char __fastcall MmisAddressValid_win10(unsigned __int64 address, _QWORD *ppte_Va_1, _QWORD *ppte_val_1)
{
  _QWORD *ppte_val_2; // rbp
  _QWORD *ppte_Va; // r12
  unsigned __int64 address_1; // rsi
  char valid; // di
  unsigned __int64 cr3; // rcx
  __int64 pte_pa; // rbx
  unsigned __int64 v10; // [rsp+20h] [rbp-38h]
  unsigned __int64 v11; // [rsp+28h] [rbp-30h]
  __int64 pte_val; // [rsp+60h] [rbp+8h]
  unsigned __int64 v13; // [rsp+78h] [rbp+20h]

  ppte_val_2 = ppte_val_1;
  ppte_Va = ppte_Va_1;
  address_1 = address;
  valid = 0;
  cr3 = __readcr3();
  if ( ReadPa(((address_1 >> 36) & 0xFF8) + (((cr3 >> 12) & 0xFFFFFFFFFi64) << 12), 8i64, (__int64)&v13) == 8 )
  {
    if ( v13 & 1 )
    {
      if ( ReadPa(((address_1 >> 27) & 0xFF8) + (((v13 >> 12) & 0xFFFFFFFFFi64) << 12), 8i64, (__int64)&v10) == 8 )
      {
        if ( v10 & 1 )
        {
          if ( (v10 & 0x80u) == 0i64
            && ReadPa(((address_1 >> 18) & 0xFF8) + (((v10 >> 12) & 0xFFFFFFFFFi64) << 12), 8i64, (__int64)&v11) == 8 )
          {
            if ( v11 & 1 )
            {
              if ( (v11 & 0x80u) == 0i64 )
              {
                pte_pa = ((address_1 >> 9) & 0xFF8) + (((v11 >> 12) & 0xFFFFFFFFFi64) << 12);
                if ( ReadPa(pte_pa, 8i64, (__int64)&pte_val) == 8 )
                {
                  if ( pte_val & 1 )
                  {
                    valid = 1;
                    *ppte_Va = MmGetVirtualForPhysical(pte_pa);
                    *ppte_val_2 = pte_val;
                  }
                }
              }
            }
          }
        }
      }
    }
  }
  return valid;
}

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据