From 4d9fdd8b69830293e84f9ed400a70716b2925be1 Mon Sep 17 00:00:00 2001
From: James Tabor <james.tabor@reactos.org>
Date: Fri, 20 Nov 2015 08:22:20 +0000
Subject: [PATCH] [Win32k] - Fix crash while closing global hooked application.
 See CORE-10549.

svn path=/trunk/; revision=69945
---
 reactos/win32ss/user/ntuser/callback.c | 10 ++++++++--
 reactos/win32ss/user/ntuser/hook.c     |  5 ++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/reactos/win32ss/user/ntuser/callback.c b/reactos/win32ss/user/ntuser/callback.c
index e233c071732..2f3ea9634f2 100644
--- a/reactos/win32ss/user/ntuser/callback.c
+++ b/reactos/win32ss/user/ntuser/callback.c
@@ -647,7 +647,13 @@ co_IntCallHookProc(INT HookId,
    Common->offPfn = offPfn;
    Common->Ansi = Ansi;
    RtlZeroMemory(&Common->ModuleName, sizeof(Common->ModuleName));
-   RtlCopyMemory(&Common->ModuleName, ModuleName->Buffer, ModuleName->Length);
+   if (ModuleName->Buffer && ModuleName->Length)
+   {
+      RtlCopyMemory(&Common->ModuleName, ModuleName->Buffer, ModuleName->Length);
+      // If ModuleName->Buffer NULL while in destroy,
+      //    this will make User32:Hook.c complain about not loading the library module.
+      // Fix symptom for CORE-10549.
+   }
    Extra = (PCHAR) Common + sizeof(HOOKPROC_CALLBACK_ARGUMENTS);
 
    switch(HookId)
@@ -738,7 +744,7 @@ co_IntCallHookProc(INT HookId,
 
    if (!NT_SUCCESS(Status))
    {
-      ERR("Failure to make Callback! Status 0x%x",Status);
+      ERR("Failure to make Callback! Status 0x%x\n",Status);
       goto Fault_Exit;
    }
 
diff --git a/reactos/win32ss/user/ntuser/hook.c b/reactos/win32ss/user/ntuser/hook.c
index c77959f80e7..64155091bd5 100644
--- a/reactos/win32ss/user/ntuser/hook.c
+++ b/reactos/win32ss/user/ntuser/hook.c
@@ -342,6 +342,9 @@ co_CallHook( INT HookId,
        case WH_KEYBOARD:
           break;
     }
+
+    if (!UserObjectInDestroy(UserHMGetHandle(phk))) //// Fix CORE-10549.
+    {
     /* The odds are high for this to be a Global call. */
     Result = co_IntCallHookProc( HookId,
                                  Code,
@@ -352,7 +355,7 @@ co_CallHook( INT HookId,
                                  phk->offPfn,
                                  phk->Ansi,
                                 &phk->ModuleName);
-
+    }
     /* The odds so high, no one is waiting for the results. */
     if (pHP->pHookStructs) ExFreePoolWithTag(pHP->pHookStructs, TAG_HOOK);
     ExFreePoolWithTag(pHP, TAG_HOOK);