Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update type of FC_SYSTEM_HANDLE #72

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

nertynertynerty
Copy link

Update

In the existing Rpc Decompile process, the value of 0x3C(60) is defined as FC_UNUSED4 among the definitions of Type.
Check the URL below.

https://github.com/silverf0x/RpcView/blob/14d5e1a3b6cc02196dabdcf668ea341129b36be0/RpcDecompiler/internalRpcDecompTypeDefs.h#L599

However, as a result of checking with the dt combase!FORMAT_CHARACTER command using WinDbg, 0x3C is defined as FC_SYSTEM_HANDLE.
As a result of the search, it was confirmed that FC_SYSTEM_HANDLE type was defined as 8 bytes, and the code was modified to define it as hyper.
As a result, if the interface decompile was not properly performed due to an error in the past, it is currently being output well.

image

Before

The Uuid value used for testing is 9b8699ae-0e44-47b1-8e7f-86a461d7ecdc, and rpcss.dll.

image

After

The Uuid value used for testing is 9b8699ae-0e44-47b1-8e7f-86a461d7ecdc, and rpcss.dll.

image

Tested OS

For your information, the test OS is Windows 11 23H2 (22631.4602).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant