[hbelusca] 57809: [NTDLL/CSRSRV] Re-fix part of the capture-buffer offset setting, based on what I understood from all my previous investigations. It reverts a little part of r57673 but fixing some...
6 Dec
2012
6 Dec
'12
10:24 p.m.
Author: hbelusca
Date: Thu Dec 6 22:24:27 2012
New Revision: 57809
URL: http://svn.reactos.org/svn/reactos?rev=57809&view=rev
Log:
[NTDLL/CSRSRV]
Re-fix part of the capture-buffer offset setting, based on what I understood from all my
previous investigations. It reverts a little part of r57673 but fixing some existing bugs
there.
Modified:
branches/ros-csrss/dll/ntdll/csr/connect.c
branches/ros-csrss/subsystems/win32/csrsrv/api.c
Modified: branches/ros-csrss/dll/ntdll/csr/connect.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-csrss/dll/ntdll/csr/connect…
==============================================================================
--- branches/ros-csrss/dll/ntdll/csr/connect.c [iso-8859-1] (original)
+++ branches/ros-csrss/dll/ntdll/csr/connect.c [iso-8859-1] Thu Dec 6 22:24:27 2012
@@ -51,7 +51,8 @@
IN ULONG DataLength)
{
NTSTATUS Status;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
/* Fill out the Port Message Header. */
ApiMessage->Header.u2.ZeroInit = 0;
@@ -90,13 +91,16 @@
* a server pointer, and each pointer to these message pointers
* is converted into an offset.
*/
- for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+ PointerCount = CaptureBuffer->PointerCount;
+ OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
{
- if (CaptureBuffer->PointerOffsetsArray[i] != 0)
+ if (*OffsetPointer != 0)
{
- *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] +=
CsrPortMemoryDelta;
- CaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
+ *(PULONG_PTR)*OffsetPointer += CsrPortMemoryDelta;
+ *OffsetPointer -= (ULONG_PTR)ApiMessage;
}
+ ++OffsetPointer;
}
}
@@ -120,13 +124,16 @@
* pointers, and convert back these message server pointers
* into client pointers.
*/
- for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+ PointerCount = CaptureBuffer->PointerCount;
+ OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
{
- if (CaptureBuffer->PointerOffsetsArray[i] != 0)
+ if (*OffsetPointer != 0)
{
- CaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
- *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] -=
CsrPortMemoryDelta;
+ *OffsetPointer += (ULONG_PTR)ApiMessage;
+ *(PULONG_PTR)*OffsetPointer -= CsrPortMemoryDelta;
}
+ ++OffsetPointer;
}
}
Modified: branches/ros-csrss/subsystems/win32/csrsrv/api.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrs…
==============================================================================
--- branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] (original)
+++ branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] Thu Dec 6 22:24:27
2012
@@ -1125,7 +1125,9 @@
PCSR_CAPTURE_BUFFER LocalCaptureBuffer = NULL, RemoteCaptureBuffer = NULL;
SIZE_T BufferDistance;
ULONG Length = 0;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
+ ULONG_PTR CurrentOffset;
/* Use SEH to make sure this is valid */
_SEH2_TRY
@@ -1182,19 +1184,23 @@
* All the pointer offsets correspond to pointers which point
* to the remote data buffer instead of the local one.
*/
- for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
- {
- if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
- {
- /* Temporarily transform the offset into a pointer */
- RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+ PointerCount = RemoteCaptureBuffer->PointerCount;
+ OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
+ {
+ CurrentOffset = *OffsetPointer;
+
+ if (CurrentOffset != 0)
+ {
+ /* Get the pointer corresponding to the offset */
+ CurrentOffset += (ULONG_PTR)ApiMessage;
/* Validate the bounds of the current pointed pointer */
- if ((*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] >=
CsrThread->Process->ClientViewBase) &&
- (*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] <
CsrThread->Process->ClientViewBounds))
+ if ((*(PULONG_PTR)CurrentOffset >=
CsrThread->Process->ClientViewBase) &&
+ (*(PULONG_PTR)CurrentOffset <
CsrThread->Process->ClientViewBounds))
{
/* Modify the pointed pointer to take into account its new position */
- *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] +=
BufferDistance;
+ *(PULONG_PTR)CurrentOffset += BufferDistance;
}
else
{
@@ -1203,10 +1209,9 @@
DbgBreakPoint();
ApiMessage->Status = STATUS_INVALID_PARAMETER;
}
-
- /* Transform back into an offset */
- RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
- }
+ }
+
+ ++OffsetPointer;
}
/* Check if we got success */
@@ -1249,7 +1254,9 @@
{
PCSR_CAPTURE_BUFFER RemoteCaptureBuffer, LocalCaptureBuffer;
SIZE_T BufferDistance;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
+ ULONG_PTR CurrentOffset;
/* Get the remote capture buffer */
RemoteCaptureBuffer = ApiMessage->CsrCaptureData;
@@ -1272,19 +1279,22 @@
* to the local data buffer instead of the remote one (revert
* the logic of CsrCaptureArguments).
*/
- for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
- {
- if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
- {
- /* Temporarily transform the offset into a pointer */
- RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+ PointerCount = RemoteCaptureBuffer->PointerCount;
+ OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
+ {
+ CurrentOffset = *OffsetPointer;
+
+ if (CurrentOffset != 0)
+ {
+ /* Get the pointer corresponding to the offset */
+ CurrentOffset += (ULONG_PTR)ApiMessage;
/* Modify the pointed pointer to take into account its new position */
- *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] -=
BufferDistance;
-
- /* Transform back into an offset */
- RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
- }
+ *(PULONG_PTR)CurrentOffset -= BufferDistance;
+ }
+
+ ++OffsetPointer;
}
/* Copy the data back */
@@ -1328,7 +1338,8 @@
{
PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData;
SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
- ULONG i;
+ ULONG PointerCount;
+ PULONG_PTR OffsetPointer;
/*
* Check whether we have a valid buffer pointer, elements
@@ -1364,16 +1375,20 @@
if ((CaptureBuffer->Size - (ULONG_PTR)*Buffer + (ULONG_PTR)CaptureBuffer)
>=
(ElementCount * ElementSize))
{
- for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+ /* Perform the validation test */
+ PointerCount = CaptureBuffer->PointerCount;
+ OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+ while (PointerCount--)
{
/*
* The pointer offset must be equal to the delta between
* the addresses of the buffer and of the API message.
*/
- if (CaptureBuffer->PointerOffsetsArray[i] == BufferDistance)
+ if (*OffsetPointer == BufferDistance)
{
return TRUE;
}
+ ++OffsetPointer;
}
}
}
4356
days inactive
4356
days old
0 comments
1 participants
participants (1)
-
hbelusca@svn.reactos.org