Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-8703

Window object use after free when running user32_wintest:msg

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 0.4.0
    • Win32SS
    • None

    Description

      msg.c:13876: Failed sequence window hotkey previous:
      WARNING:  NtUserUpdateLayeredWindow at ..\..\win32ss\user\ntuser\ntstubs.c:1087 is UNIMPLEMENTED!
      (..\..\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c:714) WM_ACTIVATE - ActivationState = -859045887
      (..\..\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c:761) TODO: Create console caret
      (..\..\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c:714) WM_ACTIVATE - ActivationState = -859045888
      (..\..\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c:763) TODO: Destroy console caret
      (..\..\win32ss\user\ntuser\msgqueue.c:2064) err: DereferenceObject pCursor
      Assertion '((PHEAD)obj)->cLockObj < 0x10000' failed at ..\..\win32ss\user\ntuser\object.c line 677
      Break instruction exception - code 80000003 (first chance)
      nt!DbgUserBreakPoint:
      8055be02 cc              int     3
      kd> dt win32k!HEAD bc658828
         +0x000 h                : 0xbc65f490 Void
         +0x004 cLockObj         : 0xbc65e120
      kd> .reload
      Connected to Windows Server 2003 3790 x86 compatible target at (Fri Oct 24 14:21:38.760 2014 (UTC + 2:00)), ptr64 FALSE
      Loading Kernel Symbols
      .....................................................
      Loading User Symbols
      ................
      kd> kp
      ChildEBP RetAddr  
      f30c19ec 8054e666 nt!DbgUserBreakPoint
      f30c19f4 f35bd5ed nt!RtlAssert(void * FailedAssertion = 0xf36b0d40, void * FileName = 0xf36b0d1c, unsigned long LineNumber = 0x2a5, char * Message = 0x00000000 "")+0x46 [c:\ros\reactos-clean\reactos\lib\rtl\assert.c @ 119]
      f30c1a1c f35b0645 win32k!UserReferenceObject(void * obj = 0xbc658828)+0x7d [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\object.c @ 677]
      f30c1a34 f35ad1cc win32k!UserRefObjectCo(void * obj = 0xbc658828, struct _USER_REFERENCE_ENTRY * UserReferenceEntry = 0xf30c1a48)+0xa5 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\object.h @ 36]
      f30c1a54 f35ad9b6 win32k!IntSendParentNotify(struct _WND * pWindow = 0xbc65e280, unsigned int msg = 2)+0x5c [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\window.c @ 1473]
      f30c1acc f35bd714 win32k!co_UserDestroyWindow(void * Object = 0xbc65e280)+0x1e6 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\window.c @ 2573]
      f30c1ae8 f3541777 win32k!UserDestroyObjectsForOwner(struct _USER_HANDLE_TABLE * Table = 0xbc40d708, void * Owner = 0xb0f26580)+0x84 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\object.c @ 766]
      f30c1b2c f3541c11 win32k!UserDestroyThreadInfo(struct _ETHREAD * Thread = 0xb0f3cb10)+0x287 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\main.c @ 590]
      f30c1b4c 80513bc9 win32k!Win32kThreadCallback(struct _ETHREAD * Thread = 0xb0f3cb10, _PSW32THREADCALLOUTTYPE Type = PsW32ThreadCalloutExit (1))+0x101 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\main.c @ 695]
      f30c1c38 8051414a nt!PspExitThread(long ExitStatus = 0)+0x849 [c:\ros\reactos-clean\reactos\ntoskrnl\ps\kill.c @ 743]
      f30c1c4c 8049f9ae nt!PsExitSpecialApc(struct _KAPC * Apc = 0xb0fb74b0, <function> ** NormalRoutine = 0xf30c1c90, void ** NormalContext = 0xf30c1c9c, void ** SystemArgument1 = 0xf30c1c84, void ** SystemArgument2 = 0xf30c1c78)+0x9a [c:\ros\reactos-clean\reactos\ntoskrnl\ps\kill.c @ 941]
      f30c1cd0 8053f73d nt!KiDeliverApc(char DeliveryMode = 0n1 '', struct _KEXCEPTION_FRAME * ExceptionFrame = 0x00000000, struct _KTRAP_FRAME * TrapFrame = 0xf30c1d64)+0x3be [c:\ros\reactos-clean\reactos\ntoskrnl\ke\apc.c @ 478]
      f30c1cf0 8053f29d nt!KiCheckForApcDelivery(struct _KTRAP_FRAME * TrapFrame = 0xf30c1d64)+0x7d [c:\ros\reactos-clean\reactos\ntoskrnl\include\internal\i386\ke.h @ 762]
      f30c1cfc 8053d32f nt!KiCommonExit(struct _KTRAP_FRAME * TrapFrame = 0xf30c1d64, unsigned char SkipPreviousMode = 0x00 '')+0xd [c:\ros\reactos-clean\reactos\ntoskrnl\ke\i386\traphdlr.c @ 97]
      f30c1d20 8053f200 nt!KiServiceExit(struct _KTRAP_FRAME * TrapFrame = 0xf30c1d64, long Status = 0xc0)+0x9f [c:\ros\reactos-clean\reactos\ntoskrnl\ke\i386\traphdlr.c @ 155]
      f30c1d5c 80403e03 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf30c1d64, void * Arguments = 0x008dfe6c)+0x280 [c:\ros\reactos-clean\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1721]
      f30c1d5c 7c92fb9e nt!KiFastCallEntry+0x8c
      008dfe60 7c95b7ce ntdll!KiFastSystemCallRet
      008dfe64 77d9b709 ntdll!NtWaitForMultipleObjects+0xc
      008dfefc 77a87178 kernel32!BaseCheckVDM(unsigned long BinaryType = 1, wchar_t * ApplicationName = 0x00134dd0 "???", wchar_t * CommandLine = 0x00000000 "", wchar_t * CurrentDirectory = 0x000003e8 "--- memory read error at address 0x000003e8 ---", struct _STRING * AnsiEnvironment = 0x00000000, struct _BASE_API_MESSAGE * ApiMessage = 0x0034e898, unsigned long * iTask = 0x7ffdd6cc, unsigned long CreationFlags = 0xcccccccc, struct _STARTUPINFOW * StartupInfo = 0x0000058c, void * hUserToken = 0x00134dd0)+0x719 [p:\trunk_slave\x86_msvc\build\dll\win32\kernel32\client\vdm.c @ 386]
      008dff2c 77a87208 user32!RealMsgWaitForMultipleObjectsEx(unsigned long nCount = 0, void ** pHandles = 0x00000000, unsigned long dwMilliseconds = 0x3e8, unsigned long dwWakeMask = 0x4ff, unsigned long dwFlags = 0)+0x158 [c:\ros\reactos-clean\reactos\win32ss\user\user32\windows\message.c @ 3223]
      008dff50 77a87254 user32!MsgWaitForMultipleObjectsEx(unsigned long nCount = 0, void ** lpHandles = 0x00000000, unsigned long dwMilliseconds = 0x3e8, unsigned long dwWakeMask = 0x4ff, unsigned long dwFlags = 0)+0x58 [c:\ros\reactos-clean\reactos\win32ss\user\user32\windows\message.c @ 3242]
      008dff6c 0046a593 user32!MsgWaitForMultipleObjects(unsigned long nCount = 0, void ** lpHandles = 0x00000000, int fWaitAll = 0, unsigned long dwMilliseconds = 0x3e8, unsigned long dwWakeMask = 0x4ff)+0x24 [c:\ros\reactos-clean\reactos\win32ss\user\user32\windows\message.c @ 3258]
      008dffb8 77da2c3d user32_winetest!create_grand_child_thread(void * param = 0x007dffa0)+0xa3 [c:\ros\reactos-clean\reactos\modules\rostests\winetests\user32\msg.c @ 6804]
      008dffec 00000000 kernel32!PropDialogHandler(void * lpThreadParameter = 0x0046a4f0)+0x2d [p:\trunk_slave\x86_msvc\build\dll\win32\kernel32\client\console\init.c @ 57]
      kd> ?? pWindow->spwndParent
      struct _WND * 0xbc658828
         +0x000 head             : _THRDESKHEAD
            +0x000 h                : 0xbc65f490 Void
            +0x004 cLockObj         : 0xbc65e120
            +0x008 pti              : (null) 
            +0x00c rpdesk           : (null) 
            +0x010 pSelf            : (null) 
         +0x014 state            : 2
         +0x018 state2           : 0
         +0x01c ExStyle          : 0
         +0x020 style            : 0
         +0x024 hModule          : (null) 
         +0x028 fnid             : 0
         +0x02c spwndNext        : (null) 
         +0x030 spwndPrev        : 0x00000200 _WND
            +0x000 head             : _THRDESKHEAD
            +0x014 state            : ??
            +0x018 state2           : ??
            +0x01c ExStyle          : ??
            +0x020 style            : ??
            +0x024 hModule          : ???? 
            +0x028 fnid             : ??
            +0x02c spwndNext        : ???? 
            +0x030 spwndPrev        : ???? 
            +0x034 spwndParent      : ???? 
            +0x038 spwndChild       : ???? 
            +0x03c spwndOwner       : ???? 
            +0x040 rcWindow         : _RECTL
            +0x050 rcClient         : _RECTL
            +0x060 lpfnWndProc      : ???? 
            +0x064 pcls             : ???? 
            +0x068 hrgnUpdate       : ???? 
            +0x06c PropListHead     : _LIST_ENTRY
            +0x074 PropListItems    : ??
            +0x078 pSBInfo          : ???? 
            +0x07c SystemMenu       : ???? 
            +0x080 IDMenu           : ??
            +0x084 hrgnClip         : ???? 
            +0x088 hrgnNewFrame     : ???? 
            +0x08c strName          : _LARGE_UNICODE_STRING
            +0x098 cbwndExtra       : ??
            +0x09c spwndLastActive  : ???? 
            +0x0a0 dwUserData       : ??
            +0x0a4 pActCtx          : ???? 
            +0x0a8 spwndClipboardListener : ???? 
            +0x0ac ExStyle2         : ??
            +0x0b0 InternalPos      : <unnamed-tag>
            +0x0d4 Unicode          : ??
            +0x0d4 InternalPosInitialized : ??
            +0x0d4 HideFocus        : ??
            +0x0d4 HideAccel        : ??
            +0x0d8 pSBInfoex        : ???? 
            +0x0dc ThreadListEntry  : _LIST_ENTRY
         +0x034 spwndParent      : 0x0046cc10 _WND
            +0x000 head             : _THRDESKHEAD
            +0x014 state            : 0x458babf3
            +0x018 state2           : 0xd845890c
            +0x01c ExStyle          : 0x1d87d83
            +0x020 style            : 0x7d830b74
            +0x024 hModule          : 0x0c740fd8 HINSTANCE__
            +0x028 fnid             : 0xb4e9
            +0x02c spwndNext        : 0xe9c03300 _WND
            +0x030 spwndPrev        : 0x000000c2 _WND
            +0x034 spwndParent      : 0x215c3d81 _WND
            +0x038 spwndChild       : 0x0100005b _WND
            +0x03c spwndOwner       : 0x477d0000 _WND
            +0x040 rcWindow         : _RECTL
            +0x050 rcClient         : _RECTL
            +0x060 lpfnWndProc      : 0x1274c085        long  +1274c085
            +0x064 pcls             : 0x50e0458d _CLS
            +0x068 hrgnUpdate       : 0x066681e8 HRGN__
            +0x06c PropListHead     : _LIST_ENTRY [ 0xe04d8d00 - 0x6672e851 ]
            +0x074 PropListItems    : 0x158b0006
            +0x078 pSBInfo          : 0x005b215c tagSBINFO
            +0x07c SystemMenu       : 0x8901ea83 HMENU__
            +0x080 IDMenu           : 0x5b215c15
            +0x084 hrgnClip         : 0x6830eb00 HRGN__
            +0x088 hrgnNewFrame     : 0x00001f2b HRGN__
            +0x08c strName          : _LARGE_UNICODE_STRING
            +0x098 cbwndExtra       : 0x74c03308
            +0x09c spwndLastActive  : 0x6818eb02 _WND
            +0x0a0 dwUserData       : 0x5552ec
            +0x0a4 pActCtx          : 0x65e8016a Void
            +0x0a8 spwndClipboardListener : 0x8300064f _WND
            +0x0ac ExStyle2         : 0xe85004c4
            +0x0b0 InternalPos      : <unnamed-tag>
            +0x0d4 Unicode          : 0y0
            +0x0d4 InternalPosInitialized : 0y0
            +0x0d4 HideFocus        : 0y1
            +0x0d4 HideAccel        : 0y1
            +0x0d8 pSBInfoex        : 0xe3e85108 _SBINFOEX
            +0x0dc ThreadListEntry  : _LIST_ENTRY [ 0xeb000664 - 0x14558b15 ]
         +0x038 spwndChild       : (null) 
         +0x03c spwndOwner       : (null) 
         +0x040 rcWindow         : _RECTL
            +0x000 left             : 0x400000
            +0x004 top              : 0
            +0x008 right            : 0xbc410f80
            +0x00c bottom           : 0x90000b
         +0x050 rcClient         : _RECTL
            +0x000 left             : 0
            +0x004 top              : 0
            +0x008 right            : 0
            +0x00c bottom           : 0
         +0x060 lpfnWndProc      : 0x0001000e     long  +1000e
         +0x064 pcls             : 0x0800000d _CLS
            +0x000 pclsNext         : ???? 
            +0x004 atomClassName    : ??
            +0x006 atomNVClassName  : ??
            +0x008 fnid             : ??
            +0x00c rpdeskParent     : ???? 
            +0x010 pdce             : ???? 
            +0x014 CSF_flags        : ??
            +0x018 lpszClientAnsiMenuName : ???? 
            +0x01c lpszClientUnicodeMenuName : ???? 
            +0x020 spcpdFirst       : ???? 
            +0x024 pclsBase         : ???? 
            +0x028 pclsClone        : ???? 
            +0x02c cWndReferenceCount : ??
            +0x030 style            : ??
            +0x034 lpfnWndProc      : ???? 
            +0x038 cbclsExtra       : ??
            +0x03c cbwndExtra       : ??
            +0x040 hModule          : ???? 
            +0x044 spicn            : ???? 
            +0x048 spcur            : ???? 
            +0x04c hbrBackground    : ???? 
            +0x050 lpszMenuName     : ???? 
            +0x054 lpszAnsiClassName : ???? 
            +0x058 spicnSm          : ???? 
            +0x05c Unicode          : ??
            +0x05c Global           : ??
            +0x05c MenuNameIsString : ??
            +0x05c NotUsed          : ??
         +0x068 hrgnUpdate       : 0x00300104 HRGN__
            +0x000 unused           : ??
         +0x06c PropListHead     : _LIST_ENTRY [ 0x1 - 0xb0f7ad88 ]
            +0x000 Flink            : 0x00000001 _LIST_ENTRY
            +0x004 Blink            : 0xb0f7ad88 _LIST_ENTRY [ 0xb0fb10d8 - 0x5c ]
         +0x074 PropListItems    : 0xb1160bd0
         +0x078 pSBInfo          : 0xbc658890 tagSBINFO
            +0x000 WSBflags         : 0x300104
            +0x004 Horz             : tagSBDATA
            +0x014 Vert             : tagSBDATA
         +0x07c SystemMenu       : 0x00000200 HMENU__
            +0x000 unused           : ??
         +0x080 IDMenu           : 0xffff
         +0x084 hrgnClip         : (null) 
         +0x088 hrgnNewFrame     : (null) 
         +0x08c strName          : _LARGE_UNICODE_STRING
            +0x000 Length           : 0
            +0x004 MaximumLength    : 0y0000000000000000000000000000000 (0)
            +0x004 bAnsi            : 0y0
            +0x008 Buffer           : (null) 
         +0x098 cbwndExtra       : 0
         +0x09c spwndLastActive  : (null) 
         +0x0a0 dwUserData       : 0
         +0x0a4 pActCtx          : (null) 
         +0x0a8 spwndClipboardListener : (null) 
         +0x0ac ExStyle2         : 0
         +0x0b0 InternalPos      : <unnamed-tag>
            +0x000 NormalRect       : _RECTL
            +0x010 IconPos          : _POINTL
            +0x018 MaxPos           : _POINTL
            +0x020 flags            : 3
         +0x0d4 Unicode          : 0y0
         +0x0d4 InternalPosInitialized : 0y1
         +0x0d4 HideFocus        : 0y1
         +0x0d4 HideAccel        : 0y1
         +0x0d8 pSBInfoex        : 0xbc654870 _SBINFOEX
            +0x000 ScrollBarInfo    : tagSCROLLBARINFO
            +0x03c ScrollInfo       : tagSCROLLINFO
         +0x0dc ThreadListEntry  : _LIST_ENTRY [ 0xbc657a10 - 0x65 ]
            +0x000 Flink            : 0xbc657a10 _LIST_ENTRY [ 0xbc658900 - 0xbc6501e4 ]
            +0x004 Blink            : 0x00000065 _LIST_ENTRY
      kd> ?? pWindow
      struct _WND * 0xbc65e280
         +0x000 head             : _THRDESKHEAD
            +0x000 h                : 0x0007033c Void
            +0x004 cLockObj         : 1
            +0x008 pti              : 0xb0f26580 _THREADINFO
            +0x00c rpdesk           : 0xb1160bd0 _DESKTOP
            +0x010 pSelf            : 0xbc65e280 Void
         +0x014 state            : 0x20480000
         +0x018 state2           : 0x80000200
         +0x01c ExStyle          : 0
         +0x020 style            : 0x50000000
         +0x024 hModule          : (null) 
         +0x028 fnid             : 0
         +0x02c spwndNext        : (null) 
         +0x030 spwndPrev        : (null) 
         +0x034 spwndParent      : 0xbc658828 _WND
            +0x000 head             : _THRDESKHEAD
            +0x014 state            : 2
            +0x018 state2           : 0
            +0x01c ExStyle          : 0
            +0x020 style            : 0
            +0x024 hModule          : (null) 
            +0x028 fnid             : 0
            +0x02c spwndNext        : (null) 
            +0x030 spwndPrev        : 0x00000200 _WND
            +0x034 spwndParent      : 0x0046cc10 _WND
            +0x038 spwndChild       : (null) 
            +0x03c spwndOwner       : (null) 
            +0x040 rcWindow         : _RECTL
            +0x050 rcClient         : _RECTL
            +0x060 lpfnWndProc      : 0x0001000e        long  +1000e
            +0x064 pcls             : 0x0800000d _CLS
            +0x068 hrgnUpdate       : 0x00300104 HRGN__
            +0x06c PropListHead     : _LIST_ENTRY [ 0x1 - 0xb0f7ad88 ]
            +0x074 PropListItems    : 0xb1160bd0
            +0x078 pSBInfo          : 0xbc658890 tagSBINFO
            +0x07c SystemMenu       : 0x00000200 HMENU__
            +0x080 IDMenu           : 0xffff
            +0x084 hrgnClip         : (null) 
            +0x088 hrgnNewFrame     : (null) 
            +0x08c strName          : _LARGE_UNICODE_STRING
            +0x098 cbwndExtra       : 0
            +0x09c spwndLastActive  : (null) 
            +0x0a0 dwUserData       : 0
            +0x0a4 pActCtx          : (null) 
            +0x0a8 spwndClipboardListener : (null) 
            +0x0ac ExStyle2         : 0
            +0x0b0 InternalPos      : <unnamed-tag>
            +0x0d4 Unicode          : 0y0
            +0x0d4 InternalPosInitialized : 0y1
            +0x0d4 HideFocus        : 0y1
            +0x0d4 HideAccel        : 0y1
            +0x0d8 pSBInfoex        : 0xbc654870 _SBINFOEX
            +0x0dc ThreadListEntry  : _LIST_ENTRY [ 0xbc657a10 - 0x65 ]
         +0x038 spwndChild       : (null) 
         +0x03c spwndOwner       : (null) 
         +0x040 rcWindow         : _RECTL
            +0x000 left             : 0x68
            +0x004 top              : 0x7b
            +0x008 right            : 0x72
            +0x00c bottom           : 0x85
         +0x050 rcClient         : _RECTL
            +0x000 left             : 0x68
            +0x004 top              : 0x7b
            +0x008 right            : 0x72
            +0x00c bottom           : 0x85
         +0x060 lpfnWndProc      : 0x0046bc00     long  user32_winetest!MsgCheckProcA+0
         +0x064 pcls             : 0xbc65eb70 _CLS
            +0x000 pclsNext         : (null) 
            +0x004 atomClassName    : 0xc136
            +0x006 atomNVClassName  : 0
            +0x008 fnid             : 0
            +0x00c rpdeskParent     : 0xb1160bd0 _DESKTOP
            +0x010 pdce             : (null) 
            +0x014 CSF_flags        : 2
            +0x018 lpszClientAnsiMenuName : (null) 
            +0x01c lpszClientUnicodeMenuName : (null) 
            +0x020 spcpdFirst       : (null) 
            +0x024 pclsBase         : 0xbc65eb70 _CLS
            +0x028 pclsClone        : (null) 
            +0x02c cWndReferenceCount : 1
            +0x030 style            : 0
            +0x034 lpfnWndProc      : 0x0046bc00        long  user32_winetest!MsgCheckProcA+0
            +0x038 cbclsExtra       : 0
            +0x03c cbwndExtra       : 0
            +0x040 hModule          : 0x00400000 HINSTANCE__
            +0x044 spicn            : (null) 
            +0x048 spcur            : 0xbc410f80 _CURICON_OBJECT
            +0x04c hbrBackground    : 0x0090000b HBRUSH__
            +0x050 lpszMenuName     : (null) 
            +0x054 lpszAnsiClassName : (null) 
            +0x058 spicnSm          : (null) 
            +0x05c Unicode          : 0y0
            +0x05c Global           : 0y0
            +0x05c MenuNameIsString : 0y0
            +0x05c NotUsed          : 0y00000000000000000000000000000 (0)
         +0x068 hrgnUpdate       : (null) 
         +0x06c PropListHead     : _LIST_ENTRY [ 0xbc411420 - 0xbc411420 ]
            +0x000 Flink            : 0xbc411420 _LIST_ENTRY [ 0xbc65e2ec - 0xbc65e2ec ]
            +0x004 Blink            : 0xbc411420 _LIST_ENTRY [ 0xbc65e2ec - 0xbc65e2ec ]
         +0x074 PropListItems    : 1
         +0x078 pSBInfo          : (null) 
         +0x07c SystemMenu       : (null) 
         +0x080 IDMenu           : 0
         +0x084 hrgnClip         : (null) 
         +0x088 hrgnNewFrame     : (null) 
         +0x08c strName          : _LARGE_UNICODE_STRING
            +0x000 Length           : 0x14
            +0x004 MaximumLength    : 0y0000000000000000000000000010110 (0x16)
            +0x004 bAnsi            : 0y0
            +0x008 Buffer           : 0xbc657370  -> 0x54
         +0x098 cbwndExtra       : 0
         +0x09c spwndLastActive  : 0xbc65e280 _WND
            +0x000 head             : _THRDESKHEAD
            +0x014 state            : 0x20480000
            +0x018 state2           : 0x80000200
            +0x01c ExStyle          : 0
            +0x020 style            : 0x50000000
            +0x024 hModule          : (null) 
            +0x028 fnid             : 0
            +0x02c spwndNext        : (null) 
            +0x030 spwndPrev        : (null) 
            +0x034 spwndParent      : 0xbc658828 _WND
            +0x038 spwndChild       : (null) 
            +0x03c spwndOwner       : (null) 
            +0x040 rcWindow         : _RECTL
            +0x050 rcClient         : _RECTL
            +0x060 lpfnWndProc      : 0x0046bc00        long  user32_winetest!MsgCheckProcA+0
            +0x064 pcls             : 0xbc65eb70 _CLS
            +0x068 hrgnUpdate       : (null) 
            +0x06c PropListHead     : _LIST_ENTRY [ 0xbc411420 - 0xbc411420 ]
            +0x074 PropListItems    : 1
            +0x078 pSBInfo          : (null) 
            +0x07c SystemMenu       : (null) 
            +0x080 IDMenu           : 0
            +0x084 hrgnClip         : (null) 
            +0x088 hrgnNewFrame     : (null) 
            +0x08c strName          : _LARGE_UNICODE_STRING
            +0x098 cbwndExtra       : 0
            +0x09c spwndLastActive  : 0xbc65e280 _WND
            +0x0a0 dwUserData       : 0
            +0x0a4 pActCtx          : (null) 
            +0x0a8 spwndClipboardListener : (null) 
            +0x0ac ExStyle2         : 8
            +0x0b0 InternalPos      : <unnamed-tag>
            +0x0d4 Unicode          : 0y0
            +0x0d4 InternalPosInitialized : 0y0
            +0x0d4 HideFocus        : 0y0
            +0x0d4 HideAccel        : 0y0
            +0x0d8 pSBInfoex        : (null) 
            +0x0dc ThreadListEntry  : _LIST_ENTRY [ 0xb0f2670d - 0xb0f2670d ]
         +0x0a0 dwUserData       : 0
         +0x0a4 pActCtx          : (null) 
         +0x0a8 spwndClipboardListener : (null) 
         +0x0ac ExStyle2         : 8
         +0x0b0 InternalPos      : <unnamed-tag>
            +0x000 NormalRect       : _RECTL
            +0x010 IconPos          : _POINTL
            +0x018 MaxPos           : _POINTL
            +0x020 flags            : 0
         +0x0d4 Unicode          : 0y0
         +0x0d4 InternalPosInitialized : 0y0
         +0x0d4 HideFocus        : 0y0
         +0x0d4 HideAccel        : 0y0
         +0x0d8 pSBInfoex        : (null) 
         +0x0dc ThreadListEntry  : _LIST_ENTRY [ 0xb0f2670d - 0xb0f2670d ]
            +0x000 Flink            : 0xb0f2670d _LIST_ENTRY [ 0xbc65e35c - 0xbc65e35c ]
            +0x004 Blink            : 0xb0f2670d _LIST_ENTRY [ 0xbc65e35c - 0xbc65e35c ]

      Attachments

        1. cwex.patch
          6 kB
          jimtabor
        2. ntuser-freewnd-reload-children.patch
          2 kB
          ThFabba
        3. user32-test-parent.patch
          9 kB
          ThFabba

        Issue Links

          Activity

            People

              jimtabor jimtabor
              ThFabba ThFabba
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: