Virtual ChannelInit 棒
VirtualChannelInit stucks
我正在开发一个 rdp 虚拟通道应用程序。我已经在注册表中注册了客户端 dll 并试图理解,客户端 dll 已加载。
但是我在从 pEntryPoints 调用 pVirtualChannelInit 时卡住了。
它只是没有 return 任何结果,调试器转到此函数的反汇编代码。但是如果不停止这个调用,VirtualChannelEntry 第二次调用(为什么?)。
如果我使用调试器mstsc.exe。
第一次通话后一段时间后,在控制台中我可以看到:
First-chance exception at 0x00000004 in mstsc.exe: 0xC0000005: an access violation in the performance at 0x00000004. //用google翻译
当 rdp 会话出现在屏幕上时,第二次调用后:
First-chance exception at 0x773EC42D (KernelBase.dll) in mstsc.exe: 0x000006BA: RPC server is unavailable.
First-chance exception at 0x773EC42D (KernelBase.dll) in mstsc.exe: 0x000006BA: RPC server is unavailable.
First-chance exception at 0x773EC42D (KernelBase.dll) in mstsc.exe: 0x000006BA: RPC server is unavailable.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
pEntryPoints 中的指针总是:
pVirtualChannelInit - 0x00000004
pVirtualChannelOpen - 0x0000ffff
pVirtualChannelClose - 0x000000b8
pVirtualChannelWrite - 0x00000000 (Why 0?)
HANDLE ClientHandle = NULL;
CHANNEL_DEF pChannel[1];
CHANNEL_ENTRY_POINTS SavedEntryPoints;
PCHANNEL_INIT_EVENT_FN pChannelInitEventProc;
BOOL VCAPITYPE VirtualChannelEntry(PCHANNEL_ENTRY_POINTS pEntryPoints)
{
ofstream myfile;
myfile.open ("D:\Projects\bench_cli\ConsoleApplication1\Release\example.txt");
myfile << "Writing this to a file.\n";
UINT retval1 = 0;
ZeroMemory(&pChannel[0], sizeof(CHANNEL_DEF));
strcpy(pChannel[0].name, "Bench");
pChannel[0].options = CHANNEL_OPTION_ENCRYPT_RDP | CHANNEL_OPTION_COMPRESS_RDP;
pChannelInitEventProc = VirtualChannelInitEvent;
memcpy(&SavedEntryPoints, pEntryPoints, sizeof(CHANNEL_ENTRY_POINTS));
myfile << " copied" << endl;
// call VirtualChannelInit using the function pointer in
// PCHANNEL_ENTRY_POINTS
myfile << "Initing" << endl;
retval1 = pEntryPoints->pVirtualChannelInit (&ClientHandle,
pChannel, 1, VIRTUAL_CHANNEL_VERSION_WIN2000,
pChannelInitEventProc); //here we stuck
myfile << " init" << endl; //this never printed
myfile.close();
return TRUE;
}
VOID VCAPITYPE VirtualChannelInitEvent( LPVOID pInitHandle, UINT event, LPVOID pData, UINT dataLength)
{
...//never called
}
pVirtualChannelInit 应该是一个有效的指针(指向代码)。 0x00000004 不是,因此 access violation
你的问题可能是由于编译时的结构packing/alignment不正确造成的。
通过检查传递给 VirtualChannelEntry 实现的 PCHANNEL_ENTRY_POINTS pEntryPoints 参数指向的内存,使用调试器找出正确的对齐方式。该结构以 2 32 位 值开头,后跟 4 个函数指针。第一个字段是大小字段(值取决于位数,32bits:0x0018,或64:0x0028),第二个应该是 0x00001.
然后,使用 #pragma pack push/pop(MSVC 编译器)围绕包含 header 定义 CHANNEL_ENTRY_POINTS 结构以在编译时强制正确对齐。
我正在开发一个 rdp 虚拟通道应用程序。我已经在注册表中注册了客户端 dll 并试图理解,客户端 dll 已加载。
但是我在从 pEntryPoints 调用 pVirtualChannelInit 时卡住了。
它只是没有 return 任何结果,调试器转到此函数的反汇编代码。但是如果不停止这个调用,VirtualChannelEntry 第二次调用(为什么?)。
如果我使用调试器mstsc.exe。
第一次通话后一段时间后,在控制台中我可以看到:
First-chance exception at 0x00000004 in mstsc.exe: 0xC0000005: an access violation in the performance at 0x00000004. //用google翻译
当 rdp 会话出现在屏幕上时,第二次调用后:
First-chance exception at 0x773EC42D (KernelBase.dll) in mstsc.exe: 0x000006BA: RPC server is unavailable.
First-chance exception at 0x773EC42D (KernelBase.dll) in mstsc.exe: 0x000006BA: RPC server is unavailable.
First-chance exception at 0x773EC42D (KernelBase.dll) in mstsc.exe: 0x000006BA: RPC server is unavailable.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: unsigned long at memory location 0x06CCF8C0.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
First-chance exception at 0x773EC42D in mstsc.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.
pEntryPoints 中的指针总是:
pVirtualChannelInit - 0x00000004
pVirtualChannelOpen - 0x0000ffff
pVirtualChannelClose - 0x000000b8
pVirtualChannelWrite - 0x00000000 (Why 0?)
HANDLE ClientHandle = NULL;
CHANNEL_DEF pChannel[1];
CHANNEL_ENTRY_POINTS SavedEntryPoints;
PCHANNEL_INIT_EVENT_FN pChannelInitEventProc;
BOOL VCAPITYPE VirtualChannelEntry(PCHANNEL_ENTRY_POINTS pEntryPoints)
{
ofstream myfile;
myfile.open ("D:\Projects\bench_cli\ConsoleApplication1\Release\example.txt");
myfile << "Writing this to a file.\n";
UINT retval1 = 0;
ZeroMemory(&pChannel[0], sizeof(CHANNEL_DEF));
strcpy(pChannel[0].name, "Bench");
pChannel[0].options = CHANNEL_OPTION_ENCRYPT_RDP | CHANNEL_OPTION_COMPRESS_RDP;
pChannelInitEventProc = VirtualChannelInitEvent;
memcpy(&SavedEntryPoints, pEntryPoints, sizeof(CHANNEL_ENTRY_POINTS));
myfile << " copied" << endl;
// call VirtualChannelInit using the function pointer in
// PCHANNEL_ENTRY_POINTS
myfile << "Initing" << endl;
retval1 = pEntryPoints->pVirtualChannelInit (&ClientHandle,
pChannel, 1, VIRTUAL_CHANNEL_VERSION_WIN2000,
pChannelInitEventProc); //here we stuck
myfile << " init" << endl; //this never printed
myfile.close();
return TRUE;
}
VOID VCAPITYPE VirtualChannelInitEvent( LPVOID pInitHandle, UINT event, LPVOID pData, UINT dataLength)
{
...//never called
}
pVirtualChannelInit 应该是一个有效的指针(指向代码)。 0x00000004 不是,因此 access violation
你的问题可能是由于编译时的结构packing/alignment不正确造成的。
通过检查传递给 VirtualChannelEntry 实现的 PCHANNEL_ENTRY_POINTS pEntryPoints 参数指向的内存,使用调试器找出正确的对齐方式。该结构以 2 32 位 值开头,后跟 4 个函数指针。第一个字段是大小字段(值取决于位数,32bits:0x0018,或64:0x0028),第二个应该是 0x00001.
然后,使用 #pragma pack push/pop(MSVC 编译器)围绕包含 header 定义 CHANNEL_ENTRY_POINTS 结构以在编译时强制正确对齐。