Move the process object dereference from NtTerminateProcess to PspExitProcess (comments inside). Modified: trunk/reactos/ntoskrnl/ps/kill.c _____ Modified: trunk/reactos/ntoskrnl/ps/kill.c --- trunk/reactos/ntoskrnl/ps/kill.c 2005-03-21 20:11:52 UTC (rev 14256) +++ trunk/reactos/ntoskrnl/ps/kill.c 2005-03-21 21:33:31 UTC (rev 14257) @@ -390,6 +390,10 @@ ObKillProcess(Process); KeSetProcess(&Process->Pcb, IO_NO_INCREMENT); + + /* NOTE: This dereference corresponds to reference in NtTerminateProcess. */ + ObDereferenceObject(Process); + return(STATUS_SUCCESS); } @@ -439,8 +443,13 @@ /* Only master thread remains... kill it off */ if (PsGetCurrentThread()->ThreadsProcess == Process) { - /* Unlock and dereference */ - ObDereferenceObject(Process); + /* + * NOTE: Dereferencing of the Process structure takes place in + * PspExitProcess. If we would do it here the Win32 Process + * information would be destroyed before the Win32 Destroy + * thread/process callback is called. + */ + PspExitThread(ExitStatus); return(STATUS_SUCCESS); }