MSHTML!CPasteCommandPrependBitmapHeader(
VOID* poBitmapInfo,
UINT uBitmapInfoSize,
VOID** ppoBitmap,
UINT* uBitmapSize
):
uBitmapSize
72cf6985 8bff mov edi,edi
72cf6987 55 push ebp
72cf6988 8bec mov ebp,esp
72cf698a 51 push ecx
72cf698b 8b4d0c mov ecx,dword ptr [ebp+0Ch] larg1 = uBitmapInfoSize
72cf698e 8d45fc lea eax,[ebp-4] &uBitmapSize = &uBitmapSize
72cf6991 8365fc00 and dword ptr [ebp-4],0 uBitmapSize = 0
72cf6995 56 push esi
72cf6996 57 push edi
72cf6997 50 push eax larg3 = &uBitmapSize
72cf6998 6a0e push 0Eh
72cf699a 5a pop edx larg2 = 0xE
72cf699b e8fcd728ff call 71f8419c MSHTML!UIntAdd( uBitmapSize = uBitmapInfoSize + 0xE
uBitmapInfoSize,
0xE, hResult = error code on integer overflow
&uBitmapSize);
72cf69a0 8bf8 mov edi,eax hResult = hResult
72cf69a2 85ff test edi,edi if (hResult < 0) if (hResult < 0)
72cf69a4 7850 js 72cf69f6 goto return_error; return 0x8007000E;
72cf69a6 8b75fc mov esi,dword ptr [ebp-4] uBitmapSize = uBitmapSize
72cf69a9 56 push esi larg3 = uBitmapSize
72cf69aa 6a00 push 0 larg2 = 0
72cf69ac ff3510ccd972 push dword ptr [72d9cc10] larg1 = MSHTML!g_hProcessHeap
72cf69b2 e8eaa620ff call 71f010a1 poBitmap = MSHTML!HeapAlloc( poBitmap = HeapAlloc(g_hProcessHeap, 0, uBitmapSize);
MSHTML!g_hProcessHeap,
0,
uBitmapSize);
72cf69b7 8b4d10 mov ecx,dword ptr [ebp+10h] ppoBitmap = ppoBitmap
72cf69ba 8901 mov dword ptr [ecx],eax *(ppoBitmap) = poBitmap *ppoBitmap = poBitmap
72cf69bc 85c0 test eax,eax if (poBitmap == NULL) if (poBitmap == NULL)
72cf69be 7436 je 72cf69f6 goto return_error; return 0x8007000E;
72cf69c0 ff750c push dword ptr [ebp+0Ch] larg4 = uBitmapInfoSize
72cf69c3 b9424d0000 mov ecx,4D42h "BM" = 0x4D42
72cf69c8 897002 mov dword ptr [eax+2],esi poBitmap->BITMAPFILEHEADER.bfSize = uBitmapSize poBitmap->BITMAPFILEHEADER.bfSize = uBitmapSize
72cf69cb ff7508 push dword ptr [ebp+8] larg3 = poBitmapInfo
72cf69ce 668908 mov word ptr [eax],cx poBitmap->BITMAPFILEHEADER.bfType = "BM" poBitmap->BITMAPFILEHEADER.bfType = "BM"
72cf69d1 33c9 xor ecx,ecx 0 = 0
72cf69d3 ff750c push dword ptr [ebp+0Ch] larg2 = uBitmapInfoSize poBitmap->BITMAPFILEHEADER.bfReserved1 = 0
72cf69d6 894806 mov dword ptr [eax+6],ecx poBitmap->BITMAPFILEHEADER.bfReserved12 = 0 poBitmap->BITMAPFILEHEADER.bfReserved2 = 0
72cf69d9 c7400a36000000 mov dword ptr [eax+0Ah],36h poBitmap->BITMAPFILEHEADER.bfOffBits = 0x36 poBitmap->BITMAPFILEHEADER.bfOffBits = 0x36
72cf69e0 83c00e add eax,0Eh &(poBitmap.BITMAPINFO) = poBitmap + sizeof(BITMAPFILEHEADER)
72cf69e3 50 push eax larg1 = &oBitmapInfo
72cf69e4 ff159841dc72 call dword ptr [72dc4198] MSHTML!_imp__memcpy_s( memcpy_s(&(poBitmap->BITMAPINFO), uBitmapInfoSize, poBitmapInfo, uBitmapInfoSize)
&(poBitmap.BITMAPINFO),
uBitmapInfoSize,
poBitmapInfo,
uBitmapInfoSize);
72cf69ea 8b4514 mov eax,dword ptr [ebp+14h] puBitmapSize = puBitmapSize
72cf69ed 83c410 add esp,10h WTF!?
72cf69f0 8930 mov dword ptr [eax],esi *(puBitmapSize) = uBitmapSize *puBitmapSize = uBitmapSize
72cf69f2 8bc7 mov eax,edi hResult = hResult return s_OK;
72cf69f4 eb05 jmp 72cf69fb goto return;
return_error:
72cf69f6 b80e000780 mov eax,8007000Eh hResult = 0x8007000E
return:
72cf69fb 5f pop edi
72cf69fc 5e pop esi
72cf69fd 8be5 mov esp,ebp
72cf69ff 5d pop ebp
72cf6a00 c21000 ret 10h return hResult