__int64 __fastcall PopCreateHiberFile(LARGE_INTEGER *a1){... RtlInitUnicodeSt

1. __int64 __fastcall PopCreateHiberFile(LARGE_INTEGER *a1)
2. {
3. ...
4. RtlInitUnicodeString(&Source, L"\hiberfil.sys");
5. ...
6. RtlAppendUnicodeStringToString(&Destination, &IoArcBootDeviceName);
7. RtlAppendUnicodeStringToString(&Destination, &Source);
8. ...
9. ObjectAttributes.RootDirectory = 0i64;
10. ObjectAttributes.Attributes = 576;
11. ObjectAttributes.ObjectName = &Destination;
12. ObjectAttributes.SecurityDescriptor = v5;
13. ObjectAttributes.SecurityQualityOfService = 0i64;
14. ret_2 = IoCreateFile(
15. &FileHandle,
16. 0x100003u,
17. &ObjectAttributes,
18. ...
19.  
20. NTSTATUS INIT_FUNCTION NTAPI IopCreateArcNames ( IN PLOADER_PARAMETER_BLOCK LoaderBlock )
21. ...
22. /* Create the global system partition name */
23. 63 sprintf(Buffer, "\ArcName\%s", LoaderBlock->ArcBootDeviceName);
24. 64 RtlInitAnsiString(&ArcString, Buffer);
25. 65 RtlAnsiStringToUnicodeString(&IoArcBootDeviceName, &ArcString, TRUE);
26. 66
27. 67 /* Allocate memory for the string */
28. 68 Length = strlen(LoaderBlock->ArcBootDeviceName) + sizeof(ANSI_NULL);
29. 69 IoLoaderArcBootDeviceName = ExAllocatePoolWithTag(PagedPool,
30. 70 Length,
31. 71 TAG_IO);
32. 72 if (IoLoaderArcBootDeviceName)
33. 73 {
34. 74 /* Copy the name */
35. 75 RtlCopyMemory(IoLoaderArcBootDeviceName,
36. 76 LoaderBlock->ArcBootDeviceName,
37. 77 Length);
38. 78 }
39.  
40. ...
41.  
42. 1405A9C15 4C 8B 4B 78 mov r9, [rbx+78h]
43. Patch #1 80
44.  
45. 1405A9C19 4C 8D 05 30 06+ lea r8, aArcnameS ; "\ArcName\%s"
46. 1405A9C20 48 8D 4C 24 40 lea rcx, [rsp+0D8h+pszDest] ; pszDest
47. 1405A9C25 48 8B D7 mov rdx, rdi ; cchDest
48. 1405A9C28 E8 E3 AE B6 FF call RtlStringCchPrintfA
49.  
50. ...
51. 1405A9C41 48 8D 0D C0 E7+ lea rcx, IoArcBootDeviceName ; DestinationString
52. 1405A9C48 41 B0 01 mov r8b, 1 ; AllocateDestinationString
53. 1405A9C4B E8 60 13 DB FF call RtlAnsiStringToUnicodeString
54. 1405A9C50 48 8B 7B 78 mov rdi, [rbx+78h]
55. Patch #2 80