首页
社区
课程
招聘
[求助]LPC通信连接建立成功后,客户进程向服务进程发送消息NtReplyPort失败
发表于: 2016-10-26 15:22 4137

[求助]LPC通信连接建立成功后,客户进程向服务进程发送消息NtReplyPort失败

2016-10-26 15:22
4137
LPC通信连接建立成功后,客户进程向服务进程发送消息NtReplyPort失败 错误值0xc000000d,就两个参数。不知道哪里错误了。

服务代码:
DWORD CdirveInjectDlg::NewlpcServer(LPVOID lpParam)
{
  CdirveInjectDlg *pThis = (CdirveInjectDlg*)lpParam;

  HANDLE hserverPort;
  HANDLE hAcceptPort;
  OBJECT_ATTRIBUTES oa;//此结构可以看msdn
  TLPC_PORTMSG pmRecv;
  TLPC_PORTMSG pmSend;
  NTSTATUS status;
  TCHAR  outInfo[MAX_PATH] = { 0 };

  do
  {
    //初始化Unicode字串
    pThis->meRtlInitUnicodeString(&pThis->portName, L"\\RPC Control\\DEMO PORT");
    //定义并填充结构体
    InitializeObjectAttributes(&oa, &pThis->portName, /*0*/OBJ_CASE_INSENSITIVE| OBJ_FORCE_ACCESS_CHECK, NULL,NULL);
    //创建LPC server port
    status = pThis->meNtCreatePort(&hserverPort, &oa,  TLPC_MAX_MSG_DATA_LENGTH,sizeof(TLPC_PORTMSG), 0);
    if (!NT_SUCCESS(status)) { OutputDebugString("NtCreatePort fail\r\n");break; }
    else{ OutputDebugString("NtCreatePort succeed\r\n"); }
    status = pThis->meNtListenPort(hserverPort, (PPORT_MESSAGE)(&pmRecv));
    if (!NT_SUCCESS(status)) { OutputDebugString("NtListenPort fail\r\n");break; }
    //////连接消息
    sprintf_s(outInfo, "连接消息格式\nprocessID:%08x\nthreadID%08x\nMessageType %d\nMessageSize %d\nMessageID %x\nDataSize %d\n\n",
      pmRecv.header.ClientId.UniqueProcess,
      pmRecv.header.ClientId.UniqueThread,
      pmRecv.header.u2.s2.Type,
      pmRecv.header.u1.s1.TotalLength,
      pmRecv.header.MessageId,
      pmRecv.header.u1.s1.DataLength);
    OutputDebugString(outInfo);
    sprintf_s(outInfo, "请求内容:\r\n%s\r\n", pmRecv.Data);
    OutputDebugString(outInfo);
    //接收连接
    status = pThis->meNtAcceptConnectPort(&hAcceptPort, 0, /*&pmSend.header*/(PPORT_MESSAGE)&pmRecv, TRUE, 0, 0);
    if (!NT_SUCCESS(status)) { OutputDebugString("NtAcceptConnectPort fail\r\n");break; }
    else { OutputDebugString("NtAcceptConnectPort succeed\r\n");}
    //唤醒客户
    status = pThis->meNtCompleteConnectPort(hAcceptPort);
    if (!NT_SUCCESS(status)) { OutputDebugString("NtCompleteConnectPort fail\r\n");break; }
    //握手完成之后就开始循环与client通信了
    while (true)
    {
      OutputDebugString("等待客户端消息...\r\n");
      status = pThis->meNtReplyWaitReceivePort(hAcceptPort, 0, 0, (PPORT_MESSAGE)&pmRecv);
      if (!NT_SUCCESS(status)) { OutputDebugString("NtReplyWaitReceivePort fail\r\n");break; }
      sprintf_s(outInfo, "收到客户端%d新消息:\n%s\n", pmRecv.header.ClientId.UniqueProcess, pmRecv.Data);
      OutputDebugString(outInfo);
    }

  } while (FALSE);
  

  return 0;
}

//客户
DWORD ClpcclDlg::lpcthreadCL(LPVOID lpParam)
{
  ClpcclDlg * pThis = (ClpcclDlg*)lpParam;
  TCHAR  outInfo[MAX_PATH] = { 0 };
  HANDLE portServer = NULL;
  SECURITY_QUALITY_OF_SERVICE SecurityQos;
  NTSTATUS status;
  UNICODE_STRING portName;
  TLPC_PORTMSG pmRecv;
  TLPC_PORTMSG pmSend;
  memset(&pmSend, 0, sizeof(pmSend));
  memset(&pmRecv, 0, sizeof(pmRecv));
  ULONG ConnectInfoSize = sizeof(TLPC_PORTMSG);

  do
  {
    pThis->meRtlInitUnicodeString(&portName, L"\\RPC Control\\DEMO PORT");
    SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
    SecurityQos.EffectiveOnly = TRUE/*FALSE*/;
    SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
    SecurityQos.ImpersonationLevel = SecurityImpersonation;
    sprintf_s(outInfo, "connect %ws ...\r\n", portName.Buffer);
    OutputDebugString(outInfo);
    memcpy(pmRecv.Data,"HAOYJIP", TLPC_MAX_MSG_DATA_LENGTH);
    //通过该服务,客户进程可通过名称来连接到一个服务器进程
    status = pThis->meNtConnectPort(&portServer,
      &(portName),
      &SecurityQos,
      0,               // No attributes
      0,
      0,
      (char *)&pmRecv,
      &ConnectInfoSize
      );
    if (!NT_SUCCESS(status))
    {
      sprintf_s(outInfo, "NtConnectPort Failed:%x\n", status);
      OutputDebugString(outInfo); break;
    }
    OutputDebugString("client connct port ok!\r\n");
    //pmSend.h.u1.s1.DataLength = strlen("12345689")+1/*TLPC_MAX_MSG_DATA_LENGTH*/;
    //pmSend.h.u1.s1.TotalLength = sizeof(PORT_MESSAGE)+ strlen("12345689")+1/*TLPC_MAX_MSG_DATA_LENGTH*/;
    //pmSend.h.u2.s2.Type = LPC_REQUEST;
    strcpy_s((PSTR)pmSend.Data , TLPC_MAX_MSG_DATA_LENGTH, "12345689");
    //发送一个请求消息 ,并且等待此请求的应答消息
  //  status = pThis->meNtRequestWaitReplyPort(portServer, (PPORT_MESSAGE)&pmSend, (PPORT_MESSAGE)&pmRecv);
      status = pThis->meNtReplyPort(portServer, (PPORT_MESSAGE)&pmSend);
    Sleep(500000);
    CloseHandle(portServer);
  } while (false);

  return 0;
}

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (1)
雪    币: 2592
活跃值: (37)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
传的数据类型不用填写。大小要写。
2016-10-27 13:19
0
游客
登录 | 注册 方可回帖
返回
//