I am writing an adapter TSP for a phone system. This system has a TAPI API but it is incompatible with the application I am trying to TAPI-enable. In order to place a call from the correct line, I need to know some information (from HKCU) about who is making the request. Since the TSP runs in the context of the Telephony service, I cannot access is directly. My plan was to use the functionality of LINE_CREATEDIALOGINSTANCE to read this information.

The problem I'm having is that the Telephony service is crashing immediately after returning from TUISPI_providerGenericDialog with the following stack trace:

72004400() 
tapisrv.dll!_FreeDialogInstance@20()  + 0xa93 bytes 
tapisrv.dll!_ClientRequest@16()  + 0x8f bytes 
rpcrt4.dll!_Invoke@12()  + 0x30 bytes 
rpcrt4.dll!_NdrStubCall2@16()  + 0x217 bytes 
rpcrt4.dll!_NdrServerCall2@4()  + 0x19 bytes 
rpcrt4.dll!_DispatchToStubInCNoAvrf@12()  + 0x17 bytes 
rpcrt4.dll!RPC_INTERFACE::DispatchToStubWorker()  + 0xae bytes 
rpcrt4.dll!RPC_INTERFACE::DispatchToStub()  + 0x4b bytes 
rpcrt4.dll!LRPC_SCALL::DealWithRequestMessage()  + 0x1d5 bytes 
rpcrt4.dll!LRPC_ADDRESS::DealWithLRPCRequest()  + 0x90 bytes 
rpcrt4.dll!LRPC_ADDRESS::ReceiveLotsaCalls()  + 0x20c bytes 
rpcrt4.dll!RecvLotsaCallsWrapper()  + 0xd bytes 
rpcrt4.dll!BaseCachedThreadRoutine()  + 0x92 bytes 
rpcrt4.dll!ThreadStartRoutine()  + 0x1b bytes 
kernel32.dll!_BaseThreadStart@8()  + 0x34 bytes

As per this book, the Telephony service will crash if TSPI_providerFreeDialogInstance is not implemented. I have implemented this function and DepWalker shows it as being properly exported. ApiSpy32 shows that its address is correctly returned via GetProcAddress when my TSP is loaded. Why is it still crashing?

The relevant code:

LONG TSPIAPI TSPI_lineMakeCall(DRV_REQUESTID dwRequestID, HDRVLINE hdLine, HTAPICALL htCall,
    LPHDRVCALL lphdCall, LPCWSTR lpszDestAddress, DWORD dwCountryCode, LPLINECALLPARAMS const lpCallParams)
{
    OutputDebugString("TSPI_lineMakeCall\n");
    PDRVLINE pLine = (PDRVLINE) hdLine;

    *lphdCall = (HDRVCALL)hdLine;

    typedef TUISPICREATEDIALOGINSTANCEPARAMS PARAMS;

    pLine->htCall = htCall;
    DWORD lLength = (lstrlenW(lpszDestAddress) + 1) * sizeof(WCHAR);

    PARAMS* lParams = (PARAMS*)DrvAlloc(sizeof(PARAMS) + lLength);
    RtlZeroMemory(lParams, sizeof(PARAMS) + lLength);

    lParams->dwRequestID = dwRequestID;
    lParams->hdDlgInst = (HDRVDIALOGINSTANCE)1000;
    lParams->lpszUIDLLName = L"TapiAdapter.tsp";
    lParams->lpParams = lParams + 1;
    lParams->dwSize = lLength;

    lstrcpyW((LPWSTR)(lParams + 1), lpszDestAddress);
    (*pLine->pfnEventProc)(pLine->htLine, 0, LINE_CREATEDIALOGINSTANCE, (DWORD)lParams, 0, 0);

    return dwRequestID;
}


LONG TSPIAPI TSPI_providerGenericDialogData(DWORD_PTR dwObjectID, DWORD dwObjectType, LPVOID lpParams, DWORD dwSize)
{
    OutputDebugString("TSPI_providerGenericDialogData\n");
    return 0;
}

LONG TSPIAPI TSPI_providerFreeDialogInstance(HDRVDIALOGINSTANCE hdDlgInst)
{
    OutputDebugString("TSPI_providerFreeDialogInstance\n");
    return 0;
}

LONG TSPIAPI TUISPI_providerGenericDialog(TUISPIDLLCALLBACK lpfnUIDLLCallback, HTAPIDIALOGINSTANCE htDlgInst, LPVOID lpParams, DWORD dwSize, HANDLE hEvent)
{
    SetEvent(hEvent);

    LPCWSTR lNumber = (LPCWSTR)lpParams;
    MessageBoxW(0, lNumber, L"Dial Number", MB_OK);

    return 0;
}

I don't know but the help for the TUISPICREATEDIALOGINSTANCEPARAMS Structure says that lpszUIDLLName should be a ...

pointer to a NULL-terminated string specifying the fully qualified name of the UI DLL to load in the application context

... however L"TapiAdapter.tsp" doesn't look like a fully qualified name of the UI DLL ("fully-qualified" means that it includes the path name). Do you have a UI DLL to be loaded? Is it loaded? Does it display the dialog? Is it unloaded? Does TUISPI_providerGenericDialog exist in your TSP, or does it existin your UI DLL (they're supposed to be two different DLLs)?

I have found the solution: As per MSDN, the first parameter of the LINEEVENT call for this event only needs to be an HPROVIDER, not an HTAPILINE. Since the first parameter of LINEEVENT is of type HTAPILINE, the HPROVIDER will need to be cast.