Author: tkreuzer Date: Wed Feb 13 03:46:23 2008 New Revision: 32336 URL: http://svn.reactos.org/svn/reactos?rev=32336&view=rev Log: Big ntuser fix: - rename ObmXxx functions to UserXxx functions - remove some macros - move prototypes to object.h - implement UserreferenceObjectByHandle creating a reference to the object, used for cursoricon stuff so far - rewrite object manager functions to reasonably handle references - dereference cursoricons correctly, so they will really get deleted -> fixes a cursoricon leak - destroy submenus in NtUserDestroyMenu -> fixes a big menu leak - free the buffer of the menu text -> fixes a mem leak - delete old bitmaps in NtUserSetCursorContent -> fixes a bitmap leak - delete monitor object on failure Now taskmgr doesn't leak memory anymore. we still leak some user handles here and there even after terminating a process, but it's much better now. Modified: trunk/reactos/subsystems/win32/win32k/include/cursoricon.h trunk/reactos/subsystems/win32/win32k/include/menu.h trunk/reactos/subsystems/win32/win32k/include/object.h trunk/reactos/subsystems/win32/win32k/include/userfuncs.h trunk/reactos/subsystems/win32/win32k/main/dllmain.c trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c trunk/reactos/subsystems/win32/win32k/ntuser/hook.c trunk/reactos/subsystems/win32/win32k/ntuser/input.c trunk/reactos/subsystems/win32/win32k/ntuser/menu.c trunk/reactos/subsystems/win32/win32k/ntuser/message.c trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c trunk/reactos/subsystems/win32/win32k/ntuser/object.c trunk/reactos/subsystems/win32/win32k/ntuser/window.c trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c Modified: trunk/reactos/subsystems/win32/win32k/include/cursoricon.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/in… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/cursoricon.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/cursoricon.h Wed Feb 13 03:46:23 2008 @@ -81,7 +81,7 @@ (PSYSTEM_CURSORINFO)((WinStaObj)->SystemCursor) #define IntReleaseCurIconObject(CurIconObj) \ - ObmDereferenceObject(CurIconObj) + UserDereferenceObject(CurIconObj) #endif /* _WIN32K_CURSORICON_H */ Modified: trunk/reactos/subsystems/win32/win32k/include/menu.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/in… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/menu.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/menu.h Wed Feb 13 03:46:23 2008 @@ -47,7 +47,7 @@ IntGetMenuObject(HMENU hMenu); #define IntReleaseMenuObject(MenuObj) \ - ObmDereferenceObject(MenuObj) + UserDereferenceObject(MenuObj) BOOL FASTCALL IntFreeMenuItem(PMENU_OBJECT MenuObject, PMENU_ITEM MenuItem, Modified: trunk/reactos/subsystems/win32/win32k/include/object.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/in… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/object.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/object.h Wed Feb 13 03:46:23 2008 @@ -102,8 +102,20 @@ #undef USER_ASSERT -VOID FASTCALL ObmReferenceObject(PVOID obj); -BOOL FASTCALL ObmDereferenceObject2(PVOID obj); +extern PUSER_HANDLE_TABLE gHandleTable; +VOID FASTCALL UserReferenceObject(PVOID obj); +PVOID FASTCALL UserReferenceObjectByHandle(HANDLE handle, USER_OBJECT_TYPE type); +BOOL FASTCALL UserDereferenceObject(PVOID obj); +PVOID FASTCALL UserCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size); +BOOL FASTCALL UserDeleteObject(HANDLE h, USER_OBJECT_TYPE type ); +PVOID UserGetObject(PUSER_HANDLE_TABLE ht, HANDLE handle, USER_OBJECT_TYPE type ); +HANDLE UserAllocHandle(PUSER_HANDLE_TABLE ht, PVOID object, USER_OBJECT_TYPE type ); +BOOL UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ); +PVOID UserGetNextHandle(PUSER_HANDLE_TABLE ht, HANDLE* handle, USER_OBJECT_TYPE type ); +PUSER_HANDLE_ENTRY handle_to_entry(PUSER_HANDLE_TABLE ht, HANDLE handle ); +BOOL FASTCALL UserCreateHandleTable(); +VOID UserInitHandleTable(PUSER_HANDLE_TABLE ht, PVOID mem, ULONG bytes); + static __inline VOID UserRefObjectCo(PVOID obj, PUSER_REFERENCE_ENTRY UserReferenceEntry) @@ -114,7 +126,7 @@ ASSERT(W32Thread != NULL); ASSERT(UserReferenceEntry != NULL); UserReferenceEntry->obj = obj; - ObmReferenceObject(obj); + UserReferenceObject(obj); PushEntryList(&W32Thread->ReferencesList, &UserReferenceEntry->Entry); } @@ -134,10 +146,10 @@ ASSERT(UserReferenceEntry != NULL); ASSERT(obj == UserReferenceEntry->obj); - ObmDereferenceObject2(obj); + UserDereferenceObject(obj); } -HANDLE FASTCALL ObmObjectToHandle(PVOID obj); +HANDLE FASTCALL UserObjectToHandle(PVOID obj); VOID FASTCALL CreateStockObjects (VOID); VOID FASTCALL CreateSysColorObjects (VOID); Modified: trunk/reactos/subsystems/win32/win32k/include/userfuncs.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/in… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/userfuncs.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/userfuncs.h Wed Feb 13 03:46:23 2008 @@ -6,22 +6,6 @@ PMENU_OBJECT FASTCALL UserGetMenuObject(HMENU hMenu); - - -#if 0 -#define ObmDereferenceObject(_obj_) \ -{ \ - DPRINT1("obj 0x%x dereffed to %i refs\n",_obj_, USER_BODY_TO_HEADER(_obj_)->RefCount-1); \ - ObmDereferenceObject2(_obj_); \ -} - -#endif - -#define ObmDereferenceObject(_obj_) ObmDereferenceObject2(_obj_) - - - - #define ASSERT_REFS_CO(_obj_) \ { \ @@ -56,33 +40,7 @@ #define DUMP_REFS(obj) DPRINT1("obj 0x%x, refs %i\n",obj, USER_BODY_TO_HEADER(obj)->RefCount) - - - -VOID FASTCALL ObmReferenceObject(PVOID obj); -BOOL FASTCALL ObmDereferenceObject2(PVOID obj); - PWINDOW_OBJECT FASTCALL IntGetWindowObject(HWND hWnd); -PVOID FASTCALL -ObmCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size); - -BOOL FASTCALL -ObmDeleteObject(HANDLE h, USER_OBJECT_TYPE type ); - -#define UserRefObject(o) ObmReferenceObject(o) -#define UserDerefObject(o) ObmDereferenceObject(o) -BOOL FASTCALL ObmCreateHandleTable(); - -/******************** HANDLE.C ***************/ - -extern PUSER_HANDLE_TABLE gHandleTable; - -PUSER_HANDLE_ENTRY handle_to_entry(PUSER_HANDLE_TABLE ht, HANDLE handle ); -VOID UserInitHandleTable(PUSER_HANDLE_TABLE ht, PVOID mem, ULONG bytes); -HANDLE UserAllocHandle(PUSER_HANDLE_TABLE ht, PVOID object, USER_OBJECT_TYPE type ); -PVOID UserGetObject(PUSER_HANDLE_TABLE ht, HANDLE handle, USER_OBJECT_TYPE type ); -PVOID UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ); -PVOID UserGetNextHandle(PUSER_HANDLE_TABLE ht, HANDLE* handle, USER_OBJECT_TYPE type ); /*************** WINSTA.C ***************/ Modified: trunk/reactos/subsystems/win32/win32k/main/dllmain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ma… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/main/dllmain.c (original) +++ trunk/reactos/subsystems/win32/win32k/main/dllmain.c Wed Feb 13 03:46:23 2008 @@ -289,7 +289,7 @@ { PUSER_REFERENCE_ENTRY ref = CONTAINING_RECORD(e, USER_REFERENCE_ENTRY, Entry); DPRINT("thread clean: remove reference obj 0x%x\n",ref->obj); - ObmDereferenceObject(ref->obj); + UserDereferenceObject(ref->obj); e = PopEntryList(&Win32Thread->ReferencesList); } Modified: trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c Wed Feb 13 03:46:23 2008 @@ -348,7 +348,7 @@ RETURN( (HACCEL) 0 ); } - Accel = ObmCreateObject(gHandleTable, (PHANDLE)&hAccel, otAccel, sizeof(ACCELERATOR_TABLE)); + Accel = UserCreateObject(gHandleTable, (PHANDLE)&hAccel, otAccel, sizeof(ACCELERATOR_TABLE)); if (Accel == NULL) { @@ -362,7 +362,8 @@ Accel->Table = ExAllocatePoolWithTag(PagedPool, EntriesCount * sizeof(ACCEL), TAG_ACCEL); if (Accel->Table == NULL) { - ObmDeleteObject(hAccel, otAccel); + UserDereferenceObject(Accel); + UserDeleteObject(hAccel, otAccel); SetLastNtError(STATUS_NO_MEMORY); RETURN( (HACCEL) 0); } @@ -371,7 +372,8 @@ if (!NT_SUCCESS(Status)) { ExFreePool(Accel->Table); - ObmDeleteObject(hAccel, otAccel); + UserDereferenceObject(Accel); + UserDeleteObject(hAccel, otAccel); SetLastNtError(Status); RETURN((HACCEL) 0); } @@ -411,12 +413,13 @@ RETURN( FALSE); } - ObmDeleteObject(hAccel, otAccel); - if (Accel->Table != NULL) { ExFreePool(Accel->Table); - } + Accel->Table = NULL; + } + + UserDeleteObject(hAccel, otAccel); RETURN( TRUE); Modified: trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c Wed Feb 13 03:46:23 2008 @@ -39,7 +39,7 @@ GetCallProcHandle(IN PCALLPROC CallProc) { /* FIXME - check for 64 bit architectures... */ - return (WNDPROC)((ULONG_PTR)ObmObjectToHandle(CallProc) | 0xFFFF0000); + return (WNDPROC)((ULONG_PTR)UserObjectToHandle(CallProc) | 0xFFFF0000); } VOID @@ -47,9 +47,9 @@ IN OUT PCALLPROC CallProc) { /* FIXME - use new object manager! */ - HANDLE Handle = ObmObjectToHandle(CallProc); + HANDLE Handle = UserObjectToHandle(CallProc); - ObmDeleteObject(Handle, + UserDeleteObject(Handle, otCallProc); } @@ -61,7 +61,7 @@ HANDLE Handle; /* FIXME - use new object manager! */ - NewCallProc = (PCALLPROC)ObmCreateObject(gHandleTable, + NewCallProc = (PCALLPROC)UserCreateObject(gHandleTable, &Handle, otCallProc, sizeof(CALLPROC)); @@ -87,7 +87,7 @@ HANDLE Handle; /* FIXME - use new object manager! */ - NewCallProc = (PCALLPROC)ObmCreateObject(gHandleTable, + NewCallProc = (PCALLPROC)UserCreateObject(gHandleTable, &Handle, otCallProc, sizeof(CALLPROC)); Modified: trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c Wed Feb 13 03:46:23 2008 @@ -71,7 +71,7 @@ return TRUE; } - +/* This function creates a reference for the object! */ PCURICON_OBJECT FASTCALL UserGetCurIconObject(HCURSOR hCurIcon) { PCURICON_OBJECT CurIcon; @@ -82,7 +82,7 @@ return NULL; } - CurIcon = (PCURICON_OBJECT)UserGetObject(gHandleTable, hCurIcon, otCursorIcon); + CurIcon = (PCURICON_OBJECT)UserReferenceObjectByHandle(hCurIcon, otCursorIcon); if (!CurIcon) { /* we never set ERROR_INVALID_ICON_HANDLE. lets hope noone ever checks for it */ @@ -90,7 +90,7 @@ return NULL; } - ASSERT(USER_BODY_TO_HEADER(CurIcon)->RefCount >= 0); + ASSERT(USER_BODY_TO_HEADER(CurIcon)->RefCount >= 1); return CurIcon; } @@ -151,10 +151,14 @@ if (!NewCursor && (CurInfo->CurrentCursorObject || ForceChange)) { - if (NULL != CurInfo->CurrentCursorObject && CurInfo->ShowingCursor) - { - /* Remove the cursor if it was displayed */ - IntEngMovePointer(SurfObj, -1, -1, &GDIDEV(SurfObj)->Pointer.Exclude); + if (NULL != CurInfo->CurrentCursorObject) + { + UserDereferenceObject(CurInfo->CurrentCursorObject); + if (CurInfo->ShowingCursor) + { + /* Remove the cursor if it was displayed */ + IntEngMovePointer(SurfObj, -1, -1, &GDIDEV(SurfObj)->Pointer.Exclude); + } } GDIDEV(SurfObj)->Pointer.Status = SPS_ACCEPT_NOEXCLUDE; @@ -239,6 +243,7 @@ } CurInfo->ShowingCursor = CURSOR_SHOWING; CurInfo->CurrentCursorObject = NewCursor; + UserReferenceObject(NewCursor); } else { @@ -365,14 +370,14 @@ LIST_FOR_EACH(CurIcon, &gCurIconList, CURICON_OBJECT, ListEntry) { - // if(NT_SUCCESS(ObmReferenceObjectByPointer(Object, otCursorIcon))) //<- huh???? -// ObmReferenceObject( CurIcon); + // if(NT_SUCCESS(UserReferenceObjectByPointer(Object, otCursorIcon))) //<- huh???? +// UserReferenceObject( CurIcon); // { if((CurIcon->hModule == hModule) && (CurIcon->hRsrc == hRsrc)) { if(cx && ((cx != CurIcon->Size.cx) || (cy != CurIcon->Size.cy))) { -// ObmDereferenceObject(CurIcon); +// UserDereferenceObject(CurIcon); continue; } if (! ReferenceCurIconByProcess(CurIcon)) @@ -383,7 +388,7 @@ return CurIcon; } // } -// ObmDereferenceObject(CurIcon); +// UserDereferenceObject(CurIcon); } @@ -396,7 +401,7 @@ PCURICON_OBJECT CurIcon; HANDLE hCurIcon; - CurIcon = ObmCreateObject(gHandleTable, &hCurIcon, otCursorIcon, sizeof(CURICON_OBJECT)); + CurIcon = UserCreateObject(gHandleTable, &hCurIcon, otCursorIcon, sizeof(CURICON_OBJECT)); if(!CurIcon) { @@ -410,14 +415,12 @@ if (! ReferenceCurIconByProcess(CurIcon)) { DPRINT1("Failed to add process\n"); - ObmDeleteObject(hCurIcon, otCursorIcon); - ObmDereferenceObject(CurIcon); + UserDeleteObject(hCurIcon, otCursorIcon); + UserDereferenceObject(CurIcon); return NULL; } InsertHeadList(&gCurIconList, &CurIcon->ListEntry); - - ObmDereferenceObject(CurIcon); return CurIcon; } @@ -484,19 +487,23 @@ bmpMask = CurIcon->IconInfo.hbmMask; bmpColor = CurIcon->IconInfo.hbmColor; - Ret = ObmDeleteObject(CurIcon->Self, otCursorIcon); - /* delete bitmaps */ if(bmpMask) { GDIOBJ_SetOwnership(GdiHandleTable, bmpMask, PsGetCurrentProcess()); NtGdiDeleteObject(bmpMask); + CurIcon->IconInfo.hbmMask = NULL; } if(bmpColor) { GDIOBJ_SetOwnership(GdiHandleTable, bmpColor, PsGetCurrentProcess()); NtGdiDeleteObject(bmpColor); - } + CurIcon->IconInfo.hbmColor = NULL; + } + + /* We were given a pointer, no need to keep the reference anylonger! */ + UserDereferenceObject(CurIcon); + Ret = UserDeleteObject(CurIcon->Self, otCursorIcon); return Ret; } @@ -516,8 +523,8 @@ LIST_FOR_EACH_SAFE(CurIcon, tmp, &gCurIconList, CURICON_OBJECT, ListEntry) { -// ObmReferenceObject(CurIcon); - // if(NT_SUCCESS(ObmReferenceObjectByPointer(Object, otCursorIcon))) +// UserReferenceObject(CurIcon); + // if(NT_SUCCESS(UserReferenceObjectByPointer(Object, otCursorIcon))) { LIST_FOR_EACH(ProcessData, &CurIcon->ProcessList, CURICON_PROCESS, ListEntry) { @@ -529,7 +536,7 @@ } } -// ObmDereferenceObject(Object); +// UserDereferenceObject(Object); } @@ -607,6 +614,7 @@ } } + UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret); @@ -698,6 +706,7 @@ else SetLastNtError(Status); + UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret); @@ -749,6 +758,8 @@ else SetLastNtError(Status); // maybe not, test this + UserDereferenceObject(CurIcon); + cleanup: DPRINT("Leave NtUserGetIconSize, ret=%i\n", bRet); UserLeave(); @@ -950,6 +961,7 @@ } ret = IntDestroyCurIconObject(WinSta, CurIcon, FALSE); + /* Note: IntDestroyCurIconObject will remove our reference for us! */ ObDereferenceObject(WinSta); RETURN(ret); @@ -1099,6 +1111,7 @@ OldCursor = IntSetCursor(WinSta, CurIcon, FALSE); + UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN(OldCursor); @@ -1117,9 +1130,10 @@ STDCALL NtUserSetCursorContents( HANDLE hCurIcon, - PICONINFO IconInfo) + PICONINFO UnsafeIconInfo) { PCURICON_OBJECT CurIcon; + ICONINFO IconInfo; PBITMAPOBJ bmp; PWINSTATION_OBJECT WinSta; NTSTATUS Status; @@ -1142,12 +1156,25 @@ } /* Copy fields */ - Status = MmCopyFromCaller(&CurIcon->IconInfo, IconInfo, sizeof(ICONINFO)); + Status = MmCopyFromCaller(&IconInfo, UnsafeIconInfo, sizeof(ICONINFO)); if(!NT_SUCCESS(Status)) { SetLastNtError(Status); goto done; } + + /* Delete old bitmaps */ + if (CurIcon->IconInfo.hbmColor != IconInfo.hbmColor) + { + NtGdiDeleteObject(CurIcon->IconInfo.hbmColor); + } + if (CurIcon->IconInfo.hbmMask != IconInfo.hbmMask) + { + NtGdiDeleteObject(CurIcon->IconInfo.hbmMask); + } + + /* Copy new IconInfo field */ + CurIcon->IconInfo = IconInfo; bmp = BITMAPOBJ_LockBitmap(CurIcon->IconInfo.hbmColor); if(bmp) @@ -1174,6 +1201,10 @@ done: + if (CurIcon) + { + UserDereferenceObject(CurIcon); + } ObDereferenceObject(WinSta); RETURN( Ret); @@ -1265,6 +1296,7 @@ else Ret = TRUE; + UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret); @@ -1346,6 +1378,7 @@ } done: + UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret); @@ -1764,6 +1797,8 @@ hbrFlickerFreeDraw, diFlags); + UserDereferenceObject(pIcon); + UserLeave(); return Ret; } Modified: trunk/reactos/subsystems/win32/win32k/ntuser/hook.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/hook.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/hook.c Wed Feb 13 03:46:23 2008 @@ -112,7 +112,7 @@ } } - Hook = ObmCreateObject(gHandleTable, &Handle, otHook, sizeof(HOOK)); + Hook = UserCreateObject(gHandleTable, &Handle, otHook, sizeof(HOOK)); if (NULL == Hook) { return NULL; @@ -215,7 +215,7 @@ } /* Close handle */ - ObmDeleteObject(Hook->Self, otHook); + UserDeleteObject(Hook->Self, otHook); } /* remove a hook, freeing it if the chain is not in use */ @@ -441,7 +441,7 @@ RETURN( FALSE); } - //Status = ObmReferenceObjectByHandle(gHandleTable, Hook, + //Status = UserReferenceObjectByHandle(gHandleTable, Hook, // otHookProc, (PVOID *) &HookObj); ObDereferenceObject(WinStaObj); @@ -462,13 +462,13 @@ if (NULL != HookObj->Thread && (HookObj->Thread != PsGetCurrentThread())) { DPRINT1("Thread mismatch\n"); - ObmDereferenceObject(HookObj); + UserDereferenceObject(HookObj); SetLastWin32Error(ERROR_INVALID_HANDLE); RETURN( 0); } NextObj = IntGetNextHook(HookObj); - ObmDereferenceObject(HookObj); + UserDereferenceObject(HookObj); if (NULL != NextObj) { DPRINT1("Calling next hook not implemented\n"); @@ -637,7 +637,7 @@ Status = MmCopyFromCaller(&ModuleName, UnsafeModuleName, sizeof(UNICODE_STRING)); if (! NT_SUCCESS(Status)) { - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); IntRemoveHook(Hook, WinStaObj, FALSE); if (NULL != Thread) { @@ -652,7 +652,7 @@ TAG_HOOK); if (NULL == Hook->ModuleName.Buffer) { - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); IntRemoveHook(Hook, WinStaObj, FALSE); if (NULL != Thread) { @@ -669,7 +669,7 @@ if (! NT_SUCCESS(Status)) { ExFreePool(Hook->ModuleName.Buffer); - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); IntRemoveHook(Hook, WinStaObj, FALSE); if (NULL != Thread) { @@ -686,7 +686,7 @@ Hook->Ansi = Ansi; Handle = Hook->Self; - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); ObDereferenceObject(WinStaObj); RETURN( Handle); @@ -738,7 +738,7 @@ RETURN( FALSE); } - // Status = ObmReferenceObjectByHandle(gHandleTable, Hook, + // Status = UserReferenceObjectByHandle(gHandleTable, Hook, // otHookProc, (PVOID *) &HookObj); if (!(HookObj = IntGetHookObject(Hook))) { @@ -751,7 +751,7 @@ IntRemoveHook(HookObj, WinStaObj, FALSE); - ObmDereferenceObject(HookObj); + UserDereferenceObject(HookObj); ObDereferenceObject(WinStaObj); RETURN( TRUE); Modified: trunk/reactos/subsystems/win32/win32k/ntuser/input.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/input.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/input.c Wed Feb 13 03:46:23 2008 @@ -1058,7 +1058,7 @@ MousePos.x = DesktopWindow->Wnd->ClientRect.right - 1; if(MousePos.y >= DesktopWindow->Wnd->ClientRect.bottom) MousePos.y = DesktopWindow->Wnd->ClientRect.bottom - 1; - ObmDereferenceObject(DesktopWindow); + UserDereferenceObject(DesktopWindow); } if(MousePos.x < 0) Modified: trunk/reactos/subsystems/win32/win32k/ntuser/menu.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/menu.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/menu.c Wed Feb 13 03:46:23 2008 @@ -238,6 +238,7 @@ } /* Free memory */ + ExFreePool(MenuItem->Text.Buffer); ExFreePool(MenuItem); return TRUE; @@ -317,9 +318,10 @@ Window->Wnd->IDMenu = 0; } } - ObmDeleteObject(Menu->MenuInfo.Self, otMenu); +// UserDereferenceObject(Menu); + BOOL ret = UserDeleteObject(Menu->MenuInfo.Self, otMenu); ObDereferenceObject(WindowStation); - return TRUE; + return ret; } } return FALSE; @@ -330,7 +332,7 @@ { PMENU_OBJECT Menu; - Menu = (PMENU_OBJECT)ObmCreateObject( + Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, Handle, otMenu, sizeof(MENU_OBJECT)); @@ -438,7 +440,7 @@ if(!Source) return NULL; - Menu = (PMENU_OBJECT)ObmCreateObject( + Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, &hMenu, otMenu, sizeof(MENU_OBJECT)); @@ -1457,6 +1459,7 @@ { PWINSTATION_OBJECT WinStaObject; HANDLE Handle; + PMENU_OBJECT Menu; NTSTATUS Status; PEPROCESS CurrentProcess = PsGetCurrentProcess(); @@ -1479,12 +1482,14 @@ SetLastNtError(Status); return (HMENU)0; } - IntCreateMenu(&Handle, !PopupMenu); + Menu = IntCreateMenu(&Handle, !PopupMenu); + UserDereferenceObject(Menu); ObDereferenceObject(WinStaObject); } else { - IntCreateMenu(&Handle, !PopupMenu); + Menu = IntCreateMenu(&Handle, !PopupMenu); + UserDereferenceObject(Menu); } return (HMENU)Handle; @@ -1566,7 +1571,7 @@ RETURN( FALSE); } - RETURN( IntDestroyMenuObject(Menu, FALSE, TRUE)); + RETURN( IntDestroyMenuObject(Menu, TRUE, TRUE)); CLEANUP: DPRINT("Leave NtUserDestroyMenu, ret=%i\n",_ret_); Modified: trunk/reactos/subsystems/win32/win32k/ntuser/message.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/message.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/message.c Wed Feb 13 03:46:23 2008 @@ -582,12 +582,12 @@ } /* eat the message */ - UserDerefObject(Wnd); + UserDereferenceObject(Wnd); UserDerefObjectCo(DesktopWindow); UserDerefObjectCo(Window); return TRUE; } - UserDerefObject(Wnd); + UserDereferenceObject(Wnd); } UserDerefObjectCo(DesktopWindow); @@ -800,7 +800,7 @@ // if(MsgWindow) // { -// UserDerefObject(MsgWindow); +// UserDereferenceObject(MsgWindow); // } return TRUE; @@ -1584,7 +1584,7 @@ /* Must be handled by other thread */ // if (HWND_BROADCAST != hWnd) // { -// UserDerefObject(Window); +// UserDereferenceObject(Window); // } Info.HandledByKernel = TRUE; UserModeMsg.hwnd = hWnd; Modified: trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c Wed Feb 13 03:46:23 2008 @@ -89,7 +89,7 @@ HANDLE Handle; PMONITOR_OBJECT Monitor; - Monitor = ObmCreateObject(gHandleTable, &Handle, otMonitor, sizeof (MONITOR_OBJECT)); + Monitor = UserCreateObject(gHandleTable, &Handle, otMonitor, sizeof (MONITOR_OBJECT)); if (Monitor == NULL) { return NULL; @@ -116,7 +116,7 @@ IntDestroyMonitorObject(IN PMONITOR_OBJECT pMonitor) { RtlFreeUnicodeString(&pMonitor->DeviceName); - ObmDereferenceObject(pMonitor); + UserDereferenceObject(pMonitor); } @@ -178,6 +178,8 @@ if (!RtlCreateUnicodeString(&Monitor->DeviceName, Buffer)) { DPRINT("Couldn't duplicate monitor name!\n"); + UserDereferenceObject(Monitor); + UserDeleteObject(Monitor->Handle, otMonitor); return STATUS_INSUFFICIENT_RESOURCES; } @@ -199,6 +201,7 @@ } Monitor->Prev = p; } + UserDereferenceObject(Monitor); return STATUS_SUCCESS; } Modified: trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c Wed Feb 13 03:46:23 2008 @@ -282,7 +282,7 @@ if(Msg == WM_MOUSEWHEEL) { Window = UserGetWindowObject(IntGetFocusWindow()); - if (Window) UserRefObject(Window); + if (Window) UserReferenceObject(Window); } else { @@ -290,7 +290,7 @@ if(Window == NULL) { Window = ScopeWin; - if (Window) UserRefObject(Window); + if (Window) UserReferenceObject(Window); } else { @@ -304,7 +304,7 @@ /* FIXME - window messages should go to the right window if no buttons are pressed */ Window = UserGetWindowObject(hCaptureWin); - if (Window) UserRefObject(Window); + if (Window) UserReferenceObject(Window); } @@ -377,7 +377,7 @@ IntUnLockHardwareMessageQueue(Window->MessageQueue); *Freed = FALSE; - UserDerefObject(Window); + UserDereferenceObject(Window); return(FALSE); } @@ -420,7 +420,7 @@ IntUnLockHardwareMessageQueue(Window->MessageQueue); } - UserDerefObject(Window); + UserDereferenceObject(Window); *Freed = FALSE; return(FALSE); } @@ -459,7 +459,7 @@ } } - UserDerefObject(Window); + UserDereferenceObject(Window); *Freed = FALSE; return(TRUE); } @@ -783,7 +783,7 @@ Mesg.time = MsqCalculateMessageTime(&LargeTickCount); IntGetCursorLocation(WinSta, &Mesg.pt); MsqPostMessage(Window->MessageQueue, &Mesg, FALSE, QS_HOTKEY); - ObmDereferenceObject(Window); + UserDereferenceObject(Window); ObDereferenceObject (Thread); // InsertHeadList(&pThread->MessageQueue->PostedMessagesListHead, Modified: trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c Wed Feb 13 03:46:23 2008 @@ -44,7 +44,7 @@ ExInitializeResourceLite(&UserLock); - if (!ObmCreateHandleTable()) + if (!UserCreateHandleTable()) { DPRINT1("Failed creating handle table\n"); return STATUS_INSUFFICIENT_RESOURCES; Modified: trunk/reactos/subsystems/win32/win32k/ntuser/object.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/object.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/object.c Wed Feb 13 03:46:23 2008 @@ -69,7 +69,7 @@ if (ht->nb_handles >= ht->allocated_handles) /* need to grow the array */ { /**/ - int i, iFree = 0, iWindow = 0, iMenu = 0, iCursorIcon = 0, + int i, iFree = 0, iWindow = 0, iMenu = 0, iCursorIcon = 0, iHook = 0, iCallProc = 0, iAccel = 0, iMonitor = 0; /**/ DPRINT1("Out of user handles! Used -> %i, NM_Handle -> %d\n", usedHandles, ht->nb_handles); @@ -108,7 +108,7 @@ } DPRINT1("Handle Count by Type:\n Free = %d Window = %d Menu = %d CursorIcon = %d Hook = %d\n CallProc = %d Accel = %d Monitor = %d\n", iFree, iWindow, iMenu, iCursorIcon, iHook, iCallProc, iAccel, iMonitor ); -//#endif +//#endif return NULL; #if 0 PUSER_HANDLE_ENTRY new_handles; @@ -198,6 +198,10 @@ entry->pi = UserHandleOwnerByType(type); if (++entry->generation >= 0xffff) entry->generation = 1; + + /* We have created a handle, which is a reference! */ + UserReferenceObject(object); + return entry_to_handle(ht, entry ); } @@ -241,18 +245,24 @@ return entry->ptr; } -/* free a user handle and return a pointer to the object */ -PVOID UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ) -{ - PUSER_HANDLE_ENTRY entry; +/* free a user handle */ +BOOL UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ) +{ + PUSER_HANDLE_ENTRY entry; + PVOID object; if (!(entry = handle_to_entry( ht, handle ))) { SetLastNtError( STATUS_INVALID_HANDLE ); - return NULL; - } - - return free_user_entry(ht, entry ); + return FALSE; + } + + object = free_user_entry(ht, entry ); + + /* We removed the handle, which was a reference! */ + return UserDereferenceObject(object); + + return TRUE; } /* return the next user handle after 'handle' that is of a given type */ @@ -284,7 +294,7 @@ PVOID FASTCALL -ObmCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size) +UserCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size) { HANDLE hi; @@ -303,7 +313,7 @@ RtlZeroMemory(hdr, size + sizeof(USER_OBJECT_HEADER)); hdr->hSelf = hi; - hdr->RefCount++; //temp hack! + hdr->RefCount = 2; // we need this, because we create 2 refs: handle and pointer! if (h) *h = hi; @@ -311,7 +321,7 @@ } BOOL FASTCALL -ObmDeleteObject(HANDLE h, USER_OBJECT_TYPE type ) +UserDeleteObject(HANDLE h, USER_OBJECT_TYPE type ) { PUSER_OBJECT_HEADER hdr; PVOID body = UserGetObject(gHandleTable, h, type); @@ -319,42 +329,45 @@ return FALSE; hdr = USER_BODY_TO_HEADER(body); + ASSERT(hdr->RefCount >= 1); + + hdr->destroyed = TRUE; + return UserFreeHandle(gHandleTable, h); +} + + +VOID FASTCALL UserReferenceObject(PVOID obj) +{ + PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); + ASSERT(hdr->RefCount >= 0); - hdr->destroyed = TRUE; - if (hdr->RefCount == 0) - { - UserFreeHandle(gHandleTable, h); - - memset(hdr, 0x55, sizeof(USER_OBJECT_HEADER)); - - UserHeapFree(hdr); - //ExFreePool(hdr); - return TRUE; - } - -// DPRINT1("info: something not destroyed bcause refs still left, inuse %i\n",usedHandles); - return FALSE; -} - - -VOID FASTCALL ObmReferenceObject(PVOID obj) -{ - PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); - - ASSERT(hdr->RefCount >= 0); - hdr->RefCount++; } -HANDLE FASTCALL ObmObjectToHandle(PVOID obj) + +PVOID FASTCALL UserReferenceObjectByHandle(HANDLE handle, USER_OBJECT_TYPE type) +{ + PVOID object; + + object = UserGetObject(gHandleTable, handle, type); + if(object) + { + UserReferenceObject(object); + } + + return object; +} + + +HANDLE FASTCALL UserObjectToHandle(PVOID obj) { PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); return hdr->hSelf; } -BOOL FASTCALL ObmDereferenceObject2(PVOID obj) +BOOL FASTCALL UserDereferenceObject(PVOID obj) { PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); @@ -363,17 +376,19 @@ hdr->RefCount--; // You can not have a zero here! - if (!hdr->destroyed && hdr->RefCount == 0) hdr->RefCount++; // BOUNCE!!!!! + if (!hdr->destroyed && hdr->RefCount == 0) + { + hdr->RefCount++; // BOUNCE!!!!! + DPRINT1("warning! Dereference to zero without deleting!\n"); + } if (hdr->RefCount == 0 && hdr->destroyed) { // DPRINT1("info: something destroyed bcaise of deref, in use=%i\n",usedHandles); - UserFreeHandle(gHandleTable, hdr->hSelf); - memset(hdr, 0x55, sizeof(USER_OBJECT_HEADER)); - UserHeapFree(hdr); + return UserHeapFree(hdr); //ExFreePool(hdr); return TRUE; @@ -384,7 +399,7 @@ -BOOL FASTCALL ObmCreateHandleTable() +BOOL FASTCALL UserCreateHandleTable() { PVOID mem; Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/window.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c Wed Feb 13 03:46:23 2008 @@ -414,7 +414,7 @@ else co_UserFreeWindow(Child, ProcessData, ThreadData, SendMessages); - UserDerefObject(Child); + UserDereferenceObject(Child); } } ExFreePool(Children); @@ -491,8 +491,8 @@ IntUnlinkWindow(Window); - UserRefObject(Window); - ObmDeleteObject(Window->hSelf, otWindow); + UserReferenceObject(Window); + UserDeleteObject(Window->hSelf, otWindow); IntDestroyScrollBars(Window); @@ -510,7 +510,7 @@ ASSERT(Window->Wnd != NULL); UserFreeWindowInfo(Window->ti, Window); - UserDerefObject(Window); + UserDereferenceObject(Window); IntClipboardFreeWindow(Window); @@ -989,7 +989,7 @@ if (WndOldOwner) { ret = WndOldOwner->hSelf; - UserDerefObject(WndOldOwner); + UserDereferenceObject(WndOldOwner); } else { @@ -1007,7 +1007,7 @@ Wnd->Wnd->Owner = NULL; } - UserDerefObject(Wnd); + UserDereferenceObject(Wnd); return ret; } @@ -1042,7 +1042,7 @@ WndOldParent = Wnd->Parent; - if (WndOldParent) UserRefObject(WndOldParent); /* caller must deref */ + if (WndOldParent) UserReferenceObject(WndOldParent); /* caller must deref */ if (WndNewParent != WndOldParent) { @@ -1064,9 +1064,9 @@ } else { -// UserRefObject(InsertAfter); +// UserReferenceObject(InsertAfter); IntLinkWindow(Wnd, WndNewParent, InsertAfter /*prev sibling*/); -// UserDerefObject(InsertAfter); +// UserDereferenceObject(InsertAfter); } } @@ -1092,7 +1092,7 @@ // { // if(!IntIsWindow(WndOldParent->hSelf)) // { -// UserDerefObject(WndOldParent); +// UserDereferenceObject(WndOldParent); // return NULL; // } @@ -1607,7 +1607,7 @@ /* Create the window object. */ Window = (PWINDOW_OBJECT) - ObmCreateObject(gHandleTable, (PHANDLE)&hWnd, + UserCreateObject(gHandleTable, (PHANDLE)&hWnd, otWindow, sizeof(WINDOW_OBJECT)); if (Window) { @@ -1982,7 +1982,7 @@ if (!Result) { /* FIXME: Cleanup. */ - DPRINT("IntCreateWindowEx(): NCCREATE message failed.\n"); + DPRINT1("IntCreateWindowEx(): NCCREATE message failed. No cleanup performed!\n"); RETURN((HWND)0); } @@ -2046,7 +2046,7 @@ if (Result == (LRESULT)-1) { /* FIXME: Cleanup. */ - DPRINT("IntCreateWindowEx(): send CREATE message failed.\n"); + DPRINT1("IntCreateWindowEx(): send CREATE message failed. No cleanup performed!\n"); RETURN((HWND)0); } @@ -2166,7 +2166,11 @@ CLEANUP: if (!_ret_ && Window && Window->Wnd && ti) UserFreeWindowInfo(ti, Window); - if (Window) UserDerefObjectCo(Window); + if (Window) + { + UserDerefObjectCo(Window); + UserDereferenceObject(Window); + } if (ParentWindow) UserDerefObjectCo(ParentWindow); if (!_ret_ && ti != NULL) { @@ -2834,7 +2838,7 @@ } //temp hack -// UserDerefObject(Parent); +// UserDereferenceObject(Parent); WndAncestor = Parent; } @@ -2935,7 +2939,7 @@ if (!(Wnd = UserGetWindowObject(hWnd))) { RETURN( FALSE ); - } + } _SEH_TRY { if(pcbi) @@ -2958,7 +2962,7 @@ CLEANUP: DPRINT("Leave NtUserGetComboBoxInfo, ret=%i\n",_ret_); UserLeave(); - END_CLEANUP; + END_CLEANUP; } @@ -3013,21 +3017,21 @@ { PWINDOW_OBJECT Wnd; DECLARE_RETURN(DWORD); - + DPRINT("Enter NtUserGetListBoxInfo\n"); UserEnterShared(); if (!(Wnd = UserGetWindowObject(hWnd))) { RETURN( 0 ); - } + } RETURN( (DWORD) co_IntSendMessage( Wnd->hSelf, LB_GETLISTBOXINFO, 0, 0 )); CLEANUP: DPRINT("Leave NtUserGetListBoxInfo, ret=%i\n",_ret_); UserLeave(); - END_CLEANUP; + END_CLEANUP; } @@ -3081,7 +3085,7 @@ if (WndOldParent) { hWndOldParent = WndOldParent->hSelf; - UserDerefObject(WndOldParent); + UserDereferenceObject(WndOldParent); } return( hWndOldParent); @@ -4599,7 +4603,7 @@ RETURN( NULL); CLEANUP: - if (Window) UserDerefObject(Window); + if (Window) UserDereferenceObject(Window); if (DesktopWindow) UserDerefObjectCo(DesktopWindow); DPRINT("Leave NtUserWindowFromPoint, ret=%i\n",_ret_); Modified: trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c Wed Feb 13 03:46:23 2008 @@ -1005,14 +1005,14 @@ } if (NULL != InsertAfterWindow) { - UserRefObject(InsertAfterWindow); + UserReferenceObject(InsertAfterWindow); } } else if (WinPos.hwndInsertAfter == HWND_BOTTOM) { if(ParentWindow->LastChild) { - UserRefObject(ParentWindow->LastChild); + UserReferenceObject(ParentWindow->LastChild); InsertAfterWindow = ParentWindow->LastChild; } else @@ -1028,7 +1028,7 @@ IntLinkWindow(Window, ParentWindow, InsertAfterWindow); } if (InsertAfterWindow != NULL) - UserDerefObject(InsertAfterWindow); + UserDereferenceObject(InsertAfterWindow); if ((HWND_TOPMOST == WinPos.hwndInsertAfter) || (0 != (Window->Wnd->ExStyle & WS_EX_TOPMOST) && NULL != Window->PrevSibling @@ -1588,9 +1588,9 @@ continue; } - if (*Window) UserDerefObject(*Window); + if (*Window) UserDereferenceObject(*Window); *Window = Current; - UserRefObject(*Window); + UserReferenceObject(*Window); if (CurrentWnd->Style & WS_MINIMIZE) {