/*++ Module Name: common.cxx Abstract: Author: Jeff Roberts (jroberts) 13-May-1996 Revision History: 13-May-1996 jroberts Created this module. --*/ #include #include #define private public #define protected public #include #include #include #include #include #define SECURITY_WIN32 #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include //#include #include #include "memory.hxx" #include #include #include #include #include extern "C" { #define SCONNECTION TSCONNECTION #include "common.h" } #define ALLOC_SIZE 500 #define MAX_ARGS 4 // // stuff not common to kernel-mode and user-mode DLLs // #include "local.hxx" void do_dump_osfbh (DWORD dwAddr); void do_dump_osfca (DWORD dwAddr); void do_dump_dcebinding (DWORD dwAddr); void do_dump_osfcc (DWORD dwAddr); void do_dump_osfaddr (DWORD dwAddr); void do_dump_osfsc (DWORD dwAddr); void do_dump_osfassoc (DWORD dwAddr); void do_dump_rpcsvr (DWORD dwAddr); void do_dump_lpc_addr (DWORD dwAddr); void do_dump_lpc_assoc (DWORD dwAddr); void do_dump_lpc_scall (DWORD dwAddr); void do_dump_lpc_ccall (DWORD dwAddr); void do_dump_lpc_bh (DWORD dwAddr); void do_dump_lpc_ca (DWORD dwAddr); void do_dump_rpcmem (DWORD dwAddr, long lDisplay); void do_dump_rpc_msg (DWORD dwAddr); void do_dump_paddr (DWORD dwAddr) ; void do_dump_tsc (DWORD dwAddr) ; void do_dump_transsc (DWORD dwAddr) ; VOID dump_dgpe( DG_PACKET_ENGINE * dgpe ); VOID dump_dgcc( DG_CCALL * dgcc ); VOID dump_dgsc( DG_SCALL * dgsc ); VOID dump_dg_packet( PDG_PACKET p ); VOID dump_dg_packet_header( PNCA_PACKET_HEADER h ); // define our own operators new and delete, so that we do not have to include the crt void * _CRTAPI1 ::operator new(unsigned int dwBytes) { void *p; p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwBytes); return (p); } void _CRTAPI1 ::operator delete (void *p) { HeapFree(GetProcessHeap(), 0, p); } #define MAX_MESSAGE_BLOCK_SIZE 1024 #define BLOCK_SIZE 16 RPC_CHAR * ReadProcessRpcChar( unsigned short * Address ) { DWORD dwAddr = (DWORD) Address; char block[BLOCK_SIZE]; RPC_CHAR *RpcBlock = (RPC_CHAR *)█ char *string_block = new char[MAX_MESSAGE_BLOCK_SIZE]; RPC_CHAR *RpcString = (RPC_CHAR *)string_block; int length = 0; int i = 0; BOOL b; BOOL end = FALSE; if (dwAddr == NULL) { return (L'\0'); } for (length = 0; length < MAX_MESSAGE_BLOCK_SIZE/2; ) { b = GetData( dwAddr, &block, BLOCK_SIZE, NULL); if (b == FALSE) { dprintf("couldn't read address %x\n", dwAddr); return (L'\0'); } for (i = 0; i < BLOCK_SIZE/2; i++) { if (RpcBlock[i] == L'\0') { end = TRUE; } RpcString[length] = RpcBlock[i]; length++; } if (end == TRUE) { break; } dwAddr += BLOCK_SIZE; } return (RpcString); } long myatol(char *string) { int i = 0; BOOL minus = FALSE; long number = 0; long tmpnumber = 0 ; long chknum; if (string[0] == '-') { minus = TRUE; i++; } else if (string[0] == '+') { i++; } for (; string[i] != '\0'; i++) { if ((string[i] >= '0')&&(string[i] <= '9')) { tmpnumber = string[i] - '0'; if (number != 0) { chknum = LONG_MAX/number; } if (chknum > 11) { number = number*10 + tmpnumber; } } else return 0; } if (minus == TRUE) { number = 0 - number; } return number; } // checks the if the uuid is null, prints the uuid void PrintUuid(UUID *Uuid) { unsigned long PAPI * Vector; Vector = (unsigned long PAPI *) Uuid; if ( (Vector[0] == 0) && (Vector[1] == 0) && (Vector[2] == 0) && (Vector[3] == 0)) { dprintf("(Null Uuid)"); } else { dprintf("%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", Uuid->Data1, Uuid->Data2, Uuid->Data3, Uuid->Data4[0], Uuid->Data4[1], Uuid->Data4[2], Uuid->Data4[3], Uuid->Data4[4], Uuid->Data4[5], Uuid->Data4[6], Uuid->Data4[7] ); } return; } VOID do_dump_tsc( DWORD dwAddr ) { BOOL b; char block[sizeof(TSCONNECTION)]; TSCONNECTION *ps = (TSCONNECTION *)█ b = GetData(dwAddr, &block, sizeof(TSCONNECTION), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("ConnSock\t\t\t- %d\n", ps->ConnSock); dprintf("ConnSockClosed\t\t\t- %d\n", ps->ConnSockClosed) ; dprintf("Address\t\t\t\t- 0x%x\n", ps->Address); dprintf("ReceiveDirectFlag\t\t- %d\n", ps->ReceiveDirectFlag); dprintf("CoalescedBuffer\t\t\t- 0x%x\n", ps->CoalescedBuffer); dprintf("CoalescedBufferLength\t\t- %d\n", ps->CoalescedBufferLength); dprintf("ProtocolId\t\t\t- %d\n", ps->ProtocolId); dprintf("old_client\t\t\t- %d\n", ps->old_client); dprintf("seq_num\t\t\t\t- %d\n", ps->seq_num); dprintf("\n"); } VOID dump_client_auth_info( CLIENT_AUTH_INFO * authInfo ) { RPC_CHAR *ServerPrincipalName; ServerPrincipalName = ReadProcessRpcChar( authInfo->ServerPrincipalName); dprintf(" ServerPrincipalName - %ws (Address: 0x%x)\n", ServerPrincipalName, authInfo->ServerPrincipalName); switch (authInfo->AuthenticationLevel) { case RPC_C_AUTHN_LEVEL_DEFAULT: dprintf(" AuthenticationLevel - default\n"); break; case RPC_C_AUTHN_LEVEL_NONE: dprintf(" AuthenticationLevel - none\n"); break; case RPC_C_AUTHN_LEVEL_CONNECT: dprintf(" AuthenticationLevel - connect\n"); break; case RPC_C_AUTHN_LEVEL_CALL: dprintf(" AuthenticationLevel - call\n"); break; case RPC_C_AUTHN_LEVEL_PKT: dprintf(" AuthenticationLevel - pkt\n"); break; case RPC_C_AUTHN_LEVEL_PKT_INTEGRITY: dprintf(" AuthenticationLevel - pkt integrity\n"); break; case RPC_C_AUTHN_LEVEL_PKT_PRIVACY: dprintf(" AuthenticationLevel - pkt privacy\n"); break; default: dprintf(" AuthenticationLevel - %ul\n", authInfo->AuthenticationLevel); break; } switch (authInfo->AuthenticationService) { case RPC_C_AUTHN_NONE: dprintf(" AuthenticationService - none\n"); break; case RPC_C_AUTHN_DCE_PRIVATE: dprintf(" AuthenticationService - DCE private\n"); break; case RPC_C_AUTHN_DCE_PUBLIC: dprintf(" AuthenticationService - DCE public\n"); break; case RPC_C_AUTHN_DEC_PUBLIC: dprintf(" AuthenticationService - DEC public\n"); break; case RPC_C_AUTHN_WINNT: dprintf(" AuthenticationService - WINNT\n"); break; case RPC_C_AUTHN_DEFAULT: dprintf(" AuthenticationService - default\n"); break; default: dprintf(" AuthenticationService - %ul\n", authInfo->AuthenticationService); break; } dprintf(" AuthIdentity - %08x\n", authInfo->AuthIdentity); switch (authInfo->AuthorizationService) { case RPC_C_AUTHZ_NONE: dprintf(" AuthorizationService - none\n"); break; case RPC_C_AUTHZ_NAME: dprintf(" AuthorizationService - name\n"); break; case RPC_C_AUTHZ_DCE: dprintf(" AuthorizationService - DCE\n"); break; default: dprintf(" AuthorizationService - %ul\n", authInfo->AuthorizationService); break; } if (ServerPrincipalName) { delete[] ServerPrincipalName; } } VOID do_dump_client_auth_info( DWORD dwAddr ) { BOOL b; char block[sizeof(CLIENT_AUTH_INFO)]; b = GetData(dwAddr, &block, sizeof(CLIENT_AUTH_INFO), NULL); if (!b) { dprintf("couldn't read address 0x%08x\n", dwAddr); return; } dump_client_auth_info( (CLIENT_AUTH_INFO *) &block ); } VOID do_dump_osfbh( DWORD dwAddr ) { BOOL b; char block[sizeof(OSF_BINDING_HANDLE)]; char block2[sizeof(RPC_CLIENT_TRANSPORT_INFO)]; OSF_BINDING_HANDLE * osfbh = (OSF_BINDING_HANDLE *)█ RPC_CLIENT_TRANSPORT_INFO * transportInterface = (RPC_CLIENT_TRANSPORT_INFO *)&block2; RPC_CHAR *EntryName; b = GetData(dwAddr, &block, sizeof(OSF_BINDING_HANDLE), NULL); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } b = GetData( (DWORD) osfbh->TransportInterface, &block2, sizeof(RPC_CLIENT_TRANSPORT_INFO), NULL); if ( !b ) { dprintf("couldn't read address %x\n", osfbh->TransportInterface); return; } EntryName = ReadProcessRpcChar( osfbh->EntryName); dprintf("\n"); dprintf("pAssociation(OSF_CASSOCIATION) - 0x%x\n", osfbh->Association); dprintf("pDceBinding(DCE_BINDING) - 0x%x\n", osfbh->DceBinding); dprintf("pTransportInterface(RPC_CLIENT_TRANSPORT_INFO) - 0x%x\n", osfbh->TransportInterface); dprintf(" TransInterfaceVersion - %u\n", transportInterface->TransInterfaceVersion); dprintf(" MaximumPacketSize - %u\n", transportInterface->MaximumPacketSize); dprintf(" SizeOfConnection - %u\n", transportInterface->SizeOfConnection); dprintf(" TransId - %u\n", transportInterface->TransId); dprintf("&ActiveConnections(OSF_ACTIVE_ENTRY_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_BINDING_HANDLE, ActiveConnections))); dprintf("&BindingMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_BINDING_HANDLE, BindingMutex))); dprintf("ReferenceCount - %u\n", osfbh->ReferenceCount); dprintf("Timeout - %u\n", osfbh->Timeout); dprintf("ObjectUuid - "); PrintUuid(&(osfbh->ObjectUuid.Uuid)); dprintf("\n"); dprintf("NullObjectUuidFlag - %u\n", osfbh->NullObjectUuidFlag); dprintf("EntryName - %ws (Address: 0x%x)\n", EntryName, osfbh->EntryName); dprintf("ClientAuthInfo - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_BINDING_HANDLE, ClientAuthInfo))); dump_client_auth_info( &osfbh->ClientAuthInfo ); dprintf("\n"); if (EntryName) { delete[] EntryName; } } VOID do_dump_osfca( DWORD dwAddr ) { BOOL b; char block[sizeof(OSF_CASSOCIATION)]; char block2[sizeof(RPC_CLIENT_TRANSPORT_INFO)]; OSF_CASSOCIATION * osfca = (OSF_CASSOCIATION *)█ RPC_CLIENT_TRANSPORT_INFO * transportInterface = (RPC_CLIENT_TRANSPORT_INFO *)&block2; b = GetData(dwAddr, &block, sizeof(OSF_CASSOCIATION), NULL); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } b = GetData( (DWORD) osfca->RpcClientInfo, &block2, sizeof(RPC_CLIENT_TRANSPORT_INFO), NULL); if ( !b ) { dprintf("couldn't read address %x\n", osfca->RpcClientInfo); return; } dprintf("\n"); dprintf("pDceBinding(DCE_BINDING) - 0x%x\n", osfca->DceBinding); dprintf("BindHandleCount - %d\n", osfca->BindHandleCount); dprintf("&Bindings(OSF_BINDING_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CASSOCIATION, Bindings))); dprintf("&FreeConnections(OSF_CCONNECTION_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CASSOCIATION, FreeConnections))); dprintf("AssocGroupId - %u\n", osfca->AssocGroupId); #ifdef WIN dprintf("TaskId - %u\n", osfca->TaskId); #endif dprintf("pRpcClientInfo(RPC_CLIENT_TRANSPORT_INFO) - 0x%x\n", osfca->RpcClientInfo); dprintf(" TransInterfaceVersion - %u\n", transportInterface->TransInterfaceVersion); dprintf(" MaximumPacketSize - %u\n", transportInterface->MaximumPacketSize); dprintf(" SizeOfConnection - %u\n", transportInterface->SizeOfConnection); dprintf(" TransId - %u\n", transportInterface->TransId); dprintf("Key - %d\n", osfca->Key); dprintf("OpenConnectionCount - %u\n", osfca->OpenConnectionCount); dprintf("MaintainContext - %u\n", osfca->MaintainContext); dprintf("CallIdCounter - %d\n", osfca->CallIdCounter); dprintf("&AssociationMutex - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CASSOCIATION, AssociationMutex))); dprintf("\n"); } VOID do_dump_dcebinding( DWORD dwAddr ) { RPC_STATUS RpcStatus; BOOL b; char block[sizeof(DCE_BINDING)]; DCE_BINDING * DceBinding = (DCE_BINDING *)█ RPC_CHAR *RpcProtocolSequence; RPC_CHAR *NetworkAddress; RPC_CHAR *Endpoint; RPC_CHAR *Options; b = GetData(dwAddr, &block, sizeof(DCE_BINDING), NULL); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } RpcProtocolSequence = ReadProcessRpcChar( DceBinding->RpcProtocolSequence); NetworkAddress = ReadProcessRpcChar( DceBinding->NetworkAddress); Endpoint = ReadProcessRpcChar( DceBinding->Endpoint); Options = ReadProcessRpcChar( DceBinding->Options); dprintf("\n"); dprintf("ObjectUuid - "); PrintUuid(&(DceBinding->ObjectUuid.Uuid)); dprintf("\n"); dprintf("RpcProtocolSequence - %ws (Address: 0x%x)\n", RpcProtocolSequence, DceBinding->RpcProtocolSequence); dprintf("NetworkAddress - %ws (Address: 0x%x)\n", NetworkAddress, DceBinding->NetworkAddress); dprintf("Endpoint - %ws (Address: 0x%x)\n", Endpoint, DceBinding->Endpoint); dprintf("Options - %ws (Address: 0x%x)\n", Options, DceBinding->Options); dprintf("\n"); if (RpcProtocolSequence) { delete[] RpcProtocolSequence; } if (NetworkAddress) { delete[] NetworkAddress; } if (Endpoint) { delete[] Endpoint; } if (Options) { delete[] Options; } } VOID do_dump_osfcc( DWORD dwAddr ) { BOOL b; char block[sizeof(OSF_CCONNECTION)]; OSF_CCONNECTION * osfcc = (OSF_CCONNECTION *)█ b = GetData(dwAddr, &block, sizeof(OSF_CCONNECTION), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("MaxFrag - %d\n", osfcc->MaxFrag); dprintf("&Bindings(BITSET) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CCONNECTION, Bindings))); dprintf("AssociationKey - %d\n", osfcc->AssociationKey); dprintf("pCurrentBinding(OSF_BINDING_HANDLE) - 0x%x\n", osfcc->CurrentBinding); dprintf("CallId - %u\n", osfcc->CallId); dprintf("DataRep - %u\n", osfcc->DataRep); dprintf("CallStack - %d\n", osfcc->CallStack); dprintf("PresentationContext - %u\n", osfcc->PresentationContext); dprintf("pDispatchTableCallback(RPC_DISPATCH_TABLE)- 0x%x\n", osfcc->DispatchTableCallback); dprintf("ConnectionAbortedFlag - %d\n", osfcc->ConnectionAbortedFlag); dprintf("pAssociation(OSF_CASSOCIATION) - 0x%x\n", osfcc->Association); dprintf("ClientAuthInfo - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CCONNECTION, AuthInfo))); dump_client_auth_info(&osfcc->AuthInfo); dprintf("&ClientSecurityContext(CSECURITY_CONTEXT) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CCONNECTION, ClientSecurityContext))); dprintf("ThirdLegAuthNeeded - %u\n", osfcc->ThirdLegAuthNeeded); dprintf("TokenLength - %u\n", osfcc->TokenLength); dprintf("AdditionalSpaceForSecurity - %u\n", osfcc->AdditionalSpaceForSecurity); dprintf("LastTimeUsed - %u\n", osfcc->LastTimeUsed); dprintf("pFirstCachedBuffer(VOID) - 0x%x\n", osfcc->FirstCachedBuffer); dprintf("pSecondCachedBuffer(VOID) - 0x%x\n", osfcc->SecondCachedBuffer); dprintf("BufferCacheFlags - %u\n", osfcc->BufferCacheFlags); dprintf("AlertMsgsSent - %u\n", osfcc->AlertMsgsSent); dprintf("SavedHeaderSize - %u\n", osfcc->SavedHeaderSize); dprintf("pSavedHeader(VOID) - 0x%x\n", osfcc->SavedHeader); dprintf("PendingAlert - %d\n", osfcc->PendingAlert); dprintf("&DceSecurityInfo(DCE_SECURITY_INFO) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_CCONNECTION, DceSecurityInfo))); dprintf(" SendSequenceNumber - %u\n", osfcc->DceSecurityInfo.SendSequenceNumber); dprintf(" ReceiveSequenceNumber - %u\n", osfcc->DceSecurityInfo.ReceiveSequenceNumber); dprintf(" AssociationUuid - "); PrintUuid(&(osfcc->DceSecurityInfo.AssociationUuid)); dprintf("\n"); dprintf("OutstandingBuffers - %d\n", osfcc->OutstandingBuffers); dprintf("ActiveConnectionsKey - %d\n", osfcc->ActiveConnectionsKey); dprintf("\n"); } VOID do_dump_paddr( DWORD dwAddr ) { BOOL b; char block[sizeof(PRIMARYADDR)]; PPRIMARYADDR pa = (PPRIMARYADDR)█ b = GetData(dwAddr, &block, sizeof(PRIMARYADDR), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("NumConnections\t\t\t- %d\n", pa->NumConnections); dprintf("SyncListenSock\t\t\t- %d\n", pa->SyncListenSock) ; dprintf("SyncSock\t\t\t- %d\n", pa->SyncSock) ; dprintf("SyncClient\t\t\t- %d\n", pa->SyncClient); dprintf("SyncPort\t\t\t- %d\n", pa->SyncPort); dprintf("SyncSockType\t\t\t- %d\n", pa->SyncSockType); dprintf("MaskSize\t\t\t- %d\n", pa->MaskSize); dprintf("MasterMask\t\t\t- 0x%x\n", pa->MasterMask); dprintf("Mask\t\t\t\t- 0x%x\n", pa->Mask); dprintf("DataSockMap\t\t\t- 0x%x\n", pa->DataSockMap); dprintf("ListenSockMap\t\t\t- 0x%x\n", pa->ListenSockMap); dprintf("DataMapInfo.MaxEntries\t\t- %d\n", pa->DataMapInfo.MaxEntries); dprintf("ListenMapInfo.MaxEntries\t- %d\n", pa->ListenMapInfo.MaxEntries); dprintf("PreviousMask\t\t\t- 0x%x\n", pa->PreviousMask) ; dprintf("PreviousDataMap\t\t\t- 0x%x\n", pa->PreviousDataMap) ; dprintf("PreviousListenMap\t\t- 0x%x\n", pa->PreviousListenMap) ; dprintf("RecvDirectPossible\t\t- %d\n", pa->RecvDirectPossible) ; dprintf("ThreadListening\t\t\t- %d\n", pa->ThreadListening) ; dprintf("&TransCritSec\t\t\t- 0x%x\n", &(pa->TransCritSec)) ; dprintf("\n"); } VOID do_dump_osfaddr( DWORD dwAddr ) { BOOL b; char block[sizeof(OSF_ADDRESS)]; OSF_ADDRESS * osfa = (OSF_ADDRESS *)█ RPC_CHAR *Endpoint; RPC_CHAR *RpcProtocolSequence; RPC_CHAR *NetworkAddress; b = GetData(dwAddr, &block, sizeof(OSF_ADDRESS), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } Endpoint = ReadProcessRpcChar( osfa->Endpoint); RpcProtocolSequence = ReadProcessRpcChar( osfa->RpcProtocolSequence); NetworkAddress = ReadProcessRpcChar( osfa->lNetworkAddress); dprintf("\n"); dprintf("pServer(RPC_SERVER) - 0x%x\n", osfa->Server); dprintf("&AddressMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_ADDRESS, AddressMutex))); dprintf("Endpoint - %ws\n", Endpoint); dprintf("RpcProtocolSequence - %ws\n", RpcProtocolSequence); dprintf("NetworkAddress - %ws\n", NetworkAddress); dprintf("StaticEndpointFlag - %u\n", osfa->StaticEndpointFlag); dprintf("&Associations(OSF_ASSOCIATION_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_ADDRESS, Associations))); dprintf("CallThreadCount - %d\n", osfa->CallThreadCount); dprintf("ActiveCallCount - %d\n", osfa->ActiveCallCount); dprintf("MinimumCallThreads - %d\n", osfa->MinimumCallThreads); dprintf("ServerListeningFlag - %d\n", osfa->ServerListeningFlag); dprintf("ReceiveDirectCount - %d\n", osfa->ReceiveDirectCount); dprintf("\n"); if (Endpoint) { delete[] Endpoint; } if (RpcProtocolSequence) { delete[] RpcProtocolSequence; } if (NetworkAddress) { delete[] NetworkAddress; } } VOID do_dump_osfsc( DWORD dwAddr ) { BOOL b; char block[sizeof(OSF_SCONNECTION)]; OSF_SCONNECTION * osfsc = (OSF_SCONNECTION *)█ b = GetData(dwAddr, &block, sizeof(OSF_SCONNECTION), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("pThread(THREAD) - 0x%x\n", osfsc->Thread); dprintf("AlertCount - %d\n", osfsc->AlertCount); dprintf("CallOrphaned - %d\n", osfsc->CallOrphaned); dprintf("&Bindings(OSF_SBINDING_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_SCONNECTION, Bindings))); dprintf("pCurrentBinding(OSF_SBINDING) - 0x%x\n", osfsc->CurrentBinding); dprintf("MaxFrag - %u\n", osfsc->MaxFrag); dprintf("CallId - %u\n", osfsc->CallId); dprintf("CallStack - %d\n", osfsc->CallStack); dprintf("DataRep - %u\n", osfsc->DataRep); dprintf("ObjectUuid - "); PrintUuid(&(osfsc->ObjectUuid.Uuid)); dprintf("\n"); dprintf("ObjectUuidSpecified - %u\n", osfsc->ObjectUuidSpecified); dprintf("pAssociation(OSF_ASSOCIATION) - 0x%x\n", osfsc->Association); dprintf("pCurrentSecurityContext(SSECURITY_CONTEXT) - 0x%x\n", osfsc->CurrentSecurityContext); dprintf("&SecurityContextDict(SSECURITY_CONTEXT_DICT) 0x%x\n", ((DWORD)dwAddr+offsetof(OSF_SCONNECTION, SecurityContextDict))); switch (osfsc->AuthInfo.AuthenticationLevel) { case RPC_C_AUTHN_LEVEL_DEFAULT: dprintf("AuthenticationLevel - default\n"); break; case RPC_C_AUTHN_LEVEL_NONE: dprintf("AuthenticationLevel - none\n"); break; case RPC_C_AUTHN_LEVEL_CONNECT: dprintf("AuthenticationLevel - connect\n"); break; case RPC_C_AUTHN_LEVEL_CALL: dprintf("AuthenticationLevel - call\n"); break; case RPC_C_AUTHN_LEVEL_PKT: dprintf("AuthenticationLevel - pkt\n"); break; case RPC_C_AUTHN_LEVEL_PKT_INTEGRITY: dprintf("AuthenticationLevel - pkt integrity\n"); break; case RPC_C_AUTHN_LEVEL_PKT_PRIVACY: dprintf("AuthenticationLevel - pkt privacy\n"); break; default: dprintf("AuthenticationLevel - %ul\n", osfsc->AuthInfo.AuthenticationLevel); break; } switch (osfsc->AuthInfo.AuthenticationService) { case RPC_C_AUTHN_NONE: dprintf("AuthenticationService - none\n"); break; case RPC_C_AUTHN_DCE_PRIVATE: dprintf("AuthenticationService - DCE private\n"); break; case RPC_C_AUTHN_DCE_PUBLIC: dprintf("AuthenticationService - DCE public\n"); break; case RPC_C_AUTHN_DEC_PUBLIC: dprintf("AuthenticationService - DEC public\n"); break; case RPC_C_AUTHN_WINNT: dprintf("AuthenticationService - WINNT\n"); break; case RPC_C_AUTHN_DEFAULT: dprintf("AuthenticationService - default\n"); break; default: dprintf("AuthenticationService - %ul\n", osfsc->AuthInfo.AuthenticationService); break; } dprintf("AdditionalSpaceForSecurity - %u\n", osfsc->AdditionalSpaceForSecurity); dprintf("AuthContextId - %u\n", osfsc->AuthContextId); dprintf("RpcSecurityBeingUsed - %u\n", osfsc->RpcSecurityBeingUsed); dprintf("SecurityContextAltered - %u\n", osfsc->SecurityContextAltered); dprintf("pFirstCachedBuffer(VOID) - 0x%x\n", osfsc->FirstCachedBuffer); dprintf("pSecondCachedBuffer(VOID) - 0x%x\n", osfsc->SecondCachedBuffer); dprintf("pThirdCachedBuffer(VOID) - 0x%x\n", osfsc->ThirdCachedBuffer); dprintf("BufferCacheFlags - %u\n", osfsc->BufferCacheFlags); dprintf("CachedBufferLength - %u\n", osfsc->CachedBufferLength); dprintf("ImpersonatedClientFlag - %u\n", osfsc->ImpersonatedClientFlag); dprintf("ReceiveDirectReady - %u\n", osfsc->ReceiveDirectReady); switch (osfsc->AuthInfo.AuthorizationService) { case RPC_C_AUTHZ_NONE: dprintf("AuthorizationService - none\n"); break; case RPC_C_AUTHZ_NAME: dprintf("AuthorizationService - name\n"); break; case RPC_C_AUTHZ_DCE: dprintf("AuthorizationService - DCE\n"); break; default: dprintf("AuthorizationService - %u\n", osfsc->AuthInfo.AuthorizationService); break; } dprintf("SavedHeaderSize - %u\n", osfsc->SavedHeaderSize); dprintf("pSavedHeader(VOID) - 0x%x\n", osfsc->SavedHeader); dprintf("ReceiveDirectAddress - 0x%x\n", osfsc->ReceiveDirectAddress); dprintf("\n"); } VOID do_dump_osfassoc( DWORD dwAddr ) { BOOL b; char block[sizeof(OSF_ASSOCIATION)]; OSF_ASSOCIATION * osfa = (OSF_ASSOCIATION *)█ b = GetData(dwAddr, &block, sizeof(OSF_ASSOCIATION), NULL); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } dprintf("\n"); dprintf("pContext(VOID) - 0x%x\n", osfa->pContext); dprintf("AssociationID - %u\n", osfa->AssociationID); dprintf("pRundown(RPC_RUNDOWN) - 0x%x\n", osfa->Rundown); dprintf("ConnectionCount - %d\n", osfa->ConnectionCount); dprintf("AssociationGroupId - %u\n", osfa->AssociationGroupId); dprintf("AssociationDictKey - %d\n", osfa->AssociationDictKey); dprintf("pAddress(OSF_ADDRESS) - 0x%x\n", osfa->Address); dprintf("pClientProcess(RPC_CLIENT_PROCESS_IDENTIFIER)- 0x%x\n", osfa->ClientProcess); dprintf("\n"); } VOID do_dump_rpcsvr( DWORD dwAddr ) { BOOL b; char block[sizeof(RPC_SERVER)]; RPC_SERVER * rpcsvr = (RPC_SERVER *)█ b = GetData(dwAddr, &block, sizeof(RPC_SERVER), NULL); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } dprintf("\n"); dprintf("pRpcForwardFunction(RPC_FORWARD_FUNCTION) - 0x%x\n", rpcsvr->pRpcForwardFunction); dprintf("&RpcInterfaceDictionary(RPC_INTERFACE_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(RPC_SERVER, RpcInterfaceDictionary))); dprintf("&ServerMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(RPC_SERVER, ServerMutex))); dprintf("AvailableCallCount - %d\n", rpcsvr->AvailableCallCount.Integer); dprintf("ServerListeningFlag - %u\n", rpcsvr->ServerListeningFlag); dprintf("&RpcAddressDictionary(RPC_INTERFACE_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(RPC_SERVER, RpcAddressDictionary))); dprintf("ListeningThreadFlag - %u\n", rpcsvr->ListeningThreadFlag); dprintf("&StopListeningEvent(EVENT) - 0x%x\n", ((DWORD)dwAddr+offsetof(RPC_SERVER, StopListeningEvent))); dprintf("MaximumConcurrentCalls - %u\n", rpcsvr->MaximumConcurrentCalls); dprintf("MinimumCallThreads - %u\n", rpcsvr->MinimumCallThreads); dprintf("IncomingRpcCount - %u\n", rpcsvr->IncomingRpcCount); dprintf("OutgoingRpcCount - %u\n", rpcsvr->OutgoingRpcCount); dprintf("ReceivedPacketCount - %u\n", rpcsvr->ReceivedPacketCount); dprintf("SentPacketCount - %u\n", rpcsvr->SentPacketCount); dprintf("&RpcAddressDictionary(RPC_AUTHENTICATION_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(RPC_SERVER, AuthenticationDictionary))); dprintf("WaitingThreadFlag - %u\n", rpcsvr->WaitingThreadFlag); dprintf("pThreadCache(CACHED_THREAD) - 0x%x\n", rpcsvr->ThreadCache); dprintf("&ThreadCacheMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(RPC_SERVER, ThreadCacheMutex))); dprintf("\n"); } VOID do_dump_rpcmem( DWORD dwAddr, long Count ) { #ifdef DEBUGRPC BOOL b; BOOL forwards = TRUE; BOOL doAll = FALSE; RPC_MEMORY_BLOCK Header; unsigned Data[4]; unsigned char RearGuardBlock[4]; if (Count < 0) { forwards = FALSE; } else if (Count == 0) { doAll = TRUE; } dprintf("\n"); do { b = GetData(dwAddr, &Header, sizeof(Header), NULL); if ( !b ) { dprintf("can't read block header at %x\n", dwAddr); return; } dprintf("0x%08 : Next: 0x%08x Prev: 0x%08x Size: %u\n", dwAddr, Header.next, Header.previous, Header.size ); b = GetData( dwAddr + offsetof(RPC_MEMORY_BLOCK, rearguard), Data, min(Header.size, sizeof(Data)), NULL ); if ( !b ) { dprintf("can't read block data at %x\n", dwAddr + offsetof(RPC_MEMORY_BLOCK, rearguard) ); return; } dprintf(" First four DWORDs - %08x %08x %08x %08x\n", Data[0], Data[1], Data[2], Data[3] ); b = GetData( dwAddr + offsetof(RPC_MEMORY_BLOCK, rearguard) + Header.size, Header.rearguard, sizeof(Header.rearguard), NULL ); if ( !b ) { dprintf("can't read block trailer at %x\n", dwAddr + offsetof(RPC_MEMORY_BLOCK, rearguard) + Header.size ); return; } if ( (Header.blockguard[0] != 0xFE) || (Header.blockguard[1] != 0xFE) || (Header.blockguard[2] != 0xFE) || (Header.blockguard[3] != 0xFE) ) { dprintf(" RPC: BAD BLOCKGUARD\n"); } if ( (Header.frontguard[0] != 0xFE) || (Header.frontguard[1] != 0xFE) || (Header.frontguard[2] != 0xFE) || (Header.frontguard[3] != 0xFE) ) { dprintf(" RPC: BAD FRONTGUARD\n"); } if ( (Header.rearguard[0] != 0xFE) || (Header.rearguard[1] != 0xFE) || (Header.rearguard[2] != 0xFE) || (Header.rearguard[3] != 0xFE) ) { dprintf(" RPC: BAD REARGUARD\n"); } if (forwards == TRUE) { dwAddr = (DWORD) Header.next; Count--; } else { dwAddr = (DWORD) Header.previous; Count++; } } while (dwAddr && (Count || doAll) ); dprintf("\n"); #endif // DEBUGRPC } VOID do_dump_rpc_msg( DWORD dwAddr ) { BOOL b; char block[sizeof(RPC_MESSAGE)]; RPC_MESSAGE * rpcmsg = (RPC_MESSAGE *)█ b = GetData(dwAddr, &block, sizeof(RPC_MESSAGE), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("Handle(RPC_BINDING_HANDLE) - 0x%x\n", rpcmsg->Handle); dprintf("DataRepresentation - %u\n", rpcmsg->DataRepresentation); dprintf("pBuffer(void) - 0x%x\n", rpcmsg->Buffer); dprintf("BufferLength - %u\n", rpcmsg->BufferLength); dprintf("ProcNum - %u\n", rpcmsg->ProcNum); dprintf("TransferSyntax(RPC_SYNTAX_IDENTIFIER) - 0x%x\n", rpcmsg->TransferSyntax); dprintf("pRpcInterfaceInformation(void) - 0x%x\n", rpcmsg->RpcInterfaceInformation); dprintf("pReservedForRuntime(void) - 0x%x\n", rpcmsg->ReservedForRuntime); dprintf("pManagerEpv(RPC_MGR_EPV) - 0x%x\n", rpcmsg->ManagerEpv); dprintf("pImportContext(void) - 0x%x\n", rpcmsg->ImportContext); dprintf("RpcFlags - %u/0x%x\n", rpcmsg->RpcFlags, rpcmsg->RpcFlags); dprintf("\n"); } char *Protocol[] = { "tcp", "spx", "adsp", "nb_nb", "nb_tcp", "nb_ipx", "dg_udp", "dg_ipx" } ; VOID do_dump_map( DWORD dwAddr ) { BOOL b; char block[sizeof(PRIMARYADDR)]; PPRIMARYADDR pa = (PPRIMARYADDR)█ PSOCKMAP DataMap ; unsigned int size ; int nIndex ; b = GetData( dwAddr, &block, sizeof(PRIMARYADDR), NULL ); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } size = pa->DataMapInfo.MaxEntries * sizeof(SOCKMAP) ; DataMap = (PSOCKMAP) new char[size] ; b =GetData( (DWORD) pa->DataSockMap, DataMap, size, NULL ); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } for (nIndex = 0; nIndex < pa->DataMapInfo.MaxEntries; nIndex++) { dprintf("\n") ; dprintf("ProtocolId\t- %s\n", Protocol[DataMap[nIndex].ProtocolId]) ; dprintf("Sock\t\t- %d\n", DataMap[nIndex].Sock) ; dprintf("Conn\t\t- 0x%x\n", DataMap[nIndex].Conn) ; dprintf("pAddress\t- 0x%x\n", DataMap[nIndex].pAddress) ; dprintf("\n") ; } delete DataMap ; } DECLARE_API( help ) { INIT_DPRINTF(); if (lpArgumentString[0] == '\0') { dprintf("rpcdbg help:\n\n"); dprintf("!symbol (
|) - Returns either the symbol name or address\n"); dprintf("!dump_osfbh
- Dumps OSF_BINDING_HANDLE structure\n"); dprintf("!dump_osfca
- Dumps OSF_CASSOCIATION structure\n"); dprintf("!dump_osfcc
- Dumps OSF_CCONNECTION structure\n"); dprintf("!dump_osfaddr
- Dumps OSF_ADDRESS structure\n"); dprintf("!dump_osfsc
- Dumps OSF_SCONNECTION structure\n"); dprintf("!dump_osfassoc
- Dumps OSF_ASSOCIATION structure\n"); dprintf("\n"); dprintf("!dump_transsc
- dumps TRANS_SCONNECTION\n"); dprintf("\n"); dprintf("!dump_dcebinding
- Dumps DCE_BINDING structure\n"); dprintf("!dump_rpcsvr
- Dumps RPC_SERVER structure\n"); dprintf("\n"); dprintf("!dd_rpc [-a
][-d ] - Dumps RPC_MEMORY_BLOCK linked list\n"); dprintf("!dump_paddr
Dumps ADDRESS struct of common transport\n"); dprintf("!dump_tsc
Dumps SCONNECTION struct of common transport\n"); dprintf("!dump_map
- dumps the socket map from the PRIMARY_ADDRESS structure in
\n"); dprintf("\n"); dprintf("!dgcc
- Dumps a DG_CCALL \n"); dprintf("!dgsc
- Dumps a DG_SCALL \n"); dprintf("!dgpkt
- Dumps a DG_PACKET \n"); dprintf("!dgpkthdr
- Dumps a dg packet header (NCA_PACKET_HEADER)\n"); dprintf("\n"); dprintf("!msg
- dumps an RPC_MESSAGE\n"); dprintf("!stubmsg
- dumps a MIDL_STUB_MESSAGE\n"); dprintf("!pipemsg
- dumps an NDR_PIPE_MESSAGE\n"); dprintf("!pipedesc
- dumps an NDR_PIPE_DESC\n"); dprintf("!pipestate
- dumps an NDR_PIPE_STATE\n"); dprintf("\n"); } } DECLARE_API( symbol ) { DWORD dwAddr; CHAR Symbol[64]; DWORD Displacement; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { return; } GetSymbol((LPVOID)dwAddr,(unsigned char *)Symbol,&Displacement); dprintf("%s+%lx at %lx\n", Symbol, Displacement, dwAddr); } DECLARE_API( dump_paddr ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of PADDR\n"); return; } do_dump_paddr(dwAddr); return; } DECLARE_API( dump_tsc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of SCONNECTION (trans)\n"); return; } do_dump_tsc(dwAddr); return; } DECLARE_API( dump_transsc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of TRANS_SCONNECTION (trans)\n"); return; } do_dump_transsc(dwAddr); return; } DECLARE_API( dump_osfbh ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of OSF_BINDING_HANDLE\n"); return; } do_dump_osfbh(dwAddr); return; } DECLARE_API( dump_osfca ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of OSF_CASSOCIATION\n"); return; } do_dump_osfca(dwAddr); return; } DECLARE_API( dump_osfaddr ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of OSF_ADDRESS\n"); return; } do_dump_osfaddr(dwAddr); return; } DECLARE_API( dump_osfsc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of OSF_SCONNECTION\n"); return; } do_dump_osfsc(dwAddr); return; } DECLARE_API( dump_dcebinding ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of DCE_BINDING\n"); return; } do_dump_dcebinding(dwAddr); return; } DECLARE_API( dump_osfcc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of OSF_CCONNECTION\n"); return; } do_dump_osfcc(dwAddr); return; } DECLARE_API( dump_osfassoc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of OSF_ASSOCIATION\n"); return; } do_dump_osfassoc(dwAddr); } DECLARE_API( dump_rpcsvr ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: Failure to get address of RPC_SERVER\n"); return; } do_dump_rpcsvr(dwAddr); return; } DECLARE_API( dump_rpcmsg ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if (!dwAddr) { dprintf("Error: Failure to get address of RPC_MESSAGE\n"); return; } do_dump_rpc_msg(dwAddr); return; } DECLARE_API( msg ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if (!dwAddr) { dprintf("Error: can't interpret '%s'\n", lpArgumentString); return; } do_dump_rpc_msg(dwAddr); return; } DECLARE_API( dump_map ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression( lpArgumentString ); if (!dwAddr) { dprintf("Error: Failure to get address of socket map\n"); return; } do_dump_map(dwAddr); return; } DECLARE_API( dd_rpc ) { DWORD dwAddr = 0; DWORD dwTmpAddr = 0; long lDisplay = 0; char **argv = new char*[MAX_ARGS]; int argc = 0; int i; INIT_DPRINTF(); #ifdef DEBUGRPC for (i = 0; ; ) { while (lpArgumentString[i] == ' ') { lpArgumentString[i] = '\0'; i++; } if (lpArgumentString[i] == '\0') { break; } argv[argc] = &(lpArgumentString[i]); argc++; if (argc > MAX_ARGS) { dprintf("\nToo many arguments. Extra args ignored.\n\n"); break; } while ((lpArgumentString[i] != ' ')&& (lpArgumentString[i] != '\0')) { i++; } } for (i = 0; i < argc; i++) { if ((*argv[i] == '-') || (*argv[i] == '/') || (*argv[i] == '+')) { switch (*(argv[i]+1)) { case 'A': case 'a': dwAddr = GetExpression(argv[++i]); if (!dwAddr) { dprintf("Error: Failure to get address of RPC memory list\n"); return; } break; case 'D': case 'd': lDisplay = (long)myatol(argv[++i]); break; case '?': default: dprintf("dd_rpc \n"); dprintf(" -a
(default:starts at head of linked list)\n"); dprintf(" -d (default: to end)\n"); break; } } else { dprintf("dd_rpc \n"); dprintf(" -a
(default:starts at head of linked list)\n"); dprintf(" -d (default: to end)\n"); } } if (!dwAddr) { dwTmpAddr = GetExpression("rpcrt4!AllocatedBlocks"); GetData(dwTmpAddr, &dwAddr, sizeof(DWORD), NULL); dprintf("Address of AllocatedBlocks - 0x%08x\n", dwTmpAddr); dprintf("Contents of AllocatedBlocks - 0x%08x\n", dwAddr); } do_dump_rpcmem(dwAddr, lDisplay); #else // DEBUGRPC dprintf("This extension is not supported on a free build!\n"); #endif // DEBUGRPC if (argv) { delete[] argv; } return; } VOID do_dump_transsc( DWORD dwAddr ) { BOOL b; char block[sizeof(TRANS_SCONNECTION)]; TRANS_SCONNECTION * transsc = (TRANS_SCONNECTION *)█ b = GetData(dwAddr, &block, sizeof(TRANS_SCONNECTION), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("ServerInfo\t\t\t- 0x%x\n", transsc->ServerInfo); dprintf("ConnectionCloseFlag\t\t- %d\n", transsc->ConnectionClosedFlag); dprintf("ReceiveAnyFlag\t\t\t- %d\n", transsc->ReceiveAnyFlag); dprintf("Address\t\t\t\t- 0x%x\n", transsc->Address); dprintf("ConnectionEvent\t\t\t- 0x%x\n", transsc->ConnectionEvent); dprintf("ReceiveDirectFlag\t\t- %d\n", transsc->ReceiveDirectFlag) ; dprintf("\n"); } DECLARE_API( dgpe ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(DG_PACKET_ENGINE)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_dgpe((DG_PACKET_ENGINE *) block); } DECLARE_API( dgcc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(DG_CCALL)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_dgcc((DG_CCALL *) block); } DECLARE_API( dgsc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(DG_SCALL)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x, error 0x%lx\n", dwAddr, GetLastError()); return; } dump_dgsc((DG_SCALL *) block); } char * BooleanString( BOOL Value ) { switch (Value) { case TRUE: return "True"; case FALSE: return "False"; default: return "indeterminate"; } } char * StateString( CALL_STATE State ) { switch (State) { case CallInit: return "init"; case CallWaitingForFrags: return "receiving frags"; case CallWorking: return "working"; case CallSendingFrags: return "sending frags"; case CallBogus: return "bogus"; default: { static char scratch[40]; sprintf(scratch, "0x%lx", State); return scratch; } } } char * PipeWaitType( PIPE_WAIT_TYPE Type ) { switch (Type) { case PWT_NONE: return "none"; case PWT_SEND: return "sending"; case PWT_RECEIVE: return "receiving"; default: { static char scratch[40]; sprintf(scratch, "0x%lx", Type); return scratch; } } } VOID dump_dgcc( DG_CCALL * dgcc ) { dprintf("\n"); dprintf("activity uuid - "); PrintUuid((struct _GUID *) &dgcc->ActivityUuid); dprintf("\n"); dprintf("\n"); dprintf("security context - %-8lx UseSecurity: %s\n", dgcc->ActiveSecurityContext, BooleanString(dgcc->UseSecurity)); dprintf("association - %-8lx fNewCall: %s\n", dgcc->pCAssociation, BooleanString(dgcc->fNewCall)); dprintf("binding handle - %-8lx ServerResponded: %s\n", dgcc->pBindingHandle, BooleanString(dgcc->ServerResponded)); dprintf("CallbackAddress - %-8lx CallbackCompleted: %s\n", dgcc->CallbackAddress, BooleanString(dgcc->CallbackCompleted)); dump_dgpe(dgcc); } VOID dump_dgsc( DG_SCALL * dgsc ) { dprintf("\n"); dprintf("activity uuid - "); PrintUuid((struct _GUID *) &dgsc->ActivityNode.Uuid); dprintf("\n"); dprintf("\n"); dprintf("state - %-15s DG_ADDRESS - %lx\n", StateString(dgsc->State), dgsc->pAddress); dprintf("previous state - %-15s association group - %lx\n", StateString(dgsc->PreviousState), dgsc->pAssocGroup); dprintf("reference count - %10lu last interface used - %lx\n", dgsc->ReferenceCount, dgsc->LastInterface); dprintf("expiration time - %10lx active security context - %lx\n", dgsc->ExpirationTime, dgsc->ActiveSecurityContext); dprintf("current time is %10lx callback thread - %10lx \n", GetTickCount(), dgsc->CallbackThread); dprintf("\n"); dprintf("client endpoint - %10lx pipe wait type - %s\n", dgsc->pClientEndpoint, PipeWaitType(dgsc->PipeWaitType)); dprintf("forwarded - %10s pipe wait length - %lx\n", BooleanString(dgsc->CallWasForwarded), dgsc->PipeWaitLength ); dprintf("RealDataRep - %10lx pipe thread - %lx\n", dgsc->RealDataRep, dgsc->PipeThreadId ); dprintf("RealEndpoint - %10lx pipe wait event - %lx\n", dgsc->pRealEndpoint, &dgsc->PipeWaitEvent ); dprintf("\n"); dprintf("Max key sequence - %10lx CallMutex - %lx\n", dgsc->MaxKeySeq, &dgsc->CallMutex ); dprintf("i/f callback dict - %10lx dispatch sequence - %lx \n", &dgsc->InterfaceCallbackResults, dgsc->DispatchSequenceNumber); dprintf("fack trigger time - %10lx security cxt dict - %lx\n", dgsc->FackTimer.TriggerTime, &dgsc->SecurityContextDict); dump_dgpe(dgsc); } VOID dump_dgpe( DG_PACKET_ENGINE * dgpe ) { dprintf("\n"); dprintf("current PDU - %-8hx sequence - %lx\n", dgpe->CurrentPduSize, dgpe->SequenceNumber); dprintf("next PDU - %-8hx pSavedPacket - %lx\n", dgpe->NextCallPduSize, dgpe->pSavedPacket); dprintf("xport max PDU - %-8hx activity hint - %hx\n", dgpe->MaxPduSize, dgpe->ActivityHint); dprintf("xport max pkt - %-8hx timeout count - %lx\n", dgpe->MaxPacketSize, dgpe->TimeoutCount); dprintf("max fragment - %-8hx\n", dgpe->MaxFragmentSize); dprintf("sec trailer size - %-8hx\n", dgpe->SecurityTrailerSize); dprintf("\n"); dprintf("send buffer - %-8lx last receive buffer - %lx\n", dgpe->Buffer, dgpe->LastReceiveBuffer); dprintf("buffer length - %-8lx buffer length - %lx\n", dgpe->BufferLength, dgpe->LastReceiveBufferLength); dprintf("frag base - %-8hx frag base - %hx\n", dgpe->SendWindowBase, dgpe->ReceiveFragmentBase); dprintf("final frag - %-8hx fReceivedAllFragments - %s\n", dgpe->FinalSendFrag, BooleanString(dgpe->fReceivedAllFragments)); dprintf("window length - %-8hx window length - %hx\n", dgpe->SendWindowSize, dgpe->ReceiveWindowSize); dprintf("burst length - %-8hx receive packet head - %lx\n", dgpe->SendBurstLength, dgpe->pReceivedPackets); dprintf("first unsent frag - %-8hx last consecutive pkt - %lx\n", dgpe->FirstUnsentFragment, dgpe->pLastConsecutivePacket); dprintf("first unsent offset - %-8lx consecutive packet data %lx\n", dgpe->FirstUnsentOffset, dgpe->ConsecutiveDataBytes); dprintf("\n"); dprintf("ring buffer base - %x\n", dgpe->RingBufferBase); dprintf("\n"); dprintf(" Frag Offset Length Serial # | Frag Offset Length Serial #\n"); dprintf(" ---- -------- ------ -------- | ---- -------- ------ --------\n"); unsigned short i; for (i=0; i < MAX_WINDOW_SIZE / 2; ++i) { unsigned short Index1 = (i + dgpe->RingBufferBase) % MAX_WINDOW_SIZE; unsigned short Index2 = (i + dgpe->RingBufferBase + MAX_WINDOW_SIZE/2) % MAX_WINDOW_SIZE; dprintf(" %4hx: %8lx %5hx %4hx | %4hx: %8lx %5hx %4hx\n", dgpe->SendWindowBase + i < dgpe->FirstUnsentFragment ? dgpe->SendWindowBase + i : dgpe->SendWindowBase + i - MAX_WINDOW_SIZE, dgpe->FragmentRingBuffer[Index1].Offset, dgpe->FragmentRingBuffer[Index1].Length, dgpe->FragmentRingBuffer[Index1].SerialNumber, dgpe->SendWindowBase + i + MAX_WINDOW_SIZE / 2 < dgpe->FirstUnsentFragment ? dgpe->SendWindowBase + i + MAX_WINDOW_SIZE / 2 : dgpe->SendWindowBase + i + MAX_WINDOW_SIZE / 2 - MAX_WINDOW_SIZE, dgpe->FragmentRingBuffer[Index2].Offset, dgpe->FragmentRingBuffer[Index2].Length, dgpe->FragmentRingBuffer[Index2].SerialNumber ); } dprintf("\n"); } char * PacketFlagStrings[8] = { "forwarded ", "lastfrag ", "frag ", "nofack ", "maybe ", "idem ", "broadcast ", "flags-0x80 " }; char * PacketFlag2Strings[8] = { "fragmented ", "cancel-pending ", "flags2-0x04 ", "flags2-0x08 ", "flags2-0x10 ", "flags2-0x20 ", "flags2-0x40 ", "flags2-0x80 " }; char * PrintPacketFlags( PNCA_PACKET_HEADER h ) { static char buf[160]; unsigned char Flags; unsigned i; buf[0] = 0; Flags = h->PacketFlags; for (i=0; i < 8; i++) { if (Flags & 1) { strcat(buf, PacketFlagStrings[i]); } Flags >>= 1; } Flags = h->PacketFlags2; for (i=0; i < 8; i++) { if (Flags & 1) { strcat(buf, PacketFlag2Strings[i]); } Flags >>= 1; } return buf; } char * PacketTypes[] = { "REQ ", "PING", "RESP", "FLT ", "WORK", "NOCA", "REJ ", "ACK ", "QUIT", "FACK", "QACK" }; char * PrintPacketType( unsigned char PacketType ) { static char buf[40]; if (PacketType <= 10) { return PacketTypes[PacketType]; } sprintf(buf, "illegal packet type %x ", PacketType); return buf; } DECLARE_API( dgpkt ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate the expression\n"); return; } BOOL b; char block[sizeof(DG_PACKET)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_dg_packet((DG_PACKET *) block); } DECLARE_API( dgpkthdr ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate the expression\n"); return; } BOOL b; char block[sizeof(NCA_PACKET_HEADER)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_dg_packet_header((NCA_PACKET_HEADER *) block); } VOID dump_dg_packet( PDG_PACKET p ) { dprintf("\n"); dprintf(" max data %-8x next in list: %-8lx timestamp: %lx\n", p->MaxDataLength, p->pNext, p->TimeReceived); dprintf(" current data %-8x previous: %-8lx\n", p->DataLength, p->pPrevious); dump_dg_packet_header(&p->Header); } VOID dump_dg_packet_header( PNCA_PACKET_HEADER h ) { dprintf("\n"); dprintf(" %s version %x, flags: %s\n", PrintPacketType(h->PacketType), h->RpcVersion, PrintPacketFlags(h)); unsigned long Drep = *(unsigned long *) h->DataRep; Drep &= 0x00ffffff; dprintf(" frag %hx, data %hx, serial %hx, data rep %lx, boot time %lx, auth proto %hx\n", h->FragmentNumber, h->PacketBodyLen, h->SerialLo | (h->DataRep[3] << 8), Drep, h->ServerBootTime, h->AuthProto); dprintf(" activity "); PrintUuid((struct _GUID *) &h->ActivityId); dprintf(", hint %x, sequence %lx\n", h->ActivityHint, h->SequenceNumber); dprintf(" interface "); PrintUuid((struct _GUID *) &h->InterfaceId); dprintf(", ver %hx.%hx, hint %hx, opnum %x\n", h->InterfaceVersion.MajorVersion, h->InterfaceVersion.MinorVersion, h->InterfaceHint, h->OperationNumber); dprintf(" object "); PrintUuid((struct _GUID *) &h->ObjectId); dprintf("\n"); } void dump_stub_msg( MIDL_STUB_MESSAGE * msg ) { dprintf("\n"); dprintf(" buffer %8lx mem size %8lx rpc message %8lx\n", msg->Buffer, msg->MemorySize, msg->RpcMsg ); dprintf(" buf start %8lx mem %8lx saved handle %8lx\n", msg->BufferStart, msg->Memory, msg->SavedHandle ); dprintf(" buf end %8lx alloc-all mem %8lx stub descrip %8lx\n", msg->BufferEnd, msg->AllocAllNodesMemory, msg->StubDesc ); dprintf(" buf mark %8lx alloc-all end %8lx pipe descrip %8lx\n", msg->BufferMark, msg->AllocAllNodesMemoryEnd, msg->pPipeDesc); dprintf(" buf length %8lx \n", msg->BufferLength ); dprintf(" is client %5s max count %8lx\n", BooleanString(msg->IsClient), msg->MaxCount); dprintf(" stack top %8lx reuse %5s actual count %8lx\n", msg->StackTop, BooleanString(msg->ReuseBuffer), msg->ActualCount); dprintf(" presented type %8lx ignore embed %5s offset %8lx\n", msg->pPresentedType, BooleanString(msg->IgnoreEmbeddedPointers), msg->Offset); dprintf(" transmit type %8lx valid %5s \n", msg->pTransmitType, BooleanString(msg->fBufferValid) ); } DECLARE_API( stubmsg ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(MIDL_STUB_MESSAGE)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_stub_msg((MIDL_STUB_MESSAGE *) block); } char * ReceiveStates[] = { "START", "COPY_PIPE_ELEM", "RETURN_PARTIAL", "READ_PARTIAL" }; char * PipeState( int State ) { static char buf[40]; if (State <= 3) { return ReceiveStates[State]; } sprintf(buf, "0x%x", State); return buf; } void dump_pipe_state( NDR_PIPE_STATE * pipe ) { dprintf("\n"); dprintf(" elems in chunk %8lx partial buf size %8lx state %s\n", pipe->ElemsInChunk, pipe->PartialBufferSize, PipeState(pipe->CurrentState) ); dprintf(" elem align %8lx partial element %8lx end of pipe %s\n", pipe->ElemAlign, pipe->PartialElem, BooleanString(pipe->EndOfPipe) ); dprintf(" elem wire size %8lx partial elem size %8lx \n", pipe->ElemWireSize, pipe->PartialElemSize ); dprintf(" elem mem size %8lx partial offset %8lx \n", pipe->ElemMemSize, pipe->PartialOffset ); } DECLARE_API( pipestate ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(NDR_PIPE_STATE)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_pipe_state((NDR_PIPE_STATE *) block); } void dump_pipe_desc( NDR_PIPE_DESC * desc ) { dprintf("\n"); dprintf(" current pipe %4lx dispatch buffer %8lx pipe msg %8lx\n", desc->CurrentPipe, desc->DispatchBuffer, desc->pPipeMsg ); dprintf(" in pipes %4lx last partial buf %8lx \n", desc->InPipes, desc->LastPartialBuffer ); dprintf(" out pipes %4lx last partial size %8lx \n", desc->OutPipes, desc->LastPartialSize ); dprintf(" total pipes %4lx buffer save %8lx \n", desc->TotalPipes, desc->BufferSave ); dprintf(" version %4lx length save %8lx \n", desc->PipeVersion, desc->LengthSave ); dprintf(" flags %4lx \n", desc->Flags ); dump_pipe_state(&desc->RuntimeState); } DECLARE_API( pipedesc ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(NDR_PIPE_DESC)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_pipe_desc((NDR_PIPE_DESC *) block); } #define NDR_IN_PIPE 0x01 #define NDR_OUT_PIPE 0x02 #define NDR_LAST_IN_PIPE 0x04 #define NDR_LAST_OUT_PIPE 0x08 #define NDR_OUT_ALLOCED 0x10 char * PipeFlags( unsigned short Flags ) { static char buf[80]; buf[0] = 0; if (Flags & NDR_IN_PIPE) { strcat(buf, "I "); } if (Flags & NDR_OUT_PIPE) { strcat(buf, "O "); } if (Flags & NDR_LAST_IN_PIPE) { strcat(buf, "LI "); } if (Flags & NDR_LAST_OUT_PIPE) { strcat(buf, "LO "); } if (Flags & NDR_OUT_ALLOCED) { strcat(buf, "ALLOC "); } if (Flags & 0xffe0) { char Excess[10]; sprintf(Excess, "%hx ", Flags & 0xffe0); strcat(buf, Excess); } return buf; } char * PipeStatusStrings[] = { "QUIET", "IN", "OUT", "DRAIN" }; char * PipeStatus( unsigned short Status ) { static char buf[40]; if (Status <= 3) { return PipeStatusStrings[Status]; } sprintf(buf, "0x%x", Status); return buf; } void dump_pipe_msg( NDR_PIPE_MESSAGE * msg ) { dprintf("\n"); dprintf(" signature %4lx pipe type %8lx pipe status %5s stub msg %8lx\n", msg->Signature, msg->pPipeType, PipeStatus(msg->PipeStatus), msg->pStubMsg ); dprintf(" ID %4lx type format%8lx pipe flags %s\n", msg->PipeId, msg->pTypeFormat,PipeFlags(msg->PipeFlags)); } DECLARE_API( pipemsg ) { DWORD dwAddr; INIT_DPRINTF(); dwAddr = GetExpression(lpArgumentString); if ( !dwAddr ) { dprintf("Error: can't evaluate '%s'\n", lpArgumentString); return; } BOOL b; char block[sizeof(NDR_PIPE_MESSAGE)]; b = GetData(dwAddr, &block, sizeof(block), NULL); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dump_pipe_msg((NDR_PIPE_MESSAGE *) block); } // // Save this as a template for future WMSG commands. // #if 0 VOID do_dump_lpc_addr( HANDLE hCurrentProcess, LPVOID dwAddr ) { BOOL b; char block[sizeof(LRPC_ADDRESS)]; LRPC_ADDRESS * lpca = (LRPC_ADDRESS *)█ RPC_CHAR *Endpoint; RPC_CHAR *RpcProtocolSequence; RPC_CHAR *NetworkAddress; b = ReadProcessMemory( hCurrentProcess, dwAddr, &block, sizeof(LRPC_ADDRESS), NULL ); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } Endpoint = ReadProcessRpcChar(hCurrentProcess, lpca->Endpoint); RpcProtocolSequence = ReadProcessRpcChar(hCurrentProcess, lpca->RpcProtocolSequence); NetworkAddress = ReadProcessRpcChar(hCurrentProcess, (RPC_CHAR PAPI *) lpca->lNetworkAddress[0]); dprintf("\n"); dprintf("pServer(RPC_SERVER) - 0x%x\n", lpca->Server); dprintf("&AddressMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_ADDRESS, AddressMutex))); dprintf("Endpoint - %ws\n", Endpoint); dprintf("RpcProtocolSequence - %ws\n", RpcProtocolSequence); dprintf("NetworkAddress - %ws\n", NetworkAddress); dprintf("StaticEndpointFlag - %u\n", lpca->StaticEndpointFlag); dprintf("LpcAddressPort(HANDLE) - 0x%x\n", lpca->LpcAddressPort); dprintf("CallThreadCount - %u\n", lpca->CallThreadCount); dprintf("MinimumCallThreads - %u\n", lpca->MinimumCallThreads); dprintf("ServerListeningFlag - %u\n", lpca->ServerListeningFlag); dprintf("ActiveCallCount - %u\n", lpca->ActiveCallCount); dprintf("&Associations(LRPC_ASSOCIATION_DICT)- 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_ADDRESS, AssociationDictionary))); dprintf("\n"); if (Endpoint) { delete[] Endpoint; } if (RpcProtocolSequence) { delete[] RpcProtocolSequence; } if (NetworkAddress) { delete[] NetworkAddress; } } VOID do_dump_lpc_assoc( HANDLE hCurrentProcess, LPVOID dwAddr ) { BOOL b; char block[sizeof(LRPC_ASSOCIATION)]; LRPC_ASSOCIATION * lpca = (LRPC_ASSOCIATION *)█ b = ReadProcessMemory( hCurrentProcess, dwAddr, &block, sizeof(LRPC_ASSOCIATION), NULL ); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } dprintf("\n"); dprintf("pContext(VOID) - 0x%x\n", lpca->pContext); dprintf("AssociationID - %u\n", lpca->AssociationID); dprintf("pRundown(RPC_RUNDOWN) - 0x%x\n", lpca->Rundown); dprintf("LpcServerPort(HANDLE) - 0x%x\n", lpca->LpcServerPort); dprintf("&Bindings(LRPC_SBINDING_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_ASSOCIATION, Bindings))); dprintf("AssociationReferenceCount - %u\n", lpca->AssociationReferenceCount); dprintf("&Buffers(LRPC_CLIENT_BUFFER_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_ASSOCIATION, Buffers))); dprintf("DictionaryKey - %u\n", lpca->DictionaryKey); dprintf("SequenceNumber - %u\n", lpca->SequenceNumber); dprintf("\n"); } VOID do_dump_lpc_scall( HANDLE hCurrentProcess, LPVOID dwAddr ) { BOOL b; char block[sizeof(LRPC_SCALL)]; LRPC_SCALL * lpcscall = (LRPC_SCALL *)█ b = ReadProcessMemory( hCurrentProcess, dwAddr, &block, sizeof(LRPC_SCALL), NULL ); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("pAssociation(LRPC_ASSOCIATION) - 0x%x\n", lpcscall->Association); dprintf("pLrpcMessage(LRPC_MESSAGE) - 0x%x\n", lpcscall->LrpcMessage); dprintf("pLrpcReplyMessage(LRPC_MESSAGE) - 0x%x\n", lpcscall->LrpcReplyMessage); dprintf("pSBinding(LRPC_SBINDING) - 0x%x\n", lpcscall->SBinding); dprintf("ObjectUuidFlag - %u\n", lpcscall->ObjectUuidFlag); dprintf("ObjectUuid - "); PrintUuid(&(lpcscall->ObjectUuid.Uuid)); dprintf("\n"); dprintf("SCallDictKey - %d\n", lpcscall->SCallDictKey); dprintf("ClientId.UniqueProcess(CLIENT_ID.HANDLE) - 0x%x\n", lpcscall->ClientId.UniqueProcess); dprintf("ClientId.UniqueThread (CLIENT_ID.HANDLE) - 0x%x\n", lpcscall->ClientId.UniqueThread); dprintf("MessageId - %u\n", lpcscall->MessageId); dprintf("pPushedResponse(VOID) - 0x%x\n", lpcscall->PushedResponse); dprintf("\n"); } VOID do_dump_lpc_bh( HANDLE hCurrentProcess, LPVOID dwAddr ) { BOOL b; char block[sizeof(LRPC_BINDING_HANDLE)]; LRPC_BINDING_HANDLE * lpcbh = (LRPC_BINDING_HANDLE *)█ RPC_CHAR *EntryName; b = ReadProcessMemory( hCurrentProcess, dwAddr, &block, sizeof(LRPC_BINDING_HANDLE), NULL ); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } EntryName = ReadProcessRpcChar(hCurrentProcess, lpcbh->EntryName); dprintf("\n"); #ifdef WIN dprintf("TaskId - %u\n", lpcbh->TaskId); #endif //WIN dprintf("Timeout - %u\n", lpcbh->Timeout); dprintf("ObjectUuid - "); PrintUuid(&(lpcbh->ObjectUuid.Uuid)); dprintf("\n"); dprintf("NullObjectUuidFlag - %u\n", lpcbh->NullObjectUuidFlag); dprintf("EntryNameSyntax - %u\n", lpcbh->EntryNameSyntax); dprintf("EntryName - %ws (Address: 0x%x)\n", EntryName, lpcbh->EntryName); dprintf("ClientAuthInfo - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_BINDING_HANDLE, ClientAuthInfo))); do_dump_client_auth_info(hCurrentProcess, (LPVOID)((DWORD)dwAddr+offsetof(LRPC_BINDING_HANDLE, ClientAuthInfo))); dprintf("pCurrentAssociation(LRPC_CASSOCIATION) - 0x%x\n", lpcbh->CurrentAssociation); dprintf("pDceBinding(DCE_BINDING) - 0x%x\n", lpcbh->DceBinding); dprintf("BindingReferenceCount - %u\n", lpcbh->BindingReferenceCount); dprintf("&BindingMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_BINDING_HANDLE, BindingMutex))); dprintf("&ActiveCalls(LRPC_CCALL_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_BINDING_HANDLE, ActiveCalls))); dprintf("\n"); if (EntryName) { delete[] EntryName; } } VOID do_dump_lpc_ca( HANDLE hCurrentProcess, LPVOID dwAddr ) { BOOL b; char block[sizeof(LRPC_CASSOCIATION)]; LRPC_CASSOCIATION * lpcca = (LRPC_CASSOCIATION *)█ b = ReadProcessMemory( hCurrentProcess, dwAddr, &block, sizeof(LRPC_CASSOCIATION), NULL ); if ( !b ) { dprintf("couldn't read address %x\n", dwAddr); return; } dprintf("\n"); dprintf("pDceBinding(DCE_BINDING) - 0x%x\n", lpcca->DceBinding); dprintf("AssociationReferenceCount - %u\n", lpcca->AssociationReferenceCount); dprintf("AssociationDictKey - %d\n", lpcca->AssociationDictKey); dprintf("&Bindings(LRPC_BINDING_DICT) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_CASSOCIATION, Bindings))); dprintf("pCachedCCall(LRPC_CCALL) - 0x%x\n", lpcca->CachedCCall); dprintf("CachedCCallFlag - %d\n", lpcca->CachedCCallFlag); dprintf("LpcClientPort(HANDLE) - 0x%x\n", lpcca->LpcClientPort); dprintf("&AssociationMutex(MUTEX) - 0x%x\n", ((DWORD)dwAddr+offsetof(LRPC_CASSOCIATION, AssociationMutex))); dprintf("\n"); } VOID do_dump_lpc_ccall( HANDLE hCurrentProcess, LPVOID dwAddr ) { BOOL b; char block[sizeof(LRPC_CCALL)]; LRPC_CCALL * lpcccall = (LRPC_CCALL *)█ b = ReadProcessMemory( hCurrentProcess, dwAddr, &block, sizeof(LRPC_CCALL), NULL ); if ( !b ) { dprintf("can't read %x\n", dwAddr); return; } dprintf("\n"); dprintf("pCurrentBindingHandle(LRPC_BINDING_HANDLE) - 0x%x\n", lpcccall->CurrentBindingHandle); dprintf("pAssociation(LRPC_CASSOCIATION) - 0x%x\n", lpcccall->Association); dprintf("CallAbortedFlag - %u\n", lpcccall->CallAbortedFlag); dprintf("CallStack - %u\n", lpcccall->CallStack); dprintf("Thread(THREAD_IDENTIFIER) - 0x%x\n", lpcccall->Thread); dprintf("RpcInterfaceInformation(RPC_CLIENT_INTERFACE) - 0x%x\n", lpcccall->RpcInterfaceInformation); dprintf("MessageId - %u\n", lpcccall->MessageId); dprintf("pLrpcMessage(LRPC_MESSAGE) - 0x%x\n", lpcccall->LrpcMessage); dprintf("pCachedLrpcMessage(LRPC_MESSAGE) - 0x%x\n", lpcccall->CachedLrpcMessage); dprintf("ActiveCallsKey - %d\n", lpcccall->ActiveCallsKey); dprintf("ClientId.UniqueProcess(CLIENT_ID.HANDLE) - 0x%x\n", lpcccall->ClientId.UniqueProcess); dprintf("ClientId.UniqueThread (CLIENT_ID.HANDLE) - 0x%x\n", lpcccall->ClientId.UniqueThread); dprintf("RecursionCount - %d\n", lpcccall->RecursionCount); dprintf("\n"); } #endif