nt!NtReplyWaitReceivePortEx函数分析之nt!LpcpMoveMessage拷贝csr_api_msg

第一部分：等待有信号了返回

    //
    //  The timeout on this wait and the next wait appear to be the
    //  only substantial difference between NtReplyWaitReceivePort
    //  and NtReplyWaitReceivePortEx

    Status = KeWaitForSingleObject( ReceivePort->MsgQueue.Semaphore,
                                    WrLpcReceive,
                                    WaitMode,
                                    FALSE,
                                    Timeout );

第二部分：
1: kd> dv
          PortHandle = 0x000001c4
         PortContext = 0x0084ffb0
        ReplyMessage = 0x0084fed0
      ReceiveMessage = 0x0084fed0
 
1: kd> dx -r1 ((ntkrnlmp!_PORT_MESSAGE *)0x84fed0)
((ntkrnlmp!_PORT_MESSAGE *)0x84fed0)                 : 0x84fed0 [Type: _PORT_MESSAGE *]
    [+0x000] u1               [Type: __unnamed]
    [+0x004] u2               [Type: __unnamed]
    [+0x008] ClientId         [Type: _CLIENT_ID]
    [+0x008] DoNotUseThisField : 0.000000 [Type: double]
    [+0x010] MessageId        : 0xa [Type: unsigned long]
    [+0x014] ClientViewSize   : 0x0 [Type: unsigned long]
    [+0x014] CallbackId       : 0x0 [Type: unsigned long]
1: kd> dt csr_api_msg 0x84fed0
csrsrv!CSR_API_MSG
   +0x000 h                : _PORT_MESSAGE
   +0x018 ConnectionRequest : _CSR_API_CONNECTINFO
   +0x018 CaptureBuffer    : (null)
   +0x01c ApiNumber        : 0x10001
   +0x020 ReturnValue      : 0
   +0x024 Reserved         : 0x70c50
   +0x028 u                : __unnamed

第三部分：

        //
        //  We have a message in our receive p