On Mittwoch, 15. August 2018 20:58:05 CEST Alexandre Julliard wrote:
Fabian Maurer dark.shadow4@web.de writes:
In RtlDestroyHeap critSection.DebugInfo->Spare[0] is always set to NULL, this will crash if we deleted the debug info already
Destroying a shared heap is not a good idea, where do you see that happening?
It's one of those borderline sane behaviors I see the chromium sandbox using. On Win10 they (for security reasons) sever the connection to csrss by closing the "ALPC Port". Then they close the shared heap to avoid problems.
https://github.com/chromium/chromium/blob/ 85a03bc295a24bcad455ceb311942bf9a5bc604e/sandbox/win/src/target_services.cc#L55
// Currently, this step requires closing a heap that this shared with csrss.exe. // Closing the ALPC Port handle to csrss.exe leaves this heap in an invalid // state. This causes problems if anyone enumerates the heap.
Regards, Fabian Maurer