bugchecks in CSRSS (was Re: [ros-dev] Service Control Manager,
Plug and Pray, SMB and RPC)
Hartmut Birr
hartmut.birr at gmx.de
Mon Mar 28 21:02:26 CEST 2005
Eric Kohl wrote:
> ea wrote:
>
>> After my last changes, somebody was required to clean the local
>> repository to boot successfully. It's not clear why. The registry is
>> necessary now to bootstrap, but if you get a bugcheck in the csrss
>> process, it seems the SM is OK with it. The only place I imagine a
>> bugcheck can happen is init.c, where
>>
>> 1. csrss calls (\SmApiPort) SM to register IMAGE_SUBSYSTEM_WINDOWS_CUI
>> 2. SM calls back (\Windows\SbApiPort)
>> 3. csrss sees the green light and bootstraps (initializes)
>> 4. csrss calls SM_COMPLETE_SESSION to tell SM it's OK
>
>
> My debug log looks like this:
>
> DriverBase for \??\C:\reactos\system32\win32k.sys: 9d94a000
> DriverBase for \??\C:\reactos\system32\freetype.dll: 9da33000
> DriverBase for \SystemRoot\System32\kbdus.dll: 9dab8000
> ReactOS Client/Server Run-Time 0.3-SVN (Build 20050328-r14362)
> (mm/npool.c:1626) Trying to allocate 3758215216 bytes from nonpaged
> pool - nothing suitable found, returning NULL
> (ntuser/keyboard.c:849) ExAllocatePool(-536752086) failed
The real bug starts here. NtUserToUnicodeEx trys to allocate to much
from nonpaged pool. This means cchBuff is to large. The only caller of
NtUserToUnicodeEx is ConioProcessKey. ConioProcessKey calls ToUnicodeEx
(which calls NtUserToUnicodeEx) with cchBuff = 2. Something is wrong in
the paramter translation between real and protected mode.
- Hartmut
More information about the Ros-dev
mailing list