- PsKillMostProcesses must be running in the context of the system process.  
- The thread terminating apc is a special user mode apc.
Modified: trunk/reactos/ntoskrnl/ps/kill.c
Modified: trunk/reactos/ntoskrnl/ps/kill.c
--- trunk/reactos/ntoskrnl/ps/kill.c	2005-07-17 18:27:46 UTC (rev 16625)
+++ trunk/reactos/ntoskrnl/ps/kill.c	2005-07-17 18:34:23 UTC (rev 16626)
@@ -84,6 +84,8 @@

     PLIST_ENTRY current_entry;
     PEPROCESS current;
 

+    ASSERT(PsGetCurrentProcessId() == PsInitialSystemProcess->UniqueProcessId);
+

     /* Acquire the Active Process Lock */
     ExAcquireFastMutex(&PspActiveProcessMutex);
 
@@ -94,8 +96,7 @@

         current = CONTAINING_RECORD(current_entry, EPROCESS, ActiveProcessLinks);
         current_entry = current_entry->Flink;
 

-        if (current->UniqueProcessId != PsInitialSystemProcess->UniqueProcessId &&
-            current->UniqueProcessId != PsGetCurrentProcessId())

+        if (current->UniqueProcessId != PsInitialSystemProcess->UniqueProcessId)

         {
             /* Terminate all the Threads in this Process */
             PspTerminateProcessThreads(current, STATUS_SUCCESS);
@@ -211,6 +212,7 @@

     PEPROCESS CurrentProcess;
     PTERMINATION_PORT TerminationPort;
     PTEB Teb;

+    KIRQL oldIrql;

 
     DPRINT("PspExitThread(ExitStatus %x), Current: 0x%x\n", ExitStatus, PsGetCurrentThread());
 
@@ -321,9 +323,11 @@

     /* If the Processor Control Block's NpxThread points to the current thread
      * unset it.
      */

+    KeRaiseIrql(DISPATCH_LEVEL, &oldIrql);

     InterlockedCompareExchangePointer(&KeGetCurrentPrcb()->NpxThread,
                                       NULL,
                                       (PKPROCESS)CurrentThread);

+    KeLowerIrql(oldIrql);

 
     /* Rundown Mutexes */
     KeRundownThread();
@@ -398,14 +402,14 @@

     /* Allocate the APC */
     Apc = ExAllocatePoolWithTag(NonPagedPool, sizeof(KAPC), TAG_TERMINATE_APC);
 

-    /* Initialize a Kernel Mode APC to Kill the Thread */

+    /* Initialize a User Mode APC to Kill the Thread */

     KeInitializeApc(Apc,
                     &Thread->Tcb,
                     OriginalApcEnvironment,
                     PsExitSpecialApc,
                     NULL,
                     PspExitNormalApc,

-                    KernelMode,

+                    UserMode,

                     (PVOID)ExitStatus);
 
     /* Insert it into the APC Queue */