On a x86 system aligning the return length pointer to a 4-byte boundary
works best since pointers in general are 4-byte aligned for x86 systems.
However, what happens on a AMD64 system is that we still align this pointer
to 4-byte, ObjectTypeInfo is a 8-byte pointer and we might write into
the return length past the 4-byte boundary.
If one were to allocate a pool of memory with that length and query all
the object types info and free the said pool of memory thereafter, the
system will crash with BAD_POOL_HEADER because ObQueryTypeInfo overwrote
the return length past the 4-byte boundary length therefore leading up with
corrupted memory blocks in the pool header.
This symptom of BAD_POOL_HEADER happens exactly the same in Windows Server
2003 x64 Edition. Newer versions of Windows like 10 aren't affected.
But, Windows has another bug where they are using MaximumLength for the
calculation of the needed length to be returned to caller. MaximumLength
does not guarantee you that it includes the NULL-terminator in the length
and that potentially leads to a buffer overrun.
Also annotate the ObQueryTypeInfo function with SAL2.
https://processhacker.sourceforge.io/doc/object_8c_source.html (read the
comment in KphObjectTypeInformation).
- Flush Map registers once the DMA completes
- Free Map registers once the DMA completes
- Add support for SGL allocated from NonPagedPool
Test:
Force Allocations of SGL from Non Paged Pool and ensure OS boots and functions properly
Test Logs:
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
DHCPCSVC: Adapter Name: [{7cd69ac0-dabb-410a-b927-cb3961d174da}] (dynamic)
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
WARNING: HalCalculateScatterGatherListSize at hal\halx86\generic\dma.c:1168 is UNIMPLEMENTED!
SpiAdapterControlFORCING ALLOCATION FROM SGPOOL
SpiAdapterControlFORCING ALLOCATION FROM SGPOO
Second parameter is optional, so mark it as such and check whether it was passed. Fixes a sporadic 0x24 bugcheck caused by access violation when running ReactOS on NTFS volume with WinXP ntfs.sys.
Currently, LDEVOBJ_bUnloadImage always returns FALSE due to missing functionality in ntoskrnl.
LDEVOBJ_vFreeLDEV contains an assert that driver is correctly unloaded before freeing it.
Prevent this assert by calling LDEVOBJ_vFreeLDEV only if LDEVOBJ_bUnloadImage succeed.
This can be easily triggered if DrvEnableDriver function (called in LDEVOBJ_bEnableDriver) fails.
Finally handlers are - unlike except blocks - not part of the function they are in, but separate functions, which are called during unwind. PSEH implements them on GCC using nested functions. While "return" from a finally handler is allowed with native SEH, it's handled by the compiler through an extra unwinding operation using _local_unwind, WHICH IS NOT SUPPORTED BY PSEH! With PSEH, returning from a finally handler does not return from the function, instead it will only return from the finally handler and the function will continue below the finally handler as if there was no return at all. To fix this, the return is removed and an additional success check is added.
Also use _SEH_VOLATILE to make sure the variable assignment is not optimized away by the compiler and add zero out the result parameters on error.
... that would otherwise cause a debugger re-entry.
Also use KdbPuts/Printf instead of KdpDprintf that won't be available
once KDBG is moved out of it.
... since the original ones are internal to the kernel and won't be
available once KDBG is moved out of it.
Use these functions in the pager/prompt support.
The changes of this PR are on EDIT controls.
- Delete composition_len and composition_start members.
- Add EDIT_ImmSetCompositionWindow helper function.
- At EDIT_SetCaretPos, set the position of the composition window.
- We don't use internal composition string. Rely on the composition window.
- Improve WM_IME_STARTCOMPOSITION, WM_IME_COMPOSITION and WM_IME_ENDCOMPOSITION message handling.
CORE-11700
Provide graceful handling of RegCreateKeyExW when lpSecurityAttributes->nLength is zero.
This reverts commit cc0716b65 (SVN r24491).
JIRA issue: CORE-15471
- Move imageArea code into canvasWindow.
- Delete imgarea.cpp, imgarea.h, and imageArea.
- Add CCanvasWindow::ImageToCanvas and CCanvasWindow::CanvasToImage to convert the coordinates.
- Realize drawing of resizing image area.
CORE-18867
Improve compatibility.
- Rename window class "rundll32_window" as "RunDLL".
- Delete some shell32 codes about this window class.
CORE-13895, CORE-18350
The built string can be:
°°Kernel Debugger: Serial port found: COM1 (Port 0x000003F8) BaudRate 115200°°°°
(with ° representing the \r and \n in the message)
and you can verify that this is more than 80 characters in total.
