RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION函數分析之創建一個RPCRT4!OSF

RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION函數分析之創建一個RPCRT4!OSF_CCALL--RPC源代碼分析

RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION函數分析之創建一個RPCRT4!OSF_CCALL

第一部分：
1: kd> p
RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION+0x167:
001b:77bf6957 393dec35c877??? cmp???? dword ptr [RPCRT4!gfRPCVerifierEnabled (77c835ec)],edi
1: kd> r
eax=0000015c ebx=007cf938 ecx=00ce1ad4 edx=00000000 esi=00ce1958 edi=00000000
eip=77bf6957 esp=007cf8c0 ebp=007cf8cc iopl=0???????? nv up ei pl nz na pe nc
cs=001b? ss=0023? ds=0023? es=0023? fs=003b? gs=0000???????????? efl=00000206
RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION+0x167:
001b:77bf6957 393dec35c877??? cmp???? dword ptr [RPCRT4!gfRPCVerifierEnabled (77c835ec)],edi ds:0023:77c835ec=00000000
1: kd> x RPCRT4!gfRPCVerifierEnabled
77c835ec????????? RPCRT4!gfRPCVerifierEnabled = 0n0

??????? else
??????????? {
??????????? CachedCCall = new (ClientInfo->SendContextSize+sizeof(PVOID))
?? ??? ??? ?OSF_CCALL(pStatus);
??????????? }

第二部分：
1: kd> p
RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION+0x184:
001b:77bf6974 e83a150200????? call??? RPCRT4!operator new (77c17eb3)
1: kd> p
RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION+0x189:
001b:77bf6979 3bc7??????????? cmp???? eax,edi
1: kd> r
eax=00ce1b98

第三部分：
1: kd> dt ccall 00ce1b98
RPCRT4!CCALL
?? +0x000 __VFN_table : 0xbaadf00d
?? +0x004 MagicLong??????? : 0xbaadf00d
?? +0x008 ObjectType?????? : 0n-1163005939
?? +0x00c RefCount???????? : INTERLOCKED_INTEGER
?? +0x010 NestingCall????? : 0xbaadf00d CALL
?? +0x014 pAsync?????????? : 0xbaadf00d _RPC_ASYNC_STATE
?? +0x018 NotificationIssued : 0n-1163005939
?? +0x01c AsyncStatus????? : 0n-1163005939
?? +0x020 CachedAPCInfo??? : RPC_APC_INFO
?? +0x030 CachedAPCInfoAvailable : 0n-1163005939
?? +0x034 CallingThread??? : 0xbaadf00d THREAD
?? +0x038 UuidSpecified??? : 0n-1163005939
?? +0x03c ObjectUuid?????? : _GUID {baadf00d-f00d-baad-0df0-adba0df0adba}
?? +0x04c EEInfo?????????? : 0xbaadf00d tagExtendedErrorInfo

第四部分：
1: kd> t
RPCRT4!OSF_CCALL::OSF_CCALL:
001b:77bf5662 55????????????? push??? ebp
1: kd> kc
?#
00 RPCRT4!OSF_CCALL::OSF_CCALL
01 RPCRT4!OSF_CCONNECTION::OSF_CCONNECTION
02 RPCRT4!OSF_CASSOCIATION::AllocateCCall
03 RPCRT4!OSF_BINDING_HANDLE::AllocateCCall
04 RPCRT4!OSF_BINDING_HANDLE::NegotiateTransferSyntax
05 RPCRT4!I_RpcGetBufferWithObject
06 RPCRT4!I_RpcGetBuffer
07 RPCRT4!NdrGetBuffer
08 RPCRT4!NdrClientCall2
09 ADVAPI32!LsarGetUserName
0a ADVAPI32!LsaGetUserName
0b ntdll!RtlpWaitOrTimerCallout

OSF_CCALL::OSF_CCALL (
??? RPC_STATUS __RPC_FAR * pStatus
??? ) : CallMutex(pStatus),
????? SyncEvent(pStatus, 0),
????? fAdvanceCallCount(0)
{
??? LogEvent(SU_CCALL, EV_CREATE, this);

??? ObjectType = OSF_CCALL_TYPE;
??? ReservedForSecurity = 0;
??? SecBufferLength = 0;
??? SavedHeaderSize = 0;
??? SavedHeader = 0;
??? InReply = 0;
??? EEInfo = NULL;
??? CachedAPCInfoAvailable = 1;
??? CallbackLevel = 0;

??? CallSendContext = (char *) this+sizeof(OSF_CCALL)+sizeof(PVOID);
??? *((PVOID *) ((char *) CallSendContext - sizeof(PVOID))) = (PVOID) this;
}

1: kd> dv
?????????? this = 00ce1b98
??????? pStatus = 0x007cf938

1: kd> p
RPCRT4!OSF_CCALL::OSF_CCALL+0x6c:
001b:77bf56ce 8d8638010000??? lea???? eax,[esi+138h]
1: kd> r
eax=00000000 ebx=00000001 ecx=00000000 edx=00000000 esi=00ce1b98

??? [+0x0c0] CallSendContext? : 0x0 [Type: void *]

第五部分：

? ObjectType = OSF_CCALL_TYPE;
??? ReservedForSecurity = 0;
??? SecBufferLength = 0;
??? SavedHeaderSize = 0;
??? SavedHeader = 0;
??? InReply = 0;
??? EEInfo = NULL;
??? CachedAPCInfoAvailable = 1;
??? CallbackLevel = 0;

1: kd> dt RPCRT4!OSF_CCALL 00ce1b98
?? +0x000 __VFN_table : 0x77bd3278
?? +0x004 MagicLong??????? : 0x89abcdef
?? +0x008 ObjectType?????? : 0n32?? ??? ??? ?ObjectType = OSF_CCALL_TYPE;
?? +0x00c RefCount???????? : INTERLOCKED_INTEGER
?? +0x010 NestingCall????? : 0xbaadf00d CALL
?? +0x014 pAsync?????????? : 0xbaadf00d _RPC_ASYNC_STATE
?? +0x018 NotificationIssued : 0n-1163005939
?? +0x01c AsyncStatus????? : 0n-1163005939
?? +0x020 CachedAPCInfo??? : RPC_APC_INFO
?? +0x030 CachedAPCInfoAvailable : 0n1
?? +0x034 CallingThread??? : 0xbaadf00d THREAD
?? +0x038 UuidSpecified??? : 0n-1163005939
?? +0x03c ObjectUuid?????? : _GUID {baadf00d-f00d-baad-0df0-adba0df0adba}
?? +0x04c EEInfo?????????? : (null)
?? +0x050 CurrentState???? : 0xbaadf00d (No matching name)
?? +0x054 Connection?????? : 0xbaadf00d OSF_CCONNECTION
?? +0x058 BindingHandle??? : 0xbaadf00d OSF_BINDING_HANDLE
?? +0x05c CallbackLevel??? : 0n0
?? +0x060 Bindings???????? : OSF_CCALL::__unnamed
?? +0x068 CurrentBuffer??? : 0xbaadf00d Void
?? +0x06c fDataLengthNegotiated : 0n-1163005939
?? +0x070 CurrentOffset??? : 0n-1163005939
?? +0x074 CurrentBufferLength : 0xbaadf00d
?? +0x078 CallId?????????? : 0xbaadf00d
?? +0x07c RcvBufferLength? : 0xbaadf00d
?? +0x080 FirstSend??????? : 0n-1163005939
?? +0x084 DispatchTableCallback : 0xbaadf00d RPC_DISPATCH_TABLE
?? +0x088 MaximumFragmentLength : 0xbaadf00d
?? +0x08c MaxSecuritySize? : 0xbaadf00d
?? +0x090 MaxDataLength??? : 0xbaadf00d
?? +0x094 ProcNum????????? : 0n-1163005939
?? +0x098 ReservedForSecurity : (null)
?? +0x09c SecBufferLength? : 0
?? +0x0a0 HeaderSize?????? : 0xbaadf00d
?? +0x0a4 AdditionalSpaceForSecurity : 0xbaadf00d
?? +0x0a8 SavedHeaderSize? : 0
?? +0x0ac SavedHeader????? : (null)
?? +0x0b0 LastBuffer?????? : 0xbaadf00d Void
?? +0x0b4 SyncEvent??????? : EVENT
?? +0x0b8 ActualBufferLength : 0xbaadf00d
?? +0x0bc NeededLength???? : 0xbaadf00d
?? +0x0c0 CallSendContext? : 0x00ce1cd0 Void
?? +0x0c4 fAdvanceCallCount : INTERLOCKED_INTEGER
?? +0x0c8 fPeerChoked????? : 0n-1163005939
?? +0x0cc Flags??????????? : CompositeFlags
?? +0x0d0 fLastSendComplete : 0n-1163005939
?? +0x0d4 CallMutex??????? : MUTEX
?? +0x0ec RecursiveCallsKey : 0n-1163005939
?? +0x0f0 AllocHint??????? : 0xbaadf00d
?? +0x0f4 CallStack??????? : 0n-1163005939
?? +0x0f8 fCallCancelled?? : 0n-1163005939
?? +0x0fc CancelState????? : 0xbaadf00d (No matching name)
?? +0x100 BufferQueue????? : QUEUE
?? +0x12c InReply????????? : 0n0
?? +0x130 fChoked????????? : 0n-1163005939

?? +0x0c0 CallSendContext? : 0x00ce1cd0 Void
? ?
1: kd> dd 00ce1b98+138
00ce1cd0? baadf00d baadf00d baadf00d baadf00d
00ce1ce0? baadf00d baadf00d baadf00d baadf00d

??? *((PVOID *) ((char *) CallSendContext - sizeof(PVOID))) = (PVOID) this;

1: kd> dd 00ce1b98+134
00ce1ccc? 00ce1b98

第六部分：

1: kd> dt osf_CConnection 00ce1958
RPCRT4!OSF_CCONNECTION
?? +0x000 __VFN_table : 0x77bd3994
?? +0x004 MagicLong??????? : 0x89abcdef
?? +0x008 ObjectType?????? : 0n128
?? +0x00c RefCount???????? : INTERLOCKED_INTEGER
?? +0x010 Association????? : 0x00ce1840 OSF_CASSOCIATION
?? +0x014 CurrentCall????? : 0xbaadf00d OSF_CCALL
?? +0x018 ConnectionKey??? : 0n-1
?? +0x01c State??????????? : 0 ( ConnUninitialized )
?? +0x020 WireAuthId?????? : 0 ''
?? +0x022 MaxFrag????????? : 0x200
?? +0x024 ThreadId???????? : 0xffffffff
?? +0x028 CachedCCallAvailable : 0n-1163005939
?? +0x02c MaxSavedHeaderSize : 0
?? +0x030 CachedCCall????? : 0x00ce1b98 OSF_CCALL

第七部分：

??? CachedCCallAvailable = 0;
??? CurrentCall = CachedCCall;
??? ConnectionReady = 0;

}

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/bicheng/77328.shtml
繁體地址，請注明出處：http://hk.pswp.cn/bicheng/77328.shtml
英文地址，請注明出處：http://en.pswp.cn/bicheng/77328.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！