Hartmut Birr wrote:
The real bug starts here. NtUserToUnicodeEx trys to allocate to much from nonpaged pool. This means cchBuff is to large. The only caller of NtUserToUnicodeEx is ConioProcessKey. ConioProcessKey calls ToUnicodeEx (which calls NtUserToUnicodeEx) with cchBuff = 2. Something is wrong in the paramter translation between real and protected mode.
I set cchBuff = 2 inside of NtUserToUnicodeEx and this fixes the following warnings:
(mm/npool.c:1626) Trying to allocate 3758215216 bytes from nonpaged pool - nothing suitable found, returning NULL (ntuser/keyboard.c:849) ExAllocatePool(-536752086) failed
But the bugcheck still happens. So, I think it is related to
MenuInit(): SystemParametersInfoW(SPI_GETNONCLIENTMETRICS) failed!
Because the bugcheck happens in IntGetMenuObject (in win32k.sys).
Regards, Eric