[0.4.8] [WIN32SS] a risky fix to avoid BSOD CORE-13907 & CORE-11678

object2.patch in CORE-11678 is from jimtabor and Work in Progress.

As expected it mitigates CORE-11678 by preventing the
sporadic BSOD upon closing CCleaner. But it will always lead to
the program remaining in taskmgr upon closing instead.
User can manually kill the app from taskmgr.

To my own surprise this patch also reliably hides the BSOD in
HxD portable for me (CORE-13907).

I am still sceptical regarding this patch and will carefully
watch out for surprises like zombie processes during the test-cycle.

diff --git a/win32ss/user/ntuser/window.c b/win32ss/user/ntuser/window.c
index 9c7627c..b663083 100644 (file)
--- a/win32ss/user/ntuser/window.c
+++ b/win32ss/user/ntuser/window.c
@@ -5,7 +5,7 @@
  * FILE:             win32ss/user/ntuser/window.c
  * PROGRAMER:        Casper S. Hornstrup (chorns@users.sourceforge.net)
  */
-
+//
 #include <win32k.h>
 DBG_DEFAULT_CHANNEL(UserWnd);
 
@@ -581,7 +581,7 @@ LRESULT co_UserFreeWindow(PWND Window,
    MsqRemoveWindowMessagesFromQueue(Window);
 
    /* from now on no messages can be sent to this window anymore */
-   Window->state |= WNDS_DESTROYED;
+   //Window->state |= WNDS_DESTROYED;
    Window->fnid |= FNID_FREED;
 
    /* don't remove the WINDOWSTATUS_DESTROYING bit */
@@ -2599,7 +2599,7 @@ BOOLEAN co_UserDestroyWindow(PVOID Object)
    {
       if ((Window->style & (WS_POPUP|WS_CHILD)) != WS_CHILD)
       {
-         if (Window->spwndOwner)
+         if (VerifyWnd(Window->spwndOwner))
          {
             //ERR("DestroyWindow Owner out.\n");
             UserAttachThreadInput(Window->head.pti, Window->spwndOwner->head.pti, FALSE);
@@ -2635,7 +2635,7 @@ BOOLEAN co_UserDestroyWindow(PVOID Object)
    // Adjust last active.
    if ((pwndTemp = Window->spwndOwner))
    {
-      while (pwndTemp->spwndOwner)
+      while (VerifyWnd(pwndTemp->spwndOwner))
          pwndTemp = pwndTemp->spwndOwner;
 
       if (pwndTemp->spwndLastActive == Window)
@@ -2753,6 +2753,8 @@ BOOLEAN co_UserDestroyWindow(PVOID Object)
       return TRUE;
    }
 
+   Window->state |= WNDS_DESTROYED;
+
    /* Destroy the window storage */
    co_UserFreeWindow(Window, PsGetCurrentProcessWin32Process(), PsGetCurrentThreadWin32Thread(), TRUE);