From 850d4b4ddf0ee6fd40e2d8a7cc1ecea39c8cd538 Mon Sep 17 00:00:00 2001
From: Giannis Adamopoulos <gadamopoulos@reactos.org>
Date: Sun, 19 Feb 2012 22:05:25 +0000
Subject: [PATCH] [ntoskrnl] - Fix a crash in KiSystemCall that was caused
 because PsConvertToGuiThread may have switched to a large kernel stack, but
 still returned with failure because win32k did not succeed. To fix it reload
 the trap frame after the call before checking for success.

svn path=/trunk/; revision=55724
---
 reactos/ntoskrnl/ke/i386/traphdlr.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/reactos/ntoskrnl/ke/i386/traphdlr.c b/reactos/ntoskrnl/ke/i386/traphdlr.c
index 29996ed53cf..3072e44e53d 100644
--- a/reactos/ntoskrnl/ke/i386/traphdlr.c
+++ b/reactos/ntoskrnl/ke/i386/traphdlr.c
@@ -1556,17 +1556,18 @@ KiSystemCall(IN PKTRAP_FRAME TrapFrame,
 
         /* Convert us to a GUI thread -- must wrap in ASM to get new EBP */
         Result = KiConvertToGuiThread();
+
+        /* Reload trap frame and descriptor table pointer from new stack */
+        TrapFrame = *(volatile PVOID*)&Thread->TrapFrame;
+        DescriptorTable = (PVOID)(*(volatile ULONG_PTR*)&Thread->ServiceTable + Offset);
+
         if (!NT_SUCCESS(Result))
         {
             /* Set the last error and fail */
             //SetLastWin32Error(RtlNtStatusToDosError(Result));
             goto ExitCall;
         }
-        
-        /* Reload trap frame and descriptor table pointer from new stack */
-        TrapFrame = *(volatile PVOID*)&Thread->TrapFrame;
-        DescriptorTable = (PVOID)(*(volatile ULONG_PTR*)&Thread->ServiceTable + Offset);
-        
+
         /* Validate the system call number again */
         if (Id >= DescriptorTable->Limit)
         {