SHELL32!ILCombine函数分析之连接两个idl

SHELL32!ILCombine函数分析之连接两个idl

第一部分：

STDAPI_(LPITEMIDLIST) ILCombine(LPCITEMIDLIST pidl1, LPCITEMIDLIST pidl2)
{
    // Let me pass in NULL pointers
    if (!pidl1)
    {
        if (!pidl2)
        {
            return NULL;
        }
        return ILClone(pidl2);
    }
    else if (!pidl2)
    {
        return ILClone(pidl1);
    }

    UINT cb1 = ILGetSize(pidl1) - sizeof(pidl1->mkid.cb);
    UINT cb2 = ILGetSize(pidl2);

    VALIDATE_PIDL(pidl1);
    VALIDATE_PIDL(pidl2);
    LPITEMIDLIST pidlNew = _ILCreate(cb1 + cb2);
    if (pidlNew)
    {
        CopyMemory(pidlNew, pidl1, cb1);
        CopyMemory((LPTSTR)(((LPBYTE)pidlNew) + cb1), pidl2, cb2);
        ASSERT(ILGetSize(pidlNew) == cb1+cb2);
    }

    return pidlNew;
}

第二部分：

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
 
0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x118770)
((SHELL32!_ITEMIDLIST *)0x118770)                 : 0x118770 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x118770))
(*((SHELL32!_SHITEMID *)0x118770))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x14 [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]
0: kd> db 0x118770
00118770  14 00 1f 50 e0 4f d0 20-ea 3a 69 10 a2 d8 08 00  ...P.O. .:i.....
00118780  2b 30 30 9d 19 00 2f 43-3a 5c 00 00 00 00 00 00  +00.../C:\......
00118790  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................

第三部分：
0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0

0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x10f8a0)
((SHELL32!_ITEMIDLIST *)0x10f8a0)                 : 0x10f8a0 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x10f8a0))
(*((SHELL32!_SHITEMID *)0x10f8a0))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x5e [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]
0: kd> db 0x10f8a0
0010f8a0  5e 00 32 00 00 00 00 00-54 5a b6 3c 20 00 4e 45  ^.2.....TZ.< .NE
0010f8b0  57 54 45 58 7e 31 2e 54-58 54 00 00 42 00 03 00  WTEX~1.TXT..B...
0010f8c0  04 00 ef be 54 5a a4 3c-54 5a b6 3c 14 00 00 00  ....TZ.<TZ.<....
0010f8d0  4e 00 65 00 77 00 20 00-54 00 65 00 78 00 74 00  N.e.w. .T.e.x.t.
0010f8e0  20 00 44 00 6f 00 63 00-75 00 6d 00 65 00 6e 00   .D.o.c.u.m.e.n.
0010f8f0  74 00 2e 00 74 00 78 00-74 00 00 00 1c 00 00 00  t...t.x.t.......
0010f900  04 00 0d 00 db 01 08 00-4d 00 79 00 20 00 43 00  ........M.y. .C.

第四部分：    UINT cb1 = ILGetSize(pidl1) - sizeof(pidl1->mkid.cb);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0

            cb1 = 0x2d                //cb1 = 0x2d= 0x2f-0x2        UINT cb1 = ILGetSize(pidl1) - sizeof(pidl1->mkid.cb);

第五部分：    UINT cb2 = ILGetSize(pidl2);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
            cb2 = 0x60
            cb1 = 0x2d

第六部分：
    VALIDATE_PIDL(pidl1);
    VALIDATE_PIDL(pidl2);
    LPITEMIDLIST pidlNew = _ILCreate(cb1 + cb2);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
            cb2 = 0x60
            cb1 = 0x2d
        pidlNew = 0x00118770

  0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x118770)
((SHELL32!_ITEMIDLIST *)0x118770)                 : 0x118770 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x118770))
(*((SHELL32!_SHITEMID *)0x118770))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x0 [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]

第七部分：        CopyMemory(pidlNew, pidl1, cb1);

0: kd> dv
          pidl1 = 0x00111198
          pidl2 = 0x0010f8a0
            cb2 = 0x60
            cb1 = 0x2d
        pidlNew = 0x00118770

0: kd> dx -id 0,0,89589d88 -r1 ((SHELL32!_ITEMIDLIST *)0x118770)
((SHELL32!_ITEMIDLIST *)0x118770)                 : 0x118770 [Type: _ITEMIDLIST *]
    [+0x000] mkid             [Type: _SHITEMID]
0: kd> dx -id 0,0,89589d88 -r1 (*((SHELL32!_SHITEMID *)0x118770))
(*((SHELL32!_SHITEMID *)0x118770))                 [Type: _SHITEMID]
    [+0x000] cb               : 0x14 [Type: unsigned short]
    [+0x002] abID             [Type: unsigned char [1]]
0: kd> db 0x118770
00118770  14 00 1f 50 e0 4f d0 20-ea 3a 69 10 a2 d8 08 00  ...P.O. .:i.....
00118780  2b 30 30 9d 19 00 2f 43-3a 5c 00 00 00 00 00 00  +00.../C:\......
00118790  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
001187a0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
001187b0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
001187c0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
001187d0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
001187e0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................

第八部分：                CopyMemory((LPTSTR)(((LPBYTE)pidlNew) + cb1), pidl2, cb2);

0: kd> p
SHELL32!ILCombine+0x162:
001b:77325c3c 50              push    eax
0: kd> db 0x118770
00118770  14 00 1f 50 e0 4f d0 20-ea 3a 69 10 a2 d8 08 00  ...P.O. .:i.....
00118780  2b 30 30 9d 19 00 2f 43-3a 5c 00 00 00 00 00 00  +00.../C:\......
00118790  00 00 00 00 00 00 00 00-00 00 00 00 00 5e 00 32  .............^.2
001187a0  00 00 00 00 00 54 5a b6-3c 20 00 4e 45 57 54 45  .....TZ.< .NEWTE
001187b0  58 7e 31 2e 54 58 54 00-00 42 00 03 00 04 00 ef  X~1.TXT..B......
001187c0  be 54 5a a4 3c 54 5a b6-3c 14 00 00 00 4e 00 65  .TZ.<TZ.<....N.e
001187d0  00 77 00 20 00 54 00 65-00 78 00 74 00 20 00 44  .w. .T.e.x.t. .D
001187e0  00 6f 00 63 00 75 00 6d-00 65 00 6e 00 74 00 2e  .o.c.u.m.e.n.t..
0: kd> db 0x1187f0
001187f0  00 74 00 78 00 74 00 00-00 1c 00 00 00 01 08 00  .t.x.t..........