From: ion@svn.reactos.com

Remove all non-official LPC structures/defines/hardcoded hacks, and use actual correct sizes and structures.

This breaks a simple boot. ntoskrnl/include/internal/port.h previously defined QUEUEDMESSAGE as:

typedef struct _QUEUEDMESSAGE { PEPORT Sender; LIST_ENTRY QueueListEntry; PORT_MESSAGE Message; UCHAR MessageData [MAX_MESSAGE_DATA]; } QUEUEDMESSAGE, *PQUEUEDMESSAGE;

r17417 removed the MessageData member. Now in ntoskrnl/lpc/reply.c function EiReplyOrRequestPort() line 52:

memcpy(&MessageReply->Message, LpcReply, LpcReply->u1.s1.TotalLength);

writes outside allocated memory (MessageReply is a PQUEUEDMESSAGE, LpcReply->u1.s1.TotalLength is 292). This causes a subsequent ExFreePool to generate a page fault.

Gé van Geldorp.