当前位置: 首页 > news >正文

CLruCache::BucketFromIdentifier函数分析

news 2025/8/22 10:47:51


第一部分:

1: kd> p
CRYPT32!CLruCache::FindEntry+0x9:
001b:75c8f388 e833fdffff      call    CRYPT32!CLruCache::BucketFromIdentifier (75c8f0c0)
1: kd> t
CRYPT32!CLruCache::BucketFromIdentifier:
001b:75c8f0c0 55              push    ebp
1: kd> kc
#
00 CRYPT32!CLruCache::BucketFromIdentifier
01 CRYPT32!CLruCache::FindEntry
02 CRYPT32!I_CryptFindLruEntryData
03 WINTRUST!CCatalogCache::FindCachedState
04 WINTRUST!_VerifyTrust
05 WINTRUST!WinVerifyTrust
06 sfc_os!SfcValidateFileSignature
07 sfc_os!SfcGetValidationData
08 sfc_os!SfcValidateDLL
09 sfc_os!SfcQueueValidationThread
0a kernel32!BaseThreadStart
1: kd> dv
this = 0x76819334
pIdentifier = 0x007ce9a4


inline PLRU_CACHE_BUCKET
CLruCache::BucketFromIdentifier (
IN PCRYPT_DATA_BLOB pIdentifier
)
{
DWORD Hash = ( *m_Config.pfnHash )( pIdentifier );

    return( &m_aBucket[ Hash % m_Config.cBuckets ] );
}


第二部分:

1: kd> p
CRYPT32!CLruCache::BucketFromIdentifier+0x9:
001b:75c8f0c9 ff5608          call    dword ptr [esi+8]
1: kd> r
eax=007ce9a4 ebx=007ceb00 ecx=00298168 edx=76819334 esi=00298168 edi=76819334
eip=75c8f0c9 esp=007ce960 ebp=007ce968 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
CRYPT32!CLruCache::BucketFromIdentifier+0x9:
001b:75c8f0c9 ff5608          call    dword ptr [esi+8] ds:0023:00298170={WINTRUST!CatalogCacheHashIdentifier (767ff181)}
1: kd> t
WINTRUST!CatalogCacheHashIdentifier:
001b:767ff181 55              push    ebp
1: kd> kc
#
00 WINTRUST!CatalogCacheHashIdentifier
01 CRYPT32!CLruCache::BucketFromIdentifier
02 CRYPT32!CLruCache::FindEntry
03 CRYPT32!I_CryptFindLruEntryData
04 WINTRUST!CCatalogCache::FindCachedState
05 WINTRUST!_VerifyTrust
06 WINTRUST!WinVerifyTrust
07 sfc_os!SfcValidateFileSignature
08 sfc_os!SfcGetValidationData
09 sfc_os!SfcValidateDLL
0a sfc_os!SfcQueueValidationThread
0b kernel32!BaseThreadStart
1: kd> dv
pIdentifier = 0x007ce9a4
1: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!_CRYPTOAPI_BLOB *)0x7ce9a4)
((WINTRUST!_CRYPTOAPI_BLOB *)0x7ce9a4)                 : 0x7ce9a4 [Type: _CRYPTOAPI_BLOB *]
[+0x000] cbData           : 0x9a [Type: unsigned long]
[+0x004] pbData           : 0x7ceb50 : 0x43 [Type: unsigned char *]

1: kd> db 0x7ceb50
007ceb50  43 00 3a 00 5c 00 57 00-49 00 4e 00 44 00 4f 00  C.:.\.W.I.N.D.O.
007ceb60  57 00 53 00 5c 00 73 00-79 00 73 00 74 00 65 00  W.S.\.s.y.s.t.e.
007ceb70  6d 00 33 00 32 00 5c 00-43 00 61 00 74 00 52 00  m.3.2.\.C.a.t.R.
007ceb80  6f 00 6f 00 74 00 5c 00-7b 00 46 00 37 00 35 00  o.o.t.\.{.F.7.5.
007ceb90  30 00 45 00 36 00 43 00-33 00 2d 00 33 00 38 00  0.E.6.C.3.-.3.8.
007ceba0  45 00 45 00 2d 00 31 00-31 00 44 00 31 00 2d 00  E.E.-.1.1.D.1.-.
007cebb0  38 00 35 00 45 00 35 00-2d 00 30 00 30 00 43 00  8.5.E.5.-.0.0.C.
007cebc0  30 00 34 00 46 00 43 00-32 00 39 00 35 00 45 00  0.4.F.C.2.9.5.E.


第三部分:

DWORD WINAPI
CatalogCacheHashIdentifier (PCRYPT_DATA_BLOB pIdentifier)
{
DWORD  dwHash = 0;
DWORD  cb = pIdentifier->cbData;
LPBYTE pb = pIdentifier->pbData;

    while ( cb-- )
{
if ( dwHash & 0x80000000 )
{
dwHash = ( dwHash << 1 ) | 1;
}
else
{
dwHash = dwHash << 1;
}

        dwHash += *pb++;
}

    return( dwHash );
}

1: kd> p
WINTRUST!CatalogCacheHashIdentifier+0x22:
001b:767ff1a3 03c6            add     eax,esi
1: kd> bp 767ff1a3
1: kd> p
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=00000043 ebx=007ceb00 ecx=007ceb50 edx=0000009a esi=00000043 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

        else
{
dwHash = dwHash << 1;
}

        dwHash += *pb++;

1: kd> p
WINTRUST!CatalogCacheHashIdentifier+0x1d:
001b:767ff19e d1e0            shl     eax,1
1: kd> p
WINTRUST!CatalogCacheHashIdentifier+0x1f:
001b:767ff1a0 0fb631          movzx   esi,byte ptr [ecx]
1: kd> r
eax=00000086 ebx=007ceb00 ecx=007ceb51

1: kd> p
Breakpoint 26 hit
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=00000086 ebx=007ceb00 ecx=007ceb51 edx=00000099 esi=00000000 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

1: kd> p
WINTRUST!CatalogCacheHashIdentifier+0x22:
001b:767ff1a3 03c6            add     eax,esi
1: kd> r
eax=0000010c ebx=007ceb00 ecx=007ceb52 edx=00000098 esi=0000003a edi=76819334
eip=767ff1a3 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
WINTRUST!CatalogCacheHashIdentifier+0x22:
001b:767ff1a3 03c6            add     eax,esi

1: kd> db 0x7ceb50
007ceb50  43 00 3a 00 5c 00 57 00-49 00 4e 00 44 00 4f 00  C.:.\.W.I.N.D.O.

第三次循环到了第三个字节0x3a    esi=0000003a


1: kd> r
eax=0000028c ebx=007ceb00 ecx=007ceb53 edx=00000097 esi=00000000 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

1: kd> pr
Breakpoint 26 hit
eax=00000574 ebx=007ceb00 ecx=007ceb54 edx=00000096 esi=0000005c edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz ac pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

1: kd> g
Breakpoint 26 hit
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=00000ae8 ebx=007ceb00 ecx=007ceb55 edx=00000095 esi=00000000 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

1: kd> g
Breakpoint 26 hit
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=00001627 ebx=007ceb00 ecx=007ceb56 edx=00000094 esi=00000057 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

1: kd> g
Breakpoint 26 hit
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=00002c4e ebx=007ceb00 ecx=007ceb57 edx=00000093 esi=00000000 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx


1: kd> g
Breakpoint 26 hit
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=000058e5 ebx=007ceb00 ecx=007ceb58 edx=00000092 esi=00000049 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz ac po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000212
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

1: kd> g
Breakpoint 26 hit
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx
1: kd> r
eax=0000b1ca ebx=007ceb00 ecx=007ceb59 edx=00000091 esi=00000000 edi=76819334
eip=767ff1a5 esp=007ce954 ebp=007ce958 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
WINTRUST!CatalogCacheHashIdentifier+0x24:
001b:767ff1a5 41              inc     ecx

第四部分:

1: kd> bc 25
1: kd> bc 26
1: kd> gu
CRYPT32!CLruCache::BucketFromIdentifier+0xc:
001b:75c8f0cc 33d2            xor     edx,edx
1: kd> r
eax=27c4477f

{
DWORD Hash = ( *m_Config.pfnHash )( pIdentifier );    eax=27c4477f

    return( &m_aBucket[ Hash % m_Config.cBuckets ] );
}


第五部分:


1: kd> p
CRYPT32!CLruCache::BucketFromIdentifier+0xe:
001b:75c8f0ce f77610          div     eax,dword ptr [esi+10h]
1: kd> r
eax=27c4477f ebx=007ceb00 ecx=007cebea edx=00000000 esi=00298168 edi=76819334
eip=75c8f0ce esp=007ce964 ebp=007ce968 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
CRYPT32!CLruCache::BucketFromIdentifier+0xe:
001b:75c8f0ce f77610          div     eax,dword ptr [esi+10h] ds:0023:00298178=00000003
1: kd> dd 00298168
00298168  00000001 767ff124 767ff181 00000000
00298178  00000003 00000003 00000000 00000000


m_Config.cBuckets    =    0x00000003

1: kd> dv
this = 0x00000000
pIdentifier = 0x007ce9a4
1: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!_LRU_CACHE_CONFIG *)0x76819334))
(*((CRYPT32!_LRU_CACHE_CONFIG *)0x76819334))                 [Type: _LRU_CACHE_CONFIG]
[+0x000] dwFlags          : 0x7d8f8 [Type: unsigned long]
[+0x004] pfnFree          : 0x0 [Type: void (*)(void *)]
[+0x008] pfnHash          : 0x1 [Type: unsigned long (*)(_CRYPTOAPI_BLOB *)]
[+0x00c] pfnOnRemoval     : 0x3bc [Type: void (*)(void *,void *)]
[+0x010] cBuckets         : 0x0 [Type: unsigned long]
[+0x014] MaxEntries       : 0x0 [Type: unsigned long]

1: kd> u 767ff181
WINTRUST!CatalogCacheHashIdentifier [d:\srv03rtm\ds\security\cryptoapi\pkitrust\wintrust\catcache.cpp @ 365]:
767ff181 55              push    ebp
767ff182 8bec            mov     ebp,esp
767ff184 8b4d08          mov     ecx,dword ptr [ebp+8]
767ff187 8b11            mov     edx,dword ptr [ecx]
767ff189 8b4904          mov     ecx,dword ptr [ecx+4]
767ff18c 33c0            xor     eax,eax
767ff18e 85d2            test    edx,edx
767ff190 7418            je      WINTRUST!CatalogCacheHashIdentifier+0x29 (767ff1aa)


1: kd> u 767ff124
WINTRUST!CatalogCacheFreeEntryData [d:\srv03rtm\ds\security\cryptoapi\pkitrust\wintrust\catcache.cpp @ 339]:
767ff124 55              push    ebp
767ff125 8bec            mov     ebp,esp
767ff127 83ec40          sub     esp,40h
767ff12a a1c4918176      mov     eax,dword ptr [WINTRUST!__security_cookie (768191c4)]
767ff12f 8945fc          mov     dword ptr [ebp-4],eax
767ff132 56              push    esi
767ff133 8b7508          mov     esi,dword ptr [ebp+8]
767ff136 57              push    edi

1: kd> ?0x27c4477f%3
Evaluate expression: 1 = 00000001

第六部分:

1: kd> p
CRYPT32!CLruCache::BucketFromIdentifier+0x11:
001b:75c8f0d1 8b4634          mov     eax,dword ptr [esi+34h]
1: kd> r
eax=0d416d2a ebx=007ceb00 ecx=007cebea edx=00000001 esi=00298168 edi=76819334
eip=75c8f0d1 esp=007ce964 ebp=007ce968 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
CRYPT32!CLruCache::BucketFromIdentifier+0x11:
001b:75c8f0d1 8b4634          mov     eax,dword ptr [esi+34h] ds:0023:0029819c=002981b0
1: kd> dd 00298168
00298168  00000001 767ff124 767ff181 00000000
00298178  00000003 00000003 00000000 00000000
00298188  00000000 00000000 00000000 00000000
00298198  00000000 002981b0


1: kd> p
CRYPT32!CLruCache::BucketFromIdentifier+0x15:
001b:75c8f0d5 8d04d0          lea     eax,[eax+edx*8]
1: kd> r
eax=002981b0 ebx=007ceb00 ecx=007cebea edx=00000001 esi=00298168 edi=76819334
eip=75c8f0d5 esp=007ce968 ebp=007ce968 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
CRYPT32!CLruCache::BucketFromIdentifier+0x15:
001b:75c8f0d5 8d04d0          lea     eax,[eax+edx*8]


1: kd> dd 002981b0
002981b0  00000000 00000000 00000009 00000000
002981c0  00000000 00000000 00040009 000e01de
002981d0  003a0043 0057005c 004e0049 004f0044


1: kd> ?002981b0+00000001*8
Evaluate expression: 2720184 = 002981b8


1: kd> p
CRYPT32!CLruCache::BucketFromIdentifier+0x19:
001b:75c8f0d9 c20400          ret     4
1: kd> r
eax=002981b8

第七部分:

1: kd> r
eax=002981b8 ebx=007ceb00 ecx=007cebea edx=00000001 esi=00298168 edi=76819334
eip=75c8f38d esp=007ce974 ebp=007ce978 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
CRYPT32!CLruCache::FindEntry+0xe:
001b:75c8f38d ff750c          push    dword ptr [ebp+0Ch] ss:0023:007ce984=00000001
1: kd> dt LRU_CACHE_BUCKET 002981b8
CRYPT32!LRU_CACHE_BUCKET
+0x000 Usage            : 9
+0x004 pList            : (null)

http://www.dtcms.com/a/343144.html

相关文章:

  • CroCT
  • 在互联网大厂的Java面试:谢飞机的搞笑历险记
  • Uniapp非脚手架项目打包为5+ App后,在Android端按返回键会意外退出应用。
  • 基于昇腾玩转电影级视频生成模型Wan 2.2
  • ES_索引的操作
  • 基础网络模型
  • 【矩池云】实现Pycharm远程连接,上传数据并解压缩
  • 为什么程序部署到线上,就无法读取环境变量了
  • B2B工业品制造业TOB大客户营销培训老师培训师唐兴通谈AI数字化销售AI销冠底层逻辑数字化转型创新增长业绩
  • MyBatis-Plus MetaObjectHandler的几个坑(主要是id字段)
  • 《AI智脉速递》2025 年 8 月15 日 - 21 日
  • JetBrains 内的 GitHub Copilot Agent Mode + MCP:从配置到实战
  • vmware安装centos7
  • 深入理解Java虚拟机:JVM高级特性与最佳实践(第3版)第二章知识点问答(21题)
  • A股大盘数据-20250821 分析
  • 领域驱动中IUnitOfWork是干什么的
  • 【StarRocks】-- SQL CTE 语法
  • 机器学习中的集成算法与 k 均值聚类算法概述
  • 机器学习5
  • 解决办法:Chrome插件不能用,这些扩展程序不再受支持,因此已停用
  • 动态寻北仪如何在矿用掘进机中进行应用?
  • 用Vue2和Echarts画图的基本流程
  • AI升级社区便民服务:AI办事小程序高效办证+应急系统秒响应,告别跑腿愁住得更安心
  • K8s快速上手-微服务篇
  • AI资深 Java 研发专家系统解析Java 中常见的 Queue实现类
  • 【尝试】在macOS上安装cvat
  • unity实现点击rawimage,确定对应的世界坐标点
  • 记录前端菜鸟的日常——小程序内嵌H5页面自定义分享按钮
  • 环形子数组的最大和
  • Ubuntu24.04 交叉编译libuv库(已编译好的) 之undefined reference to `pthread_getname_np‘解决