Author: hbelusca Date: Thu Dec 6 22:24:27 2012 New Revision: 57809
URL: http://svn.reactos.org/svn/reactos?rev=57809&view=rev Log: [NTDLL/CSRSRV] Re-fix part of the capture-buffer offset setting, based on what I understood from all my previous investigations. It reverts a little part of r57673 but fixing some existing bugs there.
Modified: branches/ros-csrss/dll/ntdll/csr/connect.c branches/ros-csrss/subsystems/win32/csrsrv/api.c
Modified: branches/ros-csrss/dll/ntdll/csr/connect.c URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/dll/ntdll/csr/connect.... ============================================================================== --- branches/ros-csrss/dll/ntdll/csr/connect.c [iso-8859-1] (original) +++ branches/ros-csrss/dll/ntdll/csr/connect.c [iso-8859-1] Thu Dec 6 22:24:27 2012 @@ -51,7 +51,8 @@ IN ULONG DataLength) { NTSTATUS Status; - ULONG i; + ULONG PointerCount; + PULONG_PTR OffsetPointer;
/* Fill out the Port Message Header. */ ApiMessage->Header.u2.ZeroInit = 0; @@ -90,13 +91,16 @@ * a server pointer, and each pointer to these message pointers * is converted into an offset. */ - for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i) + PointerCount = CaptureBuffer->PointerCount; + OffsetPointer = CaptureBuffer->PointerOffsetsArray; + while (PointerCount--) { - if (CaptureBuffer->PointerOffsetsArray[i] != 0) + if (*OffsetPointer != 0) { - *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] += CsrPortMemoryDelta; - CaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage; + *(PULONG_PTR)*OffsetPointer += CsrPortMemoryDelta; + *OffsetPointer -= (ULONG_PTR)ApiMessage; } + ++OffsetPointer; } }
@@ -120,13 +124,16 @@ * pointers, and convert back these message server pointers * into client pointers. */ - for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i) + PointerCount = CaptureBuffer->PointerCount; + OffsetPointer = CaptureBuffer->PointerOffsetsArray; + while (PointerCount--) { - if (CaptureBuffer->PointerOffsetsArray[i] != 0) + if (*OffsetPointer != 0) { - CaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage; - *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] -= CsrPortMemoryDelta; + *OffsetPointer += (ULONG_PTR)ApiMessage; + *(PULONG_PTR)*OffsetPointer -= CsrPortMemoryDelta; } + ++OffsetPointer; } }
Modified: branches/ros-csrss/subsystems/win32/csrsrv/api.c URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrsr... ============================================================================== --- branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] (original) +++ branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] Thu Dec 6 22:24:27 2012 @@ -1125,7 +1125,9 @@ PCSR_CAPTURE_BUFFER LocalCaptureBuffer = NULL, RemoteCaptureBuffer = NULL; SIZE_T BufferDistance; ULONG Length = 0; - ULONG i; + ULONG PointerCount; + PULONG_PTR OffsetPointer; + ULONG_PTR CurrentOffset;
/* Use SEH to make sure this is valid */ _SEH2_TRY @@ -1182,19 +1184,23 @@ * All the pointer offsets correspond to pointers which point * to the remote data buffer instead of the local one. */ - for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i) - { - if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0) - { - /* Temporarily transform the offset into a pointer */ - RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage; + PointerCount = RemoteCaptureBuffer->PointerCount; + OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray; + while (PointerCount--) + { + CurrentOffset = *OffsetPointer; + + if (CurrentOffset != 0) + { + /* Get the pointer corresponding to the offset */ + CurrentOffset += (ULONG_PTR)ApiMessage;
/* Validate the bounds of the current pointed pointer */ - if ((*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] >= CsrThread->Process->ClientViewBase) && - (*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] < CsrThread->Process->ClientViewBounds)) + if ((*(PULONG_PTR)CurrentOffset >= CsrThread->Process->ClientViewBase) && + (*(PULONG_PTR)CurrentOffset < CsrThread->Process->ClientViewBounds)) { /* Modify the pointed pointer to take into account its new position */ - *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] += BufferDistance; + *(PULONG_PTR)CurrentOffset += BufferDistance; } else { @@ -1203,10 +1209,9 @@ DbgBreakPoint(); ApiMessage->Status = STATUS_INVALID_PARAMETER; } - - /* Transform back into an offset */ - RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage; - } + } + + ++OffsetPointer; }
/* Check if we got success */ @@ -1249,7 +1254,9 @@ { PCSR_CAPTURE_BUFFER RemoteCaptureBuffer, LocalCaptureBuffer; SIZE_T BufferDistance; - ULONG i; + ULONG PointerCount; + PULONG_PTR OffsetPointer; + ULONG_PTR CurrentOffset;
/* Get the remote capture buffer */ RemoteCaptureBuffer = ApiMessage->CsrCaptureData; @@ -1272,19 +1279,22 @@ * to the local data buffer instead of the remote one (revert * the logic of CsrCaptureArguments). */ - for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i) - { - if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0) - { - /* Temporarily transform the offset into a pointer */ - RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage; + PointerCount = RemoteCaptureBuffer->PointerCount; + OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray; + while (PointerCount--) + { + CurrentOffset = *OffsetPointer; + + if (CurrentOffset != 0) + { + /* Get the pointer corresponding to the offset */ + CurrentOffset += (ULONG_PTR)ApiMessage;
/* Modify the pointed pointer to take into account its new position */ - *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] -= BufferDistance; - - /* Transform back into an offset */ - RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage; - } + *(PULONG_PTR)CurrentOffset -= BufferDistance; + } + + ++OffsetPointer; }
/* Copy the data back */ @@ -1328,7 +1338,8 @@ { PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData; SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage; - ULONG i; + ULONG PointerCount; + PULONG_PTR OffsetPointer;
/* * Check whether we have a valid buffer pointer, elements @@ -1364,16 +1375,20 @@ if ((CaptureBuffer->Size - (ULONG_PTR)*Buffer + (ULONG_PTR)CaptureBuffer) >= (ElementCount * ElementSize)) { - for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i) + /* Perform the validation test */ + PointerCount = CaptureBuffer->PointerCount; + OffsetPointer = CaptureBuffer->PointerOffsetsArray; + while (PointerCount--) { /* * The pointer offset must be equal to the delta between * the addresses of the buffer and of the API message. */ - if (CaptureBuffer->PointerOffsetsArray[i] == BufferDistance) + if (*OffsetPointer == BufferDistance) { return TRUE; } + ++OffsetPointer; } } }