Author: hbelusca
Date: Thu Dec 6 23:43:31 2012
New Revision: 57810
URL: http://svn.reactos.org/svn/reactos?rev=57810&view=rev
Log:
[CSRSRV/BASESRV/CONSRV/WINSRV]
- Add a useful CHECK_API_MSG_SIZE macro to check whether a server message structure can hold in a CSR_API_MESSAGE structure. These checks are required because LPC will use the generic CSR_API_MESSAGE structure for communicating all the different servers' messages, and thus we avoid possible buffer overflows with this method.
- Effectively use this macro for all the server message structures.
- Remove a hack regarding the maximum data size we can pass through the CSR LPC port.
- Remove the now unused CSRSS_HEADER_SIZE symbol.
Modified:
branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h
branches/ros-csrss/include/reactos/subsys/win/basemsg.h
branches/ros-csrss/include/reactos/subsys/win/conmsg.h
branches/ros-csrss/include/reactos/subsys/win/winmsg.h
branches/ros-csrss/subsystems/win32/csrsrv/api.c
Modified: branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy…
==============================================================================
--- branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h [iso-8859-1] (original)
+++ branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012
@@ -64,6 +64,10 @@
HANDLE ProcessId;
} CSR_CONNECTION_INFO, *PCSR_CONNECTION_INFO;
+// We must have a size at most equal to the maximum acceptable LPC data size.
+C_ASSERT(sizeof(CSR_CONNECTION_INFO) <= LPC_MAX_DATA_LENGTH);
+
+
typedef struct _CSR_IDENTIFY_ALTERTABLE_THREAD
{
CLIENT_ID Cid;
@@ -97,8 +101,6 @@
ULONG_PTR PointerOffsetsArray[ANYSIZE_ARRAY];
} CSR_CAPTURE_BUFFER, *PCSR_CAPTURE_BUFFER;
-/* Keep in sync with definition below. */
-// #define CSRSS_HEADER_SIZE (sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(NTSTATUS))
typedef struct _CSR_API_MESSAGE
{
@@ -117,11 +119,38 @@
CSR_CLIENT_CONNECT CsrClientConnect;
CSR_SET_PRIORITY_CLASS SetPriorityClass;
CSR_IDENTIFY_ALTERTABLE_THREAD IdentifyAlertableThread;
+
+ //
+ // This padding is used to make the CSR_API_MESSAGE structure
+ // large enough to hold full other API_MESSAGE-type structures
+ // used by other servers. These latter structures's sizes must
+ // be checked against the size of CSR_API_MESSAGE by using the
+ // CHECK_API_MSG_SIZE macro defined below.
+ //
+ // This is required because LPC will use this generic structure
+ // for communicating all the different servers' messages, and
+ // thus we avoid possible buffer overflows with this method.
+ // The problems there are, that we have to manually adjust the
+ // size of the padding to hope that all the servers' messaging
+ // structures will hold in it, or, that we have to be careful
+ // to not define too big messaging structures for the servers.
+ //
+ // Finally, the overall message structure size must be at most
+ // equal to the maximum acceptable LPC message size.
+ //
+ ULONG_PTR Padding[35];
} Data;
};
};
} CSR_API_MESSAGE, *PCSR_API_MESSAGE;
+// We must have a size at most equal to the maximum acceptable LPC message size.
+C_ASSERT(sizeof(CSR_API_MESSAGE) <= LPC_MAX_MESSAGE_LENGTH);
+
+// Macro to check that the total size of servers' message structures
+// are at most equal to the size of the CSR_API_MESSAGE structure.
+#define CHECK_API_MSG_SIZE(type) C_ASSERT(sizeof(type) <= sizeof(CSR_API_MESSAGE))
+
#endif // _CSRMSG_H
/* EOF */
Modified: branches/ros-csrss/include/reactos/subsys/win/basemsg.h
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy…
==============================================================================
--- branches/ros-csrss/include/reactos/subsys/win/basemsg.h [iso-8859-1] (original)
+++ branches/ros-csrss/include/reactos/subsys/win/basemsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012
@@ -203,6 +203,9 @@
} Data;
} BASE_API_MESSAGE, *PBASE_API_MESSAGE;
+// Check that a BASE_API_MESSAGE can hold in a CSR_API_MESSAGE.
+CHECK_API_MSG_SIZE(BASE_API_MESSAGE);
+
#endif // _BASEMSG_H
/* EOF */
Modified: branches/ros-csrss/include/reactos/subsys/win/conmsg.h
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy…
==============================================================================
--- branches/ros-csrss/include/reactos/subsys/win/conmsg.h [iso-8859-1] (original)
+++ branches/ros-csrss/include/reactos/subsys/win/conmsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012
@@ -618,6 +618,9 @@
} Data;
} CONSOLE_API_MESSAGE, *PCONSOLE_API_MESSAGE;
+// Check that a CONSOLE_API_MESSAGE can hold in a CSR_API_MESSAGE.
+CHECK_API_MSG_SIZE(CONSOLE_API_MESSAGE);
+
#endif // _CONMSG_H
/* EOF */
Modified: branches/ros-csrss/include/reactos/subsys/win/winmsg.h
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy…
==============================================================================
--- branches/ros-csrss/include/reactos/subsys/win/winmsg.h [iso-8859-1] (original)
+++ branches/ros-csrss/include/reactos/subsys/win/winmsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012
@@ -83,6 +83,9 @@
} Data;
} USER_API_MESSAGE, *PUSER_API_MESSAGE;
+// Check that a USER_API_MESSAGE can hold in a CSR_API_MESSAGE.
+CHECK_API_MSG_SIZE(USER_API_MESSAGE);
+
#endif // _WINMSG_H
/* EOF */
Modified: branches/ros-csrss/subsystems/win32/csrsrv/api.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrs…
==============================================================================
--- branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] (original)
+++ branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] Thu Dec 6 23:43:31 2012
@@ -919,13 +919,13 @@
&CsrApiPortName,
0,
NULL,
- NULL /* FIXME*/);
+ NULL /* FIXME: Use the Security Descriptor */);
/* Create the Port Object */
Status = NtCreatePort(&CsrApiPort,
&ObjectAttributes,
- LPC_MAX_DATA_LENGTH, // HACK: the real value is: sizeof(CSR_CONNECTION_INFO),
- LPC_MAX_MESSAGE_LENGTH, // HACK: the real value is: sizeof(CSR_API_MESSAGE),
+ sizeof(CSR_CONNECTION_INFO),
+ sizeof(CSR_API_MESSAGE),
16 * PAGE_SIZE);
if (NT_SUCCESS(Status))
{
Author: hbelusca
Date: Thu Dec 6 22:24:27 2012
New Revision: 57809
URL: http://svn.reactos.org/svn/reactos?rev=57809&view=rev
Log:
[NTDLL/CSRSRV]
Re-fix part of the capture-buffer offset setting, based on what I understood from all my previous investigations. It reverts a little part of r57673 but fixing some existing bugs there.
Modified:
branches/ros-csrss/dll/ntdll/csr/connect.c
branches/ros-csrss/subsystems/win32/csrsrv/api.c
Modified: branches/ros-csrss/dll/ntdll/csr/connect.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/dll/ntdll/csr/connect…
==============================================================================
--- branches/ros-csrss/dll/ntdll/csr/connect.c [iso-8859-1] (original)
+++ branches/ros-csrss/dll/ntdll/csr/connect.c [iso-8859-1] Thu Dec 6 22:24:27 2012
@@ -51,7 +51,8 @@
IN ULONG DataLength)
{
NTSTATUS Status;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
/* Fill out the Port Message Header. */
ApiMessage->Header.u2.ZeroInit = 0;
@@ -90,13 +91,16 @@
* a server pointer, and each pointer to these message pointers
* is converted into an offset.
*/
- for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+ PointerCount = CaptureBuffer->PointerCount;
+ OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
{
- if (CaptureBuffer->PointerOffsetsArray[i] != 0)
+ if (*OffsetPointer != 0)
{
- *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] += CsrPortMemoryDelta;
- CaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
+ *(PULONG_PTR)*OffsetPointer += CsrPortMemoryDelta;
+ *OffsetPointer -= (ULONG_PTR)ApiMessage;
}
+ ++OffsetPointer;
}
}
@@ -120,13 +124,16 @@
* pointers, and convert back these message server pointers
* into client pointers.
*/
- for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+ PointerCount = CaptureBuffer->PointerCount;
+ OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
{
- if (CaptureBuffer->PointerOffsetsArray[i] != 0)
+ if (*OffsetPointer != 0)
{
- CaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
- *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] -= CsrPortMemoryDelta;
+ *OffsetPointer += (ULONG_PTR)ApiMessage;
+ *(PULONG_PTR)*OffsetPointer -= CsrPortMemoryDelta;
}
+ ++OffsetPointer;
}
}
Modified: branches/ros-csrss/subsystems/win32/csrsrv/api.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrs…
==============================================================================
--- branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] (original)
+++ branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] Thu Dec 6 22:24:27 2012
@@ -1125,7 +1125,9 @@
PCSR_CAPTURE_BUFFER LocalCaptureBuffer = NULL, RemoteCaptureBuffer = NULL;
SIZE_T BufferDistance;
ULONG Length = 0;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
+ ULONG_PTR CurrentOffset;
/* Use SEH to make sure this is valid */
_SEH2_TRY
@@ -1182,19 +1184,23 @@
* All the pointer offsets correspond to pointers which point
* to the remote data buffer instead of the local one.
*/
- for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
- {
- if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
- {
- /* Temporarily transform the offset into a pointer */
- RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+ PointerCount = RemoteCaptureBuffer->PointerCount;
+ OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
+ {
+ CurrentOffset = *OffsetPointer;
+
+ if (CurrentOffset != 0)
+ {
+ /* Get the pointer corresponding to the offset */
+ CurrentOffset += (ULONG_PTR)ApiMessage;
/* Validate the bounds of the current pointed pointer */
- if ((*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] >= CsrThread->Process->ClientViewBase) &&
- (*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] < CsrThread->Process->ClientViewBounds))
+ if ((*(PULONG_PTR)CurrentOffset >= CsrThread->Process->ClientViewBase) &&
+ (*(PULONG_PTR)CurrentOffset < CsrThread->Process->ClientViewBounds))
{
/* Modify the pointed pointer to take into account its new position */
- *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] += BufferDistance;
+ *(PULONG_PTR)CurrentOffset += BufferDistance;
}
else
{
@@ -1203,10 +1209,9 @@
DbgBreakPoint();
ApiMessage->Status = STATUS_INVALID_PARAMETER;
}
-
- /* Transform back into an offset */
- RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
- }
+ }
+
+ ++OffsetPointer;
}
/* Check if we got success */
@@ -1249,7 +1254,9 @@
{
PCSR_CAPTURE_BUFFER RemoteCaptureBuffer, LocalCaptureBuffer;
SIZE_T BufferDistance;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
+ ULONG_PTR CurrentOffset;
/* Get the remote capture buffer */
RemoteCaptureBuffer = ApiMessage->CsrCaptureData;
@@ -1272,19 +1279,22 @@
* to the local data buffer instead of the remote one (revert
* the logic of CsrCaptureArguments).
*/
- for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
- {
- if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
- {
- /* Temporarily transform the offset into a pointer */
- RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+ PointerCount = RemoteCaptureBuffer->PointerCount;
+ OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
+ {
+ CurrentOffset = *OffsetPointer;
+
+ if (CurrentOffset != 0)
+ {
+ /* Get the pointer corresponding to the offset */
+ CurrentOffset += (ULONG_PTR)ApiMessage;
/* Modify the pointed pointer to take into account its new position */
- *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] -= BufferDistance;
-
- /* Transform back into an offset */
- RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
- }
+ *(PULONG_PTR)CurrentOffset -= BufferDistance;
+ }
+
+ ++OffsetPointer;
}
/* Copy the data back */
@@ -1328,7 +1338,8 @@
{
PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData;
SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
/*
* Check whether we have a valid buffer pointer, elements
@@ -1364,16 +1375,20 @@
if ((CaptureBuffer->Size - (ULONG_PTR)*Buffer + (ULONG_PTR)CaptureBuffer) >=
(ElementCount * ElementSize))
{
- for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+ /* Perform the validation test */
+ PointerCount = CaptureBuffer->PointerCount;
+ OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
{
/*
* The pointer offset must be equal to the delta between
* the addresses of the buffer and of the API message.
*/
- if (CaptureBuffer->PointerOffsetsArray[i] == BufferDistance)
+ if (*OffsetPointer == BufferDistance)
{
return TRUE;
}
+ ++OffsetPointer;
}
}
}
Author: hbelusca
Date: Thu Dec 6 21:52:09 2012
New Revision: 57808
URL: http://svn.reactos.org/svn/reactos?rev=57808&view=rev
Log:
[NTDLL]
Correct some comments.
Modified:
branches/ros-csrss/dll/ntdll/csr/capture.c
Modified: branches/ros-csrss/dll/ntdll/csr/capture.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/dll/ntdll/csr/capture…
==============================================================================
--- branches/ros-csrss/dll/ntdll/csr/capture.c [iso-8859-1] (original)
+++ branches/ros-csrss/dll/ntdll/csr/capture.c [iso-8859-1] Thu Dec 6 21:52:09 2012
@@ -93,7 +93,7 @@
/* Validate size */
if (BufferSize >= MAXLONG) return NULL;
- /* Add the size of the header and for each pointer to the pointers */
+ /* Add the size of the header and for each offset to the pointers */
BufferSize += FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) + (ArgumentCount * sizeof(ULONG_PTR));
/* Align it to a 4-byte boundary */
@@ -107,7 +107,7 @@
CaptureBuffer->Size = BufferSize;
CaptureBuffer->PointerCount = 0;
- /* Initialize all the pointers */
+ /* Initialize all the offsets */
RtlZeroMemory(CaptureBuffer->PointerOffsetsArray,
ArgumentCount * sizeof(ULONG_PTR));
Author: hbelusca
Date: Wed Dec 5 23:21:41 2012
New Revision: 57806
URL: http://svn.reactos.org/svn/reactos?rev=57806&view=rev
Log:
[CSRSRV]
- Comment on the size of some members of the CSR_WAIT_BLOCK structure.
- Initialize the WaitBlock member of CSR_THREAD to a valid value when creating a wait block, and NULLify it when we release a wait block.
- ALWAYS USE offsets in CSR_CAPTURE_BUFFER structure, instead of real pointers !! It is needed when their base address change (eg. during a CSR wait, their base address, corresponding to the address of an CSR API message, change) (found when testing CSR waits with the console).
Modified:
branches/ros-csrss/include/reactos/subsys/csr/csrsrv.h
branches/ros-csrss/subsystems/win32/csrsrv/api.c
branches/ros-csrss/subsystems/win32/csrsrv/wait.c
Modified: branches/ros-csrss/include/reactos/subsys/csr/csrsrv.h
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy…
==============================================================================
--- branches/ros-csrss/include/reactos/subsys/csr/csrsrv.h [iso-8859-1] (original)
+++ branches/ros-csrss/include/reactos/subsys/csr/csrsrv.h [iso-8859-1] Wed Dec 5 23:21:41 2012
@@ -156,13 +156,13 @@
typedef struct _CSR_WAIT_BLOCK
{
- ULONG Size;
+ ULONG Size; // Size of the wait block (variable-sized)
LIST_ENTRY WaitList;
LIST_ENTRY UserWaitList;
PVOID WaitContext;
PCSR_THREAD WaitThread;
CSR_WAIT_FUNCTION WaitFunction;
- CSR_API_MESSAGE WaitApiMessage;
+ CSR_API_MESSAGE WaitApiMessage; // Variable-sized CSR API message
} CSR_WAIT_BLOCK, *PCSR_WAIT_BLOCK;
Modified: branches/ros-csrss/subsystems/win32/csrsrv/api.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrs…
==============================================================================
--- branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] (original)
+++ branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] Wed Dec 5 23:21:41 2012
@@ -504,7 +504,7 @@
if ((ServerDll) && (ServerDll->HardErrorCallback))
{
/* Call it */
- ServerDll->HardErrorCallback(NULL /* CsrThread == NULL */, HardErrorMsg);
+ ServerDll->HardErrorCallback(NULL /* == CsrThread */, HardErrorMsg);
/* If it's handled, get out of here */
if (HardErrorMsg->Response != ResponseNotHandled) break;
@@ -524,6 +524,7 @@
else
{
ReplyMsg = &ReceiveMsg;
+ ReplyPort = CsrApiPort;
}
}
else if (MessageType == LPC_REQUEST)
@@ -1178,20 +1179,21 @@
BufferDistance = (ULONG_PTR)RemoteCaptureBuffer - (ULONG_PTR)LocalCaptureBuffer;
/*
- * Convert all the pointer offsets into real pointers, and make
- * them point to the remote data buffer instead of the local one.
+ * All the pointer offsets correspond to pointers which point
+ * to the remote data buffer instead of the local one.
*/
for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
{
if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
{
+ /* Temporarily transform the offset into a pointer */
RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
- /* Validate the bounds of the current pointer */
+ /* Validate the bounds of the current pointed pointer */
if ((*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] >= CsrThread->Process->ClientViewBase) &&
(*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] < CsrThread->Process->ClientViewBounds))
{
- /* Modify the pointer to take into account its new position */
+ /* Modify the pointed pointer to take into account its new position */
*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] += BufferDistance;
}
else
@@ -1201,19 +1203,22 @@
DbgBreakPoint();
ApiMessage->Status = STATUS_INVALID_PARAMETER;
}
+
+ /* Transform back into an offset */
+ RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
}
}
/* Check if we got success */
if (ApiMessage->Status != STATUS_SUCCESS)
{
- /* Failure. Free the buffer and return*/
+ /* Failure. Free the buffer and return */
RtlFreeHeap(CsrHeap, 0, RemoteCaptureBuffer);
return FALSE;
}
else
{
- /* Success, save the previous buffer */
+ /* Success, save the previous buffer and use the remote capture buffer */
RemoteCaptureBuffer->PreviousCaptureBuffer = LocalCaptureBuffer;
ApiMessage->CsrCaptureData = RemoteCaptureBuffer;
}
@@ -1246,29 +1251,38 @@
SIZE_T BufferDistance;
ULONG i;
- /* Get the capture buffers */
+ /* Get the remote capture buffer */
RemoteCaptureBuffer = ApiMessage->CsrCaptureData;
- LocalCaptureBuffer = RemoteCaptureBuffer->PreviousCaptureBuffer;
/* Do not continue if there is no captured buffer */
if (!RemoteCaptureBuffer) return;
- /* Free the previous one */
+ /* If there is one, get the corresponding local capture buffer */
+ LocalCaptureBuffer = RemoteCaptureBuffer->PreviousCaptureBuffer;
+
+ /* Free the previous one and use again the local capture buffer */
RemoteCaptureBuffer->PreviousCaptureBuffer = NULL;
+ ApiMessage->CsrCaptureData = LocalCaptureBuffer;
/* Calculate the difference between our buffer and the client's */
BufferDistance = (ULONG_PTR)RemoteCaptureBuffer - (ULONG_PTR)LocalCaptureBuffer;
/*
- * Convert back all the pointers into pointer offsets, and make them
- * point to the local data buffer instead of the remote one (revert
+ * All the pointer offsets correspond to pointers which point
+ * to the local data buffer instead of the remote one (revert
* the logic of CsrCaptureArguments).
*/
for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
{
if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
{
+ /* Temporarily transform the offset into a pointer */
+ RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+
+ /* Modify the pointed pointer to take into account its new position */
*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] -= BufferDistance;
+
+ /* Transform back into an offset */
RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
}
}
@@ -1313,7 +1327,7 @@
IN ULONG ElementSize)
{
PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData;
- // SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
+ SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
ULONG i;
/*
@@ -1353,10 +1367,10 @@
for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
{
/*
- * If the pointer offset is in fact equal to the
- * real address of the buffer then it's OK.
+ * The pointer offset must be equal to the delta between
+ * the addresses of the buffer and of the API message.
*/
- if (CaptureBuffer->PointerOffsetsArray[i] == (ULONG_PTR)Buffer /* BufferDistance + (ULONG_PTR)ApiMessage */)
+ if (CaptureBuffer->PointerOffsetsArray[i] == BufferDistance)
{
return TRUE;
}
Modified: branches/ros-csrss/subsystems/win32/csrsrv/wait.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrs…
==============================================================================
--- branches/ros-csrss/subsystems/win32/csrsrv/wait.c [iso-8859-1] (original)
+++ branches/ros-csrss/subsystems/win32/csrsrv/wait.c [iso-8859-1] Wed Dec 5 23:21:41 2012
@@ -73,6 +73,7 @@
/* Initialize it */
WaitBlock->Size = Size;
WaitBlock->WaitThread = CsrWaitThread;
+ CsrWaitThread->WaitBlock = WaitBlock;
WaitBlock->WaitContext = WaitContext;
WaitBlock->WaitFunction = WaitFunction;
WaitBlock->UserWaitList.Flink = NULL;
@@ -242,6 +243,7 @@
if (CsrWaitThread->Flags & CsrThreadTerminated)
{
/* Fail the wait */
+ CsrWaitThread->WaitBlock = NULL;
RtlFreeHeap(CsrHeap, 0, WaitBlock);
CsrReleaseWaitLock();
return FALSE;