Error while parsing NDR structures

[hatRiot]

Seems like this is a NtApiDotNet issue, but it's manifesting in OVDN so filing here. When attempting to view a proxy definition, I get the following:

(23f0.1c3c): CLR exception - code e0434352 (first chance)
(23f0.1c3c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=02580234 ecx=02580234 edx=00000000 esi=02580234 edi=008fe6f8
eip=638c4a42 esp=008fe6e0 ebp=008fe704 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
mscorlib_ni+0x3f4a42:
638c4a42 8b01            mov     eax,dword ptr [ecx]  ds:002b:02580234=????????
0:000> !clrstack
OS Thread Id: 0x1c3c (0)
Child SP       IP Call Site
008fe6e0 638c4a42 System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr, Int32)
008fe70c 00957f71 NtApiDotNet.Ndr.CurrentProcessMemoryReader.ReadIntPtr(IntPtr)
008fe718 0095896f NtApiDotNet.Ndr.NdrNativeUtils.ReadPointerArray[[System.__Canon, mscorlib]](NtApiDotNet.Ndr.IMemoryReader, IntPtr, Int32, System.Func`2<IntPtr,System.__Canon>)
008fe740 009588f2 NtApiDotNet.Ndr.ProxyFileInfo.GetNames(NtApiDotNet.Ndr.IMemoryReader)
008fe758 009586dc NtApiDotNet.Ndr.NdrParser.InitFromProxyFileInfo(NtApiDotNet.Ndr.ProxyFileInfo, System.Collections.Generic.IList`1<NtApiDotNet.Ndr.NdrComProxyDefinition>, System.Collections.Generic.HashSet`1<System.Guid>)
008fe7c4 009577ef NtApiDotNet.Ndr.NdrParser.InitFromProxyFileInfoArray(IntPtr, System.Collections.Generic.IList`1<NtApiDotNet.Ndr.NdrComProxyDefinition>, System.Collections.Generic.HashSet`1<System.Guid>)
008fe804 0095681c NtApiDotNet.Ndr.NdrParser.InitFromFile(System.String, System.Guid, System.Collections.Generic.IList`1<NtApiDotNet.Ndr.NdrComProxyDefinition>, System.Collections.Generic.IEnumerable`1<System.Guid>)
008fe858 00956734 NtApiDotNet.Ndr.NdrParser+c__DisplayClass26_0.b__0()
008fe864 009566a4 NtApiDotNet.Ndr.NdrParser.RunWithAccessCatch[[System.Boolean, mscorlib]](System.Func`1)
008fe884 009565d3 NtApiDotNet.Ndr.NdrParser.ReadFromComProxyFile(System.String, System.Guid, System.Collections.Generic.IEnumerable`1<System.Guid>)
008fe8b0 00956273 OleViewDotNet.COMProxyInstance..ctor(System.String, System.Guid, NtApiDotNet.Win32.ISymbolResolver, OleViewDotNet.Database.COMRegistry)
008fe8f4 00955d7d OleViewDotNet.COMProxyInstance.GetFromCLSID(OleViewDotNet.Database.COMCLSIDEntry, NtApiDotNet.Win32.ISymbolResolver)

Under OVDN 1.4 this crashed, but it seems to be caught in 1.8 and error out. Can't provide the hosting DLL, but can provide any further information you may need.

[tyranid]

Trying to inspect the proxy information isn't an exact science, I have to use a simple heuristic to try and find the data. This means that it doesn't always work. It's possible there's a bug here I could fix but it's also possible that there isn't. Without the original proxy DLL it'd be hard to diagnose. This is why I added the code to catch memory access errors, so at least the program doesn't crash.

[hatRiot]

Thanks for the info. I'll take a look myself and contribute back any fixes/changes necessary.