NDRCContextUnmarshall断点函数分析之I_RpcBindingCopy函数的作用

NDRCContextUnmarshall断点函数分析之I_RpcBindingCopy函数的作用

第一部分：
void RPC_ENTRY
NDRCContextUnmarshall (         // process returned context
    OUT NDR_CCONTEXT PAPI *phCContext,// stub context to update
    IN  RPC_BINDING_HANDLE hRPC,            // binding handle to associate with
    IN  void PAPI *pBuff,           // pointer to NDR wire format
    IN  unsigned long DataRepresentation    // pointer to NDR data rep
    )
    // Update the users context handle from the servers NDR wire format.
    //-----------------------------------------------------------------------//
{
......

    RPC_BINDING_HANDLE hBindtemp ;

    if( I_RpcBindingCopy(hRPC, &hBindtemp) != RPC_S_OK )
        {
        ASSERT( !RpcpCheckHeap() );
        I_RpcFree( hCCtemp );
        RpcRaiseException(RPC_S_OUT_OF_MEMORY);
        }

I_RpcBindingCopy函数运行后，查看hBindtemp变量的值，有变化，变为0x007b9b60
类型为：rpcrt4!OSF_BINDING_HANDLE

1: kd> dv
        phCContext = 0x0006fd00
              hRPC = 0x007b7c38
             pBuff = 0x007b0a50
DataRepresentation = 0x7b9b00
         hBindtemp = 0x007b9b60
           hCCtemp = 0x007b9b00
        ThisThread = 0x007a35d8

1: kd> dt rpcrt4!OSF_BINDING_HANDLE  0x007b9b60
   +0x000 __VFN_table : 0x77bd2e38
   +0x004 MagicLong        : 0x89abcdef
   +0x008 ObjectType       : 0n1048576
   +0x00c RefCount         : INTERLOCKED_INTEGER
   +0x010 ObjectUuid       : RPC_UUID
   +0x020 Timeout          : 5
   +0x024 NullObjectUuidFlag : 1
   +0x028 EntryNameSyntax  : 0
   +0x02c EntryName        : (null)
   +0x030 EpLookupHandle   : (null)
   +0x034 OptionsVector    : (null)
   +0x038 ClientAuthInfo   : CLIENT_AUTH_INFO
   +0x074 BindingMutex     : MUTEX
   +0x08c pvTransportOptions : (null)
   +0x090 Association      : 0x007b7d48 OSF_CASSOCIATION        //第一处赋值
   +0x094 DceBinding       : (null)
   +0x098 TransInfo        : 0x007a3d78 TRANS_INFO        //第二处赋值
   +0x09c RecursiveCalls   : OSF_RECURSIVE_ENTRY_DICT
   +0x0b8 ReferenceCount   : 1
   +0x0bc pToken           : (null)
   +0x0c0 NPType           : 3 ( nptRemoteStatic )
   +0x0c4 TransAuthInitialized : 0n0
   +0x0c8 fDynamicEndpoint : 0n0
1: kd> dx -id 0,0,8960abf0 -r1 ((RPCRT4!OSF_CASSOCIATION *)0x7b7d48)
((RPCRT4!OSF_CASSOCIATION *)0x7b7d48)                 : 0x7b7d48 [Type: OSF_CASSOCIATION *]
    [+0x004] MagicLong        : 0x89abcdef [Type: unsigned long]
    [+0x008] ObjectType       : 512 [Type: int]
    [+0x00c] RefCount         [Type: INTERLOCKED_INTEGER]
    [+0x010] DceBinding       : 0x7b7a38 [Type: DCE_BINDING *]
    [+0x014] BindHandleCount  [Type: INTERLOCKED_INTEGER]
    [+0x018] AssocGroupId     : 0xffc94b49 [Type: unsigned long]
    [+0x01c] Bindings         [Type: OSF_BINDING_DICT]
    [+0x038] ActiveConnections [Type: OSF_CCONNECTION_DICT]
    [+0x054] TransInfo        : 0x7a3d78 [Type: TRANS_INFO *]
    [+0x058] SecondaryEndpoint : 0x0 [Type: unsigned char *]
    [+0x05c] Key              : 1 [Type: int]
    [+0x060] OpenConnectionCount : 0x1 [Type: unsigned int]
    [+0x064] ConnectionsDoingBindCount : 0x0 [Type: unsigned int]
    [+0x068] fPossibleServerReset : 0 [Type: int]
    [+0x06c] MaintainContext  : 0x1 [Type: unsigned int]
    [+0x070] CallIdCounter    : 0x2 [Type: unsigned long]
    [+0x074] AssociationMutex [Type: MUTEX]
    [+0x08c] AssociationValid : 1 [Type: int]
    [+0x090] AssociationShutdownError : -1163005939 [Type: long]
    [+0x094] DontLinger       : 0 [Type: int]
    [+0x098] ResolverHintInitialized : 0 [Type: int]
    [+0x09c] fIdleConnectionCleanupNeeded : 0 [Type: int]
    [+0x0a0] FailureCount     : 0 [Type: int]
    [+0x0a4] fMultiplex       : mpx_unknown (0) [Type: MPX_TYPES]
    [+0x0a8] SavedDrep        : 0x10 [Type: unsigned long]
    [+0x0ac] TokenDict        [Type: RPC_TOKEN_DICT]
    [+0x0c8] Linger           [Type: OSF_CASSOCIATION::__unnamed::__unnamed]
    [+0x0c8] NextAssociation  : 0x0 [Type: OSF_CASSOCIATION *]
    [+0x0d0] LocalMASet       : 0 [Type: int]
1: kd> dx -id 0,0,8960abf0 -r1 ((RPCRT4!TRANS_INFO *)0x7a3d78)
((RPCRT4!TRANS_INFO *)0x7a3d78)                 : 0x7a3d78 [Type: TRANS_INFO *]
    [+0x000] pTransportInterface : 0x77bece00 [Type: RPC_TRANSPORT_INTERFACE_HEADER *]
    [+0x004] LoadableTrans    : 0x7b0070 [Type: LOADABLE_TRANSPORT *]
    [+0x008] RpcProtocolSequence [Type: unsigned short [257]]

第二部分：F:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx

    Binding = new OSF_BINDING_HANDLE(&Status);
新建了一个对象。
    Status = Binding->BINDING_HANDLE::Clone( this );
克隆了很多信息。
下面是两处赋值
    Binding->Association = Association;        //第一处赋值
    Binding->TransInfo = TransInfo;        //第二处赋值
然后把变量的值改变了一下，DestinationBinding为hBindtemp变量的地址
*DestinationBinding为hBindtemp变量的值。
    *DestinationBinding = (BINDING_HANDLE *) Binding;

RPC_STATUS
OSF_BINDING_HANDLE::BindingCopy (
    OUT BINDING_HANDLE *  * DestinationBinding,
    IN UINT MaintainContext
    )
/*++

Routine Description:

    We need to copy this binding handle.  This is relatively easy to
    do: we just need to point the copied binding handle to the same
    association as this binding handle.  We also need to tell the
    association about the new binding handle.

Arguments:

    DestinationBinding - Returns a copy of this binding handle.

    MaintainContext - Supplies a flag that indicates whether or not context
        is being maintained over this binding handle.  A non-zero value
        indicates that context is being maintained.

Return Value:

    RPC_S_OUT_OF_MEMORY - This indicates that there is not enough memory
        to allocate a new binding handle.

    RPC_S_OK - We successfully copied this binding handle.

--*/
{
    RPC_STATUS Status = RPC_S_OK;
    OSF_BINDING_HANDLE * Binding;
    RPC_UUID Uuid;
    CLIENT_AUTH_INFO * AuthInfo;

    Binding = new OSF_BINDING_HANDLE(&Status);
    if ( Status != RPC_S_OK )
        {
        delete Binding;
        Binding = 0;
        }
    if ( Binding == 0 )
        {
        *DestinationBinding = 0;
        return(RPC_S_OUT_OF_MEMORY);
        }

    BindingMutex.Request();

    Status = Binding->BINDING_HANDLE::Clone( this );
    if (Status != RPC_S_OK)
        {
        delete Binding;
        Binding = 0;
        *DestinationBinding = 0;

        BindingMutex.Clear();

        return Status;
        }

    Binding->ClientAuthInfo.DefaultLogonId = ClientAuthInfo.DefaultLogonId;
    Binding->NPType = NPType;
    Binding->fDynamicEndpoint = fDynamicEndpoint;

    if (pToken)
        {
        ASSERT(Association);
        ASSERT(IsNamedPipe(NPType));
        Association->ReferenceToken(pToken);
        Binding->pToken = pToken;
        FastCopyLUIDAligned(&(Binding->ClientAuthInfo.ModifiedId),
            &(pToken->ModifiedId));
        }

    Binding->Association = Association;
    if ( DceBinding != 0 )
        {
        ASSERT( MaintainContext == 0 );

        Binding->DceBinding = DceBinding->DuplicateDceBinding();
        }
    else
        {
        Binding->DceBinding = 0;
        }

    Binding->TransInfo = TransInfo;

    if ( Association != 0 )
        {
        Association->IncrementCount();
        if ( MaintainContext != 0 )
            {
            Association->MaintainingContext();
            }
        }

    BindingMutex.Clear();

    *DestinationBinding = (BINDING_HANDLE *) Binding;
    return(RPC_S_OK);
}