On Monday 14 October 2002 10:23 am, Ove Kaaven wrote:
On Sun, 13 Oct 2002, Greg Turner wrote:
On Sunday 13 October 2002 06:41 pm, Ove Kaaven wrote:
The pStubDesc structure should have been initialized (including setting that pointer, I think) by the NdrClientInitialize or NdrClientInitializeNew (or for DCOM, NdrProxyInitialize, but perhaps NdrProxyInitialize should call down to NdrClientInitialize/New anyway) functions. My patches didn't implement those functions, since I was mostly concerned with DCOM. Is this a real RPC app that works on Windows you're working on?
Apparently this isn't how /Oicf works in this case... the MIDL-generated source looks to me like I am recieving constant structures that should already have been initialized statically.
Oh yeah sorry, I confused MIDL_STUB_DESC with MIDL_STUB_MESSAGE, must have been too long since I looked at this. Hmm... perhaps there's a memory corruption somewhere, then?
well, that sounds about right, but how to detect such a thing...? I guess I need to learn how to create 'on change some ram' breakpoints, not to mention track down these datastructures in memory (or perhaps learn how to get debug symbols for w32-native-compiled stuff generated).
Here's what's really wierd. I just compiled this as a winelib app (this takes some doing, but basically seems to work). And the corruption goes away! I'll present a couple of theories on this below, but first, allow me to dump gobs of debugmsg output.
Here's what I get from the winelib version: ==================== trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\kernel32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\ADVAPI32.DLL' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\gdi32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\user32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\rpcrt4.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\ole32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\SHLWAPI.DLL' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\COMCTL32.DLL' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\shell32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\winspool.drv' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\comdlg32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\odbc32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\OLEAUT32.DLL' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'krnl386.exe' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'system' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'wprocs' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'GDI.EXE' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'USER.EXE' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\x11drv.dll' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'display' : builtin trace:ole:OLE32_DllEntryPoint 0x40900000 0x1 0x1 trace:ole:CoRegisterMallocSpy trace:ole:IMallocSpy_fnQueryInterface ({0000001d-0000-0000-c000-000000000046},0x406d2cec) trace:ole:IMalloc_fnAlloc (20) trace:ole:IMallocSpy_fnPreAlloc (0x40957378)->(20) trace:ole:IMallocSpy_fnPostAlloc (0x40957378)->(0x403dba70) trace:ole:IMalloc_fnAlloc --(0x403dba70) trace:ole:IMalloc_fnAlloc (20) <<snip: about 100 lines like this>> trace:ole:IMallocSpy_fnPreAlloc (0x40957378)->(20) trace:ole:IMallocSpy_fnPostAlloc (0x40957378)->(0x403e3ba8) trace:ole:IMalloc_fnAlloc --(0x403e3ba8) trace:ole:IMalloc_fnAlloc (20) trace:ole:IMallocSpy_fnPreAlloc (0x40957378)->(20) trace:ole:IMallocSpy_fnPostAlloc (0x40957378)->(0x403e3be8) trace:ole:IMalloc_fnAlloc --(0x403e3be8) trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\WINEPS.dll' : builtin trace:loaddll:MODULE_FlushModrefs Unloaded module 'C:\WINDOWS\SYSTEM\wineps.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\WINEPS.dll' : builtin trace:loaddll:MODULE_FlushModrefs Unloaded module 'C:\WINDOWS\SYSTEM\wineps.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\WINEPS.dll' : builtin trace:loaddll:MODULE_FlushModrefs Unloaded module 'C:\WINDOWS\SYSTEM\wineps.dll' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'commdlg.dll' : builtin trace:ole:RpcStringBindingComposeA ((null),"ncacn_np",(null),"\pipe\hello",(null),0x406d2e3c) RpcStringBindingCompose returned 0x0 pszStringBinding = ncacn_np:[\pipe\hello] trace:ole:RpcBindingFromStringBindingA ("ncacn_np:[\pipe\hello]",0x4002a9e0) trace:ole:RpcStringBindingParseA ("ncacn_np:[\pipe\hello]",0x406d2dc8,0x406d2dcc,0x406d2dd0,0x406d2dd4,0x406d2dd8) trace:ole:RPCRT4_CreateBindingA binding: 0x403e3e50 trace:ole:RPCRT4_SetBindingObject (*RpcBinding == ^0x403e3e50, UUID == {00000000-0000-0000-0000-000000000000}) trace:ole:RPCRT4_CompleteBindingA (RpcBinding == ^0x403e3e50, NetworkAddr == "", EndPoint == "\pipe\hello", NetworkOptions == "(null)") RpcBindingFromStringBinding returned 0x0 Calling the remote procedure 'HelloProc' Print the string 'hello, world' on the server trace:ole:NdrClientCall2 (0x4002a5c0,0x40029442,...) fixme:ole:RPCRT4_NdrClientCall2 (pStubDec == ^0x4002a5c0,pFormat = "2H",...): stub trace:ole:RPCRT4_NdrClientCall2 rpc_cli_if == ^0x400293e0 trace:ole:RPCRT4_NdrClientCall2 rpc_cli_if: Length == 68; InterfaceID == <{906b0ce0-c70b-1067-b317-00dd010662da},<1.0>>; TransferSyntax == <{8a885d04-1ceb-11c9-9fe8-08002b104860},<2.0>>; DispatchTable == ^(nil); RpcProtseqEndpointCount == 0; RpcProtseqEndpoint == ^(nil); Flags == 0 Calling the remote procedure 'Shutdown' trace:ole:NdrClientCall2 (0x4002a5c0,0x40029460,...) fixme:ole:RPCRT4_NdrClientCall2 (pStubDec == ^0x4002a5c0,pFormat = "2H",...): stub trace:ole:RPCRT4_NdrClientCall2 rpc_cli_if == ^0x400293e0 trace:ole:RPCRT4_NdrClientCall2 rpc_cli_if: Length == 68; InterfaceID == <{906b0ce0-c70b-1067-b317-00dd010662da},<1.0>>; TransferSyntax == <{8a885d04-1ceb-11c9-9fe8-08002b104860},<2.0>>; DispatchTable == ^(nil); RpcProtseqEndpointCount == 0; RpcProtseqEndpoint == ^(nil); Flags == 0 RpcStringFree returned 0x0 trace:ole:RpcBindingFree (0x4002a9e0) = 0x403e3e50 trace:ole:RPCRT4_DestroyBinding binding: 0x403e3e50 trace:ole:RPCRT4_CloseBinding (Binding == ^0x403e3e50) RpcBindingFree returned 0x0 ================================
looks great! The interfaceID is the right one, the same one I get on the server side.
now here's the native version:
================================ trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\WINDOWS\SYSTEM\kernel32.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\ADVAPI32.DLL' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\rpcrt4.dll' : builtin trace:loaddll:MODULE_LoadLibraryExA Loaded module 'C:\windows\system\msvcrt.dll' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'krnl386.exe' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'system' : builtin trace:loaddll:MODULE_LoadModule16 Loaded module 'wprocs' : builtin trace:ole:RpcStringBindingComposeA ((null),"ncacn_np",(null),"\pipe\hello",(null),0x406d2ddc) RpcStringBindingCompose returned 0x0 pszStringBinding = ncacn_np:[\pipe\hello] trace:ole:RpcBindingFromStringBindingA ("ncacn_np:[\pipe\hello]",0x403224) trace:ole:RpcStringBindingParseA ("ncacn_np:[\pipe\hello]",0x406d2d68,0x406d2d6c,0x406d2d70,0x406d2d74,0x406d2d78) trace:ole:RPCRT4_CreateBindingA binding: 0x403b4a08 trace:ole:RPCRT4_SetBindingObject (*RpcBinding == ^0x403b4a08, UUID == {00000000-0000-0000-0000-000000000000}) trace:ole:RPCRT4_CompleteBindingA (RpcBinding == ^0x403b4a08, NetworkAddr == "", EndPoint == "\pipe\hello", NetworkOptions == "(null)") RpcBindingFromStringBinding returned 0x0 Calling the remote procedure 'HelloProc' Print the string 'hello, world' on the server trace:ole:NdrClientCall2 (0x4020c2,0x406d2da4,...) fixme:ole:RPCRT4_NdrClientCall2 (pStubDec == ^0x4020c2,pFormat = "0@",...): stub trace:ole:RPCRT4_NdrClientCall2 rpc_cli_if == ^0x4832 Runtime reported exception 0xc0000005 = -1073741819 RpcStringFree returned 0x0 trace:ole:RpcBindingFree (0x403224) = 0x403b4a08 trace:ole:RPCRT4_DestroyBinding binding: 0x403b4a08 trace:ole:RPCRT4_CloseBinding (Binding == ^0x403b4a08) RpcBindingFree returned 0x0 ==================================
Serveral differences worth noting:
o Many more dlls loaded in the winelib version (why?) o lots of IMallocSpy activity in the winelib version (perhaps just part of the ole32 initialization?) o pFormat argument to RPCRT4_NdrClientCall2 is different in the winelib version (!?)
Things I had to change to get the winelib working
o remove RpcTryExcept macros from the source o change MIDL_user_allocate/MIDL_user_free to midl_user_allocate/midl_user_free (MS rpcndr.h does the opposite, but that shouldn't matter)
There were other changes but they were probably irrelevant to the matter at hand.
My theories:
o it's the try/except macros; they're causing stack corruption or something (they occur right before the NdrClientCall2) o it's MIDL_user_allocate somehow (nah) o it's a problem with dll loading (lets hope not)
Right now I will test the first theory by taking the try/except stuff out and recompiling the sample. Then, when it doesn't solve the problem, I'll be stumped again :(
any thoughts? thanks,