Re: [ros-dev] win2k poroblem

Hi, I get this again. I'm using cmd as login shell and starting the explorer. I get hundreds of lines like this: (ex/handle.c:721) Looking up invalid handle 0xffffffff Frames: <ntoskrnl.exe:26efd (ex/handle.c:722 (ExpLookupHandleTableEntry))> <ntoskrnl.exe:27576 (ex/handle.c:915 (ExMapHandleToPointer))> <ntoskrnl.exe:748d8 (ps/cid.c:106 (PsLookupCidHandle))> <ntoskrnl.exe:7c497 (ps/process.c:2709 (PsLookupProcessByProcessId))> <win32k.sys:464d6 (objects/gdiobj.c:1219 (GDIOBJ_SetOwnership))> <win32k.sys:6840 (eng/surface.c:466 (EngDeleteSurface))> <win32k.sys:52d16 (objects/text.c:1922 (NtGdiExtTextOut))> <ntoskrnl.exe:3fb2 (D:\DOKUME~1\hb\LOKALE~1\Temp/ccUVaaaa.s:178 (KiSystemService))> <gdi32.dll:9c22 (objects/text.c:272 (ExtTextOutW))> The starting point does change but GDIOBJ_SetOwnership and later are always the same. I attach my changes in ntoskrnl. I think that the changes in ob/handle.c are not relevant. It is the smp build on my smp machine. - Hartmut Filip Navara schrieb: M:\Sandbox\ros_work\reactos>set SVN_EDITOR=notepad M:\Sandbox\ros_work\reactos>d:\programme\subversion\bin\svn.exe diff ntoskrnl\ob\handle.c ntoskrnl\ex\handle.c Index: ntoskrnl/ob/handle.c =================================================================== --- ntoskrnl/ob/handle.c (revision 14161) +++ ntoskrnl/ob/handle.c (working copy) @@ -160,6 +160,7 @@ POBJECT_HEADER ObjectHeader; LONG ExTargetHandle; LONG ExSourceHandle = HANDLE_TO_EX_HANDLE(SourceHandle); + ULONG NewHandleCount; PAGED_CODE(); @@ -194,8 +195,8 @@ 1 here, we're in big trouble... it would've been safe to increment and check the handle count without using interlocked functions because the entry is locked, which means the handle count can't change. */ - InterlockedIncrement(&ObjectHeader->HandleCount); - ASSERT(ObjectHeader->HandleCount >= 2); + NewHandleCount = InterlockedIncrement(&ObjectHeader->HandleCount); + ASSERT(NewHandleCount >= 2); ExUnlockHandleTableEntry(SourceProcess->ObjectTable, SourceHandleEntry); @@ -323,7 +324,8 @@ } /* Check for magic handle first */ - if (SourceHandle == NtCurrentThread()) + if (SourceHandle == NtCurrentThread() || + SourceHandle == NtCurrentProcess()) { PVOID ObjectBody; @@ -425,10 +427,7 @@ ObjectHeader = EX_HTE_TO_HDR(HandleTableEntry); if(InterlockedIncrement(&ObjectHeader->HandleCount) == 1) { - ObReferenceObjectByPointer(HEADER_TO_BODY(ObjectHeader), - 0, - NULL, - UserMode); + ObReferenceObject(HEADER_TO_BODY(ObjectHeader)); } } @@ -555,10 +554,7 @@ { if(InterlockedIncrement(&ObjectHeader->HandleCount) == 1) { - ObReferenceObjectByPointer(ObjectBody, - 0, - NULL, - UserMode); + ObReferenceObject(ObjectBody); } *HandleReturn = EX_HANDLE_TO_HANDLE(ExHandle); @@ -740,6 +736,7 @@ HandleEntry); KeLeaveCriticalRegion(); + ObDereferenceObject(ObjectBody); return(STATUS_OBJECT_TYPE_MISMATCH); } @@ -756,6 +753,7 @@ if (!(GrantedAccess & DesiredAccess) && !((~GrantedAccess) & DesiredAccess)) { + ObDereferenceObject(ObjectBody); CHECKPOINT; return(STATUS_ACCESS_DENIED); } Index: ntoskrnl/ex/handle.c =================================================================== --- ntoskrnl/ex/handle.c (revision 14161) +++ ntoskrnl/ex/handle.c (working copy) @@ -718,7 +718,9 @@ } else { - DPRINT("Looking up invalid handle 0x%x\n", Handle); + DPRINT1("Looking up invalid handle 0x%x\n", Handle); + KeRosDumpStackFrames(NULL, 15); + } return Entry;