James Tabor wrote:
Okay, this was from ls.bat which is a batch file with "xls -CF %1 %2" in it. The cmd locks up and kdb is started;
(NTDLL:ldr/utils.c:2039) Failed to create or open dll section of '\SystemRoot\sy stem32\winlogon.exe' (Status c0000135) (mm/i386/page.c:283) Pde for 00c00000 - 00ffffff is not freed, RefCount 1 (dispatch.c:166)(dispatch) Select: 0 (dispatch.c:166)(dispatch) Select: 0 (dispatch.c:166)(dispatch) Select: 0 Entered debugger on last-chance exception number 14 (Page Fault) Memory at 0x200068 could not be read: Page not present. kdb:> bt Eip: <ntoskrnl.exe:98ebb (kdbg/kdb_symbols.c:541 (KdbSymFreeProcessSymbols))> Frames: <ntoskrnl.exe:9211a (kdbg/kdb.c:1487 (KdbDeleteProcessHook))> <ntoskrnl.exe:7b9dd (ps/kill.c:163 (PspDeleteProcess))> <ntoskrnl.exe:772a9 (ob/object.c:998 (ObpDeleteObject))> <ntoskrnl.exe:773b5 (ob/object.c:1055 (ObpDeleteObjectDpcLevel))> <ntoskrnl.exe:7757e (ob/object.c:1165 (ObfDereferenceObject))> <ntoskrnl.exe:73b99 (ob/handle.c:78 (ObpDecrementHandleCount))> <ntoskrnl.exe:73fd1 (ob/handle.c:212 (ObpDeleteHandle))> <ntoskrnl.exe:7508c (ob/handle.c:909 (NtClose))> <ntoskrnl.exe:3602 (/tmp/ccLjPSWL.s:180 (KiSystemService))> Entered debugger on last-chance exception number 14 (Page Fault) Memory at 0x200038 could not be read: Page not present. KeBugCheckWithTf at ke/catch.c:217 (ke/process.c:282) Invalid detach (thread was not attached) KeBugCheck at ke/process.c:283 A problem has been detected and ReactOS has been shut down to prevent damage to your computer.
I just looked at KdbpSymFindUserModule() and it's implemented scarily, no serialization and the PEB (user memory) is accessed from kernel mode without any protection...
Thomas