On Saturday 20 December 2008 07:31:53 Chris Wulff wrote:
Redirect for IoGetCurrentProcess to kernel32.GetCurrentProcess
-- Chris Wulff
This is incorrect. Please provide a separate stub for IoGetCurrentProcess as it returns something else:
"The IoGetCurrentProcess routine returns a pointer to the current process." - needs to be a valid pointer to some undocumented structure _EPROCESS
"GetCurrentProcess Function Retrieves a pseudo handle for the current process." - essentially (HANDLE)-1
FYI I use a stub that returns (PEPROCESS)"System" since I traced some Sysinternals utility comparing the first 6 bytes to that string:
TRACE(": semi-stub\n"); return (PEPROCESS)"System"; /* Sysinternals portmon expects this one */
http://www.winehq.org/pipermail/wine-patches/2008-February/049784.html
This patch was not accepted for unknown reason.
Paul Chitescu
On Saturday 20 December 2008 13:12:53 Paul Chitescu wrote:
On Saturday 20 December 2008 07:31:53 Chris Wulff wrote:
Redirect for IoGetCurrentProcess to kernel32.GetCurrentProcess
-- Chris Wulff
This is incorrect. Please provide a separate stub for IoGetCurrentProcess as it returns something else: [...]
Actually, investigating further it would be better to NOT provide at all a stub for this function since the _EPROCESS structure is huge and different on each Windows version (and sometimes service pack).
IMHO it's better to have the driver abort in a controlled way (calling this function) than crashing later trying to access some obscure location in the structure returned by it.
Paul Chitescu
You're right, ignore this patch. It happens to work for my particular application but then I think it is just passed as a parameter to another function (which happens to ignore it.)
-- Chris Wulff
On Sat, 2008-12-20 at 13:29 +0200, Paul Chitescu wrote:
On Saturday 20 December 2008 13:12:53 Paul Chitescu wrote:
On Saturday 20 December 2008 07:31:53 Chris Wulff wrote:
Redirect for IoGetCurrentProcess to kernel32.GetCurrentProcess
-- Chris Wulff
This is incorrect. Please provide a separate stub for IoGetCurrentProcess as it returns something else: [...]
Actually, investigating further it would be better to NOT provide at all a stub for this function since the _EPROCESS structure is huge and different on each Windows version (and sometimes service pack).
IMHO it's better to have the driver abort in a controlled way (calling this function) than crashing later trying to access some obscure location in the structure returned by it.
Paul Chitescu
-
Chris Wulff -
Paul Chitescu