diff --git a/reactos/drivers/fs/vfat/rw.c b/reactos/drivers/fs/vfat/rw.c
index 89b2836e6aa..80e79d471f3 100644
--- a/reactos/drivers/fs/vfat/rw.c
+++ b/reactos/drivers/fs/vfat/rw.c
@@ -1,4 +1,4 @@
-/* $Id: rw.c,v 1.4 2000/03/12 23:28:59 ekohl Exp $
+/* $Id: rw.c,v 1.5 2000/04/07 02:24:03 dwelch Exp $
  *
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel
@@ -82,18 +82,20 @@ NTSTATUS FsdReadFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject,
      }
    CHECKPOINT;
    if ((ReadOffset % DeviceExt->BytesPerCluster)!=0)
-   {
-    if (FirstCluster==1)
-    {
-      VFATReadSectors(DeviceExt->StorageDevice,CurrentCluster
-           ,DeviceExt->Boot->SectorsPerCluster,Temp);
-      CurrentCluster += DeviceExt->Boot->SectorsPerCluster;
-    }
-    else
-    {
-      VFATLoadCluster(DeviceExt,Temp,CurrentCluster);
-      CurrentCluster = GetNextCluster(DeviceExt, CurrentCluster);
-    }
+     {
+	if (FirstCluster == 1)
+	  {
+	     VFATReadSectors(DeviceExt->StorageDevice,
+			     CurrentCluster,
+			     DeviceExt->Boot->SectorsPerCluster,
+			     Temp);
+	     CurrentCluster += DeviceExt->Boot->SectorsPerCluster;
+	  }
+	else
+	  {
+	     VFATLoadCluster(DeviceExt,Temp,CurrentCluster);
+	     CurrentCluster = GetNextCluster(DeviceExt, CurrentCluster);
+	  }
 	TempLength = min(Length,DeviceExt->BytesPerCluster -
 			 (ReadOffset % DeviceExt->BytesPerCluster));
 	
@@ -106,23 +108,25 @@ NTSTATUS FsdReadFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject,
      }
    CHECKPOINT;
    while (Length >= DeviceExt->BytesPerCluster)
-   {
-    if (FirstCluster==1)
-    {
-      VFATReadSectors(DeviceExt->StorageDevice,CurrentCluster
-           ,DeviceExt->Boot->SectorsPerCluster,Buffer);
-      CurrentCluster += DeviceExt->Boot->SectorsPerCluster;
-    }
-    else
-    {
-      VFATLoadCluster(DeviceExt,Buffer,CurrentCluster);
-      CurrentCluster = GetNextCluster(DeviceExt, CurrentCluster);
-    }
-      if (CurrentCluster == 0xffffffff)
-	{
-	   ExFreePool(Temp);
-	   return(STATUS_SUCCESS);
-	}
+     {
+	if (FirstCluster == 1)
+	  {
+	     VFATReadSectors(DeviceExt->StorageDevice,
+			     CurrentCluster,
+			     DeviceExt->Boot->SectorsPerCluster,
+			     Buffer);
+	     CurrentCluster += DeviceExt->Boot->SectorsPerCluster;
+	  }
+	else
+	  {
+	     VFATLoadCluster(DeviceExt,Buffer,CurrentCluster);
+	     CurrentCluster = GetNextCluster(DeviceExt, CurrentCluster);
+	  }
+	if (CurrentCluster == 0xffffffff)
+	  {
+	     ExFreePool(Temp);
+	     return(STATUS_SUCCESS);
+	  }
 	
 	(*LengthRead) = (*LengthRead) + DeviceExt->BytesPerCluster;
 	Buffer = Buffer + DeviceExt->BytesPerCluster;
@@ -132,10 +136,12 @@ NTSTATUS FsdReadFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject,
    if (Length > 0)
      {
 	(*LengthRead) = (*LengthRead) + Length;
-	if (FirstCluster==1)
+	if (FirstCluster == 1)
 	  {
-	     VFATReadSectors(DeviceExt->StorageDevice,CurrentCluster
-			     ,DeviceExt->Boot->SectorsPerCluster,Temp);
+	     VFATReadSectors(DeviceExt->StorageDevice,
+			     CurrentCluster,
+			     DeviceExt->Boot->SectorsPerCluster,
+			     Temp);
 	     CurrentCluster += DeviceExt->Boot->SectorsPerCluster;
 	  }
 	else
diff --git a/reactos/include/ddk/kefuncs.h b/reactos/include/ddk/kefuncs.h
index 72c42990c01..9f955c7cab2 100644
--- a/reactos/include/ddk/kefuncs.h
+++ b/reactos/include/ddk/kefuncs.h
@@ -33,13 +33,9 @@ VOID KeAcquireSpinLock(PKSPIN_LOCK SpinLock, PKIRQL OldIrql);
 VOID KeAcquireSpinLockAtDpcLevel(PKSPIN_LOCK SpinLock);
 BOOLEAN KeCancelTimer(PKTIMER Timer);
 VOID KeClearEvent(PKEVENT Event);
-NTSTATUS
-STDCALL
-KeDelayExecutionThread (
-	KPROCESSOR_MODE	WaitMode,
-	BOOLEAN		Alertable,
-	PLARGE_INTEGER	Internal
-	);
+NTSTATUS STDCALL KeDelayExecutionThread (KPROCESSOR_MODE WaitMode,
+					 BOOLEAN Alertable,
+					 PLARGE_INTEGER	Internal);
 BOOLEAN KeDeregisterBugCheckCallback(PKBUGCHECK_CALLBACK_RECORD
 				     CallbackRecord);
 VOID KeEnterCriticalRegion(VOID);
diff --git a/reactos/include/ddk/mmtypes.h b/reactos/include/ddk/mmtypes.h
index 3b8db22db33..5dc24f8cff7 100644
--- a/reactos/include/ddk/mmtypes.h
+++ b/reactos/include/ddk/mmtypes.h
@@ -1,13 +1,15 @@
 #ifndef _INCLUDE_DDK_MMTYPES_H
 #define _INCLUDE_DDK_MMTYPES_H
-/* $Id: mmtypes.h,v 1.4 2000/04/02 13:32:38 ea Exp $ */
+/* $Id: mmtypes.h,v 1.5 2000/04/07 02:23:57 dwelch Exp $ */
 
+struct _EPROCESS;
 
 typedef struct _MADDRESS_SPACE
 {
    LIST_ENTRY MAreaListHead;
    KMUTEX Lock;
    ULONG LowestAddress;
+   struct _EPROCESS* Process;
 } MADDRESS_SPACE, *PMADDRESS_SPACE;
 
 #define   MDL_MAPPED_TO_SYSTEM_VA      (0x1)
diff --git a/reactos/include/ddk/pstypes.h b/reactos/include/ddk/pstypes.h
index 713c689d75e..86ce305fa79 100644
--- a/reactos/include/ddk/pstypes.h
+++ b/reactos/include/ddk/pstypes.h
@@ -12,6 +12,8 @@
 #define MAX_PATH 	(260)
 #endif
 
+struct _EPORT;
+
 typedef NTSTATUS (*PKSTART_ROUTINE)(PVOID StartContext);
 
 typedef struct _STACK_INFORMATION
@@ -262,8 +264,8 @@ typedef struct _EPROCESS
    LARGE_INTEGER VirtualSize;
    PVOID Vm;                // Actually 48 bytes
    PVOID LastProtoPteFault;
-   PVOID DebugPort;
-   PVOID ExceptionPort;
+   struct _EPORT* DebugPort;
+   struct _EPORT* ExceptionPort;
    PVOID ObjectTable;
    PVOID Token;
    KMUTEX WorkingSetLock;
diff --git a/reactos/include/internal/dbg.h b/reactos/include/internal/dbg.h
new file mode 100644
index 00000000000..d6eaae46da0
--- /dev/null
+++ b/reactos/include/internal/dbg.h
@@ -0,0 +1,10 @@
+#ifndef __INCLUDE_INTERNAL_DBG_H
+#define __INCLUDE_INTERNAL_DBG_H
+
+#include <napi/dbg.h>
+#include <internal/port.h>
+
+NTSTATUS STDCALL LpcSendDebugMessagePort(PEPORT Port,
+					 PLPC_DBG_MESSAGE Message);
+
+#endif /* __INCLUDE_INTERNAL_DBG_H */
diff --git a/reactos/include/internal/mm.h b/reactos/include/internal/mm.h
index 689e35a7c97..fd7da65df39 100644
--- a/reactos/include/internal/mm.h
+++ b/reactos/include/internal/mm.h
@@ -84,7 +84,8 @@ VOID MmUnlockAddressSpace(PMADDRESS_SPACE AddressSpace);
 VOID MmInitializeKernelAddressSpace(VOID);
 PMADDRESS_SPACE MmGetCurrentAddressSpace(VOID);
 PMADDRESS_SPACE MmGetKernelAddressSpace(VOID);
-NTSTATUS MmInitializeAddressSpace(PMADDRESS_SPACE AddressSpace);
+NTSTATUS MmInitializeAddressSpace(PEPROCESS Process,
+				  PMADDRESS_SPACE AddressSpace);
 NTSTATUS MmDestroyAddressSpace(PMADDRESS_SPACE AddressSpace);
 PVOID STDCALL MmAllocateSection (IN ULONG Length);
 NTSTATUS MmCreateMemoryArea(PEPROCESS Process,
@@ -144,7 +145,6 @@ PVOID MiTryToSharePageInSection(PSECTION_OBJECT Section, ULONG Offset);
 NTSTATUS MmSafeCopyFromUser(PVOID Dest, PVOID Src, ULONG NumberOfBytes);
 NTSTATUS MmSafeCopyToUser(PVOID Dest, PVOID Src, ULONG NumberOfBytes);
 VOID MmInitPagingFile(VOID);
-ULONG MmPageFault(ULONG cs, ULONG eip, ULONG error_code);
 
 /* FIXME: it should be in ddk/mmfuncs.h */
 NTSTATUS
@@ -160,4 +160,15 @@ MmCreateSection (
 	IN	PFILE_OBJECT		File			OPTIONAL
 	);
 
+NTSTATUS MmPageFault(ULONG Cs,
+		     PULONG Eip,
+		     PULONG Eax,
+		     ULONG Cr2,
+		     ULONG ErrorCode);
+
+NTSTATUS MmAccessFault(KPROCESSOR_MODE Mode,
+		       ULONG Address);
+NTSTATUS MmNotPresentFault(KPROCESSOR_MODE Mode,
+			   ULONG Address);
+
 #endif
diff --git a/reactos/include/internal/ps.h b/reactos/include/internal/ps.h
index affca540c7c..392b7e3e8ea 100644
--- a/reactos/include/internal/ps.h
+++ b/reactos/include/internal/ps.h
@@ -67,5 +67,9 @@ NTSTATUS HalInitTaskWithContext(PETHREAD Thread, PCONTEXT Context);
 NTSTATUS HalReleaseTask(PETHREAD Thread);
 VOID PiDeleteProcess(PVOID ObjectBody);
 VOID PsReapThreads(VOID);
+VOID PsUnfreezeOtherThread(PETHREAD Thread);
+VOID PsFreezeOtherThread(PETHREAD Thread);
+VOID PsFreezeProcessThreads(PEPROCESS Process);
+VOID PsUnfreezeProcessThreads(PEPROCESS Process);
 
 #endif
diff --git a/reactos/include/napi/dbg.h b/reactos/include/napi/dbg.h
new file mode 100644
index 00000000000..88fe37daef0
--- /dev/null
+++ b/reactos/include/napi/dbg.h
@@ -0,0 +1,61 @@
+#ifndef __INCLUDE_NAPI_DBG_H
+#define __INCLUDE_NAPI_DBG_H
+
+#define DBG_EVENT_EXCEPTION         (1)
+#define DBG_EVENT_CREATE_THREAD     (2)
+#define DBG_EVENT_CREATE_PROCESS    (3)
+#define DBG_EVENT_EXIT_THREAD       (4)
+#define DBG_EVENT_EXIT_PROCESS      (5)
+#define DBG_EVENT_LOAD_DLL          (6)
+#define DBG_EVENT_UNLOAD_DLL        (7)
+
+typedef struct _LPC_DBG_MESSAGE
+{
+   LPC_MESSAGE_HEADER Header;
+   ULONG Type;
+   ULONG Status;
+   union
+     {
+	struct
+	  {
+	     EXCEPTION_RECORD ExceptionRecord;
+	     ULONG FirstChange;
+	  } Exception;
+	struct
+	  {
+	     ULONG Reserved;
+	     PVOID StartAddress;
+	  } CreateThread;
+	struct
+	  {
+	     ULONG Reserved;
+	     HANDLE FileHandle;
+	     PVOID Base;
+	     ULONG PointerToSymbolTable;
+	     ULONG NumberOfSymbols;
+	     ULONG Reserved2;
+	     PVOID EntryPoint;
+	  } CreateProcess;
+	struct
+	  {
+	     ULONG ExitCode;
+	  } ExitThread;
+	struct
+	  {
+	     ULONG ExitCode;
+	  } ExitProcess;
+	struct
+	  {
+	     HANDLE FileHandle;
+	     PVOID Base;
+	     ULONG PointerToSymbolTable;
+	     ULONG NumberOfSymbols;
+	  } LoadDll;
+	struct
+	  {
+	     PVOID Base;
+	  } UnloadDll;
+     } Data;
+} LPC_DBG_MESSAGE, *PLPC_DBG_MESSAGE;
+
+#endif /* __INCLUDE_NAPI_DBG_H */
diff --git a/reactos/install-system.sh b/reactos/install-system.sh
index fee26e8f4dd..c64406ad0d9 100644
--- a/reactos/install-system.sh
+++ b/reactos/install-system.sh
@@ -2,6 +2,8 @@ mkdir -p $1/reactos
 mkdir -p $1/reactos/system32
 mkdir -p $1/reactos/system32/drivers
 mkdir -p $1/reactos/bin
+cp fdisk.exe $1
+cp format.exe $1
 cp loaders/dos/loadros.com $1
 cp ntoskrnl/ntoskrnl.exe $1
 cp services/fs/vfat/vfatfs.sys $1
diff --git a/reactos/install.bochs b/reactos/install.bochs
index 20d51262ba0..26bd7224982 100644
--- a/reactos/install.bochs
+++ b/reactos/install.bochs
@@ -4,6 +4,6 @@ mount -t vfat /bochs/1.44a /mnt/floppy -o loop,rw
 ./install-system.sh /mnt/floppy
 umount /mnt/floppy
 echo "Installing to disk."
-mount -t vfat /bochs/10M.vga /mnt/floppy -o loop,rw
+mount -t vfat /bochs/10M.vga /mnt/floppy -o loop,offset=8704,rw
 ./install.sh /mnt/floppy
 umount /mnt/floppy
diff --git a/reactos/lib/rpcrt4/Makefile b/reactos/lib/rpcrt4/Makefile
new file mode 100644
index 00000000000..162eb825bb9
--- /dev/null
+++ b/reactos/lib/rpcrt4/Makefile
@@ -0,0 +1,160 @@
+# $Id: Makefile,v 1.1 2000/04/07 02:23:58 dwelch Exp $
+#
+# ReactOS Operating System
+#
+TARGET = midl rpcrt4 rpcss
+
+BASE_CFLAGS = -I../../include
+
+CFLAGS = $(CFLAGS) 
+
+midl:
+	
+
+ifneq ($(HOST),mingw32-windows)
+  ifneq ($(HOST),mingw32-linux)
+    DLLTARGET=$(TARGET).a
+  else
+    DLLTARGET=$(TARGET).dll
+  endif
+else
+  DLLTARGET=$(TARGET).dll
+endif
+
+all: $(DLLTARGET)
+
+SYNCH_OBJECTS = synch/critical.o synch/event.o synch/wait.o synch/intrlck.o synch/timer.o
+
+MISC_OBJECTS = misc/error.o misc/atom.o misc/handle.o misc/env.o misc/dllmain.o \
+		misc/console.o misc/time.o misc/stubs.o misc/rtl.o misc/ldr.o misc/res.o
+
+FILE_OBJECTS = file/file.o file/curdir.o file/lfile.o file/dir.o \
+               file/iocompl.o file/volume.o file/deviceio.o file/dosdev.o \
+	       file/create.o file/find.o file/copy.o file/pipe.o \
+	       file/move.o file/lock.o file/rw.o file/delete.o
+
+MEM_OBJECTS = mem/virtual.o mem/heap.o mem/utils.o mem/section.o mem/isbad.o mem/procmem.o
+
+NLS_OBJECTS =  nls/codepage.o nls/cpmisc.o nls/cptable.o\
+ nls/cp37.o nls/cp437.o nls/cp500.o nls/cp737.o nls/cp775.o nls/cp850.o nls/cp852.o nls/cp855.o nls/cp857.o\
+ nls/cp860.o nls/cp861.o nls/cp863.o nls/cp865.o nls/cp866.o nls/cp869.o nls/cp875.o nls/cp1026.o\
+ nls/cp1250.o nls/cp1251.o nls/cp1252.o nls/cp1253.o nls/cp1254.o nls/cp1255.o nls/cp1256.o nls/cp1257.o\
+ nls/cp10000.o nls/cp10006.o nls/cp10007.o nls/cp10029.o nls/cp10079.o nls/cp10081.o\
+ nls/lctable.o\
+ nls/lcAFK.o nls/lcBEL.o nls/lcBGR.o nls/lcCAT.o nls/lcCSY.o nls/lcDAN.o\
+ nls/lcDEA.o nls/lcDEC.o nls/lcDEL.o nls/lcDES.o nls/lcDEU.o\
+ nls/lcELL.o\
+ nls/lcENA.o nls/lcENB.o nls/lcENC.o nls/lcENG.o nls/lcENI.o nls/lcENJ.o nls/lcENL.o nls/lcENS.o nls/lcENT.o\
+ nls/lcENU.o nls/lcENZ.o\
+ nls/lcESA.o nls/lcESB.o nls/lcESC.o nls/lcESD.o nls/lcESE.o nls/lcESF.o nls/lcESG.o nls/lcESH.o nls/lcESI.o\
+ nls/lcESL.o nls/lcESM.o nls/lcESN.o nls/lcESO.o nls/lcESP.o nls/lcESR.o nls/lcESS.o nls/lcESU.o nls/lcESV.o\
+ nls/lcESY.o nls/lcESZ.o\
+ nls/lcETI.o nls/lcEUQ.o nls/lcFIN.o nls/lcFOS.o\
+ nls/lcFRA.o nls/lcFRB.o nls/lcFRC.o nls/lcFRL.o nls/lcFRS.o\
+ nls/lcHRV.o nls/lcHUN.o nls/lcIND.o nls/lcISL.o nls/lcITA.o nls/lcITS.o nls/lcLTH.o nls/lcLVI.o nls/lcNLB.o\
+ nls/lcNLD.o nls/lcNON.o nls/lcNOR.o nls/lcPLK.o nls/lcPTB.o nls/lcPTG.o nls/lcROM.o nls/lcRUS.o nls/lcSKY.o\
+ nls/lcSLV.o nls/lcSQI.o nls/lcSRB.o nls/lcSRL.o nls/lcSVE.o nls/lcSVF.o nls/lcTRK.o nls/lcUKR.o\
+ nls/locale.o nls/mbtowc.o nls/wctomb.o nls/ole2nls.o
+
+THREAD_OBJECTS = thread/thread.o thread/tls.o
+
+PROCESS_OBJECTS = process/proc.o process/cmdline.o process/create.o \
+                  process/lib.o
+
+STRING_OBJECTS = string/lstring.o
+
+INTERNAL_OBJECTS = internal/dprintf.o
+
+EXCEPT_OBJECTS = except/except.o
+
+RESOURCE_OBJECT = $(TARGET).coff
+
+
+OBJECTS = $(MISC_OBJECTS) $(FILE_OBJECTS) $(THREAD_OBJECTS) \
+          $(PROCESS_OBJECTS) $(STRING_OBJECTS) $(MEM_OBJECTS) \
+          $(INTERNAL_OBJECTS) $(SYNCH_OBJECTS) $(EXCEPT_OBJECTS) \
+	  $(RESOURCE_OBJECT)
+
+ifeq ($(DOSCLI),yes)
+CLEAN_FILES = except\*.o file\*.o internal\*.o mem\*.o misc\*.o nls\*.o \
+              process\*.o string\*.o synch\*.o thread\*.o \
+              $(TARGET).o $(TARGET).a junk.tmp base.tmp temp.exp \
+	      $(TARGET).dll $(TARGET).sym $(TARGET).coff
+else
+CLEAN_FILES = except/*.o file/*.o internal/*.o mem/*.o misc/*.o nls/*.o  \
+              process/*.o string/*.o synch/*.o thread/*.o  \
+              $(TARGET).o $(TARGET).a junk.tmp base.tmp temp.exp \
+	      $(TARGET).dll $(TARGET).sym $(TARGET).coff
+endif
+
+nls/ole2nls.o: nls/ole2nls.c
+	$(CC) $(CFLAGS) -I. nls/ole2nls.c
+
+$(TARGET).coff: $(TARGET).rc ../../include/reactos/resource.h
+
+$(TARGET).a: $(OBJECTS)
+	$(AR) csr $(TARGET).a $(OBJECTS)
+
+$(TARGET).dll: $(DLLMAIN) $(OBJECTS) $(TARGET).def
+	$(LD) \
+		-r $(OBJECTS) \
+		-o $(TARGET).o
+	$(DLLTOOL) \
+		--dllname $(TARGET).dll \
+		--def $(TARGET).def \
+		--kill-at \
+		--output-lib $(TARGET).a
+	$(CC) \
+		-specs=k32_specs \
+		-mdll \
+		-o junk.tmp \
+		-Wl,--base-file,base.tmp \
+		$(TARGET).o \
+		../ntdll/ntdll.a
+	- $(RM) junk.tmp
+	$(DLLTOOL) \
+		--dllname $(TARGET).dll \
+		--base-file base.tmp \
+		--output-exp temp.exp \
+		--def $(TARGET).edf
+	- $(RM) base.tmp
+	$(CC) \
+		-specs=k32_specs \
+		-mdll \
+		-o $(TARGET).dll \
+		$(TARGET).o \
+		../ntdll/ntdll.a \
+		-Wl,--image-base,$(KERNEL32_BASE) \
+		-Wl,--file-alignment,0x1000 \
+		-Wl,--section-alignment,0x1000 \
+		-Wl,temp.exp
+	- $(RM) temp.exp
+	$(NM) --numeric-sort $(TARGET).dll > $(TARGET).sym
+
+clean: $(CLEAN_FILES:%=%_clean)
+
+$(CLEAN_FILES:%=%_clean): %_clean:
+	- $(RM) $*
+
+.PHONY: clean $(CLEAN_FILES:%=%_clean)
+
+floppy: $(FLOPPY_DIR)/dlls/$(TARGET).dll
+
+$(FLOPPY_DIR)/dlls/$(TARGET).dll: $(TARGET).dll
+ifeq ($(DOSCLI),yes)
+	$(CP) $(TARGET).dll $(FLOPPY_DIR)\dlls\$(TARGET).dll
+else
+	$(CP) $(TARGET).dll $(FLOPPY_DIR)/dlls/$(TARGET).dll
+endif
+
+dist: $(DIST_DIR)/dlls/$(TARGET).dll
+
+$(DIST_DIR)/dlls/$(TARGET).dll: $(TARGET).dll
+ifeq ($(DOSCLI),yes)
+	$(CP) $(TARGET).dll ..\..\$(DIST_DIR)\dlls\$(TARGET).dll
+else
+	$(CP) $(TARGET).dll ../../$(DIST_DIR)/dlls/$(TARGET).dll
+endif
+
+WARNINGS_ARE_ERRORS = yes
+include ../../rules.mak
diff --git a/reactos/lib/rpcrt4/clnt/binding.c b/reactos/lib/rpcrt4/clnt/binding.c
new file mode 100644
index 00000000000..c1fe886abfb
--- /dev/null
+++ b/reactos/lib/rpcrt4/clnt/binding.c
@@ -0,0 +1,51 @@
+RPC_STATUS RpcBindingFromStringBindingW(PWCHAR Binding,
+					handle_t* BindingHandle)
+{
+   RPC_STATUS Status;
+   ULONG Length;
+   PWCHAR TBinding;
+   PVOID SomeStruct;
+   ULONG a;
+   
+   if (IsRpcInitialized)
+     {
+	Status = PerformRpcInitialization();
+	if (Status != 0)
+	  {
+	     return(Status);
+	  }
+     }
+   
+   *BindingHandle = 0;
+   Length = wcslen(Binding);
+   Length = ((Length*2) + 5) & 0xfc;
+   TBinding = RtlAllocateHeap(RtlGetProcessHeap(),
+			      HEAP_ZERO_MEMORY,
+			      Length);
+   if (TBinding != NULL)
+     {
+	return(1);
+     }
+   wcscpy(TBinding, Binding);
+   
+   SomeStruct = RtlAllocateHeap(RtlGetProcessHeap(),
+				HEAP_ZERO_MEMORY,
+				0x20);
+   if (SomeStruct != NULL)
+     {
+	return(1);
+     }
+   
+   Status = fn_77E16A0D(TBinding, &a);
+   if (Status != 0)
+     {
+	return(1);
+     }
+   
+   
+}
+
+RPC_STATUS RpcBindingFromStringBindingA(PUCHAR Binding,
+					handle_t BindingHandle)
+{
+}
diff --git a/reactos/lib/rpcrt4/clnt/string.c b/reactos/lib/rpcrt4/clnt/string.c
new file mode 100644
index 00000000000..31091a8baf5
--- /dev/null
+++ b/reactos/lib/rpcrt4/clnt/string.c
@@ -0,0 +1,53 @@
+/*
+ * 
+ */
+
+RPC_STATUS RpcStringBindingComposeA(PUCHAR Uuid,
+				    PUCHAR Protocol,
+				    PUCHAR Address,
+				    PUCHAR Endpoint,
+				    PUCHAR Options,
+				    PUCHAR* Binding)
+{
+   ULONG Len;
+   
+   
+   Len = strlen(Protocol) + 1 + strlen(Address) +
+     1 + strlen(Endpoint) + 1 + 1;
+   (*Binding) = HeapAlloc(GetProcessHeap(),
+			  HEAP_ZERO_MEMORY,
+			  Len);
+   strcpy(*Binding, Protocol);
+   strcat(*Binding, ":");
+   strcat(*Binding, Address);
+   strcat(*Binding, "[");
+   strcat(*Binding, Endpoint);
+   strcat(*Binding, "]");
+   
+   return(STATUS_SUCCESS);
+}
+
+RPC_STATUS RpcStringBindingComposeW(PWCHAR Uuid,
+				    PWCHAR Protocol,
+				    PWCHAR Address,
+				    PWCHAR Endpoint,
+				    WCHAR Options,
+				    PWCHAR* Binding)
+{
+   ULONG Len;
+   
+   
+   Len = wcslen(Protocol) + 1 + wcslen(Address) +
+     1 + wcslen(Endpoint) + 1 + 1;
+   (*Binding) = HeapAlloc(GetProcessHeap(),
+			  HEAP_ZERO_MEMORY,
+			  Len * 2);
+   wcscpy(*Binding, Protocol);
+   wcscat(*Binding, ":");
+   wcscat(*Binding, Address);
+   wcscat(*Binding, "[");
+   wcscat(*Binding, Endpoint);
+   wcscat(*Binding, "]");
+   
+   return(STATUS_SUCCESS);
+}
diff --git a/reactos/lib/rpcrt4/include/rpc.h b/reactos/lib/rpcrt4/include/rpc.h
new file mode 100644
index 00000000000..7a59927af3c
--- /dev/null
+++ b/reactos/lib/rpcrt4/include/rpc.h
@@ -0,0 +1,117 @@
+/*
+ * 
+ */
+
+#ifndef __LIB_RPCRT4_INCLUDE_RPC_H
+#define __LIB_RPCRT4_INCLUDE_RPC_H
+
+#define RPC_MGR_EPV     VOID
+typedef RPC_BINDING_HANDLE handle_t
+
+/*
+ * RPC packet types
+ */
+#define RPC_REQUEST    (0x0)
+#define RPC_PING       (0x1)
+#define RPC_RESPONSE   (0x2)
+#define RPC_FAULT      (0x3)
+#define RPC_WORKING    (0x4)
+#define RPC_NOCALL     (0x5)
+#define RPC_REJECT     (0x6)
+#define RPC_ACK        (0x7)
+#define RPC_CL_CANCEL  (0x8)
+#define RPC_FACK       (0x9)
+#define RPC_CANCEL_ACK (0xa)
+#define RPC_BIND       (0xb)
+#define RPC_BINDACK    (0xc)
+#define RPC_BINDNACK   (0xd)
+#define RPC_ALTCONT    (0xe)
+#define RPC_AUTH3      (0xf)
+#define RPC_BINDCONT   (0x10)
+#define RPC_SHUTDOWN   (0x10)
+#define RPC_CO_CANCEL  (0x11)
+#define RPC_ORPHANED   (0x12)
+
+/*
+ * Common RPC packet header
+ */
+typedef struct _RPC_HEADER_PACKET
+{
+   UCHAR MajorVersion;
+   UCHAR MinorVersion;
+   UCHAR PacketType;
+   UCHAR Flags;
+   ULONG DataRep;
+   USHORT FragLen;
+   USHORT AuthLen;
+   ULONG CallId;
+} RPC_HEADER_PACKET, *PRPC_HEADER_PACKET;
+
+/*
+ * Additional header for a RPC request packet
+ */
+typedef struct _RPC_REQUEST_PACKET
+{
+   ULONG AllocHint;
+   USHORT ContextId;
+   USHORT Opcode;
+} RPC_REQUEST_PACKET, *PRPC_REQUEST_PACKET;
+
+typedef struct _RPC_RESPONSE_PACKET
+{
+   ULONG AllocHint;
+   USHORT ContextId;
+   UCHAR CancelCount;
+   UCHAR Reserved;
+} RPC_RESPONSE_PACKET, *PRPC_RESPONSE_PACKET;
+
+typedef struct _RPC_VERSION
+{
+   USHORT MajorVersion;
+   USHORT MinorVersion;
+} RPC_VERSION, *PRPC_VERSION;
+
+typedef struct _RPC_SYNTAX_IDENTIFIER
+{
+   GUID SyntaxGuid;
+   RPC_VERSION SyntaxVersion;
+} RPC_SYNTAX_IDENTIFIER, *PRPC_SYNTAX_IDENTIFIER;
+
+typedef struct _RPC_MESSAGE
+{
+   RPC_BINDING_HANDLE Handle;
+   ULONG DataRepresentation;
+   VOID* Buffer;
+   USHORT BufferLength;
+   USHORT ProcNum;
+   PRPC_SYNTAX_IDENTIFIER TransferSyntax;
+   VOID* RpcInterfaceInformation;
+   VOID* ReservedForRuntime;
+   RPC_MGR_EPV* ManagerEpv;
+   VOID* ImportContext;
+   ULONG RpcFlags;
+} RPC_MESSAGE, *PRPC_MESSAGE;
+
+typedef VOID (*RPC_DISPATCH_FUNCTION)(PRPC_MESSAGE Message);
+
+typedef struct _RPC_DISPATCH_TABLE
+{
+   ULONG DispatchTableCount;
+   RPC_DISPATCH_FUNCTION* DispatchTable;
+   LONG Reserved;
+} RPC_DISPATCH_TABLE, *PRPC_DISPATCH_TABLE;
+
+typedef struct _RPC_SERVER_INTERFACE
+{
+   ULONG Length;
+   RPC_SYNTAX_IDENTIFIER InterfaceId;
+   RPC_SYNTAX_IDENTIFIER TransferSyntax;
+   PRPC_DISPATCH_TABLE DispatchTable;
+   ULONG RpcProtseqEndpointCount;
+   PRPC_PROTSEQ_ENDPOINT RpcProtseqEndpoint;
+   RPC_MGR_EPV* DefaultManagerEpv;
+   VOID CONST* InterpreterInfo;
+   ULONG Flags;
+} RPC_SERVER_INTERFACE, *PRPC_SERVER_INTERFACE;
+
+#endif /* __LIB_RPCRT4_INCLUDE_RPC_H */
diff --git a/reactos/lib/rpcrt4/srv/ep.c b/reactos/lib/rpcrt4/srv/ep.c
index 619e1f1e7b0..fd2c3272bdc 100644
--- a/reactos/lib/rpcrt4/srv/ep.c
+++ b/reactos/lib/rpcrt4/srv/ep.c
@@ -8,16 +8,71 @@
 
 /* FUNCTIONS *****************************************************************/
 
+RPC_STATUS RpcServerUseProtseqA(unsigned char* Protseq,
+				unsigned int MaxCalls,
+				void* SecurityDescriptor)
+{
+   return(RpcServerUseProtseqEpA(Protseq,
+				 MaxCalls,
+				 SecuritDescriptor));
+}
+
+RPC_STATUS RpcServerUseProtseqW(unsigned wchar_t* Protseq,
+				unsigned int MaxCalls,
+				void* SecurityDescriptor)
+{
+   return(RpcServerUseProtseqEpW(Protseq,
+				 MaxCalls,
+				 SecuritDescriptor));
+}
+
 RPC_STATUS RpcServerUseProtseqEpA(unsigned char* Protseq,
 				  unsigned int MaxCalls,
 				  unsigned char* Endpoint,
 				  void* SecurityDescriptor)
 {
+   unsigned wchar_t* ProtseqW;
+   UNICODE_STRING ProtseqU;
+   ANSI_STRING ProtseqA;
+   unsigned wchar_t* EndpointW;
+   UNICODE_STRING EndpointU;
+   ANSI_STRING EndpointA;
+   RPC_STATUS Status;
+   
+   if (Protseq != NULL)
+     {
+	RtlInitAnsiString(&ProtseqA, Protseq);
+	RtlAnsiStringToUnicodeString(&ProtseqU, &ProtseqA, TRUE);
+	ProtseqW = ProtseqU.Buffer;
+     }
+   else
+     {
+	ProtseqW = NULL;
+     }
+   if (Endpoint != NULL)
+     {
+	RtlInitAnsiString(&EndpointA, Endpoint);
+	RtlAnsiStringToUnicodeString(&EndpointU, &EndpointA, TRUE);
+	EndpointW = EndpointU.Buffer;
+     }
+   else
+     {
+	EndpointW = NULL;
+     }
+   
+   Status = RpcServerUseProtseqEpW(ProtseqW,
+				   MaxCalls,
+				   EndpointW,
+				   SecurityDescriptor);
+   
+   RtlFreeUnicodeString(&EndpointU);
+   RtlFreeUnicodeString(&ProtseqU);
+   return(Status);
 }
 
-RPC_STATUS RpcServerUseProtseqEpW(unsigned short* Protseq,
+RPC_STATUS RpcServerUseProtseqEpW(unsigned wchar_t* Protseq,
 				  unsigned int MaxCalls,
-				  unsigned short* Endpoint,
+				  unsigned wchar_t* Endpoint,
 				  void* SecurityDescriptor)
 {
 }
@@ -29,9 +84,4 @@ RPC_STATUS RpcServerRegisterIf(RPC_IF_HANDLE IfSpec,
    
 }
 
-RPC_STATUS RpcServerListen(unsigned int MinimumCallThreads,
-			   unsigned int MaxCalls,
-			   unsigned int DontWait)
-{
-}
 
diff --git a/reactos/lib/rpcrt4/srv/listen.c b/reactos/lib/rpcrt4/srv/listen.c
new file mode 100644
index 00000000000..a1b551d318f
--- /dev/null
+++ b/reactos/lib/rpcrt4/srv/listen.c
@@ -0,0 +1,48 @@
+/*
+ * COPYRIGHT:  See COPYING in the top level directory
+ * PROJECT:    DCE/RPC for Reactos
+ * FILE:       lib/rpcrt4/srv/listen.c
+ * PURPOSE:    Listener functions
+ * PROGRAMMER: David Welch <welch@cwcom.net>
+ */
+
+/* INCLUDES ******************************************************************/
+
+/* TYPES *********************************************************************/
+
+typedef struct
+{
+} listener_socket;
+
+/* GLOBALS *******************************************************************/
+
+#define NR_MAX_LISTENERS              (255)
+
+static HANDLE ListenerMutex;
+static ULONG InServerListen;
+
+/* FUNCTIONS *****************************************************************/
+
+static DWORD RpcListenerThread(PVOID Param)
+{
+   
+}
+
+BOOL RpcInitListenModule(VOID)
+{
+   ListenerMutex = CreateMutex(NULL,
+			       FALSE,
+			       NULL);
+   if (ListenMutex == NULL)
+     {
+	return(FALSE);
+     }
+   
+   InServerListen = 0;
+}
+
+RPC_STATUS RpcServerListen(unsigned int MinimumCallThreads,
+			   unsigned int MaxCalls,
+			   unsigned int DontWait)
+{
+}
diff --git a/reactos/loaders/dos/loadros.asm b/reactos/loaders/dos/loadros.asm
index 9f30f4a4d08..015b14d907b 100644
--- a/reactos/loaders/dos/loadros.asm
+++ b/reactos/loaders/dos/loadros.asm
@@ -1073,7 +1073,7 @@ l8:
         ; Enter pmode and clear prefetch queue
         ;
         mov     eax,cr0
-        or      eax,0x80000001
+        or      eax,0x80010001
         mov     cr0,eax
         jmp     next
 next:
diff --git a/reactos/ntoskrnl/io/page.c b/reactos/ntoskrnl/io/page.c
index 59e1167b951..34a1fdd104b 100644
--- a/reactos/ntoskrnl/io/page.c
+++ b/reactos/ntoskrnl/io/page.c
@@ -1,4 +1,4 @@
-/* $Id: page.c,v 1.7 2000/03/29 13:11:53 dwelch Exp $
+/* $Id: page.c,v 1.8 2000/04/07 02:23:59 dwelch Exp $
  *
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -29,8 +29,8 @@ NTSTATUS STDCALL IoPageRead(PFILE_OBJECT FileObject,
    PIO_STACK_LOCATION StackPtr;
    NTSTATUS Status;
    
-   DPRINT("IoPageRead(FileObject %x, Address %x)\n",
-	  FileObject,Address);
+   DPRINT("IoPageRead(FileObject %x, Mdl %x)\n",
+	  FileObject, Mdl);
    
    ObReferenceObjectByPointer(FileObject,
 			      STANDARD_RIGHTS_REQUIRED,
diff --git a/reactos/ntoskrnl/ke/head.s b/reactos/ntoskrnl/ke/head.s
index 25954612f07..c6364f34a11 100644
--- a/reactos/ntoskrnl/ke/head.s
+++ b/reactos/ntoskrnl/ke/head.s
@@ -9,7 +9,6 @@
 .globl _init_stack_top
 
 _DllMainCRTStartup@12:
-_stext:
 _mainCRTStartup:
 _start:
 start:
@@ -42,11 +41,11 @@ _gdt_descr:
 
 .text
 
+.align 8
 _init_stack:
         .fill 16384,1,0
 _init_stack_top:
 
-#if 0
 _stext:
-#endif
+
 
diff --git a/reactos/ntoskrnl/ke/i386/exp.c b/reactos/ntoskrnl/ke/i386/exp.c
index 258d3e308b0..05a833f1d1f 100644
--- a/reactos/ntoskrnl/ke/i386/exp.c
+++ b/reactos/ntoskrnl/ke/i386/exp.c
@@ -160,14 +160,14 @@ asmlinkage void exception_handler(unsigned int edi,
                                   unsigned int esi, unsigned int ebp,
                                   unsigned int esp, unsigned int ebx,
                                   unsigned int edx, unsigned int ecx,
-                                  unsigned int eax,
+                                  ULONG eax,
                                   unsigned int type,
 				  unsigned int ds,
 				  unsigned int es,
                                   unsigned int fs,
 				  unsigned int gs,
                                   unsigned int error_code,
-                                  unsigned int eip,
+                                  ULONG eip,
                                   unsigned int cs, unsigned int eflags,
                                   unsigned int esp0, unsigned int ss0)
 /*
@@ -181,6 +181,7 @@ asmlinkage void exception_handler(unsigned int edi,
    unsigned int i;
 //   unsigned int j, sym;
    PULONG stack;
+   NTSTATUS Status;
    static char *TypeStrings[] = 
      {
        "Divide Error",
@@ -203,11 +204,25 @@ asmlinkage void exception_handler(unsigned int edi,
        "Machine Check"
      };
    
-   __asm__("cli\n\t");
+   __asm__("movl %%cr2,%0\n\t"
+	   : "=d" (cr2));
    
-   if (type==14)
+   if (PsGetCurrentThread() != NULL &&
+       esp < (ULONG)PsGetCurrentThread()->Tcb.Context.KernelStackBase)
      {
-	if (MmPageFault(cs&0xffff, eip, error_code))
+	DbgPrint("Stack underflow\n");
+	type = 12;
+     }
+   
+   if (type == 14)
+     {
+	__asm__("sti\n\t");
+	Status = MmPageFault(cs&0xffff,
+			     &eip,
+			     &eax,
+			     cr2,
+			     error_code);
+	if (NT_SUCCESS(Status))
 	  {
 	     return;
 	  }
@@ -238,28 +253,26 @@ asmlinkage void exception_handler(unsigned int edi,
      {
 	DbgPrint("Exception: %d(%x)\n",type,error_code&0xffff);
      }
-   DbgPrint("CS:EIP %x:%x\n",cs&0xffff,eip);
-   DbgPrint("CS:EIP %x:", cs&0xffff);
+   DbgPrint("CS:EIP %x:%x ",cs&0xffff,eip);
    print_address((PVOID)eip);
    DbgPrint("\n");
-   __asm__("movl %%cr2,%0\n\t"
-	   : "=d" (cr2));
    __asm__("movl %%cr3,%0\n\t"
 	   : "=d" (cr3));
-   DbgPrint("cr2 %x cr3 %x\n",cr2,cr3);
+   DbgPrint("cr2 %x cr3 %x ",cr2,cr3);
 //   for(;;);
-   DbgPrint("Process: %x\n",PsGetCurrentProcess());
+   DbgPrint("Proc: %x ",PsGetCurrentProcess());
    if (PsGetCurrentProcess() != NULL)
      {
-	DbgPrint("Process id: %x <", PsGetCurrentProcess()->UniqueProcessId);
-	DbgPrint("%.8s>", PsGetCurrentProcess()->ImageFileName);
+	DbgPrint("Pid: %x <", PsGetCurrentProcess()->UniqueProcessId);
+	DbgPrint("%.8s> ", PsGetCurrentProcess()->ImageFileName);
      }
    if (PsGetCurrentThread() != NULL)
      {
-	DbgPrint("Thread: %x Thread id: %x\n",
+	DbgPrint("Thrd: %x Tid: %x",
 		 PsGetCurrentThread(),
 		 PsGetCurrentThread()->Cid.UniqueThread);
      }
+   DbgPrint("\n");
    DbgPrint("DS %x ES %x FS %x GS %x\n",ds&0xffff,es&0xffff,fs&0xffff,
 	    gs&0xfff);
    DbgPrint("EAX: %.8x   EBX: %.8x   ECX: %.8x\n",eax,ebx,ecx);
@@ -283,7 +296,7 @@ asmlinkage void exception_handler(unsigned int edi,
     {
        DbgPrint("ESP %x\n",esp);
        stack = (PULONG) (esp + 24);
-//       stack = (PULONG)(((ULONG)stack) & (~0x3));
+       stack = (PULONG)(((ULONG)stack) & (~0x3));
        
        DbgPrint("stack<%p>: ", stack);
 	 
diff --git a/reactos/ntoskrnl/ke/i386/thread.c b/reactos/ntoskrnl/ke/i386/thread.c
index e9fbd9f75bb..729975f23c5 100644
--- a/reactos/ntoskrnl/ke/i386/thread.c
+++ b/reactos/ntoskrnl/ke/i386/thread.c
@@ -54,6 +54,10 @@ VOID HalTaskSwitch(PKTHREAD thread)
     * new thread
     */
    KeSetBaseGdtSelector(TEB_SELECTOR, thread->Teb);
+//   DPRINT1("esp0 %x esp %x tid %d\n", 
+//	   thread->Context.esp0,
+//	   thread->Context.esp,
+//	   ((PETHREAD)thread)->Cid.UniqueThread);
    /* Switch to the new thread's context and stack */
    __asm__("pushfl\n\t"
 	   "cli\n\t"
@@ -147,8 +151,13 @@ NTSTATUS HalReleaseTask(PETHREAD Thread)
  * NOTE: The thread had better not be running when this is called
  */
 {
+   extern BYTE init_stack[16384];
+   
    KeFreeGdtSelector(Thread->Tcb.Context.nr / 8);
-   ExFreePool(Thread->Tcb.Context.KernelStackBase);
+   if (Thread->Tcb.Context.KernelStackBase != init_stack)
+     {       
+	ExFreePool(Thread->Tcb.Context.KernelStackBase);
+     }
    if (Thread->Tcb.Context.SavedKernelStackBase != NULL)
      {
 	ExFreePool(Thread->Tcb.Context.SavedKernelStackBase);
@@ -186,7 +195,7 @@ NTSTATUS HalInitTaskWithContext(PETHREAD Thread, PCONTEXT Context)
    length = sizeof(hal_thread_state) - 1;
    base = (unsigned int)(&(Thread->Tcb.Context));
 //   kernel_stack = ExAllocatePool(NonPagedPool,PAGESIZE);
-   kernel_stack = ExAllocatePool(NonPagedPool, 3*PAGESIZE);
+   kernel_stack = ExAllocatePool(NonPagedPool, 6*PAGESIZE);
    
    /*
     * Setup a TSS descriptor
@@ -200,7 +209,11 @@ NTSTATUS HalInitTaskWithContext(PETHREAD Thread, PCONTEXT Context)
 	return(STATUS_UNSUCCESSFUL);
      }
    
-   stack_start = kernel_stack + 3*PAGESIZE - sizeof(CONTEXT);
+   stack_start = kernel_stack + 6*PAGESIZE - sizeof(CONTEXT);
+   
+   DPRINT1("stack_start %x kernel_stack %x\n",
+	  stack_start, kernel_stack);
+   
    Context->SegFs = TEB_SELECTOR;
    memcpy(stack_start, Context, sizeof(CONTEXT));
    
@@ -249,12 +262,20 @@ NTSTATUS HalInitTask(PETHREAD thread, PKSTART_ROUTINE fn, PVOID StartContext)
 //   PULONG KernelStack = ExAllocatePool(NonPagedPool,4096);
    PULONG KernelStack;
    ULONG GdtDesc[2];
+   extern BYTE init_stack[16384];
    
    DPRINT("HalInitTask(Thread %x, fn %x, StartContext %x)\n",
           thread,fn,StartContext);
    DPRINT("thread->ThreadsProcess %x\n",thread->ThreadsProcess);
    
-   KernelStack = ExAllocatePool(NonPagedPool, 3*PAGESIZE);
+   if (fn != NULL)
+     {
+	KernelStack = ExAllocatePool(NonPagedPool, 3*PAGESIZE);
+     }
+   else
+     {
+	KernelStack = (PULONG)init_stack;
+     }
    
    /*
     * Make sure
@@ -281,9 +302,12 @@ NTSTATUS HalInitTask(PETHREAD thread, PKSTART_ROUTINE fn, PVOID StartContext)
     * Initialize the stack for the thread (including the two arguments to 
     * the general start routine).					   
     */
-   KernelStack[1023] = (unsigned int)StartContext;
-   KernelStack[1022] = (unsigned int)fn;
-   KernelStack[1021] = 0;     
+   if (fn != NULL)
+     {
+	KernelStack[3071] = (unsigned int)StartContext;
+	KernelStack[3070] = (unsigned int)fn;
+	KernelStack[3069] = 0;
+     }
    
    /*
     * Initialize the thread context
@@ -292,9 +316,9 @@ NTSTATUS HalInitTask(PETHREAD thread, PKSTART_ROUTINE fn, PVOID StartContext)
    thread->Tcb.Context.ldt = KiNullLdtSel;
    thread->Tcb.Context.eflags = (1<<1)+(1<<9);
    thread->Tcb.Context.iomap_base = FIELD_OFFSET(hal_thread_state,io_bitmap);
-   thread->Tcb.Context.esp0 = (ULONG)&KernelStack[1021];
+   thread->Tcb.Context.esp0 = (ULONG)&KernelStack[3069];
    thread->Tcb.Context.ss0 = KERNEL_DS;
-   thread->Tcb.Context.esp = (ULONG)&KernelStack[1021];
+   thread->Tcb.Context.esp = (ULONG)&KernelStack[3069];
    thread->Tcb.Context.ss = KERNEL_DS;
    thread->Tcb.Context.cs = KERNEL_CS;
    thread->Tcb.Context.eip = (ULONG)PsBeginThread;
diff --git a/reactos/ntoskrnl/ldr/rtl.c b/reactos/ntoskrnl/ldr/rtl.c
index b01cf0c1444..9afb124f1c1 100644
--- a/reactos/ntoskrnl/ldr/rtl.c
+++ b/reactos/ntoskrnl/ldr/rtl.c
@@ -1,4 +1,4 @@
-/* $Id: rtl.c,v 1.5 2000/03/18 15:12:18 ea Exp $
+/* $Id: rtl.c,v 1.6 2000/04/07 02:24:00 dwelch Exp $
  *
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -22,14 +22,12 @@
 #include <internal/teb.h>
 #include <internal/ldr.h>
 
-#define NDEBUG
+//#define NDEBUG
 #include <internal/debug.h>
 
 /* FUNCTIONS ****************************************************************/
 
-PIMAGE_NT_HEADERS
-STDCALL
-RtlImageNtHeader (IN PVOID BaseAddress)
+PIMAGE_NT_HEADERS STDCALL RtlImageNtHeader (IN PVOID BaseAddress)
 {
    PIMAGE_DOS_HEADER DosHeader;
    PIMAGE_NT_HEADERS NTHeaders;
@@ -39,6 +37,9 @@ RtlImageNtHeader (IN PVOID BaseAddress)
    DPRINT("DosHeader %x\n", DosHeader);
    NTHeaders = (PIMAGE_NT_HEADERS)(BaseAddress + DosHeader->e_lfanew);
    DPRINT("NTHeaders %x\n", NTHeaders);
+   DPRINT("DosHeader->e_magic %x DosHeader->e_lfanew %x\n",
+	  DosHeader->e_magic, DosHeader->e_lfanew);
+   DPRINT("*NTHeaders %x\n", *(PULONG)NTHeaders);
    if ((DosHeader->e_magic != IMAGE_DOS_MAGIC)
        || (DosHeader->e_lfanew == 0L)
        || (*(PULONG) NTHeaders != IMAGE_PE_MAGIC))
diff --git a/reactos/ntoskrnl/ldr/userldr.c b/reactos/ntoskrnl/ldr/userldr.c
index 9f58bd1463e..d796dd149a6 100644
--- a/reactos/ntoskrnl/ldr/userldr.c
+++ b/reactos/ntoskrnl/ldr/userldr.c
@@ -23,7 +23,7 @@
 #include <internal/teb.h>
 #include <internal/ldr.h>
 
-#define NDEBUG
+//#define NDEBUG
 #include <internal/debug.h>
 
 #include "syspath.h"
@@ -71,7 +71,7 @@ NTSTATUS LdrpMapImage(HANDLE ProcessHandle,
     * map the dos header into the process
     */
    DPRINT("Mapping view of section\n");
-   InitialViewSize = sizeof(PIMAGE_DOS_HEADER);
+   InitialViewSize = sizeof(IMAGE_DOS_HEADER);
    ImageBase = NULL;
    
    Status = ZwMapViewOfSection(SectionHandle,
@@ -110,6 +110,7 @@ NTSTATUS LdrpMapImage(HANDLE ProcessHandle,
      }
    
    DPRINT("Mapping view of section\n");
+   ImageBase = NULL;
    Status = ZwMapViewOfSection(SectionHandle,
 			       ProcessHandle,
 			       (PVOID*)&ImageBase,
@@ -126,6 +127,7 @@ NTSTATUS LdrpMapImage(HANDLE ProcessHandle,
 	return(Status);
      }
    
+   DPRINT("ImageBase %x\n", ImageBase);
    
    /*
     * TBD
@@ -133,12 +135,15 @@ NTSTATUS LdrpMapImage(HANDLE ProcessHandle,
    DPRINT("Attaching to process\n");
    KeAttachProcess(Process);
    NTHeaders = RtlImageNtHeader(ImageBase);
+   DPRINT("NTHeaders %x\n", NTHeaders);
    InitialViewSize = ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew +
      sizeof(IMAGE_NT_HEADERS) +
      (sizeof (IMAGE_SECTION_HEADER) * NTHeaders->FileHeader.NumberOfSections);
    DPRINT("InitialViewSize %x\n", InitialViewSize);
    FinalBase = (PVOID)NTHeaders->OptionalHeader.ImageBase;
+   DPRINT("FinalBase %x\n", FinalBase);
    NumberOfSections = NTHeaders->FileHeader.NumberOfSections;
+   DPRINT("NrSections %d\n", NumberOfSections);
    KeDetachProcess();
    
    DPRINT("Unmapping view of section\n");
diff --git a/reactos/ntoskrnl/makefile_rex b/reactos/ntoskrnl/makefile_rex
index be3744dc5df..1dd640e97cf 100644
--- a/reactos/ntoskrnl/makefile_rex
+++ b/reactos/ntoskrnl/makefile_rex
@@ -1,4 +1,4 @@
-# $Id: makefile_rex,v 1.66 2000/04/02 13:32:39 ea Exp $
+# $Id: makefile_rex,v 1.67 2000/04/07 02:23:59 dwelch Exp $
 #
 # ReactOS Operating System
 #
@@ -41,7 +41,7 @@ MM_OBJECTS = mm/mm.o mm/freelist.o mm/pool.o mm/virtual.o \
 	     mm/pagfault.o
 
 
-MM_I386_OBJECTS = mm/i386/page.o mm/i386/memsafe.o
+MM_I386_OBJECTS = mm/i386/page.o mm/i386/memsafe.o mm/i386/pfault.o
 
 IO_OBJECTS = io/iomgr.o io/create.o io/irp.o io/device.o io/rw.o \
              io/queue.o io/drvlck.o io/timer.o io/share.o io/errlog.o \
diff --git a/reactos/ntoskrnl/mm/aspace.c b/reactos/ntoskrnl/mm/aspace.c
index 2308c2d8e12..29df4a8f60c 100644
--- a/reactos/ntoskrnl/mm/aspace.c
+++ b/reactos/ntoskrnl/mm/aspace.c
@@ -1,4 +1,4 @@
-/* $Id: aspace.c,v 1.1 2000/03/29 13:11:54 dwelch Exp $
+/* $Id: aspace.c,v 1.2 2000/04/07 02:24:00 dwelch Exp $
  * 
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -38,7 +38,7 @@ VOID MmUnlockAddressSpace(PMADDRESS_SPACE AddressSpace)
 
 VOID MmInitializeKernelAddressSpace(VOID)
 {
-   MmInitializeAddressSpace(&KernelAddressSpace);
+   MmInitializeAddressSpace(NULL, &KernelAddressSpace);
    KernelAddressSpace.LowestAddress = KERNEL_BASE;
 }
 
@@ -52,11 +52,13 @@ PMADDRESS_SPACE MmGetKernelAddressSpace(VOID)
    return(&KernelAddressSpace);
 }
 
-NTSTATUS MmInitializeAddressSpace(PMADDRESS_SPACE AddressSpace)
+NTSTATUS MmInitializeAddressSpace(PEPROCESS Process,
+				  PMADDRESS_SPACE AddressSpace)
 {
    InitializeListHead(&AddressSpace->MAreaListHead);
    KeInitializeMutex(&AddressSpace->Lock, 1);
    AddressSpace->LowestAddress = MM_LOWEST_USER_ADDRESS;
+   AddressSpace->Process = Process;
    return(STATUS_SUCCESS);
 }
 
diff --git a/reactos/ntoskrnl/mm/i386/page.c b/reactos/ntoskrnl/mm/i386/page.c
index 51f3efb1ae9..cd9223f9c11 100644
--- a/reactos/ntoskrnl/mm/i386/page.c
+++ b/reactos/ntoskrnl/mm/i386/page.c
@@ -1,4 +1,4 @@
-/* $Id: page.c,v 1.7 2000/04/02 13:32:43 ea Exp $
+/* $Id: page.c,v 1.8 2000/04/07 02:24:01 dwelch Exp $
  *
  * COPYRIGHT:   See COPYING in the top directory
  * PROJECT:     ReactOS kernel
@@ -59,7 +59,7 @@ static ULONG ProtectToPTE(ULONG flProtect)
 
 #define ADDR_TO_PDE(v) (PULONG)(PAGEDIRECTORY_MAP + \
                                 (((ULONG)v / (1024 * 1024))&(~0x3)))
-#define ADDR_TO_PTE(v) (PULONG)(PAGETABLE_MAP + ((ULONG)v / 1024))
+#define ADDR_TO_PTE(v) (PULONG)(PAGETABLE_MAP + ((((ULONG)v / 1024))&(~0x3)))
 
 NTSTATUS Mmi386ReleaseMmInfo(PEPROCESS Process)
 {
diff --git a/reactos/ntoskrnl/mm/i386/pfault.c b/reactos/ntoskrnl/mm/i386/pfault.c
new file mode 100644
index 00000000000..af8b4884281
--- /dev/null
+++ b/reactos/ntoskrnl/mm/i386/pfault.c
@@ -0,0 +1,49 @@
+/*
+ * COPYRIGHT:       See COPYING in the top level directory
+ * PROJECT:         ReactOS kernel
+ * FILE:            ntoskrnl/mm/i386/pfault.c
+ * PURPOSE:         Paging file functions
+ * PROGRAMMER:      David Welch (welch@mcmail.com)
+ * UPDATE HISTORY:
+ *                  Created 22/05/98
+ */
+
+/* INCLUDES *****************************************************************/
+
+#include <ddk/ntddk.h>
+#include <internal/mm.h>
+
+#define NDEBUG
+#include <internal/debug.h>
+
+/* FUNCTIONS *****************************************************************/
+
+NTSTATUS MmPageFault(ULONG Cs,
+		     PULONG Eip,
+		     PULONG Eax,
+		     ULONG Cr2,
+		     ULONG ErrorCode)
+{
+   KPROCESSOR_MODE Mode;
+   
+   DPRINT("MmPageFault(Eip %x, Cr2 %x, ErrorCode %x)\n",
+	  Eip, Cr2, ErrorCode);
+   
+   if (ErrorCode & 0x4)
+     {
+	Mode = UserMode;
+     }
+   else
+     {
+	Mode = KernelMode;
+     }
+   
+   if (ErrorCode & 0x1)
+     {
+	return(MmAccessFault(Mode, Cr2));
+     }
+   else
+     {
+	return(MmNotPresentFault(Mode, Cr2));
+     }
+}
diff --git a/reactos/ntoskrnl/mm/marea.c b/reactos/ntoskrnl/mm/marea.c
index 6388a6203a6..986482f524c 100644
--- a/reactos/ntoskrnl/mm/marea.c
+++ b/reactos/ntoskrnl/mm/marea.c
@@ -47,7 +47,9 @@ MEMORY_AREA* MmOpenMemoryAreaByAddress(PMADDRESS_SPACE AddressSpace,
    PLIST_ENTRY previous_entry;
 
    DPRINT("MmOpenMemoryAreaByAddress(AddressSpace %x, Address %x)\n",
-	  AddressSpace, Address);
+	   AddressSpace, Address);
+   
+//   MmDumpMemoryAreas(&AddressSpace->MAreaListHead);
    
    previous_entry = &AddressSpace->MAreaListHead;
    current_entry = AddressSpace->MAreaListHead.Flink;
@@ -57,7 +59,7 @@ MEMORY_AREA* MmOpenMemoryAreaByAddress(PMADDRESS_SPACE AddressSpace,
 				    MEMORY_AREA,
 				    Entry);
 	DPRINT("Scanning %x BaseAddress %x Length %x\n",
-	       current, current->BaseAddress, current->Length);
+		current, current->BaseAddress, current->Length);
 	assert(current_entry->Blink->Flink == current_entry);
 	if (current_entry->Flink->Blink != current_entry)
 	  {
@@ -279,7 +281,7 @@ NTSTATUS MmFreeMemoryArea(PMADDRESS_SPACE AddressSpace,
    LARGE_INTEGER PhysicalAddr;
    
    DPRINT("MmFreeMemoryArea(AddressSpace %x, BaseAddress %x, Length %x,"
-          "FreePages %d)\n",AddressSpace,BaseAddress,Length,FreePages);
+	   "FreePages %d)\n",AddressSpace,BaseAddress,Length,FreePages);
 
    MemoryArea = MmOpenMemoryAreaByAddress(AddressSpace,
 					  BaseAddress);
@@ -299,7 +301,17 @@ NTSTATUS MmFreeMemoryArea(PMADDRESS_SPACE AddressSpace,
      }
    for (i=0; i<=(MemoryArea->Length/PAGESIZE); i++)
      {
-	MmSetPage(NULL,
+	if (AddressSpace->Process != NULL)
+	  {
+	     DPRINT("Freeing %x in %d\n", 
+		     MemoryArea->BaseAddress + (i*PAGESIZE),
+		     AddressSpace->Process->UniqueProcessId);
+	  }
+	else
+	  {
+//	     DPRINT("Freeing %x in kernel address space\n");
+	  }
+	MmSetPage(AddressSpace->Process,
 		  MemoryArea->BaseAddress + (i*PAGESIZE),
 		  0,
 		  0);
@@ -308,6 +320,8 @@ NTSTATUS MmFreeMemoryArea(PMADDRESS_SPACE AddressSpace,
    RemoveEntryList(&(MemoryArea->Entry));
    ExFreePool(MemoryArea);
    
+   DPRINT("MmFreeMemoryArea() succeeded\n");
+   
    return(STATUS_SUCCESS);
 }
 
@@ -379,8 +393,8 @@ NTSTATUS MmCreateMemoryArea(PEPROCESS Process,
  */
 {
    DPRINT("MmCreateMemoryArea(Type %d, BaseAddress %x,"
-	  "*BaseAddress %x, Length %x, Attributes %x, Result %x)\n",
-          Type,BaseAddress,*BaseAddress,Length,Attributes,Result);
+	   "*BaseAddress %x, Length %x, Attributes %x, Result %x)\n",
+	   Type,BaseAddress,*BaseAddress,Length,Attributes,Result);
 
    if ((*BaseAddress)==0)
      {
@@ -415,5 +429,7 @@ NTSTATUS MmCreateMemoryArea(PEPROCESS Process,
    (*Result)->Process = Process;
    
    MmInsertMemoryArea(AddressSpace, *Result);
+   
+   DPRINT("MmCreateMemoryArea() succeeded\n");
    return(STATUS_SUCCESS);
 }
diff --git a/reactos/ntoskrnl/mm/mm.c b/reactos/ntoskrnl/mm/mm.c
index ca478cba611..d3399552344 100644
--- a/reactos/ntoskrnl/mm/mm.c
+++ b/reactos/ntoskrnl/mm/mm.c
@@ -1,4 +1,4 @@
-/* $Id: mm.c,v 1.27 2000/04/02 13:32:41 ea Exp $
+/* $Id: mm.c,v 1.28 2000/04/07 02:24:00 dwelch Exp $
  *
  * COPYRIGHT:   See COPYING in the top directory
  * PROJECT:     ReactOS kernel 
@@ -159,16 +159,20 @@ NTSTATUS MmSectionHandleFault(PMADDRESS_SPACE AddressSpace,
    PMDL Mdl;
    PVOID Page;
    NTSTATUS Status;
+   ULONG PAddress;
    
    DPRINT("MmSectionHandleFault(MemoryArea %x, Address %x)\n",
-	  MemoryArea,Address);
+	   MemoryArea,Address);
    
    if (MmIsPagePresent(NULL, Address))
      {
 	return(STATUS_SUCCESS);
      }
    
-   Offset.QuadPart = (Address - MemoryArea->BaseAddress) + 
+   DPRINT("Page isn't present\n");
+   PAddress = (ULONG)PAGE_ROUND_DOWN(((ULONG)Address));
+   DPRINT("PAddress %x\n", PAddress);
+   Offset.QuadPart = (PAddress - (ULONG)MemoryArea->BaseAddress) +
      MemoryArea->Data.SectionData.ViewOffset;
    
    DPRINT("MemoryArea->Data.SectionData.Section->FileObject %x\n",
@@ -198,30 +202,36 @@ NTSTATUS MmSectionHandleFault(PMADDRESS_SPACE AddressSpace,
 	return(STATUS_SUCCESS);
      }
    
+   DPRINT("Creating mdl\n");
    Mdl = MmCreateMdl(NULL, NULL, PAGESIZE);
+   DPRINT("Building mdl\n");
    MmBuildMdlFromPages(Mdl);
-     
+   DPRINT("Getting page address\n");
    Page = MmGetMdlPageAddress(Mdl, 0);
-   
+   DPRINT("Unlocking address space\n");
    MmUnlockAddressSpace(AddressSpace);
-   
+   DPRINT("Reading page\n");
    Status = IoPageRead(MemoryArea->Data.SectionData.Section->FileObject,
 		       Mdl,
 		       &Offset,
 		       &IoStatus);
-   
+   DPRINT("Read page\n");
    if (!NT_SUCCESS(Status))
      {
+	DPRINT("Failed to read page\n");
 	return(Status);
      }
-      
+     
+   DPRINT("Locking address space\n");
    MmLockAddressSpace(AddressSpace);
    
+   DPRINT("Testing if page is present\n");
    if (MmIsPagePresent(NULL, Address))
      {
 	return(STATUS_SUCCESS);
      }
    
+   DPRINT("Setting page\n");
    MmSetPage(NULL,
 	     Address,
 	     MemoryArea->Attributes,
@@ -232,65 +242,45 @@ NTSTATUS MmSectionHandleFault(PMADDRESS_SPACE AddressSpace,
    return(STATUS_SUCCESS);
 }
 
-ULONG MmPageFault(ULONG cs, ULONG eip, ULONG error_code)
-/*
- * FUNCTION: Handle a page fault
- */
+NTSTATUS MmAccessFault(KPROCESSOR_MODE Mode,
+		       ULONG Address)
+{
+   return(STATUS_UNSUCCESSFUL);
+}
+
+NTSTATUS MmNotPresentFault(KPROCESSOR_MODE Mode,
+			   ULONG Address)
 {
    PMADDRESS_SPACE AddressSpace;
    MEMORY_AREA* MemoryArea;
    NTSTATUS Status;
-   unsigned int cr2;
-//   unsigned int cr3;
    
-   /*
-    * Get the address for the page fault
-    */
-   __asm__("movl %%cr2,%0\n\t" : "=d" (cr2));
-//   __asm__("movl %%cr3,%0\n\t" : "=d" (cr3));
-//   DPRINT1("Page fault address %x eip %x process %x code %x cr3 %x\n",cr2,eip,
-//	  PsGetCurrentProcess(), error_code, cr3);
-
-//   MmSetPageProtect(PsGetCurrentProcess(),
-//		    (PVOID)PAGE_ROUND_DOWN(PsGetCurrentProcess()),
-//		    0x7);
-   
-   cr2 = PAGE_ROUND_DOWN(cr2);
-   
-   if (error_code & 0x1)
-     {
-	DbgPrint("Page protection fault at %x with eip %x\n", cr2, eip);
-	return(0);
-     }
-   
-//   DbgPrint("(%%");
+   DPRINT("MmNotPresentFault(Mode %d, Address %x)\n", Mode, Address);
    
    if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
      {
 	DbgPrint("Page fault at high IRQL was %d\n", KeGetCurrentIrql());
-	return(0);
-//	KeBugCheck(0);
+	return(STATUS_UNSUCCESSFUL);
      }
    if (PsGetCurrentProcess() == NULL)
      {
 	DbgPrint("No current process\n");
-	return(0);
+	return(STATUS_UNSUCCESSFUL);
      }
    
    /*
     * Find the memory area for the faulting address
     */
-   if (cr2 >= KERNEL_BASE)
+   if (Address >= KERNEL_BASE)
      {
 	/*
 	 * Check permissions
 	 */
-	if (cs != KERNEL_CS)
+	if (Mode != KernelMode)
 	  {
 	     DbgPrint("%s:%d\n",__FILE__,__LINE__);
-	     return(0);
+	     return(STATUS_UNSUCCESSFUL);
 	  }
-	AddressSpace = &PsGetCurrentProcess()->Pcb.AddressSpace;
 	AddressSpace = MmGetKernelAddressSpace();
      }
    else
@@ -299,12 +289,12 @@ ULONG MmPageFault(ULONG cs, ULONG eip, ULONG error_code)
      }
    
    MmLockAddressSpace(AddressSpace);
-   MemoryArea = MmOpenMemoryAreaByAddress(AddressSpace, (PVOID)cr2);
+   MemoryArea = MmOpenMemoryAreaByAddress(AddressSpace, (PVOID)Address);
    if (MemoryArea == NULL)
      {
 	DbgPrint("%s:%d\n",__FILE__,__LINE__);
 	MmUnlockAddressSpace(AddressSpace);
-	return(0);
+	return(STATUS_UNSUCCESSFUL);
      }
    
    switch (MemoryArea->Type)
@@ -316,13 +306,13 @@ ULONG MmPageFault(ULONG cs, ULONG eip, ULONG error_code)
       case MEMORY_AREA_SECTION_VIEW_COMMIT:
 	Status = MmSectionHandleFault(AddressSpace,
 				      MemoryArea, 
-				      (PVOID)cr2);
+				      (PVOID)Address);
 	break;
 	
       case MEMORY_AREA_COMMIT:
 	Status = MmCommitedSectionHandleFault(AddressSpace,
 					      MemoryArea,
-					      (PVOID)cr2);
+					      (PVOID)Address);
 	break;
 	
       default:
@@ -331,7 +321,7 @@ ULONG MmPageFault(ULONG cs, ULONG eip, ULONG error_code)
      }
    DPRINT("Completed page fault handling\n");
    MmUnlockAddressSpace(AddressSpace);
-   return(NT_SUCCESS(Status));
+   return(Status);
 }
 
 BOOLEAN STDCALL MmIsThisAnNtAsSystem(VOID)
diff --git a/reactos/ntoskrnl/mm/npool.c b/reactos/ntoskrnl/mm/npool.c
index eb193273353..37efb5ba7a2 100644
--- a/reactos/ntoskrnl/mm/npool.c
+++ b/reactos/ntoskrnl/mm/npool.c
@@ -1,4 +1,4 @@
-/* $Id: npool.c,v 1.26 2000/03/01 22:52:28 ea Exp $
+/* $Id: npool.c,v 1.27 2000/04/07 02:24:00 dwelch Exp $
  *
  * COPYRIGHT:    See COPYING in the top level directory
  * PROJECT:      ReactOS kernel
@@ -601,9 +601,7 @@ asmlinkage VOID ExFreePool(PVOID block)
             ((PULONG)&block)[-1]);
    
    KeAcquireSpinLock(&MmNpoolLock, &oldIrql);
-   
-   memset(block, 0xcc, blk->size);
-   
+      
    VALIDATE_POOL;
    
    if (blk->magic != BLOCK_HDR_MAGIC)
@@ -613,6 +611,8 @@ asmlinkage VOID ExFreePool(PVOID block)
 	return;
      }
    
+   memset(block, 0xcc, blk->size);
+   
    /*
     * Please don't change the order
     */
diff --git a/reactos/ntoskrnl/mm/section.c b/reactos/ntoskrnl/mm/section.c
index a82174d39cf..da69be2ecc1 100644
--- a/reactos/ntoskrnl/mm/section.c
+++ b/reactos/ntoskrnl/mm/section.c
@@ -1,4 +1,4 @@
-/* $Id: section.c,v 1.28 2000/04/03 21:54:39 dwelch Exp $
+/* $Id: section.c,v 1.29 2000/04/07 02:24:01 dwelch Exp $
  *
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -111,13 +111,13 @@ PVOID MiTryToSharePageInSection(PSECTION_OBJECT Section,
 
 VOID MmpDeleteSection(PVOID ObjectBody)
 {
-   DPRINT1("MmpDeleteSection(ObjectBody %x)\n", ObjectBody);
+   DPRINT("MmpDeleteSection(ObjectBody %x)\n", ObjectBody);
 }
 
 VOID MmpCloseSection(PVOID ObjectBody,
 		     ULONG HandleCount)
 {
-   DPRINT1("MmpCloseSection(OB %x, HC %d) RC %d\n",
+   DPRINT("MmpCloseSection(OB %x, HC %d) RC %d\n",
 	   ObjectBody, HandleCount, ObGetReferenceCount(ObjectBody));
 }
 
@@ -493,7 +493,7 @@ NTSTATUS STDCALL MmUnmapViewOfSection(PEPROCESS Process,
    
    Section = MemoryArea->Data.SectionData.Section;
    
-   DPRINT1("MmUnmapViewOfSection(Section %x) SectionRC %d\n",
+   DPRINT("MmUnmapViewOfSection(Section %x) SectionRC %d\n",
 	   Section, ObGetReferenceCount(Section));
    
    KeAcquireSpinLock(&Section->ViewListLock, &oldIrql);
@@ -530,7 +530,7 @@ NTSTATUS STDCALL NtUnmapViewOfSection (HANDLE	ProcessHandle,
    PMADDRESS_SPACE AddressSpace;
    
    DPRINT("NtUnmapViewOfSection(ProcessHandle %x, BaseAddress %x)\n",
-	  ProcessHandle, BaseAddress);
+	   ProcessHandle, BaseAddress);
    
    DPRINT("Referencing process\n");
    Status = ObReferenceObjectByHandle(ProcessHandle,
@@ -548,7 +548,7 @@ NTSTATUS STDCALL NtUnmapViewOfSection (HANDLE	ProcessHandle,
    AddressSpace = &Process->Pcb.AddressSpace;
    
    DPRINT("Opening memory area Process %x BaseAddress %x\n",
-	  Process, BaseAddress);
+	   Process, BaseAddress);
    MmLockAddressSpace(AddressSpace);
    MemoryArea = MmOpenMemoryAreaByAddress(AddressSpace,
 					  BaseAddress);
@@ -562,6 +562,7 @@ NTSTATUS STDCALL NtUnmapViewOfSection (HANDLE	ProcessHandle,
    Status = MmUnmapViewOfSection(Process,
 				 MemoryArea);
    
+   DPRINT("MmFreeMemoryArea()\n");
    Status = MmFreeMemoryArea(&Process->Pcb.AddressSpace,
 			     BaseAddress,
 			     0,
diff --git a/reactos/ntoskrnl/mm/virtual.c b/reactos/ntoskrnl/mm/virtual.c
index 0cbb4f3c032..659e96d8ad5 100644
--- a/reactos/ntoskrnl/mm/virtual.c
+++ b/reactos/ntoskrnl/mm/virtual.c
@@ -1,4 +1,4 @@
-/* $Id: virtual.c,v 1.26 2000/04/02 13:32:42 ea Exp $
+/* $Id: virtual.c,v 1.27 2000/04/07 02:24:01 dwelch Exp $
  *
  * COPYRIGHT:   See COPYING in the top directory
  * PROJECT:     ReactOS kernel
@@ -341,8 +341,8 @@ NTSTATUS STDCALL NtFreeVirtualMemory(IN	HANDLE	ProcessHandle,
 	ObDereferenceObject(Process);
 	return(STATUS_SUCCESS);
      }
-   ObDereferenceObject(Process);
    MmUnlockAddressSpace(AddressSpace);
+   ObDereferenceObject(Process);
    return(STATUS_NOT_IMPLEMENTED);
 }
 
diff --git a/reactos/ntoskrnl/nt/port.c b/reactos/ntoskrnl/nt/port.c
index 9d8d66e543f..0f6bc8e4b4a 100644
--- a/reactos/ntoskrnl/nt/port.c
+++ b/reactos/ntoskrnl/nt/port.c
@@ -1,4 +1,4 @@
-/* $Id: port.c,v 1.18 2000/04/03 21:54:39 dwelch Exp $
+/* $Id: port.c,v 1.19 2000/04/07 02:24:02 dwelch Exp $
  * 
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -16,6 +16,7 @@
 #include <string.h>
 #include <internal/string.h>
 #include <internal/port.h>
+#include <internal/dbg.h>
 
 #define NDEBUG
 #include <internal/debug.h>
@@ -646,12 +647,19 @@ NTSTATUS STDCALL LpcSendTerminationPort(PEPORT Port,
    LPC_TERMINATION_MESSAGE Msg;
    
    Msg.CreationTime = CreationTime;
-   Status = EiReplyOrRequestPort(Port,
-				 &Msg.Header,
-				 LPC_DATAGRAM,
-				 NULL);
-   KeSetEvent(&Port->Event, IO_NO_INCREMENT, FALSE);
-   return(STATUS_SUCCESS);
+   Status = LpcRequestPort(Port,
+			   &Msg.Header);
+   return(Status);
+}
+
+NTSTATUS STDCALL LpcSendDebugMessagePort(PEPORT Port,
+					 PLPC_DBG_MESSAGE Message)
+{
+   NTSTATUS Status;
+   
+   Status = LpcRequestPort(Port,
+			   &Message->Header);
+   return(Status);
 }
 
 NTSTATUS STDCALL LpcRequestPort(PEPORT Port,
@@ -661,11 +669,11 @@ NTSTATUS STDCALL LpcRequestPort(PEPORT Port,
    
    DPRINT("LpcRequestPort(PortHandle %x LpcMessage %x)\n", Port, LpcMessage);
    
-   Status = EiReplyOrRequestPort(Port->OtherPort, 
+   Status = EiReplyOrRequestPort(Port, 
 				 LpcMessage, 
 				 LPC_DATAGRAM,
 				 Port);
-   KeSetEvent(&Port->OtherPort->Event, IO_NO_INCREMENT, FALSE);
+   KeSetEvent(&Port->Event, IO_NO_INCREMENT, FALSE);
 
    return(Status);
 }
@@ -691,7 +699,8 @@ NTSTATUS STDCALL NtRequestPort (IN HANDLE PortHandle,
 	return(Status);
      }
 
-   Status = LpcRequestPort(Port, LpcMessage);
+   Status = LpcRequestPort(Port->OtherPort, 
+			   LpcMessage);
    
    ObDereferenceObject(Port);
    return(Status);
diff --git a/reactos/ntoskrnl/ps/create.c b/reactos/ntoskrnl/ps/create.c
index b794729fe68..897b5d11791 100644
--- a/reactos/ntoskrnl/ps/create.c
+++ b/reactos/ntoskrnl/ps/create.c
@@ -1,4 +1,4 @@
-/* $Id: create.c,v 1.13 2000/04/03 21:54:40 dwelch Exp $
+/* $Id: create.c,v 1.14 2000/04/07 02:24:02 dwelch Exp $
  *
  * COPYRIGHT:              See COPYING in the top level directory
  * PROJECT:                ReactOS kernel
@@ -547,6 +547,30 @@ NTSTATUS STDCALL NtCreateThread (PHANDLE			ThreadHandle,
 	*Client=Thread->Cid;
      }  
    
+   /*
+    * Maybe send a message to the process's debugger
+    */
+#if 0
+   if (ParentProcess->DebugPort != NULL)
+     {
+	LPC_DBG_MESSAGE Message;
+	PEPROCESS Process;
+	
+	
+	Message.Header.MessageSize = sizeof(LPC_DBG_MESSAGE);
+	Message.Header.DataSize = sizeof(LPC_DBG_MESSAGE) -
+	  sizeof(LPC_MESSAGE_HEADER);
+	Message.EventCode = DBG_EVENT_CREATE_THREAD;
+	Message.Data.CreateThread.StartAddress =
+	  ;
+	Message.Data.CreateProcess.Base = ImageBase;
+	Message.Data.CreateProcess.EntryPoint = NULL; //
+	
+	Status = LpcSendDebugMessagePort(ParentProcess->DebugPort,
+					 &Message);
+     }
+#endif
+   
    if (!CreateSuspended)
      {
         DPRINT("Not creating suspended\n");
diff --git a/reactos/ntoskrnl/ps/kill.c b/reactos/ntoskrnl/ps/kill.c
index c6fe783cd74..6eb3ae38c33 100644
--- a/reactos/ntoskrnl/ps/kill.c
+++ b/reactos/ntoskrnl/ps/kill.c
@@ -171,8 +171,9 @@ VOID PsTerminateOtherThread(PETHREAD Thread, NTSTATUS ExitStatus)
 NTSTATUS STDCALL PiTerminateProcess(PEPROCESS Process,
 				    NTSTATUS ExitStatus)
 {
-   DPRINT1("PiTerminateProcess(Process %x, ExitStatus %x) RC %d\n",
-	   Process, ExitStatus, ObGetReferenceCount(Process));
+   DPRINT1("PiTerminateProcess(Process %x, ExitStatus %x) RC %d HC %d\n",
+	   Process, ExitStatus, ObGetReferenceCount(Process),
+	   ObGetHandleCount(Process));
    
    if (Process->Pcb.ProcessState == PROCESS_STATE_TERMINATED)
      {
diff --git a/reactos/ntoskrnl/ps/process.c b/reactos/ntoskrnl/ps/process.c
index 85499458255..365b7791b60 100644
--- a/reactos/ntoskrnl/ps/process.c
+++ b/reactos/ntoskrnl/ps/process.c
@@ -20,6 +20,9 @@
 #include <internal/id.h>
 #include <internal/teb.h>
 #include <internal/ldr.h>
+#include <internal/port.h>
+#include <napi/dbg.h>
+#include <internal/dbg.h>
 
 #define NDEBUG
 #include <internal/debug.h>
@@ -162,7 +165,8 @@ VOID PsInitProcessManagment(VOID)
 				FALSE);
    KProcess = &SystemProcess->Pcb;  
    
-   MmInitializeAddressSpace(&SystemProcess->Pcb.AddressSpace);
+   MmInitializeAddressSpace(SystemProcess, 
+			    &SystemProcess->Pcb.AddressSpace);
    ObCreateHandleTable(NULL,FALSE,SystemProcess);
    KProcess->PageTableDirectory = get_page_directory();
    SystemProcess->UniqueProcessId = 
@@ -271,8 +275,8 @@ NTSTATUS STDCALL NtCreateProcess (OUT PHANDLE ProcessHandle,
 				  IN HANDLE ParentProcessHandle,
 				  IN BOOLEAN InheritObjectTable,
 				  IN HANDLE SectionHandle OPTIONAL,
-				  IN HANDLE DebugPort OPTIONAL,
-				  IN HANDLE ExceptionPort OPTIONAL)
+				  IN HANDLE DebugPortHandle OPTIONAL,
+				  IN HANDLE ExceptionPortHandle OPTIONAL)
 /*
  * FUNCTION: Creates a process.
  * ARGUMENTS:
@@ -303,6 +307,8 @@ NTSTATUS STDCALL NtCreateProcess (OUT PHANDLE ProcessHandle,
    PVOID LdrStartupAddr;
    PVOID ImageBase;
    PVOID Peb;
+   PEPORT DebugPort;
+   PEPORT ExceptionPort;
    
    DPRINT("NtCreateProcess(ObjectAttributes %x)\n",ObjectAttributes);
 
@@ -330,7 +336,8 @@ NTSTATUS STDCALL NtCreateProcess (OUT PHANDLE ProcessHandle,
    KProcess = &Process->Pcb;
    
    KProcess->BasePriority = PROCESS_PRIO_NORMAL;
-   MmInitializeAddressSpace(&KProcess->AddressSpace);
+   MmInitializeAddressSpace(Process,
+			    &KProcess->AddressSpace);
    Process->UniqueProcessId = InterlockedIncrement(&PiNextProcessUniqueId);
    Process->InheritedFromUniqueProcessId = ParentProcess->UniqueProcessId;
    ObCreateHandleTable(ParentProcess,
@@ -345,6 +352,50 @@ NTSTATUS STDCALL NtCreateProcess (OUT PHANDLE ProcessHandle,
    
    Process->Pcb.ProcessState = PROCESS_STATE_ACTIVE;
    
+   /*
+    * Add the debug port
+    */
+   if (DebugPortHandle != NULL)
+     {
+	Status = ObReferenceObjectByHandle(DebugPortHandle,
+					   PORT_ALL_ACCESS,
+					   ExPortType,
+					   UserMode,
+					   (PVOID*)&DebugPort,
+					   NULL);   
+	if (!NT_SUCCESS(Status))
+	  {
+	     ObDereferenceObject(Process);
+	     ObDereferenceObject(ParentProcess);
+	     ZwClose(*ProcessHandle);
+	     *ProcessHandle = NULL;
+	     return(Status);
+	  }
+	Process->DebugPort = DebugPort;
+     }
+	
+   /*
+    * Add the exception port
+    */
+   if (ExceptionPortHandle != NULL)
+     {
+	Status = ObReferenceObjectByHandle(ExceptionPortHandle,
+					   PORT_ALL_ACCESS,
+					   ExPortType,
+					   UserMode,
+					   (PVOID*)&ExceptionPort,
+					   NULL);   
+	if (!NT_SUCCESS(Status))
+	  {
+	     ObDereferenceObject(Process);
+	     ObDereferenceObject(ParentProcess);
+	     ZwClose(*ProcessHandle);
+	     *ProcessHandle = NULL;
+	     return(Status);
+	  }
+	Process->ExceptionPort = ExceptionPort;
+     }
+   
    /*
     * Now we have created the process proper
     */
@@ -394,10 +445,40 @@ NTSTATUS STDCALL NtCreateProcess (OUT PHANDLE ProcessHandle,
    if (!NT_SUCCESS(Status))
      {
         DbgPrint("NtCreateProcess() Peb creation failed: Status %x\n",Status);
+	ObDereferenceObject(Process);
+	ObDereferenceObject(ParentProcess);
+	ZwClose(*ProcessHandle);
+	*ProcessHandle = NULL;       
 	return(Status);
      }
    Process->Peb = Peb;
    
+   /*
+    * Maybe send a message to the creator process's debugger
+    */
+   if (ParentProcess->DebugPort != NULL)
+     {
+	LPC_DBG_MESSAGE Message;
+	HANDLE FileHandle;
+	
+	ObCreateHandle(NULL, // Debugger Process
+		       NULL, // SectionHandle
+		       FILE_ALL_ACCESS,
+		       FALSE,
+		       &FileHandle);
+	
+	Message.Header.MessageSize = sizeof(LPC_DBG_MESSAGE);
+	Message.Header.DataSize = sizeof(LPC_DBG_MESSAGE) -
+	  sizeof(LPC_MESSAGE_HEADER);
+	Message.Type = DBG_EVENT_CREATE_PROCESS;
+	Message.Data.CreateProcess.FileHandle = FileHandle;
+	Message.Data.CreateProcess.Base = ImageBase;
+	Message.Data.CreateProcess.EntryPoint = NULL; //
+	
+	Status = LpcSendDebugMessagePort(ParentProcess->DebugPort,
+					 &Message);
+     }
+   
    ObDereferenceObject(Process);
    ObDereferenceObject(ParentProcess);
    return(STATUS_SUCCESS);
diff --git a/reactos/ntoskrnl/ps/thread.c b/reactos/ntoskrnl/ps/thread.c
index c9b20c73805..3dfc6a7b3bd 100644
--- a/reactos/ntoskrnl/ps/thread.c
+++ b/reactos/ntoskrnl/ps/thread.c
@@ -1,4 +1,4 @@
-/* $Id: thread.c,v 1.44 1999/12/18 17:48:23 dwelch Exp $
+/* $Id: thread.c,v 1.45 2000/04/07 02:24:02 dwelch Exp $
  *
  * COPYRIGHT:              See COPYING in the top level directory
  * PROJECT:                ReactOS kernel
@@ -56,6 +56,56 @@ static PETHREAD CurrentThread = NULL;
 
 /* FUNCTIONS ***************************************************************/
 
+VOID PsFreezeProcessThreads(PEPROCESS Process)
+{
+   KIRQL oldIrql;
+   PLIST_ENTRY current_entry;
+   PETHREAD current;
+   
+   KeAcquireSpinLock(&PiThreadListLock, &oldIrql);
+   current_entry = PiThreadListHead.Flink;
+   
+   while (current_entry != &PiThreadListHead)
+     {
+	current = CONTAINING_RECORD(current_entry, ETHREAD, 
+				    Tcb.ThreadListEntry);
+	
+	current_entry = current_entry->Flink;
+	
+	if (current->ThreadsProcess == Process &&
+	    current != PsGetCurrentThread())
+	  {
+	     PsFreezeOtherThread(current);
+	  }
+     }
+   KeReleaseSpinLock(&PiThreadListLock, oldIrql);
+}
+
+VOID PsUnfreezeProcessThreads(PEPROCESS Process)
+{
+   KIRQL oldIrql;
+   PLIST_ENTRY current_entry;
+   PETHREAD current;
+   
+   KeAcquireSpinLock(&PiThreadListLock, &oldIrql);
+   current_entry = PiThreadListHead.Flink;
+   
+   while (current_entry != &PiThreadListHead)
+     {
+	current = CONTAINING_RECORD(current_entry, ETHREAD, 
+				    Tcb.ThreadListEntry);
+	
+	current_entry = current_entry->Flink;
+	
+	if (current->ThreadsProcess == Process &&
+	    current != PsGetCurrentThread())
+	  {
+	     PsUnfreezeOtherThread(current);
+	  }
+     }
+   KeReleaseSpinLock(&PiThreadListLock, oldIrql);
+}
+
 PKTHREAD KeGetCurrentThread(VOID)
 {
    return(&(CurrentThread->Tcb));
@@ -226,7 +276,42 @@ ULONG PsUnfreezeThread(PETHREAD Thread, PNTSTATUS WaitStatus)
    return(r);
 }
 
-ULONG PsFreezeThread(PETHREAD Thread, PNTSTATUS Status, UCHAR Alertable,
+VOID PsUnfreezeOtherThread(PETHREAD Thread)
+{
+   ULONG r;
+   
+   Thread->Tcb.FreezeCount--;
+   r = Thread->Tcb.FreezeCount;
+   
+   if (r <= 0)
+     {
+	Thread->Tcb.State = THREAD_STATE_RUNNABLE;
+	PsInsertIntoThreadList(Thread->Tcb.Priority, Thread);
+     }
+}
+
+VOID PsFreezeOtherThread(PETHREAD Thread)
+{
+   ULONG r;
+   
+   Thread->Tcb.FreezeCount++;
+   r = Thread->Tcb.FreezeCount;
+   
+   if (r == 0)
+     {
+	return;
+     }
+   
+   if (Thread->Tcb.State == THREAD_STATE_RUNNABLE)
+     {
+	RemoveEntryList(&Thread->Tcb.QueueListEntry);
+     }
+   Thread->Tcb.State = THREAD_STATE_FROZEN;   
+}
+
+ULONG PsFreezeThread(PETHREAD Thread, 
+		     PNTSTATUS Status, 
+		     UCHAR Alertable,
 		     ULONG WaitMode)
 {
    KIRQL oldIrql;