Анализ потока из двоичного свойства для считывания структуры TZDEFINITION
В этом разделе показано, как считывать структуру TZDEFINITION из сохраненного формата, хранящегося в двоичном свойстве.
TZDEFINITION* BinToTZDEFINITION(ULONG cbDef, LPBYTE lpbDef)
{
if (!lpbDef) return NULL;
// Update this if parsing code is changed.
// This checks the size up to the flag member.
if (cbDef < 2*sizeof(BYTE) + 2*sizeof(WORD)) return NULL;
TZDEFINITION tzDef = {0};
TZRULE* lpRules = NULL;
LPBYTE lpPtr = lpbDef;
WORD cchKeyName = NULL;
WCHAR* szKeyName = NULL;
WORD i = 0;
BYTE bMajorVersion = *((BYTE*)lpPtr);
lpPtr += sizeof(BYTE);
BYTE bMinorVersion = *((BYTE*)lpPtr);
lpPtr += sizeof(BYTE);
// We only understand TZ_BIN_VERSION_MAJOR
if (TZ_BIN_VERSION_MAJOR != bMajorVersion) return NULL;
// We only understand if >= TZ_BIN_VERSION_MINOR
if (TZ_BIN_VERSION_MINOR > bMinorVersion) return NULL;
lpPtr += sizeof(WORD);
tzDef.wFlags = *((WORD*)lpPtr);
lpPtr += sizeof(WORD);
if (TZDEFINITION_FLAG_VALID_GUID & tzDef.wFlags)
{
if (lpbDef + cbDef - lpPtr < sizeof(GUID)) return NULL;
tzDef.guidTZID = *((GUID*)lpPtr);
lpPtr += sizeof(GUID);
}
if (TZDEFINITION_FLAG_VALID_KEYNAME & tzDef.wFlags)
{
if (lpbDef + cbDef - lpPtr < sizeof(WORD)) return NULL;
cchKeyName = *((WORD*)lpPtr);
lpPtr += sizeof(WORD);
if (cchKeyName)
{
if (lpbDef + cbDef - lpPtr < (BYTE)sizeof(WORD)*cchKeyName) return NULL;
szKeyName = (WCHAR*)lpPtr;
lpPtr += cchKeyName*sizeof(WORD);
}
}
if (lpbDef+ cbDef - lpPtr < sizeof(WORD)) return NULL;
tzDef.cRules = *((WORD*)lpPtr);
lpPtr += sizeof(WORD);
if (tzDef.cRules)
{
lpRules = new TZRULE[tzDef.cRules];
if (!lpRules) return NULL;
LPBYTE lpNextRule = lpPtr;
BOOL bRuleOK = false;