当前位置：首页 > news >正文

NdrpPointerUnmarshallInternal函数分析之pStubMsg--pAllocAllNodesContext的由来

news 来源：原创 2025/4/29 11:13:47

第一部分：

       //
        // Check if this is an allocate all nodes pointer AND that we're
        // not already in an allocate all nodes context.
        //
        if ( ALLOCATE_ALL_NODES(pFormat[1]) && ! pStubMsg->pAllocAllNodesContext )
            {
            fNewAllocAllNodes = TRUE;

            pStubMsg->pAllocAllNodesContext =
                NdrpGetAllocateAllNodesContext(
                    pStubMsg,
                    pFormatPointee );

*ppMemory = 0;

fPointeeAlloc = TRUE;

第二部分：
0: kd> r
eax=000964fc
0: kd> p
RPCRT4!NdrpGetAllocateAllNodesContext+0x79:
001b:77c44694 c20800 ret 8
0: kd> p
RPCRT4!NdrpPointerUnmarshall+0x199:
001b:77c46538 894628 mov dword ptr [esi+28h],eax

0: kd> dx -id 0,0,8951a020 -r1 ((RPCRT4!_MIDL_STUB_MESSAGE *)0x6fae0)
((RPCRT4!_MIDL_STUB_MESSAGE *)0x6fae0)                 : 0x6fae0 [Type: _MIDL_STUB_MESSAGE *]
    [+0x000] RpcMsg           : 0x6fab4 [Type: _RPC_MESSAGE *]
    [+0x004] Buffer           : 0x7b0a54 : 0x5 [Type: unsigned char *]
    [+0x008] BufferStart      : 0x7b0a50 : 0x0 [Type: unsigned char *]
    [+0x00c] BufferEnd        : 0x7b0ab0 : 0xd [Type: unsigned char *]
    [+0x010] BufferMark       : 0x7b0a58 : 0x1e [Type: unsigned char *]
    [+0x014] BufferLength     : 0x2a [Type: unsigned long]
    [+0x018] MemorySize       : 0x0 [Type: unsigned long]
    [+0x01c] Memory           : 0x77d766e8 : 0xa8 [Type: unsigned char *]
    [+0x020] IsClient         : 1 [Type: int]
    [+0x024] ReuseBuffer      : 0 [Type: int]
    [+0x028] pAllocAllNodesContext : 0x0 [Type: NDR_ALLOC_ALL_NODES_CONTEXT *]

0: kd> r
eax=000964fc ebx=77d75382 ecx=77c44694 edx=0006fb90 esi=0006fae0 edi=0006fea8
eip=77c46538 esp=0006f9e4 ebp=0006f9f8 iopl=0         nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000206
RPCRT4!NdrpPointerUnmarshall+0x199:
001b:77c46538 894628          mov     dword ptr [esi+28h],eax ds:0023:0006fb08=00000000

第三部分：

0: kd> p
RPCRT4!NdrpPointerUnmarshall+0x19c:
001b:77c4653b 832700          and     dword ptr [edi],0
0: kd> dx -id 0,0,8951a020 -r1 ((RPCRT4!_MIDL_STUB_MESSAGE *)0x6fae0)
((RPCRT4!_MIDL_STUB_MESSAGE *)0x6fae0)                 : 0x6fae0 [Type: _MIDL_STUB_MESSAGE *]
    [+0x000] RpcMsg           : 0x6fab4 [Type: _RPC_MESSAGE *]
    [+0x004] Buffer           : 0x7b0a54 : 0x5 [Type: unsigned char *]
    [+0x008] BufferStart      : 0x7b0a50 : 0x0 [Type: unsigned char *]
    [+0x00c] BufferEnd        : 0x7b0ab0 : 0xd [Type: unsigned char *]
    [+0x010] BufferMark       : 0x7b0a58 : 0x1e [Type: unsigned char *]
    [+0x014] BufferLength     : 0x2a [Type: unsigned long]
    [+0x018] MemorySize       : 0x0 [Type: unsigned long]
    [+0x01c] Memory           : 0x77d766e8 : 0xa8 [Type: unsigned char *]
    [+0x020] IsClient         : 1 [Type: int]
    [+0x024] ReuseBuffer      : 0 [Type: int]
    [+0x028] pAllocAllNodesContext : 0x964fc [Type: NDR_ALLOC_ALL_NODES_CONTEXT *]

0: kd> dx -id 0,0,8951a020 -r1 ((RPCRT4!NDR_ALLOC_ALL_NODES_CONTEXT *)0x964fc)
((RPCRT4!NDR_ALLOC_ALL_NODES_CONTEXT *)0x964fc)                 : 0x964fc [Type: NDR_ALLOC_ALL_NODES_CONTEXT *]
    [+0x000] AllocAllNodesMemory : 0x96488 : 0x0 [Type: unsigned char *]
    [+0x004] AllocAllNodesMemoryBegin : 0x96488 : 0x0 [Type: unsigned char *]
    [+0x008] AllocAllNodesMemoryEnd : 0x964fc : 0x88 [Type: unsigned char *]