当前位置：首页 > news >正文

SHELL32!ILCombine函数分析之连接两个idl

news 来源：原创 2025/6/26 21:44:59

第一部分：

STDAPI_(LPITEMIDLIST) ILCombine(LPCITEMIDLIST pidl1, LPCITEMIDLIST pidl2)
{
    // Let me pass in NULL pointers
    if (!pidl1)
    {
        if (!pidl2)
        {
            return NULL;
        }
        return ILClone(pidl2);
    }
    else if (!pidl2)
    {
        return ILClone(pidl1);
    }

UINT cb1 = ILGetSize(pidl1) - sizeof(pidl1->mkid.cb);
UINT cb2 = ILGetSize(pidl2);

    VALIDATE_PIDL(pidl1);
    VALIDATE_PIDL(pidl2);
    LPITEMIDLIST pidlNew = _ILCreate(cb1 + cb2);
    if (pidlNew)
    {
        CopyMemory(pidlNew, pidl1, cb1);
        CopyMemory((LPTSTR)(((LPBYTE)pidlNew) + cb1), pidl2, cb2);
        ASSERT(ILGetSize(pidlNew) == cb1+cb2);
    }

return pidlNew;
}

第二部分：

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0

0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x118770)
((SHELL32!_ITEMIDLIST *)0x118770)                 : 0x118770 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x118770))
(*((SHELL32!_SHITEMID *)0x118770))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x14 [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]
0: kd> db 0x118770
00118770 14 00 1f 50 e0 4f d0 20-ea 3a 69 10 a2 d8 08 00 ...P.O. .:i.....
00118780 2b 30 30 9d 19 00 2f 43-3a 5c 00 00 00 00 00 00 +00.../C:\......
00118790 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

第三部分：
0: kd> dv
pidl1 = 0x00111198
pidl2 = 0x0010f8a0

0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x10f8a0)
((SHELL32!_ITEMIDLIST *)0x10f8a0)                 : 0x10f8a0 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x10f8a0))
(*((SHELL32!_SHITEMID *)0x10f8a0))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x5e [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]
0: kd> db 0x10f8a0
0010f8a0 5e 00 32 00 00 00 00 00-54 5a b6 3c 20 00 4e 45 ^.2.....TZ.< .NE
0010f8b0 57 54 45 58 7e 31 2e 54-58 54 00 00 42 00 03 00 WTEX~1.TXT..B...
0010f8c0 04 00 ef be 54 5a a4 3c-54 5a b6 3c 14 00 00 00 ....TZ.<TZ.<....
0010f8d0 4e 00 65 00 77 00 20 00-54 00 65 00 78 00 74 00 N.e.w. .T.e.x.t.
0010f8e0 20 00 44 00 6f 00 63 00-75 00 6d 00 65 00 6e 00   .D.o.c.u.m.e.n.
0010f8f0 74 00 2e 00 74 00 78 00-74 00 00 00 1c 00 00 00 t...t.x.t.......
0010f900 04 00 0d 00 db 01 08 00-4d 00 79 00 20 00 43 00 ........M.y. .C.

第四部分： UINT cb1 = ILGetSize(pidl1) - sizeof(pidl1->mkid.cb);

0: kd> dv
pidl1 = 0x00111198
pidl2 = 0x0010f8a0

cb1 = 0x2d //cb1 = 0x2d= 0x2f-0x2 UINT cb1 = ILGetSize(pidl1) - sizeof(pidl1->mkid.cb);

第五部分： UINT cb2 = ILGetSize(pidl2);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
            cb2 = 0x60
            cb1 = 0x2d

第六部分：
    VALIDATE_PIDL(pidl1);
    VALIDATE_PIDL(pidl2);
    LPITEMIDLIST pidlNew = _ILCreate(cb1 + cb2);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
            cb2 = 0x60
            cb1 = 0x2d
        pidlNew = 0x00118770

第七部分： CopyMemory(pidlNew, pidl1, cb1);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
            cb2 = 0x60
            cb1 = 0x2d
        pidlNew = 0x00118770

0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x118770)
((SHELL32!_ITEMIDLIST *)0x118770)                 : 0x118770 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x118770))
(*((SHELL32!_SHITEMID *)0x118770))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x14 [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]
0: kd> db 0x118770
00118770 14 00 1f 50 e0 4f d0 20-ea 3a 69 10 a2 d8 08 00 ...P.O. .:i.....
00118780 2b 30 30 9d 19 00 2f 43-3a 5c 00 00 00 00 00 00 +00.../C:\......
00118790 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
001187a0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
001187b0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
001187c0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
001187d0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
001187e0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

第八部分： CopyMemory((LPTSTR)(((LPBYTE)pidlNew) + cb1), pidl2, cb2);

0: kd> p
SHELL32!ILCombine+0x162:
001b:77325c3c 50 push eax
0: kd> db 0x118770
00118770 14 00 1f 50 e0 4f d0 20-ea 3a 69 10 a2 d8 08 00 ...P.O. .:i.....
00118780 2b 30 30 9d 19 00 2f 43-3a 5c 00 00 00 00 00 00 +00.../C:\......
00118790 00 00 00 00 00 00 00 00-00 00 00 00 00 5e 00 32 .............^.2
001187a0 00 00 00 00 00 54 5a b6-3c 20 00 4e 45 57 54 45 .....TZ.< .NEWTE
001187b0 58 7e 31 2e 54 58 54 00-00 42 00 03 00 04 00 ef X~1.TXT..B......
001187c0 be 54 5a a4 3c 54 5a b6-3c 14 00 00 00 4e 00 65 .TZ.<TZ.<....N.e
001187d0 00 77 00 20 00 54 00 65-00 78 00 74 00 20 00 44 .w. .T.e.x.t. .D
001187e0 00 6f 00 63 00 75 00 6d-00 65 00 6e 00 74 00 2e .o.c.u.m.e.n.t..
0: kd> db 0x1187f0
001187f0 00 74 00 78 00 74 00 00-00 1c 00 00 00 01 08 00 .t.x.t..........