mspdbsrv.exe is a utility used by Microsoft to update PDB files. The compiler sends character updates to mspdbsrv via RPC, and mspdbsrv, in turn, updates the PDB file.
I am trying to understand what these updates look like. unfortunately, Microsoft did not release IDL, so I do not know the prototype of the RPC function, however, looking at these updates, since the raw data is quite interesting.
That's what I meant:
mspdbsrv.exe is the default endpoint in this case \RPC Control\mspdb_10.00.30319.01_rtl_32_00000000000733A0. But mspdbsrv has a command line argument -endpointthat sets its endpoint to another endpoint. The compiler, however, is probably always connected to the default endpoint.
I suppose I can create a kind of "Proxy Server" that listens on the MSpdbsrv endpoint by default, runs mspdbsrv.exe with another endpoint, and transparently passes through the RPC to mspdbsrv upon registration. The compiler does not know that it is connected to the proxy server because the proxy server provides the mspdbsrv endpoint.
It makes sense? How can I write such an RPC proxy server without IDL?Perhaps there is a shortcut if someone knows some details about these PDB updates?Update
I found out that the suffix of 00000000000733A0the port name is mspdbsrv ... ( mspdb_10.00.30319.01_rtl_32_00000000000733A0).
This is the network access token for the current user! Here is a snippet of how to get it:
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken) != 0)
{
TOKEN_STATISTICS tsStats;
DWORD dwOutSize;
if (GetTokenInformation(hToken, TokenStatistics, &tsStats, sizeof(tsStats), &dwOutSize))
{
printf(TEXT("%08x%08x\n"), (UINT)tsStats.AuthenticationId.HighPart, (UINT)tsStats.AuthenticationId.LowPart);
}
}
source
share