1);
- *(undefined8 *)(unaff_RBP + -0x31) = *(undefined8 *)(unaff_RBP + 7);
- *(undefined8 *)(unaff_RBP + -0x29) = *(undefined8 *)(unaff_RBP + 0xf);
- *(undefined8 *)(unaff_RBP + -0x21) = *(undefined8 *)(unaff_RBP + 0x17);
- *(undefined8 *)(unaff_RBP + -0x19) = *(undefined8 *)(unaff_RBP + 0x1f);
- *(BmEnvVarMapping **)(unaff_RBP + -0x19) = &g_BmEnvVarMap;
- *(code **)(unaff_RBP + -0x41) = BMEnvVarReceiver;
- *(undefined *)(unaff_RBP + -0x31) = 0xed;
- *(undefined8 *)(unaff_RBP + -0x29) = unaff_R14;
- pCVar7 = (CMpSRWLock *)0x30;
- MVar3 = regcntl((void *)(unaff_RBP + -0x41),0x30,RVar8);
- if (MVar3 == 0) {
- CGenericAutoLock<struct_CommonUtil::CMpWriteLockFunctor<class_CommonUtil::CMpSRWLock>_>::
- CGenericAutoLock<struct_CommonUtil::CMpWriteLockFunctor<class_CommonUtil::CMpSRWLock>_>
- ((CGenericAutoLock<struct_CommonUtil::CMpWriteLockFunctor<class_CommonUtil::CMpSRWLock>_>
- *)(unaff_RBP + -0x51),pCVar7,RVar8);
- this_00 = (unordered_map<unsigned_long,unsigned___int64,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned___int64>_>_>
- *)operator_new(0x58);
- *(unordered_map<unsigned_long,unsigned___int64,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned___int64>_>_>
- **)(unaff_RBP + -0x71) = this_00;
- memset(this_00,0,0x58);
- this_01 = this_00;
- std::
- unordered_map<unsigned_long,unsigned___int64,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned___int64>_>_>
- ::
- unordered_map<unsigned_long,unsigned___int64,struct_std::hash<unsigned_long>,struct_std::equal_to<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned___int64>_>_>
- (this_00);
- *(undefined8 *)(this_00 + 0x40) = unaff_R14;
- *(undefined8 *)(this_00 + 0x48) = unaff_R14;
- *(undefined8 *)(this_00 + 0x50) = unaff_R14;
- std::
- unique_ptr<class_BmDetectionContainer,struct_std::default_delete<class_BmDetectionContainer>_>
- ::reset((unique_ptr<class_BmDetectionContainer,struct_std::default_delete<class_BmDetectionContainer>_>
- *)this_01,(BmDetectionContainer *)this_00);
- std::unique_lock<class_std::shared_mutex>::~unique_lock<class_std::shared_mutex>
- ((unique_lock<class_std::shared_mutex> *)(unaff_RBP + -0x51));
- puVar4 = (undefined8 *)operator_new(8);
- *puVar4 = `enum_MP_ERROR___cdecl_BmSignatureLoader_init_module(class_AutoInitModules*___ptr64)'
- ::__l2::SignatureLoaderCleanupThread::vftable;
- *(undefined8 *)(unaff_RBP + -0x71) = unaff_R14;
- *(undefined8 **)(unaff_RBP + -0x51) = puVar4;
- AutoInitModules::RegisterThreadCleanup
- (unaff_RDI,
- (CReturnHandle<class_CommonUtil::CAutoUniquePtr<class_IReader,void>_> *)
- (unaff_RBP + -0x51));
- std::
- unique_ptr<`BmSignatureLoader_init_module'::__l2::SignatureLoaderCleanupThread,std::default_delete<`BmSignatureLoader_init_module'::__l2::SignatureLoaderCleanupThread>_>
- ::
- ~unique_ptr<_BmSignatureLoader_init_module_::__l2::SignatureLoaderCleanupThread,std::default_delete<_BmSignatureLoader_init_module_::__l2::SignatureLoaderCleanupThread>_>
- ((longlong *)(unaff_RBP + -0x71));
- RegisterForDatabaseHelper::Dismiss((RegisterForDatabaseHelper *)(unaff_RBP + -0x79));
- *(undefined *)(unaff_RBP + -0x59) = uVar9;
- RegisterForDatabaseHelper::~RegisterForDatabaseHelper
- ((RegisterForDatabaseHelper *)(unaff_RBP + -0x79));
- SignatureContainerInstance::~SignatureContainerInstance
- ((SignatureContainerInstance *)(unaff_RBP + -0x59));
- goto LAB_0;
+ if ((DAT_0 == '\0') &&
+ ((*(longlong *)(this + 0x9b0) != 0 || (lVar3 = InitializeParentNotification(this), -1 < lVar3))
+ )) {
+ lVar1 = *(longlong *)(this + 0x9b0);
+ uVar2 = *(undefined8 *)param_1;
+ *(undefined4 *)(lVar1 + 0x88) = *(undefined4 *)(param_1 + 8);
+ *(int *)(lVar1 + 0x80) = (int)uVar2;
+ *(int *)(lVar1 + 0x84) = (int)((ulonglong)uVar2 >> 0x20);
+ *(undefined4 *)(lVar1 + 0x8c) = 0;
+ iVar4 = BmInternalInfo::Send(*(BmInternalInfo **)(this + 0x9b0));
+ if (iVar4 < 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x5f,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,iVar4);
+ }
+ iVar4 = 0;
+ }
+ if (((iVar4 < 0) && ((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control)) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_l(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x60,
+ &WPP_017801027265304d15fc8d8e152c805f_Traceguids,iVar4);
}
}
- RegisterForDatabaseHelper::~RegisterForDatabaseHelper
- ((RegisterForDatabaseHelper *)(unaff_RBP + -0x79));
- SignatureContainerInstance::~SignatureContainerInstance
- ((SignatureContainerInstance *)(unaff_RBP + -0x59));
-LAB_0:
- __security_check_cookie(*(ulonglong *)(unaff_RBP + 0x37) ^ (ulonglong)&stack0x00000000);
return;
}
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.07 |
| i_ratio | 0.64 |
| m_ratio | 0.99 |
| b_ratio | 0.99 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | nscript_give_infos | nscript_give_infos |
| fullname | nscript_give_infos | nscript_give_infos |
| refcount | 4 | 4 |
length |
678 | 650 |
called |
UnpackVirusName kpopobjectex namefromrecid std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_MyFixupInfoCallback::PageEntry>>,struct_std::Iterator_base0>::operator++ std::map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const,unsigned_long>>>::_Try_emplace<unsigned_long_const&___ptr64> |
UnpackVirusName kpopobject namefromrecid std::Tree_unchecked_const_iterator<class_std::Tree_val<struct_std::Tree_simple_types<struct_MyFixupInfoCallback::PageEntry>>,struct_std::Iterator_base0>::operator++ std::map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const,unsigned_long>>>::_Try_emplace<unsigned_long_const&___ptr64> |
| calling | nscript_init_module | nscript_init_module |
| paramcount | 2 | 2 |
address |
75aa369b0 | 75aa30720 |
| sig | __uint64 __cdecl nscript_give_infos(void * param_1, virinfo * param_2) | __uint64 __cdecl nscript_give_infos(void * param_1, virinfo * param_2) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- nscript_give_infos called
+++ nscript_give_infos called
@@ -2 +2 @@
-kpopobjectex
+kpopobject--- nscript_give_infos
+++ nscript_give_infos
@@ -1,13 +1,117 @@
+
+/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
+/* unsigned __int64 __cdecl nscript_give_infos(void * __ptr64,struct virinfo * __ptr64) */
__uint64 __cdecl nscript_give_infos(void *param_1,virinfo *param_2)
{
- undefined7 extraout_var;
- undefined *unaff_RBX;
- undefined8 *unaff_R14;
+ longlong lVar1;
+ int iVar2;
+ uint *puVar3;
+ longlong *plVar4;
+ char *pcVar5;
+ _Tree_unchecked_const_iterator<class_std::_Tree_val<struct_std::_Tree_simple_types<struct_MyFixupInfoCallback::PageEntry>_>,struct_std::_Iterator_base0>
+ *this;
+ longlong lVar6;
+ ulonglong uVar7;
+ RecInfoCtx *pRVar8;
+ undefined8 local_60 [2];
+ undefined8 local_50 [2];
+ undefined8 local_40 [2];
+ undefined8 local_30 [2];
+ undefined8 local_20 [3];
- *unaff_RBX = (char)((ulonglong)param_1 >> 8);
- JsTree::WorkingStack::leave((WorkingStack *)*unaff_R14);
- return CONCAT71(extraout_var,1);
+ if (g_infoCtx != (RecInfoCtx *)0x0) {
+ pRVar8 = g_infoCtx;
+ if (param_2 == (virinfo *)0x0) {
+ if (*(longlong *)(g_infoCtx + 8) == 0) {
+ return (ulonglong)_g_VdmBruteSigs +
+ (ulonglong)_g_DynamicBruteSigs +
+ (*(longlong *)(spArr + 8) - *(longlong *)spArr) / 0x14 +
+ (*(longlong *)(stdAppendArr + 8) - *(longlong *)stdAppendArr) / 0x14 +
+ (*(longlong *)(stdCrcArr + 8) - *(longlong *)stdCrcArr >> 4);
+ }
+ }
+ else if (*(longlong *)(g_infoCtx + 8) == 0) {
+ if (stdCrcArr != (vector<struct_crcVirType,class_std::allocator<struct_crcVirType>_> *)0x0) {
+ lVar1 = *(longlong *)(stdCrcArr + 8);
+ for (lVar6 = *(longlong *)stdCrcArr; lVar6 != lVar1; lVar6 = lVar6 + 0x10) {
+ pRVar8 = g_infoCtx;
+ puVar3 = (uint *)kpopobject(*(ulong *)(lVar6 + 8));
+ plVar4 = std::
+ map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ ::_Try_emplace<unsigned_long_const&___ptr64>
+ ((map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ *)g_infoCtx,local_60,puVar3,(piecewise_construct_t *)pRVar8);
+ *(int *)(*plVar4 + 0x20) = *(int *)(*plVar4 + 0x20) + 1;
+ }
+ }
+ if (stdAppendArr !=
+ (vector<struct_appendStdType,class_std::allocator<struct_appendStdType>_> *)0x0) {
+ lVar1 = *(longlong *)(stdAppendArr + 8);
+ for (lVar6 = *(longlong *)stdAppendArr; lVar6 != lVar1; lVar6 = lVar6 + 0x14) {
+ pRVar8 = g_infoCtx;
+ puVar3 = (uint *)kpopobject(*(ulong *)(lVar6 + 0xc));
+ plVar4 = std::
+ map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ ::_Try_emplace<unsigned_long_const&___ptr64>
+ ((map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ *)g_infoCtx,local_50,puVar3,(piecewise_construct_t *)pRVar8);
+ *(int *)(*plVar4 + 0x20) = *(int *)(*plVar4 + 0x20) + 1;
+ }
+ }
+ if (spArr != (vector<struct_spType,class_std::allocator<struct_spType>_> *)0x0) {
+ lVar1 = *(longlong *)(spArr + 8);
+ for (lVar6 = *(longlong *)spArr; lVar6 != lVar1; lVar6 = lVar6 + 0x14) {
+ plVar4 = std::
+ map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ ::_Try_emplace<unsigned_long_const&___ptr64>
+ ((map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ *)g_infoCtx,local_40,(uint *)(lVar6 + 0xc),
+ (piecewise_construct_t *)g_infoCtx);
+ *(int *)(*plVar4 + 0x20) = *(int *)(*plVar4 + 0x20) + 1;
+ }
+ }
+ for (uVar7 = 0; uVar7 < _g_VdmBruteSigs; uVar7 = uVar7 + 1) {
+ plVar4 = std::
+ map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ ::_Try_emplace<unsigned_long_const&___ptr64>
+ ((map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ *)g_infoCtx,local_30,(uint *)(DAT_0 + (uVar7 * 3 + 1) * 8),
+ (piecewise_construct_t *)g_infoCtx);
+ *(int *)(*plVar4 + 0x20) = *(int *)(*plVar4 + 0x20) + 1;
+ }
+ for (uVar7 = 0; pRVar8 = g_infoCtx, uVar7 < _g_DynamicBruteSigs; uVar7 = uVar7 + 1) {
+ plVar4 = std::
+ map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ ::_Try_emplace<unsigned_long_const&___ptr64>
+ ((map<unsigned_long,unsigned_long,struct_std::less<unsigned_long>,class_std::allocator<struct_std::pair<unsigned_long_const_,unsigned_long>_>_>
+ *)g_infoCtx,local_20,(uint *)(DAT_1 + (uVar7 * 3 + 1) * 8),
+ (piecewise_construct_t *)g_infoCtx);
+ *(int *)(*plVar4 + 0x20) = *(int *)(*plVar4 + 0x20) + 1;
+ }
+ *(undefined8 *)(g_infoCtx + 0x10) = **(undefined8 **)g_infoCtx;
+ }
+ if (*(longlong *)(pRVar8 + 0x10) != *(longlong *)pRVar8) {
+ pcVar5 = namefromrecid(*(ulong *)(*(longlong *)(pRVar8 + 0x10) + 0x1c));
+ if (pcVar5 == (char *)0x0) {
+ *param_2 = (virinfo)0x0;
+ }
+ else {
+ iVar2 = UnpackVirusName(pcVar5,(char *)param_2);
+ if (iVar2 != 0) {
+ return 1;
+ }
+ }
+ this = (_Tree_unchecked_const_iterator<class_std::_Tree_val<struct_std::_Tree_simple_types<struct_MyFixupInfoCallback::PageEntry>_>,struct_std::_Iterator_base0>
+ *)(g_infoCtx + 0x10);
+ *(uint *)(param_2 + 0x40) = (*(uint *)(*(longlong *)this + 0x20) | 0xffff8000) << 0x10;
+ std::
+ _Tree_unchecked_const_iterator<class_std::_Tree_val<struct_std::_Tree_simple_types<struct_MyFixupInfoCallback::PageEntry>_>,struct_std::_Iterator_base0>
+ ::operator++(this);
+ return 0;
+ }
+ }
+ return 1;
}
std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,refcount,length,address,calling |
| ratio | 0.0 |
| i_ratio | 0.22 |
| m_ratio | 0.74 |
| b_ratio | 0.74 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | _Change_array | _Change_array |
| fullname | std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array | std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array |
refcount |
10 | 4 |
length |
102 | 137 |
| called | std::_Deallocate<16,0> | std::_Deallocate<16,0> |
calling |
std::vector<class_AttributePair,class_std::allocator<class_AttributePair>_>::_Emplace_reallocate<char_const*___ptr64_const&___ptr64,char_const*___ptr64_const&___ptr64,char_const*___ptr64_const&___ptr64,char&__ptr64,unsigned_long,bool> std::vector<class_AttributePair,class_std::allocator<class_AttributePair>>::Reallocate_exactly std::vector<class_CSMSMemRangeInfo,class_std::allocator<class_CSMSMemRangeInfo>>::_Emplace_reallocate<struct__MEMORY_BASIC_INFORMATION&___ptr64,unsigned_long&___ptr64,unsigned_char&__ptr64> std::vector<class_CSMSMemRangeInfo,class_std::allocator<class_CSMSMemRangeInfo>>::_Emplace_reallocate<struct__MEMORY_BASIC_INFORMATION&___ptr64,unsigned_long_const&__ptr64,unsigned_short> std::vector<struct_CPrefixList::SExpandPath,class_std::allocator<struct_CPrefixList::SExpandPath>>::_Resize_reallocate<struct_std::Value_init_tag> std::vector<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry>>::_Resize_reallocate<struct_std::Value_init_tag> std::vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>>::_Emplace_reallocate<struct__mp_resource_t_const&__ptr64> std::vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>>::_Resize_reallocate<struct_std::_Value_init_tag> |
std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::Reallocate_exactly std::vector<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_kcrce_t,unsigned_long,3,1,0,0,struct_kcrce_t,0,0,1>::ChunkEntry>>::_Resize_reallocate<struct_std::Value_init_tag> std::vector<struct__IMAGE_SECTION_HEADER,class_std::allocator<struct__IMAGE_SECTION_HEADER>>::_Emplace_reallocate<struct__IMAGE_SECTION_HEADER_const&___ptr64> |
| paramcount | 4 | 4 |
address |
75a41b748 | 75a6b31f4 |
| sig | void __thiscall Change_array(vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>> * this, ChunkEntry * param_1, __uint64 param_2, __uint64 param_3) | void __thiscall Change_array(vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>> * this, ChunkEntry * param_1, __uint64 param_2, __uint64 param_3) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array Calling Diff
--- std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array calling
+++ std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array calling
@@ -1,5 +1 @@
-std::vector<class_AttributePair,class_std::allocator<class_AttributePair>_>::_Emplace_reallocate<char_const*___ptr64_const&___ptr64,char_const*___ptr64_const&___ptr64,char_const*___ptr64_const&___ptr64,char&___ptr64,unsigned_long,bool>
-std::vector<class_AttributePair,class_std::allocator<class_AttributePair>_>::_Reallocate_exactly
-std::vector<class_CSMSMemRangeInfo,class_std::allocator<class_CSMSMemRangeInfo>_>::_Emplace_reallocate<struct__MEMORY_BASIC_INFORMATION&___ptr64,unsigned_long&___ptr64,unsigned_char&___ptr64>
-std::vector<class_CSMSMemRangeInfo,class_std::allocator<class_CSMSMemRangeInfo>_>::_Emplace_reallocate<struct__MEMORY_BASIC_INFORMATION&___ptr64,unsigned_long_const&___ptr64,unsigned_short>
-std::vector<struct_CPrefixList::SExpandPath,class_std::allocator<struct_CPrefixList::SExpandPath>_>::_Resize_reallocate<struct_std::_Value_init_tag>
+std::vector<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_explicitresourcehash_record,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_explicitresourcehash_record>,0,0,1>::ChunkEntry>_>::_Reallocate_exactly
@@ -7,2 +3 @@
-std::vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>_>::_Emplace_reallocate<struct__mp_resource_t_const&___ptr64>
-std::vector<struct__mp_resource_t,class_std::allocator<struct__mp_resource_t>_>::_Resize_reallocate<struct_std::_Value_init_tag>
+std::vector<struct__IMAGE_SECTION_HEADER,class_std::allocator<struct__IMAGE_SECTION_HEADER>_>::_Emplace_reallocate<struct__IMAGE_SECTION_HEADER_const&___ptr64>std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array Diff
--- std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array
+++ std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array
@@ -1,2 +1,27 @@
-Failed to decompile mpengine.dll - .ProgramDB std::vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>::_Change_array : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* private: void __cdecl std::vector<struct MpSignatureSubType<struct revokedcert_t,unsigned
+ long,1,0,0,0,struct MpEmptyEnumerator<struct revokedcert_t>,0,0,1>::ChunkEntry,class
+ std::allocator<struct MpSignatureSubType<struct revokedcert_t,unsigned long,1,0,0,0,struct
+ MpEmptyEnumerator<struct revokedcert_t>,0,0,1>::ChunkEntry> >::_Change_array(struct
+ MpSignatureSubType<struct revokedcert_t,unsigned long,1,0,0,0,struct MpEmptyEnumerator<struct
+ revokedcert_t>,0,0,1>::ChunkEntry * __ptr64 const,unsigned __int64,unsigned __int64) __ptr64 */
+
+void __thiscall
+std::
+vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>
+::_Change_array(vector<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry,class_std::allocator<struct_MpSignatureSubType<struct_revokedcert_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_revokedcert_t>,0,0,1>::ChunkEntry>_>
+ *this,ChunkEntry *param_1,__uint64 param_2,__uint64 param_3)
+
+{
+ void *pvVar1;
+
+ pvVar1 = *(void **)this;
+ if (pvVar1 != (void *)0x0) {
+ _Deallocate<16,0>(pvVar1,((*(longlong *)(this + 0x10) - (longlong)pvVar1) / 0x28) * 0x28);
+ }
+ *(ChunkEntry **)this = param_1;
+ *(ChunkEntry **)(this + 8) = param_1 + param_2 * 0x28;
+ *(ChunkEntry **)(this + 0x10) = param_1 + param_3 * 0x28;
+ return;
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,sig,address,called |
| ratio | 0.01 |
| i_ratio | 0.48 |
| m_ratio | 0.71 |
| b_ratio | 0.76 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | RegisterBMCallback | RegisterBMCallback |
| fullname | NoteMgr::RegisterBMCallback | NoteMgr::RegisterBMCallback |
| refcount | 3 | 3 |
length |
171 | 166 |
called |
CommonUtil::CAutoMpShutter::~CAutoMpShutter CommonUtil::CMpShutter::Loose CommonUtil::CMpShutter::TryUsing KERNEL32.DLL::AcquireSRWLockExclusive KERNEL32.DLL::ReleaseSRWLockExclusive WPP_SF_ `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer |
CommonUtil::CAutoMpShutter::TryUsing CommonUtil::CAutoMpShutter::~CAutoMpShutter KERNEL32.DLL::AcquireSRWLockExclusive KERNEL32.DLL::ReleaseSRWLockExclusive WPP_SF_ `DecompressLzNt1Buffer'::__l2::UnplibCancelCb::BufferFuzzer |
| calling | BMSRegisterBMCallbacks BMSUnRegisterBMCallbacks |
BMSRegisterBMCallbacks BMSUnRegisterBMCallbacks |
| paramcount | 2 | 3 |
address |
75a779fa4 | 75ac898bc |
sig |
void __thiscall RegisterBMCallback(NoteMgr * this, _func_ulong_MPRTP_NOTIFICATION_ptr * param_1) | void __thiscall RegisterBMCallback(NoteMgr * this, _func_ulong_MPRTP_NOTIFICATION_ptr * param_1, _func_ulong_MPRTP_NOTIFICATION_EX_ptr * param_2) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- NoteMgr::RegisterBMCallback called
+++ NoteMgr::RegisterBMCallback called
@@ -0,0 +1 @@
+CommonUtil::CAutoMpShutter::TryUsing
@@ -2,2 +2,0 @@
-CommonUtil::CMpShutter::Loose
-CommonUtil::CMpShutter::TryUsing--- NoteMgr::RegisterBMCallback
+++ NoteMgr::RegisterBMCallback
@@ -1,2 +1,36 @@
-Failed to decompile mpengine.dll - .ProgramDB NoteMgr::RegisterBMCallback : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* public: void __cdecl NoteMgr::RegisterBMCallback(unsigned long (__cdecl*)(struct
+ MPRTP_NOTIFICATION * __ptr64),unsigned long (__cdecl*)(struct MPRTP_NOTIFICATION_EX * __ptr64))
+ __ptr64 */
+
+void __thiscall
+NoteMgr::RegisterBMCallback
+ (NoteMgr *this,_func_ulong_MPRTP_NOTIFICATION_ptr *param_1,
+ _func_ulong_MPRTP_NOTIFICATION_EX_ptr *param_2)
+
+{
+ NoteMgr *pNVar1;
+ long lVar2;
+ undefined8 local_res8;
+
+ pNVar1 = g_NoteMgr;
+ local_res8 = 0;
+ lVar2 = CommonUtil::CAutoMpShutter::TryUsing
+ ((CAutoMpShutter *)&local_res8,(CMpShutter *)(g_NoteMgr + 0x68));
+ if (lVar2 < 0) {
+ if (((undefined **)WPP_GLOBAL_Control != &WPP_GLOBAL_Control) &&
+ ((WPP_GLOBAL_Control[0x1c] & 1) != 0)) {
+ WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),0x11,
+ &WPP_8a342335c1ca3f79f7beacb891feca86_Traceguids);
+ }
+ }
+ else {
+ AcquireSRWLockExclusive((PSRWLOCK)(pNVar1 + 0x60));
+ *(_func_ulong_MPRTP_NOTIFICATION_ptr **)(pNVar1 + 0x10) = param_1;
+ *(_func_ulong_MPRTP_NOTIFICATION_EX_ptr **)(pNVar1 + 0x18) = param_2;
+ ReleaseSRWLockExclusive((PSRWLOCK)(pNVar1 + 0x60));
+ }
+ CommonUtil::CAutoMpShutter::~CAutoMpShutter((CAutoMpShutter *)&local_res8);
+ return;
+}
+
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,calling,called |
| ratio | 0.01 |
| i_ratio | 0.45 |
| m_ratio | 0.93 |
| b_ratio | 0.92 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | _set_single_profile_config | _set_single_profile_config |
| fullname | tdt_library_v_current::tdt_agent_impl::_set_single_profile_config | tdt_library_v_current::tdt_agent_impl::_set_single_profile_config |
| refcount | 4 | 4 |
length |
332 | 349 |
called |
__security_check_cookie guard_dispatch_icall boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>> boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>>::clear std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>>::emplace<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64> std::Traits_equal<struct_std::char_traits> std::basic_string<char,struct_std::char_traits,class_std::allocator>::_Tidy_deallocate tdt_library_v_current::tdt_agent_impl::_set_config_json |
__security_check_cookie guard_dispatch_icall boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::less<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::get<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>> boost::property_tree::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>::string_path<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>> std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>>::clear std::Hash<class_std::Uset_traits<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,class_std::Uhash_compare<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>>,0>>::emplace<class_std::basic_string<char,struct_std::char_traits,class_std::allocator>_const&__ptr64> std::Traits_equal<struct_std::char_traits> std::basic_string<char,struct_std::char_traits,class_std::allocator>::_Tidy_deallocate tdt_library_v_current::tdt_agent_impl::_check_driver_compatibility tdt_library_v_current::tdt_agent_impl::_set_config_json |
calling |
tdt_library_v_current::tdt_agent_impl::set_configuration tdt_library_v_current::tdt_agent_impl::set_configuration tdt_library_v_current::tdt_agent_impl::set_configuration |
tdt_library_v_current::tdt_agent_impl::set_configuration tdt_library_v_current::tdt_agent_impl::set_configuration tdt_library_v_current::tdt_agent_impl::set_configuration |
| paramcount | 3 | 3 |
address |
75a8ec520 | 75a8bce18 |
| sig | tdt_return_code_ __thiscall set_single_profile_config(tdt_agent_impl * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2) | tdt_return_code_ __thiscall set_single_profile_config(tdt_agent_impl * this, basic_string<char,struct_std::char_traits,class_std::allocator> * param_1, basic_string<char,struct_std::char_traits,class_std::allocator_> * param_2) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- tdt_library_v_current::tdt_agent_impl::_set_single_profile_config called
+++ tdt_library_v_current::tdt_agent_impl::_set_single_profile_config called
@@ -8,0 +9 @@
+tdt_library_v_current::tdt_agent_impl::_check_driver_compatibility--- tdt_library_v_current::tdt_agent_impl::_set_single_profile_config
+++ tdt_library_v_current::tdt_agent_impl::_set_single_profile_config
@@ -1,2 +1,111 @@
-Failed to decompile mpengine.dll - .ProgramDB tdt_library_v_current::tdt_agent_impl::_set_single_profile_config : Error: Decompile error:
-Marshaling error: Did not see expected closing element+
+/* WARNING: Function: _guard_dispatch_icall_$fo_default$ replaced with injection:
+ guard_dispatch_icall */
+/* private: enum tdt_api::tdt_return_code_ __cdecl
+ tdt_library_v_current::tdt_agent_impl::_set_single_profile_config(class
+ std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const &
+ __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >
+ const & __ptr64) __ptr64 */
+
+tdt_return_code_ __thiscall
+tdt_library_v_current::tdt_agent_impl::_set_single_profile_config
+ (tdt_agent_impl *this,
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *param_1,
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *param_2)
+
+{
+ shared_ptr<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>
+ *psVar1;
+ undefined8 *puVar2;
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ *this_00;
+ bool bVar3;
+ tdt_return_code_ tVar4;
+ tdt_return_code_ extraout_EAX;
+ longlong lVar5;
+ basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *pbVar6;
+ undefined8 *puVar7;
+ char ***pppcVar8;
+ undefined auStack_c8 [32];
+ undefined8 local_a8 [2];
+ char **local_98 [2];
+ __uint64 local_88;
+ ulonglong local_80;
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ local_78 [48];
+ ulonglong local_48;
+
+ local_48 = __security_cookie ^ (ulonglong)auStack_c8;
+ lVar5 = (**(code **)(**(longlong **)(this + 0x1a0) + 0x10))();
+ puVar2 = *(undefined8 **)(lVar5 + 8);
+ puVar7 = (undefined8 *)*puVar2;
+ do {
+ if (puVar7 == puVar2) {
+LAB_0:
+ __security_check_cookie(local_48 ^ (ulonglong)auStack_c8);
+ return extraout_EAX;
+ }
+ psVar1 = (shared_ptr<class_boost::property_tree::basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>_>
+ *)(puVar7 + 6);
+ this_00 = *(basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ **)psVar1;
+ boost::property_tree::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::
+ string_path<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_boost::property_tree::id_translator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ (local_78,(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)(this + 0x30));
+ boost::property_tree::
+ basic_ptree<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::less<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>
+ ::get<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>
+ (this_00,local_98,local_78);
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )local_78);
+ pppcVar8 = local_98;
+ if (0xf < local_80) {
+ pppcVar8 = (char ***)local_98[0];
+ }
+ pbVar6 = param_1;
+ if (0xf < *(ulonglong *)(param_1 + 0x18)) {
+ pbVar6 = *(basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> **)
+ param_1;
+ }
+ bVar3 = std::_Traits_equal<struct_std::char_traits<char>_>
+ ((char *)pbVar6,*(__uint64 *)(param_1 + 0x10),(char *)pppcVar8,local_88);
+ if (bVar3) {
+ if (*(longlong *)(param_2 + 0x10) == 0) {
+LAB_1:
+ tVar4 = _check_driver_compatibility(this,psVar1);
+ if (tVar4 == 0) {
+ std::
+ _Hash<class_std::_Uset_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,0>_>
+ ::clear((_Hash<class_std::_Uset_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,0>_>
+ *)(this + 0xe8));
+ std::
+ _Hash<class_std::_Uset_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,0>_>
+ ::
+ emplace<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_const&___ptr64>
+ ((_Hash<class_std::_Uset_traits<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,class_std::_Uhash_compare<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>,struct_std::hash<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,struct_std::equal_to<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>_>,class_std::allocator<class_std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>_>,0>_>
+ *)(this + 0xe8),local_a8,param_1);
+ LOCK();
+ this[0x178] = (tdt_agent_impl)0x1;
+ UNLOCK();
+ }
+ }
+ else {
+ tVar4 = _set_config_json(this,psVar1,param_2);
+ if (tVar4 == 0) goto LAB_1;
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>
+ *)local_98);
+ goto LAB_0;
+ }
+ std::basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_>::
+ _Tidy_deallocate((basic_string<char,struct_std::char_traits<char>,class_std::allocator<char>_> *
+ )local_98);
+ puVar7 = (undefined8 *)*puVar7;
+ } while( true );
+}
+
MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker
| Key | mpengine.dll - mpengine.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.0 |
| i_ratio | 0.06 |
| m_ratio | 0.06 |
| b_ratio | 0.06 |
| match_types | SymbolsHash |
| Key | mpengine.dll | mpengine.dll |
|---|---|---|
| name | PostProcessRecordsWorker | PostProcessRecordsWorker |
| fullname | MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker | MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker |
| refcount | 2 | 2 |
length |
1942 | 1977 |
called |
Expand for full list:WPP_SF_sL |
Expand for full list:WPP_SF_sL |
| calling | MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecords | MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecords |
| paramcount | 1 | 1 |
address |
75a4b4fc4 | 75aa21b30 |
| sig | MP_ERROR __thiscall PostProcessRecordsWorker(MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1> * this) | MP_ERROR __thiscall PostProcessRecordsWorker(MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1> * this) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker Called Diff
--- MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker called
+++ MpSignatureSubType<struct_friendlyfilesha256_t,unsigned_long,1,0,0,0,struct_MpEmptyEnumerator<struct_friendlyfilesha256_t>,0,0,1>::PostProcessRecordsWorker called
@@ -21,0 +22 @@
+std::inplace_merge<struct_friendlyfilesha256_t*___ptr64,struct_std::less<void>_>
@@ -23 +24 @@
-std::vector<class_AttributePair,class_std::allocator<class_AttributePair>_>::_Reallocat