WINTRUST!_ExplodeMessag函数中的pCatAdd
第一部分:
BOOL _ExplodeMessage(CRYPT_PROVIDER_DATA *pProvData)
{
。。。。
pCatAdd = pProvData->pPDSip->psSipSubjectInfo->psCatMember;
if ((pCatAdd) && (pCatAdd->pMember) && (pCatAdd->pMember->pIndirectData))
{
memcpy(pProvData->pPDSip->psIndirectData, pCatAdd->pMember->pIndirectData,
sizeof(SIP_INDIRECT_DATA));
第二部分:
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!_PROVDATA_SIP *)0x1c054e8)
((WINTRUST!_PROVDATA_SIP *)0x1c054e8) : 0x1c054e8 [Type: _PROVDATA_SIP *]
[+0x000] cbStruct : 0x28 [Type: unsigned long]
[+0x004] gSubject : {C689AAB8-8E78-11D0-8C47-00C04FC295EE} [Type: _GUID]
[+0x014] pSip : 0x1c2dd98 [Type: SIP_DISPATCH_INFO_ *]
[+0x018] pCATSip : 0x1c52ca8 [Type: SIP_DISPATCH_INFO_ *]
[+0x01c] psSipSubjectInfo : 0x1c53710 [Type: SIP_SUBJECTINFO_ *] [+0x01c] psSipSubjectInfo : 0x1c53710
[+0x020] psSipCATSubjectInfo : 0x1c527f0 [Type: SIP_SUBJECTINFO_ *]
[+0x024] psIndirectData : 0x0 [Type: SIP_INDIRECT_DATA_ *]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!SIP_SUBJECTINFO_ *)0x1c53710)
((WINTRUST!SIP_SUBJECTINFO_ *)0x1c53710) : 0x1c53710 [Type: SIP_SUBJECTINFO_ *]
[+0x000] cbSize : 0x50 [Type: unsigned long]
[+0x004] pgSubjectType : 0x1c13d68 : {C689AAB8-8E78-11D0-8C47-00C04FC295EE} [Type: _GUID *]
[+0x008] hFile : 0x0 [Type: void *]
[+0x00c] pwsFileName : 0x767f29bc : 0x55 [Type: unsigned short *]
[+0x010] pwsDisplayName : 0x767f29bc : 0x55 [Type: unsigned short *]
[+0x014] dwReserved1 : 0x0 [Type: unsigned long]
[+0x018] dwIntVersion : 0x200 [Type: unsigned long]
[+0x01c] hProv : 0x1232758 [Type: unsigned long]
[+0x020] DigestAlgorithm [Type: _CRYPT_ALGORITHM_IDENTIFIER]
[+0x02c] dwFlags : 0x0 [Type: unsigned long]
[+0x030] dwEncodingType : 0x0 [Type: unsigned long]
[+0x034] dwReserved2 : 0x0 [Type: unsigned long]
[+0x038] fdwCAPISettings : 0x23c00 [Type: unsigned long]
[+0x03c] fdwSecuritySettings : 0x2 [Type: unsigned long]
[+0x040] dwIndex : 0x0 [Type: unsigned long]
[+0x044] dwUnionChoice : 0x2 [Type: unsigned long]
[+0x048] psFlat : 0x1750038 [Type: MS_ADDINFO_FLAT_ *]
[+0x048] psCatMember : 0x1750038 [Type: MS_ADDINFO_CATALOGMEMBER_ *]
[+0x048] psBlob : 0x1750038 [Type: MS_ADDINFO_BLOB_ *]
[+0x04c] pClientData : 0x0 [Type: void *]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!MS_ADDINFO_CATALOGMEMBER_ *)0x1750038)
((WINTRUST!MS_ADDINFO_CATALOGMEMBER_ *)0x1750038) : 0x1750038 [Type: MS_ADDINFO_CATALOGMEMBER_ *]
[+0x000] cbStruct : 0xc [Type: unsigned long]
[+0x004] pStore : 0x1c2dcb0 [Type: CRYPTCATSTORE_ *]
[+0x008] pMember : 0x1cdd340 [Type: CRYPTCATMEMBER_ *]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((WINTRUST!CRYPTCATMEMBER_ *)0x1cdd340)
((WINTRUST!CRYPTCATMEMBER_ *)0x1cdd340) : 0x1cdd340 [Type: CRYPTCATMEMBER_ *]
[+0x000] cbStruct : 0x40 [Type: unsigned long]
[+0x004] pwszReferenceTag : 0x1cdd388 : 0x32 [Type: unsigned short *]
[+0x008] pwszFileName : 0x0 [Type: unsigned short *]
[+0x00c] gSubjectType : {C689AAB8-8E78-11D0-8C47-00C04FC295EE} [Type: _GUID]
[+0x01c] fdwMemberFlags : 0x0 [Type: unsigned long]
[+0x020] pIndirectData : 0x1c4a4c0 [Type: SIP_INDIRECT_DATA_ *]
[+0x024] dwCertVersion : 0x200 [Type: unsigned long]
[+0x028] dwReserved : 0x0 [Type: unsigned long]
[+0x02c] hReserved : 0x0 [Type: void *]
[+0x030] sEncodedIndirectData [Type: _CRYPTOAPI_BLOB]
[+0x038] sEncodedMemberInfo [Type: _CRYPTOAPI_BLOB]
0: kd> dt SIP_INDIRECT_DATA_ 0x1c4a4c0
CRYPT32!SIP_INDIRECT_DATA_
+0x000 Data : _CRYPT_ATTRIBUTE_TYPE_VALUE
+0x00c DigestAlgorithm : _CRYPT_ALGORITHM_IDENTIFIER
+0x018 Digest : _CRYPTOAPI_BLOB
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!_CRYPTOAPI_BLOB *)0x1c4a4d8))
(*((CRYPT32!_CRYPTOAPI_BLOB *)0x1c4a4d8)) [Type: _CRYPTOAPI_BLOB]
[+0x000] cbData : 0x14 [Type: unsigned long]
[+0x004] pbData : 0x1723fe8 : 0x2c [Type: unsigned char *]
0: kd> db 0x1723fe8
01723fe8 2c ac 74 89 bc 3c f9 74-71 ec 23 93 d4 38 57 d5 ,.t..<.tq.#..8W.
01723ff8 c0 84 9d 6b 00 00 00 00