Also, trigger the less fatal breakpoints only if CSRSS/CSRSRV is being
debugged (the 'BeingDebugged' flag is set in the current PEB). This will
avoid any unhandled breakpoint exceptions when testing/fuzzing running
debug builds of ReactOS without any debugger attached.
((ServerDll->ValidTable) && !(ServerDll->ValidTable[ApiId])))
{
/* We are beyond the Maximum API ID, or it doesn't exist */
((ServerDll->ValidTable) && !(ServerDll->ValidTable[ApiId])))
{
/* We are beyond the Maximum API ID, or it doesn't exist */
- DPRINT1("API: %d\n", ApiId);
+ DPRINT1("API: %d\n", ApiId);
DPRINT1("CSRSS: %lx (%s) is invalid ApiTableIndex for %Z or is an "
"invalid API to call from the server.\n",
ApiId,
((ServerDll->NameTable) && (ServerDll->NameTable[ApiId])) ?
ServerDll->NameTable[ApiId] : "*** UNKNOWN ***",
&ServerDll->Name);
DPRINT1("CSRSS: %lx (%s) is invalid ApiTableIndex for %Z or is an "
"invalid API to call from the server.\n",
ApiId,
((ServerDll->NameTable) && (ServerDll->NameTable[ApiId])) ?
ServerDll->NameTable[ApiId] : "*** UNKNOWN ***",
&ServerDll->Name);
+ if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
return STATUS_ILLEGAL_FUNCTION;
}
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
return STATUS_ILLEGAL_FUNCTION;
}
ConnectInfo->ServerProcessId = NtCurrentTeb()->ClientId.UniqueProcess;
/* Accept the Connection */
ConnectInfo->ServerProcessId = NtCurrentTeb()->ClientId.UniqueProcess;
/* Accept the Connection */
+ ASSERT(!AllowConnection || (AllowConnection && CsrProcess));
Status = NtAcceptConnectPort(&ServerPort,
AllowConnection ? UlongToPtr(CsrProcess->SequenceNumber) : 0,
&ApiMessage->Header,
Status = NtAcceptConnectPort(&ServerPort,
AllowConnection ? UlongToPtr(CsrProcess->SequenceNumber) : 0,
&ApiMessage->Header,
/* Make sure the real CID is set */
Teb->RealClientId = Teb->ClientId;
/* Make sure the real CID is set */
Teb->RealClientId = Teb->ClientId;
/* Debug check */
if (Teb->CountOfOwnedCriticalSections)
{
/* Debug check */
if (Teb->CountOfOwnedCriticalSections)
{
&ReceiveMsg, ReplyMsg);
DbgBreakPoint();
}
&ReceiveMsg, ReplyMsg);
DbgBreakPoint();
}
/* Wait for a message to come through */
Status = NtReplyWaitReceivePort(ReplyPort,
/* Wait for a message to come through */
Status = NtReplyWaitReceivePort(ReplyPort,
/* Was it a failure or another success code? */
if (!NT_SUCCESS(Status))
{
/* Was it a failure or another success code? */
if (!NT_SUCCESS(Status))
{
/* Check for specific status cases */
if ((Status != STATUS_INVALID_CID) &&
(Status != STATUS_UNSUCCESSFUL) &&
/* Check for specific status cases */
if ((Status != STATUS_INVALID_CID) &&
(Status != STATUS_UNSUCCESSFUL) &&
- ((Status == STATUS_INVALID_HANDLE) || (ReplyPort == CsrApiPort)))
+ ((Status != STATUS_INVALID_HANDLE) || (ReplyPort == CsrApiPort)))
{
/* Notify the debugger */
DPRINT1("CSRSS: ReceivePort failed - Status == %X\n", Status);
DPRINT1("CSRSS: ReplyPortHandle %lx CsrApiPort %lx\n", ReplyPort, CsrApiPort);
}
{
/* Notify the debugger */
DPRINT1("CSRSS: ReceivePort failed - Status == %X\n", Status);
DPRINT1("CSRSS: ReplyPortHandle %lx CsrApiPort %lx\n", ReplyPort, CsrApiPort);
}
/* We failed big time, so start out fresh */
ReplyMsg = NULL;
/* We failed big time, so start out fresh */
ReplyMsg = NULL;
+ // ASSERT(ReceiveMsg.Header.u1.s1.TotalLength >= sizeof(PORT_MESSAGE));
+ // ASSERT(ReceiveMsg.Header.u1.s1.TotalLength < sizeof(ReceiveMsg));
+
/* Use whatever Client ID we got */
Teb->RealClientId = ReceiveMsg.Header.ClientId;
/* Use whatever Client ID we got */
Teb->RealClientId = ReceiveMsg.Header.ClientId;
(!(ServerDll = CsrLoadedServerDll[ServerId])))
{
/* We are beyond the Maximum Server ID */
(!(ServerDll = CsrLoadedServerDll[ServerId])))
{
/* We are beyond the Maximum Server ID */
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
ServerId, ServerDll);
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
ServerId, ServerDll);
+ if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
+#endif
ReplyMsg = NULL;
ReplyPort = CsrApiPort;
ReplyMsg = NULL;
ReplyPort = CsrApiPort;
(!(ServerDll = CsrLoadedServerDll[ServerId])))
{
/* We are beyond the Maximum Server ID */
(!(ServerDll = CsrLoadedServerDll[ServerId])))
{
/* We are beyond the Maximum Server ID */
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
ServerId, ServerDll);
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
ServerId, ServerDll);
+ if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
+#endif
ReplyPort = CsrApiPort;
ReplyMsg = &ReceiveMsg;
ReplyPort = CsrApiPort;
ReplyMsg = &ReceiveMsg;
else if (ReplyCode == CsrReplyDeadClient)
{
/* Reply to the death message */
else if (ReplyCode == CsrReplyDeadClient)
{
/* Reply to the death message */
- NtReplyPort(ReplyPort, &ReplyMsg->Header);
+ NTSTATUS Status2;
+ Status2 = NtReplyPort(ReplyPort, &ReplyMsg->Header);
+ if (!NT_SUCCESS(Status2))
+ DPRINT1("CSRSS: Error while replying to the death message, Status 0x%lx\n", Status2);
/* Reply back to the API port now */
ReplyMsg = NULL;
/* Reply back to the API port now */
ReplyMsg = NULL;
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Connected = FALSE;
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Connected = FALSE;
(LocalCaptureBuffer->PointerCount * sizeof(PVOID)) > Length) ||
(LocalCaptureBuffer->PointerCount > MAXUSHORT))
{
(LocalCaptureBuffer->PointerCount * sizeof(PVOID)) > Length) ||
(LocalCaptureBuffer->PointerCount > MAXUSHORT))
{
DPRINT1("*** CSRSS: CaptureBuffer %p has bad length\n", LocalCaptureBuffer);
DPRINT1("*** CSRSS: CaptureBuffer %p has bad length\n", LocalCaptureBuffer);
+ if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
+#endif
+ /* Return failure */
ApiMessage->Status = STATUS_INVALID_PARAMETER;
_SEH2_YIELD(return FALSE);
}
ApiMessage->Status = STATUS_INVALID_PARAMETER;
_SEH2_YIELD(return FALSE);
}
- /* Invalid pointer, fail */
DPRINT1("*** CSRSS: CaptureBuffer MessagePointer outside of ClientView\n");
DPRINT1("*** CSRSS: CaptureBuffer MessagePointer outside of ClientView\n");
+ if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
+#endif
+ /* Invalid pointer, fail */
ApiMessage->Status = STATUS_INVALID_PARAMETER;
}
}
ApiMessage->Status = STATUS_INVALID_PARAMETER;
}
}
DPRINT1("CSRSRV: Bad message buffer %p\n", ApiMessage);
DPRINT1("CSRSRV: Bad message buffer %p\n", ApiMessage);
+ if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
+#endif
if (!NT_SUCCESS(Status))
{
/* Failure */
if (!NT_SUCCESS(Status))
{
/* Failure */
DPRINT1("CSRSS: Can't impersonate client thread - Status = %lx\n", Status);
// if (Status != STATUS_BAD_IMPERSONATION_LEVEL) DbgBreakPoint();
DPRINT1("CSRSS: Can't impersonate client thread - Status = %lx\n", Status);
// if (Status != STATUS_BAD_IMPERSONATION_LEVEL) DbgBreakPoint();
}
else if (Result == CsrShutdownCancelled)
{
}
else if (Result == CsrShutdownCancelled)
{
/* Check if this was a forced shutdown */
if (Flags & EWX_FORCE)
{
/* Check if this was a forced shutdown */
if (Flags & EWX_FORCE)
{
CsrProcess->ClientId.UniqueProcess, i);
DbgBreakPoint();
}
CsrProcess->ClientId.UniqueProcess, i);
DbgBreakPoint();
}
/* Shutdown was cancelled, unlock and exit */
CsrReleaseProcessLock();
/* Shutdown was cancelled, unlock and exit */
CsrReleaseProcessLock();
}
/* We've reached the final loop here, so dereference */
}
/* We've reached the final loop here, so dereference */
- if (i == CSR_SERVER_DLL_MAX) CsrLockedDereferenceProcess(CsrProcess);
+ if (i == CSR_SERVER_DLL_MAX)
+ CsrLockedDereferenceProcess(CsrProcess);