有没有办法在反编译代码中显示这些异常处理程序?
如果__try不查看反汇编,我无法判断一个块在一个块中。
__int64 __fastcall NtDCompositionGetBatchId(int a1, unsigned int a2, _DWORD *a3)
{
_DWORD *v3; // r14
__int64 v4; // r8
int v5; // er13
__int64 v6; // rcx
_DWORD *v7; // rdx
_DWORD *v8; // rdi
signed int v9; // esi
__int64 v10; // rbx
__int64 *v11; // r15
__int64 v12; // rax
struct _ERESOURCE *v13; // rbx
__int64 v14; // rcx
__int64 v15; // rax
struct _ERESOURCE *v16; // rdi
int v17; // er12
__int64 v19; // [rsp+38h] [rbp-50h]
int v20; // [rsp+44h] [rbp-44h]
unsigned int v21; // [rsp+98h] [rbp+10h]
v21 = a2;
v3 = a3;
v4 = a2;
v5 = a1;
if ( !v3 )
return (unsigned int)-1073741811;
v6 = *(_QWORD *)MmUserProbeAddress;
v7 = v3;
if ( (unsigned __int64)v3 >= *(_QWORD *)MmUserProbeAddress )
v7 = *(_DWORD **)MmUserProbeAddress;
*v7 = *v7;
v8 = 0i64;
v9 = 0;
v10 = 0i64;
v11 = 0i64;
v12 = PsGetCurrentProcessWin32Process(v6, v7, v4);
if ( v12 )
v11 = *(__int64 **)(v12 + 256);
if ( v11 )
{
v13 = (struct _ERESOURCE *)v11[1];
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite(v13, 1u);
v14 = *v11;
v10 = 0i64;
LODWORD(v19) = v5;
*(__int64 *)((char *)&v19 + 4) = 0i64;
v20 = 0;
v15 = RtlLookupElementGenericTable(v14, &v19);
if ( v15 )
v10 = *(_QWORD *)(v15 + 8);
if ( v10 )
{
_InterlockedIncrement((volatile signed __int32 *)(v10 + 8));
v8 = 0i64;
}
else
{
v9 = -1073741790;
}
ExReleaseResourceLite((PERESOURCE)v11[1]);
KeLeaveCriticalRegion();
}
else
{
v9 = -1073741823;
}
if ( v10 )
{
v16 = *(struct _ERESOURCE **)(v10 + 32);
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite(v16, 1u);
v8 = (_DWORD *)v10;
}
if ( v9 >= 0 )
{
if ( (*(unsigned int (__fastcall **)(_DWORD *))(*(_QWORD *)v8 + 8i64))(v8) == 1 )
goto LABEL_16;
v9 = -1073741811;
(**(void (__fastcall ***)(_DWORD *))v8)(v8);
}
v8 = 0i64;
LABEL_16:
if ( v9 >= 0 )
{
if ( v21 == 2 )
{
v17 = v8[96];
}
else if ( v21 )
{
if ( v21 == 1 )
v17 = v8[95];
else
v17 = 0;
}
else
{
v17 = v8[94];
}
(**(void (__fastcall ***)(_DWORD *))v8)(v8);
if ( v9 >= 0 )
*v3 = v17;
}
return (unsigned int)v9;
}