本文详细介绍了LZMSDecompressFile函数的工作原理,包括初始化解码器、读取压缩文件内容、调用解压缓冲区进行解压等过程,并提供了具体的实现代码。
解读LZMSDecompressFile
HRESULTLZMSDecompressFile(LPWSTRCompressFileName)
{
HRESULTresult = 0;
IRtlFile *pIFile = NULL;
GetInterfaceAndObject(CompressFileName, &pIFile, NULL, GENERIC_WRITE);
LBLOBCompressedContents = { 0,0,0 };
LBLOBDeompressedContents = { 0,0,0 };
pIFile->GetContents(0, &CompressedContents, &result);
pAutoLZMSDecoder_Initialize();
pLZMSDecompressBuffer(12, CompressedContents, &DeompressedContents);
pIFile->SetContents(0, DeompressedContents);
returnresult;
}
如果我们使用系统提供的LZMSDecompressFile 函数,就把中间的一段换成下面的代码:
pLZMSDecompressFile(DCS, pIFile, pIFile);
Windows::WCP::Rtl::LZMSDecompressFile(
unsignedlong,
structWindows::Rtl::IRtlFile *,
structWindows::Rtl::IRtlFile *)
//----- (10227350)--------------------------------------------------------
signed int __stdcall Windows::WCP::Rtl::LZMSDecompressFile(
Windows::WCP::Rtl *this,
unsigned __int32 a2,
structWindows::Rtl::IRtlFile *a3,
structWindows::Rtl::IRtlFile *a4)
{
v4 =*(_DWORD*)a2;
v5 =*(int(__thiscall
**)(unsigned __int32, _DWORD,
int*, _DWORD))(v4+
24);
v6 =*(_DWORD*)(v4+
24);
v11 =0;
v12 =0;
v13 =0;
v7 =v5(a2,
0, &v11,
0); //
pIFile->GetContents(0, &CompressedContents,
&result);
v14 =
0;
v15 =0;
v16 =0;
v7 =Windows::WCP::Rtl::LZMSDecompressBuffer((int)this,
(int)&v11,&v14);
v8 =&v14;
v9 =*(int(__thiscall
**)(struct Windows::Rtl::IRtlFile
*, _DWORD, int
*))(*(_DWORD
*)a3
+
28);
v7 =v9(a3,
0, &v14); //
pIFile->SetContents(0,
DeompressedContents);
Windows::Rtl::AutoBlob<Windows::Auto<_LBLOB>>::Close((int)&v14);
Windows::Rtl::AutoBlob<Windows::Auto<_LBLOB>>::Close((int)&v11);
return 0;
}
Windows::WCP::Rtl::LZMSDecompressBuffer(
unsignedlong,
struct_LBLOB const *,
classWindows::Auto<struct _LBLOB> &)
//----- (10227270) --------------------------------------------------------
signed int __stdcallWindows::WCP::Rtl::LZMSDecompressBuffer(inta1,
int a2, _DWORD *a3)
{
v3 =*(_DWORD*)(a2+
8);
result =RtlAllocateLBlob(*(_DWORD
*)(v3
+
8), (int)a3);
if (result >=
0)
{
v5 =0;
v6 =(int
*)(a1
+
*(_DWORD *)(a2
+
8));
if (*(_DWORD*)(v3+
4)
)
{
do
{
v7 =*(_DWORD*)(a2+
8);
v9 =*(_DWORD*)a2;
if (
(unsigned int)v6
+ -v7
+4
>*(_DWORD*)a2)
return -1073741820;
v8 =*v6;
v12 =v6
+ 1;
v11 =v8;
v10 =v8;
if (
(unsigned int)v6
+ v8 - v7
+4
>v9
)
return 0xC0000004;
v6 =(int
*)((char
*)v6
+ v8 +
4);
result = Windows::WCP::Rtl::LZMSDecode((int)&v10,(int)&v13);
result = RtlAppendLBlobToLBlob((int)&v13,(int)a3);
}
while (
(unsignedint)++v5<
*(_DWORD
*)(v3
+
4) );
}
if (*a3
!=*(_DWORD*)(v3+
8)
)
return -1073741820;
result =0;
}
return result;
}
初始化解码器
//----- (10226E90)--------------------------------------------------------
signed int Windows::WCP::Rtl::AutoLZMSDecoder::Initialize()
{
v1 =0;
Windows::WCP::Rtl::g_LZMSDecoderOutputBuffer =RtlAllocateHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0, 0x100004u);
if (Windows::WCP::Rtl::g_LZMSDecoderOutputBuffer
&&((Windows::WCP::Rtl::g_LZMSDecoderWorkspace
=
(struct_LZMS_DECODER *)LzmsDecoderInit(v2))
!=
0 ?
(v3 =Windows::WCP::Rtl::g_LZMSDecoderOutputBuffer):
(RtlFreeHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0, Windows::WCP::Rtl::g_LZMSDecoderOutputBuffer), v3
=
0, Windows::WCP::Rtl::g_LZMSDecoderOutputBuffer =
0),
v3))
{
Windows::WCP::Rtl::g_fLZMSDecoderInitialized =1;
}
return v1;
}
// 1027FD80: using guessed type boolWindows::WCP::Rtl::g_fLZMSDecoderInitialized;
// 1027FD88: using guessed type struct_LZMS_DECODER *Windows::WCP::Rtl::g_LZMSDecoderWorkspace;
//----- (10226E40)--------------------------------------------------------
BOOLEAN Windows::WCP::Rtl::AutoLZMSEncoder::~AutoLZMSEncoder()
{
if (Windows::WCP::Rtl::g_LZMSEncoderWorkspace
)
{
LzmsEncoderClose();
Windows::WCP::Rtl::g_LZMSEncoderWorkspace =0;
}
result =(unsigned __int8)Windows::WCP::Rtl::g_LZMSEncoderOutputBuffer;
if (Windows::WCP::Rtl::g_LZMSEncoderOutputBuffer
)
{
result =RtlFreeHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0,Windows::WCP::Rtl::g_LZMSEncoderOutputBuffer);
Windows::WCP::Rtl::g_LZMSEncoderOutputBuffer =0;
}
Windows::WCP::Rtl::g_fLZMSEncoderInitialized =0;
return result;
}
扫一扫
1855
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
