A
Aleksey Karyakin
I have run into the following problem with RPC callbacks when RPC client is
built as a DLL.
1. RPC client is loaded at some address and performs some RPC calls to the
server.
2. RPC client DLL is unloaded.
3. RPC client DLL then loaded again at a different base address as in 1 and
makes another RPC call that in turn calls back the client via callback
method.
At this point RPC client fails with access violation with the following
stack:
rpcrt4.dll!DispatchCallback() + 0x1b
rpcrt4.dll!OSF_CCALL::SendReceiveHelper() + 0x68
rpcrt4.dll!OSF_CCALL::SendReceive() + 0x37
rpcrt4.dll!_I_RpcSendReceive@4() + 0x1f
rpcrt4.dll!_NdrSendReceive@8() + 0x25
rpcrt4.dll!_NdrClientCall2() + 0x17d
client.dll!Test(void * __MIDL_0000=0x0014ff10, int do_callback=1) Line 92
+ 0x13 C
client.dll!fnClient(int listen=1) Line 23 + 0xd C++
client_host.exe!main(int argc=1, char * * argv=0x00322d00) Line 20 + 0x7
C++
client_host.exe!mainCRTStartup() Line 338 + 0x11 C
kernel32.dll!_BaseProcessStart@4() + 0x23
RPC runtime tries to access the data at the address that was valid when
first DLL had been initially loaded. It looks like the is bug in RPCRT4.DLL.
The problem is reproduced consistently on WinXPSP1 and Win2003 Standard
Server.
Windows 2000 SP3 works fine.
The machine with WinXP installed had the following system DLL versions:
RPCRT4.DLL 5.1.2600.1254
KERNEL32.DLL 5.1.2600.1106
ADVAPI32.DLL 5.1.2600.1106
NTDLL.DLL 5.1.2600.1217
Regards,
Aleksey Karyakin
built as a DLL.
1. RPC client is loaded at some address and performs some RPC calls to the
server.
2. RPC client DLL is unloaded.
3. RPC client DLL then loaded again at a different base address as in 1 and
makes another RPC call that in turn calls back the client via callback
method.
At this point RPC client fails with access violation with the following
stack:
rpcrt4.dll!DispatchCallback() + 0x1b
rpcrt4.dll!OSF_CCALL::FastSendReceive() + 0x2f0c5rpcrt4.dll!OSF_CCALL:ealWithCallback() + 0x56
rpcrt4.dll!OSF_CCALL::SendReceiveHelper() + 0x68
rpcrt4.dll!OSF_CCALL::SendReceive() + 0x37
rpcrt4.dll!_I_RpcSendReceive@4() + 0x1f
rpcrt4.dll!_NdrSendReceive@8() + 0x25
rpcrt4.dll!_NdrClientCall2() + 0x17d
client.dll!Test(void * __MIDL_0000=0x0014ff10, int do_callback=1) Line 92
+ 0x13 C
client.dll!fnClient(int listen=1) Line 23 + 0xd C++
client_host.exe!main(int argc=1, char * * argv=0x00322d00) Line 20 + 0x7
C++
client_host.exe!mainCRTStartup() Line 338 + 0x11 C
kernel32.dll!_BaseProcessStart@4() + 0x23
RPC runtime tries to access the data at the address that was valid when
first DLL had been initially loaded. It looks like the is bug in RPCRT4.DLL.
The problem is reproduced consistently on WinXPSP1 and Win2003 Standard
Server.
Windows 2000 SP3 works fine.
The machine with WinXP installed had the following system DLL versions:
RPCRT4.DLL 5.1.2600.1254
KERNEL32.DLL 5.1.2600.1106
ADVAPI32.DLL 5.1.2600.1106
NTDLL.DLL 5.1.2600.1217
Regards,
Aleksey Karyakin