Thanks to Jim Tabor, Mark Jansen & Thomas Faber
By squashed backmerge of the following commits:
--------------
[NTUSER] Fix Strings and Format to Hooks
Allocate heap instead of data segment to be used for callbacks on user side.
Move and correct initial hook call out setup. Use it in more than one hook call.
This fixes issues with strings out of alignment and use of kernel pointers.
See CORE-13907 and CORE-16769. KsStudio still needs retested.
Small wow update.
cherry picked from commit 0.4.14-dev-1287-g
568b6d0558
--------------
[RTL] Introduce RtlpImageNtHeader,
which implements the required functionality.
ntdll and ntoskrnl now have a wrapper for this, with SEH.
This protects the function against malformed / bad images,
whilst still being able to use the code in freeldr et al.
Idea from Thomas.
CORE-14857
cherry picked from commit 0.4.14-dev-1255-g
177ae91bf6
--------------
[WIN32SS] Form Sanity to Hook Callbacks
Fix WH_CALLWNDPROC/RET data to user hook calls. See CORE-13019 and CORE-13907.
cherry picked from commit 0.4.14-dev-1241-g
915a5764a9
--------------
[USER32] Fix null return.
See CORE-16769.
cherry picked from commit 0.4.14-dev-1240-g
d8add40e89
Both most likely was introduced by activating feature
MiWriteProtectSystemImage() once.
Imho this feature is not stable yet, therefore I disable
it for releases.
Confirmation of reporters will have to be collected after
the commit.
Both problems most likely got visible by 0.4.12-dev-386-g
65dbfc2868
Master remains affected for now.
If no fix will appear during 0.4.14-dev'ing, then I will
commit this to master as well in 3months.
Make "shutdown.bmp" (IDB_SHUTDOWN_MSG: 213x11px) horizontally centered.
This fixes a regression of 0.4.13-dev-961-g
238ea69ca0
Fix cherry picked from commit 0.4.14-dev-546-g
55aed4f8fa
This version (after .rsrc) works different than the
proper version I used for 0.4.12 (after .reloc).
Inserting after .rsrc as actually not correct, but Thomas believes it can
be used as a temporary trick to avoid random memory corruption upon
relocations of the kernel, caused by ROSBE-154.
I follow his advice, although when judging from practical tests only:
as long as we limit this script to NTOSKRNL like I do for releases
there have no negative consequences been observed in real life yet
even with the proper version of 0.4.12.
Up to now those problems have only been observed when used for drivers
MODULE TYPE sdk/cmake/gcc.cmake as well, like
it was tried for a moment in master 0.4.13-dev-609-g
c4d8e2a6e9
Using for drivers immediately did lead to BSODs like CORE-16183 and therefore was
mitigated in master by total disabling of the scripts for both,
kernel and drivers in
0.4.13-dev-621-g
36e9a6f8dd
To allow installing DVDWritenow without BSOD,
we need the script at least for ntoskrnl!
Master remains affected by the BSOD until Thomas allows to commit there as well.
Symptom: stacklog via 'bt' command in gcc+kdbg regressed in certain cases.
This reverts the guilty commit 0.4.13-dev-514-g
3c8f19eb21.
But also reverts 2 tightly related follow-up commits
0.4.13-dev-515-g
04906f2abb
and
0.4.13-dev-516-g
4d5a2dd0f3
We revert only in RC, but master remains affected for now,
the developers aim to fix master by WIP PR#2003 later.
I considered following the bleeding-edge-development being
too risky here. Many unrelated changes in master since then.
which caused images to be loaded up to MmHighestUserAddress,
thus overwriting the shared user page.
This is now fixed by using MM_HIGHEST_VAD_ADDRESS as the margin instead.
This commit allows again to load WIN32K.sys of Win2K3SP2
which regressed by SVN 67793 == git
3565260212
cherry picked from commit 0.4.14-dev-143-g
56da95671c
* [NTOS:INBV] Move typedefs to the only single file where they are used.
* [NTOS:INBV] Refactor code & resources
Remove garbage
* [NTOS:INBV] Reduce fade time and remove wait for animation.
They don't need to have a zeroed-out palette now that we can
automatically reset it from within the code.
Co-authored-by: Yaroslav Kibysh <yanet.prod@gmail.com>
This allows setting the memory protection of the kernel's resource
section as will. MmMakeKernelResourceSectionWritable() is re-implemented
around this helper.
This also makes it necessary to fix a bug in the previous code:
ZwEnumerateKey will not account for space for a null terminator, so to
ensure we have space, we must allocate the additional WCHAR, but not
include it in the buffer size passed to the function.
For MSVC, marking the section as discardable will do this automatically.
For GCC, we use a linker script that places it after the .reloc section
(which should be the last "real" section, check ld --verbose output for the
default linker script).
This fixes what seems to be a regression from r55835 (!).
This allows getting rid of the ?? hack in the kernel but this doesn't
allow enabling LUID device maps as ReactOS can no longer open a
session with them enabled. So, we must remain with device maps at
root
CORE-16114
- MiLocateKernelSections(): Fix the calculation of MiKernelResourceEndPte,
MmPoolCodeEnd and MmPteCodeEnd.
- MmMakeKernelResourceSectionWritable(): Fix PTE looping upper limit;
use MI_MAKE_HARDWARE_PTE_KERNEL to build the updated read-write PTE.
- Introduce the MmMakeKernelResourceSectionWritable() helper for
making the kernel resource memory section writable, and use it
in KeGetBugMessageText(). Indeed, this latter function patches
in place the bugcheck resource message to trim any trailing
newlines before displaying the message on screen.
See also https://github.com/osresearch/uxen/blob/83bad53/dm/introspection-win7.c#L286
that mentions it too.
This fixes bugcheck text display (e.g. the MANUALLY_INITIATED_CRASH one)
when using (at least) MSVC-built ReactOS, avoiding a Page-Fault
exception during the bugcheck.
- Cover KeGetBugMessageText() in SEH since we are accessing kernel
resources that could also be corrupted in bugcheck scenarii, and we
don't want to further bugcheck.
- Fix newline trimming loop.
- KiDoBugCheckCallbacks():
* Wrap the bugcheck CallbackRoutine call in SEH.
* Add a FIXME concerning the need of further memory validation of CurrentRecord.
- Add a FIXME concerning the need to run the bugcheck-reason callbacks
with the KbCallbackReserved1 reason, in KeBugCheckWithTf().
Mentioned in http://blog.ptsecurity.com/2012/06/customizing-blue-screen-of-death.html
