- Visual Chart Diff
- Metadata
- Deleted
- Added
- Modified
- Modified (No Code Changes)
- CheckWPPLevelFlagsEnabledForProvider
- API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegQueryValueExW
- WPP_SF_L
- ?StringCchPrintfA@@YAJPEAD_KPEBDZZ
- FreeAllPagedBlobs
- ?StringCchCopyA@@YAJPEAD_KPEBD@Z
- WPP_SF_i
- ?StringCchCopyW@@YAJPEAG_KPEBG@Z
- API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL::GetSystemTimeAsFileTime
- ThStateCheckIfTraceToSecondProvier
- SampDsFreeNGCKeyInfo
- StringCbCopyA
- THStateCheckForTraceOverride
- StringCchCatA
- StringCchPrintfW
- StringCchPrintfA
- StringCchCopyW
flowchart LR
EvaluateCurrentStateFromRegistry-0-old<--Match 74%-->EvaluateCurrentStateFromRegistry-0-new
ValidateKeyCredentialLinkAttIsValid-0-old<--Match 74%-->ValidateKeyCredentialLinkAttIsValid-0-new
EvaluateCurrentState-0-old<--Match 42%-->EvaluateCurrentState-0-new
QueryFeatureOverride-0-old<--Match 67%-->QueryFeatureOverride-0-new
CBerDecodeDecodeAttributeList-3-old<--Match 45%-->CBerDecodeDecodeAttributeList-3-new
SamDsNgcWriteKeyForComputer-0-old<--Match 95%-->SamDsNgcWriteKeyForComputer-0-new
StringCchCatA-3-old<--Match 72%-->StringCchCatA-3-new
subgraph ntdsai_KB5073723_NEW.dll
EvaluateCurrentStateFromRegistry-0-new
ValidateKeyCredentialLinkAttIsValid-0-new
EvaluateCurrentState-0-new
QueryFeatureOverride-0-new
CBerDecodeDecodeAttributeList-3-new
SamDsNgcWriteKeyForComputer-0-new
StringCchCatA-3-new
subgraph Added
direction LR
EvaluateFeature
SampDsValidateNgcKeyValueForComputerNew
SampDsValidateNgcKeyValueForComputerNewfin0
end
end
subgraph ntdsai_KB5065428_OLD.dll
EvaluateCurrentStateFromRegistry-0-old
ValidateKeyCredentialLinkAttIsValid-0-old
EvaluateCurrentState-0-old
QueryFeatureOverride-0-old
CBerDecodeDecodeAttributeList-3-old
SamDsNgcWriteKeyForComputer-0-old
StringCchCatA-3-old
subgraph Deleted
direction LR
StringCopyWorkerA
end
end
pie showData
title Function Matches - 99.9826%
"unmatched_funcs_len" : 4
"matched_funcs_len" : 22988
pie showData
title Matched Function Similarity - 99.8825%
"matched_funcs_with_code_changes_len" : 7
"matched_funcs_with_non_code_changes_len" : 20
"matched_funcs_no_changes_len" : 22961
ghidriff --project-location ghidra_projects --project-name ghidriff --symbols-path symbols --gzfs-path gzfs --threaded --log-level INFO --file-log-level INFO --log-path ghidriff.log --min-func-len 10 --gdt [] --bsim --max-ram-percent 60.0 --max-section-funcs 200 ntdsai_KB5065428_OLD.dll ntdsai_KB5073723_NEW.dll
Details
--old ['ntdsai_KB5065428_OLD.dll'] --new [['ntdsai_KB5073723_NEW.dll']] --engine VersionTrackingDiff --output-path ghidriffs --summary False --project-location ghidra_projects --project-name ghidriff --symbols-path symbols --gzfs-path gzfs --base-address None --program-options None --threaded True --force-analysis False --force-diff False --no-symbols False --log-level INFO --file-log-level INFO --log-path ghidriff.log --va False --min-func-len 10 --use-calling-counts False --gdt [] --bsim True --bsim-full False --max-ram-percent 60.0 --print-flags False --jvm-args None --side-by-side False --max-section-funcs 200 --md-title None
wget https://msdl.microsoft.com/download/symbols/ntdsai.dll/5F5A3C5961B000/ntdsai.dll -O ntdsai.dll.x64.10.0.17763.7912
wget https://msdl.microsoft.com/download/symbols/ntdsai.dll/EDC16C7661B000/ntdsai.dll -O ntdsai.dll.x64.10.0.17763.8269
--- ntdsai_KB5065428_OLD.dll Meta
+++ ntdsai_KB5073723_NEW.dll Meta
@@ -1,44 +1,44 @@
-Program Name: ntdsai_KB5065428_OLD.dll
+Program Name: ntdsai_KB5073723_NEW.dll
Language ID: x86:LE:64:default (4.6)
Compiler ID: windows
Processor: x86
Endian: Little
Address Size: 64
Minimum Address: 180000000
Maximum Address: ff0000184f
-# of Bytes: 6393140
+# of Bytes: 6395252
# of Memory Blocks: 10
-# of Instructions: 1061330
-# of Defined Data: 32894
-# of Functions: 11495
-# of Symbols: 127127
+# of Instructions: 1061811
+# of Defined Data: 32905
+# of Functions: 11497
+# of Symbols: 127152
# of Data Types: 2233
# of Data Type Categories: 93
Analyzed: true
Compiler: visualstudio:unknown
Created With Ghidra Version: 12.0.1
-Date Created: Wed Jan 28 19:12:22 CET 2026
+Date Created: Wed Jan 28 19:12:37 CET 2026
Executable Format: Portable Executable (PE)
-Executable Location: /C:/Users/micro/Downloads/ntdsai.dll_diff/ntdsai_KB5065428_OLD.dll
-Executable MD5: 9758ca4ec09abaf4f737a479d7f9eafb
-Executable SHA256: 33f63aa3a8a45115aace527c16c7f753d7aad4d7310ec949b0f141006fc5b719
-FSRL: file:///C:/Users/micro/Downloads/ntdsai.dll_diff/ntdsai_KB5065428_OLD.dll?MD5=9758ca4ec09abaf4f737a479d7f9eafb
+Executable Location: /C:/Users/micro/Downloads/ntdsai.dll_diff/ntdsai_KB5073723_NEW.dll
+Executable MD5: a8203ee34c631133be19fd8c0de3e867
+Executable SHA256: 99959fbc3858f15b543ed9eb113c6d7159ec6fc8d33854a6a26b4b7ba2b58f5c
+FSRL: file:///C:/Users/micro/Downloads/ntdsai.dll_diff/ntdsai_KB5073723_NEW.dll?MD5=a8203ee34c631133be19fd8c0de3e867
PDB Age: 1
PDB File: ntdsai.pdb
-PDB GUID: 1a37b5b6-2ea9-da97-4cbc-b31b980e0bde
+PDB GUID: 0437ef04-3951-14bd-4191-76512735c375
PDB Loaded: true
PDB Version: RSDS
PE Property[CompanyName]: Microsoft Corporation
PE Property[FileDescription]: NT5DS
-PE Property[FileVersion]: 10.0.17763.7912 (WinBuild.160101.0800)
+PE Property[FileVersion]: 10.0.17763.8269 (WinBuild.160101.0800)
PE Property[InternalName]: ntdsai.dll
PE Property[LegalCopyright]: © Microsoft Corporation. All rights reserved.
PE Property[OriginalFilename]: ntdsai.dll
PE Property[ProductName]: Microsoft® Windows® Operating System
-PE Property[ProductVersion]: 10.0.17763.7912
+PE Property[ProductVersion]: 10.0.17763.8269
PE Property[Translation]: 4b00409
Preferred Root Namespace Category:
RTTI Found: true
Relocatable: true
SectionAlignment: 4096
Should Ask To Analyze: false
Ghidra ntdsai_KB5065428_OLD.dll Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra ntdsai_KB5065428_OLD.dll Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra ntdsai_KB5065428_OLD.dll Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | false |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Demangler Microsoft.C-Style Symbol Interpretation | FUNCTION_IF_EXISTS |
| Demangler Microsoft.Demangle Only Known Mangled Symbols | false |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search untrusted symbol servers | false |
| PDB Universal | true |
| PDB Universal.Import Source Line Info | true |
| PDB Universal.Search untrusted symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | true |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | false |
| Stack.Max Threads | 2 |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 256 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
Ghidra ntdsai_KB5073723_NEW.dll Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra ntdsai_KB5073723_NEW.dll Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra ntdsai_KB5073723_NEW.dll Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | false |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Demangler Microsoft.C-Style Symbol Interpretation | FUNCTION_IF_EXISTS |
| Demangler Microsoft.Demangle Only Known Mangled Symbols | false |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search untrusted symbol servers | false |
| PDB Universal | true |
| PDB Universal.Import Source Line Info | true |
| PDB Universal.Search untrusted symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | true |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | false |
| Stack.Max Threads | 2 |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 256 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
| Stat | Value |
|---|---|
| added_funcs_len | 3 |
| deleted_funcs_len | 1 |
| modified_funcs_len | 27 |
| added_symbols_len | 14 |
| deleted_symbols_len | 11 |
| diff_time | 61.581908226013184 |
| deleted_strings_len | 0 |
| added_strings_len | 1 |
| match_types | Counter({'SymbolsHash': 11109, 'ExternalsName': 1154, 'ExactInstructionsFunctionHasher': 273, 'StructuralGraphHash': 40, 'ExactBytesFunctionHasher': 26, 'BSIM': 12, 'BulkInstructionHash': 7, 'SigCallingCalledHasher': 4}) |
| items_to_process | 56 |
| diff_types | Counter({'refcount': 21, 'calling': 19, 'address': 15, 'length': 8, 'code': 7, 'called': 5}) |
| unmatched_funcs_len | 4 |
| total_funcs_len | 22992 |
| matched_funcs_len | 22988 |
| matched_funcs_with_code_changes_len | 7 |
| matched_funcs_with_non_code_changes_len | 20 |
| matched_funcs_no_changes_len | 22961 |
| match_func_similarity_percent | 99.8825% |
| func_match_overall_percent | 99.9826% |
| first_matches | Counter({'SymbolsHash': 11109, 'ExactInstructionsFunctionHasher': 273, 'StructuralGraphHash': 40, 'ExactBytesFunctionHasher': 26, 'BSIM': 11, 'BulkInstructionHash': 7, 'SigCallingCalledHasher': 4}) |
pie showData
title All Matches
"SymbolsHash" : 11109
"ExternalsName" : 1154
"BSIM" : 12
"ExactBytesFunctionHasher" : 26
"ExactInstructionsFunctionHasher" : 273
"BulkInstructionHash" : 7
"SigCallingCalledHasher" : 4
"StructuralGraphHash" : 40
pie showData
title First Matches
"SymbolsHash" : 11109
"ExactBytesFunctionHasher" : 26
"ExactInstructionsFunctionHasher" : 273
"BSIM" : 11
"BulkInstructionHash" : 7
"SigCallingCalledHasher" : 4
"StructuralGraphHash" : 40
pie showData
title Diff Stats
"added_funcs_len" : 3
"deleted_funcs_len" : 1
"modified_funcs_len" : 27
pie showData
title Symbols
"added_symbols_len" : 14
"deleted_symbols_len" : 11
pie showData
title Strings
"deleted_strings_len" : 0
"added_strings_len" : 1
--- deleted strings
+++ added strings
@@ -0,0 +1 @@
+u_%lu_variant
| String | Ref Count | Ref Func |
|---|
| String | Ref Count | Ref Func |
|---|---|---|
| u_%lu_variant | 1 | QueryFeatureOverride |
| Key | ntdsai_KB5065428_OLD.dll |
|---|---|
| name | StringCopyWorkerA |
| fullname | StringCopyWorkerA |
| refcount | 1 |
| length | 74 |
| called | |
| calling | StringCchCatA |
| paramcount | 5 |
| address | 180161860 |
| sig | HRESULT __stdcall StringCopyWorkerA(STRSAFE_LPSTR pszDest, size_t cchDest, size_t * pcchNewDestLength, STRSAFE_PCNZCH pszSrc, size_t cchToCopy) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- StringCopyWorkerA
+++ StringCopyWorkerA
@@ -1,29 +0,0 @@
-
-HRESULT __stdcall
-StringCopyWorkerA(STRSAFE_LPSTR pszDest,size_t cchDest,size_t *pcchNewDestLength,
- STRSAFE_PCNZCH pszSrc,size_t cchToCopy)
-
-{
- longlong lVar1;
- char *pcVar2;
- longlong lVar3;
-
- if (cchDest != 0) {
- lVar1 = 0x7ffffffe;
- lVar3 = (longlong)pszSrc - (longlong)pszDest;
- do {
- if ((lVar1 == 0) || (pszDest[lVar3] == '\0')) break;
- *pszDest = pszDest[lVar3];
- lVar1 = lVar1 + -1;
- pszDest = pszDest + 1;
- cchDest = cchDest - 1;
- } while (cchDest != 0);
- }
- pcVar2 = pszDest + -1;
- if (cchDest != 0) {
- pcVar2 = pszDest;
- }
- *pcVar2 = '\0';
- return ~-(uint)(cchDest != 0) & 0x8007007a;
-}
-
| Key | ntdsai_KB5073723_NEW.dll |
|---|---|
| name | EvaluateFeature |
| fullname | EvaluateFeature |
| refcount | 2 |
| length | 112 |
| called | EvaluateCurrentStateFromRegistry |
| calling | EvaluateCurrentState |
| paramcount | 0 |
| address | 18014aae4 |
| sig | undefined EvaluateFeature(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- EvaluateFeature
+++ EvaluateFeature
@@ -0,0 +1,34 @@
+
+uint EvaluateFeature(undefined8 *param_1)
+
+{
+ uint *puVar1;
+ uint *puVar2;
+ int iVar3;
+ uint uVar4;
+ byte local_res8 [8];
+
+ puVar1 = (uint *)*param_1;
+ puVar2 = (uint *)param_1[3];
+ uVar4 = *puVar1;
+ local_res8[0] = *(byte *)(param_1 + 4);
+ if ((uVar4 == 0) && (*puVar2 == 0x80000000)) {
+ iVar3 = EvaluateCurrentStateFromRegistry
+ (*(undefined4 *)(param_1 + 1),*(undefined4 *)(param_1 + 2),
+ *(undefined4 *)((longlong)param_1 + 0xc),local_res8[0],local_res8);
+ LOCK();
+ if (*puVar1 == 0) {
+ *puVar1 = (iVar3 != 0) + 1;
+ }
+ UNLOCK();
+ LOCK();
+ uVar4 = *puVar2;
+ if (uVar4 == 0x80000000) {
+ *puVar2 = (uint)local_res8[0];
+ uVar4 = 0x80000000;
+ }
+ UNLOCK();
+ }
+ return uVar4;
+}
+
| Key | ntdsai_KB5073723_NEW.dll |
|---|---|
| name | SampDsValidateNgcKeyValueForComputerNew |
| fullname | SampDsValidateNgcKeyValueForComputerNew |
| refcount | 2 |
| length | 1290 |
| called | CheckWPPLevelFlagsEnabledForProvider SampDsFreeNGCKeyInfo SampDsUnpackNgcKeyInfo THStateCheckForTraceOverride ThStateCheckIfTraceToSecondProvier WPP_SF_L WPP_SF_i memset |
| calling | ValidateKeyCredentialLinkAttIsValid |
| paramcount | 0 |
| address | 18015a420 |
| sig | undefined SampDsValidateNgcKeyValueForComputerNew(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- SampDsValidateNgcKeyValueForComputerNew
+++ SampDsValidateNgcKeyValueForComputerNew
@@ -0,0 +1,150 @@
+
+int SampDsValidateNgcKeyValueForComputerNew(undefined8 param_1,undefined8 param_2)
+
+{
+ int iVar1;
+ undefined2 uVar2;
+ undefined4 uVar3;
+ undefined4 uVar4;
+ undefined4 uVar5;
+ undefined8 in_stack_ffffffffffffff90;
+ undefined4 uVar6;
+ int local_68;
+ undefined1 local_58 [56];
+ longlong local_20;
+ uint local_10;
+ byte local_c;
+ byte local_b;
+
+ uVar6 = (undefined4)((ulonglong)in_stack_ffffffffffffff90 >> 0x20);
+ memset(local_58,0,0x50);
+ local_68 = SampDsUnpackNgcKeyInfo(param_1,param_2,local_58);
+ uVar4 = 0;
+ uVar3 = 0;
+ if (local_68 < 0) {
+ iVar1 = THStateCheckForTraceOverride();
+ if (((iVar1 != 0) || (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 != 0)) ||
+ ((gfTraceToSecondProvider != 0 &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))))) {
+ uVar4 = uVar3;
+ if ((gfTraceToSecondProvider != 0) &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))) {
+ uVar4 = 1;
+ }
+ iVar1 = THStateCheckForTraceOverride();
+ if ((iVar1 != 0) || (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 != 0)) {
+ uVar3 = 1;
+ }
+ WPP_SF_L(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),2,0xd,uVar3,uVar4,0x36,
+ &WPP_41402414a7b13ee99617aada8d955873_Traceguids,CONCAT44(uVar6,local_68));
+ }
+ goto LAB_18015a8fe;
+ }
+ local_68 = -0x3ffffff3;
+ if (local_b == 1) {
+ uVar5 = uVar3;
+ if (local_c == 0) {
+ if (local_10 == 2) {
+ if (local_20 == 0) {
+ local_68 = 0;
+ }
+ else {
+ iVar1 = THStateCheckForTraceOverride();
+ if (((iVar1 != 0) || (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 != 0))
+ || ((gfTraceToSecondProvider != 0 &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))))) {
+ uVar4 = uVar3;
+ if ((gfTraceToSecondProvider != 0) &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))) {
+ uVar4 = 1;
+ }
+ iVar1 = THStateCheckForTraceOverride();
+ if ((iVar1 != 0) || (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 != 0))
+ {
+ uVar3 = 1;
+ }
+ WPP_SF_i(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),2,0xd,uVar3,uVar4,0x3a,
+ &WPP_41402414a7b13ee99617aada8d955873_Traceguids,local_20);
+ }
+ }
+ goto LAB_18015a8fe;
+ }
+ iVar1 = THStateCheckForTraceOverride();
+ if (((iVar1 == 0) && (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 == 0)) &&
+ ((gfTraceToSecondProvider == 0 ||
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 == 0 &&
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 == 0 ||
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 == 0))))))))
+ goto LAB_18015a8fe;
+ if ((gfTraceToSecondProvider != 0) &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))) {
+ uVar5 = 1;
+ }
+ iVar1 = THStateCheckForTraceOverride();
+ if ((iVar1 != 0) || (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 != 0)) {
+ uVar3 = 1;
+ }
+ uVar2 = 0x39;
+ }
+ else {
+ iVar1 = THStateCheckForTraceOverride();
+ if (((iVar1 == 0) && (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 == 0)) &&
+ ((gfTraceToSecondProvider == 0 ||
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 == 0 &&
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 == 0 ||
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 == 0))))))))
+ goto LAB_18015a8fe;
+ if ((gfTraceToSecondProvider != 0) &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))) {
+ uVar5 = 1;
+ }
+ iVar1 = THStateCheckForTraceOverride();
+ if ((iVar1 != 0) || (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 != 0)) {
+ uVar3 = 1;
+ }
+ local_10 = (uint)local_c;
+ uVar2 = 0x38;
+ }
+ }
+ else {
+ iVar1 = THStateCheckForTraceOverride();
+ if (((iVar1 == 0) && (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), iVar1 == 0)) &&
+ ((gfTraceToSecondProvider == 0 ||
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 == 0 &&
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 == 0 ||
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 == 0))))))))
+ goto LAB_18015a8fe;
+ uVar5 = uVar4;
+ if ((gfTraceToSecondProvider != 0) &&
+ ((iVar1 = THStateCheckForTraceOverride(), iVar1 != 0 ||
+ ((iVar1 = ThStateCheckIfTraceToSecondProvier(), iVar1 != 0 &&
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(1,2,0xd), iVar1 != 0)))))) {
+ uVar5 = 1;
+ }
+ iVar1 = THStateCheckForTraceOverride();
+ if ((iVar1 != 0) ||
+ (iVar1 = CheckWPPLevelFlagsEnabledForProvider(0,2,0xd), uVar3 = uVar4, iVar1 != 0)) {
+ uVar3 = 1;
+ }
+ local_10 = (uint)local_b;
+ uVar2 = 0x37;
+ }
+ WPP_SF_L(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),2,0xd,uVar3,uVar5,uVar2,
+ &WPP_41402414a7b13ee99617aada8d955873_Traceguids,CONCAT44(uVar6,local_10));
+LAB_18015a8fe:
+ SampDsFreeNGCKeyInfo(local_58);
+ return local_68;
+}
+
| Key | ntdsai_KB5073723_NEW.dll |
|---|---|
| name | SampDsValidateNgcKeyValueForComputerNew$fin$0 |
| fullname | SampDsValidateNgcKeyValueForComputerNew$fin$0 |
| refcount | 1 |
| length | 25 |
| called | SampDsFreeNGCKeyInfo |
| calling | |
| paramcount | 0 |
| address | 18015a92a |
| sig | undefined SampDsValidateNgcKeyValueForComputerNew$fin$0(void) |
| sym_type | Function |
| sym_source | IMPORTED |
| external | False |
--- SampDsValidateNgcKeyValueForComputerNew$fin$0
+++ SampDsValidateNgcKeyValueForComputerNew$fin$0
@@ -0,0 +1,8 @@
+
+void SampDsValidateNgcKeyValueForComputerNew_fin_0(undefined8 param_1,longlong param_2)
+
+{
+ SampDsFreeNGCKeyInfo(param_2 + 0x50);
+ return;
+}
+
Modified functions contain code changes
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,length,address,calling |
| ratio | 0.44 |
| i_ratio | 0.44 |
| m_ratio | 0.99 |
| b_ratio | 0.74 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | EvaluateCurrentStateFromRegistry | EvaluateCurrentStateFromRegistry |
| fullname | EvaluateCurrentStateFromRegistry | EvaluateCurrentStateFromRegistry |
| refcount | 2 | 2 |
length |
120 | 122 |
| called | QueryFeatureOverride | QueryFeatureOverride |
calling |
EvaluateCurrentState | EvaluateFeature |
| paramcount | 0 | 0 |
address |
18014aab4 | 18014aa64 |
| sig | undefined EvaluateCurrentStateFromRegistry(void) | undefined EvaluateCurrentStateFromRegistry(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- EvaluateCurrentStateFromRegistry calling
+++ EvaluateCurrentStateFromRegistry calling
@@ -1 +1 @@
-EvaluateCurrentState
+EvaluateFeature--- EvaluateCurrentStateFromRegistry
+++ EvaluateCurrentStateFromRegistry
@@ -1,26 +1,31 @@
-bool EvaluateCurrentStateFromRegistry(uint param_1,int param_2,int *param_3)
+bool EvaluateCurrentStateFromRegistry
+ (uint param_1,undefined8 param_2,int param_3,undefined1 param_4,undefined1 *param_5)
{
int iVar1;
uint uVar2;
- uint uVar3;
+ bool bVar3;
int local_res8 [2];
+ int local_res20 [2];
- local_res8[0] = 0;
- uVar3 = (uint)(param_2 != 1);
+ local_res20[0] = 0;
+ bVar3 = param_3 != 1;
+ local_res8[0] = -0x80000000;
param_1 = param_1 ^ 0x74161a4e;
uVar2 = (param_1 >> 0x18 | (param_1 & 0xff0000) >> 8 | (param_1 & 0xff00) << 8 | param_1 << 0x18)
^ 0x8fb23d4f;
- iVar1 = QueryFeatureOverride((uVar2 >> 0x1f | uVar2 << 1) ^ 0x833ea8ff,local_res8);
- if ((iVar1 != 0) && (local_res8[0] != 0)) {
- uVar3 = (uint)(local_res8[0] != 1);
+ *param_5 = param_4;
+ iVar1 = QueryFeatureOverride
+ ((uVar2 >> 0x1f | uVar2 << 1) ^ 0x833ea8ff,param_2,local_res20,local_res8);
+ if (iVar1 != 0) {
+ if (local_res20[0] != 0) {
+ bVar3 = local_res20[0] != 1;
+ }
+ if (local_res8[0] != -0x80000000) {
+ *param_5 = (char)local_res8[0];
+ }
}
- LOCK();
- if (*param_3 == 0) {
- *param_3 = uVar3 + 1;
- }
- UNLOCK();
- return *param_3 != 1;
+ return bVar3;
}
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.99 |
| i_ratio | 0.35 |
| m_ratio | 1.0 |
| b_ratio | 0.74 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | ValidateKeyCredentialLinkAttIsValid | ValidateKeyCredentialLinkAttIsValid |
| fullname | ValidateKeyCredentialLinkAttIsValid | ValidateKeyCredentialLinkAttIsValid |
| refcount | 2 | 2 |
length |
3237 | 3267 |
called |
Expand for full list:WPP_SF__sid_ |
Expand for full list:WPP_SF_ |
| calling | CheckModifySecurity | CheckModifySecurity |
| paramcount | 0 | 0 |
address |
180233c40 | 180233f50 |
| sig | undefined ValidateKeyCredentialLinkAttIsValid(void) | undefined ValidateKeyCredentialLinkAttIsValid(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ValidateKeyCredentialLinkAttIsValid called
+++ ValidateKeyCredentialLinkAttIsValid called
@@ -4,0 +5 @@
+EvaluateCurrentState
@@ -5,0 +7 @@
+SampDsValidateNgcKeyValueForComputerNew--- ValidateKeyCredentialLinkAttIsValid
+++ ValidateKeyCredentialLinkAttIsValid
@@ -1,463 +1,466 @@
-/* WARNING: Removing unreachable block (ram,0x000180234657) */
-/* WARNING: Removing unreachable block (ram,0x000180234660) */
-/* WARNING: Removing unreachable block (ram,0x00018023467b) */
-/* WARNING: Removing unreachable block (ram,0x000180234689) */
-/* WARNING: Removing unreachable block (ram,0x000180234699) */
-/* WARNING: Removing unreachable block (ram,0x0001802346a7) */
-/* WARNING: Removing unreachable block (ram,0x0001802346b0) */
-/* WARNING: Removing unreachable block (ram,0x0001802346bd) */
-/* WARNING: Removing unreachable block (ram,0x0001802346d2) */
-/* WARNING: Removing unreachable block (ram,0x0001802346dc) */
-/* WARNING: Removing unreachable block (ram,0x0001802346e5) */
-/* WARNING: Removing unreachable block (ram,0x0001802346ee) */
-/* WARNING: Removing unreachable block (ram,0x000180234704) */
-/* WARNING: Removing unreachable block (ram,0x0001802346ff) */
-/* WARNING: Removing unreachable block (ram,0x000180234707) */
-/* WARNING: Removing unreachable block (ram,0x000180234710) */
-/* WARNING: Removing unreachable block (ram,0x000180234720) */
-/* WARNING: Removing unreachable block (ram,0x000180234723) */
-/* WARNING: Removing unreachable block (ram,0x000180234740) */
-/* WARNING: Removing unreachable block (ram,0x000180234749) */
-/* WARNING: Removing unreachable block (ram,0x00018023475a) */
-/* WARNING: Removing unreachable block (ram,0x000180234768) */
-/* WARNING: Removing unreachable block (ram,0x000180234771) */
-/* WARNING: Removing unreachable block (ram,0x00018023477e) */
-/* WARNING: Removing unreachable block (ram,0x000180234794) */
-/* WARNING: Removing unreachable block (ram,0x00018023479e) */
-/* WARNING: Removing unreachable block (ram,0x0001802347a7) */
-/* WARNING: Removing unreachable block (ram,0x0001802347b0) */
-/* WARNING: Removing unreachable block (ram,0x0001802347c7) */
-/* WARNING: Removing unreachable block (ram,0x0001802347c2) */
-/* WARNING: Removing unreachable block (ram,0x0001802347c9) */
-/* WARNING: Removing unreachable block (ram,0x0001802347d2) */
-/* WARNING: Removing unreachable block (ram,0x0001802347e3) */
-/* WARNING: Removing unreachable block (ram,0x0001802347e6) */
+/* WARNING: Removing unreachable block (ram,0x000180234961) */
+/* WARNING: Removing unreachable block (ram,0x00018023496a) */
+/* WARNING: Removing unreachable block (ram,0x00018023498c) */
+/* WARNING: Removing unreachable block (ram,0x000180234985) */
+/* WARNING: Removing unreachable block (ram,0x000180234991) */
+/* WARNING: Removing unreachable block (ram,0x0001802349a0) */
+/* WARNING: Removing unreachable block (ram,0x0001802349ae) */
+/* WARNING: Removing unreachable block (ram,0x0001802349be) */
+/* WARNING: Removing unreachable block (ram,0x0001802349cc) */
+/* WARNING: Removing unreachable block (ram,0x0001802349d5) */
+/* WARNING: Removing unreachable block (ram,0x0001802349e2) */
+/* WARNING: Removing unreachable block (ram,0x0001802349f7) */
+/* WARNING: Removing unreachable block (ram,0x000180234a01) */
+/* WARNING: Removing unreachable block (ram,0x000180234a0a) */
+/* WARNING: Removing unreachable block (ram,0x000180234a13) */
+/* WARNING: Removing unreachable block (ram,0x000180234a29) */
+/* WARNING: Removing unreachable block (ram,0x000180234a24) */
+/* WARNING: Removing unreachable block (ram,0x000180234a2c) */
+/* WARNING: Removing unreachable block (ram,0x000180234a35) */
+/* WARNING: Removing unreachable block (ram,0x000180234a45) */
+/* WARNING: Removing unreachable block (ram,0x000180234a48) */
+/* WARNING: Removing unreachable block (ram,0x000180234a65) */
+/* WARNING: Removing unreachable block (ram,0x000180234a74) */
+/* WARNING: Removing unreachable block (ram,0x000180234a85) */
+/* WARNING: Removing unreachable block (ram,0x000180234a93) */
+/* WARNING: Removing unreachable block (ram,0x000180234a9c) */
+/* WARNING: Removing unreachable block (ram,0x000180234aa9) */
+/* WARNING: Removing unreachable block (ram,0x000180234abf) */
+/* WARNING: Removing unreachable block (ram,0x000180234ac9) */
+/* WARNING: Removing unreachable block (ram,0x000180234ad2) */
+/* WARNING: Removing unreachable block (ram,0x000180234adb) */
+/* WARNING: Removing unreachable block (ram,0x000180234af2) */
+/* WARNING: Removing unreachable block (ram,0x000180234aed) */
+/* WARNING: Removing unreachable block (ram,0x000180234af4) */
+/* WARNING: Removing unreachable block (ram,0x000180234afd) */
+/* WARNING: Removing unreachable block (ram,0x000180234b0e) */
+/* WARNING: Removing unreachable block (ram,0x000180234b11) */
undefined4 ValidateKeyCredentialLinkAttIsValid(longlong param_1)
{
int *piVar1;
bool bVar2;
int iVar3;
int iVar4;
LPVOID pvVar5;
undefined2 uVar6;
ulonglong uVar7;
undefined4 uVar8;
undefined4 uVar9;
undefined4 uVar10;
undefined8 uVar11;
undefined4 uVar12;
undefined4 uVar13;
longlong lVar14;
uint uVar16;
undefined4 *puVar15;
ulonglong in_stack_ffffffffffffff70;
undefined4 uVar17;
ulonglong local_70;
int local_68;
int local_64;
int local_60;
undefined4 local_5c;
undefined4 local_58;
undefined4 local_54;
undefined4 local_50 [2];
int *local_48;
longlong local_40;
pvVar5 = TlsGetValue(dwTSindex);
uVar10 = 0;
uVar13 = 0;
uVar8 = 0;
local_70 = 0;
local_58 = 0;
local_5c = 0;
bVar2 = false;
local_40 = 0;
local_48 = (int *)0x0;
local_54 = 0;
local_50[0] = 0;
local_64 = 0;
local_68 = 0;
puVar15 = &local_58;
iVar3 = DBGetAttVal_Short(*(undefined8 *)((longlong)pvVar5 + 0x15a0),1,0x90092,0,puVar15,&local_70
);
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
uVar17 = (undefined4)(in_stack_ffffffffffffff70 >> 0x20);
uVar9 = 0;
if (iVar3 == 0) {
iVar3 = SidMatchesUserSidInToken(local_70);
iVar4 = THStateCheckForTraceOverride();
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
uVar17 = (undefined4)(in_stack_ffffffffffffff70 >> 0x20);
if (iVar3 != 0) {
if ((iVar4 == 0) && (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar4 == 0)) {
if (gfTraceToSecondProvider == 0) {
return local_5c;
}
iVar4 = THStateCheckForTraceOverride();
if (iVar4 == 0) {
iVar4 = ThStateCheckIfTraceToSecondProvier();
if (iVar4 == 0) {
return local_5c;
}
iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3);
if (iVar4 == 0) {
return local_5c;
}
}
}
if ((gfTraceToSecondProvider != 0) &&
((iVar4 = THStateCheckForTraceOverride(), iVar4 != 0 ||
((iVar4 = ThStateCheckIfTraceToSecondProvier(), iVar4 != 0 &&
(iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3), iVar4 != 0)))))) {
uVar9 = 1;
}
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 != 0) ||
(iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), uVar10 = 0, iVar4 != 0)) {
uVar10 = 1;
}
uVar6 = 0xf;
goto LAB_0;
}
if (iVar4 == 0) {
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3);
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) {
if (gfTraceToSecondProvider == 0) goto LAB_1;
iVar3 = THStateCheckForTraceOverride();
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) {
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 == 0) goto LAB_1;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3);
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) goto LAB_1;
}
}
}
if (((gfTraceToSecondProvider != 0) && (iVar3 = THStateCheckForTraceOverride(), iVar3 == 0)) &&
(iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0)) {
CheckWPPLevelFlagsEnabledForProvider(1,5,3);
}
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
CheckWPPLevelFlagsEnabledForProvider(0,5,3);
}
in_stack_ffffffffffffff70 = in_stack_ffffffffffffff70 & 0xffffffffffffff00;
puVar15 = (undefined4 *)((ulonglong)uVar16 << 0x20);
WPP_SF_c_sid_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10));
LAB_1:
local_60 = 1;
LAB_2:
do {
iVar4 = local_60;
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
uVar17 = (undefined4)(in_stack_ffffffffffffff70 >> 0x20);
if ((local_68 != 0) || (bVar2)) goto LAB_3;
puVar15 = local_50;
iVar3 = DBGetAttValRealloc(*(undefined8 *)((longlong)pvVar5 + 0x15a0),local_60,0x90918);
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
uVar17 = (undefined4)(in_stack_ffffffffffffff70 >> 0x20);
local_60 = iVar4 + 1;
uVar11 = 0;
if (iVar3 != 0) {
if (iVar3 != 0x2323) {
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 == 0) && (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar4 == 0)) {
if (gfTraceToSecondProvider == 0) {
return local_5c;
}
iVar4 = THStateCheckForTraceOverride();
if (iVar4 == 0) {
iVar4 = ThStateCheckIfTraceToSecondProvier();
if (iVar4 == 0) {
return local_5c;
}
iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3);
if (iVar4 == 0) {
return local_5c;
}
}
}
if ((gfTraceToSecondProvider != 0) &&
((iVar4 = THStateCheckForTraceOverride(), iVar4 != 0 ||
((iVar4 = ThStateCheckIfTraceToSecondProvier(), iVar4 != 0 &&
(iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3), iVar4 != 0)))))) {
uVar9 = 1;
}
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 != 0) || (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar4 != 0)) {
uVar10 = 1;
}
uVar6 = 0x14;
goto LAB_0;
}
local_68 = 1;
iVar3 = THStateCheckForTraceOverride();
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) {
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3);
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) {
if (gfTraceToSecondProvider == 0) goto LAB_2;
iVar3 = THStateCheckForTraceOverride();
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) {
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 == 0) goto LAB_2;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3);
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) goto LAB_2;
}
}
}
if ((gfTraceToSecondProvider == 0) ||
((iVar3 = THStateCheckForTraceOverride(), uVar12 = 1, iVar3 == 0 &&
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 == 0 ||
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3), iVar3 == 0)))))) {
uVar12 = uVar13;
}
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3), iVar3 != 0)) {
uVar11 = 1;
}
uVar6 = 0x13;
goto LAB_4;
}
uVar7 = (ulonglong)(*local_48 + 3) & 0xfffffffc;
iVar3 = SampDsValidateNgcKeyValueSourceForComputer
(*(int *)(uVar7 + (longlong)local_48) + -4,(longlong)local_48 + uVar7 + 4,
&local_64);
uVar16 = (uint)((ulonglong)puVar15 >> 0x20);
uVar17 = (undefined4)(in_stack_ffffffffffffff70 >> 0x20);
if (iVar3 < 0) {
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 == 0) && (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar4 == 0)) {
if (gfTraceToSecondProvider == 0) {
return local_5c;
}
iVar4 = THStateCheckForTraceOverride();
if (iVar4 == 0) {
iVar4 = ThStateCheckIfTraceToSecondProvier();
if (iVar4 == 0) {
return local_5c;
}
iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3);
if (iVar4 == 0) {
return local_5c;
}
}
}
if ((gfTraceToSecondProvider != 0) &&
((iVar4 = THStateCheckForTraceOverride(), iVar4 != 0 ||
((iVar4 = ThStateCheckIfTraceToSecondProvier(), iVar4 != 0 &&
(iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3), iVar4 != 0)))))) {
uVar9 = 1;
}
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 != 0) || (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar4 != 0)) {
uVar10 = 1;
}
uVar6 = 0x11;
goto LAB_0;
}
if (local_64 != 0) {
bVar2 = true;
}
iVar3 = THStateCheckForTraceOverride();
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 != 0) goto LAB_5;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3);
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 != 0) goto LAB_5;
} while (gfTraceToSecondProvider == 0);
iVar3 = THStateCheckForTraceOverride();
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) {
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 == 0) goto LAB_2;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3);
uVar17 = (undefined4)((ulonglong)puVar15 >> 0x20);
if (iVar3 == 0) goto LAB_2;
}
LAB_5:
if ((gfTraceToSecondProvider == 0) ||
((iVar3 = THStateCheckForTraceOverride(), uVar12 = 1, iVar3 == 0 &&
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 == 0 ||
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3), iVar3 == 0)))))) {
uVar12 = uVar13;
}
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3), iVar3 != 0)) {
uVar11 = 1;
}
uVar6 = 0x12;
LAB_4:
puVar15 = (undefined4 *)CONCAT44(uVar17,uVar12);
in_stack_ffffffffffffff70 = local_70;
WPP_SF__sid_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),5,3,uVar11,puVar15,uVar6,
- &WPP_5e7d2b63620b321d8565df230b4c9d56_Traceguids,local_70);
+ &WPP_26855c885d8934560911344b94438cda_Traceguids,local_70);
goto LAB_2;
}
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 == 0) && (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar4 == 0)) {
if (gfTraceToSecondProvider == 0) {
return local_5c;
}
iVar4 = THStateCheckForTraceOverride();
if (iVar4 == 0) {
iVar4 = ThStateCheckIfTraceToSecondProvier();
if (iVar4 == 0) {
return local_5c;
}
iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3);
if (iVar4 == 0) {
return local_5c;
}
}
}
if ((gfTraceToSecondProvider != 0) &&
((iVar4 = THStateCheckForTraceOverride(), iVar4 != 0 ||
((iVar4 = ThStateCheckIfTraceToSecondProvier(), iVar4 != 0 &&
(iVar4 = CheckWPPLevelFlagsEnabledForProvider(1,2,3), iVar4 != 0)))))) {
uVar9 = 1;
}
iVar4 = THStateCheckForTraceOverride();
if ((iVar4 != 0) || (iVar4 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), uVar10 = 0, iVar4 != 0))
{
uVar10 = 1;
}
uVar6 = 0xe;
goto LAB_0;
LAB_3:
if (*(short *)(param_1 + 8) == 0x41) {
LAB_6:
if (*(int *)(param_1 + 0x18) != 1) {
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 == 0) && (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar3 == 0)) {
if (gfTraceToSecondProvider == 0) {
return local_5c;
}
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 == 0) {
return local_5c;
}
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,2,3);
if (iVar3 == 0) {
return local_5c;
}
}
}
if ((gfTraceToSecondProvider != 0) &&
((iVar3 = THStateCheckForTraceOverride(), iVar3 != 0 ||
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0 &&
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,2,3), iVar3 != 0)))))) {
uVar9 = 1;
}
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar3 != 0)) {
uVar10 = 1;
}
uVar6 = 0x15;
LAB_7:
iVar3 = *(int *)(param_1 + 0x18);
LAB_0:
WPP_SF_L(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),2,3,uVar10,CONCAT44(uVar16,uVar9),uVar6,
- &WPP_5e7d2b63620b321d8565df230b4c9d56_Traceguids,CONCAT44(uVar17,iVar3));
+ &WPP_26855c885d8934560911344b94438cda_Traceguids,CONCAT44(uVar17,iVar3));
return local_5c;
}
}
else {
lVar14 = local_40;
if (*(short *)(param_1 + 8) != 0x43) {
if (*(short *)(param_1 + 8) != 0x61) goto LAB_8;
goto LAB_6;
}
if (*(int *)(param_1 + 0x18) == 0) goto LAB_8;
if (*(int *)(param_1 + 0x18) != 1) {
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 == 0) && (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar3 == 0)) {
if (gfTraceToSecondProvider == 0) {
return local_5c;
}
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 == 0) {
return local_5c;
}
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,2,3);
if (iVar3 == 0) {
return local_5c;
}
}
}
if ((gfTraceToSecondProvider != 0) &&
((iVar3 = THStateCheckForTraceOverride(), iVar3 != 0 ||
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0 &&
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,2,3), iVar3 != 0)))))) {
uVar9 = 1;
}
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,2,3), iVar3 != 0)) {
uVar10 = 1;
}
uVar6 = 0x16;
goto LAB_7;
}
}
piVar1 = *(int **)(*(longlong *)(param_1 + 0x20) + 8);
lVar14 = (longlong)piVar1 + ((ulonglong)(*piVar1 + 3) & 0xfffffffc) + 4;
LAB_8:
if (lVar14 == 0) {
iVar3 = THStateCheckForTraceOverride();
if (((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3), iVar3 != 0)) ||
((gfTraceToSecondProvider != 0 &&
((iVar3 = THStateCheckForTraceOverride(), iVar3 != 0 ||
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0 &&
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3), iVar3 != 0)))))))) {
if ((gfTraceToSecondProvider != 0) &&
((iVar3 = THStateCheckForTraceOverride(), iVar3 != 0 ||
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0 &&
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,5,3), iVar3 != 0)))))) {
uVar13 = 1;
}
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,5,3), iVar3 != 0)) {
uVar8 = 1;
}
WPP_SF__sid_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),5,3,uVar8,CONCAT44(uVar16,uVar13),0x1a
- ,&WPP_5e7d2b63620b321d8565df230b4c9d56_Traceguids,local_70);
+ ,&WPP_26855c885d8934560911344b94438cda_Traceguids,local_70);
}
local_5c = 1;
}
else {
iVar3 = THStateCheckForTraceOverride();
if (((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,4,3), iVar3 != 0)) ||
((gfTraceToSecondProvider != 0 &&
((iVar3 = THStateCheckForTraceOverride(), iVar3 != 0 ||
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0 &&
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,4,3), iVar3 != 0)))))))) {
uVar9 = uVar13;
if ((gfTraceToSecondProvider != 0) &&
((iVar3 = THStateCheckForTraceOverride(), iVar3 != 0 ||
((iVar3 = ThStateCheckIfTraceToSecondProvier(), iVar3 != 0 &&
(iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,4,3), iVar3 != 0)))))) {
uVar9 = 1;
}
iVar3 = THStateCheckForTraceOverride();
if ((iVar3 != 0) || (iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,4,3), iVar3 != 0)) {
uVar13 = 1;
}
WPP_SF_(*(undefined8 *)(WPP_GLOBAL_Control + 0x10),4,3,uVar13,CONCAT44(uVar16,uVar9),0x17,
- &WPP_5e7d2b63620b321d8565df230b4c9d56_Traceguids);
+ &WPP_26855c885d8934560911344b94438cda_Traceguids);
}
}
return local_5c;
}
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,refcount,length,address,calling,called |
| ratio | 0.38 |
| i_ratio | 0.33 |
| m_ratio | 1.0 |
| b_ratio | 0.42 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | EvaluateCurrentState | EvaluateCurrentState |
| fullname | EvaluateCurrentState | EvaluateCurrentState |
refcount |
7 | 11 |
length |
34 | 33 |
called |
EvaluateCurrentStateFromRegistry | EvaluateFeature |
calling |
ABDNTFromDSName AddToOutputList CheckAndFixDNReference DelimInputToDSName DirOperationControl SyncNCFromSource |
ABDNTFromDSName AddToOutputList CheckAndFixDNReference DelimInputToDSName DirOperationControl SamDsNgcWriteKeyForComputer SyncNCFromSource ValidateKeyCredentialLinkAttIsValid |
| paramcount | 0 | 0 |
address |
18014aa8c | 18014aa3c |
| sig | undefined EvaluateCurrentState(void) | undefined EvaluateCurrentState(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- EvaluateCurrentState called
+++ EvaluateCurrentState called
@@ -1 +1 @@
-EvaluateCurrentStateFromRegistry
+EvaluateFeature--- EvaluateCurrentState calling
+++ EvaluateCurrentState calling
@@ -5,0 +6 @@
+SamDsNgcWriteKeyForComputer
@@ -6,0 +8 @@
+ValidateKeyCredentialLinkAttIsValid--- EvaluateCurrentState
+++ EvaluateCurrentState
@@ -1,14 +1,8 @@
-ulonglong EvaluateCurrentState(undefined8 *param_1)
+bool EvaluateCurrentState(undefined8 *param_1)
{
- ulonglong uVar1;
-
- if (*(int *)*param_1 != 0) {
- return (ulonglong)(*(int *)*param_1 != 1);
- }
- uVar1 = EvaluateCurrentStateFromRegistry
- (*(undefined4 *)(param_1 + 1),*(undefined4 *)((longlong)param_1 + 0xc));
- return uVar1;
+ EvaluateFeature();
+ return *(int *)*param_1 != 1;
}
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,length,address |
| ratio | 0.23 |
| i_ratio | 0.3 |
| m_ratio | 0.76 |
| b_ratio | 0.67 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | QueryFeatureOverride | QueryFeatureOverride |
| fullname | QueryFeatureOverride | QueryFeatureOverride |
| refcount | 2 | 2 |
length |
253 | 389 |
| called | API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegCloseKey API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegOpenKeyExA API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegQueryValueExW StringCchPrintfW __security_check_cookie memset |
API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegCloseKey API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegOpenKeyExA API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegQueryValueExW StringCchPrintfW __security_check_cookie memset |
| calling | EvaluateCurrentStateFromRegistry | EvaluateCurrentStateFromRegistry |
| paramcount | 0 | 0 |
address |
18014ab34 | 18014ab5c |
| sig | undefined QueryFeatureOverride(void) | undefined QueryFeatureOverride(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- QueryFeatureOverride
+++ QueryFeatureOverride
@@ -1,36 +1,54 @@
/* WARNING: Function: __security_check_cookie replaced with injection: security_check_cookie */
-undefined4 QueryFeatureOverride(uint param_1,int *param_2)
+undefined4 QueryFeatureOverride(uint param_1,int param_2,int *param_3,uint *param_4)
{
- LSTATUS LVar1;
- undefined1 auStackY_78 [32];
- DWORD local_48;
- DWORD local_44;
- int local_40 [2];
- HKEY local_38;
- wchar_t local_30 [16];
- ulonglong local_10;
+ bool bVar1;
+ bool bVar2;
+ LSTATUS LVar3;
+ undefined1 auStackY_b8 [32];
+ DWORD local_88;
+ DWORD local_84;
+ uint local_80 [2];
+ HKEY local_78;
+ wchar_t local_70 [24];
+ ulonglong local_40;
- local_10 = __security_cookie ^ (ulonglong)auStackY_78;
- local_48 = 4;
- memset(local_30,0,0x20);
- LVar1 = RegOpenKeyExA((HKEY)0xffffffff80000002,
+ local_40 = __security_cookie ^ (ulonglong)auStackY_b8;
+ local_88 = 4;
+ *param_3 = 0;
+ *param_4 = 0x80000000;
+ bVar2 = false;
+ bVar1 = false;
+ memset(local_70,0,0x2c);
+ LVar3 = RegOpenKeyExA((HKEY)0xffffffff80000002,
"System\\CurrentControlSet\\Policies\\Microsoft\\FeatureManagement\\Overrides"
- ,0,0x20019,&local_38);
- if (LVar1 == 0) {
- StringCchPrintfW(local_30,0x10,L"%lu",(ulonglong)param_1);
- LVar1 = RegQueryValueExW(local_38,local_30,(LPDWORD)0x0,&local_44,(LPBYTE)local_40,&local_48);
- if ((undefined1 *)((longlong)&local_38[-1].unused + 3U) < (undefined1 *)0xfffffffffffffffe) {
- RegCloseKey(local_38);
+ ,0,0x20019,&local_78);
+ if (LVar3 == 0) {
+ bVar1 = bVar2;
+ if (param_2 != 0) {
+ StringCchPrintfW(local_70,0x16,L"%lu_variant",(ulonglong)param_1);
+ LVar3 = RegQueryValueExW(local_78,local_70,(LPDWORD)0x0,&local_84,(LPBYTE)local_80,&local_88);
+ if ((((LVar3 == 0) && (local_84 == 4)) && (bVar1 = false, local_88 == 4)) &&
+ (local_80[0] < 0x100)) {
+ *param_4 = local_80[0];
+ bVar1 = true;
+ }
}
- if (((LVar1 == 0) && (local_44 == 4)) && (local_48 == 4)) {
- *param_2 = (local_40[0] != 0) + 1;
+ StringCchPrintfW(local_70,0x16,L"%lu",(ulonglong)param_1);
+ LVar3 = RegQueryValueExW(local_78,local_70,(LPDWORD)0x0,&local_84,(LPBYTE)local_80,&local_88);
+ if ((undefined1 *)((longlong)&local_78[-1].unused + 3U) < (undefined1 *)0xfffffffffffffffe) {
+ RegCloseKey(local_78);
+ }
+ if (((LVar3 == 0) && (local_84 == 4)) && (local_88 == 4)) {
+ *param_3 = (local_80[0] != 0) + 1;
return 1;
}
}
- *param_2 = 0;
- return 0;
+ if ((param_2 != 0) && (!bVar1)) {
+ return 0;
+ }
+ return 1;
}
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,length |
| ratio | 0.72 |
| i_ratio | 0.43 |
| m_ratio | 0.97 |
| b_ratio | 0.45 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | DecodeAttributeList | DecodeAttributeList |
| fullname | CBerDecode::DecodeAttributeList | CBerDecode::DecodeAttributeList |
| refcount | 3 | 3 |
length |
1159 | 1184 |
| called | Expand for full list: |
Expand for full list: |
| calling | CBerDecode::DecodeAddRequest | CBerDecode::DecodeAddRequest |
| paramcount | 3 | 3 |
| address | 18009133c | 18009133c |
| sig | ulong _thiscall DecodeAttributeList(CBerDecode * this, AttributeList * * param_1, int param_2) | ulong _thiscall DecodeAttributeList(CBerDecode * this, AttributeList * * param_1, int param_2) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CBerDecode::DecodeAttributeList
+++ CBerDecode::DecodeAttributeList
@@ -1,183 +1,190 @@
/* public: unsigned long __cdecl CBerDecode::DecodeAttributeList(struct AttributeList_ * __ptr64 *
__ptr64,int) __ptr64 */
ulong __thiscall
CBerDecode::DecodeAttributeList(CBerDecode *this,AttributeList_ **param_1,int param_2)
{
uint *puVar1;
ulong uVar2;
int iVar3;
uint uVar4;
AttributeList_ *pAVar5;
- uchar *_Dst;
- longlong lVar6;
+ uchar *puVar6;
LPVOID pvVar7;
- void *_Dst_00;
- longlong lVar8;
+ void *pvVar8;
uint uVar9;
int local_res18 [2];
undefined1 local_res20 [8];
undefined1 local_68 [4];
undefined1 local_64 [4];
undefined1 local_60 [4];
undefined1 local_5c [4];
- ulong *local_58;
+ uint *local_58;
uint *local_50;
undefined1 local_48 [8];
undefined1 local_40 [8];
local_res18[0] = param_2;
uVar2 = VerifyId(this,0x30);
if (uVar2 == 0) {
iVar3 = ber_first_element(*(undefined8 *)(this + 0x18),local_res20,local_40);
while (iVar3 != -1) {
pAVar5 = (AttributeList_ *)GrabBvBuffer(*(berval **)(this + 0x10),0x20);
*param_1 = pAVar5;
if (pAVar5 == (AttributeList_ *)0x0) {
return 8;
}
iVar3 = ber_peek_tag(*(undefined8 *)(this + 0x18),local_68);
if (iVar3 != 0x30) {
RaiseDsaExcept(0xe0010005,0,0,0xc0c0f50,1);
}
iVar3 = ber_scanf(*(undefined8 *)(this + 0x18),"{");
if (iVar3 != 0) {
return 0x57;
}
iVar3 = ber_peek_tag(*(undefined8 *)(this + 0x18),local_64);
if (iVar3 != 4) {
RaiseDsaExcept(0xe0010005,0,0,0xc0c0f50,1);
}
iVar3 = ber_scanf(*(undefined8 *)(this + 0x18),"O",&local_58);
if (iVar3 == 0) {
- if (local_58 == (ulong *)0x0) {
+ if (local_58 == (uint *)0x0) {
*(undefined4 *)(pAVar5 + 8) = 0;
*(undefined8 *)(pAVar5 + 0x10) = *(undefined8 *)(*(longlong *)(this + 0x10) + 8);
}
else {
- *(ulong *)(pAVar5 + 8) = *local_58;
- _Dst = GrabBvBuffer(*(berval **)(this + 0x10),*local_58);
- *(uchar **)(pAVar5 + 0x10) = _Dst;
- if (_Dst == (uchar *)0x0) {
+ *(uint *)(pAVar5 + 8) = *local_58;
+ puVar1 = *(uint **)(this + 0x10);
+ uVar9 = *local_58 + 7 & 0xfffffff8;
+ if (*puVar1 < uVar9) {
+ uVar4 = 0x1000;
+ if (0x1000 < uVar9) {
+ uVar4 = uVar9;
+ }
+ if (uVar4 < uVar9) {
+ pvVar8 = (void *)0x0;
+ }
+ else {
+ pvVar7 = TlsGetValue(dwTSindex);
+ pvVar8 = (void *)THAlloc_(pvVar7,1,uVar4,0,0,0xc0c004b);
+ if (pvVar8 != (void *)0x0) {
+ *puVar1 = uVar4 - uVar9;
+ *(ulonglong *)(puVar1 + 2) = (ulonglong)uVar9 + (longlong)pvVar8;
+ }
+ }
+ }
+ else {
+ pvVar8 = *(void **)(puVar1 + 2);
+ *(ulonglong *)(puVar1 + 2) = (ulonglong)uVar9 + (longlong)pvVar8;
+ *puVar1 = *puVar1 - uVar9;
+ }
+ *(void **)(pAVar5 + 0x10) = pvVar8;
+ if (pvVar8 == (void *)0x0) {
ber_bvfree(local_58);
uVar2 = 8;
goto LAB_0;
}
- memcpy(_Dst,*(void **)(local_58 + 2),(ulonglong)*local_58);
+ memcpy(pvVar8,*(void **)(local_58 + 2),(ulonglong)*local_58);
ber_bvfree(local_58);
}
uVar2 = 0;
}
else {
uVar2 = 0x57;
}
LAB_0:
if (uVar2 != 0) {
return uVar2;
}
pAVar5 = pAVar5 + 0x18;
iVar3 = ber_peek_tag(*(undefined8 *)(this + 0x18),local_60);
if (iVar3 != 0x31) {
RaiseDsaExcept(0xe0010005,0,0,0xc0c0f50,1);
}
iVar3 = ber_first_element(*(undefined8 *)(this + 0x18),local_res18,local_48);
while (iVar3 != -1) {
- puVar1 = *(uint **)(this + 0x10);
- if (*puVar1 < 0x18) {
- pvVar7 = TlsGetValue(dwTSindex);
- lVar8 = THAlloc_(pvVar7,1,0x1000,0,0,0xc0c004b);
- if (lVar8 != 0) {
- *puVar1 = 0xfe8;
- *(longlong *)(puVar1 + 2) = lVar8 + 0x18;
- }
- }
- else {
- lVar8 = *(longlong *)(puVar1 + 2);
- *(longlong *)(puVar1 + 2) = lVar8 + 0x18;
- *puVar1 = *puVar1 - 0x18;
- }
- *(longlong *)pAVar5 = lVar8;
- if (lVar8 == 0) {
+ puVar6 = GrabBvBuffer(*(berval **)(this + 0x10),0x18);
+ *(uchar **)pAVar5 = puVar6;
+ if (puVar6 == (uchar *)0x0) {
uVar2 = 8;
goto LAB_1;
}
iVar3 = ber_peek_tag(*(undefined8 *)(this + 0x18),local_5c);
if (iVar3 != 4) {
RaiseDsaExcept(0xe0010005,0,0,0xc0c0f50,1);
}
iVar3 = ber_scanf(*(undefined8 *)(this + 0x18),"O",&local_50);
if (iVar3 == 0) {
if (local_50 == (uint *)0x0) {
- *(undefined4 *)(lVar8 + 8) = 0;
- uVar2 = 0;
- *(undefined8 *)(lVar8 + 0x10) = *(undefined8 *)(*(longlong *)(this + 0x10) + 8);
+ puVar6[8] = '\0';
+ puVar6[9] = '\0';
+ puVar6[10] = '\0';
+ puVar6[0xb] = '\0';
+ *(undefined8 *)(puVar6 + 0x10) = *(undefined8 *)(*(longlong *)(this + 0x10) + 8);
}
else {
- *(uint *)(lVar8 + 8) = *local_50;
+ *(uint *)(puVar6 + 8) = *local_50;
puVar1 = *(uint **)(this + 0x10);
uVar9 = *local_50 + 7 & 0xfffffff8;
if (*puVar1 < uVar9) {
uVar4 = 0x1000;
if (0x1000 < uVar9) {
uVar4 = uVar9;
}
if (uVar4 < uVar9) {
- _Dst_00 = (void *)0x0;
+ pvVar8 = (void *)0x0;
}
else {
pvVar7 = TlsGetValue(dwTSindex);
- _Dst_00 = (void *)THAlloc_(pvVar7,1,uVar4,0,0,0xc0c004b);
- if (_Dst_00 != (void *)0x0) {
- lVar6 = (ulonglong)uVar9 + (longlong)_Dst_00;
+ pvVar8 = (void *)THAlloc_(pvVar7,1,uVar4,0,0,0xc0c004b);
+ if (pvVar8 != (void *)0x0) {
*puVar1 = uVar4 - uVar9;
- goto LAB_2;
+ *(ulonglong *)(puVar1 + 2) = (ulonglong)uVar9 + (longlong)pvVar8;
}
}
}
else {
- _Dst_00 = *(void **)(puVar1 + 2);
- lVar6 = (ulonglong)uVar9 + (longlong)_Dst_00;
+ pvVar8 = *(void **)(puVar1 + 2);
+ *(ulonglong *)(puVar1 + 2) = (ulonglong)uVar9 + (longlong)pvVar8;
*puVar1 = *puVar1 - uVar9;
-LAB_2:
- *(longlong *)(puVar1 + 2) = lVar6;
}
- *(void **)(lVar8 + 0x10) = _Dst_00;
- if (_Dst_00 == (void *)0x0) {
+ *(void **)(puVar6 + 0x10) = pvVar8;
+ if (pvVar8 == (void *)0x0) {
ber_bvfree(local_50);
uVar2 = 8;
+ goto LAB_2;
}
- else {
- memcpy(_Dst_00,*(void **)(local_50 + 2),(ulonglong)*local_50);
- ber_bvfree(local_50);
- uVar2 = 0;
- }
+ memcpy(pvVar8,*(void **)(local_50 + 2),(ulonglong)*local_50);
+ ber_bvfree(local_50);
}
+ uVar2 = 0;
}
else {
uVar2 = 0x57;
}
+LAB_2:
if (uVar2 != 0) goto LAB_1;
pAVar5 = *(AttributeList_ **)pAVar5;
iVar3 = ber_next_element(*(undefined8 *)(this + 0x18),local_res18);
}
*(undefined8 *)pAVar5 = 0;
iVar3 = ber_scanf(*(undefined8 *)(this + 0x18),"}");
uVar2 = 0;
if (iVar3 != 0) {
return 0x57;
}
LAB_1:
if (uVar2 != 0) {
return uVar2;
}
param_1 = (AttributeList_ **)*param_1;
iVar3 = ber_next_element(*(undefined8 *)(this + 0x18),local_res20);
}
*param_1 = (AttributeList_ *)0x0;
uVar2 = 0;
}
return uVar2;
}
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,length,address,called |
| ratio | 0.86 |
| i_ratio | 0.73 |
| m_ratio | 0.98 |
| b_ratio | 0.95 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | SamDsNgcWriteKeyForComputer | SamDsNgcWriteKeyForComputer |
| fullname | SamDsNgcWriteKeyForComputer | SamDsNgcWriteKeyForComputer |
| refcount | 2 | 2 |
length |
1386 | 1436 |
called |
Expand for full list:THStateCheckForTraceOverride |
Expand for full list:SampMapDsErrorToNTStatus |
| calling | IDL_DRSWriteNgcKey | IDL_DRSWriteNgcKey |
| paramcount | 0 | 0 |
address |
180265c04 | 180266204 |
| sig | undefined SamDsNgcWriteKeyForComputer(void) | undefined SamDsNgcWriteKeyForComputer(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- SamDsNgcWriteKeyForComputer called
+++ SamDsNgcWriteKeyForComputer called
@@ -5,0 +6 @@
+EvaluateCurrentState--- SamDsNgcWriteKeyForComputer
+++ SamDsNgcWriteKeyForComputer
@@ -1,316 +1,329 @@
/* WARNING: Function: __chkstk replaced with injection: alloca_probe */
/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
/* WARNING: Function: __security_check_cookie replaced with injection: security_check_cookie */
uint SamDsNgcWriteKeyForComputer(longlong param_1,undefined4 param_2,undefined8 param_3)
{
undefined8 uVar1;
ulonglong uVar2;
int iVar3;
undefined4 uVar4;
LPVOID pvVar5;
int *_Dst;
undefined4 *puVar6;
ulonglong uVar7;
ulonglong uVar8;
int *piVar9;
undefined1 *puVar10;
undefined1 *puVar11;
undefined4 uVar12;
ulonglong _Size;
longlong lVar13;
undefined1 auStack_298 [64];
uint local_258;
undefined2 auStack_254 [2];
int *local_250;
ulonglong local_248;
longlong local_240;
undefined8 local_238;
int *local_230;
undefined4 local_228 [2];
undefined1 *local_220;
undefined4 local_218;
undefined8 local_210;
undefined4 local_208;
undefined2 *local_200;
_FILETIME local_1f0;
_FILETIME local_1e8;
undefined2 local_1dc;
longlong local_1d8;
int *local_1c8;
undefined2 local_1c0;
undefined2 local_1b0;
undefined4 local_1a8;
undefined4 local_1a0;
undefined8 *local_198;
undefined1 local_148 [224];
undefined1 local_68 [32];
ulonglong local_48;
longlong lVar14;
puVar10 = auStack_298;
local_48 = __security_cookie ^ (ulonglong)&local_258;
memset(local_228,0,0x50);
auStack_254[0] = 0;
local_248 = 0;
local_250 = (int *)0x0;
pvVar5 = TlsGetValue(dwTSindex);
local_238 = 0;
local_230 = (int *)0x0;
memset(&local_1c8,0,0x158);
local_240 = 0;
local_258 = SampDsComputeHash(param_3,param_2);
_Dst = (int *)0x0;
puVar11 = auStack_298;
if ((int)local_258 < 0) goto LAB_0;
local_228[0] = 0x20;
local_220 = local_68;
uVar12 = 1;
local_1dc = 0x100;
auStack_254[0] = 0x201;
local_208 = 2;
local_200 = auStack_254;
local_218 = param_2;
local_210 = param_3;
- GetSystemTimeAsFileTime(&local_1f0);
- local_1e8 = local_1f0;
+ iVar3 = EvaluateCurrentState(&g_Feature_3000723768_59172978_FeatureDescriptorDetails);
+ if (iVar3 == 0) {
+ GetSystemTimeAsFileTime(&local_1f0);
+ }
+ else {
+ local_1f0.dwLowDateTime = 0;
+ local_1f0.dwHighDateTime = 0;
+ }
+ iVar3 = EvaluateCurrentState(&g_Feature_3000723768_59172978_FeatureDescriptorDetails);
+ if (iVar3 == 0) {
+ local_1e8 = local_1f0;
+ }
+ else {
+ GetSystemTimeAsFileTime(&local_1e8);
+ }
SampDsSizeNgcKeyInfo(local_228,&local_248);
uVar2 = local_248;
uVar8 = local_248 + 4;
if (uVar8 < local_248) {
uVar8 = 0xffffffffffffffff;
local_258 = 0xc0000095;
}
else {
local_258 = 0;
}
_Dst = (int *)0x0;
puVar11 = auStack_298;
if ((int)local_258 < 0) goto LAB_0;
piVar9 = (int *)0x0;
lVar13 = -1;
do {
lVar14 = lVar13;
lVar13 = lVar14 + 1;
} while (*(short *)(param_1 + lVar13 * 2) != 0);
local_1d8 = lVar13;
uVar7 = (lVar13 * 2 + 0x3dU & 0xfffffffffffffffc) + uVar8;
_Size = 0xffffffffffffffff;
if (uVar7 >= uVar8) {
_Size = uVar7;
}
local_258 = -(uint)(uVar7 < uVar8) & 0xc0000095;
puVar11 = auStack_298;
if ((int)local_258 < 0) goto LAB_0;
local_250 = (int *)0x0;
puVar11 = auStack_298;
if (((_Size == 0) || (puVar11 = auStack_298, g_ulMaxStackAllocSize < _Size)) ||
(puVar11 = auStack_298, g_ulAdditionalProbeSize + 8 + _Size < _Size)) {
LAB_1:
_Dst = local_250;
if (local_250 == (int *)0x0) goto LAB_2;
}
else {
iVar3 = VerifyStackAvailable();
if (iVar3 != 0) {
uVar8 = _Size + 0x17;
if (uVar8 <= _Size + 8) {
uVar8 = 0xffffffffffffff0;
}
puVar10 = auStack_298 + -(uVar8 & 0xfffffffffffffff0);
piVar9 = (int *)((longlong)auStack_254 + -(uVar8 & 0xfffffffffffffff0) + -4);
local_250 = piVar9;
}
_Dst = (int *)0x0;
puVar11 = puVar10;
if (piVar9 != (int *)0x0) {
*piVar9 = 0x6b637453;
local_250 = piVar9 + 2;
goto LAB_1;
}
LAB_2:
if (_Size <= _Size + 8) {
- *(undefined8 *)(puVar11 + -8) = 0x180265dfd;
+ *(undefined8 *)(puVar11 + -8) = 0x18026642f;
_Dst = (int *)(*g_pfnAllocate)();
local_250 = _Dst;
if (_Dst != (int *)0x0) {
*_Dst = 0x70616548;
_Dst = _Dst + 2;
local_250 = _Dst;
}
}
if (_Dst == (int *)0x0) {
local_258 = 0xc0000017;
goto LAB_0;
}
}
- *(undefined8 *)(puVar11 + -8) = 0x180265e35;
+ *(undefined8 *)(puVar11 + -8) = 0x180266467;
memset(_Dst,0,_Size);
*_Dst = (int)lVar13 * 2 + 0x3a;
_Dst[0xd] = (int)lVar13;
- *(undefined8 *)(puVar11 + -8) = 0x180265e53;
+ *(undefined8 *)(puVar11 + -8) = 0x180266485;
local_258 = RtlStringCchCopyW(_Dst + 0xe,(int)lVar14 + 2,param_1);
if ((int)local_258 < 0) goto LAB_0;
iVar3 = *_Dst;
- *(undefined8 *)(puVar11 + -8) = 0x180265e8a;
+ *(undefined8 *)(puVar11 + -8) = 0x1802664bc;
local_258 = SampDsWriteNgcKeyInfo
(local_228,uVar2,&local_248,
((ulonglong)(iVar3 + 3) & 0xfffffffc) + 4 + (longlong)_Dst);
if ((int)local_258 < 0) goto LAB_0;
*(int *)(((ulonglong)(*_Dst + 3) & 0xfffffffc) + (longlong)_Dst) = (int)local_248 + 4;
- *(undefined8 *)(puVar11 + -8) = 0x180265eba;
- puVar6 = (undefined4 *)SCGetAttByName(pvVar5,0x16,s_SmsDS_KeyCredentialLink_1804cc977 + 1);
+ *(undefined8 *)(puVar11 + -8) = 0x1802664ec;
+ puVar6 = (undefined4 *)SCGetAttByName(pvVar5,0x16,s_SmsDS_KeyCredentialLink_1804cc967 + 1);
if (puVar6 != (undefined4 *)0x0) {
local_238 = CONCAT44(local_238._4_4_,
(*_Dst + 3U & 0xfffffffc) +
*(int *)(((ulonglong)(*_Dst + 3U) & 0xfffffffc) + (longlong)_Dst));
local_230 = _Dst;
- *(undefined8 *)(puVar11 + -8) = 0x180265fd3;
+ *(undefined8 *)(puVar11 + -8) = 0x180266605;
BuildStdCommArg(local_148);
local_1c0 = 1;
local_1b0 = 0x41;
local_1a8 = *puVar6;
local_1a0 = 1;
local_198 = &local_238;
local_1c8 = _Dst;
- *(undefined8 *)(puVar11 + -8) = 0x180266016;
+ *(undefined8 *)(puVar11 + -8) = 0x180266648;
uVar4 = DirModifyEntryNative(&local_1c8,&local_240);
if (local_240 == 0) {
local_258 = 0xc0000017;
}
else {
- *(undefined8 *)(puVar11 + -8) = 0x18026602f;
+ *(undefined8 *)(puVar11 + -8) = 0x180266661;
local_258 = SampMapDsErrorToNTStatus(uVar4);
if (-1 < (int)local_258) goto LAB_0;
}
- *(undefined8 *)(puVar11 + -8) = 0x18026603f;
+ *(undefined8 *)(puVar11 + -8) = 0x180266671;
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180266055;
+ *(undefined8 *)(puVar11 + -8) = 0x180266687;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,3,0xd);
if (iVar3 == 0) {
_Dst = local_250;
if (gfTraceToSecondProvider == 0) goto LAB_0;
- *(undefined8 *)(puVar11 + -8) = 0x18026606c;
+ *(undefined8 *)(puVar11 + -8) = 0x18026669e;
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180266075;
+ *(undefined8 *)(puVar11 + -8) = 0x1802666a7;
iVar3 = ThStateCheckIfTraceToSecondProvier();
_Dst = local_250;
if (iVar3 == 0) goto LAB_0;
- *(undefined8 *)(puVar11 + -8) = 0x18026608a;
+ *(undefined8 *)(puVar11 + -8) = 0x1802666bc;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,3,0xd);
_Dst = local_250;
if (iVar3 == 0) goto LAB_0;
}
}
}
if (gfTraceToSecondProvider == 0) {
LAB_3:
uVar4 = 0;
}
else {
- *(undefined8 *)(puVar11 + -8) = 0x1802660a1;
+ *(undefined8 *)(puVar11 + -8) = 0x1802666d3;
iVar3 = THStateCheckForTraceOverride();
uVar4 = uVar12;
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x1802660aa;
+ *(undefined8 *)(puVar11 + -8) = 0x1802666dc;
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 != 0) {
- *(undefined8 *)(puVar11 + -8) = 0x1802660bb;
+ *(undefined8 *)(puVar11 + -8) = 0x1802666ed;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,3,0xd);
if (iVar3 != 0) goto LAB_4;
}
goto LAB_3;
}
}
LAB_4:
- *(undefined8 *)(puVar11 + -8) = 0x1802660cb;
+ *(undefined8 *)(puVar11 + -8) = 0x1802666fd;
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x1802660dc;
+ *(undefined8 *)(puVar11 + -8) = 0x18026670e;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,3,0xd);
if (iVar3 == 0) {
uVar12 = 0;
}
}
*(uint *)(puVar11 + 0x38) = local_258;
- *(undefined **)(puVar11 + 0x30) = &WPP_afbc7f1eb0473cd1a6cc4f39b3a0bf96_Traceguids;
- *(undefined2 *)(puVar11 + 0x28) = 0x37;
+ *(undefined **)(puVar11 + 0x30) = &WPP_41402414a7b13ee99617aada8d955873_Traceguids;
+ *(undefined2 *)(puVar11 + 0x28) = 0x3c;
*(undefined4 *)(puVar11 + 0x20) = uVar4;
uVar1 = *(undefined8 *)(WPP_GLOBAL_Control + 0x10);
- *(undefined8 *)(puVar11 + -8) = 0x18026611d;
+ *(undefined8 *)(puVar11 + -8) = 0x18026674f;
WPP_SF_L(uVar1,3,0xd,uVar12);
_Dst = local_250;
goto LAB_0;
}
local_258 = 0xc0000001;
- *(undefined8 *)(puVar11 + -8) = 0x180265ed2;
+ *(undefined8 *)(puVar11 + -8) = 0x180266504;
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180265ee6;
+ *(undefined8 *)(puVar11 + -8) = 0x180266518;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,3,0xd);
if (iVar3 == 0) {
_Dst = local_250;
if (gfTraceToSecondProvider == 0) goto LAB_0;
- *(undefined8 *)(puVar11 + -8) = 0x180265efd;
+ *(undefined8 *)(puVar11 + -8) = 0x18026652f;
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180265f06;
+ *(undefined8 *)(puVar11 + -8) = 0x180266538;
iVar3 = ThStateCheckIfTraceToSecondProvier();
_Dst = local_250;
if (iVar3 == 0) goto LAB_0;
- *(undefined8 *)(puVar11 + -8) = 0x180265f1b;
+ *(undefined8 *)(puVar11 + -8) = 0x18026654d;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,3,0xd);
_Dst = local_250;
if (iVar3 == 0) goto LAB_0;
}
}
}
if (gfTraceToSecondProvider == 0) {
LAB_5:
uVar4 = 0;
}
else {
- *(undefined8 *)(puVar11 + -8) = 0x180265f32;
+ *(undefined8 *)(puVar11 + -8) = 0x180266564;
iVar3 = THStateCheckForTraceOverride();
uVar4 = uVar12;
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180265f3b;
+ *(undefined8 *)(puVar11 + -8) = 0x18026656d;
iVar3 = ThStateCheckIfTraceToSecondProvier();
if (iVar3 != 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180265f4c;
+ *(undefined8 *)(puVar11 + -8) = 0x18026657e;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(1,3,0xd);
if (iVar3 != 0) goto LAB_6;
}
goto LAB_5;
}
}
LAB_6:
- *(undefined8 *)(puVar11 + -8) = 0x180265f5c;
+ *(undefined8 *)(puVar11 + -8) = 0x18026658e;
iVar3 = THStateCheckForTraceOverride();
if (iVar3 == 0) {
- *(undefined8 *)(puVar11 + -8) = 0x180265f6d;
+ *(undefined8 *)(puVar11 + -8) = 0x18026659f;
iVar3 = CheckWPPLevelFlagsEnabledForProvider(0,3,0xd);
if (iVar3 == 0) {
uVar12 = 0;
}
}
- *(undefined **)(puVar11 + 0x30) = &WPP_afbc7f1eb0473cd1a6cc4f39b3a0bf96_Traceguids;
- *(undefined2 *)(puVar11 + 0x28) = 0x36;
+ *(undefined **)(puVar11 + 0x30) = &WPP_41402414a7b13ee99617aada8d955873_Traceguids;
+ *(undefined2 *)(puVar11 + 0x28) = 0x3b;
*(undefined4 *)(puVar11 + 0x20) = uVar4;
uVar1 = *(undefined8 *)(WPP_GLOBAL_Control + 0x10);
- *(undefined8 *)(puVar11 + -8) = 0x180265fa7;
+ *(undefined8 *)(puVar11 + -8) = 0x1802665d9;
WPP_SF_(uVar1,3,0xd,uVar12);
_Dst = local_250;
LAB_0:
if ((_Dst != (int *)0x0) && (_Dst[-2] == 0x70616548)) {
- *(undefined8 *)(puVar11 + -8) = 0x180266142;
+ *(undefined8 *)(puVar11 + -8) = 0x180266774;
(*g_pfnFree)(_Dst + -2,_guard_dispatch_icall);
}
- *(undefined8 *)(puVar11 + -8) = 0x180266154;
+ *(undefined8 *)(puVar11 + -8) = 0x180266786;
return local_258;
}
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | code,refcount,length,address,calling,called |
| ratio | 0.31 |
| i_ratio | 0.28 |
| m_ratio | 0.78 |
| b_ratio | 0.72 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | StringCchCatA | StringCchCatA |
| fullname | StringCchCatA | StringCchCatA |
refcount |
6 | 1 |
length |
121 | 190 |
called |
StringCopyWorkerA | |
calling |
LDAP_CONN::WhoAmIRequest LDAP_DSNameToLDAPDN |
LDAP_CONN::WhoAmIRequest |
| paramcount | 3 | 3 |
address |
1803bc948 | 1803c1760 |
| sig | long __cdecl StringCchCatA(char * param_1, __uint64 param_2, char * param_3) | long __cdecl StringCchCatA(char * param_1, __uint64 param_2, char * param_3) |
| sym_type | Function | Function |
| sym_source | ANALYSIS | ANALYSIS |
| external | False | False |
--- StringCchCatA called
+++ StringCchCatA called
@@ -1 +0,0 @@
-StringCopyWorkerA--- StringCchCatA calling
+++ StringCchCatA calling
@@ -2 +1,0 @@
-LDAP_DSNameToLDAPDN--- StringCchCatA
+++ StringCchCatA
@@ -1,37 +1,56 @@
/* long __cdecl StringCchCatA(char * __ptr64,unsigned __int64,char const * __ptr64) */
long __cdecl StringCchCatA(char *param_1,__uint64 param_2,char *param_3)
{
- char *pcVar1;
- __uint64 _Var2;
+ __uint64 _Var1;
+ char *pcVar2;
longlong lVar3;
- uint uVar4;
- size_t in_stack_ffffffffffffffe8;
+ char *pcVar4;
+ longlong lVar5;
+ uint uVar6;
+ longlong lVar7;
- uVar4 = 0;
+ uVar6 = 0;
if (0x7ffffffe < param_2 - 1) {
- uVar4 = 0x80070057;
+ uVar6 = 0x80070057;
}
- pcVar1 = param_1;
- _Var2 = param_2;
- if (-1 < (int)uVar4) {
- for (; (_Var2 != 0 && (*pcVar1 != '\0')); pcVar1 = pcVar1 + 1) {
- _Var2 = _Var2 - 1;
+ pcVar4 = param_1;
+ _Var1 = param_2;
+ if (-1 < (int)uVar6) {
+ for (; (_Var1 != 0 && (*pcVar4 != '\0')); pcVar4 = pcVar4 + 1) {
+ _Var1 = _Var1 - 1;
}
- uVar4 = ~-(uint)(_Var2 != 0) & 0x80070057;
- if (_Var2 != 0) {
- lVar3 = param_2 - _Var2;
+ uVar6 = ~-(uint)(_Var1 != 0) & 0x80070057;
+ if (_Var1 != 0) {
+ lVar5 = param_2 - _Var1;
goto LAB_0;
}
}
- lVar3 = 0;
+ lVar5 = 0;
LAB_0:
- if (-1 < (int)uVar4) {
- uVar4 = StringCopyWorkerA(param_1 + lVar3,param_2 - lVar3,(size_t *)param_3,param_3,
- in_stack_ffffffffffffffe8);
+ if (-1 < (int)uVar6) {
+ pcVar4 = param_1 + lVar5;
+ lVar3 = param_2 - lVar5;
+ if (lVar3 != 0) {
+ lVar5 = lVar5 + 0x7ffffffe + (lVar3 - param_2);
+ lVar7 = (longlong)param_3 - (longlong)pcVar4;
+ do {
+ if ((lVar5 == 0) || (pcVar4[lVar7] == '\0')) break;
+ *pcVar4 = pcVar4[lVar7];
+ lVar5 = lVar5 + -1;
+ pcVar4 = pcVar4 + 1;
+ lVar3 = lVar3 + -1;
+ } while (lVar3 != 0);
+ }
+ pcVar2 = pcVar4 + -1;
+ if (lVar3 != 0) {
+ pcVar2 = pcVar4;
+ }
+ uVar6 = ~-(uint)(lVar3 != 0) & 0x8007007a;
+ *pcVar2 = '\0';
}
- return uVar4;
+ return uVar6;
}
Slightly modified functions have no code changes, rather differnces in:
- refcount
- length
- called
- calling
- name
- fullname
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.96 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | CheckWPPLevelFlagsEnabledForProvider | CheckWPPLevelFlagsEnabledForProvider |
| fullname | CheckWPPLevelFlagsEnabledForProvider | CheckWPPLevelFlagsEnabledForProvider |
refcount |
16372 | 16392 |
| length | 96 | 96 |
| called | ||
calling |
Expand for full list:AddCurrentObjectToAsqReferrals |
Expand for full list:AddCurrentObjectToAsqReferrals |
| paramcount | 0 | 0 |
| address | 180022a50 | 180022a50 |
| sig | undefined CheckWPPLevelFlagsEnabledForProvider(void) | undefined CheckWPPLevelFlagsEnabledForProvider(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- CheckWPPLevelFlagsEnabledForProvider calling
+++ CheckWPPLevelFlagsEnabledForProvider calling
@@ -300,99 +300,99 @@
-FUN_1800924a0
-FUN_18009663d
-FUN_1800ed4bf
-FUN_1800ffc93
-FUN_180175a64
-FUN_180176f1e
-FUN_1801770a2
-FUN_1801775ee
-FUN_180179297
-FUN_18017bbd4
-FUN_18017bd74
-FUN_18017e4f0
-FUN_18017fd97
-FUN_180180761
-FUN_18018082e
-FUN_180180a14
-FUN_180180b6b
-FUN_1801814b0
-FUN_180181d53
-FUN_180181ef6
-FUN_1801825e9
-FUN_1801834c8
-FUN_180183580
-FUN_18018460c
-FUN_180184a46
-FUN_180184dc4
-FUN_180185bcf
-FUN_180186c6d
-FUN_1801871ef
-FUN_180187556
-FUN_18018a290
-FUN_18018b5dc
-FUN_18018b80c
-FUN_18018bd59
-FUN_18018ca98
-FUN_18018d01f
-FUN_18018dba4
-FUN_18018f65b
-FUN_180191842
-FUN_180191a6a
-FUN_180194428
-FUN_18019491a
-FUN_180195e86
-FUN_180195f9f
-FUN_18019ccd9
-FUN_18019ce89
-FUN_18019d225
-FUN_18019da93
-FUN_18019dc74
-FUN_18019e26a
-FUN_18019e52d
-FUN_1801a0adc
-FUN_1801a0c25
-FUN_1801a1e31
-FUN_1801a2de0
-FUN_1801a4c54
-FUN_1801a5450
-FUN_1801a6bf4
-FUN_1801a7353
-FUN_1801a8fd0
-FUN_1801a9084
-FUN_1801a9352
-FUN_1801a9378
-FUN_1801a94c2
-FUN_1801a9507
-FUN_1801a9df5
-FUN_1801aa295
-FUN_1801aaa03
-FUN_1801aae90
-FUN_1801ab255
-FUN_1801ab503
-FUN_1801ab5a9
-FUN_1801ab661
-FUN_1801ab719
-FUN_1801ab808
-FUN_1801b7bc6
-FUN_1801ba662
-FUN_1801bf6b2
-FUN_1801bf95f
-FUN_1801c0e66
-FUN_1801c2dfe
-FUN_1801c2ea5
-FUN_1801c5439
-FUN_1801c5909
-FUN_1801c5c71
-FUN_1801c8a7a
-FUN_1801cad66
-FUN_1801cb8ca
-FUN_1801cc248
-FUN_1801d0566
-FUN_1801d346e
-FUN_1801da620
-FUN_1801db00b
-FUN_1801dfc6a
-FUN_1801dffff
-FUN_1801e0491
-FUN_1801e0565
-FUN_1801e321c
-FUN_1801e3e00
+FUN_18009245c
+FUN_1800965ed
+FUN_1800ed46f
+FUN_1800ffc43
+FUN_180175d14
+FUN_1801771ce
+FUN_180177352
+FUN_18017789e
+FUN_180179547
+FUN_18017be84
+FUN_18017c024
+FUN_18017e7a0
+FUN_180180047
+FUN_180180a11
+FUN_180180ade
+FUN_180180cc4
+FUN_180180e1b
+FUN_180181760
+FUN_180182003
+FUN_1801821a6
+FUN_180182899
+FUN_180183778
+FUN_180183830
+FUN_1801848bc
+FUN_180184cf6
+FUN_180185074
+FUN_180185e7f
+FUN_180186f1d
+FUN_18018749f
+FUN_180187806
+FUN_18018a540
+FUN_18018b88c
+FUN_18018babc
+FUN_18018c009
+FUN_18018cd48
+FUN_18018d2cf
+FUN_18018de54
+FUN_18018f90b
+FUN_180191af2
+FUN_180191d1a
+FUN_1801946d8
+FUN_180194bca
+FUN_180196136
+FUN_18019624f
+FUN_18019cf89
+FUN_18019d139
+FUN_18019d4d5
+FUN_18019dd43
+FUN_18019df24
+FUN_18019e51a
+FUN_18019e7dd
+FUN_1801a0d8c
+FUN_1801a0ed5
+FUN_1801a20e1
+FUN_1801a3090
+FUN_1801a4f04
+FUN_1801a5700
+FUN_1801a6ea4
+FUN_1801a765f
+FUN_1801a92dc
+FUN_1801a9390
+FUN_1801a965e
+FUN_1801a9684
+FUN_1801a97ce
+FUN_1801a9813
+FUN_1801aa101
+FUN_1801aa5a1
+FUN_1801aad0f
+FUN_1801ab19c
+FUN_1801ab561
+FUN_1801ab80f
+FUN_1801ab8b5
+FUN_1801ab96d
+FUN_1801aba25
+FUN_1801abb14
+FUN_1801b7ed2
+FUN_1801ba96e
+FUN_1801bf9be
+FUN_1801bfc6b
+FUN_1801c1172
+FUN_1801c310a
+FUN_1801c31b1
+FUN_1801c5745
+FUN_1801c5c15
+FUN_1801c5f7d
+FUN_1801c8d86
+FUN_1801cb072
+FUN_1801cbbd6
+FUN_1801cc554
+FUN_1801d0872
+FUN_1801d377a
+FUN_1801da92c
+FUN_1801db317
+FUN_1801dff76
+FUN_1801e030b
+FUN_1801e079d
+FUN_1801e0871
+FUN_1801e3528
+FUN_1801e410c
@@ -840,0 +841 @@
+SampDsValidateNgcKeyValueForComputerNew| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash,ExternalsName |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | RegQueryValueExW | RegQueryValueExW |
| fullname | API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegQueryValueExW | API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL::RegQueryValueExW |
refcount |
23 | 24 |
| length | 0 | 0 |
| called | ||
| calling | Expand for full list:UpgradeDsRegistry |
Expand for full list:UpgradeDsRegistry |
| paramcount | 6 | 6 |
| address | EXTERNAL:000001d9 | EXTERNAL:000001d9 |
| sig | LSTATUS __stdcall RegQueryValueExW(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) | LSTATUS __stdcall RegQueryValueExW(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | True | True |
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 0.94 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | WPP_SF_L | WPP_SF_L |
| fullname | WPP_SF_L | WPP_SF_L |
refcount |
691 | 693 |
| length | 82 | 82 |
| called | DsTraceMessage | DsTraceMessage |
calling |
Expand for full list:BuildRepSyncPaoV1 |
Expand for full list:BuildRepSyncPaoV1 |
| paramcount | 0 | 0 |
address |
18014a46c | 18014a41c |
| sig | undefined WPP_SF_L(void) | undefined WPP_SF_L(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- WPP_SF_L calling
+++ WPP_SF_L calling
@@ -107,18 +107,18 @@
-FUN_1801770a2
-FUN_1801775ee
-FUN_180179297
-FUN_18017bbd4
-FUN_1801871ef
-FUN_18018dba4
-FUN_18019491a
-FUN_180195f9f
-FUN_18019e52d
-FUN_1801a1ce3
-FUN_1801a4c54
-FUN_1801bf95f
-FUN_1801c5439
-FUN_1801c8a7a
-FUN_1801d0566
-FUN_1801e31c6
-FUN_1801e321c
-FUN_1801e3e00
+FUN_180177352
+FUN_18017789e
+FUN_180179547
+FUN_18017be84
+FUN_18018749f
+FUN_18018de54
+FUN_180194bca
+FUN_18019624f
+FUN_18019e7dd
+FUN_1801a1f93
+FUN_1801a4f04
+FUN_1801bfc6b
+FUN_1801c5745
+FUN_1801c8d86
+FUN_1801d0872
+FUN_1801e34d2
+FUN_1801e3528
+FUN_1801e410c
@@ -128,0 +129 @@
+FreeAllPagedBlobs
@@ -294,0 +296 @@
+SampDsValidateNgcKeyValueForComputerNew| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.98 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | ?StringCchPrintfA@@YAJPEAD_KPEBDZZ | ?StringCchPrintfA@@YAJPEAD_KPEBDZZ |
| fullname | ?StringCchPrintfA@@YAJPEAD_KPEBDZZ | ?StringCchPrintfA@@YAJPEAD_KPEBDZZ |
refcount |
24 | 10 |
| length | 128 | 128 |
| called | MSVCRT.DLL::_vsnprintf | MSVCRT.DLL::_vsnprintf |
calling |
Expand for full list:MakePrintableLDAP_CONN |
CreateAttrVal DisplayReplicationPolicyConfiguration DoSetLdapError GetDefaultReplScheduleString MakePrintableLDAP_REQUEST PreProcessInifileShortcuts |
| paramcount | 3 | 3 |
| address | 18003f228 | 18003f228 |
| sig | HRESULT __stdcall ?StringCchPrintfA@@YAJPEAD_KPEBDZZ(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszFormat, ...) | HRESULT __stdcall ?StringCchPrintfA@@YAJPEAD_KPEBDZZ(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszFormat, ...) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ?StringCchPrintfA@@YAJPEAD_KPEBDZZ calling
+++ ?StringCchPrintfA@@YAJPEAD_KPEBDZZ calling
@@ -5,8 +4,0 @@
-LDAP_AddHistoryDecoration
-LDAP_AddRangeDecoration
-LDAP_BuildAttrDescWithOptions
-LDAP_DSNameToLDAPDN
-LDAP_DirAttrValToAttrVal
-LDAP_DirDNBlobToLDAPDNBlob
-LDAP_DirDNStringToLDAPDNString
-MakePrintableLDAP_CONN| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | length,address,called |
| ratio | 0.97 |
| i_ratio | 0.32 |
| m_ratio | 0.4 |
| b_ratio | 0.4 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | FreeAllPagedBlobs | FreeAllPagedBlobs |
| fullname | FreeAllPagedBlobs | FreeAllPagedBlobs |
| refcount | 4 | 4 |
length |
195 | 721 |
called |
API-MS-WIN-CORE-SYNCH-L1-1-0.DLL::EnterCriticalSection CheckWPPLevelFlagsEnabledForProvider THStateCheckForTraceOverride ThStateCheckIfTraceToSecondProvier |
API-MS-WIN-CORE-SYNCH-L1-1-0.DLL::EnterCriticalSection CheckWPPLevelFlagsEnabledForProvider DSFree THStateCheckForTraceOverride ThStateCheckIfTraceToSecondProvier WPP_SF_L WPP_SF_lD |
| calling | LDAP_CONN::Cleanup ProcessConnTimeout |
LDAP_CONN::Cleanup ProcessConnTimeout |
| paramcount | 1 | 1 |
address |
1800da83c | 1800da7ec |
| sig | void __cdecl FreeAllPagedBlobs(LDAP_CONN * param_1) | void __cdecl FreeAllPagedBlobs(LDAP_CONN * param_1) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- FreeAllPagedBlobs called
+++ FreeAllPagedBlobs called
@@ -2,0 +3 @@
+DSFree
@@ -4,0 +6,2 @@
+WPP_SF_L
+WPP_SF_lD| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.97 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | ?StringCchCopyA@@YAJPEAD_KPEBD@Z | ?StringCchCopyA@@YAJPEAD_KPEBD@Z |
| fullname | ?StringCchCopyA@@YAJPEAD_KPEBD@Z | ?StringCchCopyA@@YAJPEAD_KPEBD@Z |
refcount |
9 | 6 |
| length | 125 | 125 |
| called | ||
calling |
DoSetLdapError GetPrivateProfileSectionEx InitializeNTDSSetup LDAP_CONN::WhoAmIRequest LDAP_DSNameToLDAPDN LDAP_DirAccessPointToAccessPoint |
DoSetLdapError GetPrivateProfileSectionEx InitializeNTDSSetup LDAP_CONN::WhoAmIRequest |
| paramcount | 3 | 3 |
| address | 180005478 | 180005478 |
| sig | HRESULT __stdcall ?StringCchCopyA@@YAJPEAD_KPEBD@Z(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszSrc) | HRESULT __stdcall ?StringCchCopyA@@YAJPEAD_KPEBD@Z(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszSrc) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ?StringCchCopyA@@YAJPEAD_KPEBD@Z calling
+++ ?StringCchCopyA@@YAJPEAD_KPEBD@Z calling
@@ -5,2 +4,0 @@
-LDAP_DSNameToLDAPDN
-LDAP_DirAccessPointToAccessPoint| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 0.94 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | WPP_SF_i | WPP_SF_i |
| fullname | WPP_SF_i | WPP_SF_i |
refcount |
95 | 96 |
| length | 82 | 82 |
| called | DsTraceMessage | DsTraceMessage |
calling |
Expand for full list:ErrQuotaIntegrityCheck |
Expand for full list:ErrQuotaIntegrityCheck |
| paramcount | 0 | 0 |
address |
18014b26c | 18014b31c |
| sig | undefined WPP_SF_i(void) | undefined WPP_SF_i(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- WPP_SF_i calling
+++ WPP_SF_i calling
@@ -14,8 +14,8 @@
-FUN_1801770a2
-FUN_18018a290
-FUN_1801a6bf4
-FUN_1801a9df5
-FUN_1801ab255
-FUN_1801ab5a9
-FUN_1801ab719
-FUN_1801cb8ca
+FUN_180177352
+FUN_18018a540
+FUN_1801a6ea4
+FUN_1801aa101
+FUN_1801ab561
+FUN_1801ab8b5
+FUN_1801aba25
+FUN_1801cbbd6
@@ -43,0 +44 @@
+SampDsValidateNgcKeyValueForComputerNew| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.97 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | ?StringCchCopyW@@YAJPEAG_KPEBG@Z | ?StringCchCopyW@@YAJPEAG_KPEBG@Z |
| fullname | ?StringCchCopyW@@YAJPEAG_KPEBG@Z | ?StringCchCopyW@@YAJPEAG_KPEBG@Z |
refcount |
24 | 23 |
| length | 141 | 141 |
| called | ||
calling |
Expand for full list:DsUpdateSPNsOnComputerObject |
Expand for full list:DsUpdateSPNsOnComputerObject |
| paramcount | 3 | 3 |
| address | 18003fc78 | 18003fc78 |
| sig | HRESULT __stdcall ?StringCchCopyW@@YAJPEAG_KPEBG@Z(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc) | HRESULT __stdcall ?StringCchCopyW@@YAJPEAG_KPEBG@Z(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ?StringCchCopyW@@YAJPEAG_KPEBG@Z calling
+++ ?StringCchCopyW@@YAJPEAG_KPEBG@Z calling
@@ -16 +15,0 @@
-LdapEnumConnections| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash,ExternalsName |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | GetSystemTimeAsFileTime | GetSystemTimeAsFileTime |
| fullname | API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL::GetSystemTimeAsFileTime | API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL::GetSystemTimeAsFileTime |
refcount |
110 | 111 |
| length | 0 | 0 |
| called | ||
| calling | Expand for full list:CheckVdcStatus |
Expand for full list:CheckVdcStatus |
| paramcount | 1 | 1 |
| address | EXTERNAL:00000171 | EXTERNAL:00000171 |
| sig | void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime) | void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | True | True |
| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.93 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | ThStateCheckIfTraceToSecondProvier | ThStateCheckIfTraceToSecondProvier |
| fullname | ThStateCheckIfTraceToSecondProvier | ThStateCheckIfTraceToSecondProvier |
refcount |
7756 | 7766 |
| length | 52 | 52 |
| called | API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL::TlsGetValue | API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL::TlsGetValue |
calling |
Expand for full list:AddCurrentObjectToAsqReferrals |
Expand for full list:AddCurrentObjectToAsqReferrals |
| paramcount | 0 | 0 |
| address | 180022a10 | 180022a10 |
| sig | undefined ThStateCheckIfTraceToSecondProvier(void) | undefined ThStateCheckIfTraceToSecondProvier(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- ThStateCheckIfTraceToSecondProvier calling
+++ ThStateCheckIfTraceToSecondProvier calling
@@ -274,95 +274,95 @@
-FUN_1800924a0
-FUN_18009663d
-FUN_1800ffc93
-FUN_180175a64
-FUN_180176f1e
-FUN_1801770a2
-FUN_1801775ee
-FUN_180179297
-FUN_18017bbd4
-FUN_18017bd74
-FUN_18017e4f0
-FUN_18017fd97
-FUN_180180761
-FUN_18018082e
-FUN_180180a14
-FUN_180180b6b
-FUN_1801814b0
-FUN_180181d53
-FUN_180181ef6
-FUN_1801825e9
-FUN_1801834c8
-FUN_180183580
-FUN_18018460c
-FUN_180184a46
-FUN_180184dc4
-FUN_180185bcf
-FUN_180186c6d
-FUN_1801871ef
-FUN_180187556
-FUN_18018a290
-FUN_18018b5dc
-FUN_18018b80c
-FUN_18018bd59
-FUN_18018ca98
-FUN_18018d01f
-FUN_18018dba4
-FUN_18018f65b
-FUN_180191842
-FUN_180191a6a
-FUN_180194428
-FUN_18019491a
-FUN_180195e86
-FUN_180195f9f
-FUN_18019ccd9
-FUN_18019ce89
-FUN_18019d225
-FUN_18019da93
-FUN_18019dc74
-FUN_18019e26a
-FUN_18019e52d
-FUN_1801a0adc
-FUN_1801a0c25
-FUN_1801a1e31
-FUN_1801a2de0
-FUN_1801a4c54
-FUN_1801a5450
-FUN_1801a6bf4
-FUN_1801a7353
-FUN_1801a8fd0
-FUN_1801a9084
-FUN_1801a9352
-FUN_1801a9378
-FUN_1801a94c2
-FUN_1801a9507
-FUN_1801a9df5
-FUN_1801aa295
-FUN_1801aaa03
-FUN_1801aae90
-FUN_1801ab255
-FUN_1801ab503
-FUN_1801ab5a9
-FUN_1801ab661
-FUN_1801ab719
-FUN_1801ab808
-FUN_1801b7bc6
-FUN_1801ba662
-FUN_1801bf6b2
-FUN_1801bf95f
-FUN_1801c0e66
-FUN_1801c2dfe
-FUN_1801c2ea5
-FUN_1801c5439
-FUN_1801c8a7a
-FUN_1801cad66
-FUN_1801cb8ca
-FUN_1801cc248
-FUN_1801d0566
-FUN_1801da620
-FUN_1801db00b
-FUN_1801dfc6a
-FUN_1801dffff
-FUN_1801e0491
-FUN_1801e0565
-FUN_1801e321c
-FUN_1801e3e00
+FUN_18009245c
+FUN_1800965ed
+FUN_1800ffc43
+FUN_180175d14
+FUN_1801771ce
+FUN_180177352
+FUN_18017789e
+FUN_180179547
+FUN_18017be84
+FUN_18017c024
+FUN_18017e7a0
+FUN_180180047
+FUN_180180a11
+FUN_180180ade
+FUN_180180cc4
+FUN_180180e1b
+FUN_180181760
+FUN_180182003
+FUN_1801821a6
+FUN_180182899
+FUN_180183778
+FUN_180183830
+FUN_1801848bc
+FUN_180184cf6
+FUN_180185074
+FUN_180185e7f
+FUN_180186f1d
+FUN_18018749f
+FUN_180187806
+FUN_18018a540
+FUN_18018b88c
+FUN_18018babc
+FUN_18018c009
+FUN_18018cd48
+FUN_18018d2cf
+FUN_18018de54
+FUN_18018f90b
+FUN_180191af2
+FUN_180191d1a
+FUN_1801946d8
+FUN_180194bca
+FUN_180196136
+FUN_18019624f
+FUN_18019cf89
+FUN_18019d139
+FUN_18019d4d5
+FUN_18019dd43
+FUN_18019df24
+FUN_18019e51a
+FUN_18019e7dd
+FUN_1801a0d8c
+FUN_1801a0ed5
+FUN_1801a20e1
+FUN_1801a3090
+FUN_1801a4f04
+FUN_1801a5700
+FUN_1801a6ea4
+FUN_1801a765f
+FUN_1801a92dc
+FUN_1801a9390
+FUN_1801a965e
+FUN_1801a9684
+FUN_1801a97ce
+FUN_1801a9813
+FUN_1801aa101
+FUN_1801aa5a1
+FUN_1801aad0f
+FUN_1801ab19c
+FUN_1801ab561
+FUN_1801ab80f
+FUN_1801ab8b5
+FUN_1801ab96d
+FUN_1801aba25
+FUN_1801abb14
+FUN_1801b7ed2
+FUN_1801ba96e
+FUN_1801bf9be
+FUN_1801bfc6b
+FUN_1801c1172
+FUN_1801c310a
+FUN_1801c31b1
+FUN_1801c5745
+FUN_1801c8d86
+FUN_1801cb072
+FUN_1801cbbd6
+FUN_1801cc554
+FUN_1801d0872
+FUN_1801da92c
+FUN_1801db317
+FUN_1801dff76
+FUN_1801e030b
+FUN_1801e079d
+FUN_1801e0871
+FUN_1801e3528
+FUN_1801e410c
@@ -750,0 +751 @@
+SampDsValidateNgcKeyValueForComputerNew| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 0.9 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | SampDsFreeNGCKeyInfo | SampDsFreeNGCKeyInfo |
| fullname | SampDsFreeNGCKeyInfo | SampDsFreeNGCKeyInfo |
refcount |
5 | 7 |
| length | 73 | 73 |
| called | API-MS-WIN-CORE-HEAP-L2-1-0.DLL::LocalFree memset |
API-MS-WIN-CORE-HEAP-L2-1-0.DLL::LocalFree memset |
calling |
SamDsHandleDuplicateNgcKeyValues | SamDsHandleDuplicateNgcKeyValues SampDsValidateNgcKeyValueForComputerNew SampDsValidateNgcKeyValueForComputerNew$fin$0 |
| paramcount | 0 | 0 |
address |
18015a320 | 18015a3d0 |
| sig | undefined SampDsFreeNGCKeyInfo(void) | undefined SampDsFreeNGCKeyInfo(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- SampDsFreeNGCKeyInfo calling
+++ SampDsFreeNGCKeyInfo calling
@@ -1,0 +2,2 @@
+SampDsValidateNgcKeyValueForComputerNew
+SampDsValidateNgcKeyValueForComputerNew$fin$0| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | StringCbCopyA | StringCbCopyA |
| fullname | StringCbCopyA | StringCbCopyA |
refcount |
42 | 45 |
| length | 114 | 114 |
| called | ||
calling |
Expand for full list:GetDumpFile |
Expand for full list:GetDumpFile |
| paramcount | 3 | 3 |
| address | 18005d568 | 18005d568 |
| sig | HRESULT __stdcall StringCbCopyA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszSrc) | HRESULT __stdcall StringCbCopyA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszSrc) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- StringCbCopyA calling
+++ StringCbCopyA calling
@@ -13,0 +14,2 @@
+LDAP_DSNameToLDAPDN
+LDAP_DirAccessPointToAccessPoint| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.93 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | SymbolsHash |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | THStateCheckForTraceOverride | THStateCheckForTraceOverride |
| fullname | THStateCheckForTraceOverride | THStateCheckForTraceOverride |
refcount |
15274 | 15294 |
| length | 52 | 52 |
| called | API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL::TlsGetValue | API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL::TlsGetValue |
calling |
Expand for full list:AddCurrentObjectToAsqReferrals |
Expand for full list:AddCurrentObjectToAsqReferrals |
| paramcount | 0 | 0 |
| address | 1800229d0 | 1800229d0 |
| sig | undefined THStateCheckForTraceOverride(void) | undefined THStateCheckForTraceOverride(void) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- THStateCheckForTraceOverride calling
+++ THStateCheckForTraceOverride calling
@@ -274,95 +274,95 @@
-FUN_1800924a0
-FUN_18009663d
-FUN_1800ffc93
-FUN_180175a64
-FUN_180176f1e
-FUN_1801770a2
-FUN_1801775ee
-FUN_180179297
-FUN_18017bbd4
-FUN_18017bd74
-FUN_18017e4f0
-FUN_18017fd97
-FUN_180180761
-FUN_18018082e
-FUN_180180a14
-FUN_180180b6b
-FUN_1801814b0
-FUN_180181d53
-FUN_180181ef6
-FUN_1801825e9
-FUN_1801834c8
-FUN_180183580
-FUN_18018460c
-FUN_180184a46
-FUN_180184dc4
-FUN_180185bcf
-FUN_180186c6d
-FUN_1801871ef
-FUN_180187556
-FUN_18018a290
-FUN_18018b5dc
-FUN_18018b80c
-FUN_18018bd59
-FUN_18018ca98
-FUN_18018d01f
-FUN_18018dba4
-FUN_18018f65b
-FUN_180191842
-FUN_180191a6a
-FUN_180194428
-FUN_18019491a
-FUN_180195e86
-FUN_180195f9f
-FUN_18019ccd9
-FUN_18019ce89
-FUN_18019d225
-FUN_18019da93
-FUN_18019dc74
-FUN_18019e26a
-FUN_18019e52d
-FUN_1801a0adc
-FUN_1801a0c25
-FUN_1801a1e31
-FUN_1801a2de0
-FUN_1801a4c54
-FUN_1801a5450
-FUN_1801a6bf4
-FUN_1801a7353
-FUN_1801a8fd0
-FUN_1801a9084
-FUN_1801a9352
-FUN_1801a9378
-FUN_1801a94c2
-FUN_1801a9507
-FUN_1801a9df5
-FUN_1801aa295
-FUN_1801aaa03
-FUN_1801aae90
-FUN_1801ab255
-FUN_1801ab503
-FUN_1801ab5a9
-FUN_1801ab661
-FUN_1801ab719
-FUN_1801ab808
-FUN_1801b7bc6
-FUN_1801ba662
-FUN_1801bf6b2
-FUN_1801bf95f
-FUN_1801c0e66
-FUN_1801c2dfe
-FUN_1801c2ea5
-FUN_1801c5439
-FUN_1801c8a7a
-FUN_1801cad66
-FUN_1801cb8ca
-FUN_1801cc248
-FUN_1801d0566
-FUN_1801da620
-FUN_1801db00b
-FUN_1801dfc6a
-FUN_1801dffff
-FUN_1801e0491
-FUN_1801e0565
-FUN_1801e321c
-FUN_1801e3e00
+FUN_18009245c
+FUN_1800965ed
+FUN_1800ffc43
+FUN_180175d14
+FUN_1801771ce
+FUN_180177352
+FUN_18017789e
+FUN_180179547
+FUN_18017be84
+FUN_18017c024
+FUN_18017e7a0
+FUN_180180047
+FUN_180180a11
+FUN_180180ade
+FUN_180180cc4
+FUN_180180e1b
+FUN_180181760
+FUN_180182003
+FUN_1801821a6
+FUN_180182899
+FUN_180183778
+FUN_180183830
+FUN_1801848bc
+FUN_180184cf6
+FUN_180185074
+FUN_180185e7f
+FUN_180186f1d
+FUN_18018749f
+FUN_180187806
+FUN_18018a540
+FUN_18018b88c
+FUN_18018babc
+FUN_18018c009
+FUN_18018cd48
+FUN_18018d2cf
+FUN_18018de54
+FUN_18018f90b
+FUN_180191af2
+FUN_180191d1a
+FUN_1801946d8
+FUN_180194bca
+FUN_180196136
+FUN_18019624f
+FUN_18019cf89
+FUN_18019d139
+FUN_18019d4d5
+FUN_18019dd43
+FUN_18019df24
+FUN_18019e51a
+FUN_18019e7dd
+FUN_1801a0d8c
+FUN_1801a0ed5
+FUN_1801a20e1
+FUN_1801a3090
+FUN_1801a4f04
+FUN_1801a5700
+FUN_1801a6ea4
+FUN_1801a765f
+FUN_1801a92dc
+FUN_1801a9390
+FUN_1801a965e
+FUN_1801a9684
+FUN_1801a97ce
+FUN_1801a9813
+FUN_1801aa101
+FUN_1801aa5a1
+FUN_1801aad0f
+FUN_1801ab19c
+FUN_1801ab561
+FUN_1801ab80f
+FUN_1801ab8b5
+FUN_1801ab96d
+FUN_1801aba25
+FUN_1801abb14
+FUN_1801b7ed2
+FUN_1801ba96e
+FUN_1801bf9be
+FUN_1801bfc6b
+FUN_1801c1172
+FUN_1801c310a
+FUN_1801c31b1
+FUN_1801c5745
+FUN_1801c8d86
+FUN_1801cb072
+FUN_1801cbbd6
+FUN_1801cc554
+FUN_1801d0872
+FUN_1801da92c
+FUN_1801db317
+FUN_1801dff76
+FUN_1801e030b
+FUN_1801e079d
+FUN_1801e0871
+FUN_1801e3528
+FUN_1801e410c
@@ -750,0 +751 @@
+SampDsValidateNgcKeyValueForComputerNew| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 1.0 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | ExactBytesFunctionHasher |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | StringCchCatA | StringCchCatA |
| fullname | StringCchCatA | StringCchCatA |
refcount |
16 | 20 |
| length | 130 | 130 |
| called | StringCopyWorkerA | StringCopyWorkerA |
calling |
DBInitializeJetDatabase DisableDiskWriteCache DsStartupPhase1 MakeConstructedMAPIValue PrintPrivileges dbCreateIndexBatch dbMakeLogIndexString dbMakeLogIntersectIndiciesName |
DBInitializeJetDatabase DisableDiskWriteCache DsStartupPhase1 LDAP_DSNameToLDAPDN MakeConstructedMAPIValue PrintPrivileges dbCreateIndexBatch dbMakeLogIndexString dbMakeLogIntersectIndiciesName |
| paramcount | 3 | 3 |
| address | 18005bda4 | 18005bda4 |
| sig | HRESULT __stdcall StringCchCatA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszSrc) | HRESULT __stdcall StringCchCatA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszSrc) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- StringCchCatA calling
+++ StringCchCatA calling
@@ -3,0 +4 @@
+LDAP_DSNameToLDAPDN| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 0.82 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | ExactInstructionsFunctionHasher |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | StringCchPrintfW | StringCchPrintfW |
| fullname | StringCchPrintfW | StringCchPrintfW |
refcount |
121 | 122 |
| length | 132 | 132 |
| called | MSVCRT.DLL::_vsnwprintf | MSVCRT.DLL::_vsnwprintf |
calling |
Expand for full list:DSaddrFromNameEx |
Expand for full list:DSaddrFromNameEx |
| paramcount | 3 | 3 |
address |
1800d8028 | 1800d7fd8 |
| sig | HRESULT __stdcall StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat, ...) | HRESULT __stdcall StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat, ...) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- StringCchPrintfW calling
+++ StringCchPrintfW calling
@@ -15 +15 @@
-FUN_18019cf5c
+FUN_18019d20c| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,calling |
| ratio | 1.0 |
| i_ratio | 0.98 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | ExactInstructionsFunctionHasher |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | StringCchPrintfA | StringCchPrintfA |
| fullname | StringCchPrintfA | StringCchPrintfA |
refcount |
67 | 81 |
| length | 152 | 152 |
| called | MSVCRT.DLL::_vsnprintf | MSVCRT.DLL::_vsnprintf |
calling |
Expand for full list:DumpErrorMessageS |
Expand for full list:DumpErrorMessageS |
| paramcount | 3 | 3 |
| address | 1800258d0 | 1800258d0 |
| sig | HRESULT __stdcall StringCchPrintfA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszFormat, ...) | HRESULT __stdcall StringCchPrintfA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszFormat, ...) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- StringCchPrintfA calling
+++ StringCchPrintfA calling
@@ -14,0 +15,7 @@
+LDAP_AddHistoryDecoration
+LDAP_AddRangeDecoration
+LDAP_BuildAttrDescWithOptions
+LDAP_DSNameToLDAPDN
+LDAP_DirAttrValToAttrVal
+LDAP_DirDNBlobToLDAPDNBlob
+LDAP_DirDNStringToLDAPDNString
@@ -17,0 +25 @@
+MakePrintableLDAP_CONN| Key | ntdsai_KB5065428_OLD.dll - ntdsai_KB5073723_NEW.dll |
|---|---|
| diff_type | refcount,address,calling |
| ratio | 1.0 |
| i_ratio | 0.8 |
| m_ratio | 1.0 |
| b_ratio | 1.0 |
| match_types | ExactInstructionsFunctionHasher |
| Key | ntdsai_KB5065428_OLD.dll | ntdsai_KB5073723_NEW.dll |
|---|---|---|
| name | StringCchCopyW | StringCchCopyW |
| fullname | StringCchCopyW | StringCchCopyW |
refcount |
129 | 130 |
| length | 85 | 85 |
| called | StringCopyWorkerW | StringCopyWorkerW |
calling |
Expand for full list:DRSSetCredentials |
Expand for full list:DRSSetCredentials |
| paramcount | 3 | 3 |
address |
1800de9fc | 1800de9ac |
| sig | HRESULT __stdcall StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc) | HRESULT __stdcall StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc) |
| sym_type | Function | Function |
| sym_source | IMPORTED | IMPORTED |
| external | False | False |
--- StringCchCopyW calling
+++ StringCchCopyW calling
@@ -24 +24 @@
-FUN_180193c8c
+FUN_180193f3c
@@ -52,0 +53 @@
+LdapEnumConnectionsGenerated with ghidriff version: 1.0.0 on 2026-01-28T20:02:04