Index: ntoskrnl/io/iomgr/device.c =================================================================== --- ntoskrnl/io/iomgr/device.c (révision 57355) +++ ntoskrnl/io/iomgr/device.c (copie de travail) @@ -227,11 +227,14 @@ NULL, &Event, &StatusBlock); - Status = IoCallDriver(DeviceObject, Irp); - if (Status == STATUS_PENDING) + if (Irp) { - /* Wait on the driver */ - KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + Status = IoCallDriver(DeviceObject, Irp); + if (Status == STATUS_PENDING) + { + /* Wait on the driver */ + KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + } } /* Remove the flag */ Index: ntoskrnl/io/iomgr/driver.c =================================================================== --- ntoskrnl/io/iomgr/driver.c (révision 57355) +++ ntoskrnl/io/iomgr/driver.c (copie de travail) @@ -795,6 +795,11 @@ &MissingApiName, &MissingDriverName, &LoadedImports); + + /* Free the temporary buffer */ + ExFreePoolWithTag(Buffer, TAG_LDR_WSTR); + + /* Check the result of the imports resolution */ if (!NT_SUCCESS(Status)) return Status; /* Return */ Index: ntoskrnl/io/iomgr/ioevent.c =================================================================== --- ntoskrnl/io/iomgr/ioevent.c (révision 57355) +++ ntoskrnl/io/iomgr/ioevent.c (copie de travail) @@ -42,12 +42,17 @@ if (!NT_SUCCESS(Status)) return NULL; /* Get a handle to it */ - ObReferenceObjectByHandle(Handle, - 0, - ExEventObjectType, - KernelMode, - (PVOID*)&Event, - NULL); + Status = ObReferenceObjectByHandle(Handle, + 0, + ExEventObjectType, + KernelMode, + (PVOID*)&Event, + NULL); + if (!NT_SUCCESS(Status)) + { + ZwClose(Handle); + return NULL; + } /* Dereference the extra count, and return the handle */ ObDereferenceObject(Event); Index: ntoskrnl/io/iomgr/iofunc.c =================================================================== --- ntoskrnl/io/iomgr/iofunc.c (révision 57355) +++ ntoskrnl/io/iomgr/iofunc.c (copie de travail) @@ -119,7 +119,7 @@ { NTSTATUS Status; PKNORMAL_ROUTINE NormalRoutine; - PVOID NormalContext; + PVOID NormalContext = NULL; KIRQL OldIrql; PAGED_CODE(); IOTRACE(IO_API_DEBUG, "IRP: %p. DO: %p. FO: %p \n", Index: ntoskrnl/io/iomgr/iorsrce.c =================================================================== --- ntoskrnl/io/iomgr/iorsrce.c (révision 57355) +++ ntoskrnl/io/iomgr/iorsrce.c (copie de travail) @@ -701,7 +701,7 @@ UNICODE_STRING LinkTarget, KeyName; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE LinkHandle, RegistryHandle, KeyHandle; - WCHAR LinkTargetBuffer[256], KeyNameBuffer[sizeof(L"SystemPartition") / sizeof(WCHAR)]; + WCHAR LinkTargetBuffer[256]; UNICODE_STRING CmRegistryMachineSystemName = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SYSTEM"); ASSERT(NtSystemPartitionDeviceName->MaximumLength >= NtSystemPartitionDeviceName->Length + sizeof(WCHAR)); @@ -760,13 +760,9 @@ return; } - /* We'll store in Setup subkey, and as we love fun, we use only one buffer for three writings... */ - wcscpy(KeyNameBuffer, L"Setup"); - KeyName.Length = sizeof(L"Setup") - sizeof(UNICODE_NULL); - KeyName.MaximumLength = sizeof(L"Setup"); - KeyName.Buffer = KeyNameBuffer; + /* Open or create the Setup subkey where we'll store in */ + RtlInitUnicodeString(&KeyName, L"Setup"); - /* So, open or create the subkey */ Status = IopCreateRegistryKeyEx(&KeyHandle, RegistryHandle, &KeyName, @@ -784,9 +780,7 @@ } /* Prepare first data writing... */ - wcscpy(KeyNameBuffer, L"SystemPartition"); - KeyName.Length = sizeof(L"SystemPartition") - sizeof(UNICODE_NULL); - KeyName.MaximumLength = sizeof(L"SystemPartition"); + RtlInitUnicodeString(&KeyName, L"SystemPartition"); /* Write SystemPartition value which is the target of the symbolic link */ Status = ZwSetValueKey(KeyHandle, @@ -800,10 +794,8 @@ DPRINT("Failed writing SystemPartition value!\n"); } - /* Prepare for second data writing... */ - wcscpy(KeyName.Buffer, L"OsLoaderPath"); - KeyName.Length = sizeof(L"OsLoaderPath") - sizeof(UNICODE_NULL); - KeyName.MaximumLength = sizeof(L"OsLoaderPath"); + /* Prepare for second data writing... */ + RtlInitUnicodeString(&KeyName, L"OsLoaderPath"); /* Remove trailing slash if any (one slash only excepted) */ if (OsLoaderPathName->Length > sizeof(WCHAR) && Index: ntoskrnl/io/iomgr/ramdisk.c =================================================================== --- ntoskrnl/io/iomgr/ramdisk.c (révision 57355) +++ ntoskrnl/io/iomgr/ramdisk.c (copie de travail) @@ -224,7 +224,7 @@ // Build the symbolic link name and target // _snwprintf(SourceString, - sizeof(SourceString), + sizeof(SourceString)/sizeof(WCHAR), L"\\Device\\Ramdisk%wZ", &GuidString); SymbolicLinkName.Length = 38; Index: ntoskrnl/io/iomgr/volume.c =================================================================== --- ntoskrnl/io/iomgr/volume.c (révision 57355) +++ ntoskrnl/io/iomgr/volume.c (copie de travail) @@ -377,11 +377,14 @@ NULL, &Event, &StatusBlock); - Status = IoCallDriver(DeviceObject, Irp); - if (Status == STATUS_PENDING) + if (Irp) { - /* Wait on the driver */ - KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + Status = IoCallDriver(DeviceObject, Irp); + if (Status == STATUS_PENDING) + { + /* Wait on the driver */ + KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + } } /* Reset the event */ Index: ntoskrnl/io/pnpmgr/pnpnotify.c =================================================================== --- ntoskrnl/io/pnpmgr/pnpnotify.c (révision 57355) +++ ntoskrnl/io/pnpmgr/pnpnotify.c (copie de travail) @@ -80,7 +80,7 @@ if (!NT_SUCCESS(Status)) { KeReleaseGuardedMutex(&PnpNotifyListLock); - ExFreePool(NotificationStructure); + ExFreePoolWithTag(NotificationStructure, TAG_PNP_NOTIFY); return; } break; @@ -177,21 +177,22 @@ case EventCategoryTargetDeviceChange: { Status = IoGetRelatedTargetDevice(ChangeEntry->FileObject, &EntryDeviceObject); - if (NT_SUCCESS(Status)) - { - if (DeviceObject == EntryDeviceObject) - { - if (Event == &GUID_PNP_CUSTOM_NOTIFICATION) - { - ((PTARGET_DEVICE_CUSTOM_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; - } - else - { - ((PTARGET_DEVICE_REMOVAL_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; - } - CallCurrentEntry = TRUE; - } + if (NT_SUCCESS(Status)) + { + if (DeviceObject == EntryDeviceObject) + { + if (Event == &GUID_PNP_CUSTOM_NOTIFICATION) + { + ((PTARGET_DEVICE_CUSTOM_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; + } + else + { + ((PTARGET_DEVICE_REMOVAL_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; + } + CallCurrentEntry = TRUE; + } } + break; } default: {