CRYPT32!CryptMsgUpdate函數分析和asn.1 editor nt5inf.cat 的總覽信息

0000: 30 83 09 69 2f??????????????????????????? ; SEQUENCE (9692f Bytes)
0005:??? 06 09????????????????????????????????? ; OBJECT_IDENTIFIER (9 Bytes)
0007:??? |? 2a 86 48 86 f7 0d 01 07? 02
|???? ; "PKCS 7 已簽名 (1.2.840.113549.1.7.2)"
0010:??? a0 83 09 69 1f???????????????????????? ; CONTEXT_SPECIFIC (0) (9691f Bytes)
0015:?????? 30 83 09 69 1a????????????????????? ; SEQUENCE (9691a Bytes)
001a:????????? 02 01??????????????????????????? ; INTEGER (1 Bytes)
001c:????????? |? 01
001d:????????? 31 0b??????????????????????????? ; SET (b Bytes)
001f:????????? |? 30 09???????????????????????? ; SEQUENCE (9 Bytes)
0021:????????? |???? 06 05????????????????????? ; OBJECT_IDENTIFIER (5 Bytes)
0023:????????? |???? |? 2b 0e 03 02 1a
|???? |???? ; "sha1 (1.3.14.3.2.26)"
0028:????????? |???? 05 00????????????????????? ; NULL (0 Bytes)
002a:????????? 30 83 09 57 31?????????????????? ; SEQUENCE (95731 Bytes)
002f:????????? |? 06 09???????????????????????? ; OBJECT_IDENTIFIER (9 Bytes)
0031:????????? |? |? 2b 06 01 04 01 82 37 0a? 01
|? |???? ; "證書信任列表 (1.3.6.1.4.1.311.10.1)"
003a:????????? |? a0 83 09 57 21??????????????? ; CONTEXT_SPECIFIC (0) (95721 Bytes)
003f:????????? |???? 30 83 09 57 1c???????????? ; SEQUENCE (9571c Bytes)
0044:????????? |??????? 30 0c?????????????????? ; SEQUENCE (c Bytes)
0046:????????? |??????? |? 06 0a??????????????? ; OBJECT_IDENTIFIER (a Bytes)
0048:????????? |??????? |???? 2b 06 01 04 01 82 37 0c? 01 01
|??????? |??????? ; "szOID_CATALOG_LIST (1.3.6.1.4.1.311.12.1.1)"
0052:????????? |??????? 04 10?????????????????? ; OCTET_STRING (10 Bytes)
0054:????????? |??????? |? bb fd 30 fb 6f a3 d9 40? 82 26 85 87 87 cd 89 4b? ; ..0.o..@.&.....K
0064:????????? |??????? 17 0d?????????????????? ; UTCTime (d Bytes)
0066:????????? |??????? |? 32 34 30 39 31 35 30 33? 34 35 30 36 5a?????????? ; 240915034506Z
|??????? |???? ; "15.09.2024 11:45:06"
0073:????????? |??????? 30 0e?????????????????? ; SEQUENCE (e Bytes)
0075:????????? |??????? |? 06 0a??????????????? ; OBJECT_IDENTIFIER (a Bytes)
0077:????????? |??????? |? |? 2b 06 01 04 01 82 37 0c? 01 02
|??????? |? |???? ; "szOID_CATALOG_LIST_MEMBER (1.3.6.1.4.1.311.12.1.2)"
0081:????????? |??????? |? 05 00??????????????? ; NULL (0 Bytes)

第一部分：

0: kd> t
CRYPT32!CryptMsgUpdate:
001b:75c79c1a 6a2c??????????? push??? 2Ch
0: kd> kc
#
00 CRYPT32!CryptMsgUpdate
01 WINTRUST!_GetMessage
02 WINTRUST!SoftpubLoadMessage
03 WINTRUST!_VerifyTrust
04 WINTRUST!WinVerifyTrust
05 sfc_os!SfcValidateFileSignature
06 sfc_os!SfcGetValidationData
07 sfc_os!SfcValidateDLL
08 sfc_os!SfcQueueValidationThread
09 kernel32!BaseThreadStart
0: kd> kv
# ChildEBP RetAddr? Args to Child???????????? ?
00 007ce964 76804dc2 016e7290 01e00020 00096934 CRYPT32!CryptMsgUpdate (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\cryptoapi\pki\wincrmsg\wincrmsg.cpp @ 10279]
01 007ce994 76804e66 00096934 7683d010 76819334 WINTRUST!_GetMessage+0x13d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\cryptoapi\pkitrust\softpub\msgprov.cpp @ 551]
02 007ce9ac 767fe0d8 007cea00 01751ff8 007ceb00 WINTRUST!SoftpubLoadMessage+0x73 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\cryptoapi\pkitrust\softpub\msgprov.cpp @ 83]
03 007cea98 767fe3b8 00000000 7683d010 00000000 WINTRUST!_VerifyTrust+0x11c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\cryptoapi\pkitrust\wintrust\winvtrst.cpp @ 372]
04 007ceabc 76837467 00000000 7683d010 007ceb00 WINTRUST!WinVerifyTrust+0x4c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\cryptoapi\pkitrust\wintrust\winvtrst.cpp @ 167]
05 007cf4b8 768378c5 017506a8 00000678 0011a568 sfc_os!SfcValidateFileSignature+0x2ba (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\subsys\sm\sfc\dll\validate.c @ 332]
06 007cf4e0 768379c5 007cf510 007cf508 00000010 sfc_os!SfcGetValidationData+0xe0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\subsys\sm\sfc\dll\validate.c @ 2165]
07 007cf724 76838a3d 0112916c 017506a8 00000000 sfc_os!SfcValidateDLL+0xe4 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\subsys\sm\sfc\dll\validate.c @ 2251]
08 007cffb8 77e41be7 00000000 00000000 00000000 sfc_os!SfcQueueValidationThread+0x4ce (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\subsys\sm\sfc\dll\validate.c @ 1671]
09 007cffec 00000000 7683856f 00000000 00000000 kernel32!BaseThreadStart+0x34 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\win32\client\support.c @ 533]
0: kd> dv
hCryptMsg = 0x016e7290
pbData = 0x01e00020 "0???"
cbData = 0x96934
fFinal = 0n1
dwError = 0xffffffff
fRet = 0n0
pci = 0x75c6fc74
Asn1Err = 0n272 (No matching enumerant)
cb = 0x75c9d114
pDec = 0x007cffdc
pb = 0x75c25e20 "???"
lth = 0n8186136

第二部分：

0: kd> p
CRYPT32!CryptMsgUpdate+0x1b2:
001b:75c79dcc e83b110200????? call??? CRYPT32!PkiAsn1Decode (75c9af0c)
0: kd> t
CRYPT32!PkiAsn1Decode:
001b:75c9af0c 55????????????? push??? ebp
0: kd> kc
#
00 CRYPT32!PkiAsn1Decode
01 CRYPT32!CryptMsgUpdate
02 WINTRUST!_GetMessage
03 WINTRUST!SoftpubLoadMessage
04 WINTRUST!_VerifyTrust
05 WINTRUST!WinVerifyTrust
06 sfc_os!SfcValidateFileSignature
07 sfc_os!SfcGetValidationData
08 sfc_os!SfcValidateDLL
09 sfc_os!SfcQueueValidationThread
0a kernel32!BaseThreadStart
0: kd> dv
pDec = 0x012337d0
ppvAsn1Info = 0x007ce944
id = 0x13
pbEncoded = 0x01e00020 "0???"
cbEncoded = 0x96934
0: kd> db 0x01e00020
01e00020? 30 83 09 69 2f 06 09 2a-86 48 86 f7 0d 01 07 02? 0..i/..*.H......
01e00030? a0 83 09 69 1f 30 83 09-69 1a 02 01 01 31 0b 30? ...i.0..i....1.0
01e00040? 09 06 05 2b 0e 03 02 1a-05 00 30 83 09 57 31 06? ...+......0..W1.
01e00050? 09 2b 06 01 04 01 82 37-0a 01 a0 83 09 57 21 30? .+.....7.....W!0
01e00060? 83 09 57 1c 30 0c 06 0a-2b 06 01 04 01 82 37 0c? ..W.0...+.....7.
01e00070? 01 01 04 10 bb fd 30 fb-6f a3 d9 40 82 26 85 87? ......0.o..@.&..
01e00080? 87 cd 89 4b 17 0d 32 34-30 39 31 35 30 33 34 35? ...K..2409150345
01e00090? 30 36 5a 30 0e 06 0a 2b-06 01 04 01 82 37 0c 01? 06Z0...+.....7..
0: kd> dx -id 0,0,ffffffff89ce3d88 -r1 ((CRYPT32!ASN1decoding_s *)0x12337d0)
((CRYPT32!ASN1decoding_s *)0x12337d0)???????????????? : 0x12337d0 [Type: ASN1decoding_s *]
[+0x000] magic??????????? : 0x44434544 [Type: unsigned long]
[+0x004] version????????? : 0x0 [Type: unsigned long]
[+0x008] module?????????? : 0x75788 [Type: tagASN1module_t *]
[+0x00c] buf????????????? : 0x16cdde1 : 0x30 [Type: unsigned char *]
[+0x010] size???????????? : 0xb [Type: unsigned long]
[+0x014] len????????????? : 0xb [Type: unsigned long]
[+0x018] err????????????? : ASN1_SUCCESS (0) [Type: tagASN1error_e]
[+0x01c] bit????????????? : 0x0 [Type: unsigned long]
[+0x020] pos????????????? : 0x16cddec : 0xa0 [Type: unsigned char *]
[+0x024] eRule??????????? : ASN1_BER_RULE_DER (1024) [Type: ASN1encodingrule_e]
[+0x028] dwFlags????????? : 0x1000 [Type: unsigned long]
0: kd> p
CRYPT32!PkiAsn1Decode+0x1:
001b:75c9af0d 8bec??????????? mov???? ebp,esp
0: kd> p
CRYPT32!PkiAsn1Decode+0x3:
001b:75c9af0f 56????????????? push??? esi
0: kd> p

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/web/94979.shtml
繁體地址，請注明出處：http://hk.pswp.cn/web/94979.shtml
英文地址，請注明出處：http://en.pswp.cn/web/94979.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！