NDRCContextUnmarshall断点函数分析之I_RpcBindingCopy函数的作用
第一部分:
void RPC_ENTRY
NDRCContextUnmarshall ( // process returned context
OUT NDR_CCONTEXT PAPI *phCContext,// stub context to update
IN RPC_BINDING_HANDLE hRPC, // binding handle to associate with
IN void PAPI *pBuff, // pointer to NDR wire format
IN unsigned long DataRepresentation // pointer to NDR data rep
)
// Update the users context handle from the servers NDR wire format.
//-----------------------------------------------------------------------//
{
......
RPC_BINDING_HANDLE hBindtemp ;
if( I_RpcBindingCopy(hRPC, &hBindtemp) != RPC_S_OK )
{
ASSERT( !RpcpCheckHeap() );
I_RpcFree( hCCtemp );
RpcRaiseException(RPC_S_OUT_OF_MEMORY);
}
I_RpcBindingCopy函数运行后,查看hBindtemp变量的值,有变化,变为0x007b9b60
类型为:rpcrt4!OSF_BINDING_HANDLE
1: kd> dv
phCContext = 0x0006fd00
hRPC = 0x007b7c38
pBuff = 0x007b0a50
DataRepresentation = 0x7b9b00
hBindtemp = 0x007b9b60
hCCtemp = 0x007b9b00
ThisThread = 0x007a35d8
1: kd> dt rpcrt4!OSF_BINDING_HANDLE 0x007b9b60
+0x000 __VFN_table : 0x77bd2e38
+0x004 MagicLong : 0x89abcdef
+0x008 ObjectType : 0n1048576
+0x00c RefCount : INTERLOCKED_INTEGER
+0x010 ObjectUuid : RPC_UUID
+0x020 Timeout : 5
+0x024 NullObjectUuidFlag : 1
+0x028 EntryNameSyntax : 0
+0x02c EntryName : (null)
+0x030 EpLookupHandle : (null)
+0x034 OptionsVector : (null)
+0x038 ClientAuthInfo : CLIENT_AUTH_INFO
+0x074 BindingMutex : MUTEX
+0x08c pvTransportOptions : (null)
+0x090 Association : 0x007b7d48 OSF_CASSOCIATION //第一处赋值
+0x094 DceBinding : (null)
+0x098 TransInfo : 0x007a3d78 TRANS_INFO //第二处赋值
+0x09c RecursiveCalls : OSF_RECURSIVE_ENTRY_DICT
+0x0b8 ReferenceCount : 1
+0x0bc pToken : (null)
+0x0c0 NPType : 3 ( nptRemoteStatic )
+0x0c4 TransAuthInitialized : 0n0
+0x0c8 fDynamicEndpoint : 0n0
1: kd> dx -id 0,0,8960abf0 -r1 ((RPCRT4!OSF_CASSOCIATION *)0x7b7d48)
((RPCRT4!OSF_CASSOCIATION *)0x7b7d48) : 0x7b7d48 [Type: OSF_CASSOCIATION *]
[+0x004] MagicLong : 0x89abcdef [Type: unsigned long]
[+0x008] ObjectType : 512 [Type: int]
[+0x00c] RefCount [Type: INTERLOCKED_INTEGER]
[+0x010] DceBinding : 0x7b7a38 [Type: DCE_BINDING *]
[+0x014] BindHandleCount [Type: INTERLOCKED_INTEGER]
[+0x018] AssocGroupId : 0xffc94b49 [Type: unsigned long]
[+0x01c] Bindings [Type: OSF_BINDING_DICT]
[+0x038] ActiveConnections [Type: OSF_CCONNECTION_DICT]
[+0x054] TransInfo : 0x7a3d78 [Type: TRANS_INFO *]
[+0x058] SecondaryEndpoint : 0x0 [Type: unsigned char *]
[+0x05c] Key : 1 [Type: int]
[+0x060] OpenConnectionCount : 0x1 [Type: unsigned int]
[+0x064] ConnectionsDoingBindCount : 0x0 [Type: unsigned int]
[+0x068] fPossibleServerReset : 0 [Type: int]
[+0x06c] MaintainContext : 0x1 [Type: unsigned int]
[+0x070] CallIdCounter : 0x2 [Type: unsigned long]
[+0x074] AssociationMutex [Type: MUTEX]
[+0x08c] AssociationValid : 1 [Type: int]
[+0x090] AssociationShutdownError : -1163005939 [Type: long]
[+0x094] DontLinger : 0 [Type: int]
[+0x098] ResolverHintInitialized : 0 [Type: int]
[+0x09c] fIdleConnectionCleanupNeeded : 0 [Type: int]
[+0x0a0] FailureCount : 0 [Type: int]
[+0x0a4] fMultiplex : mpx_unknown (0) [Type: MPX_TYPES]
[+0x0a8] SavedDrep : 0x10 [Type: unsigned long]
[+0x0ac] TokenDict [Type: RPC_TOKEN_DICT]
[+0x0c8] Linger [Type: OSF_CASSOCIATION::__unnamed::__unnamed]
[+0x0c8] NextAssociation : 0x0 [Type: OSF_CASSOCIATION *]
[+0x0d0] LocalMASet : 0 [Type: int]
1: kd> dx -id 0,0,8960abf0 -r1 ((RPCRT4!TRANS_INFO *)0x7a3d78)
((RPCRT4!TRANS_INFO *)0x7a3d78) : 0x7a3d78 [Type: TRANS_INFO *]
[+0x000] pTransportInterface : 0x77bece00 [Type: RPC_TRANSPORT_INTERFACE_HEADER *]
[+0x004] LoadableTrans : 0x7b0070 [Type: LOADABLE_TRANSPORT *]
[+0x008] RpcProtocolSequence [Type: unsigned short [257]]
第二部分:F:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx
Binding = new OSF_BINDING_HANDLE(&Status);
新建了一个对象。
Status = Binding->BINDING_HANDLE::Clone( this );
克隆了很多信息。
下面是两处赋值
Binding->Association = Association; //第一处赋值
Binding->TransInfo = TransInfo; //第二处赋值
然后把变量的值改变了一下,DestinationBinding为hBindtemp变量的地址
*DestinationBinding为hBindtemp变量的值。
*DestinationBinding = (BINDING_HANDLE *) Binding;
RPC_STATUS
OSF_BINDING_HANDLE::BindingCopy (
OUT BINDING_HANDLE * * DestinationBinding,
IN UINT MaintainContext
)
/*++
Routine Description:
We need to copy this binding handle. This is relatively easy to
do: we just need to point the copied binding handle to the same
association as this binding handle. We also need to tell the
association about the new binding handle.
Arguments:
DestinationBinding - Returns a copy of this binding handle.
MaintainContext - Supplies a flag that indicates whether or not context
is being maintained over this binding handle. A non-zero value
indicates that context is being maintained.
Return Value:
RPC_S_OUT_OF_MEMORY - This indicates that there is not enough memory
to allocate a new binding handle.
RPC_S_OK - We successfully copied this binding handle.
--*/
{
RPC_STATUS Status = RPC_S_OK;
OSF_BINDING_HANDLE * Binding;
RPC_UUID Uuid;
CLIENT_AUTH_INFO * AuthInfo;
Binding = new OSF_BINDING_HANDLE(&Status);
if ( Status != RPC_S_OK )
{
delete Binding;
Binding = 0;
}
if ( Binding == 0 )
{
*DestinationBinding = 0;
return(RPC_S_OUT_OF_MEMORY);
}
BindingMutex.Request();
Status = Binding->BINDING_HANDLE::Clone( this );
if (Status != RPC_S_OK)
{
delete Binding;
Binding = 0;
*DestinationBinding = 0;
BindingMutex.Clear();
return Status;
}
Binding->ClientAuthInfo.DefaultLogonId = ClientAuthInfo.DefaultLogonId;
Binding->NPType = NPType;
Binding->fDynamicEndpoint = fDynamicEndpoint;
if (pToken)
{
ASSERT(Association);
ASSERT(IsNamedPipe(NPType));
Association->ReferenceToken(pToken);
Binding->pToken = pToken;
FastCopyLUIDAligned(&(Binding->ClientAuthInfo.ModifiedId),
&(pToken->ModifiedId));
}
Binding->Association = Association;
if ( DceBinding != 0 )
{
ASSERT( MaintainContext == 0 );
Binding->DceBinding = DceBinding->DuplicateDceBinding();
}
else
{
Binding->DceBinding = 0;
}
Binding->TransInfo = TransInfo;
if ( Association != 0 )
{
Association->IncrementCount();
if ( MaintainContext != 0 )
{
Association->MaintainingContext();
}
}
BindingMutex.Clear();
*DestinationBinding = (BINDING_HANDLE *) Binding;
return(RPC_S_OK);
}
![[C++]C++工具之对异常情况的处理(throw、catch、try)以及用命名空间避免同名冲突](https://i-blog.csdnimg.cn/direct/b7960c80d26049f181852b9483e10048.png)
