modified ntoskrnl/include/internal/ob.h

modified   ntoskrnl/ob/obhandle.c
   New helper routine ObGetProcessHandleCount to safely read the count of handles in a process without messing with Ob internals
   Goodbye ObpGetHandleCountByHandleTable

modified   ntoskrnl/ex/sysinfo.c
modified   ntoskrnl/ps/query.c
   Read handle counts with ObGetProcessHandleCount instead of ObpGetHandleCountByHandleTable
   Fixes at least one crash

Thanks to Stefan Ginsberg for reporting the issue and testing
Thanks to Alex Ionescu for code review and suggestions

See issue #4050 for more details.

svn path=/trunk/; revision=39169

reactos/ntoskrnl/ex/sysinfo.c

@@ -778,7 +778,7 @@ QSI_DEF(SystemProcessInformation)
             SpiCurrent->BasePriority = Process->Pcb.BasePriority;
             SpiCurrent->UniqueProcessId = Process->UniqueProcessId;
             SpiCurrent->InheritedFromUniqueProcessId = Process->InheritedFromUniqueProcessId;
-            SpiCurrent->HandleCount = (Process->ObjectTable ? ObpGetHandleCountByHandleTable(Process->ObjectTable) : 0);
+            SpiCurrent->HandleCount = ObGetProcessHandleCount(Process);
             SpiCurrent->PeakVirtualSize = Process->PeakVirtualSize;
             SpiCurrent->VirtualSize = Process->VirtualSize;
             SpiCurrent->PageFaultCount = Process->Vm.PageFaultCount;
@@ -1023,7 +1023,7 @@ QSI_DEF(SystemHandleInformation)
 
     do
     {
-        hCount = hCount + (pr->ObjectTable ? ObpGetHandleCountByHandleTable(pr->ObjectTable) : 0);
+        hCount = hCount + ObGetProcessHandleCount(pr);
         pr = PsGetNextProcess(pr);
 
         if ((pr == syspr) || (pr == NULL)) break;
@@ -1059,7 +1059,7 @@ QSI_DEF(SystemHandleInformation)
     {
         int Count = 0, HandleCount;
 
-        HandleCount = (pr->ObjectTable ? ObpGetHandleCountByHandleTable(pr->ObjectTable) : 0);
+        HandleCount = ObGetProcessHandleCount(pr);
 
         for (Count = 0; HandleCount > 0 ; HandleCount--)
         {

reactos/ntoskrnl/include/internal/ob.h

@@ -70,12 +70,6 @@
 #define ObMarkHandleAsKernelHandle(Handle)              \
     (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)
 
-//
-// Returns the number of handles in a handle table
-//
-#define ObpGetHandleCountByHandleTable(HandleTable)     \
-    ((PHANDLE_TABLE)HandleTable)->HandleCount
-
 //
 // Converts from an EXHANDLE object to a POBJECT_HEADER
 //
@@ -570,6 +564,15 @@ ObpCaptureObjectCreateInformation(
     OUT PUNICODE_STRING ObjectName
 );
 
+//
+// Miscellanea
+//
+ULONG
+NTAPI
+ObGetProcessHandleCount(
+    IN PEPROCESS Process
+);
+
 //
 // Global data inside the Object Manager
 //

reactos/ntoskrnl/ob/obhandle.c

@@ -54,6 +54,35 @@ ObDereferenceProcessHandleTable(IN PEPROCESS Process)
     ExReleaseRundownProtection(&Process->RundownProtect);
 }
 
+ULONG
+NTAPI
+ObGetProcessHandleCount(IN PEPROCESS Process)
+{
+    ULONG HandleCount;
+    PHANDLE_TABLE HandleTable;
+
+    ASSERT(Process);
+
+    /* Ensure the handle table doesn't go away while we use it */
+    HandleTable = ObReferenceProcessHandleTable(Process);
+
+    if (HandleTable != NULL)
+    {
+        /* Count the number of handles the process has */
+        HandleCount = HandleTable->HandleCount;
+
+        /* Let the handle table go */
+        ObDereferenceProcessHandleTable(Process);
+    }
+    else
+    {
+        /* No handle table, no handles */
+        HandleCount = 0;
+    }
+
+    return HandleCount;
+}
+
 NTSTATUS
 NTAPI
 ObpReferenceProcessObjectByHandle(IN HANDLE Handle,

reactos/ntoskrnl/ps/query.c

@@ -237,7 +237,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
             }
 
             /* Count the number of handles this process has */
-            HandleCount = ObpGetHandleCountByHandleTable(Process->ObjectTable);
+            HandleCount = ObGetProcessHandleCount(Process);
 
             /* Protect write in SEH */
             _SEH2_TRY