I was trying to build a tsp. Now the problem is, I need to get some information (from HKCU where the user config is located ) about who is making the request.
Since the TSP runs in the context of the Telephony service, I cannot access is directly. My plan was to use the functionality of LINE_CREATEDIALOGINSTANCE
to read this information exactly like the one described here and here.
The problem is again similar tho unrelated, the Telephony service + dialer is crashing with the following stack trace.
(1e4.e10): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
TSP_ATSPMod!TSPI_lineMakeCall+0x367:
000007fe`f25a53e7 48894828 **mov qword ptr [rax+28h],rcx** ds:00000000`0000002d=????????????????
0:015> kP
Child-SP RetAddr Call Site
00000000`01dbebe0 000007fe`f49c65ca TSP_ATSPMod!TSPI_lineMakeCall(
unsigned long dwRequestID = 0x103aa,
**struct HDRVLINE__ * hdLine = 0x00000000`00000005**,
struct HTAPICALL__ * htCall = 0x00000000`00010399,
struct HDRVCALL__ ** lphdCall = 0x00000000`00e85ee8,
wchar_t * lpszDestAddress = 0x00000000`00e85c80 "T444",
unsigned long dwCountryCode = 0,
struct linecallparams_tag * lpCallParams = 0x00000000`00e85df0)+0x367 [c:\freedomvoice_tsp\tsp_atspmod\tsp_atspmod.cpp @ 1714]
00000000`01dbec70 000007fe`f49db14c tapisrv+0x165ca
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\RPCRT4.dll -
00000000`01dbed50 000007fe`fdd523d5 tapisrv!ServiceMain+0x4bb4
00000000`01dbed90 000007fe`fddfb68e RPCRT4!RpcBindingSetAuthInfoW+0xe5
00000000`01dbedf0 000007fe`fdd3ac40 RPCRT4!Ndr64AsyncServerCallAll+0x120e
00000000`01dbf3b0 000007fe`fdd450f4 RPCRT4!NdrServerCallAll+0x40
00000000`01dbf400 000007fe`fdd44f56 RPCRT4!NdrServerCall2+0x1d84
00000000`01dbf430 000007fe`fdd45679 RPCRT4!NdrServerCall2+0x1be6
00000000`01dbf550 000007fe`fdd4532d RPCRT4!NdrServerCall2+0x2309
00000000`01dbf630 000007fe`fdd62e7f RPCRT4!NdrServerCall2+0x1fbd
00000000`01dbf760 000007fe`fdd62a35 RPCRT4!RpcBindingCopy+0x5df
00000000`01dbf8a0 00000000`7739b68b RPCRT4!RpcBindingCopy+0x195
00000000`01dbf930 00000000`7739feff ntdll!TpSetTimer+0x39b
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\kernel32.dll -
00000000`01dbf9c0 00000000`7727652d ntdll!RtlValidateHeap+0x4af
00000000`01dbfcc0 00000000`773ac521 kernel32!BaseThreadInitThunk+0xd
00000000`01dbfcf0 00000000`00000000 ntdll!RtlUserThreadStart+0x21
And, the registers at the time of crash,
0:015> r
rax=**0000000000000005** rbx=0000000000e85c90 rcx=0000000000010399
rdx=000007fef261f988 rsi=0000000000e85c40 rdi=0000000001dbec60
rip=000007fef25a53e7 rsp=0000000001dbebe0 rbp=00000000000103aa
r8=0000000001dbe6c8 r9=00000000000103aa r10=0000000000000000
r11=0000000000000246 r12=0000000000e85d70 r13=0000000000000002
r14=0000000000e85c7c r15=0000000000e85ec0
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200
And, the code fragment:
PDRVLINE pLine = (PDRVLINE) hdLine;
*lphdCall = (HDRVCALL)hdLine;
typedef TUISPICREATEDIALOGINSTANCEPARAMS PARAMS;
pLine->htCall = htCall; <========= ********OFFENDING CODE************
DWORD lLength = (lstrlenW(lpszDestAddress) + 1) * sizeof(WCHAR);
PARAMS* lParams = (PARAMS*)DrvAlloc(sizeof(PARAMS) + lLength);
RtlZeroMemory(lParams, sizeof(PARAMS) + lLength);
lParams->dwRequestID = dwRequestID;
lParams->hdDlgInst = (HDRVDIALOGINSTANCE)1000;
lParams->lpszUIDLLName = L"TSP_ATSPMod.tsp";
lParams->lpParams = lParams + 1;
lParams->dwSize = lLength;
lstrcpyW((LPWSTR)(lParams + 1), lpszDestAddress);
(*pLine->pfnEventProc)(pLine->htLine, 0, LINE_CREATEDIALOGINSTANCE, (DWORD)lParams, 0, 0);
It seems we cannot cast hdLine
to PDRVLINE
.
Any idea?
PS: Using Windows 7 x64 on VMWare.
At last MSDN to the rescue: As per MSDN, the first parameter of the LINEEVENT call for this event needs to be an HPROVIDER. But if you look closely, MSDN says,
So, you have to save the
HPROVIDER hProvider
passed toTSPI_providerEnumDevices
first and use it here.The working code is,
Also make sure the method
TUISPI_providerGenericDialog
is exported correctly.