merge from trunk 16686-16827 misc stuff still crash often due to referencing problems/freed message queue Added: branches/win32k rewrite attempt/win32k/docs/ Added: branches/win32k rewrite attempt/win32k/docs/refs.txt Modified: branches/win32k rewrite attempt/win32k/eng/event.c Modified: branches/win32k rewrite attempt/win32k/include/focus.h Modified: branches/win32k rewrite attempt/win32k/include/mmcopy.h Modified: branches/win32k rewrite attempt/win32k/include/userfuncs.h Modified: branches/win32k rewrite attempt/win32k/misc/copy.c Modified: branches/win32k rewrite attempt/win32k/ntuser/class.c Modified: branches/win32k rewrite attempt/win32k/ntuser/focus.c Modified: branches/win32k rewrite attempt/win32k/ntuser/input.c Modified: branches/win32k rewrite attempt/win32k/ntuser/monitor.c Modified: branches/win32k rewrite attempt/win32k/ntuser/window.c Modified: branches/win32k rewrite attempt/win32k/ntuser/winpos.c Modified: branches/win32k rewrite attempt/win32k/objects/brush.c Modified: branches/win32k rewrite attempt/win32k/objects/cliprgn.c Modified: branches/win32k rewrite attempt/win32k/objects/color.c Modified: branches/win32k rewrite attempt/win32k/objects/coord.c Modified: branches/win32k rewrite attempt/win32k/objects/dc.c Modified: branches/win32k rewrite attempt/win32k/objects/dib.c Modified: branches/win32k rewrite attempt/win32k/objects/fillshap.c Modified: branches/win32k rewrite attempt/win32k/objects/line.c Modified: branches/win32k rewrite attempt/win32k/objects/pen.c Modified: branches/win32k rewrite attempt/win32k/objects/print.c Modified: branches/win32k rewrite attempt/win32k/objects/rect.c Modified: branches/win32k rewrite attempt/win32k/objects/region.c Modified: branches/win32k rewrite attempt/win32k/objects/text.c Modified: branches/win32k rewrite attempt/win32k/tests/win32k.xml Modified: branches/win32k rewrite attempt/win32k/win32k.xml _____ Added: branches/win32k rewrite attempt/win32k/docs/refs.txt --- branches/win32k rewrite attempt/win32k/docs/refs.txt 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/docs/refs.txt 2005-07-28 13:40:52 UTC (rev 16829) @@ -0,0 +1,26 @@ +References: +----------- + +window -> desktop +window -> class + +window -> queue/thread_input ????????? +thread -> queue/thread_input ????????? + +thread -> process +process -> winsta +thread -> desktop +desktop -> winsta +winsta -> session + + +Above references create following dependencies: +----------------------------------------------- + +window -> desktop -> winsta -> session +window -> class + +thread -> process -> winsta -> session +thread -> desktop -> winsta -> session + +process -> winsta -> session _____ Modified: branches/win32k rewrite attempt/win32k/eng/event.c --- branches/win32k rewrite attempt/win32k/eng/event.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/eng/event.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -36,7 +36,7 @@ STDCALL EngCreateEvent ( OUT PEVENT *Event ) { - (*Event) = ExAllocatePool(NonPagedPool, sizeof(TAG_DRIVER)); + (*Event) = ExAllocatePool(NonPagedPool, sizeof(KEVENT)); if ((*Event) == NULL) { return FALSE; _____ Modified: branches/win32k rewrite attempt/win32k/include/focus.h --- branches/win32k rewrite attempt/win32k/include/focus.h 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/include/focus.h 2005-07-28 13:40:52 UTC (rev 16829) @@ -9,9 +9,8 @@ PWINDOW_OBJECT FASTCALL UserGetFocusWindow(); -PWINDOW_OBJECT FASTCALL -IntGetForegroundWindow(VOID); + /* * These functions take the window handles from current thread queue. */ _____ Modified: branches/win32k rewrite attempt/win32k/include/mmcopy.h --- branches/win32k rewrite attempt/win32k/include/mmcopy.h 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/include/mmcopy.h 2005-07-28 13:40:52 UTC (rev 16829) @@ -4,8 +4,9 @@ #include <pseh/pseh.h> NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes ); +NTSTATUS _MmCopyToCaller( PVOID Target, PVOID Source, UINT Bytes ); #define MmCopyFromCaller(x,y,z) _MmCopyFromCaller((PCHAR)(x),(PCHAR)(y),(UINT)(z)) -#define MmCopyToCaller(x,y,z) MmCopyFromCaller(x,y,z) +#define MmCopyToCaller(x,y,z) _MmCopyToCaller((PCHAR)(x),(PCHAR)(y),(UINT)(z)) #endif/*NDK_MMCOPY_H*/ _____ Modified: branches/win32k rewrite attempt/win32k/include/userfuncs.h --- branches/win32k rewrite attempt/win32k/include/userfuncs.h 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/include/userfuncs.h 2005-07-28 13:40:52 UTC (rev 16829) @@ -38,8 +38,12 @@ NTSTATUS FASTCALL UserAcquireOrReleaseInputOwnership(BOOLEAN Release); -/* focus.c */ +/******************** FOCUS.C ********************************/ + PWINDOW_OBJECT FASTCALL +UserGetForegroundWindow(VOID); + +PWINDOW_OBJECT FASTCALL UserSetFocus(PWINDOW_OBJECT Wnd OPTIONAL); @@ -96,7 +100,8 @@ UserCreateMenuObject(HANDLE* h); -/* caret.c */ +/************************* CARET.C ****************************/ + BOOL FASTCALL UserShowCaret(PWINDOW_OBJECT Wnd); @@ -106,12 +111,14 @@ BOOL FASTCALL UserHideCaret(PWINDOW_OBJECT Wnd); -/* winpos.c */ +/************************* WINPOS.C ****************************/ + BOOL FASTCALL UserGetClientOrigin(PWINDOW_OBJECT hWnd, LPPOINT Point); -/* scrollbar.c */ +/************************* SCROLLBAR.C ****************************/ + DWORD FASTCALL UserShowScrollBar(PWINDOW_OBJECT Wnd, int wBar, DWORD bShow); @@ -144,7 +151,7 @@ ClassReferenceClass(PWNDCLASS_OBJECT Class); VOID FASTCALL -ClassDereferenceClass(PWNDCLASS_OBJECT Class); +UserDereferenceClass(PWNDCLASS_OBJECT Class); PWNDCLASS_OBJECT FASTCALL ClassCreateClass(DWORD bytes); _____ Modified: branches/win32k rewrite attempt/win32k/misc/copy.c --- branches/win32k rewrite attempt/win32k/misc/copy.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/misc/copy.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -2,9 +2,23 @@ NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes ) { NTSTATUS Status = STATUS_SUCCESS; + + _SEH_TRY { + ProbeForRead(Source,Bytes,1); + RtlCopyMemory(Target,Source,Bytes); + } _SEH_HANDLE { + Status = _SEH_GetExceptionCode(); + } _SEH_END; + return Status; +} + +NTSTATUS _MmCopyToCaller( PVOID Target, PVOID Source, UINT Bytes ) { + NTSTATUS Status = STATUS_SUCCESS; + _SEH_TRY { - RtlCopyMemory(Target,Source,Bytes); + ProbeForWrite(Target,Bytes,1); + RtlCopyMemory(Target,Source,Bytes); } _SEH_HANDLE { Status = _SEH_GetExceptionCode(); } _SEH_END; _____ Modified: branches/win32k rewrite attempt/win32k/ntuser/class.c --- branches/win32k rewrite attempt/win32k/ntuser/class.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/ntuser/class.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -54,7 +54,7 @@ } VOID FASTCALL -ClassDereferenceClass(PWNDCLASS_OBJECT Class) +UserDereferenceClass(PWNDCLASS_OBJECT Class) { //if (--Class->RefCount == 0) //{ @@ -319,7 +319,7 @@ if (ClassObject->hInstance == lpwcx->hInstance) { SetLastWin32Error(ERROR_CLASS_ALREADY_EXISTS); - ClassDereferenceClass(ClassObject); + UserDereferenceClass(ClassObject); return(NULL); } } @@ -739,7 +739,7 @@ if (Class->hInstance && Class->hInstance != hInstance) { - ClassDereferenceClass(Class); + UserDereferenceClass(Class); SetLastWin32Error(ERROR_CLASS_DOES_NOT_EXIST); RETURN(FALSE); } @@ -747,20 +747,20 @@ if (!IsListEmpty(&Class->ClassWindowsListHead)) { /* Dereference the ClassReferenceClassByNameOrAtom() call */ - ClassDereferenceClass(Class); + UserDereferenceClass(Class); SetLastWin32Error(ERROR_CLASS_HAS_WINDOWS); RETURN(FALSE); } /* Dereference the ClassReferenceClassByNameOrAtom() call */ - ClassDereferenceClass(Class); + UserDereferenceClass(Class); RemoveEntryList(&Class->ListEntry); RtlDeleteAtomFromAtomTable(WinStaObject->AtomTable, Class->Atom); /* Free the object */ - ClassDereferenceClass(Class); + UserDereferenceClass(Class); RETURN(TRUE); _____ Modified: branches/win32k rewrite attempt/win32k/ntuser/focus.c --- branches/win32k rewrite attempt/win32k/ntuser/focus.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/ntuser/focus.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -91,7 +91,7 @@ /* FIXME: IntIsWindow */ - IntPostOrSendMessage(hWnd, WM_NCACTIVATE, (WPARAM)(Window == IntGetForegroundWindow()), 0); + IntPostOrSendMessage(hWnd, WM_NCACTIVATE, (WPARAM)(Window == UserGetForegroundWindow()), 0); /* FIXME: WA_CLICKACTIVE */ IntPostOrSendMessage(hWnd, WM_ACTIVATE, MAKEWPARAM(MouseActivate ? WA_CLICKACTIVE : WA_ACTIVE, @@ -340,8 +340,9 @@ DPRINT("Enter NtUserGetForegroundWindow\n"); UserEnterExclusive(); - PUSER_MESSAGE_QUEUE ForegroundQueue = UserGetFocusMessageQueue(); - RETURN(ForegroundQueue != NULL ? ForegroundQueue->ActiveWindow : 0); + //PUSER_MESSAGE_QUEUE ForegroundQueue = UserGetFocusMessageQueue(); + //RETURN(ForegroundQueue != NULL ? ForegroundQueue->ActiveWindow : 0); + RETURN(GetHwnd(UserGetForegroundWindow())); CLEANUP: DPRINT("Leave NtUserGetForegroundWindow, ret=%i\n",_ret_); @@ -352,7 +353,7 @@ PWINDOW_OBJECT FASTCALL -IntGetForegroundWindow(VOID) +UserGetForegroundWindow(VOID) { PUSER_MESSAGE_QUEUE ForegroundQueue = UserGetFocusMessageQueue(); _____ Modified: branches/win32k rewrite attempt/win32k/ntuser/input.c --- branches/win32k rewrite attempt/win32k/ntuser/input.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/ntuser/input.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -379,13 +379,11 @@ MSG Mesg; NTSTATUS Status; -// Status = ObmReferenceObjectByHandle(InputWindowStation->HandleTable, -// InputWindowStation->ShellWindow, -// otWindow, -// (PVOID *)&Window); - - Window = IntGetWindowObject( InputWindowStation->ShellWindow); - + Window = UserGetObject( + &InputWindowStation->HandleTable, + InputWindowStation->ShellWindow, + USER_WINDOW); + if (!NT_SUCCESS(Status)) { DPRINT1("Couldn't find window to send Windows key message!\n"); @@ -399,8 +397,6 @@ /* The QS_HOTKEY is just a guess */ MsqPostMessage(Window->MessageQueue, &Mesg, FALSE, QS_HOTKEY); - -// ObmDereferenceObject(Window); } STATIC VOID STDCALL @@ -930,7 +926,6 @@ SwapButtons = CurInfo->SwapButtons; DoMove = FALSE; -// ExAcquireFastMutex(&CurInfo->CursorMutex); UserGetCursorLocation(WinSta, &MousePos); OrgPos.x = MousePos.x; OrgPos.y = MousePos.y; @@ -948,17 +943,18 @@ MousePos.y += mi->dy; } -// Status = ObmReferenceObjectByHandle(WinSta->HandleTable, -// WinSta->ActiveDesktop->DesktopWindow, otWindow, (PVOID*)&DesktopWindow); - - DesktopWindow = UserGetDesktopWindow(); + //FIXME: make typename like HACCEL, HWND -> USER_WND, USER_ACCEL + DesktopWindow = UserGetObject( + &WinSta->HandleTable, + WinSta->ActiveDesktop->DesktopWindow, + USER_WINDOW); + if (DesktopWindow) { if(MousePos.x >= DesktopWindow->ClientRect.right) MousePos.x = DesktopWindow->ClientRect.right - 1; if(MousePos.y >= DesktopWindow->ClientRect.bottom) MousePos.y = DesktopWindow->ClientRect.bottom - 1; -// ObmDereferenceObject(DesktopWindow); } if(MousePos.x < 0) @@ -983,7 +979,6 @@ DoMove = (MousePos.x != OrgPos.x || MousePos.y != OrgPos.y); } -// ExReleaseFastMutex(&CurInfo->CursorMutex); if (DoMove) { @@ -1000,9 +995,9 @@ IntEngMovePointer(SurfObj, MousePos.x, MousePos.y, &(GDIDEV(SurfObj)->Pointer.Exclude)); /* Only now, update the info in the GDIDEVICE, so EngMovePointer can - * use the old values to move the pointer image */ - GDIDEV(SurfObj)->Pointer.Pos.x = MousePos.x; - GDIDEV(SurfObj)->Pointer.Pos.y = MousePos.y; + * use the old values to move the pointer image */ + GDIDEV(SurfObj)->Pointer.Pos.x = MousePos.x; + GDIDEV(SurfObj)->Pointer.Pos.y = MousePos.y; BITMAPOBJ_UnlockBitmap(BitmapObj); } @@ -1019,7 +1014,7 @@ if(DoMove) { Msg.message = WM_MOUSEMOVE; - //FIXME: uhm... Msg is built on stack... + /* Msg is built on stack but MsqInsertSystemMessage copies it, so its ok */ MsqInsertSystemMessage(&Msg); } _____ Modified: branches/win32k rewrite attempt/win32k/ntuser/monitor.c --- branches/win32k rewrite attempt/win32k/ntuser/monitor.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/ntuser/monitor.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -111,7 +111,6 @@ HANDLE Handle; PMONITOR_OBJECT Monitor; -// Monitor = ObmCreateObject(PsGetWin32Thread()->Desktop->WindowStation->HandleTable, &Handle, otMonitor, sizeof (MONITOR_OBJECT)); Monitor = UserCreateMonitorObject(&Handle); if (Monitor == NULL) { @@ -174,10 +173,7 @@ IntGetMonitorObject(IN HMONITOR hMonitor) { PMONITOR_OBJECT Monitor; -// NTSTATUS Status; -// Status = ObmReferenceObjectByHandle(PsGetWin32Thread()->Desktop->WindowStation->H andleTable, hMonitor, otMonitor, (PVOID *)&Monitor); - Monitor = UserGetMonitorObject(hMonitor); if (!Monitor) { _____ Modified: branches/win32k rewrite attempt/win32k/ntuser/window.c --- branches/win32k rewrite attempt/win32k/ntuser/window.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/ntuser/window.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -428,7 +428,7 @@ RemoveEntryList(&Window->ClassListEntry); /* dereference the class */ - ClassDereferenceClass(Window->Class); + UserDereferenceClass(Window->Class); Window->Class = NULL; if(Window->WindowRegion) @@ -495,7 +495,7 @@ pwi->rcClient = WindowObject->ClientRect; pwi->dwStyle = WindowObject->Style; pwi->dwExStyle = WindowObject->ExStyle; - pwi->dwWindowStatus = (IntGetForegroundWindow() == WindowObject); /* WS_ACTIVECAPTION */ + pwi->dwWindowStatus = (UserGetForegroundWindow() == WindowObject); /* WS_ACTIVECAPTION */ IntGetWindowBorderMeasures(WindowObject, &pwi->cxWindowBorders, &pwi->cyWindowBorders); pwi->atomWindowType = (WindowObject->Class ? WindowObject->Class->Atom : 0); pwi->wCreatorVersion = 0x400; /* FIXME - return a real version number */ @@ -510,13 +510,19 @@ { PMENU_OBJECT OldMenuObject, NewMenuObject = NULL; + if ((WindowObject->Style & (WS_CHILD | WS_POPUP)) == WS_CHILD) + { + SetLastWin32Error(ERROR_INVALID_WINDOW_HANDLE); + return FALSE; + } + *Changed = (WindowObject->IDMenu != (UINT) Menu); if (! *Changed) { return TRUE; } - if (0 != WindowObject->IDMenu) + if (WindowObject->IDMenu) { OldMenuObject = UserGetMenuObject((HMENU) WindowObject->IDMenu); ASSERT(NULL == OldMenuObject || OldMenuObject->MenuInfo.Wnd == WindowObject->Self); @@ -574,12 +580,24 @@ DestroyThreadWindows(struct _ETHREAD *Thread) { PLIST_ENTRY Current; - PW32PROCESS Win32Process; +// PW32PROCESS Win32Process; PW32THREAD Win32Thread; - PWINDOW_OBJECT *List, *pWnd; - ULONG Cnt = 0; +// PWINDOW_OBJECT *List, *pWnd, Wnd; + PWINDOW_OBJECT Wnd; +// ULONG Cnt = 0; Win32Thread = Thread->Tcb.Win32Thread; + + while (!IsListEmpty(&Win32Thread->WindowListHead)) + { + Current = RemoveHeadList(&Win32Thread->WindowListHead); + Wnd = CONTAINING_RECORD(Current, WINDOW_OBJECT, ThreadListEntry); + /* window removes itself from the list */ + UserDestroyWindow(Wnd); + } + +#if 0 + Win32Process = (PW32PROCESS)Thread->ThreadsProcess->Win32Process; Current = Win32Thread->WindowListHead.Flink; @@ -615,7 +633,7 @@ ExFreePool(List); return; } - +#endif } @@ -1494,10 +1512,12 @@ /* Check the window station. */ if (PsGetWin32Thread()->Desktop == NULL) { - ClassDereferenceClass(ClassObject); + UserDereferenceClass(ClassObject); DPRINT("Thread is not attached to a desktop! Cannot create window!\n"); return (HWND)0; } + + //FIXME: DO NOT REFERENCE WINSTA! Reference desktop instead!! WinStaObject = UserGetCurrentWinSta(); ObReferenceObjectByPointer(WinStaObject, KernelMode, ExWindowStationObjectType, 0); @@ -1513,7 +1533,7 @@ if (!WindowObject) { ObDereferenceObject(WinStaObject); - ClassDereferenceClass(ClassObject); + UserDereferenceClass(ClassObject); SetLastNtError(STATUS_INSUFFICIENT_RESOURCES); return (HWND)0; } @@ -1529,6 +1549,8 @@ * Fill out the structure describing it. */ WindowObject->Class = ClassObject; + + //er dette n°dvendig? InsertTailList(&ClassObject->ClassWindowsListHead, &WindowObject->ClassListEntry); WindowObject->ExStyle = dwExStyle; @@ -1551,8 +1573,11 @@ WindowObject->MessageQueue = UserGetCurrentQueue(); + ASSERT(WindowObject->MessageQueue); + DPRINT1("Set 0x%x's parent to 0x%x\n",WindowObject, ParentWindow); WindowObject->ParentWnd = ParentWindow; + if((OwnerWindow = IntGetWindowObject(OwnerWindowHandle))) { WindowObject->Owner = OwnerWindowHandle; @@ -1604,7 +1629,7 @@ TAG_STRING); if (NULL == WindowObject->WindowName.Buffer) { - ClassDereferenceClass(ClassObject); + UserDereferenceClass(ClassObject); DPRINT1("Failed to allocate mem for window name\n"); SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY); return NULL; @@ -1691,7 +1716,7 @@ /* FIXME - Delete window object and remove it from the thread windows list */ /* FIXME - delete allocated DCE */ - ClassDereferenceClass(ClassObject); + UserDereferenceClass(ClassObject); DPRINT1("CBT-hook returned !0\n"); return (HWND) NULL; } @@ -1894,7 +1919,7 @@ if (Result == (LRESULT)-1) { /* FIXME: Cleanup. */ - ClassDereferenceClass(ClassObject); + UserDereferenceClass(ClassObject); DPRINT("IntCreateWindowEx(): send CREATE message failed.\n"); return((HWND)0); } @@ -2149,7 +2174,7 @@ WinPosActivateOtherWindow(Wnd); } } - +// IntDereferenceMessageQueue(Window->MessageQueue); if (Wnd->MessageQueue->ActiveWindow == Wnd->Self) Wnd->MessageQueue->ActiveWindow = NULL; _____ Modified: branches/win32k rewrite attempt/win32k/ntuser/winpos.c --- branches/win32k rewrite attempt/win32k/ntuser/winpos.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/ntuser/winpos.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -114,56 +114,71 @@ WinPosActivateOtherWindow(PWINDOW_OBJECT Window) { PWINDOW_OBJECT Wnd, Old; - int TryTopmost; + HWND Fg; if (!Window || IntIsDesktopWindow(Window)) { IntSetFocusMessageQueue(NULL); return; } + + /* If this is popup window, try to activate the owner first. */ + if ((Window->Style & WS_POPUP) && (Wnd = IntGetOwner(Window))) + { + for(;;) + { + Old = Wnd; + Wnd = Wnd->ParentWnd;//IntGetParentObject(Wnd); + if(IntIsDesktopWindow(Wnd)) + { + Wnd = Old; + break; + } + } + + if ((Wnd->Style & (WS_DISABLED | WS_VISIBLE)) == WS_VISIBLE && + (Wnd->Style & (WS_POPUP | WS_CHILD)) != WS_CHILD) + goto done; + + } + + /* Pick a next top-level window. */ + /* FIXME: Search for non-tooltip windows first. */ Wnd = Window; - for(;;) + while (Wnd != NULL) { - HWND *List, *phWnd; - Old = Wnd; - Wnd = Wnd->ParentWnd; - if(!Wnd) + if (Old->NextSibling == NULL) { - IntSetFocusMessageQueue(NULL); - return; + Wnd = NULL; +//(( if (Old != Window) +//(( IntReleaseWindowObject(Old); + break; } + Wnd = IntGetWindowObject(Old->NextSibling->Self); +// IntUnLockRelatives(Old); +// if (Old != Window) +// IntReleaseWindowObject(Old); + if ((Wnd->Style & (WS_DISABLED | WS_VISIBLE)) == WS_VISIBLE && + (Wnd->Style & (WS_POPUP | WS_CHILD)) != WS_CHILD) + break; + } - if((List = IntWinListChildren(Wnd))) +done: +// Fg = NtUserGetForegroundWindow(); + Fg = GetHwnd(UserGetForegroundWindow()); + if (Wnd && (!Fg || Window->Self == Fg)) + { + if (IntSetForegroundWindow(Wnd)) { - for(TryTopmost = 0; TryTopmost <= 1; TryTopmost++) - { - for(phWnd = List; *phWnd; phWnd++) - { - PWINDOW_OBJECT Child; - - if((*phWnd) == Window->Self) - { - continue; - } - - if((Child = IntGetWindowObject(*phWnd))) -// Child = *phWnd; - { - if(((! TryTopmost && (0 == (Child->ExStyle & WS_EX_TOPMOST))) - || (TryTopmost && (0 != (Child->ExStyle & WS_EX_TOPMOST)))) - && IntSetForegroundWindow(Child)) - { - ExFreePool(List); - return; - } - } - } - } - ExFreePool(List); +// IntReleaseWindowObject(Wnd); + return; } } - + if (!IntSetActiveWindow(Wnd)) + IntSetActiveWindow(0); +// if (Wnd) +// IntReleaseWindowObject(Wnd); } @@ -733,7 +748,7 @@ //FIXME - tmp = IntGetForegroundWindow(); + tmp = UserGetForegroundWindow(); if (WinPos->hwnd == (tmp ? tmp->Self : 0)) { WinPos->flags |= SWP_NOACTIVATE; /* Already active */ _____ Modified: branches/win32k rewrite attempt/win32k/objects/brush.c --- branches/win32k rewrite attempt/win32k/objects/brush.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/objects/brush.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -563,7 +563,7 @@ CONST VOID *PackedDIB) { BITMAPINFO *SafeBitmapInfoAndData; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; HBRUSH hBrush; SafeBitmapInfoAndData = EngAllocMem(0, BitmapInfoSize, 0); @@ -573,10 +573,24 @@ return NULL; } - Status = MmCopyFromCaller(SafeBitmapInfoAndData, BitmapInfoAndData, - BitmapInfoSize); + _SEH_TRY + { + ProbeForRead(BitmapInfoAndData, + BitmapInfoSize, + 1); + RtlCopyMemory(SafeBitmapInfoAndData, + BitmapInfoAndData, + BitmapInfoSize); + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if (!NT_SUCCESS(Status)) { + EngFreeMem(SafeBitmapInfoAndData); SetLastNtError(Status); return 0; } @@ -632,11 +646,23 @@ if (Point != NULL) { - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; POINT SafePoint; SafePoint.x = dc->w.brushOrgX; SafePoint.y = dc->w.brushOrgY; - Status = MmCopyToCaller(Point, &SafePoint, sizeof(POINT)); + _SEH_TRY + { + ProbeForWrite(Point, + sizeof(POINT), + 1); + *Point = SafePoint; + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { DC_UnlockDc(dc); @@ -661,7 +687,7 @@ ULONG Reserved) { PPATRECT rb = NULL; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; BOOL Ret; if (cRects > 0) @@ -672,7 +698,21 @@ SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY); return FALSE; } - Status = MmCopyFromCaller(rb, pRects, sizeof(PATRECT) * cRects); + _SEH_TRY + { + ProbeForRead(pRects, + cRects * sizeof(PATRECT), + 1); + RtlCopyMemory(rb, + pRects, + cRects * sizeof(PATRECT)); + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if (!NT_SUCCESS(Status)) { ExFreePool(rb); _____ Modified: branches/win32k rewrite attempt/win32k/objects/cliprgn.c --- branches/win32k rewrite attempt/win32k/objects/cliprgn.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/objects/cliprgn.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -192,7 +192,19 @@ Ret = IntGdiGetClipBox(hDC, &Saferect); - Status = MmCopyToCaller(rc, &Saferect, sizeof(RECT)); + _SEH_TRY + { + ProbeForWrite(rc, + sizeof(RECT), + 1); + *rc = Saferect; + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { @@ -341,7 +353,7 @@ BOOL STDCALL NtGdiRectVisible(HDC hDC, CONST PRECT UnsafeRect) { - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; PROSRGNDATA Rgn; PDC dc = DC_LockDc(hDC); BOOL Result = FALSE; @@ -353,10 +365,23 @@ return FALSE; } - Status = MmCopyFromCaller(&Rect, UnsafeRect, sizeof(RECT)); + _SEH_TRY + { + ProbeForRead(UnsafeRect, + sizeof(RECT), + 1); + Rect = *UnsafeRect; + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { DC_UnlockDc(dc); + SetLastNtError(Status); return FALSE; } _____ Modified: branches/win32k rewrite attempt/win32k/objects/color.c --- branches/win32k rewrite attempt/win32k/objects/color.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/objects/color.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -588,6 +588,13 @@ return old; } +/* + Win 2k Graphics API, Black Book. by coriolis.com + Page 62, Note that Steps 3, 5, and 6 are not required for Windows NT(tm) + and Windows 2000(tm). + + Step 5. UnrealizeObject(hTrackBrush); + */ BOOL STDCALL NtGdiUnrealizeObject(HGDIOBJ hgdiobj) { @@ -595,7 +602,6 @@ GDIOBJHDR * ptr; DWORD objectType; BOOL Ret = FALSE; - UNIMPLEMENTED; ptr = GDIOBJ_LockObj(hgdiobj, GDI_OBJECT_TYPE_DONTCARE); if (ptr == 0) @@ -606,12 +612,6 @@ objectType = GDIOBJ_GetObjectType(hgdiobj); switch(objectType) { - case GDI_OBJECT_TYPE_PALETTE: - { - /* Make sure this is a Palette object!*/ - DPRINT1("GDI_OBJECT_TYPE_PALETTE\n"); - break; - } /* msdn.microsoft.com, "Windows 2000/XP: If hgdiobj is a brush, UnrealizeObject does nothing, @@ -620,7 +620,7 @@ */ case GDI_OBJECT_TYPE_BRUSH: { - DPRINT1("GDI_OBJECT_TYPE_BRUSH\n"); + DPRINT("GDI_OBJECT_TYPE_BRUSH\n"); Ret = TRUE; break; } _____ Modified: branches/win32k rewrite attempt/win32k/objects/coord.c --- branches/win32k rewrite attempt/win32k/objects/coord.c 2005-07-28 11:48:58 UTC (rev 16828) +++ branches/win32k rewrite attempt/win32k/objects/coord.c 2005-07-28 13:40:52 UTC (rev 16829) @@ -63,17 +63,29 @@ { XFORM xformTemp; XFORM xform1, xform2; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; BOOL Ret; - - Status = MmCopyFromCaller( &xform1, Unsafexform1, sizeof(XFORM) ); - if(!NT_SUCCESS(Status)) + _SEH_TRY { - SetLastNtError(Status); - return FALSE; + ProbeForWrite(UnsafeXFormResult, + sizeof(XFORM), + 1); + ProbeForRead(Unsafexform1, + sizeof(XFORM), + 1); + ProbeForRead(Unsafexform2, + sizeof(XFORM), + 1); + xform1 = *Unsafexform1; + xform2 = *Unsafexform2; } - Status = MmCopyFromCaller( &xform2, Unsafexform2, sizeof(XFORM) ); + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { SetLastNtError(Status); @@ -83,7 +95,17 @@ Ret = IntGdiCombineTransform(&xformTemp, &xform1, &xform2); /* Copy the result to xformResult */ - Status = MmCopyToCaller( UnsafeXFormResult, &xformTemp, sizeof(XFORM) ); + _SEH_TRY + { + /* pointer was already probed! */ + *UnsafeXFormResult = xformTemp; + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { SetLastNtError(Status); @@ -131,7 +153,7 @@ int Count) { PDC dc; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; LPPOINT Points; ULONG Size; @@ -159,7 +181,21 @@ return FALSE; } - Status = MmCopyFromCaller(Points, UnsafePoints, Size); + _SEH_TRY + { + ProbeForWrite(UnsafePoints, + Size, + 1); + RtlCopyMemory(Points, + UnsafePoints, + Size); + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { DC_UnlockDc(dc); @@ -170,7 +206,19 @@ IntDPtoLP(dc, Points, Count); - Status = MmCopyToCaller(UnsafePoints, Points, Size); + _SEH_TRY + { + /* pointer was already probed! */ + RtlCopyMemory(UnsafePoints, + Points, + Size); + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + if(!NT_SUCCESS(Status)) { DC_UnlockDc(dc); @@ -218,7 +266,7 @@ LPXFORM XForm) { PDC dc; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; dc = DC_LockDc ( hDC ); if (!dc) @@ -233,7 +281,18 @@ return FALSE; } - Status = MmCopyToCaller(XForm, &dc->w.xformWorld2Wnd, sizeof(XFORM)); + _SEH_TRY + { + ProbeForWrite(XForm, + sizeof(XFORM), + 1); + *XForm = dc->w.xformWorld2Wnd; + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; DC_UnlockDc(dc); return NT_SUCCESS(Status); @@ -280,7 +339,7 @@ NtGdiLPtoDP ( HDC hDC, LPPOINT UnsafePoints, INT Count ) { PDC dc; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; LPPOINT Points; ULONG Size; @@ -308,7 +367,21 @@ [truncated at 1000 lines; 2213 more skipped]