Rule out fixed infrastructure policy row as child header
This commit is contained in:
parent
3c09482b71
commit
1a0296ddd1
3 changed files with 32 additions and 3 deletions
|
|
@ -2960,6 +2960,12 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
|
|||
is no longer whether `0x55f2` is a fixed-format child lane; it is which of those two dword
|
||||
triplets correspond to the later child-count / primary-child restore state and which only seed
|
||||
published anchor or position bands.
|
||||
That split is now explicit too: direct disassembly of `0x00530720/0x0052e8b0` shows the first
|
||||
restored triplet landing in `[this+0x1e2/+0x1e6/+0x1ea]` while the second lands in
|
||||
`[this+0x4b/+0x4f/+0x53]`, with the companion setter forcing bit `0x02`. So the remaining
|
||||
infrastructure question is no longer whether the fixed `0x55f2` row hides the child count or
|
||||
saved primary-child ordinal at all. Those values now have to live outside the fixed row, most
|
||||
likely in the surrounding payload-stream header or compact-prefix regime above `0x0048dcf0`.
|
||||
The child loader family is explicit now too: local `.rdata` at `0x005cfd00` proves the
|
||||
`Infrastructure` child vtable uses the shared tagged callback strip directly, with
|
||||
`+0x40 = 0x00455fc0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`. So the remaining
|
||||
|
|
|
|||
|
|
@ -109,6 +109,13 @@ Working rule:
|
|||
asset row. So the next infrastructure question is no longer whether `0x55f2` is a fixed-format
|
||||
child lane; it is which of those two dword triplets correspond to child-count / primary-child
|
||||
restore state and which only seed published anchor or position bands.
|
||||
- That split is tighter now too: direct disassembly of `0x00530720/0x0052e8b0` shows the first
|
||||
fixed `0x55f2` triplet landing in `[this+0x1e2/+0x1e6/+0x1ea]` and the second in
|
||||
`[this+0x4b/+0x4f/+0x53]`, with the companion setter also forcing bit `0x02`. So the next
|
||||
infrastructure question is no longer whether the fixed `0x55f2` row hides the child count or
|
||||
primary-child ordinal at all; those outer-header values now have to live outside the fixed row,
|
||||
most likely in the surrounding payload-stream header or compact-prefix regime above
|
||||
`0x0048dcf0`.
|
||||
- Reconstruct the save-side region record body on top of the newly corrected non-direct tagged
|
||||
region seam (`0x5209/0x520a/0x520b`, stride hint `0x06`, `Marker09` record stems) now that the
|
||||
`0x55f3` payload is known to be fully consumed by the embedded profile collection on grounded
|
||||
|
|
@ -251,6 +258,9 @@ Working rule:
|
|||
matching `0x00455870/0x00455930` helper seam. That means the next pass can focus on which of the
|
||||
two restored dword triplets actually bridge into child-count / primary-child state instead of
|
||||
rediscovering the fixed `0x55f2` row shape.
|
||||
- The infrastructure trace now also carries the deeper `0x00530720/0x0052e8b0` bridge, so the next
|
||||
pass can focus on the outer payload-stream header and compact-prefix regimes instead of revisiting
|
||||
the fixed `0x55f2` six-dword row.
|
||||
- That same trace now also ranks those consumers into explicit hypotheses, so the next
|
||||
infrastructure pass should start with the attach/rebuild strip instead of treating all
|
||||
candidate owners as equally likely.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue