Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
None
Description
Hello,
This ticket is derived from CORE-11948 and the purpose of this ticket is to hunt down a memory corruption of _OBJECT_HEADER in the smss.exe process.
In order to replicate the problem the following sequence of steps should be followed:
1. Boot ReactOS 72584 under WinDbg
2. Execute Task Manager which in turns will call QSISystemHandleInformation(...) which enumerates handles in all processes
3. Once it will start to enumerate handles of smss.exe it will be evident that some of those handles are corrupted:
struct _OBJECT_HEADER * 0xb24cbcd8
|
+0x000 PointerCount : 0n0
|
+0x004 HandleCount : 0n-1073676287
|
+0x004 NextToFree : 0xc0010001 Void
|
+0x008 Type : 0x0600000d _OBJECT_TYPE
|
+0x00c NameInfoOffset : 0x42 'B'
|
+0x00d HandleInfoOffset : 0 ''
|
+0x00e QuotaInfoOffset : 0x75 'u'
|
+0x00f Flags : 0 ''
|
+0x010 ObjectCreateInfo : 0x00740074 _OBJECT_CREATE_INFORMATION
|
+0x010 QuotaBlockCharged : 0x00740074 Void
|
+0x014 SecurityDescriptor : 0x006e006f Void
|
+0x018 Body : _QUAD
|
As you can see in the dump above, the fields are corrupted, especially the Type pointer. In order to facilitate debugging you can start checking all _OBJECT_HEADER after handle count >= 130.
As per CORE-11948 the BSOD issue is fixed by commenting out the access to the Type field, but the memory corruption is still there and needs addressing.