CRYPT32!CryptMsgUpdate函数分析之CRYPT32!PkiAsn1Decode函数的作用是得到pci

第一部分：
CryptMsgUpdate(
#endif
IN HCRYPTMSG    hCryptMsg,
IN const BYTE   *pbData,
IN DWORD        cbData,
IN BOOL         fFinal)
{

ContentInfo         *pci = NULL;

if ((PHASE_FIRST_FINAL == pcmi->dwPhase) &&
(0 == pcmi->dwMsgType)) {
if (0 != (Asn1Err = PkiAsn1Decode(
pDec,
(void **)&pci,
ContentInfoNC_PDU,
pbData,
cbData)))

第二部分：

0: kd> p
CRYPT32!CryptMsgUpdate+0x1b2:
001b:75c79dcc e83b110200      call    CRYPT32!PkiAsn1Decode (75c9af0c)
0: kd> t
CRYPT32!PkiAsn1Decode:
001b:75c9af0c 55              push    ebp
0: kd> kc
#
00 CRYPT32!PkiAsn1Decode
01 CRYPT32!CryptMsgUpdate
02 WINTRUST!_GetMessage
03 WINTRUST!SoftpubLoadMessage
04 WINTRUST!_VerifyTrust
05 WINTRUST!WinVerifyTrust
06 sfc_os!SfcValidateFileSignature
07 sfc_os!SfcGetValidationData
08 sfc_os!SfcValidateDLL
09 sfc_os!SfcQueueValidationThread
0a kernel32!BaseThreadStart
0: kd> dv
pDec = 0x012337d0
ppvAsn1Info = 0x007ce944
id = 0x13
pbEncoded = 0x01e00020 "0???"
cbEncoded = 0x96934
0: kd> db 0x01e00020
01e00020  30 83 09 69 2f 06 09 2a-86 48 86 f7 0d 01 07 02  0..i/..*.H......
01e00030  a0 83 09 69 1f 30 83 09-69 1a 02 01 01 31 0b 30  ...i.0..i....1.0
01e00040  09 06 05 2b 0e 03 02 1a-05 00 30 83 09 57 31 06  ...+......0..W1.
01e00050  09 2b 06 01 04 01 82 37-0a 01 a0 83 09 57 21 30  .+.....7.....W!0
01e00060  83 09 57 1c 30 0c 06 0a-2b 06 01 04 01 82 37 0c  ..W.0...+.....7.
01e00070  01 01 04 10 bb fd 30 fb-6f a3 d9 40 82 26 85 87  ......0.o..@.&..
01e00080  87 cd 89 4b 17 0d 32 34-30 39 31 35 30 33 34 35  ...K..2409150345
01e00090  30 36 5a 30 0e 06 0a 2b-06 01 04 01 82 37 0c 01  06Z0...+.....7..
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((CRYPT32!ASN1decoding_s *)0x12337d0)
((CRYPT32!ASN1decoding_s *)0x12337d0)                 : 0x12337d0 [Type: ASN1decoding_s *]
[+0x000] magic            : 0x44434544 [Type: unsigned long]
[+0x004] version          : 0x0 [Type: unsigned long]
[+0x008] module           : 0x75788 [Type: tagASN1module_t *]
[+0x00c] buf              : 0x16cdde1 : 0x30 [Type: unsigned char *]
[+0x010] size             : 0xb [Type: unsigned long]
[+0x014] len              : 0xb [Type: unsigned long]
[+0x018] err              : ASN1_SUCCESS (0) [Type: tagASN1error_e]
[+0x01c] bit              : 0x0 [Type: unsigned long]
[+0x020] pos              : 0x16cddec : 0xa0 [Type: unsigned char *]
[+0x024] eRule            : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x028] dwFlags          : 0x1000 [Type: unsigned long]
0: kd> p
CRYPT32!PkiAsn1Decode+0x1:
001b:75c9af0d 8bec            mov     ebp,esp
0: kd> p
CRYPT32!PkiAsn1Decode+0x3:
001b:75c9af0f 56              push    esi
0: kd> p
CRYPT32!PkiAsn1Decode+0x4:
001b:75c9af10 ff7518          push    dword ptr [ebp+18h]
0: kd> p
CRYPT32!PkiAsn1Decode+0x7:
001b:75c9af13 8b750c          mov     esi,dword ptr [ebp+0Ch]
0: kd> p
CRYPT32!PkiAsn1Decode+0xa:
001b:75c9af16 ff7514          push    dword ptr [ebp+14h]
0: kd> p
CRYPT32!PkiAsn1Decode+0xd:
001b:75c9af19 832600          and     dword ptr [esi],0
0: kd> p
CRYPT32!PkiAsn1Decode+0x10:
001b:75c9af1c 6a08            push    8
0: kd> p
CRYPT32!PkiAsn1Decode+0x12:
001b:75c9af1e ff7510          push    dword ptr [ebp+10h]
0: kd> p
CRYPT32!PkiAsn1Decode+0x15:
001b:75c9af21 56              push    esi
0: kd> p
CRYPT32!PkiAsn1Decode+0x16:
001b:75c9af22 ff7508          push    dword ptr [ebp+8]
0: kd> p
CRYPT32!PkiAsn1Decode+0x19:
001b:75c9af25 e8124f0000      call    CRYPT32!ASN1_Decode (75c9fe3c)
0: kd> t
CRYPT32!ASN1_Decode:
001b:75c9fe3c ff259013c175    jmp     dword ptr [CRYPT32!_imp__ASN1_Decode (75c11390)]
0: kd> p
MSASN1!ASN1_Decode:
001b:75bf7d82 55              push    ebp
0: kd> kc
#
00 MSASN1!ASN1_Decode
01 CRYPT32!PkiAsn1Decode
02 CRYPT32!CryptMsgUpdate
03 WINTRUST!_GetMessage
04 WINTRUST!SoftpubLoadMessage
05 WINTRUST!_VerifyTrust
06 WINTRUST!WinVerifyTrust
07 sfc_os!SfcValidateFileSignature
08 sfc_os!SfcGetValidationData
09 sfc_os!SfcValidateDLL
0a sfc_os!SfcQueueValidationThread
0b kernel32!BaseThreadStart
0: kd> dv
dec = 0x012337d0
valref = 0x007ce944
id = 0x13
flags = 8
pbBuf = 0x01e00020 "0???"
cbBufSize = 0x96934
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((MSASN1!ASN1decoding_s *)0x12337d0)
((MSASN1!ASN1decoding_s *)0x12337d0)                 : 0x12337d0 [Type: ASN1decoding_s *]
[+0x000] magic            : 0x44434544 [Type: unsigned long]
[+0x004] version          : 0x0 [Type: unsigned long]
[+0x008] module           : 0x75788 [Type: tagASN1module_t *]
[+0x00c] buf              : 0x16cdde1 : 0x30 [Type: unsigned char *]
[+0x010] size             : 0xb [Type: unsigned long]
[+0x014] len              : 0xb [Type: unsigned long]
[+0x018] err              : ASN1_SUCCESS (0) [Type: tagASN1error_e]
[+0x01c] bit              : 0x0 [Type: unsigned long]
[+0x020] pos              : 0x16cddec : 0xa0 [Type: unsigned char *]
[+0x024] eRule            : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x028] dwFlags          : 0x1000 [Type: unsigned long]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((MSASN1!tagASN1module_t *)0x75788)
((MSASN1!tagASN1module_t *)0x75788)                 : 0x75788 [Type: tagASN1module_t *]
[+0x000] nModuleName      : 0x73636b70 [Type: unsigned long]
[+0x004] eRule            : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x008] dwFlags          : 0x1000 [Type: unsigned long]
[+0x00c] cPDUs            : 0x30 [Type: unsigned long]
[+0x010] apfnFreeMemory   : 0x75c22418 [Type: void (**)(void *)]
[+0x014] acbStructSize    : 0x75c224d8 : 0x44 [Type: unsigned long *]
[+0x018] PER              [Type: tagASN1PerFunArr_t]
[+0x018] BER              [Type: tagASN1BerFunArr_t]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((MSASN1!tagASN1PerFunArr_t *)0x757a0))
(*((MSASN1!tagASN1PerFunArr_t *)0x757a0))                 [Type: tagASN1PerFunArr_t]
[+0x000] apfnEncoder      : 0x75c22298 [Type: long (**)(ASN1encoding_s *,void *)]
[+0x004] apfnDecoder      : 0x75c22358 [Type: long (**)(ASN1decoding_s *,void *)]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((MSASN1!long (**)(ASN1decoding_s *,void *))0x75c22358)
((MSASN1!long (**)(ASN1decoding_s *,void *))0x75c22358)                 : 0x75c22358 [Type: long (**)(ASN1decoding_s *,void *)]
0x75c7ae10 [Type: long (*)(ASN1decoding_s *,void *)]
0: kd> u 75c7ae10
CRYPT32!ASN1Dec_ObjectID [d:\srv03rtm\ds\security\cryptoapi\pki\wincrmsg\pkcs.c @ 443]:
75c7ae10 55              push    ebp
75c7ae11 8bec            mov     ebp,esp
75c7ae13 8b450c          mov     eax,dword ptr [ebp+0Ch]
75c7ae16 85c0            test    eax,eax
75c7ae18 7503            jne     CRYPT32!ASN1Dec_ObjectID+0xd (75c7ae1d)
75c7ae1a 6a06            push    6
75c7ae1c 58              pop     eax
75c7ae1d ff7510          push    dword ptr [ebp+10h]
0: kd> dd 0x75c22358
75c22358  75c7ae10 75c7ae10 75c8ce81 75c7ae48
75c22368  75c7ae6c 75c7af08 75c7af8e 75c7b0d0
75c22378  75c7b20f 75c7b937 75c7b20f 75c7b37a
75c22388  75c7b4a5 75c7b937 75c7b6b1 75c7b937
75c22398  75c7b937 75c7ba4e 75c7bb9a 75c7bc73
75c223a8  75c7b937 75c7d861 75c7b937 75c7b937
75c223b8  75c7da15 75c7bf62 75c7c106 75c7c2f7
75c223c8  75c7dbbc 75c7c4ac 75c7c600 75c7dd94
0: kd> u 75c7bb9a
CRYPT32!ASN1Dec_ContentInfo [d:\srv03rtm\ds\security\cryptoapi\pki\wincrmsg\pkcs.c @ 1574]:
75c7bb9a 55              push    ebp
75c7bb9b 8bec            mov     ebp,esp
75c7bb9d 83ec10          sub     esp,10h
75c7bba0 8b450c          mov     eax,dword ptr [ebp+0Ch]
75c7bba3 85c0            test    eax,eax
75c7bba5 7503            jne     CRYPT32!ASN1Dec_ContentInfo+0x10 (75c7bbaa)
75c7bba7 6a10            push    10h
75c7bba9 58              pop     eax

第三部分：返回到CRYPT32!PkiAsn1Decode

0: kd> p
CRYPT32!PkiAsn1Decode+0x24:
001b:75c9af30 eb0d            jmp     CRYPT32!PkiAsn1Decode+0x33 (75c9af3f)
0: kd> p
CRYPT32!PkiAsn1Decode+0x33:
001b:75c9af3f 5e              pop     esi
0: kd> p
CRYPT32!PkiAsn1Decode+0x34:
001b:75c9af40 5d              pop     ebp
0: kd> p
CRYPT32!PkiAsn1Decode+0x35:
001b:75c9af41 c21400          ret     14h
0: kd> p
CRYPT32!CryptMsgUpdate+0x1b7:
001b:75c79dd1 8945c8          mov     dword ptr [ebp-38h],eax
0: kd> dv
hCryptMsg = 0x016e7290
pbData = 0x01e00020 "0???"
cbData = 0x96934
fFinal = 0n1
dwError = 0
fRet = 0n0
pci = 0x0007ea10
Asn1Err = 0n272 (No matching enumerant)
cb = 0x75c9d114
pDec = 0x012337d0
pb = 0x75c25e20 "???"
lth = 0n8186136
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((CRYPT32!ContentInfo *)0x7ea10)
((CRYPT32!ContentInfo *)0x7ea10)                 : 0x7ea10 [Type: ContentInfo *]
[+0x000] bit_mask         : 0x80 [Type: unsigned short]
[+0x000] o                [Type: unsigned char [1]]
[+0x004] contentType      [Type: tagASN1objectidentifier2_t]
[+0x048] content          [Type: tagASN1open_t]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!tagASN1objectidentifier2_t *)0x7ea14))
(*((CRYPT32!tagASN1objectidentifier2_t *)0x7ea14))                 [Type: tagASN1objectidentifier2_t]
[+0x000] count            : 0x7 [Type: unsigned short]
[+0x004] value            [Type: unsigned long [16]]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!unsigned long (*)[16])0x7ea18))
(*((CRYPT32!unsigned long (*)[16])0x7ea18))                 [Type: unsigned long [16]]
    [0]              : 0x1 [Type: unsigned long]
[1]              : 0x2 [Type: unsigned long]
[2]              : 0x348 [Type: unsigned long]
[3]              : 0x1bb8d [Type: unsigned long]
[4]              : 0x1 [Type: unsigned long]
[5]              : 0x7 [Type: unsigned long]
[6]              : 0x2 [Type: unsigned long]
[7]              : 0x0 [Type: unsigned long]
[8]              : 0x0 [Type: unsigned long]
[9]              : 0x0 [Type: unsigned long]
[10]             : 0x0 [Type: unsigned long]
[11]             : 0x0 [Type: unsigned long]
[12]             : 0x0 [Type: unsigned long]
[13]             : 0x0 [Type: unsigned long]
[14]             : 0x0 [Type: unsigned long]
[15]             : 0x0 [Type: unsigned long]
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 (*((CRYPT32!tagASN1open_t *)0x7ea58))
(*((CRYPT32!tagASN1open_t *)0x7ea58))                 [Type: tagASN1open_t]
[+0x000] length           : 0x9691f [Type: unsigned long]
[+0x004] encoded          : 0x1e00035 [Type: void *]
[+0x004] value            : 0x1e00035 [Type: void *]