// ntoskrnl/lpc/send.c NtRequestWaitReplyPort(...) { ... if (Callback) { ... } else { ... Thread->LpcReplyMessage = NULL; ... } ... LpcpReplyWait(...); // now Status == STATUS_USER_APC ... Message = Thread->LpcReplyMessage; ... if (Status == STATUS_SUCCESS) { ... } else { ... LpcpFreeToPortZone(Message, TRUE); ... } ... }
// ntoskrnl/lpc/close.c LpcpFreeToPortZone(...) { ... if (!IsListEmpty(&Message->Entry)) // crash { ... } ... }
// ntoskrnl/include/internal/lpc_x.h #define LpcpReplyWait(s, w) \ { \ ... \ Status = KeWaitForSingleObject(...); \ ... \ }
hto@mail.cnt.ru wrote:
// ntoskrnl/lpc/send.c NtRequestWaitReplyPort(...) { ... if (Callback) { ... } else { ... Thread->LpcReplyMessage = NULL; ... } ... LpcpReplyWait(...); // now Status == STATUS_USER_APC ... Message = Thread->LpcReplyMessage; ... if (Status == STATUS_SUCCESS) { ... } else { ... LpcpFreeToPortZone(Message, TRUE); ... } ... }
// ntoskrnl/lpc/close.c LpcpFreeToPortZone(...) { ... if (!IsListEmpty(&Message->Entry)) // crash { ... } ... }
// ntoskrnl/include/internal/lpc_x.h #define LpcpReplyWait(s, w) \ { \ ... \ Status = KeWaitForSingleObject(...); \ ... \ } _______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Being worked on...I'm at CUSEC right now. I have around ~30 bug fixes for LPC to properly reference some objects.
-
Alex Ionescu -
hto@mail.cnt.ru