winhelp: Get rid of the old internal rendering.
[wine] / dlls / oleaut32 / tmarshal.c
1 /*
2  *      TYPELIB Marshaler
3  *
4  *      Copyright 2002,2005     Marcus Meissner
5  *
6  * The olerelay debug channel allows you to see calls marshalled by
7  * the typelib marshaller. It is not a generic COM relaying system.
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2.1 of the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22  */
23
24 #include "config.h"
25 #include "wine/port.h"
26
27 #include <assert.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <stdarg.h>
31 #include <stdio.h>
32 #include <ctype.h>
33
34 #define COBJMACROS
35 #define NONAMELESSUNION
36 #define NONAMELESSSTRUCT
37
38 #include "winerror.h"
39 #include "windef.h"
40 #include "winbase.h"
41 #include "winnls.h"
42 #include "winreg.h"
43 #include "winuser.h"
44
45 #include "ole2.h"
46 #include "propidl.h" /* for LPSAFEARRAY_User* functions */
47 #include "typelib.h"
48 #include "variant.h"
49 #include "wine/debug.h"
50 #include "wine/exception.h"
51
52 static const WCHAR IDispatchW[] = { 'I','D','i','s','p','a','t','c','h',0};
53
54 WINE_DEFAULT_DEBUG_CHANNEL(ole);
55 WINE_DECLARE_DEBUG_CHANNEL(olerelay);
56
57 #define ICOM_THIS_MULTI(impl,field,iface) impl* const This=(impl*)((char*)(iface) - offsetof(impl,field))
58
59 static HRESULT TMarshalDispatchChannel_Create(
60     IRpcChannelBuffer *pDelegateChannel, REFIID tmarshal_riid,
61     IRpcChannelBuffer **ppChannel);
62
63 typedef struct _marshal_state {
64     LPBYTE      base;
65     int         size;
66     int         curoff;
67 } marshal_state;
68
69 /* used in the olerelay code to avoid having the L"" stuff added by debugstr_w */
70 static char *relaystr(WCHAR *in) {
71     char *tmp = (char *)debugstr_w(in);
72     tmp += 2;
73     tmp[strlen(tmp)-1] = '\0';
74     return tmp;
75 }
76
77 static HRESULT
78 xbuf_resize(marshal_state *buf, DWORD newsize)
79 {
80     if(buf->size >= newsize)
81         return S_FALSE;
82
83     if(buf->base)
84     {
85         buf->base = HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buf->base, newsize);
86         if(!buf->base)
87             return E_OUTOFMEMORY;
88     }
89     else
90     {
91         buf->base = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, newsize);
92         if(!buf->base)
93             return E_OUTOFMEMORY;
94     }
95     buf->size = newsize;
96     return S_OK;
97 }
98
99 static HRESULT
100 xbuf_add(marshal_state *buf, const BYTE *stuff, DWORD size)
101 {
102     HRESULT hr;
103
104     if(buf->size - buf->curoff < size)
105     {
106         hr = xbuf_resize(buf, buf->size + size + 100);
107         if(FAILED(hr)) return hr;
108     }
109     memcpy(buf->base+buf->curoff,stuff,size);
110     buf->curoff += size;
111     return S_OK;
112 }
113
114 static HRESULT
115 xbuf_get(marshal_state *buf, LPBYTE stuff, DWORD size) {
116     if (buf->size < buf->curoff+size) return E_FAIL;
117     memcpy(stuff,buf->base+buf->curoff,size);
118     buf->curoff += size;
119     return S_OK;
120 }
121
122 static HRESULT
123 xbuf_skip(marshal_state *buf, DWORD size) {
124     if (buf->size < buf->curoff+size) return E_FAIL;
125     buf->curoff += size;
126     return S_OK;
127 }
128
129 static HRESULT
130 _unmarshal_interface(marshal_state *buf, REFIID riid, LPUNKNOWN *pUnk) {
131     IStream             *pStm;
132     ULARGE_INTEGER      newpos;
133     LARGE_INTEGER       seekto;
134     ULONG               res;
135     HRESULT             hres;
136     DWORD               xsize;
137
138     TRACE("...%s...\n",debugstr_guid(riid));
139     
140     *pUnk = NULL;
141     hres = xbuf_get(buf,(LPBYTE)&xsize,sizeof(xsize));
142     if (hres) {
143         ERR("xbuf_get failed\n");
144         return hres;
145     }
146     
147     if (xsize == 0) return S_OK;
148     
149     hres = CreateStreamOnHGlobal(0,TRUE,&pStm);
150     if (hres) {
151         ERR("Stream create failed %x\n",hres);
152         return hres;
153     }
154     
155     hres = IStream_Write(pStm,buf->base+buf->curoff,xsize,&res);
156     if (hres) {
157         ERR("stream write %x\n",hres);
158         return hres;
159     }
160     
161     memset(&seekto,0,sizeof(seekto));
162     hres = IStream_Seek(pStm,seekto,SEEK_SET,&newpos);
163     if (hres) {
164         ERR("Failed Seek %x\n",hres);
165         return hres;
166     }
167     
168     hres = CoUnmarshalInterface(pStm,riid,(LPVOID*)pUnk);
169     if (hres) {
170         ERR("Unmarshalling interface %s failed with %x\n",debugstr_guid(riid),hres);
171         return hres;
172     }
173     
174     IStream_Release(pStm);
175     return xbuf_skip(buf,xsize);
176 }
177
178 static HRESULT
179 _marshal_interface(marshal_state *buf, REFIID riid, LPUNKNOWN pUnk) {
180     LPBYTE              tempbuf = NULL;
181     IStream             *pStm = NULL;
182     STATSTG             ststg;
183     ULARGE_INTEGER      newpos;
184     LARGE_INTEGER       seekto;
185     ULONG               res;
186     DWORD               xsize;
187     HRESULT             hres;
188
189     if (!pUnk) {
190         /* this is valid, if for instance we serialize
191          * a VT_DISPATCH with NULL ptr which apparently
192          * can happen. S_OK to make sure we continue
193          * serializing.
194          */
195         WARN("pUnk is NULL\n");
196         xsize = 0;
197         return xbuf_add(buf,(LPBYTE)&xsize,sizeof(xsize));
198     }
199
200     hres = E_FAIL;
201
202     TRACE("...%s...\n",debugstr_guid(riid));
203     
204     hres = CreateStreamOnHGlobal(0,TRUE,&pStm);
205     if (hres) {
206         ERR("Stream create failed %x\n",hres);
207         goto fail;
208     }
209     
210     hres = CoMarshalInterface(pStm,riid,pUnk,0,NULL,0);
211     if (hres) {
212         ERR("Marshalling interface %s failed with %x\n", debugstr_guid(riid), hres);
213         goto fail;
214     }
215     
216     hres = IStream_Stat(pStm,&ststg,0);
217     if (hres) {
218         ERR("Stream stat failed\n");
219         goto fail;
220     }
221     
222     tempbuf = HeapAlloc(GetProcessHeap(), 0, ststg.cbSize.u.LowPart);
223     memset(&seekto,0,sizeof(seekto));
224     hres = IStream_Seek(pStm,seekto,SEEK_SET,&newpos);
225     if (hres) {
226         ERR("Failed Seek %x\n",hres);
227         goto fail;
228     }
229     
230     hres = IStream_Read(pStm,tempbuf,ststg.cbSize.u.LowPart,&res);
231     if (hres) {
232         ERR("Failed Read %x\n",hres);
233         goto fail;
234     }
235     
236     xsize = ststg.cbSize.u.LowPart;
237     xbuf_add(buf,(LPBYTE)&xsize,sizeof(xsize));
238     hres = xbuf_add(buf,tempbuf,ststg.cbSize.u.LowPart);
239     
240     HeapFree(GetProcessHeap(),0,tempbuf);
241     IStream_Release(pStm);
242     
243     return hres;
244     
245 fail:
246     xsize = 0;
247     xbuf_add(buf,(LPBYTE)&xsize,sizeof(xsize));
248     if (pStm) IUnknown_Release(pStm);
249     HeapFree(GetProcessHeap(), 0, tempbuf);
250     return hres;
251 }
252
253 /********************* OLE Proxy/Stub Factory ********************************/
254 static HRESULT WINAPI
255 PSFacBuf_QueryInterface(LPPSFACTORYBUFFER iface, REFIID iid, LPVOID *ppv) {
256     if (IsEqualIID(iid,&IID_IPSFactoryBuffer)||IsEqualIID(iid,&IID_IUnknown)) {
257         *ppv = (LPVOID)iface;
258         /* No ref counting, static class */
259         return S_OK;
260     }
261     FIXME("(%s) unknown IID?\n",debugstr_guid(iid));
262     return E_NOINTERFACE;
263 }
264
265 static ULONG WINAPI PSFacBuf_AddRef(LPPSFACTORYBUFFER iface) { return 2; }
266 static ULONG WINAPI PSFacBuf_Release(LPPSFACTORYBUFFER iface) { return 1; }
267
268 static HRESULT
269 _get_typeinfo_for_iid(REFIID riid, ITypeInfo**ti) {
270     HRESULT     hres;
271     HKEY        ikey;
272     char        tlguid[200],typelibkey[300],interfacekey[300],ver[100];
273     char        tlfn[260];
274     OLECHAR     tlfnW[260];
275     DWORD       tlguidlen, verlen, type;
276     LONG        tlfnlen;
277     ITypeLib    *tl;
278
279     sprintf( interfacekey, "Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}\\Typelib",
280         riid->Data1, riid->Data2, riid->Data3,
281         riid->Data4[0], riid->Data4[1], riid->Data4[2], riid->Data4[3],
282         riid->Data4[4], riid->Data4[5], riid->Data4[6], riid->Data4[7]
283     );
284
285     if (RegOpenKeyA(HKEY_CLASSES_ROOT,interfacekey,&ikey)) {
286         ERR("No %s key found.\n",interfacekey);
287         return E_FAIL;
288     }
289     tlguidlen = sizeof(tlguid);
290     if (RegQueryValueExA(ikey,NULL,NULL,&type,(LPBYTE)tlguid,&tlguidlen)) {
291         ERR("Getting typelib guid failed.\n");
292         RegCloseKey(ikey);
293         return E_FAIL;
294     }
295     verlen = sizeof(ver);
296     if (RegQueryValueExA(ikey,"Version",NULL,&type,(LPBYTE)ver,&verlen)) {
297         ERR("Could not get version value?\n");
298         RegCloseKey(ikey);
299         return E_FAIL;
300     }
301     RegCloseKey(ikey);
302     sprintf(typelibkey,"Typelib\\%s\\%s\\0\\win32",tlguid,ver);
303     tlfnlen = sizeof(tlfn);
304     if (RegQueryValueA(HKEY_CLASSES_ROOT,typelibkey,tlfn,&tlfnlen)) {
305         ERR("Could not get typelib fn?\n");
306         return E_FAIL;
307     }
308     MultiByteToWideChar(CP_ACP, 0, tlfn, -1, tlfnW, sizeof(tlfnW) / sizeof(tlfnW[0]));
309     hres = LoadTypeLib(tlfnW,&tl);
310     if (hres) {
311         ERR("Failed to load typelib for %s, but it should be there.\n",debugstr_guid(riid));
312         return hres;
313     }
314     hres = ITypeLib_GetTypeInfoOfGuid(tl,riid,ti);
315     if (hres) {
316         ERR("typelib does not contain info for %s?\n",debugstr_guid(riid));
317         ITypeLib_Release(tl);
318         return hres;
319     }
320     ITypeLib_Release(tl);
321     return hres;
322 }
323
324 /*
325  * Determine the number of functions including all inherited functions.
326  * Note for non-dual dispinterfaces we simply return the size of IDispatch.
327  */
328 static HRESULT num_of_funcs(ITypeInfo *tinfo, unsigned int *num)
329 {
330     HRESULT hres;
331     TYPEATTR *attr;
332     ITypeInfo *tinfo2;
333
334     *num = 0;
335     hres = ITypeInfo_GetTypeAttr(tinfo, &attr);
336     if (hres) {
337         ERR("GetTypeAttr failed with %x\n",hres);
338         return hres;
339     }
340
341     if(attr->typekind == TKIND_DISPATCH && (attr->wTypeFlags & TYPEFLAG_FDUAL))
342     {
343         HREFTYPE href;
344         hres = ITypeInfo_GetRefTypeOfImplType(tinfo, -1, &href);
345         if(FAILED(hres))
346         {
347             ERR("Unable to get interface href from dual dispinterface\n");
348             goto end;
349         }
350         hres = ITypeInfo_GetRefTypeInfo(tinfo, href, &tinfo2);
351         if(FAILED(hres))
352         {
353             ERR("Unable to get interface from dual dispinterface\n");
354             goto end;
355         }
356         hres = num_of_funcs(tinfo2, num);
357         ITypeInfo_Release(tinfo2);
358     }
359     else
360     {
361         *num = attr->cbSizeVft / 4;
362     }
363
364  end:
365     ITypeInfo_ReleaseTypeAttr(tinfo, attr);
366     return hres;
367 }
368
369 #ifdef __i386__
370
371 #include "pshpack1.h"
372
373 typedef struct _TMAsmProxy {
374     BYTE        popleax;
375     BYTE        pushlval;
376     DWORD       nr;
377     BYTE        pushleax;
378     BYTE        lcall;
379     DWORD       xcall;
380     BYTE        lret;
381     WORD        bytestopop;
382     BYTE        nop;
383 } TMAsmProxy;
384
385 #include "poppack.h"
386
387 #else /* __i386__ */
388 # warning You need to implement stubless proxies for your architecture
389 typedef struct _TMAsmProxy {
390 } TMAsmProxy;
391 #endif
392
393 typedef struct _TMProxyImpl {
394     LPVOID                             *lpvtbl;
395     const IRpcProxyBufferVtbl          *lpvtbl2;
396     LONG                                ref;
397
398     TMAsmProxy                          *asmstubs;
399     ITypeInfo*                          tinfo;
400     IRpcChannelBuffer*                  chanbuf;
401     IID                                 iid;
402     CRITICAL_SECTION    crit;
403     IUnknown                            *outerunknown;
404     IDispatch                           *dispatch;
405     IRpcProxyBuffer                     *dispatch_proxy;
406 } TMProxyImpl;
407
408 static HRESULT WINAPI
409 TMProxyImpl_QueryInterface(LPRPCPROXYBUFFER iface, REFIID riid, LPVOID *ppv)
410 {
411     TRACE("()\n");
412     if (IsEqualIID(riid,&IID_IUnknown)||IsEqualIID(riid,&IID_IRpcProxyBuffer)) {
413         *ppv = (LPVOID)iface;
414         IRpcProxyBuffer_AddRef(iface);
415         return S_OK;
416     }
417     FIXME("no interface for %s\n",debugstr_guid(riid));
418     return E_NOINTERFACE;
419 }
420
421 static ULONG WINAPI
422 TMProxyImpl_AddRef(LPRPCPROXYBUFFER iface)
423 {
424     ICOM_THIS_MULTI(TMProxyImpl,lpvtbl2,iface);
425     ULONG refCount = InterlockedIncrement(&This->ref);
426
427     TRACE("(%p)->(ref before=%u)\n",This, refCount - 1);
428
429     return refCount;
430 }
431
432 static ULONG WINAPI
433 TMProxyImpl_Release(LPRPCPROXYBUFFER iface)
434 {
435     ICOM_THIS_MULTI(TMProxyImpl,lpvtbl2,iface);
436     ULONG refCount = InterlockedDecrement(&This->ref);
437
438     TRACE("(%p)->(ref before=%u)\n",This, refCount + 1);
439
440     if (!refCount)
441     {
442         if (This->dispatch_proxy) IRpcProxyBuffer_Release(This->dispatch_proxy);
443         This->crit.DebugInfo->Spare[0] = 0;
444         DeleteCriticalSection(&This->crit);
445         if (This->chanbuf) IRpcChannelBuffer_Release(This->chanbuf);
446         VirtualFree(This->asmstubs, 0, MEM_RELEASE);
447         HeapFree(GetProcessHeap(), 0, This->lpvtbl);
448         ITypeInfo_Release(This->tinfo);
449         CoTaskMemFree(This);
450     }
451     return refCount;
452 }
453
454 static HRESULT WINAPI
455 TMProxyImpl_Connect(
456     LPRPCPROXYBUFFER iface,IRpcChannelBuffer* pRpcChannelBuffer)
457 {
458     ICOM_THIS_MULTI(TMProxyImpl, lpvtbl2, iface);
459
460     TRACE("(%p)\n", pRpcChannelBuffer);
461
462     EnterCriticalSection(&This->crit);
463
464     IRpcChannelBuffer_AddRef(pRpcChannelBuffer);
465     This->chanbuf = pRpcChannelBuffer;
466
467     LeaveCriticalSection(&This->crit);
468
469     if (This->dispatch_proxy)
470     {
471         IRpcChannelBuffer *pDelegateChannel;
472         HRESULT hr = TMarshalDispatchChannel_Create(pRpcChannelBuffer, &This->iid, &pDelegateChannel);
473         if (FAILED(hr))
474             return hr;
475         hr = IRpcProxyBuffer_Connect(This->dispatch_proxy, pDelegateChannel);
476         IRpcChannelBuffer_Release(pDelegateChannel);
477         return hr;
478     }
479
480     return S_OK;
481 }
482
483 static void WINAPI
484 TMProxyImpl_Disconnect(LPRPCPROXYBUFFER iface)
485 {
486     ICOM_THIS_MULTI(TMProxyImpl, lpvtbl2, iface);
487
488     TRACE("()\n");
489
490     EnterCriticalSection(&This->crit);
491
492     IRpcChannelBuffer_Release(This->chanbuf);
493     This->chanbuf = NULL;
494
495     LeaveCriticalSection(&This->crit);
496
497     if (This->dispatch_proxy)
498         IRpcProxyBuffer_Disconnect(This->dispatch_proxy);
499 }
500
501
502 static const IRpcProxyBufferVtbl tmproxyvtable = {
503     TMProxyImpl_QueryInterface,
504     TMProxyImpl_AddRef,
505     TMProxyImpl_Release,
506     TMProxyImpl_Connect,
507     TMProxyImpl_Disconnect
508 };
509
510 /* how much space do we use on stack in DWORD steps. */
511 int
512 _argsize(DWORD vt) {
513     switch (vt) {
514     case VT_UI8:
515         return 8/sizeof(DWORD);
516     case VT_R8:
517         return sizeof(double)/sizeof(DWORD);
518     case VT_CY:
519         return sizeof(CY)/sizeof(DWORD);
520     case VT_DATE:
521         return sizeof(DATE)/sizeof(DWORD);
522     case VT_VARIANT:
523         return (sizeof(VARIANT)+3)/sizeof(DWORD);
524     default:
525         return 1;
526     }
527 }
528
529 static int
530 _xsize(const TYPEDESC *td) {
531     switch (td->vt) {
532     case VT_DATE:
533         return sizeof(DATE);
534     case VT_VARIANT:
535         return sizeof(VARIANT)+3;
536     case VT_CARRAY: {
537         int i, arrsize = 1;
538         const ARRAYDESC *adesc = td->u.lpadesc;
539
540         for (i=0;i<adesc->cDims;i++)
541             arrsize *= adesc->rgbounds[i].cElements;
542         return arrsize*_xsize(&adesc->tdescElem);
543     }
544     case VT_UI8:
545     case VT_I8:
546         return 8;
547     case VT_UI2:
548     case VT_I2:
549         return 2;
550     case VT_UI1:
551     case VT_I1:
552         return 1;
553     default:
554         return 4;
555     }
556 }
557
558 static HRESULT
559 serialize_param(
560     ITypeInfo           *tinfo,
561     BOOL                writeit,
562     BOOL                debugout,
563     BOOL                dealloc,
564     TYPEDESC            *tdesc,
565     DWORD               *arg,
566     marshal_state       *buf)
567 {
568     HRESULT hres = S_OK;
569
570     TRACE("(tdesc.vt %s)\n",debugstr_vt(tdesc->vt));
571
572     switch (tdesc->vt) {
573     case VT_EMPTY: /* nothing. empty variant for instance */
574         return S_OK;
575     case VT_I8:
576     case VT_UI8:
577     case VT_R8:
578     case VT_CY:
579         hres = S_OK;
580         if (debugout) TRACE_(olerelay)("%x%x\n",arg[0],arg[1]);
581         if (writeit)
582             hres = xbuf_add(buf,(LPBYTE)arg,8);
583         return hres;
584     case VT_BOOL:
585     case VT_ERROR:
586     case VT_INT:
587     case VT_UINT:
588     case VT_I4:
589     case VT_R4:
590     case VT_UI4:
591         hres = S_OK;
592         if (debugout) TRACE_(olerelay)("%x\n",*arg);
593         if (writeit)
594             hres = xbuf_add(buf,(LPBYTE)arg,sizeof(DWORD));
595         return hres;
596     case VT_I2:
597     case VT_UI2:
598         hres = S_OK;
599         if (debugout) TRACE_(olerelay)("%04x\n",*arg & 0xffff);
600         if (writeit)
601             hres = xbuf_add(buf,(LPBYTE)arg,sizeof(DWORD));
602         return hres;
603     case VT_I1:
604     case VT_UI1:
605         hres = S_OK;
606         if (debugout) TRACE_(olerelay)("%02x\n",*arg & 0xff);
607         if (writeit)
608             hres = xbuf_add(buf,(LPBYTE)arg,sizeof(DWORD));
609         return hres;
610     case VT_I4|VT_BYREF:
611         hres = S_OK;
612         if (debugout) TRACE_(olerelay)("&0x%x\n",*arg);
613         if (writeit)
614             hres = xbuf_add(buf,(LPBYTE)(DWORD*)*arg,sizeof(DWORD));
615         /* do not dealloc at this time */
616         return hres;
617     case VT_VARIANT: {
618         TYPEDESC        tdesc2;
619         VARIANT         *vt = (VARIANT*)arg;
620         DWORD           vttype = V_VT(vt);
621
622         if (debugout) TRACE_(olerelay)("Vt(%s%s)(",debugstr_vt(vttype),debugstr_vf(vttype));
623         tdesc2.vt = vttype;
624         if (writeit) {
625             hres = xbuf_add(buf,(LPBYTE)&vttype,sizeof(vttype));
626             if (hres) return hres;
627         }
628         /* need to recurse since we need to free the stuff */
629         hres = serialize_param(tinfo,writeit,debugout,dealloc,&tdesc2,(DWORD*)&(V_I4(vt)),buf);
630         if (debugout) TRACE_(olerelay)(")");
631         return hres;
632     }
633     case VT_BSTR|VT_BYREF: {
634         if (debugout) TRACE_(olerelay)("[byref]'%s'", *(BSTR*)*arg ? relaystr(*((BSTR*)*arg)) : "<bstr NULL>");
635         if (writeit) {
636             /* ptr to ptr to magic widestring, basically */
637             BSTR *bstr = (BSTR *) *arg;
638             DWORD len;
639             if (!*bstr) {
640                 /* -1 means "null string" which is equivalent to empty string */
641                 len = -1;     
642                 hres = xbuf_add(buf, (LPBYTE)&len,sizeof(DWORD));
643                 if (hres) return hres;
644             } else {
645                 len = *((DWORD*)*bstr-1)/sizeof(WCHAR);
646                 hres = xbuf_add(buf,(LPBYTE)&len,sizeof(DWORD));
647                 if (hres) return hres;
648                 hres = xbuf_add(buf,(LPBYTE)*bstr,len * sizeof(WCHAR));
649                 if (hres) return hres;
650             }
651         }
652
653         if (dealloc && arg) {
654             BSTR *str = *((BSTR **)arg);
655             SysFreeString(*str);
656         }
657         return S_OK;
658     }
659     
660     case VT_BSTR: {
661         if (debugout) {
662             if (*arg)
663                    TRACE_(olerelay)("%s",relaystr((WCHAR*)*arg));
664             else
665                     TRACE_(olerelay)("<bstr NULL>");
666         }
667         if (writeit) {
668             BSTR bstr = (BSTR)*arg;
669             DWORD len;
670             if (!bstr) {
671                 len = -1;
672                 hres = xbuf_add(buf,(LPBYTE)&len,sizeof(DWORD));
673                 if (hres) return hres;
674             } else {
675                 len = *((DWORD*)bstr-1)/sizeof(WCHAR);
676                 hres = xbuf_add(buf,(LPBYTE)&len,sizeof(DWORD));
677                 if (hres) return hres;
678                 hres = xbuf_add(buf,(LPBYTE)bstr,len * sizeof(WCHAR));
679                 if (hres) return hres;
680             }
681         }
682
683         if (dealloc && arg)
684             SysFreeString((BSTR)*arg);
685         return S_OK;
686     }
687     case VT_PTR: {
688         DWORD cookie;
689         BOOL        derefhere = TRUE;
690
691         if (tdesc->u.lptdesc->vt == VT_USERDEFINED) {
692             ITypeInfo   *tinfo2;
693             TYPEATTR    *tattr;
694
695             hres = ITypeInfo_GetRefTypeInfo(tinfo,tdesc->u.lptdesc->u.hreftype,&tinfo2);
696             if (hres) {
697                 ERR("Could not get typeinfo of hreftype %x for VT_USERDEFINED.\n",tdesc->u.lptdesc->u.hreftype);
698                 return hres;
699             }
700             ITypeInfo_GetTypeAttr(tinfo2,&tattr);
701             switch (tattr->typekind) {
702             case TKIND_ALIAS:
703                 if (tattr->tdescAlias.vt == VT_USERDEFINED)
704                 {
705                     DWORD href = tattr->tdescAlias.u.hreftype;
706                     ITypeInfo_ReleaseTypeAttr(tinfo, tattr);
707                     ITypeInfo_Release(tinfo2);
708                     hres = ITypeInfo_GetRefTypeInfo(tinfo,href,&tinfo2);
709                     if (hres) {
710                         ERR("Could not get typeinfo of hreftype %x for VT_USERDEFINED.\n",tdesc->u.lptdesc->u.hreftype);
711                         return hres;
712                     }
713                     ITypeInfo_GetTypeAttr(tinfo2,&tattr);
714                     derefhere = (tattr->typekind != TKIND_DISPATCH && tattr->typekind != TKIND_INTERFACE);
715                 }
716                 break;
717             case TKIND_ENUM:    /* confirmed */
718             case TKIND_RECORD:  /* FIXME: mostly untested */
719                 break;
720             case TKIND_DISPATCH:        /* will be done in VT_USERDEFINED case */
721             case TKIND_INTERFACE:       /* will be done in VT_USERDEFINED case */
722                 derefhere=FALSE;
723                 break;
724             default:
725                 FIXME("unhandled switch cases tattr->typekind %d\n", tattr->typekind);
726                 derefhere=FALSE;
727                 break;
728             }
729             ITypeInfo_ReleaseTypeAttr(tinfo, tattr);
730             ITypeInfo_Release(tinfo2);
731         }
732
733         if (debugout) TRACE_(olerelay)("*");
734         /* Write always, so the other side knows when it gets a NULL pointer.
735          */
736         cookie = *arg ? 0x42424242 : 0;
737         hres = xbuf_add(buf,(LPBYTE)&cookie,sizeof(cookie));
738         if (hres)
739             return hres;
740         if (!*arg) {
741             if (debugout) TRACE_(olerelay)("NULL");
742             return S_OK;
743         }
744         hres = serialize_param(tinfo,writeit,debugout,dealloc,tdesc->u.lptdesc,(DWORD*)*arg,buf);
745         if (derefhere && dealloc) HeapFree(GetProcessHeap(),0,(LPVOID)*arg);
746         return hres;
747     }
748     case VT_UNKNOWN:
749         if (debugout) TRACE_(olerelay)("unk(0x%x)",*arg);
750         if (writeit)
751             hres = _marshal_interface(buf,&IID_IUnknown,(LPUNKNOWN)*arg);
752         if (dealloc && *(IUnknown **)arg)
753             IUnknown_Release((LPUNKNOWN)*arg);
754         return hres;
755     case VT_DISPATCH:
756         if (debugout) TRACE_(olerelay)("idisp(0x%x)",*arg);
757         if (writeit)
758             hres = _marshal_interface(buf,&IID_IDispatch,(LPUNKNOWN)*arg);
759         if (dealloc && *(IUnknown **)arg)
760             IUnknown_Release((LPUNKNOWN)*arg);
761         return hres;
762     case VT_VOID:
763         if (debugout) TRACE_(olerelay)("<void>");
764         return S_OK;
765     case VT_USERDEFINED: {
766         ITypeInfo       *tinfo2;
767         TYPEATTR        *tattr;
768
769         hres = ITypeInfo_GetRefTypeInfo(tinfo,tdesc->u.hreftype,&tinfo2);
770         if (hres) {
771             ERR("Could not get typeinfo of hreftype %x for VT_USERDEFINED.\n",tdesc->u.hreftype);
772             return hres;
773         }
774         ITypeInfo_GetTypeAttr(tinfo2,&tattr);
775         switch (tattr->typekind) {
776         case TKIND_DISPATCH:
777         case TKIND_INTERFACE:
778             if (writeit)
779                hres=_marshal_interface(buf,&(tattr->guid),(LPUNKNOWN)arg);
780             if (dealloc)
781                 IUnknown_Release((LPUNKNOWN)arg);
782             break;
783         case TKIND_RECORD: {
784             int i;
785             if (debugout) TRACE_(olerelay)("{");
786             for (i=0;i<tattr->cVars;i++) {
787                 VARDESC *vdesc;
788                 ELEMDESC *elem2;
789                 TYPEDESC *tdesc2;
790
791                 hres = ITypeInfo2_GetVarDesc(tinfo2, i, &vdesc);
792                 if (hres) {
793                     ERR("Could not get vardesc of %d\n",i);
794                     return hres;
795                 }
796                 elem2 = &vdesc->elemdescVar;
797                 tdesc2 = &elem2->tdesc;
798                 hres = serialize_param(
799                     tinfo2,
800                     writeit,
801                     debugout,
802                     dealloc,
803                     tdesc2,
804                     (DWORD*)(((LPBYTE)arg)+vdesc->u.oInst),
805                     buf
806                 );
807                 ITypeInfo_ReleaseVarDesc(tinfo2, vdesc);
808                 if (hres!=S_OK)
809                     return hres;
810                 if (debugout && (i<(tattr->cVars-1)))
811                     TRACE_(olerelay)(",");
812             }
813             if (debugout) TRACE_(olerelay)("}");
814             break;
815         }
816         case TKIND_ALIAS:
817             hres = serialize_param(tinfo2,writeit,debugout,dealloc,&tattr->tdescAlias,arg,buf);
818             break;
819         case TKIND_ENUM:
820             hres = S_OK;
821             if (debugout) TRACE_(olerelay)("%x",*arg);
822             if (writeit)
823                 hres = xbuf_add(buf,(LPBYTE)arg,sizeof(DWORD));
824             break;
825         default:
826             FIXME("Unhandled typekind %d\n",tattr->typekind);
827             hres = E_FAIL;
828             break;
829         }
830         ITypeInfo_ReleaseTypeAttr(tinfo2, tattr);
831         ITypeInfo_Release(tinfo2);
832         return hres;
833     }
834     case VT_CARRAY: {
835         ARRAYDESC *adesc = tdesc->u.lpadesc;
836         int i, arrsize = 1;
837
838         if (debugout) TRACE_(olerelay)("carr");
839         for (i=0;i<adesc->cDims;i++) {
840             if (debugout) TRACE_(olerelay)("[%d]",adesc->rgbounds[i].cElements);
841             arrsize *= adesc->rgbounds[i].cElements;
842         }
843         if (debugout) TRACE_(olerelay)("(vt %s)",debugstr_vt(adesc->tdescElem.vt));
844         if (debugout) TRACE_(olerelay)("[");
845         for (i=0;i<arrsize;i++) {
846             hres = serialize_param(tinfo, writeit, debugout, dealloc, &adesc->tdescElem, (DWORD*)((LPBYTE)arg+i*_xsize(&adesc->tdescElem)), buf);
847             if (hres)
848                 return hres;
849             if (debugout && (i<arrsize-1)) TRACE_(olerelay)(",");
850         }
851         if (debugout) TRACE_(olerelay)("]");
852         return S_OK;
853     }
854     case VT_SAFEARRAY: {
855         if (writeit)
856         {
857             ULONG flags = MAKELONG(MSHCTX_DIFFERENTMACHINE, NDR_LOCAL_DATA_REPRESENTATION);
858             ULONG size = LPSAFEARRAY_UserSize(&flags, buf->curoff, (LPSAFEARRAY *)arg);
859             xbuf_resize(buf, size);
860             LPSAFEARRAY_UserMarshal(&flags, buf->base + buf->curoff, (LPSAFEARRAY *)arg);
861             buf->curoff = size;
862         }
863         return S_OK;
864     }
865     default:
866         ERR("Unhandled marshal type %d.\n",tdesc->vt);
867         return S_OK;
868     }
869 }
870
871 static HRESULT
872 deserialize_param(
873     ITypeInfo           *tinfo,
874     BOOL                readit,
875     BOOL                debugout,
876     BOOL                alloc,
877     TYPEDESC            *tdesc,
878     DWORD               *arg,
879     marshal_state       *buf)
880 {
881     HRESULT hres = S_OK;
882
883     TRACE("vt %s at %p\n",debugstr_vt(tdesc->vt),arg);
884
885     while (1) {
886         switch (tdesc->vt) {
887         case VT_EMPTY:
888             if (debugout) TRACE_(olerelay)("<empty>\n");
889             return S_OK;
890         case VT_NULL:
891             if (debugout) TRACE_(olerelay)("<null>\n");
892             return S_OK;
893         case VT_VARIANT: {
894             VARIANT     *vt = (VARIANT*)arg;
895
896             if (readit) {
897                 DWORD   vttype;
898                 TYPEDESC        tdesc2;
899                 hres = xbuf_get(buf,(LPBYTE)&vttype,sizeof(vttype));
900                 if (hres) {
901                     FIXME("vt type not read?\n");
902                     return hres;
903                 }
904                 memset(&tdesc2,0,sizeof(tdesc2));
905                 tdesc2.vt = vttype;
906                 V_VT(vt)  = vttype;
907                 if (debugout) TRACE_(olerelay)("Vt(%s%s)(",debugstr_vt(vttype),debugstr_vf(vttype));
908                 hres = deserialize_param(tinfo, readit, debugout, alloc, &tdesc2, (DWORD*)&(V_I4(vt)), buf);
909                 TRACE_(olerelay)(")");
910                 return hres;
911             } else {
912                 VariantInit(vt);
913                 return S_OK;
914             }
915         }
916         case VT_I8:
917         case VT_UI8:
918         case VT_R8:
919         case VT_CY:
920             if (readit) {
921                 hres = xbuf_get(buf,(LPBYTE)arg,8);
922                 if (hres) ERR("Failed to read integer 8 byte\n");
923             }
924             if (debugout) TRACE_(olerelay)("%x%x",arg[0],arg[1]);
925             return hres;
926         case VT_ERROR:
927         case VT_BOOL:
928         case VT_I4:
929         case VT_INT:
930         case VT_UINT:
931         case VT_R4:
932         case VT_UI4:
933             if (readit) {
934                 hres = xbuf_get(buf,(LPBYTE)arg,sizeof(DWORD));
935                 if (hres) ERR("Failed to read integer 4 byte\n");
936             }
937             if (debugout) TRACE_(olerelay)("%x",*arg);
938             return hres;
939         case VT_I2:
940         case VT_UI2:
941             if (readit) {
942                 DWORD x;
943                 hres = xbuf_get(buf,(LPBYTE)&x,sizeof(DWORD));
944                 if (hres) ERR("Failed to read integer 4 byte\n");
945                 memcpy(arg,&x,2);
946             }
947             if (debugout) TRACE_(olerelay)("%04x",*arg & 0xffff);
948             return hres;
949         case VT_I1:
950         case VT_UI1:
951             if (readit) {
952                 DWORD x;
953                 hres = xbuf_get(buf,(LPBYTE)&x,sizeof(DWORD));
954                 if (hres) ERR("Failed to read integer 4 byte\n");
955                 memcpy(arg,&x,1);
956             }
957             if (debugout) TRACE_(olerelay)("%02x",*arg & 0xff);
958             return hres;
959         case VT_I4|VT_BYREF:
960             hres = S_OK;
961             if (alloc)
962                 *arg = (DWORD)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,sizeof(DWORD));
963             if (readit) {
964                 hres = xbuf_get(buf,(LPBYTE)*arg,sizeof(DWORD));
965                 if (hres) ERR("Failed to read integer 4 byte\n");
966             }
967             if (debugout) TRACE_(olerelay)("&0x%x",*(DWORD*)*arg);
968             return hres;
969         case VT_BSTR|VT_BYREF: {
970             BSTR **bstr = (BSTR **)arg;
971             WCHAR       *str;
972             DWORD       len;
973
974             if (readit) {
975                 hres = xbuf_get(buf,(LPBYTE)&len,sizeof(DWORD));
976                 if (hres) {
977                     ERR("failed to read bstr klen\n");
978                     return hres;
979                 }
980                 if (len == -1) {
981                     *bstr = CoTaskMemAlloc(sizeof(BSTR *));
982                     **bstr = NULL;
983                     if (debugout) TRACE_(olerelay)("<bstr NULL>");
984                 } else {
985                     str  = HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,(len+1)*sizeof(WCHAR));
986                     hres = xbuf_get(buf,(LPBYTE)str,len*sizeof(WCHAR));
987                     if (hres) {
988                         ERR("Failed to read BSTR.\n");
989                         HeapFree(GetProcessHeap(),0,str);
990                         return hres;
991                     }
992                     *bstr = CoTaskMemAlloc(sizeof(BSTR *));
993                     **bstr = SysAllocStringLen(str,len);
994                     if (debugout) TRACE_(olerelay)("%s",relaystr(str));
995                     HeapFree(GetProcessHeap(),0,str);
996                 }
997             } else {
998                 *bstr = NULL;
999             }
1000             return S_OK;
1001         }
1002         case VT_BSTR: {
1003             WCHAR       *str;
1004             DWORD       len;
1005
1006             if (readit) {
1007                 hres = xbuf_get(buf,(LPBYTE)&len,sizeof(DWORD));
1008                 if (hres) {
1009                     ERR("failed to read bstr klen\n");
1010                     return hres;
1011                 }
1012                 if (len == -1) {
1013                     *arg = 0;
1014                     if (debugout) TRACE_(olerelay)("<bstr NULL>");
1015                 } else {
1016                     str  = HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,(len+1)*sizeof(WCHAR));
1017                     hres = xbuf_get(buf,(LPBYTE)str,len*sizeof(WCHAR));
1018                     if (hres) {
1019                         ERR("Failed to read BSTR.\n");
1020                         HeapFree(GetProcessHeap(),0,str);
1021                         return hres;
1022                     }
1023                     *arg = (DWORD)SysAllocStringLen(str,len);
1024                     if (debugout) TRACE_(olerelay)("%s",relaystr(str));
1025                     HeapFree(GetProcessHeap(),0,str);
1026                 }
1027             } else {
1028                 *arg = 0;
1029             }
1030             return S_OK;
1031         }
1032         case VT_PTR: {
1033             DWORD       cookie;
1034             BOOL        derefhere = TRUE;
1035
1036             if (tdesc->u.lptdesc->vt == VT_USERDEFINED) {
1037                 ITypeInfo       *tinfo2;
1038                 TYPEATTR        *tattr;
1039
1040                 hres = ITypeInfo_GetRefTypeInfo(tinfo,tdesc->u.lptdesc->u.hreftype,&tinfo2);
1041                 if (hres) {
1042                     ERR("Could not get typeinfo of hreftype %x for VT_USERDEFINED.\n",tdesc->u.lptdesc->u.hreftype);
1043                     return hres;
1044                 }
1045                 ITypeInfo_GetTypeAttr(tinfo2,&tattr);
1046                 switch (tattr->typekind) {
1047                 case TKIND_ALIAS:
1048                     if (tattr->tdescAlias.vt == VT_USERDEFINED)
1049                     {
1050                         DWORD href = tattr->tdescAlias.u.hreftype;
1051                         ITypeInfo_ReleaseTypeAttr(tinfo, tattr);
1052                         ITypeInfo_Release(tinfo2);
1053                         hres = ITypeInfo_GetRefTypeInfo(tinfo,href,&tinfo2);
1054                         if (hres) {
1055                             ERR("Could not get typeinfo of hreftype %x for VT_USERDEFINED.\n",tdesc->u.lptdesc->u.hreftype);
1056                             return hres;
1057                         }
1058                         ITypeInfo_GetTypeAttr(tinfo2,&tattr);
1059                         derefhere = (tattr->typekind != TKIND_DISPATCH && tattr->typekind != TKIND_INTERFACE);
1060                     }
1061                     break;
1062                 case TKIND_ENUM:        /* confirmed */
1063                 case TKIND_RECORD:      /* FIXME: mostly untested */
1064                     break;
1065                 case TKIND_DISPATCH:    /* will be done in VT_USERDEFINED case */
1066                 case TKIND_INTERFACE:   /* will be done in VT_USERDEFINED case */
1067                     derefhere=FALSE;
1068                     break;
1069                 default:
1070                     FIXME("unhandled switch cases tattr->typekind %d\n", tattr->typekind);
1071                     derefhere=FALSE;
1072                     break;
1073                 }
1074                 ITypeInfo_ReleaseTypeAttr(tinfo2, tattr);
1075                 ITypeInfo_Release(tinfo2);
1076             }
1077             /* read it in all cases, we need to know if we have 
1078              * NULL pointer or not.
1079              */
1080             hres = xbuf_get(buf,(LPBYTE)&cookie,sizeof(cookie));
1081             if (hres) {
1082                 ERR("Failed to load pointer cookie.\n");
1083                 return hres;
1084             }
1085             if (cookie != 0x42424242) {
1086                 /* we read a NULL ptr from the remote side */
1087                 if (debugout) TRACE_(olerelay)("NULL");
1088                 *arg = 0;
1089                 return S_OK;
1090             }
1091             if (debugout) TRACE_(olerelay)("*");
1092             if (alloc) {
1093                 /* Allocate space for the referenced struct */
1094                 if (derefhere)
1095                     *arg=(DWORD)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,_xsize(tdesc->u.lptdesc));
1096             }
1097             if (derefhere)
1098                 return deserialize_param(tinfo, readit, debugout, alloc, tdesc->u.lptdesc, (LPDWORD)*arg, buf);
1099             else
1100                 return deserialize_param(tinfo, readit, debugout, alloc, tdesc->u.lptdesc, arg, buf);
1101         }
1102         case VT_UNKNOWN:
1103             /* FIXME: UNKNOWN is unknown ..., but allocate 4 byte for it */
1104             if (alloc)
1105                 *arg=(DWORD)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,sizeof(DWORD));
1106             hres = S_OK;
1107             if (readit)
1108                 hres = _unmarshal_interface(buf,&IID_IUnknown,(LPUNKNOWN*)arg);
1109             if (debugout)
1110                 TRACE_(olerelay)("unk(%p)",arg);
1111             return hres;
1112         case VT_DISPATCH:
1113             hres = S_OK;
1114             if (readit)
1115                 hres = _unmarshal_interface(buf,&IID_IDispatch,(LPUNKNOWN*)arg);
1116             if (debugout)
1117                 TRACE_(olerelay)("idisp(%p)",arg);
1118             return hres;
1119         case VT_VOID:
1120             if (debugout) TRACE_(olerelay)("<void>");
1121             return S_OK;
1122         case VT_USERDEFINED: {
1123             ITypeInfo   *tinfo2;
1124             TYPEATTR    *tattr;
1125
1126             hres = ITypeInfo_GetRefTypeInfo(tinfo,tdesc->u.hreftype,&tinfo2);
1127             if (hres) {
1128                 ERR("Could not get typeinfo of hreftype %x for VT_USERDEFINED.\n",tdesc->u.hreftype);
1129                 return hres;
1130             }
1131             hres = ITypeInfo_GetTypeAttr(tinfo2,&tattr);
1132             if (hres) {
1133                 ERR("Could not get typeattr in VT_USERDEFINED.\n");
1134             } else {
1135                 switch (tattr->typekind) {
1136                 case TKIND_DISPATCH:
1137                 case TKIND_INTERFACE:
1138                     if (readit)
1139                         hres = _unmarshal_interface(buf,&(tattr->guid),(LPUNKNOWN*)arg);
1140                     break;
1141                 case TKIND_RECORD: {
1142                     int i;
1143
1144                     if (alloc)
1145                         *arg = (DWORD)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,tattr->cbSizeInstance);
1146
1147                     if (debugout) TRACE_(olerelay)("{");
1148                     for (i=0;i<tattr->cVars;i++) {
1149                         VARDESC *vdesc;
1150
1151                         hres = ITypeInfo2_GetVarDesc(tinfo2, i, &vdesc);
1152                         if (hres) {
1153                             ERR("Could not get vardesc of %d\n",i);
1154                             ITypeInfo_ReleaseTypeAttr(tinfo2, tattr);
1155                             ITypeInfo_Release(tinfo2);
1156                             return hres;
1157                         }
1158                         hres = deserialize_param(
1159                             tinfo2,
1160                             readit,
1161                             debugout,
1162                             alloc,
1163                             &vdesc->elemdescVar.tdesc,
1164                             (DWORD*)(((LPBYTE)*arg)+vdesc->u.oInst),
1165                             buf
1166                         );
1167                         ITypeInfo2_ReleaseVarDesc(tinfo2, vdesc);
1168                         if (debugout && (i<tattr->cVars-1)) TRACE_(olerelay)(",");
1169                     }
1170                     if (debugout) TRACE_(olerelay)("}");
1171                     break;
1172                 }
1173                 case TKIND_ALIAS:
1174                     hres = deserialize_param(tinfo2,readit,debugout,alloc,&tattr->tdescAlias,arg,buf);
1175                     break;
1176                 case TKIND_ENUM:
1177                     if (readit) {
1178                         hres = xbuf_get(buf,(LPBYTE)arg,sizeof(DWORD));
1179                         if (hres) ERR("Failed to read enum (4 byte)\n");
1180                     }
1181                     if (debugout) TRACE_(olerelay)("%x",*arg);
1182                     break;
1183                 default:
1184                     ERR("Unhandled typekind %d\n",tattr->typekind);
1185                     hres = E_FAIL;
1186                     break;
1187                 }
1188                 ITypeInfo_ReleaseTypeAttr(tinfo2, tattr);
1189             }
1190             if (hres)
1191                 ERR("failed to stuballoc in TKIND_RECORD.\n");
1192             ITypeInfo_Release(tinfo2);
1193             return hres;
1194         }
1195         case VT_CARRAY: {
1196             /* arg is pointing to the start of the array. */
1197             ARRAYDESC *adesc = tdesc->u.lpadesc;
1198             int         arrsize,i;
1199             arrsize = 1;
1200             if (adesc->cDims > 1) FIXME("cDims > 1 in VT_CARRAY. Does it work?\n");
1201             for (i=0;i<adesc->cDims;i++)
1202                 arrsize *= adesc->rgbounds[i].cElements;
1203             for (i=0;i<arrsize;i++)
1204                 deserialize_param(
1205                     tinfo,
1206                     readit,
1207                     debugout,
1208                     alloc,
1209                     &adesc->tdescElem,
1210                     (DWORD*)((LPBYTE)(arg)+i*_xsize(&adesc->tdescElem)),
1211                     buf
1212                 );
1213             return S_OK;
1214         }
1215     case VT_SAFEARRAY: {
1216             if (readit)
1217             {
1218                 ULONG flags = MAKELONG(MSHCTX_DIFFERENTMACHINE, NDR_LOCAL_DATA_REPRESENTATION);
1219                 unsigned char *buffer;
1220                 buffer = LPSAFEARRAY_UserUnmarshal(&flags, buf->base + buf->curoff, (LPSAFEARRAY *)arg);
1221                 buf->curoff = buffer - buf->base;
1222             }
1223             return S_OK;
1224         }
1225         default:
1226             ERR("No handler for VT type %d!\n",tdesc->vt);
1227             return S_OK;
1228         }
1229     }
1230 }
1231
1232 /* Retrieves a function's funcdesc, searching back into inherited interfaces. */
1233 static HRESULT get_funcdesc(ITypeInfo *tinfo, int iMethod, ITypeInfo **tactual, const FUNCDESC **fdesc,
1234                             BSTR *iname, BSTR *fname, UINT *num)
1235 {
1236     HRESULT hr;
1237     UINT i, impl_types;
1238     UINT inherited_funcs = 0;
1239     TYPEATTR *attr;
1240
1241     if (fname) *fname = NULL;
1242     if (iname) *iname = NULL;
1243     if (num) *num = 0;
1244     *tactual = NULL;
1245
1246     hr = ITypeInfo_GetTypeAttr(tinfo, &attr);
1247     if (FAILED(hr))
1248     {
1249         ERR("GetTypeAttr failed with %x\n",hr);
1250         return hr;
1251     }
1252
1253     if(attr->typekind == TKIND_DISPATCH)
1254     {
1255         if(attr->wTypeFlags & TYPEFLAG_FDUAL)
1256         {
1257             HREFTYPE href;
1258             ITypeInfo *tinfo2;
1259
1260             hr = ITypeInfo_GetRefTypeOfImplType(tinfo, -1, &href);
1261             if(FAILED(hr))
1262             {
1263                 ERR("Cannot get interface href from dual dispinterface\n");
1264                 ITypeInfo_ReleaseTypeAttr(tinfo, attr);
1265                 return hr;
1266             }
1267             hr = ITypeInfo_GetRefTypeInfo(tinfo, href, &tinfo2);
1268             if(FAILED(hr))
1269             {
1270                 ERR("Cannot get interface from dual dispinterface\n");
1271                 ITypeInfo_ReleaseTypeAttr(tinfo, attr);
1272                 return hr;
1273             }
1274             hr = get_funcdesc(tinfo2, iMethod, tactual, fdesc, iname, fname, num);
1275             ITypeInfo_Release(tinfo2);
1276             ITypeInfo_ReleaseTypeAttr(tinfo, attr);
1277             return hr;
1278         }
1279         ERR("Shouldn't be called with a non-dual dispinterface\n");
1280         return E_FAIL;
1281     }
1282
1283     impl_types = attr->cImplTypes;
1284     ITypeInfo_ReleaseTypeAttr(tinfo, attr);
1285
1286     for (i = 0; i < impl_types; i++)
1287     {
1288         HREFTYPE href;
1289         ITypeInfo *pSubTypeInfo;
1290         UINT sub_funcs;
1291
1292         hr = ITypeInfo_GetRefTypeOfImplType(tinfo, i, &href);
1293         if (FAILED(hr)) return hr;
1294         hr = ITypeInfo_GetRefTypeInfo(tinfo, href, &pSubTypeInfo);
1295         if (FAILED(hr)) return hr;
1296
1297         hr = get_funcdesc(pSubTypeInfo, iMethod, tactual, fdesc, iname, fname, &sub_funcs);
1298         inherited_funcs += sub_funcs;
1299         ITypeInfo_Release(pSubTypeInfo);
1300         if(SUCCEEDED(hr)) return hr;
1301     }
1302     if(iMethod < inherited_funcs)
1303     {
1304         ERR("shouldn't be here\n");
1305         return E_INVALIDARG;
1306     }
1307
1308     for(i = inherited_funcs; i <= iMethod; i++)
1309     {
1310         hr = ITypeInfoImpl_GetInternalFuncDesc(tinfo, i - inherited_funcs, fdesc);
1311         if(FAILED(hr))
1312         {
1313             if(num) *num = i;
1314             return hr;
1315         }
1316     }
1317
1318     /* found it. We don't care about num so zero it */
1319     if(num) *num = 0;
1320     *tactual = tinfo;
1321     ITypeInfo_AddRef(*tactual);
1322     if (fname) ITypeInfo_GetDocumentation(tinfo,(*fdesc)->memid,fname,NULL,NULL,NULL);
1323     if (iname) ITypeInfo_GetDocumentation(tinfo,-1,iname,NULL,NULL,NULL);
1324     return S_OK;
1325 }
1326
1327 static inline BOOL is_in_elem(const ELEMDESC *elem)
1328 {
1329     return (elem->u.paramdesc.wParamFlags & PARAMFLAG_FIN || !elem->u.paramdesc.wParamFlags);
1330 }
1331
1332 static inline BOOL is_out_elem(const ELEMDESC *elem)
1333 {
1334     return (elem->u.paramdesc.wParamFlags & PARAMFLAG_FOUT || !elem->u.paramdesc.wParamFlags);
1335 }
1336
1337 static DWORD
1338 xCall(LPVOID retptr, int method, TMProxyImpl *tpinfo /*, args */)
1339 {
1340     DWORD               *args = ((DWORD*)&tpinfo)+1, *xargs;
1341     const FUNCDESC      *fdesc;
1342     HRESULT             hres;
1343     int                 i, relaydeb = TRACE_ON(olerelay);
1344     marshal_state       buf;
1345     RPCOLEMESSAGE       msg;
1346     ULONG               status;
1347     BSTR                fname,iname;
1348     BSTR                names[10];
1349     UINT                nrofnames;
1350     DWORD               remoteresult = 0;
1351     ITypeInfo           *tinfo;
1352     IRpcChannelBuffer *chanbuf;
1353
1354     EnterCriticalSection(&tpinfo->crit);
1355
1356     hres = get_funcdesc(tpinfo->tinfo,method,&tinfo,&fdesc,&iname,&fname,NULL);
1357     if (hres) {
1358         ERR("Did not find typeinfo/funcdesc entry for method %d!\n",method);
1359         LeaveCriticalSection(&tpinfo->crit);
1360         return E_FAIL;
1361     }
1362
1363     if (!tpinfo->chanbuf)
1364     {
1365         WARN("Tried to use disconnected proxy\n");
1366         ITypeInfo_Release(tinfo);
1367         LeaveCriticalSection(&tpinfo->crit);
1368         return RPC_E_DISCONNECTED;
1369     }
1370     chanbuf = tpinfo->chanbuf;
1371     IRpcChannelBuffer_AddRef(chanbuf);
1372
1373     LeaveCriticalSection(&tpinfo->crit);
1374
1375     if (relaydeb) {
1376        TRACE_(olerelay)("->");
1377         if (iname)
1378             TRACE_(olerelay)("%s:",relaystr(iname));
1379         if (fname)
1380             TRACE_(olerelay)("%s(%d)",relaystr(fname),method);
1381         else
1382             TRACE_(olerelay)("%d",method);
1383         TRACE_(olerelay)("(");
1384     }
1385
1386     if (iname) SysFreeString(iname);
1387     if (fname) SysFreeString(fname);
1388
1389     memset(&buf,0,sizeof(buf));
1390
1391     /* normal typelib driven serializing */
1392
1393     /* Need them for hack below */
1394     memset(names,0,sizeof(names));
1395     if (ITypeInfo_GetNames(tinfo,fdesc->memid,names,sizeof(names)/sizeof(names[0]),&nrofnames))
1396         nrofnames = 0;
1397     if (nrofnames > sizeof(names)/sizeof(names[0]))
1398         ERR("Need more names!\n");
1399
1400     xargs = args;
1401     for (i=0;i<fdesc->cParams;i++) {
1402         ELEMDESC        *elem = fdesc->lprgelemdescParam+i;
1403         if (relaydeb) {
1404             if (i) TRACE_(olerelay)(",");
1405             if (i+1<nrofnames && names[i+1])
1406                 TRACE_(olerelay)("%s=",relaystr(names[i+1]));
1407         }
1408         /* No need to marshal other data than FIN and any VT_PTR. */
1409         if (!is_in_elem(elem) && (elem->tdesc.vt != VT_PTR)) {
1410             xargs+=_argsize(elem->tdesc.vt);
1411             if (relaydeb) TRACE_(olerelay)("[out]");
1412             continue;
1413         }
1414         hres = serialize_param(
1415             tinfo,
1416             is_in_elem(elem),
1417             relaydeb,
1418             FALSE,
1419             &elem->tdesc,
1420             xargs,
1421             &buf
1422         );
1423
1424         if (hres) {
1425             ERR("Failed to serialize param, hres %x\n",hres);
1426             break;
1427         }
1428         xargs+=_argsize(elem->tdesc.vt);
1429     }
1430     if (relaydeb) TRACE_(olerelay)(")");
1431
1432     memset(&msg,0,sizeof(msg));
1433     msg.cbBuffer = buf.curoff;
1434     msg.iMethod  = method;
1435     hres = IRpcChannelBuffer_GetBuffer(chanbuf,&msg,&(tpinfo->iid));
1436     if (hres) {
1437         ERR("RpcChannelBuffer GetBuffer failed, %x\n",hres);
1438         goto exit;
1439     }
1440     memcpy(msg.Buffer,buf.base,buf.curoff);
1441     if (relaydeb) TRACE_(olerelay)("\n");
1442     hres = IRpcChannelBuffer_SendReceive(chanbuf,&msg,&status);
1443     if (hres) {
1444         ERR("RpcChannelBuffer SendReceive failed, %x\n",hres);
1445         goto exit;
1446     }
1447
1448     if (relaydeb) TRACE_(olerelay)(" status = %08x (",status);
1449     if (buf.base)
1450         buf.base = HeapReAlloc(GetProcessHeap(),0,buf.base,msg.cbBuffer);
1451     else
1452         buf.base = HeapAlloc(GetProcessHeap(),0,msg.cbBuffer);
1453     buf.size = msg.cbBuffer;
1454     memcpy(buf.base,msg.Buffer,buf.size);
1455     buf.curoff = 0;
1456
1457     /* generic deserializer using typelib description */
1458     xargs = args;
1459     status = S_OK;
1460     for (i=0;i<fdesc->cParams;i++) {
1461         ELEMDESC        *elem = fdesc->lprgelemdescParam+i;
1462
1463         if (relaydeb) {
1464             if (i) TRACE_(olerelay)(",");
1465             if (i+1<nrofnames && names[i+1]) TRACE_(olerelay)("%s=",relaystr(names[i+1]));
1466         }
1467         /* No need to marshal other data than FOUT and any VT_PTR */
1468         if (!is_out_elem(elem) && (elem->tdesc.vt != VT_PTR)) {
1469             xargs += _argsize(elem->tdesc.vt);
1470             if (relaydeb) TRACE_(olerelay)("[in]");
1471             continue;
1472         }
1473         hres = deserialize_param(
1474             tinfo,
1475             is_out_elem(elem),
1476             relaydeb,
1477             FALSE,
1478             &(elem->tdesc),
1479             xargs,
1480             &buf
1481         );
1482         if (hres) {
1483             ERR("Failed to unmarshall param, hres %x\n",hres);
1484             status = hres;
1485             break;
1486         }
1487         xargs += _argsize(elem->tdesc.vt);
1488     }
1489
1490     hres = xbuf_get(&buf, (LPBYTE)&remoteresult, sizeof(DWORD));
1491     if (hres != S_OK)
1492         goto exit;
1493     if (relaydeb) TRACE_(olerelay)(") = %08x\n", remoteresult);
1494
1495     hres = remoteresult;
1496
1497 exit:
1498     IRpcChannelBuffer_FreeBuffer(chanbuf,&msg);
1499     for (i = 0; i < nrofnames; i++)
1500         SysFreeString(names[i]);
1501     HeapFree(GetProcessHeap(),0,buf.base);
1502     IRpcChannelBuffer_Release(chanbuf);
1503     ITypeInfo_Release(tinfo);
1504     TRACE("-- 0x%08x\n", hres);
1505     return hres;
1506 }
1507
1508 static HRESULT WINAPI ProxyIUnknown_QueryInterface(IUnknown *iface, REFIID riid, void **ppv)
1509 {
1510     TMProxyImpl *proxy = (TMProxyImpl *)iface;
1511
1512     TRACE("(%s, %p)\n", debugstr_guid(riid), ppv);
1513
1514     if (proxy->outerunknown)
1515         return IUnknown_QueryInterface(proxy->outerunknown, riid, ppv);
1516
1517     FIXME("No interface\n");
1518     return E_NOINTERFACE;
1519 }
1520
1521 static ULONG WINAPI ProxyIUnknown_AddRef(IUnknown *iface)
1522 {
1523     TMProxyImpl *proxy = (TMProxyImpl *)iface;
1524
1525     TRACE("\n");
1526
1527     if (proxy->outerunknown)
1528         return IUnknown_AddRef(proxy->outerunknown);
1529
1530     return 2; /* FIXME */
1531 }
1532
1533 static ULONG WINAPI ProxyIUnknown_Release(IUnknown *iface)
1534 {
1535     TMProxyImpl *proxy = (TMProxyImpl *)iface;
1536
1537     TRACE("\n");
1538
1539     if (proxy->outerunknown)
1540         return IUnknown_Release(proxy->outerunknown);
1541
1542     return 1; /* FIXME */
1543 }
1544
1545 static HRESULT WINAPI ProxyIDispatch_GetTypeInfoCount(LPDISPATCH iface, UINT * pctinfo)
1546 {
1547     TMProxyImpl *This = (TMProxyImpl *)iface;
1548
1549     TRACE("(%p)\n", pctinfo);
1550
1551     return IDispatch_GetTypeInfoCount(This->dispatch, pctinfo);
1552 }
1553
1554 static HRESULT WINAPI ProxyIDispatch_GetTypeInfo(LPDISPATCH iface, UINT iTInfo, LCID lcid, ITypeInfo** ppTInfo)
1555 {
1556     TMProxyImpl *This = (TMProxyImpl *)iface;
1557
1558     TRACE("(%d, %x, %p)\n", iTInfo, lcid, ppTInfo);
1559
1560     return IDispatch_GetTypeInfo(This->dispatch, iTInfo, lcid, ppTInfo);
1561 }
1562
1563 static HRESULT WINAPI ProxyIDispatch_GetIDsOfNames(LPDISPATCH iface, REFIID riid, LPOLESTR * rgszNames, UINT cNames, LCID lcid, DISPID * rgDispId)
1564 {
1565     TMProxyImpl *This = (TMProxyImpl *)iface;
1566
1567     TRACE("(%s, %p, %d, 0x%x, %p)\n", debugstr_guid(riid), rgszNames, cNames, lcid, rgDispId);
1568
1569     return IDispatch_GetIDsOfNames(This->dispatch, riid, rgszNames,
1570                                    cNames, lcid, rgDispId);
1571 }
1572
1573 static HRESULT WINAPI ProxyIDispatch_Invoke(LPDISPATCH iface, DISPID dispIdMember, REFIID riid, LCID lcid,
1574                                             WORD wFlags, DISPPARAMS * pDispParams, VARIANT * pVarResult,
1575                                             EXCEPINFO * pExcepInfo, UINT * puArgErr)
1576 {
1577     TMProxyImpl *This = (TMProxyImpl *)iface;
1578
1579     TRACE("(%d, %s, 0x%x, 0x%x, %p, %p, %p, %p)\n", dispIdMember,
1580           debugstr_guid(riid), lcid, wFlags, pDispParams, pVarResult,
1581           pExcepInfo, puArgErr);
1582
1583     return IDispatch_Invoke(This->dispatch, dispIdMember, riid, lcid,
1584                             wFlags, pDispParams, pVarResult, pExcepInfo,
1585                             puArgErr);
1586 }
1587
1588 typedef struct
1589 {
1590     const IRpcChannelBufferVtbl *lpVtbl;
1591     LONG                  refs;
1592     /* the IDispatch-derived interface we are handling */
1593         IID                   tmarshal_iid;
1594     IRpcChannelBuffer    *pDelegateChannel;
1595 } TMarshalDispatchChannel;
1596
1597 static HRESULT WINAPI TMarshalDispatchChannel_QueryInterface(LPRPCCHANNELBUFFER iface, REFIID riid, LPVOID *ppv)
1598 {
1599     *ppv = NULL;
1600     if (IsEqualIID(riid,&IID_IRpcChannelBuffer) || IsEqualIID(riid,&IID_IUnknown))
1601     {
1602         *ppv = (LPVOID)iface;
1603         IUnknown_AddRef(iface);
1604         return S_OK;
1605     }
1606     return E_NOINTERFACE;
1607 }
1608
1609 static ULONG WINAPI TMarshalDispatchChannel_AddRef(LPRPCCHANNELBUFFER iface)
1610 {
1611     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1612     return InterlockedIncrement(&This->refs);
1613 }
1614
1615 static ULONG WINAPI TMarshalDispatchChannel_Release(LPRPCCHANNELBUFFER iface)
1616 {
1617     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1618     ULONG ref;
1619
1620     ref = InterlockedDecrement(&This->refs);
1621     if (ref)
1622         return ref;
1623
1624         IRpcChannelBuffer_Release(This->pDelegateChannel);
1625     HeapFree(GetProcessHeap(), 0, This);
1626     return 0;
1627 }
1628
1629 static HRESULT WINAPI TMarshalDispatchChannel_GetBuffer(LPRPCCHANNELBUFFER iface, RPCOLEMESSAGE* olemsg, REFIID riid)
1630 {
1631     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1632     TRACE("(%p, %s)\n", olemsg, debugstr_guid(riid));
1633     /* Note: we are pretending to invoke a method on the interface identified
1634      * by tmarshal_iid so that we can re-use the IDispatch proxy/stub code
1635      * without the RPC runtime getting confused by not exporting an IDispatch interface */
1636     return IRpcChannelBuffer_GetBuffer(This->pDelegateChannel, olemsg, &This->tmarshal_iid);
1637 }
1638
1639 static HRESULT WINAPI TMarshalDispatchChannel_SendReceive(LPRPCCHANNELBUFFER iface, RPCOLEMESSAGE *olemsg, ULONG *pstatus)
1640 {
1641     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1642     TRACE("(%p, %p)\n", olemsg, pstatus);
1643     return IRpcChannelBuffer_SendReceive(This->pDelegateChannel, olemsg, pstatus);
1644 }
1645
1646 static HRESULT WINAPI TMarshalDispatchChannel_FreeBuffer(LPRPCCHANNELBUFFER iface, RPCOLEMESSAGE* olemsg)
1647 {
1648     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1649     TRACE("(%p)\n", olemsg);
1650     return IRpcChannelBuffer_FreeBuffer(This->pDelegateChannel, olemsg);
1651 }
1652
1653 static HRESULT WINAPI TMarshalDispatchChannel_GetDestCtx(LPRPCCHANNELBUFFER iface, DWORD* pdwDestContext, void** ppvDestContext)
1654 {
1655     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1656     TRACE("(%p,%p)\n", pdwDestContext, ppvDestContext);
1657     return IRpcChannelBuffer_GetDestCtx(This->pDelegateChannel, pdwDestContext, ppvDestContext);
1658 }
1659
1660 static HRESULT WINAPI TMarshalDispatchChannel_IsConnected(LPRPCCHANNELBUFFER iface)
1661 {
1662     TMarshalDispatchChannel *This = (TMarshalDispatchChannel *)iface;
1663     TRACE("()\n");
1664     return IRpcChannelBuffer_IsConnected(This->pDelegateChannel);
1665 }
1666
1667 static const IRpcChannelBufferVtbl TMarshalDispatchChannelVtbl =
1668 {
1669     TMarshalDispatchChannel_QueryInterface,
1670     TMarshalDispatchChannel_AddRef,
1671     TMarshalDispatchChannel_Release,
1672     TMarshalDispatchChannel_GetBuffer,
1673     TMarshalDispatchChannel_SendReceive,
1674     TMarshalDispatchChannel_FreeBuffer,
1675     TMarshalDispatchChannel_GetDestCtx,
1676     TMarshalDispatchChannel_IsConnected
1677 };
1678
1679 static HRESULT TMarshalDispatchChannel_Create(
1680     IRpcChannelBuffer *pDelegateChannel, REFIID tmarshal_riid,
1681     IRpcChannelBuffer **ppChannel)
1682 {
1683     TMarshalDispatchChannel *This = HeapAlloc(GetProcessHeap(), 0, sizeof(*This));
1684     if (!This)
1685         return E_OUTOFMEMORY;
1686
1687     This->lpVtbl = &TMarshalDispatchChannelVtbl;
1688     This->refs = 1;
1689     IRpcChannelBuffer_AddRef(pDelegateChannel);
1690     This->pDelegateChannel = pDelegateChannel;
1691     This->tmarshal_iid = *tmarshal_riid;
1692
1693     *ppChannel = (IRpcChannelBuffer *)&This->lpVtbl;
1694     return S_OK;
1695 }
1696
1697
1698 static inline HRESULT get_facbuf_for_iid(REFIID riid, IPSFactoryBuffer **facbuf)
1699 {
1700     HRESULT       hr;
1701     CLSID         clsid;
1702
1703     if ((hr = CoGetPSClsid(riid, &clsid)))
1704         return hr;
1705     return CoGetClassObject(&clsid, CLSCTX_INPROC_SERVER, NULL,
1706                              &IID_IPSFactoryBuffer, (LPVOID*)facbuf);
1707 }
1708
1709 static HRESULT init_proxy_entry_point(TMProxyImpl *proxy, unsigned int num)
1710 {
1711     int j;
1712     /* nrofargs without This */
1713     int nrofargs;
1714     ITypeInfo *tinfo2;
1715     TMAsmProxy  *xasm = proxy->asmstubs + num;
1716     HRESULT hres;
1717     const FUNCDESC *fdesc;
1718
1719     hres = get_funcdesc(proxy->tinfo, num, &tinfo2, &fdesc, NULL, NULL, NULL);
1720     if (hres) {
1721         ERR("GetFuncDesc %x should not fail here.\n",hres);
1722         return hres;
1723     }
1724     ITypeInfo_Release(tinfo2);
1725     /* some args take more than 4 byte on the stack */
1726     nrofargs = 0;
1727     for (j=0;j<fdesc->cParams;j++)
1728         nrofargs += _argsize(fdesc->lprgelemdescParam[j].tdesc.vt);
1729
1730 #ifdef __i386__
1731     if (fdesc->callconv != CC_STDCALL) {
1732         ERR("calling convention is not stdcall????\n");
1733         return E_FAIL;
1734     }
1735 /* popl %eax    -       return ptr
1736  * pushl <nr>
1737  * pushl %eax
1738  * call xCall
1739  * lret <nr> (+4)
1740  *
1741  *
1742  * arg3 arg2 arg1 <method> <returnptr>
1743  */
1744     xasm->popleax       = 0x58;
1745     xasm->pushlval      = 0x68;
1746     xasm->nr            = num;
1747     xasm->pushleax      = 0x50;
1748     xasm->lcall         = 0xe8; /* relative jump */
1749     xasm->xcall         = (DWORD)xCall;
1750     xasm->xcall        -= (DWORD)&(xasm->lret);
1751     xasm->lret          = 0xc2;
1752     xasm->bytestopop    = (nrofargs+2)*4; /* pop args, This, iMethod */
1753     xasm->nop           = 0x90;
1754     proxy->lpvtbl[num]  = xasm;
1755 #else
1756     FIXME("not implemented on non i386\n");
1757     return E_FAIL;
1758 #endif
1759     return S_OK;
1760 }
1761
1762 static HRESULT WINAPI
1763 PSFacBuf_CreateProxy(
1764     LPPSFACTORYBUFFER iface, IUnknown* pUnkOuter, REFIID riid,
1765     IRpcProxyBuffer **ppProxy, LPVOID *ppv)
1766 {
1767     HRESULT     hres;
1768     ITypeInfo   *tinfo;
1769     unsigned int i, nroffuncs;
1770     TMProxyImpl *proxy;
1771     TYPEATTR    *typeattr;
1772     BOOL        defer_to_dispatch = FALSE;
1773
1774     TRACE("(...%s...)\n",debugstr_guid(riid));
1775     hres = _get_typeinfo_for_iid(riid,&tinfo);
1776     if (hres) {
1777         ERR("No typeinfo for %s?\n",debugstr_guid(riid));
1778         return hres;
1779     }
1780
1781     hres = num_of_funcs(tinfo, &nroffuncs);
1782     if (FAILED(hres)) {
1783         ERR("Cannot get number of functions for typeinfo %s\n",debugstr_guid(riid));
1784         ITypeInfo_Release(tinfo);
1785         return hres;
1786     }
1787
1788     proxy = CoTaskMemAlloc(sizeof(TMProxyImpl));
1789     if (!proxy) return E_OUTOFMEMORY;
1790
1791     assert(sizeof(TMAsmProxy) == 16);
1792
1793     proxy->dispatch = NULL;
1794     proxy->dispatch_proxy = NULL;
1795     proxy->outerunknown = pUnkOuter;
1796     proxy->asmstubs = VirtualAlloc(NULL, sizeof(TMAsmProxy) * nroffuncs, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
1797     if (!proxy->asmstubs) {
1798         ERR("Could not commit pages for proxy thunks\n");
1799         CoTaskMemFree(proxy);
1800         return E_OUTOFMEMORY;
1801     }
1802     proxy->lpvtbl2      = &tmproxyvtable;
1803     /* one reference for the proxy */
1804     proxy->ref          = 1;
1805     proxy->tinfo        = tinfo;
1806     proxy->iid          = *riid;
1807     proxy->chanbuf      = 0;
1808
1809     InitializeCriticalSection(&proxy->crit);
1810     proxy->crit.DebugInfo->Spare[0] = (DWORD_PTR)(__FILE__ ": TMProxyImpl.crit");
1811
1812     proxy->lpvtbl = HeapAlloc(GetProcessHeap(),0,sizeof(LPBYTE)*nroffuncs);
1813
1814     /* if we derive from IDispatch then defer to its proxy for its methods */
1815     hres = ITypeInfo_GetTypeAttr(tinfo, &typeattr);
1816     if (hres == S_OK)
1817     {
1818         if (typeattr->wTypeFlags & TYPEFLAG_FDISPATCHABLE)
1819         {
1820             IPSFactoryBuffer *factory_buffer;
1821             hres = get_facbuf_for_iid(&IID_IDispatch, &factory_buffer);
1822             if (hres == S_OK)
1823             {
1824                 hres = IPSFactoryBuffer_CreateProxy(factory_buffer, NULL,
1825                     &IID_IDispatch, &proxy->dispatch_proxy,
1826                     (void **)&proxy->dispatch);
1827                 IPSFactoryBuffer_Release(factory_buffer);
1828             }
1829             if ((hres == S_OK) && (nroffuncs < 7))
1830             {
1831                 ERR("nroffuncs calculated incorrectly (%d)\n", nroffuncs);
1832                 hres = E_UNEXPECTED;
1833             }
1834             if (hres == S_OK)
1835             {
1836                 defer_to_dispatch = TRUE;
1837             }
1838         }
1839         ITypeInfo_ReleaseTypeAttr(tinfo, typeattr);
1840     }
1841
1842     for (i=0;i<nroffuncs;i++) {
1843         switch (i) {
1844         case 0:
1845                 proxy->lpvtbl[i] = ProxyIUnknown_QueryInterface;
1846                 break;
1847         case 1:
1848                 proxy->lpvtbl[i] = ProxyIUnknown_AddRef;
1849                 break;
1850         case 2:
1851                 proxy->lpvtbl[i] = ProxyIUnknown_Release;
1852                 break;
1853         case 3:
1854                 if(!defer_to_dispatch)
1855                 {
1856                     hres = init_proxy_entry_point(proxy, i);
1857                     if(FAILED(hres)) return hres;
1858                 }
1859                 else proxy->lpvtbl[3] = ProxyIDispatch_GetTypeInfoCount;
1860                 break;
1861         case 4:
1862                 if(!defer_to_dispatch)
1863                 {
1864                     hres = init_proxy_entry_point(proxy, i);
1865                     if(FAILED(hres)) return hres;
1866                 }
1867                 else proxy->lpvtbl[4] = ProxyIDispatch_GetTypeInfo;
1868                 break;
1869         case 5:
1870                 if(!defer_to_dispatch)
1871                 {
1872                     hres = init_proxy_entry_point(proxy, i);
1873                     if(FAILED(hres)) return hres;
1874                 }
1875                 else proxy->lpvtbl[5] = ProxyIDispatch_GetIDsOfNames;
1876                 break;
1877         case 6:
1878                 if(!defer_to_dispatch)
1879                 {
1880                     hres = init_proxy_entry_point(proxy, i);
1881                     if(FAILED(hres)) return hres;
1882                 }
1883                 else proxy->lpvtbl[6] = ProxyIDispatch_Invoke;
1884                 break;
1885         default:
1886                 hres = init_proxy_entry_point(proxy, i);
1887                 if(FAILED(hres)) return hres;
1888         }
1889     }
1890
1891     if (hres == S_OK)
1892     {
1893         *ppv            = (LPVOID)proxy;
1894         *ppProxy                = (IRpcProxyBuffer *)&(proxy->lpvtbl2);
1895         IUnknown_AddRef((IUnknown *)*ppv);
1896         return S_OK;
1897     }
1898     else
1899         TMProxyImpl_Release((IRpcProxyBuffer *)&proxy->lpvtbl2);
1900     return hres;
1901 }
1902
1903 typedef struct _TMStubImpl {
1904     const IRpcStubBufferVtbl   *lpvtbl;
1905     LONG                        ref;
1906
1907     LPUNKNOWN                   pUnk;
1908     ITypeInfo                   *tinfo;
1909     IID                         iid;
1910     IRpcStubBuffer              *dispatch_stub;
1911     BOOL                        dispatch_derivative;
1912 } TMStubImpl;
1913
1914 static HRESULT WINAPI
1915 TMStubImpl_QueryInterface(LPRPCSTUBBUFFER iface, REFIID riid, LPVOID *ppv)
1916 {
1917     if (IsEqualIID(riid,&IID_IRpcStubBuffer)||IsEqualIID(riid,&IID_IUnknown)){
1918         *ppv = (LPVOID)iface;
1919         IRpcStubBuffer_AddRef(iface);
1920         return S_OK;
1921     }
1922     FIXME("%s, not supported IID.\n",debugstr_guid(riid));
1923     return E_NOINTERFACE;
1924 }
1925
1926 static ULONG WINAPI
1927 TMStubImpl_AddRef(LPRPCSTUBBUFFER iface)
1928 {
1929     TMStubImpl *This = (TMStubImpl *)iface;
1930     ULONG refCount = InterlockedIncrement(&This->ref);
1931         
1932     TRACE("(%p)->(ref before=%u)\n", This, refCount - 1);
1933
1934     return refCount;
1935 }
1936
1937 static ULONG WINAPI
1938 TMStubImpl_Release(LPRPCSTUBBUFFER iface)
1939 {
1940     TMStubImpl *This = (TMStubImpl *)iface;
1941     ULONG refCount = InterlockedDecrement(&This->ref);
1942
1943     TRACE("(%p)->(ref before=%u)\n", This, refCount + 1);
1944
1945     if (!refCount)
1946     {
1947         IRpcStubBuffer_Disconnect(iface);
1948         ITypeInfo_Release(This->tinfo);
1949         if (This->dispatch_stub)
1950             IRpcStubBuffer_Release(This->dispatch_stub);
1951         CoTaskMemFree(This);
1952     }
1953     return refCount;
1954 }
1955
1956 static HRESULT WINAPI
1957 TMStubImpl_Connect(LPRPCSTUBBUFFER iface, LPUNKNOWN pUnkServer)
1958 {
1959     TMStubImpl *This = (TMStubImpl *)iface;
1960
1961     TRACE("(%p)->(%p)\n", This, pUnkServer);
1962
1963     IUnknown_AddRef(pUnkServer);
1964     This->pUnk = pUnkServer;
1965
1966     if (This->dispatch_stub)
1967         IRpcStubBuffer_Connect(This->dispatch_stub, pUnkServer);
1968
1969     return S_OK;
1970 }
1971
1972 static void WINAPI
1973 TMStubImpl_Disconnect(LPRPCSTUBBUFFER iface)
1974 {
1975     TMStubImpl *This = (TMStubImpl *)iface;
1976
1977     TRACE("(%p)->()\n", This);
1978
1979     if (This->pUnk)
1980     {
1981         IUnknown_Release(This->pUnk);
1982         This->pUnk = NULL;
1983     }
1984
1985     if (This->dispatch_stub)
1986         IRpcStubBuffer_Disconnect(This->dispatch_stub);
1987 }
1988
1989 static HRESULT WINAPI
1990 TMStubImpl_Invoke(
1991     LPRPCSTUBBUFFER iface, RPCOLEMESSAGE* xmsg,IRpcChannelBuffer*rpcchanbuf)
1992 {
1993     int         i;
1994     const FUNCDESC *fdesc;
1995     TMStubImpl *This = (TMStubImpl *)iface;
1996     HRESULT     hres;
1997     DWORD       *args = NULL, res, *xargs, nrofargs;
1998     marshal_state       buf;
1999     UINT        nrofnames = 0;
2000     BSTR        names[10];
2001     BSTR        iname = NULL;
2002     ITypeInfo   *tinfo = NULL;
2003
2004     TRACE("...\n");
2005
2006     if (xmsg->iMethod < 3) {
2007         ERR("IUnknown methods cannot be marshaled by the typelib marshaler\n");
2008         return E_UNEXPECTED;
2009     }
2010
2011     if (This->dispatch_derivative && xmsg->iMethod < sizeof(IDispatchVtbl)/sizeof(void *))
2012     {
2013         IPSFactoryBuffer *factory_buffer;
2014         hres = get_facbuf_for_iid(&IID_IDispatch, &factory_buffer);
2015         if (hres == S_OK)
2016         {
2017             hres = IPSFactoryBuffer_CreateStub(factory_buffer, &IID_IDispatch,
2018                 This->pUnk, &This->dispatch_stub);
2019             IPSFactoryBuffer_Release(factory_buffer);
2020         }
2021         if (hres != S_OK)
2022             return hres;
2023         return IRpcStubBuffer_Invoke(This->dispatch_stub, xmsg, rpcchanbuf);
2024     }
2025
2026     memset(&buf,0,sizeof(buf));
2027     buf.size    = xmsg->cbBuffer;
2028     buf.base    = HeapAlloc(GetProcessHeap(), 0, xmsg->cbBuffer);
2029     memcpy(buf.base, xmsg->Buffer, xmsg->cbBuffer);
2030     buf.curoff  = 0;
2031
2032     hres = get_funcdesc(This->tinfo,xmsg->iMethod,&tinfo,&fdesc,&iname,NULL,NULL);
2033     if (hres) {
2034         ERR("GetFuncDesc on method %d failed with %x\n",xmsg->iMethod,hres);
2035         return hres;
2036     }
2037
2038     if (iname && !lstrcmpW(iname, IDispatchW))
2039     {
2040         ERR("IDispatch cannot be marshaled by the typelib marshaler\n");
2041         hres = E_UNEXPECTED;
2042         SysFreeString (iname);
2043         goto exit;
2044     }
2045
2046     if (iname) SysFreeString (iname);
2047
2048     /* Need them for hack below */
2049     memset(names,0,sizeof(names));
2050     ITypeInfo_GetNames(tinfo,fdesc->memid,names,sizeof(names)/sizeof(names[0]),&nrofnames);
2051     if (nrofnames > sizeof(names)/sizeof(names[0])) {
2052         ERR("Need more names!\n");
2053     }
2054
2055     /*dump_FUNCDESC(fdesc);*/
2056     nrofargs = 0;
2057     for (i=0;i<fdesc->cParams;i++)
2058         nrofargs += _argsize(fdesc->lprgelemdescParam[i].tdesc.vt);
2059     args = HeapAlloc(GetProcessHeap(),0,(nrofargs+1)*sizeof(DWORD));
2060     if (!args)
2061     {
2062         hres = E_OUTOFMEMORY;
2063         goto exit;
2064     }
2065
2066     /* Allocate all stuff used by call. */
2067     xargs = args+1;
2068     for (i=0;i<fdesc->cParams;i++) {
2069         ELEMDESC        *elem = fdesc->lprgelemdescParam+i;
2070
2071         hres = deserialize_param(
2072            tinfo,
2073            is_in_elem(elem),
2074            FALSE,
2075            TRUE,
2076            &(elem->tdesc),
2077            xargs,
2078            &buf
2079         );
2080         xargs += _argsize(elem->tdesc.vt);
2081         if (hres) {
2082             ERR("Failed to deserialize param %s, hres %x\n",relaystr(names[i+1]),hres);
2083             break;
2084         }
2085     }
2086
2087     args[0] = (DWORD)This->pUnk;
2088
2089     __TRY
2090     {
2091         res = _invoke(
2092             (*((FARPROC**)args[0]))[fdesc->oVft/4],
2093             fdesc->callconv,
2094             (xargs-args),
2095             args
2096         );
2097     }
2098     __EXCEPT_ALL
2099     {
2100         DWORD dwExceptionCode = GetExceptionCode();
2101         ERR("invoke call failed with exception 0x%08x (%d)\n", dwExceptionCode, dwExceptionCode);
2102         if (FAILED(dwExceptionCode))
2103             hres = dwExceptionCode;
2104         else
2105             hres = HRESULT_FROM_WIN32(dwExceptionCode);
2106     }
2107     __ENDTRY
2108
2109     if (hres != S_OK)
2110         goto exit;
2111
2112     buf.curoff = 0;
2113
2114     xargs = args+1;
2115     for (i=0;i<fdesc->cParams;i++) {
2116         ELEMDESC        *elem = fdesc->lprgelemdescParam+i;
2117         hres = serialize_param(
2118            tinfo,
2119            is_out_elem(elem),
2120            FALSE,
2121            TRUE,
2122            &elem->tdesc,
2123            xargs,
2124            &buf
2125         );
2126         xargs += _argsize(elem->tdesc.vt);
2127         if (hres) {
2128             ERR("Failed to stuballoc param, hres %x\n",hres);
2129             break;
2130         }
2131     }
2132
2133     hres = xbuf_add (&buf, (LPBYTE)&res, sizeof(DWORD));
2134
2135     if (hres != S_OK)
2136         goto exit;
2137
2138     xmsg->cbBuffer      = buf.curoff;
2139     hres = IRpcChannelBuffer_GetBuffer(rpcchanbuf, xmsg, &This->iid);
2140     if (hres != S_OK)
2141         ERR("IRpcChannelBuffer_GetBuffer failed with error 0x%08x\n", hres);
2142
2143     if (hres == S_OK)
2144         memcpy(xmsg->Buffer, buf.base, buf.curoff);
2145
2146 exit:
2147     for (i = 0; i < nrofnames; i++)
2148         SysFreeString(names[i]);
2149
2150     ITypeInfo_Release(tinfo);
2151     HeapFree(GetProcessHeap(), 0, args);
2152
2153     HeapFree(GetProcessHeap(), 0, buf.base);
2154
2155     TRACE("returning\n");
2156     return hres;
2157 }
2158
2159 static LPRPCSTUBBUFFER WINAPI
2160 TMStubImpl_IsIIDSupported(LPRPCSTUBBUFFER iface, REFIID riid) {
2161     FIXME("Huh (%s)?\n",debugstr_guid(riid));
2162     return NULL;
2163 }
2164
2165 static ULONG WINAPI
2166 TMStubImpl_CountRefs(LPRPCSTUBBUFFER iface) {
2167     TMStubImpl *This = (TMStubImpl *)iface;
2168
2169     FIXME("()\n");
2170     return This->ref; /*FIXME? */
2171 }
2172
2173 static HRESULT WINAPI
2174 TMStubImpl_DebugServerQueryInterface(LPRPCSTUBBUFFER iface, LPVOID *ppv) {
2175     return E_NOTIMPL;
2176 }
2177
2178 static void WINAPI
2179 TMStubImpl_DebugServerRelease(LPRPCSTUBBUFFER iface, LPVOID ppv) {
2180     return;
2181 }
2182
2183 static const IRpcStubBufferVtbl tmstubvtbl = {
2184     TMStubImpl_QueryInterface,
2185     TMStubImpl_AddRef,
2186     TMStubImpl_Release,
2187     TMStubImpl_Connect,
2188     TMStubImpl_Disconnect,
2189     TMStubImpl_Invoke,
2190     TMStubImpl_IsIIDSupported,
2191     TMStubImpl_CountRefs,
2192     TMStubImpl_DebugServerQueryInterface,
2193     TMStubImpl_DebugServerRelease
2194 };
2195
2196 static HRESULT WINAPI
2197 PSFacBuf_CreateStub(
2198     LPPSFACTORYBUFFER iface, REFIID riid,IUnknown *pUnkServer,
2199     IRpcStubBuffer** ppStub
2200 ) {
2201     HRESULT hres;
2202     ITypeInfo   *tinfo;
2203     TMStubImpl  *stub;
2204     TYPEATTR *typeattr;
2205
2206     TRACE("(%s,%p,%p)\n",debugstr_guid(riid),pUnkServer,ppStub);
2207
2208     hres = _get_typeinfo_for_iid(riid,&tinfo);
2209     if (hres) {
2210         ERR("No typeinfo for %s?\n",debugstr_guid(riid));
2211         return hres;
2212     }
2213
2214     stub = CoTaskMemAlloc(sizeof(TMStubImpl));
2215     if (!stub)
2216         return E_OUTOFMEMORY;
2217     stub->lpvtbl        = &tmstubvtbl;
2218     stub->ref           = 1;
2219     stub->tinfo         = tinfo;
2220     stub->dispatch_stub = NULL;
2221     stub->dispatch_derivative = FALSE;
2222     stub->iid           = *riid;
2223     hres = IRpcStubBuffer_Connect((LPRPCSTUBBUFFER)stub,pUnkServer);
2224     *ppStub             = (LPRPCSTUBBUFFER)stub;
2225     TRACE("IRpcStubBuffer: %p\n", stub);
2226     if (hres)
2227         ERR("Connect to pUnkServer failed?\n");
2228
2229     /* if we derive from IDispatch then defer to its stub for some of its methods */
2230     hres = ITypeInfo_GetTypeAttr(tinfo, &typeattr);
2231     if (hres == S_OK)
2232     {
2233         if (typeattr->wTypeFlags & TYPEFLAG_FDISPATCHABLE)
2234             stub->dispatch_derivative = TRUE;
2235         ITypeInfo_ReleaseTypeAttr(tinfo, typeattr);
2236     }
2237
2238     return hres;
2239 }
2240
2241 static const IPSFactoryBufferVtbl psfacbufvtbl = {
2242     PSFacBuf_QueryInterface,
2243     PSFacBuf_AddRef,
2244     PSFacBuf_Release,
2245     PSFacBuf_CreateProxy,
2246     PSFacBuf_CreateStub
2247 };
2248
2249 /* This is the whole PSFactoryBuffer object, just the vtableptr */
2250 static const IPSFactoryBufferVtbl *lppsfac = &psfacbufvtbl;
2251
2252 /***********************************************************************
2253  *           TMARSHAL_DllGetClassObject
2254  */
2255 HRESULT TMARSHAL_DllGetClassObject(REFCLSID rclsid, REFIID iid,LPVOID *ppv)
2256 {
2257     if (IsEqualIID(iid,&IID_IPSFactoryBuffer)) {
2258         *ppv = &lppsfac;
2259         return S_OK;
2260     }
2261     return E_NOINTERFACE;
2262 }