15 Jun
2019
15 Jun
'19
7:27 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=97d15909142b04f12b95e…
commit 97d15909142b04f12b95ef21b7507a0835eb7741
Author: Mark Jansen <mark.jansen(a)reactos.org>
AuthorDate: Mon Jun 10 19:47:50 2019 +0200
Commit: Mark Jansen <mark.jansen(a)reactos.org>
CommitDate: Sat Jun 15 21:26:41 2019 +0200
[WIN32K] Attach to the target process before unhooking
CORE-16083
---
win32ss/user/ntuser/hook.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/win32ss/user/ntuser/hook.c b/win32ss/user/ntuser/hook.c
index 904b53aa7b1..735578d0eaf 100644
--- a/win32ss/user/ntuser/hook.c
+++ b/win32ss/user/ntuser/hook.c
@@ -1037,12 +1037,15 @@ BOOLEAN
IntRemoveHook(PVOID Object)
{
INT HookId;
- PTHREADINFO ptiHook;
+ PTHREADINFO ptiHook, pti;
PDESKTOP pdo;
PHOOK Hook = Object;
+ BOOL bOtherProcess;
+ NT_ASSERT(UserIsEnteredExclusive());
HookId = Hook->HookId;
+ pti = PsGetCurrentThreadWin32Thread();
if (Hook->ptiHooked) // Local
{
@@ -1053,6 +1056,10 @@ IntRemoveHook(PVOID Object)
if (IsListEmpty(&ptiHook->aphkStart[HOOKID_TO_INDEX(HookId)]))
{
ptiHook->fsHooks &= ~HOOKID_TO_FLAG(HookId);
+ bOtherProcess = (ptiHook->ppi != pti->ppi);
+
+ if (bOtherProcess)
+ KeAttachProcess(&ptiHook->ppi->peProcess->Pcb);
_SEH2_TRY
{
@@ -1064,6 +1071,9 @@ IntRemoveHook(PVOID Object)
(void)0;
}
_SEH2_END;
+
+ if (bOtherProcess)
+ KeDetachProcess();
}
}
else // Global