hbirr@svn.reactos.com wrote:
if (!NT_SUCCESS(Status)){NtClose(hToken);}
This is not correct. If writing back the handle failed, it should not be closed. It actually is a very rare condition if called from user mode, but if called from kernel mode the handle pointer doesn't get probed, so if you call the function and pass it a bad pointer you'll notice that the process will have one additional handle in it's handle table, which actually is the handle created in that function. It's also possible to find that handles using ObFindHandleForObject (if there's only one handle of the requested object type). However, I don't know if windows returns an error code or success in case just writing back the handle failed, i might have to write a test case for this. But if they actually return success we've got a bunch of functions to fix...
Best Regards, Thomas