Base,
&Parent);
/* Bail out, if still nothing free was found */
- if (Result == TableFoundNode) return STATUS_NO_MEMORY;
+ if (Result == TableFoundNode)
+ {
+ ExFreePoolWithTag(Vad, 'ldaV');
+ return STATUS_NO_MEMORY;
+ }
}
/* Validate that it came from the VAD ranges */
Status = STATUS_SUCCESS;
/* Pretend as if we own the working set */
- MiLockProcessWorkingSet(Process, Thread);
+ MiLockProcessWorkingSetUnsafe(Process, Thread);
/* Insert the VAD */
ASSERT(Vad->EndingVpn >= Vad->StartingVpn);
MiInsertNode(&Process->VadRoot, (PVOID)Vad, Parent, Result);
/* Release the working set */
- MiUnlockProcessWorkingSet(Process, Thread);
+ MiUnlockProcessWorkingSetUnsafe(Process, Thread);
/* Release the address space lock */
KeReleaseGuardedMutex(&Process->AddressCreationLock);
ASSERT(Vad->u2.VadFlags2.MultipleSecured == FALSE);
/* Lock the working set */
- MiLockProcessWorkingSet(Process, Thread);
+ MiLockProcessWorkingSetUnsafe(Process, Thread);
/* Remove this VAD from the tree */
ASSERT(VadTree->NumberGenericTableElements >= 1);
MiDeleteVirtualAddresses((ULONG_PTR)Teb, TebEnd, NULL);
/* Release the working set */
- MiUnlockProcessWorkingSet(Process, Thread);
+ MiUnlockProcessWorkingSetUnsafe(Process, Thread);
/* Remove the VAD */
ExFreePool(Vad);
Peb->OSMajorVersion = NtMajorVersion;
Peb->OSMinorVersion = NtMinorVersion;
Peb->OSBuildNumber = (USHORT)(NtBuildNumber & 0x3FFF);
- Peb->OSPlatformId = 2; /* VER_PLATFORM_WIN32_NT */
+ Peb->OSPlatformId = VER_PLATFORM_WIN32_NT;
Peb->OSCSDVersion = (USHORT)CmNtCSDVersion;
//
Peb->NumberOfProcessors = KeNumberProcessors;
Peb->BeingDebugged = (BOOLEAN)(Process->DebugPort != NULL);
Peb->NtGlobalFlag = NtGlobalFlag;
- /*Peb->HeapSegmentReserve = MmHeapSegmentReserve;
- Peb->HeapSegmentCommit = MmHeapSegmentCommit;
- Peb->HeapDeCommitTotalFreeThreshold = MmHeapDeCommitTotalFreeThreshold;
- Peb->HeapDeCommitFreeBlockThreshold = MmHeapDeCommitFreeBlockThreshold;
- Peb->CriticalSectionTimeout = MmCriticalSectionTimeout;
- Peb->MinimumStackCommit = MmMinimumStackCommitInBytes;
- */
+ Peb->HeapSegmentReserve = MmHeapSegmentReserve;
+ Peb->HeapSegmentCommit = MmHeapSegmentCommit;
+ Peb->HeapDeCommitTotalFreeThreshold = MmHeapDeCommitTotalFreeThreshold;
+ Peb->HeapDeCommitFreeBlockThreshold = MmHeapDeCommitFreeBlockThreshold;
+ Peb->CriticalSectionTimeout = MmCriticalSectionTimeout;
+ Peb->MinimumStackCommit = MmMinimumStackCommitInBytes;
Peb->MaximumNumberOfHeaps = (PAGE_SIZE - sizeof(PEB)) / sizeof(PVOID);
Peb->ProcessHeaps = (PVOID*)(Peb + 1);
//
// Session ID
//
- MmGetSessionId(Process);
+ if (Process->Session) Peb->SessionId = MmGetSessionId(Process);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Lock the process address space from changes */
MmLockAddressSpace(&Process->Vm);
+ MiLockProcessWorkingSetUnsafe(Process, Thread);
/* VM is deleted now */
Process->VmDeleted = TRUE;
+ MiUnlockProcessWorkingSetUnsafe(Process, Thread);
/* Enumerate the VADs */
VadTree = &Process->VadRoot;
Vad = (PMMVAD)VadTree->BalancedRoot.RightChild;
/* Lock the working set */
- MiLockProcessWorkingSet(Process, Thread);
+ MiLockProcessWorkingSetUnsafe(Process, Thread);
/* Remove this VAD from the tree */
ASSERT(VadTree->NumberGenericTableElements >= 1);
Vad);
/* Release the working set */
- MiUnlockProcessWorkingSet(Process, Thread);
+ MiUnlockProcessWorkingSetUnsafe(Process, Thread);
}
/* Skip ARM3 fake VADs, they'll be freed by MmDeleteProcessAddresSpace */
ExFreePool(Vad);
}
+ /* Lock the working set */
+ MiLockProcessWorkingSetUnsafe(Process, Thread);
+ ASSERT(Process->CloneRoot == NULL);
+ ASSERT(Process->PhysicalVadRoot == NULL);
+
/* Delete the shared user data section */
MiDeleteVirtualAddresses(USER_SHARED_DATA, USER_SHARED_DATA, NULL);
+ /* Release the working set */
+ MiUnlockProcessWorkingSetUnsafe(Process, Thread);
+
/* Release the address space */
MmUnlockAddressSpace(&Process->Vm);
}
/* Get the session ID */
SessionId = SessionGlobal->SessionId;
- DPRINT1("Last process in sessino %d going down!!!\n", SessionId);
+ DPRINT1("Last process in session %lu going down!!!\n", SessionId);
/* Free the session page tables */
- ExFreePool(SessionGlobal->PageTables);
+#ifndef _M_AMD64
+ ExFreePoolWithTag(SessionGlobal->PageTables, 'tHmM');
+#endif
ASSERT(!MI_IS_PHYSICAL_ADDRESS(SessionGlobal));
/* Capture the data page PFNs */
ASSERT(MmIsAddressValid(MmSessionSpace) == TRUE);
/* Remove the process from the list ,and dereference the session */
- RemoveEntryList(&CurrentProcess->SessionProcessLinks);
+ // DO NOT ENABLE THIS UNLESS YOU FIXED THE NP POOL CORRUPTION THAT IT CAUSES!!!
+ //RemoveEntryList(&CurrentProcess->SessionProcessLinks);
//MiDereferenceSession();
}
NewProcess->Session = SessionGlobal;
/* Insert it into the process list */
- InsertTailList(&SessionGlobal->ProcessList, &NewProcess->SessionProcessLinks);
+ // DO NOT ENABLE THIS UNLESS YOU FIXED THE NP POOL CORRUPTION THAT IT CAUSES!!!
+ //InsertTailList(&SessionGlobal->ProcessList, &NewProcess->SessionProcessLinks);
/* Set the flag */
PspSetProcessFlag(NewProcess, PSF_PROCESS_IN_SESSION_BIT);
/* Add this into the list */
Index = ((ULONG_PTR)WorkingSetList - (ULONG_PTR)MmSessionBase) >> 22;
+#ifndef _M_AMD64
MmSessionSpace->PageTables[Index] = TempPte;
-
+#endif
/* Initialize the page directory page, and now zero the working set list itself */
MiInitializePfnForOtherProcess(PageFrameIndex,
PointerPde,
{
/* We ran out of session IDs, we should expand */
DPRINT1("Too many sessions created. Expansion not yet supported\n");
+ ExFreePoolWithTag(PageTables, 'tHmM');
return STATUS_NO_MEMORY;
}
MmSessionSpace->Color = Color;
MmSessionSpace->NonPageablePages = MiSessionCreateCharge;
MmSessionSpace->CommittedPages = MiSessionCreateCharge;
+#ifndef _M_AMD64
MmSessionSpace->PageTables = PageTables;
MmSessionSpace->PageTables[PointerPde - MiAddressToPde(MmSessionBase)] = *PointerPde;
+#endif
InitializeListHead(&MmSessionSpace->ImageList);
- DPRINT1("Session %d is ready to go: 0x%p 0x%p, %lx 0x%p\n",
+ DPRINT1("Session %lu is ready to go: 0x%p 0x%p, %lx 0x%p\n",
*SessionId, MmSessionSpace, SessionGlobal, SessionPageDirIndex, PageTables);
/* Initialize session pool */