Hi,

I've done some little changes in usetup for optimisation. One thing is the decompressing of files from a cabinet container. If the destination file exist, it is created with the create disposition FILE_OVERWRITE and without a pointer to the allocation size. If I add an allocation size pointer (cabinet.c.diff), usetup does crash after copying of all files and creating the registry.

(ntoskrnl\ke\exception.c:94) KiRaiseException (ntoskrnl\ke\i386\exp.c:1306) Unhandled UserMode exception, terminating thread Exception: -1160049408(0) Processor: 0 CS:EIP 1b:12000 ????? cr2 66f924 cr3 56a000 Proc: 8094a1f0 Pid: 5c <smss.exe> Thrd: 80954088 Tid: 60 DS 23 ES 23 FS 3b GS 0 EAX: 00012000 EBX: 00000001 ECX: 0066fc18 EDX: 7c90a479 EBP: 0066ff54 ESI: 00000004 ESP: 807ebd64 EDI: 0066fc28 EFLAGS: 00000216 Frames: smss.exe:741b subsys/system/usetup/console.c:660 smss.exe:19c41 subsys/system/usetup/usetup.c:3321 smss.exe:1a65e subsys/system/usetup/usetup.c:3781 <0>

The address of the crash has nothing to do with the decompressing of the install files. If I change IoCreateFile file a little bit, that the allocation size pointer isn't read (file.c.diff), usetup didn't crash. Has someone an idea what is wrong?

- Hartmut

Index: subsys/system/usetup/cabinet.c =================================================================== --- subsys/system/usetup/cabinet.c (Revision 18300) +++ subsys/system/usetup/cabinet.c (Arbeitskopie) @@ -859,6 +859,7 @@ UnicodeString.Buffer = DestName + wcslen( DestName ); UnicodeString.Length = 0; RtlAnsiStringToUnicodeString( &UnicodeString, &AnsiString, FALSE ); + MaxDestFileSize.QuadPart = Search->File->FileSize;

/* Create destination file, fail if it already exists */ RtlInitUnicodeString(&UnicodeString, @@ -884,7 +885,7 @@ 0); if (!NT_SUCCESS(NtStatus)) { - DPRINT("NtCreateFile() failed (%S) (%x).\n", DestName, NtStatus); + DPRINT1("NtCreateFile() failed (%S) (%x).\n", DestName, NtStatus);

/* If file exists, ask to overwrite file */ if (OverwriteHandler == NULL || OverwriteHandler(Search->File, DestName)) @@ -894,7 +895,7 @@ GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE, &ObjectAttributes, &IoStatusBlock, - NULL, + &MaxDestFileSize, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE, @@ -903,7 +904,7 @@ 0); if (!NT_SUCCESS(NtStatus)) { - DPRINT("NtCreateFile() failed 2 (%S) (%x).\n", DestName, NtStatus); + DPRINT1("NtCreateFile() failed 2 (%S) (%x).\n", DestName, NtStatus); return CAB_STATUS_CANNOT_CREATE; } } @@ -913,7 +914,6 @@ return CAB_STATUS_FILE_EXISTS; } } - MaxDestFileSize.QuadPart = Search->File->FileSize; NtStatus = NtCreateSection(&DestFileSection, SECTION_ALL_ACCESS, 0, @@ -964,7 +964,10 @@ } else { +// memcpy(&FileBasic.CreationTime, &FileTime, sizeof(FILETIME)); memcpy(&FileBasic.LastAccessTime, &FileTime, sizeof(FILETIME)); +// memcpy(&FileBasic.LastWriteTime, &FileTime, sizeof(FILETIME)); +// memcpy(&FileBasic.ChangeTime, &FileTime, sizeof(FILETIME)); NtStatus = NtSetInformationFile(DestFile, &IoStatusBlock, @@ -1050,6 +1053,7 @@ Status = CAB_STATUS_SUCCESS; UnmapDestFile: NtUnmapViewOfSection(NtCurrentProcess(), DestFileBuffer); +// NtFlushBuffersFile(DestFile, &IoStatusBlock); CloseDestFileSection: NtClose(DestFileSection); CloseDestFile:

Index: ntoskrnl/io/file.c =================================================================== --- ntoskrnl/io/file.c (Revision 18300) +++ ntoskrnl/io/file.c (Arbeitskopie) @@ -787,7 +787,11 @@ sizeof(ULONG)); if(AllocationSize != NULL) { - SafeAllocationSize = ProbeForReadLargeInteger(AllocationSize); + ProbeForRead(AllocationSize, + sizeof(LARGE_INTEGER), + sizeof(ULONG)); + SafeAllocationSize.QuadPart = 0 /* AllocationSize->QuadPart */; +// SafeAllocationSize = ProbeForReadLargeInteger(AllocationSize); } else SafeAllocationSize.QuadPart = 0;