Some bug fixes.

Corrected LPC implementation.

svn path=/trunk/; revision=814

reactos/apps/tests/lpc/lpcclt.c

@@ -26,11 +26,11 @@ void main(int argc, char* argv[])
    LPC_MESSAGE Request;
    char buffer[255];
    
-   printf("Lpc client\n");
+   printf("(lpcclt.exe) Lpc client\n");
    
    RtlInitUnicodeString(&PortName, L"\\TestPort");
    
-   printf("Connecting to port\n");
+   printf("(lpcclt.exe) Connecting to port\n");
    Status = NtConnectPort(&PortHandle,
 			  &PortName,
 			  NULL,
@@ -41,21 +41,23 @@ void main(int argc, char* argv[])
 			  0);
    if (!NT_SUCCESS(Status))
      {
-	printf("Failed to connect\n");
+	printf("(lpcclt.exe) Failed to connect\n");
 	return;
      }
    
    strcpy(buffer, GetCommandLineA());
    Request.Buffer = buffer;
-	
+   Request.Length = strlen(buffer);
+   
+   printf("(lpcclt.exe) Sending message\n");
    Status = NtRequestWaitReplyPort(PortHandle,
 				   NULL,
 				   &Request);
    if (!NT_SUCCESS(Status))
      {
-	printf("Failed to send request\n");
+	printf("(lpcclt.exe) Failed to send request\n");
 	return;
      }
    
-   printf("Succeeded\n");
+   printf("(lpcclt.exe) Succeeded\n");
 }

reactos/apps/tests/lpc/lpcsrv.c

@@ -26,7 +26,7 @@ void main(int argc, char* argv[])
    HANDLE NamedPortHandle;
    HANDLE PortHandle;
    
-   printf("Lpc test server\n");
+   printf("(lpcsrv.exe) Lpc test server\n");
    
    RtlInitUnicodeString(&PortName, L"\\TestPort");
    InitializeObjectAttributes(&ObjectAttributes,
@@ -35,7 +35,7 @@ void main(int argc, char* argv[])
 			      NULL,
 			      NULL);
    
-   printf("Creating port\n");
+   printf("(lpcsrv.exe) Creating port\n");
    Status = NtCreatePort(&NamedPortHandle,
 			 0,
 			 &ObjectAttributes,
@@ -43,21 +43,21 @@ void main(int argc, char* argv[])
 			 0);
    if (!NT_SUCCESS(Status))
      {
-	printf("Failed to create port\n");
+	printf("(lpcsrv.exe) Failed to create port\n");
 	return;
      }
    
    
-   printf("Listening for connections\n");
+   printf("(lpcsrv.exe) Listening for connections\n");
    Status = NtListenPort(NamedPortHandle,
 			 0);
    if (!NT_SUCCESS(Status))
      {
-	printf("Failed to listen for connections\n");
+	printf("(lpcsrv.exe) Failed to listen for connections\n");
 	return;
      }
    
-   printf("Accepting connections\n");
+   printf("(lpcsrv.exe) Accepting connections\n");
    Status = NtAcceptConnectPort(NamedPortHandle,
 				&PortHandle,
 				0,
@@ -66,15 +66,15 @@ void main(int argc, char* argv[])
 				0);
    if (!NT_SUCCESS(Status))
      {
-	printf("Failed to accept connection\n");
+	printf("(lpcsrv.exe) Failed to accept connection\n");
 	return;
      }   
    
-   printf("Completing connection\n");
+   printf("(lpcsrv.exe) Completing connection\n");
    Status = NtCompleteConnectPort(PortHandle);
    if (!NT_SUCCESS(Status))
      {
-	printf("Failed to complete connection\n");
+	printf("(lpcsrv.exe) Failed to complete connection\n");
 	return;
      }
    
@@ -90,10 +90,10 @@ void main(int argc, char* argv[])
 					NULL);
 	if (!NT_SUCCESS(Status))
 	  {
-	     printf("Failed to receive request\n");
+	     printf("(lpcsrv.exe) Failed to receive request\n");
 	     return;
 	  }
 	
-	printf("Message contents are <%s>\n", Request.Buffer);
+	printf("(lpcsrv.exe) Message contents are <%s>\n", Request.Buffer);
      }
 }

reactos/apps/tests/shm/makefile

@@ -15,9 +15,9 @@ all: $(PROGS)
 .phony: all
 
 clean:
-	- $(RM) shmsrv.o
+	- $(RM) *.o
-	- $(RM) shmsrv.exe
+	- $(RM) *.exe
-	- $(RM) shmsrv.sym
+	- $(RM) *.sym
 
 .phony: clean
 

reactos/apps/tests/shm/shmclt.c

@@ -17,7 +17,9 @@ void debug_printf(char* fmt, ...)
    va_end(args);
 }
 
-void main(int argc, char* argv[])
+
+int
+main(int argc, char* argv[])
 {
    HANDLE Section;
    PVOID BaseAddress;
@@ -25,13 +27,16 @@ void main(int argc, char* argv[])
    
    printf("Shm test server\n");
    
-   Section = OpenFileMappingW(PAGE_EXECUTE_READWRITE,
+   Section = OpenFileMappingW (
-			      FALSE,
+//		PAGE_EXECUTE_READWRITE, invalid parameter
-			      L"\\TestSection");
+		FILE_MAP_WRITE,
+		FALSE,
+		L"TestSection"
+		);
    if (Section == NULL)
      {
-	printf("Failed to open section");
+	printf("Failed to open section (err=%d)", GetLastError());
-	return;
+	return 1;
      }
    
    BaseAddress = MapViewOfFile(Section,
@@ -39,15 +44,17 @@ void main(int argc, char* argv[])
 			       0,
 			       0,
 			       8192);
-   printf("BaseAddress %x\n", BaseAddress);
    if (BaseAddress == NULL)
      {
-	printf("Failed to map section\n");
+	printf("Failed to map section (err=%d)\n", GetLastError());
+	return 1;
      }
+   printf("BaseAddress %x\n", (UINT) BaseAddress);
    printf("Copying from section\n");
    strcpy(buffer, BaseAddress);
    printf("Copyed <%s>\n", buffer);
    
 //   for(;;);
+	return 0;
 }
 

reactos/apps/tests/shm/shmsrv.c

@@ -1,3 +1,8 @@
+/* $Id: shmsrv.c,v 1.2 1999/12/02 20:53:52 dwelch Exp $
+ *
+ * FILE  : reactos/apps/shm/shmsrv.c
+ * AUTHOR: David Welch
+ */
 #include <ddk/ntddk.h>
 #include <stdarg.h>
 #include <string.h>
@@ -21,26 +26,31 @@ VOID STDCALL ApcRoutine(PVOID Context,
 			PIO_STATUS_BLOCK IoStatus,
 			ULONG Reserved)
 {
-   printf("(apc.exe) ApcRoutine(Context %x)\n", Context);
+   printf("(apc.exe) ApcRoutine(Context %x)\n", (UINT) Context);
 }
 
-void main(int argc, char* argv[])
+
+int
+main(int argc, char* argv[])
 {
    HANDLE Section;
    PVOID BaseAddress;
    
    printf("Shm test server\n");
    
-   Section = CreateFileMappingW(NULL,
+   Section = CreateFileMappingW (
-				NULL,
+			(HANDLE) 0xFFFFFFFF,
-				PAGE_EXECUTE_READWRITE,
+			NULL,
-				0,
+//			PAGE_EXECUTE_READWRITE, invalid parameter
-				8192,
+			PAGE_READWRITE, 
-				L"\\TestSection");
+			0,
+			8192,
+			L"TestSection"
+			);
    if (Section == NULL)
      {
-	printf("Failed to create section");
+	printf("Failed to create section (err=%d)", GetLastError());
-	return;
+	return 1;
      }
    
    BaseAddress = MapViewOfFile(Section,
@@ -48,7 +58,7 @@ void main(int argc, char* argv[])
 			       0,
 			       0,
 			       8192);
-   printf("BaseAddress %x\n", BaseAddress);
+   printf("BaseAddress %x\n", (UINT) BaseAddress);
    if (BaseAddress == NULL)
      {
 	printf("Failed to map section\n");
@@ -59,5 +69,7 @@ void main(int argc, char* argv[])
    strcpy(BaseAddress, GetCommandLineA());
    
    for(;;);
+
+   return 0;
 }
 

reactos/apps/utils/shell/shell.c

@@ -111,77 +111,66 @@ void ExecuteType(char* cmdline)
 
 int ExecuteProcess(char* name, char* cmdline, BOOL detached)
 {
-	PROCESS_INFORMATION	ProcessInformation;
+   PROCESS_INFORMATION	ProcessInformation;
-	STARTUPINFO		StartupInfo;
+   STARTUPINFO		StartupInfo;
-//	char			arguments;
+   //	char			arguments;
-	BOOL			ret;
+   BOOL			ret;
+   
+   memset(&StartupInfo, 0, sizeof(StartupInfo));
+   StartupInfo.cb = sizeof (STARTUPINFO);
+   StartupInfo.lpTitle = name;
 
-	memset(
+   ret = CreateProcessA(name,
-		& StartupInfo,
+			cmdline,
-		0,
+			NULL,
-		(sizeof StartupInfo)
+			NULL,
-		);
+			TRUE,
-	StartupInfo.cb = sizeof (STARTUPINFO);
+			((TRUE == detached)
-	StartupInfo.lpTitle = name;
+			 ? DETACHED_PROCESS
-
-	ret = CreateProcessA(
-		name,
-		cmdline,
-		NULL,
-		NULL,
-		TRUE,
-		(	(TRUE == detached)
-			? DETACHED_PROCESS
 			: CREATE_NEW_CONSOLE
 			),
-		NULL,
+			NULL,
-		NULL,
+			NULL,
-		& StartupInfo,
+			& StartupInfo,
-		& ProcessInformation
+			& ProcessInformation
-		);
+			);
-	if (TRUE == detached)
+   if (TRUE == detached)
-	{
+     {
-		if (ret)
+	if (ret)
-		{
+	  {
-			debug_printf(
+	     debug_printf("%s detached:\n"
-"%s detached:\n\
+			  "\thProcess = %08X\n"
-\thProcess = %08X\n\
+			  "\thThread  = %08X\n"
-\thThread  = %08X\n\
+			  "\tPID      = %d\n"
-\tPID      = %d\n\
+			  "\tTID      = %d\n\n",
-\tTID      = %d\n\n",
+			  name,
-				name,
+			  ProcessInformation.hProcess,
-				ProcessInformation.hProcess,
+			  ProcessInformation.hThread,
-				ProcessInformation.hThread,
+			  ProcessInformation.dwProcessId,
-				ProcessInformation.dwProcessId,
+			  ProcessInformation.dwThreadId);
-				ProcessInformation.dwThreadId
+	     CloseHandle(ProcessInformation.hProcess);
-				);
+	     CloseHandle(ProcessInformation.hThread);
-		}
+	  }
-		else
-		{
-			debug_printf(
-				"Could not detach %s\n",
-				name
-				);
-		}
-	}
 	else
-	{
+	  {
-		if (ret)
+	     debug_printf("Could not detach %s\n", name);
-		{
+	  }
-			WaitForSingleObject(
+     }
-				ProcessInformation.hProcess,
+   else
-				INFINITE
+     {
-				);
+	if (ret)
-		}
+	  {
-		CloseHandle(ProcessInformation.hProcess);
+	     	debug_printf("ProcessInformation.hThread %x\n",
-	}
+			     ProcessInformation.hThread);
-	return(ret);
+	     CloseHandle(ProcessInformation.hThread);
+	     WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
+	     CloseHandle(ProcessInformation.hProcess);
+	  }
+     }
+   return(ret);
 }
 
-void
+void ExecuteStart(char* CommandLine)
-ExecuteStart(
-	char	* CommandLine
-	)
 {
 	   char *ImageName = CommandLine;
 

reactos/include/internal/mm.h

@@ -104,6 +104,7 @@ NTSTATUS IoPageRead(PFILE_OBJECT FileObject,
 		    PMDL Mdl,
 		    PLARGE_INTEGER Offset,
 		    PIO_STATUS_BLOCK StatusBlock);
+
 VOID MmBuildMdlFromPages(PMDL Mdl);
 PVOID MmGetMdlPageAddress(PMDL Mdl, PVOID Offset);
 VOID MiShutdownMemoryManager(VOID);

reactos/include/internal/ob.h

@@ -112,5 +112,6 @@ NTSTATUS ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
 		      PWSTR* RemainingPath);
 
 ULONG ObGetReferenceCount(PVOID Object);
+ULONG ObGetHandleCount(PVOID Object);
 
 #endif /* __INCLUDE_INTERNAL_OBJMGR_H */

reactos/include/internal/ps.h

@@ -25,12 +25,13 @@ VOID PsBeginThreadWithContextInternal(VOID);
 VOID PiKillMostProcesses(VOID);
 NTSTATUS STDCALL PiTerminateProcess(PEPROCESS Process, NTSTATUS ExitStatus);
 
-#define THREAD_STATE_INVALID    (0)
+#define THREAD_STATE_INVALID      (0)
-#define THREAD_STATE_RUNNABLE   (1)
+#define THREAD_STATE_RUNNABLE     (1)
-#define THREAD_STATE_RUNNING    (2)
+#define THREAD_STATE_RUNNING      (2)
-#define THREAD_STATE_SUSPENDED  (3)
+#define THREAD_STATE_SUSPENDED    (3)
-#define THREAD_STATE_TERMINATED (4)
+#define THREAD_STATE_TERMINATED_1 (4)
-#define THREAD_STATE_MAX        (5)
+#define THREAD_STATE_TERMINATED_2 (5)
+#define THREAD_STATE_MAX          (6)
      
 /*
  * Functions the HAL must provide
@@ -42,5 +43,6 @@ void HalTaskSwitch(PKTHREAD thread);
 NTSTATUS HalInitTaskWithContext(PETHREAD Thread, PCONTEXT Context);
 NTSTATUS HalReleaseTask(PETHREAD Thread);
 VOID PiDeleteProcess(PVOID ObjectBody);
+VOID PsReapThreads(VOID);
 
 #endif

reactos/ntoskrnl/ke/apc.c

@@ -83,11 +83,15 @@ BOOLEAN KiTestAlert(PKTHREAD Thread,
 
 VOID KeApcProlog2(PKAPC Apc)
 {
+   PKTHREAD Thread;
+   
+   Thread = Apc->Thread;
+   KeLowerIrql(PASSIVE_LEVEL);
    KeApcProlog3(Apc);
-   PsSuspendThread(CONTAINING_RECORD(Apc->Thread,ETHREAD,Tcb),
+   PsSuspendThread(CONTAINING_RECORD(Thread,ETHREAD,Tcb),
 		   NULL,
-		   Apc->Thread->Alertable,
+		   Thread->Alertable,
-		   Apc->Thread->WaitMode);
+		   Thread->WaitMode);
 }
 
 VOID KeApcProlog3(PKAPC Apc)
@@ -96,19 +100,20 @@ VOID KeApcProlog3(PKAPC Apc)
  * a kernel APC
  */
 {
-   
+   PKTHREAD Thread;
    
    DPRINT("KeApcProlog2(Apc %x)\n",Apc);
    KeEnterCriticalRegion();
    Apc->Thread->ApcState.KernelApcInProgress++;
    Apc->Thread->ApcState.KernelApcPending--;
    RemoveEntryList(&Apc->ApcListEntry);
+   Thread = Apc->Thread;
    Apc->KernelRoutine(Apc,
 		      &Apc->NormalRoutine,
 		      &Apc->NormalContext,
 		      &Apc->SystemArgument1,
 		      &Apc->SystemArgument2);
-   Apc->Thread->ApcState.KernelApcInProgress--;
+   Thread->ApcState.KernelApcInProgress--;
    KeLeaveCriticalRegion();   
 }
 

reactos/ntoskrnl/ke/bug.c

@@ -69,7 +69,7 @@ VOID KeBugCheckEx(ULONG BugCheckCode,
    DbgPrint("Bug detected (code %x param %x %x %x %x)\n",BugCheckCode,
 	  BugCheckParameter1,BugCheckParameter2,BugCheckParameter3,
 	  BugCheckParameter4);
-//   PsDumpThreads();
+   PsDumpThreads();
    KeDumpStackFrames(0,64);
    __asm__("cli\n\t");
    for(;;);

reactos/ntoskrnl/ke/dpc.c

@@ -23,8 +23,8 @@
 
 /* GLOBALS ******************************************************************/
 
-static LIST_ENTRY DpcQueueHead={NULL,NULL};
+static LIST_ENTRY DpcQueueHead;
-static KSPIN_LOCK DpcQueueLock={0,};
+static KSPIN_LOCK DpcQueueLock;
 ULONG DpcQueueSize = 0;
 
 /* FUNCTIONS ****************************************************************/
@@ -156,5 +156,6 @@ void KeInitDpc(void)
  */
 {
    InitializeListHead(&DpcQueueHead);
+   KeInitializeSpinLock(&DpcQueueLock);
 }
 

reactos/ntoskrnl/ke/i386/exp.c

@@ -350,7 +350,9 @@ VOID KeDumpStackFrames(ULONG DummyArg, ULONG NrFrames)
 //	if (Stack[i] > KERNEL_BASE && Stack[i] < ((ULONG)&etext))
 	if (Stack[i] > KERNEL_BASE)
 	  {
-	     DbgPrint("%.8x  ",Stack[i]);
+//	     DbgPrint("%.8x  ",Stack[i]);
+	     print_address(Stack[i]);
+	     DbgPrint(" ");
 	  }
 	if (Stack[i] == 0xceafbeef)
 	  {

reactos/ntoskrnl/ke/i386/usercall.c

@@ -1,4 +1,4 @@
-/* $Id: usercall.c,v 1.2 1999/11/24 11:51:51 dwelch Exp $
+/* $Id: usercall.c,v 1.3 1999/12/02 20:53:53 dwelch Exp $
  *
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -101,7 +101,7 @@ void PsBeginThreadWithContextInternal(void);
 
 VOID KiSystemCallHook(ULONG Nr)
 {
-//   DbgPrint("KiSystemCallHook(Nr %d) %d\n", Nr, KeGetCurrentIrql());
+//   DbgPrint("KiSystemCallHook(Nr %d) %x ", Nr, PsGetCurrentProcess());
 //   DbgPrint("SystemCall %x\n", _SystemServiceTable[Nr].Function);
    assert_irql(PASSIVE_LEVEL);
 }

reactos/ntoskrnl/mm/mm.c

@@ -125,23 +125,47 @@ VOID MmInitVirtualMemory(boot_param* bp)
 
 NTSTATUS MmCommitedSectionHandleFault(MEMORY_AREA* MemoryArea, PVOID Address)
 {
+   KIRQL oldIrql;
+   
+   KeAcquireSpinLock(&MiPageFaultLock, &oldIrql);
+   
+   if (MmIsPagePresent(NULL, Address))
+     {
+	KeReleaseSpinLock(&MiPageFaultLock, oldIrql);
+	return(STATUS_SUCCESS);
+     }
+   
    MmSetPage(PsGetCurrentProcess(),
 	     Address,
 	     MemoryArea->Attributes,
 	     (ULONG)MmAllocPage());
+   
+   KeReleaseSpinLock(&MiPageFaultLock, oldIrql);
+   
    return(STATUS_SUCCESS);
 }
 
-NTSTATUS MmSectionHandleFault(MEMORY_AREA* MemoryArea, PVOID Address)
+NTSTATUS MmSectionHandleFault(MEMORY_AREA* MemoryArea, 
+			      PVOID Address)
 {
    LARGE_INTEGER Offset;
    IO_STATUS_BLOCK IoStatus;
    PMDL Mdl;
    PVOID Page;
+   NTSTATUS Status;
+   KIRQL oldIrql;
    
    DPRINT("MmSectionHandleFault(MemoryArea %x, Address %x)\n",
 	  MemoryArea,Address);
-      
+   
+   KeAcquireSpinLock(&MiPageFaultLock, &oldIrql);
+   
+   if (MmIsPagePresent(NULL, Address))
+     {
+	KeReleaseSpinLock(&MiPageFaultLock, oldIrql);
+	return(STATUS_SUCCESS);
+     }
+   
    Offset.QuadPart = (Address - MemoryArea->BaseAddress) + 
      MemoryArea->Data.SectionData.ViewOffset;
    
@@ -156,8 +180,9 @@ NTSTATUS MmSectionHandleFault(MEMORY_AREA* MemoryArea, PVOID Address)
      {
 	ULONG Page;
 	
-	Page = MiTryToSharePageInSection(MemoryArea->Data.SectionData.Section,
+	Page = (ULONG)MiTryToSharePageInSection(
-					 (ULONG)Offset.QuadPart);
+			       MemoryArea->Data.SectionData.Section,
+						(ULONG)Offset.QuadPart);
 	
 	if (Page == 0)
 	  {
@@ -176,16 +201,33 @@ NTSTATUS MmSectionHandleFault(MEMORY_AREA* MemoryArea, PVOID Address)
      
    Page = MmGetMdlPageAddress(Mdl, 0);
    
-   IoPageRead(MemoryArea->Data.SectionData.Section->FileObject,
+   KeReleaseSpinLock(&MiPageFaultLock, oldIrql);
-	      Mdl,
+   
-	      &Offset,
+   Status = IoPageRead(MemoryArea->Data.SectionData.Section->FileObject,
-	      &IoStatus);
+		       Mdl,
+		       &Offset,
+		       &IoStatus);
+   
+   if (!NT_SUCCESS(Status))
+     {
+	return(Status);
+     }
       
+   KeAcquireSpinLock(&MiPageFaultLock, &oldIrql);
+   
+   if (MmIsPagePresent(NULL, Address))
+     {
+	KeReleaseSpinLock(&MiPageFaultLock, oldIrql);
+	return(STATUS_SUCCESS);
+     }
+   
    MmSetPage(NULL,
 	     Address,
 	     MemoryArea->Attributes,
 	     (ULONG)Page);
    
+   KeReleaseSpinLock(&MiPageFaultLock, oldIrql);
+   
    DPRINT("Returning from MmSectionHandleFault()\n");
    
    return(STATUS_SUCCESS);
@@ -199,7 +241,6 @@ asmlinkage int page_fault_handler(unsigned int cs,
 {
    KPROCESSOR_MODE FaultMode;
    MEMORY_AREA* MemoryArea;
-   KIRQL oldlvl;
    NTSTATUS Status;
    unsigned int cr2;
    
@@ -221,10 +262,6 @@ asmlinkage int page_fault_handler(unsigned int cs,
 //	KeBugCheck(0);
      }
    
-   KeRaiseIrql(DISPATCH_LEVEL, &oldlvl);
-   
-   KeAcquireSpinLockAtDpcLevel(&MiPageFaultLock);
-   
    /*
     * Find the memory area for the faulting address
     */
@@ -271,12 +308,6 @@ asmlinkage int page_fault_handler(unsigned int cs,
 	break;
      }
    DPRINT("Completed page fault handling\n");
-   if (NT_SUCCESS(Status))
-     {
-	KeReleaseSpinLockFromDpcLevel(&MiPageFaultLock);
-	KeLowerIrql(oldlvl);
-     }
-//   DbgPrint("%%)");
    return(NT_SUCCESS(Status));
 }
 

reactos/ntoskrnl/mm/npool.c

@@ -81,6 +81,8 @@ ULONG EiNrUsedBlocks = 0;
 static unsigned int alloc_map[ALLOC_MAP_SIZE/32]={0,};
 static KSPIN_LOCK AllocMapLock;
 
+static KSPIN_LOCK MmNpoolLock;
+
 unsigned int EiFreeNonPagedPool = 0;
 unsigned int EiUsedNonPagedPool = 0;
 
@@ -135,6 +137,7 @@ VOID ExInitNonPagedPool(ULONG BaseAddress)
 {
    kernel_pool_base = BaseAddress;
    KeInitializeSpinLock(&AllocMapLock);
+   KeInitializeSpinLock(&MmNpoolLock);
 }
 
 #if 0
@@ -588,11 +591,17 @@ asmlinkage VOID ExFreePool(PVOID block)
  */
 {
    block_hdr* blk=address_to_block(block);
+   KIRQL oldIrql;
+   
    OLD_DPRINT("(%s:%d) freeing block %x\n",__FILE__,__LINE__,blk);
    
    POOL_TRACE("ExFreePool(block %x), size %d, caller %x\n",block,blk->size,
             ((PULONG)&block)[-1]);
    
+   KeAcquireSpinLock(&MmNpoolLock, &oldIrql);
+   
+   memset(block, 0xcc, blk->size);
+   
    VALIDATE_POOL;
    
    if (blk->magic != BLOCK_HDR_MAGIC)
@@ -612,6 +621,8 @@ asmlinkage VOID ExFreePool(PVOID block)
    EiFreeNonPagedPool = EiFreeNonPagedPool + blk->size;   
    
    VALIDATE_POOL;
+   
+   KeReleaseSpinLock(&MmNpoolLock, oldIrql);
 }
 
 PVOID ExAllocateNonPagedPoolWithTag(ULONG type, 
@@ -622,10 +633,13 @@ PVOID ExAllocateNonPagedPoolWithTag(ULONG type,
    block_hdr* current = NULL;
    PVOID block;
    block_hdr* best = NULL;
+   KIRQL oldIrql;
    
    POOL_TRACE("ExAllocatePool(NumberOfBytes %d) caller %x ",
 	      size,Caller);
    
+   KeAcquireSpinLock(&MmNpoolLock, &oldIrql);
+   
 //   DbgPrint("Blocks on free list %d\n",nr_free_blocks);
 //   DbgPrint("Blocks on used list %d\n",eiNrUsedblocks);
 //   OLD_DPRINT("ExAllocateNonPagedPool(type %d, size %d)\n",type,size);
@@ -637,6 +651,7 @@ PVOID ExAllocateNonPagedPoolWithTag(ULONG type,
    if (size==0)
      {
 	POOL_TRACE("= NULL\n");
+	KeReleaseSpinLock(&MmNpoolLock, oldIrql);
 	return(NULL);
      }
    
@@ -666,6 +681,7 @@ PVOID ExAllocateNonPagedPoolWithTag(ULONG type,
 	VALIDATE_POOL;
 	memset(block,0,size);
 	POOL_TRACE("= %x\n",block);
+	KeReleaseSpinLock(&MmNpoolLock, oldIrql);
 	return(block);
      }
 	  
@@ -677,6 +693,7 @@ PVOID ExAllocateNonPagedPoolWithTag(ULONG type,
    VALIDATE_POOL;
    memset(block,0,size);
    POOL_TRACE("= %x\n",block);
+   KeReleaseSpinLock(&MmNpoolLock, oldIrql);
    return(block);
 }
 

reactos/ntoskrnl/nt/port.c

@@ -1,4 +1,4 @@
-/* $Id: port.c,v 1.11 1999/12/01 15:08:31 ekohl Exp $
+/* $Id: port.c,v 1.12 1999/12/02 20:53:54 dwelch Exp $
  * 
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -25,7 +25,7 @@
 #include <string.h>
 #include <internal/string.h>
 
-//#define NDEBUG
+#define NDEBUG
 #include <internal/debug.h>
 
 
@@ -53,6 +53,7 @@ typedef struct _EPORT
    ULONG State;
    KEVENT Event;
    struct _EPORT* OtherPort;
+   struct _EPORT* NamedPort;
    ULONG NumberOfQueuedMessages;
    QUEUED_MESSAGE Msg;
    PEPROCESS ConnectingProcess;
@@ -65,6 +66,41 @@ POBJECT_TYPE ExPortType = NULL;
 
 /* FUNCTIONS *****************************************************************/
 
+VOID NiDeletePort(PVOID ObjectBody)
+{
+}
+
+NTSTATUS NiCreatePort(PVOID ObjectBody,
+		      PVOID Parent,
+		      PWSTR RemainingPath,
+		      POBJECT_ATTRIBUTES ObjectAttributes)
+{
+   NTSTATUS Status;
+   
+   if (RemainingPath == NULL)
+     {
+	return(STATUS_SUCCESS);
+     }
+   
+   if (wcschr(RemainingPath+1, '\\') != NULL)
+     {
+	return(STATUS_UNSUCCESSFUL);
+     }
+   
+   Status = ObReferenceObjectByPointer(Parent,
+				       STANDARD_RIGHTS_REQUIRED,
+				       ObDirectoryType,
+				       UserMode);
+   if (!NT_SUCCESS(Status))
+     {
+	return(Status);
+     }
+   
+   ObAddEntryDirectory(Parent, ObjectBody, RemainingPath+1);
+   ObDereferenceObject(Parent);
+   
+   return(STATUS_SUCCESS);
+}
 
 NTSTATUS NiInitPort(VOID)
 {
@@ -81,11 +117,12 @@ NTSTATUS NiInitPort(VOID)
    ExPortType->Dump = NULL;
    ExPortType->Open = NULL;
    ExPortType->Close = NULL;
-   ExPortType->Delete = NULL;
+   ExPortType->Delete = NiDeletePort;
    ExPortType->Parse = NULL;
    ExPortType->Security = NULL;
    ExPortType->QueryName = NULL;
    ExPortType->OkayToClose = NULL;
+   ExPortType->Create = NiCreatePort;
    
    return(STATUS_SUCCESS);
 }
@@ -94,7 +131,7 @@ static NTSTATUS NiInitializePort(PEPORT Port)
 {
    memset(Port, 0, sizeof(EPORT));
    KeInitializeSpinLock(&Port->Lock);
-   KeInitializeEvent(&Port->Event, NotificationEvent, FALSE);
+   KeInitializeEvent(&Port->Event, SynchronizationEvent, FALSE);
    Port->State = EPORT_INACTIVE;
    Port->OtherPort = NULL;
    Port->NumberOfQueuedMessages = 0;
@@ -111,6 +148,8 @@ NTSTATUS STDCALL NtCreatePort(PHANDLE PortHandle,
    PEPORT Port;
    NTSTATUS Status;
    
+   DPRINT("NtCreaatePort() Name %x\n", ObjectAttributes->ObjectName->Buffer);
+   
    Port = ObCreateObject(PortHandle,
 			 1,      // DesiredAccess
 			 ObjectAttributes,
@@ -160,14 +199,16 @@ NTSTATUS STDCALL NtAcceptConnectPort (IN HANDLE	PortHandle,
 			    1,
 			    NULL,
 			    ExPortType);
+   NiInitializePort(OurPort);
    
    /*
     * Connect the two port
     */
-   OurPort->OtherPort = NamedPort->ConnectingPort;
+   OurPort->OtherPort = NamedPort->ConnectingPort;  
    OurPort->OtherPort->OtherPort = OurPort;
    OurPort->State = EPORT_WAIT_FOR_COMPLETE_SRV;
    OurPort->OtherPort->State = EPORT_WAIT_FOR_COMPLETE_CLT;
+   OurPort->NamedPort = NamedPort;
    
    NamedPort->State = EPORT_INACTIVE;
    NamedPort->ConnectingProcess = NULL;
@@ -204,7 +245,7 @@ NTSTATUS STDCALL NtCompleteConnectPort (HANDLE PortHandle)
    OurPort->State = EPORT_CONNECTED;
    OurPort->OtherPort->State = EPORT_CONNECTED;
    
-   KeSetEvent(&OurPort->OtherPort->Event, IO_NO_INCREMENT, FALSE);
+   KeSetEvent(&OurPort->NamedPort->Event, IO_NO_INCREMENT, FALSE);
    
    return(STATUS_SUCCESS);
 }
@@ -228,6 +269,8 @@ NTSTATUS STDCALL NtConnectPort (OUT	PHANDLE			ConnectedPort,
    PEPORT OurPort;
    HANDLE OurPortHandle;
    
+   DPRINT("NtConnectPort(PortName %w)\n", PortName->Buffer);
+   
    Status = ObReferenceObjectByName(PortName,
 				    0,
 				    NULL,
@@ -238,11 +281,13 @@ NTSTATUS STDCALL NtConnectPort (OUT	PHANDLE			ConnectedPort,
 				    (PVOID*)&NamedPort);
    if (!NT_SUCCESS(Status))
      {
+	DPRINT("Failed to reference named port (status %x)\n", Status);
 	return(Status);
      }
    
    if (NamedPort->State != EPORT_WAIT_FOR_CONNECT)
      {
+	DPRINT("Named port is in the wrong state\n");
 	ObDereferenceObject(NamedPort);
 	return(STATUS_UNSUCCESSFUL);
      }
@@ -255,6 +300,7 @@ NTSTATUS STDCALL NtConnectPort (OUT	PHANDLE			ConnectedPort,
 			    PortAttributes,
 			    ExPortType);
    NiInitializePort(OurPort);
+   OurPort->NamedPort = NamedPort;
    
    /*
     * 
@@ -268,6 +314,8 @@ NTSTATUS STDCALL NtConnectPort (OUT	PHANDLE			ConnectedPort,
     */
    KeSetEvent(&NamedPort->Event, IO_NO_INCREMENT, FALSE);
    
+   DPRINT("Waiting for connection completion\n");
+   
    /*
     * Wait for them to accept our connection
     */
@@ -279,6 +327,8 @@ NTSTATUS STDCALL NtConnectPort (OUT	PHANDLE			ConnectedPort,
    
    *ConnectedPort = OurPortHandle;
    
+   DPRINT("Exited successfully\n");
+   
    return(STATUS_SUCCESS);
 }
 
@@ -378,6 +428,9 @@ NTSTATUS STDCALL NtRequestWaitReplyPort(IN HANDLE PortHandle,
    NTSTATUS Status;
    PEPORT Port;
    
+   DPRINT("NtRequestWaitReplyPort(PortHandle %x, LpcReply %x, "
+	  "LpcMessage %x)\n", PortHandle, LpcReply, LpcMessage);
+   
    Status = ObReferenceObjectByHandle(PortHandle,
 				      1,   /* AccessRequired */
 				      ExPortType,
@@ -389,19 +442,30 @@ NTSTATUS STDCALL NtRequestWaitReplyPort(IN HANDLE PortHandle,
 	return(Status);
      }
    
+   DPRINT("Port %x Port->OtherPort %x Port->OtherPort->OtherPort %x\n",
+	  Port, Port->OtherPort, Port->OtherPort->OtherPort);
+   
    if (LpcMessage != NULL)
      {
+	DPRINT("Copying message onto other port's queue\n");
+	
+	DPRINT("LpcMessage->Length %d\n", LpcMessage->Length);
+	
 	/*
 	 * Put the message on the other port's queue
 	 */
-	Port->Msg.Type = LpcMessage->Type;
+	Port->OtherPort->Msg.Type = LpcMessage->Type;
-	Port->Msg.Length = LpcMessage->Length;
+	Port->OtherPort->Msg.Length = LpcMessage->Length;
-	Port->Msg.Buffer = ExAllocatePool(NonPagedPool, Port->Msg.Length);
+	Port->OtherPort->Msg.Buffer = ExAllocatePool(NonPagedPool, 
-	memcpy(Port->Msg.Buffer, LpcMessage->Buffer, Port->Msg.Length);
+						Port->OtherPort->Msg.Length);
-	Port->Msg.Flags = LpcMessage->Flags;
+	memcpy(Port->OtherPort->Msg.Buffer, LpcMessage->Buffer, 
-	Port->Msg.Sender = PsGetCurrentProcess();
+	       Port->OtherPort->Msg.Length);
-	Port->NumberOfQueuedMessages++;
+	Port->OtherPort->Msg.Flags = LpcMessage->Flags;
-   
+	Port->OtherPort->Msg.Sender = PsGetCurrentProcess();
+	Port->OtherPort->NumberOfQueuedMessages++;
+	
+	DPRINT("Waking other side\n");
+	
 	/*
 	 * Wake up the other side (if it's waiting)
 	 */
@@ -418,6 +482,8 @@ NTSTATUS STDCALL NtRequestWaitReplyPort(IN HANDLE PortHandle,
 	return(STATUS_SUCCESS);
      }
    
+   DPRINT("Wait for other side to reply\n");
+   
    /*
     * Wait the other side to reply to you
     */
@@ -427,19 +493,27 @@ NTSTATUS STDCALL NtRequestWaitReplyPort(IN HANDLE PortHandle,
 			 FALSE,
 			 NULL);
    
+   DPRINT("Copy reply from our port\n");
+   
    /*
     * Copy the received message into the process's address space
     */
-   LpcReply->Length = Port->OtherPort->Msg.Length;
+   DPRINT("LpcReply->Length %d\n", LpcReply->Length);
-   LpcReply->Type = Port->OtherPort->Msg.Type;
+   
-   memcpy(LpcReply->Buffer, Port->OtherPort->Msg.Buffer, LpcReply->Length);
+   LpcReply->Length = Port->Msg.Length;
-   LpcReply->Flags = Port->OtherPort->Msg.Flags;
+   LpcReply->Type = Port->Msg.Type;
+   memcpy(LpcReply->Buffer, Port->Msg.Buffer, LpcReply->Length);
+   LpcReply->Flags = Port->Msg.Flags;
+   
+   DPRINT("Freeing message\n");
    
    /*
     * Deallocate the message and remove it from the other side's queue
     */
-   ExFreePool(Port->OtherPort->Msg.Buffer);
+   ExFreePool(Port->Msg.Buffer);
-   Port->OtherPort->NumberOfQueuedMessages--;
+   Port->NumberOfQueuedMessages--;
+   
+   DPRINT("Finished with success\n");
    
    return(STATUS_SUCCESS);
 }

reactos/ntoskrnl/ntoskrnl.def

@@ -1,10 +1,11 @@
-; $Id: ntoskrnl.def,v 1.30 1999/12/01 15:10:42 ekohl Exp $
+; $Id: ntoskrnl.def,v 1.31 1999/12/02 20:53:52 dwelch Exp $
 ;
 ; reactos/ntoskrnl/ntoskrnl.def
 ;
 ; ReactOS Operating System
 ;
 EXPORTS
+InitializeListHead
 CcInitializeFileCache
 CcRequestCachePage
 CcReleaseCachePage
@@ -69,6 +70,7 @@ ExRaiseStatus
 ExReinitializeResourceLite
 ExReleaseFastMutexUnsafe
 ExReleaseResource
+ExReleaseResourceLite
 ExReleaseResourceForThread
 ExReleaseResourceForThreadLite
 ExSystemTimeToLocalTime

reactos/ntoskrnl/ntoskrnl.edf

@@ -1,10 +1,11 @@
-; $Id: ntoskrnl.edf,v 1.17 1999/12/01 15:10:42 ekohl Exp $
+; $Id: ntoskrnl.edf,v 1.18 1999/12/02 20:53:53 dwelch Exp $
 ;
 ; reactos/ntoskrnl/ntoskrnl.def
 ;
 ; ReactOS Operating System
 ;
 EXPORTS
+InitializeListHead
 CcInitializeFileCache
 CcRequestCachePage
 CcReleaseCachePage
@@ -69,6 +70,7 @@ ExRaiseStatus
 ExReinitializeResourceLite
 ExReleaseFastMutexUnsafe
 ExReleaseResource
+ExReleaseResourceLite
 ExReleaseResourceForThread
 ExReleaseResourceForThreadLite
 ExSystemTimeToLocalTime

reactos/ntoskrnl/ob/handle.c

@@ -1,4 +1,4 @@
-/* $Id: handle.c,v 1.13 1999/11/02 08:55:42 dwelch Exp $
+/* $Id: handle.c,v 1.14 1999/12/02 20:53:54 dwelch Exp $
  *
  * COPYRIGHT:          See COPYING in the top level directory
  * PROJECT:            ReactOS kernel
@@ -442,50 +442,42 @@ ObReferenceObjectByHandle(HANDLE Handle,
  * RETURN VALUE
  * 	Status.
  */
-NTSTATUS
+NTSTATUS STDCALL NtClose(HANDLE Handle)
-STDCALL
-NtClose(HANDLE Handle)
 {
-	PVOID		ObjectBody;
+   PVOID		ObjectBody;
-	POBJECT_HEADER	Header;
+   POBJECT_HEADER	Header;
-	PHANDLE_REP	HandleRep;
+   PHANDLE_REP	HandleRep;
    
-	assert_irql(PASSIVE_LEVEL);
+   assert_irql(PASSIVE_LEVEL);
    
-	DPRINT("NtClose(Handle %x)\n",Handle);
+   DPRINT("NtClose(Handle %x)\n",Handle);
    
-	HandleRep = ObpGetObjectByHandle(
+   HandleRep = ObpGetObjectByHandle(PsGetCurrentProcess(),
-			PsGetCurrentProcess(),
+				    Handle);
-			Handle
+   if (HandleRep == NULL)
-			);
+     {
-	if (HandleRep == NULL)
+	return STATUS_INVALID_HANDLE;
-	{
+     }
-		return STATUS_INVALID_HANDLE;
+   ObjectBody = HandleRep->ObjectBody;
-	}
-	ObjectBody = HandleRep->ObjectBody;
    
-	HandleRep->ObjectBody = NULL;
+   HandleRep->ObjectBody = NULL;
    
-	Header = BODY_TO_HEADER(ObjectBody);
+   Header = BODY_TO_HEADER(ObjectBody);
    
-	Header->RefCount++;
+   Header->RefCount++;
-	Header->HandleCount--;
+   Header->HandleCount--;
    
-	if (	(Header->ObjectType != NULL)
+   if ((Header->ObjectType != NULL) &&
-		&& (Header->ObjectType->Close != NULL)
+       (Header->ObjectType->Close != NULL))
-		)
+     {
-	{
+	Header->ObjectType->Close(ObjectBody, Header->HandleCount);
-		Header->ObjectType->Close(
+     }
-				ObjectBody,
-				Header->HandleCount
-				);
-	}
    
-	Header->RefCount--;
+   Header->RefCount--;
    
-	ObPerformRetentionChecks(Header);
+   ObPerformRetentionChecks(Header);
    
-	return STATUS_SUCCESS;
+   return STATUS_SUCCESS;
 }
 
 

reactos/ntoskrnl/ob/object.c

@@ -27,13 +27,14 @@ VOID ObInitializeObject(POBJECT_HEADER ObjectHeader,
 			POBJECT_TYPE Type,
 			POBJECT_ATTRIBUTES ObjectAttributes)
 {
-   ObjectHeader->HandleCount = 1;
+   ObjectHeader->HandleCount = 0;
    ObjectHeader->RefCount = 1;
    ObjectHeader->ObjectType = Type;
    ObjectHeader->Permanent = FALSE;
    RtlInitUnicodeString(&(ObjectHeader->Name),NULL);
    if (Handle != NULL)
      {
+	ObjectHeader->HandleCount = 1;
 	ObCreateHandle(PsGetCurrentProcess(),
 		       HEADER_TO_BODY(ObjectHeader),
 		       DesiredAccess,
@@ -101,6 +102,7 @@ NTSTATUS ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
 	CurrentHeader = BODY_TO_HEADER(CurrentObject);
 	if (CurrentHeader->ObjectType->Parse == NULL)
 	  {
+	     DPRINT("Current object can't parse\n");
 	     break;
 	  }
 	NextObject = CurrentHeader->ObjectType->Parse(CurrentObject,
@@ -185,8 +187,8 @@ NTSTATUS ObReferenceObjectByPointer(PVOID ObjectBody,
 {
    POBJECT_HEADER ObjectHeader;
 
-   DPRINT("ObReferenceObjectByPointer(ObjectBody %x, ObjectType %x)\n",
+//   DPRINT("ObReferenceObjectByPointer(ObjectBody %x, ObjectType %x)\n",
-	  ObjectBody,ObjectType);
+//	  ObjectBody,ObjectType);
    
    ObjectHeader = BODY_TO_HEADER(ObjectBody);
    
@@ -204,8 +206,8 @@ NTSTATUS ObReferenceObjectByPointer(PVOID ObjectBody,
 
 NTSTATUS ObPerformRetentionChecks(POBJECT_HEADER Header)
 {
-   DPRINT("ObPerformRetentionChecks(Header %x), RefCount %d, HandleCount %d\n",
+//   DPRINT("ObPerformRetentionChecks(Header %x), RefCount %d, HandleCount %d\n",
-	   Header,Header->RefCount,Header->HandleCount);
+//	   Header,Header->RefCount,Header->HandleCount);
    
    if (Header->RefCount <  0 || Header->HandleCount < 0)
      {
@@ -239,6 +241,13 @@ ULONG ObGetReferenceCount(PVOID ObjectBody)
    return(Header->RefCount);
 }
 
+ULONG ObGetHandleCount(PVOID ObjectBody)
+{
+   POBJECT_HEADER Header = BODY_TO_HEADER(ObjectBody);
+   
+   return(Header->HandleCount);
+}
+
 VOID ObDereferenceObject(PVOID ObjectBody)
 /*
  * FUNCTION: Decrements a given object's reference count and performs
@@ -249,8 +258,8 @@ VOID ObDereferenceObject(PVOID ObjectBody)
 {
    POBJECT_HEADER Header = BODY_TO_HEADER(ObjectBody);
    
-   DPRINT("ObDeferenceObject(ObjectBody %x) RefCount %d\n",ObjectBody,
+//   DPRINT("ObDeferenceObject(ObjectBody %x) RefCount %d\n",ObjectBody,
-	  Header->RefCount);
+//	  Header->RefCount);
       
    Header->RefCount--;
    

reactos/ntoskrnl/ps/idle.c

@@ -39,7 +39,7 @@ static NTSTATUS PsIdleThreadMain(PVOID Context)
 	     KeDrainDpcQueue();
 	     KeLowerIrql(oldlvl);
 	  }
-	ZwYieldExecution();
+	NtYieldExecution();
      }
 }
 

reactos/ntoskrnl/ps/kill.c

@@ -16,7 +16,7 @@
 #include <internal/mm.h>
 #include <internal/ob.h>
 
-#define NDEBUG
+//#define NDEBUG
 #include <internal/debug.h>
 
 /* GLOBALS *******************************************************************/
@@ -35,25 +35,24 @@ VOID PsTerminateCurrentThread(NTSTATUS ExitStatus)
    KIRQL oldlvl;
    PETHREAD CurrentThread;
    
-   PiNrThreads--;
+   PiNrRunnableThreads--;
    
    CurrentThread = PsGetCurrentThread();
    
    CurrentThread->ExitStatus = ExitStatus;
    
    DPRINT("terminating %x\n",CurrentThread);
-   ObDereferenceObject(CurrentThread->ThreadsProcess);
-   CurrentThread->ThreadsProcess = NULL;
    KeRaiseIrql(DISPATCH_LEVEL,&oldlvl);
    
-   ObDereferenceObject(CurrentThread);
    DPRINT("ObGetReferenceCount(CurrentThread) %d\n",
 	  ObGetReferenceCount(CurrentThread));
+   DPRINT("ObGetHandleCount(CurrentThread) %x\n",
+	  ObGetHandleCount(CurrentThread));
    
    CurrentThread->Tcb.DispatcherHeader.SignalState = TRUE;
    KeDispatcherObjectWake(&CurrentThread->Tcb.DispatcherHeader);
    
-   PsDispatchThread(THREAD_STATE_TERMINATED);
+   PsDispatchThread(THREAD_STATE_TERMINATED_1);
    KeBugCheck(0);
 }
 
@@ -65,18 +64,15 @@ VOID PsTerminateOtherThread(PETHREAD Thread, NTSTATUS ExitStatus)
    KIRQL oldIrql;
    
    KeAcquireSpinLock(&PiThreadListLock, &oldIrql);
-   PiNrThreads--;
    if (Thread->Tcb.State == THREAD_STATE_RUNNABLE)
      {
 	PiNrRunnableThreads--;
 	RemoveEntryList(&Thread->Tcb.QueueListEntry);
      }
-   Thread->Tcb.State = THREAD_STATE_TERMINATED;
+   Thread->Tcb.State = THREAD_STATE_TERMINATED_2;
    Thread->Tcb.DispatcherHeader.SignalState = TRUE;
    KeDispatcherObjectWake(&Thread->Tcb.DispatcherHeader);
-   ObDereferenceObject(Thread->ThreadsProcess);
    ObDereferenceObject(Thread);
-   Thread->ThreadsProcess = NULL;
    KeReleaseSpinLock(&PiThreadListLock, oldIrql);
 }
 
@@ -144,7 +140,9 @@ NTSTATUS STDCALL NtTerminateThread(IN	HANDLE		ThreadHandle,
      {
 	return(Status);
      }
-
+   
+   ObDereferenceObject(Thread);
+   
    if (Thread == PsGetCurrentThread())
      {
 	PsTerminateCurrentThread(ExitStatus);

reactos/ntoskrnl/ps/thread.c

@@ -1,4 +1,4 @@
-/* $Id: thread.c,v 1.31 1999/11/24 11:51:53 dwelch Exp $
+/* $Id: thread.c,v 1.32 1999/12/02 20:53:55 dwelch Exp $
  *
  * COPYRIGHT:              See COPYING in the top level directory
  * PROJECT:                ReactOS kernel
@@ -111,31 +111,58 @@ VOID PsBeginThread(PKSTART_ROUTINE StartRoutine, PVOID StartContext)
    KeBugCheck(0);
 }
 
-#if 0
 VOID PsDumpThreads(VOID)
 {
-   KPRIORITY CurrentPriority;
    PLIST_ENTRY current_entry;
    PETHREAD current;
    
-   for (CurrentPriority = THREAD_PRIORITY_TIME_CRITICAL; 
+   current_entry = PiThreadListHead.Flink;
-	(CurrentPriority >= THREAD_PRIORITY_IDLE);
-	CurrentPriority--)
-     {
-	current_entry = PriorityListHead[THREAD_PRIORITY_MAX + CurrentPriority].Flink;
 	
-	while (current_entry != &PriorityListHead[THREAD_PRIORITY_MAX+CurrentPriority])
+   while (current_entry != &PiThreadListHead)
-	  {
+     {
-	     current = CONTAINING_RECORD(current_entry, ETHREAD, Tcb.Entry);
+	current = CONTAINING_RECORD(current_entry, ETHREAD, 
-	     
+				    Tcb.ThreadListEntry);
-	     DPRINT("%d: current %x current->Tcb.State %d\n",
+	
-		    CurrentPriority, current, current->Tcb.State);
+	DPRINT1("current %x current->Tcb.State %d eip %x ",
-	     
+		current, current->Tcb.State,
-	     current_entry = current_entry->Flink;
+		current->Tcb.Context.eip);
-	  }
+//	KeDumpStackFrames(0, 16);
+	DPRINT1("PID %d ", current->ThreadsProcess->UniqueProcessId);
+	DPRINT1("\n");
+	
+	current_entry = current_entry->Flink;
      }
 }
-#endif
+
+VOID PsReapThreads(VOID)
+{
+   PLIST_ENTRY current_entry;
+   PETHREAD current;
+   KIRQL oldIrql;
+   
+//   DPRINT1("PsReapThreads()\n");
+   
+   KeAcquireSpinLock(&PiThreadListLock, &oldIrql);
+   
+   current_entry = PiThreadListHead.Flink;
+   
+   while (current_entry != &PiThreadListHead)
+     {
+	current = CONTAINING_RECORD(current_entry, ETHREAD, 
+				    Tcb.ThreadListEntry);
+	
+	current_entry = current_entry->Flink;
+	
+	if (current->Tcb.State == THREAD_STATE_TERMINATED_1)
+	  {
+	     DPRINT("Reaping thread %x\n", current);
+	     current->Tcb.State = THREAD_STATE_TERMINATED_2;
+	     ObDereferenceObject(current);
+	  }
+     }
+   
+   KeReleaseSpinLock(&PiThreadListLock, oldIrql);
+}
 
 static PETHREAD PsScanThreadList (KPRIORITY Priority)
 {
@@ -197,6 +224,7 @@ static VOID PsDispatchThreadNoLock (ULONG NewThreadStatus)
 	     
 	     KeReleaseSpinLockFromDpcLevel(&PiThreadListLock);
 	     HalTaskSwitch(&CurrentThread->Tcb);
+	     PsReapThreads();
 	     return;
 	  }
      }
@@ -293,6 +321,7 @@ NTSTATUS PsInitializeThread(HANDLE			ProcessHandle,
    InsertTailList(&PiThreadListHead, &Thread->Tcb.ThreadListEntry);
    
    ObDereferenceObject(Thread->ThreadsProcess);
+   ObDereferenceObject(Thread);
    return(STATUS_SUCCESS);
 }
 
@@ -335,6 +364,8 @@ ULONG PsSuspendThread(PETHREAD Thread,
    ULONG r;
    KIRQL oldIrql;
    
+   assert_irql(PASSIVE_LEVEL);
+   
    DPRINT("PsSuspendThread(Thread %x)\n",Thread);
    DPRINT("Thread->Tcb.BasePriority %d\n", Thread->Tcb.BasePriority);
    DPRINT("Thread->Tcb.SuspendCount %d\n",Thread->Tcb.SuspendCount);
@@ -382,11 +413,23 @@ ULONG PsSuspendThread(PETHREAD Thread,
 
 VOID PiDeleteThread(PVOID ObjectBody)
 {
-   DbgPrint("PiDeleteThread(ObjectBody %x)\n",ObjectBody);
+   DPRINT("PiDeleteThread(ObjectBody %x)\n",ObjectBody);
    
+   ObDereferenceObject(((PETHREAD)ObjectBody)->ThreadsProcess);
+   ((PETHREAD)ObjectBody)->ThreadsProcess = NULL;
+   PiNrThreads--;
+   RemoveEntryList(&((PETHREAD)ObjectBody)->Tcb.ThreadListEntry);
    HalReleaseTask((PETHREAD)ObjectBody);
 }
 
+VOID PiCloseThread(PVOID ObjectBody, ULONG HandleCount)
+{
+   DPRINT("PiCloseThread(ObjectBody %x)\n", ObjectBody);
+   DPRINT("ObGetReferenceCount(ObjectBody) %d "
+	   "ObGetHandleCount(ObjectBody) %d\n",
+	   ObGetReferenceCount(ObjectBody),
+	   ObGetHandleCount(ObjectBody));
+}
 
 VOID PsInitThreadManagment(VOID)
 /*
@@ -418,7 +461,7 @@ VOID PsInitThreadManagment(VOID)
    PsThreadType->NonpagedPoolCharge = sizeof(ETHREAD);
    PsThreadType->Dump = NULL;
    PsThreadType->Open = NULL;
-   PsThreadType->Close = NULL;
+   PsThreadType->Close = PiCloseThread;
    PsThreadType->Delete = PiDeleteThread;
    PsThreadType->Parse = NULL;
    PsThreadType->Security = NULL;
@@ -541,18 +584,14 @@ PsCreateTeb (HANDLE ProcessHandle,
 }
 
 
-NTSTATUS
+NTSTATUS STDCALL NtCreateThread (PHANDLE			ThreadHandle,
-STDCALL
+				 ACCESS_MASK		DesiredAccess,
-NtCreateThread (
+				 POBJECT_ATTRIBUTES	ObjectAttributes,
-	PHANDLE			ThreadHandle,
+				 HANDLE			ProcessHandle,
-	ACCESS_MASK		DesiredAccess,
+				 PCLIENT_ID		Client,
-	POBJECT_ATTRIBUTES	ObjectAttributes,
+				 PCONTEXT		ThreadContext,
-	HANDLE			ProcessHandle,
+				 PINITIAL_TEB		InitialTeb,
-	PCLIENT_ID		Client,
+				 BOOLEAN CreateSuspended)
-	PCONTEXT		ThreadContext,
-	PINITIAL_TEB		InitialTeb,
-	BOOLEAN			CreateSuspended
-	)
 {
    PETHREAD Thread;
    PNT_TEB  TebBase;
@@ -598,6 +637,9 @@ NtCreateThread (
         DPRINT("Not creating suspended\n");
 	PsResumeThread(Thread, NULL);
      }
+   DPRINT("Thread %x\n", Thread);
+   DPRINT("ObGetReferenceCount(Thread) %d ObGetHandleCount(Thread) %x\n",
+	  ObGetReferenceCount(Thread), ObGetHandleCount(Thread));
    DPRINT("Finished PsCreateThread()\n");
    return(STATUS_SUCCESS);
 }