d6/d71/win32ss_2gdi_2ntgdi_2gdiobj_8c_source.html

/*

 * PROJECT:         ReactOS win32 kernel mode subsystem

 * LICENSE:         GPL - See COPYING in the top level directory

 * FILE:            win32ss/gdi/ntgdi/gdiobj.c

 * PURPOSE:         General GDI object manipulation routines

 * PROGRAMMERS:     Timo Kreuzer

 */


/*

 * If you want to understand this code, you need to start thinking in portals.

 * - gpaulRefCount is a global pointer to an allocated array of ULONG values,

 * one for each handle. Bits 0 - 22 contain a reference count for the handle.

 * It gets increased for each handle lock / reference. Bit 23 contains a valid

 * bit. If this bit is 0, the handle got deleted and will be pushed to the free

 * list, once all references are gone. Bits 24 - 31 contain the reuse value of

 * the handle, which allows to check if the entry was changed before atomically

 * exchanging the reference count.

 * - Objects can exist with or without a handle

 *   - Objects with a handle can be locked either exclusively or shared.

 *     Both locks increase the handle reference count in gpaulRefCount.

 *     Exclusive locks also increase the BASEOBJECT's cExclusiveLock field

 *     and the first lock (can be acquired recursively) acquires a pushlock

 *     that is also stored in the BASEOBJECT.

 *   - Objects without a handle cannot have exclusive locks. Their reference

 *     count is tracked in the BASEOBJECT's ulShareCount field.

 * - An object that is inserted in the handle table automatically has an

 *   exclusive lock. For objects that are "shared objects" (BRUSH, PALETTE, ...)

 *   this is the only way it can ever be exclusively locked. It prevents the

 *   object from being locked by another thread. A shared lock will simply fail,

 *   while an exclusive lock will succeed after the object was unlocked.

 *

 * Ownership:

 *

 * Owner:               POWNED  PUBLIC  NONE    spec

 * ---------------------------------------------------

 * LockForRead          +       +       -       PUBLIC

 * LockForWrite         +       -       -       POWNED

 * LockAny              +       +       +       NONE

 * NtGdiDeleteObjectApp +       -       -       PUBLIC

 * GreDeleteObject      +       +       +       NONE

 * GreSetOwner(POWNED)  -       -       +       -

 * GreSetOwner(PUBLIC)  +       -       +       -

 * GreSetOwner(NONE)    +       -       -       -

 *

 */


/* INCLUDES ******************************************************************/


#include <win32k.h>

#define NDEBUG

#include <debug.h>


FORCEINLINE

ULONG

InterlockedReadUlong(

    _In_ _Interlocked_operand_ ULONG volatile *Source)

{

    return *Source;

}


FORCEINLINE

void

INCREASE_THREAD_LOCK_COUNT(

    _In_ HANDLE hobj)

{

    PTHREADINFO pti = PsGetCurrentThreadWin32Thread();

    DBG_UNREFERENCED_PARAMETER(hobj);

    if (pti)

    {

#if DBG

        pti->acExclusiveLockCount[((ULONG_PTR)hobj >> 16) & 0x1f]++;

#endif

        pti->cExclusiveLocks++;

    }

}


FORCEINLINE

void

DECREASE_THREAD_LOCK_COUNT(

    _In_ HANDLE hobj)

{

    PTHREADINFO pti = PsGetCurrentThreadWin32Thread();

    DBG_UNREFERENCED_PARAMETER(hobj);

    if (pti)

    {

#if DBG

        pti->acExclusiveLockCount[((ULONG_PTR)hobj >> 16) & 0x1f]--;

#endif

        pti->cExclusiveLocks--;

    }

}


#if DBG

VOID

ASSERT_LOCK_ORDER(

    _In_ UCHAR objt)

{

    PTHREADINFO pti = PsGetCurrentThreadWin32Thread();

    ULONG i;


    if (pti)

    {

        /* Ensure correct locking order! */

        for (i = objt + 1; i < GDIObjTypeTotal; i++)

        {

            NT_ASSERT(pti->acExclusiveLockCount[i] == 0);

        }

    }

}

#define ASSERT_SHARED_OBJECT_TYPE(objt) \

    ASSERT((objt) == GDIObjType_SURF_TYPE || \

           (objt) == GDIObjType_PAL_TYPE || \

           (objt) == GDIObjType_LFONT_TYPE || \

           (objt) == GDIObjType_PATH_TYPE || \

           (objt) == GDIObjType_BRUSH_TYPE)

#define ASSERT_EXCLUSIVE_OBJECT_TYPE(objt) \

    ASSERT((objt) == GDIObjType_DC_TYPE || \

           (objt) == GDIObjType_RGN_TYPE || \

           (objt) == GDIObjType_UMPD_TYPE || \

           (objt) == GDIObjType_META_TYPE)

#define ASSERT_TRYLOCK_OBJECT_TYPE(objt) \

    ASSERT((objt) == GDIObjType_DRVOBJ_TYPE)

#else

#define ASSERT_LOCK_ORDER(hobj)

#define ASSERT_SHARED_OBJECT_TYPE(objt)

#define ASSERT_EXCLUSIVE_OBJECT_TYPE(objt)

#define ASSERT_TRYLOCK_OBJECT_TYPE(objt)

#endif


#if defined(_M_IX86) || defined(_M_AMD64)

#define InterlockedOr16 _InterlockedOr16

#endif


#define GDIOBJ_POOL_TAG(type) ('00hG' + (((type) & 0x1f) << 24))


enum

{

    REF_MASK_REUSE = 0xff000000,

    REF_INC_REUSE  = 0x01000000,

    REF_MASK_VALID = 0x00800000,

    REF_MASK_COUNT = 0x007fffff,

    REF_MASK_INUSE = 0x00ffffff,

};


/* GLOBALS *******************************************************************/


/* Per session handle table globals */

static PVOID gpvGdiHdlTblSection = NULL;

PENTRY gpentHmgr;

PULONG gpaulRefCount;

volatile ULONG gulFirstFree;

volatile ULONG gulFirstUnused;

static PPAGED_LOOKASIDE_LIST gpaLookasideList;


static VOID NTAPI GDIOBJ_vCleanup(PVOID ObjectBody);


static const

GDICLEANUPPROC

apfnCleanup[] =

{

    NULL,              /* 00 GDIObjType_DEF_TYPE */

    DC_vCleanup,       /* 01 GDIObjType_DC_TYPE */

    NULL,              /* 02 GDIObjType_UNUSED1_TYPE */

    NULL,              /* 03 GDIObjType_UNUSED2_TYPE */

    REGION_vCleanup,   /* 04 GDIObjType_RGN_TYPE */

    SURFACE_vCleanup,  /* 05 GDIObjType_SURF_TYPE */

    GDIOBJ_vCleanup,   /* 06 GDIObjType_CLIENTOBJ_TYPE */

    GDIOBJ_vCleanup,   /* 07 GDIObjType_PATH_TYPE */

    PALETTE_vCleanup,  /* 08 GDIObjType_PAL_TYPE */

    GDIOBJ_vCleanup,   /* 09 GDIObjType_ICMLCS_TYPE */

    GDIOBJ_vCleanup,   /* 0a GDIObjType_LFONT_TYPE */

    NULL,              /* 0b GDIObjType_RFONT_TYPE, unused */

    NULL,              /* 0c GDIObjType_PFE_TYPE, unused */

    NULL,              /* 0d GDIObjType_PFT_TYPE, unused */

    GDIOBJ_vCleanup,   /* 0e GDIObjType_ICMCXF_TYPE */

    NULL,              /* 0f GDIObjType_SPRITE_TYPE, unused */

    NULL,              /* 10 GDIObjType_BRUSH_TYPE, BRUSH, PEN, EXTPEN */

    NULL,              /* 11 GDIObjType_UMPD_TYPE, unused */

    NULL,              /* 12 GDIObjType_UNUSED4_TYPE */

    NULL,              /* 13 GDIObjType_SPACE_TYPE, unused */

    NULL,              /* 14 GDIObjType_UNUSED5_TYPE */

    GDIOBJ_vCleanup,   /* 15 GDIObjType_META_TYPE */

    NULL,              /* 16 GDIObjType_EFSTATE_TYPE, unused */

    NULL,              /* 17 GDIObjType_BMFD_TYPE, unused */

    NULL,              /* 18 GDIObjType_VTFD_TYPE, unused */

    NULL,              /* 19 GDIObjType_TTFD_TYPE, unused */

    NULL,              /* 1a GDIObjType_RC_TYPE, unused */

    NULL,              /* 1b GDIObjType_TEMP_TYPE, unused */

    DRIVEROBJ_vCleanup,/* 1c GDIObjType_DRVOBJ_TYPE */

    NULL,              /* 1d GDIObjType_DCIOBJ_TYPE, unused */

    NULL,              /* 1e GDIObjType_SPOOL_TYPE, unused */

    NULL,              /* 1f reserved entry */

};


static const

GDIOBJDELETEPROC

apfnDelete[] =

{

    NULL,              /* 00 GDIObjType_DEF_TYPE */

    NULL,              /* 01 GDIObjType_DC_TYPE */

    NULL,              /* 02 GDIObjType_UNUSED1_TYPE */

    NULL,              /* 03 GDIObjType_UNUSED2_TYPE */

    NULL,              /* 04 GDIObjType_RGN_TYPE */

    NULL,              /* 05 GDIObjType_SURF_TYPE */

    NULL,              /* 06 GDIObjType_CLIENTOBJ_TYPE */

    NULL,              /* 07 GDIObjType_PATH_TYPE */

    NULL,              /* 08 GDIObjType_PAL_TYPE */

    NULL,              /* 09 GDIObjType_ICMLCS_TYPE */

    NULL,              /* 0a GDIObjType_LFONT_TYPE */

    NULL,              /* 0b GDIObjType_RFONT_TYPE, unused */

    NULL,              /* 0c GDIObjType_PFE_TYPE, unused */

    NULL,              /* 0d GDIObjType_PFT_TYPE, unused */

    NULL,              /* 0e GDIObjType_ICMCXF_TYPE */

    NULL,                 /* 0f GDIObjType_SPRITE_TYPE, unused */

    BRUSH_vDeleteObject,  /* 10 GDIObjType_BRUSH_TYPE, BRUSH, PEN, EXTPEN */

    NULL,              /* 11 GDIObjType_UMPD_TYPE, unused */

    NULL,              /* 12 GDIObjType_UNUSED4_TYPE */

    NULL,              /* 13 GDIObjType_SPACE_TYPE, unused */

    NULL,              /* 14 GDIObjType_UNUSED5_TYPE */

    NULL,              /* 15 GDIObjType_META_TYPE, unused */

    NULL,              /* 16 GDIObjType_EFSTATE_TYPE, unused */

    NULL,              /* 17 GDIObjType_BMFD_TYPE, unused */

    NULL,              /* 18 GDIObjType_VTFD_TYPE, unused */

    NULL,              /* 19 GDIObjType_TTFD_TYPE, unused */

    NULL,              /* 1a GDIObjType_RC_TYPE, unused */

    NULL,              /* 1b GDIObjType_TEMP_TYPE, unused */

    NULL,              /* 1c GDIObjType_DRVOBJ_TYPE */

    NULL,              /* 1d GDIObjType_DCIOBJ_TYPE, unused */

    NULL,              /* 1e GDIObjType_SPOOL_TYPE, unused */

    NULL,              /* 1f reserved entry */

};


/* INTERNAL FUNCTIONS ********************************************************/


static

VOID

NTAPI

GDIOBJ_vCleanup(PVOID ObjectBody)

{

    /* Nothing to do */

}


static

VOID

InitLookasideList(UCHAR objt, ULONG cjSize)

{

    ExInitializePagedLookasideList(&gpaLookasideList[objt],

                                   NULL,

                                   NULL,

                                   0,

                                   cjSize,

                                   GDITAG_HMGR_LOOKASIDE_START + (objt << 24),

                                   0);

}


CODE_SEG("INIT")

NTSTATUS

NTAPI

InitGdiHandleTable(void)

{

    NTSTATUS status;

    LARGE_INTEGER liSize;

    PVOID pvSection;

    SIZE_T cjViewSize = 0;


    /* Create a section for the shared handle table */

    liSize.QuadPart = sizeof(GDI_HANDLE_TABLE); // GDI_HANDLE_COUNT * sizeof(ENTRY);

    status = MmCreateSection(&gpvGdiHdlTblSection,

                             SECTION_ALL_ACCESS,

                             NULL,

                             &liSize,

                             PAGE_READWRITE,

                             SEC_COMMIT | 0x1,

                             NULL,

                             NULL);

    if (!NT_SUCCESS(status))

    {

        DPRINT1("INITGDI: Could not allocate a GDI handle table.\n");

        return status;

    }


    /* Map the section in session space */

    status = MmMapViewInSessionSpace(gpvGdiHdlTblSection,

                                     (PVOID*)&gpentHmgr,

                                     &cjViewSize);

    if (!NT_SUCCESS(status))

    {

        DPRINT1("INITGDI: Failed to map handle table section\n");

        ObDereferenceObject(gpvGdiHdlTblSection);

        return status;

    }


    /* Allocate memory for the reference counter table */

    gpaulRefCount = EngAllocSectionMem(&pvSection,

                                     FL_ZERO_MEMORY,

                                     GDI_HANDLE_COUNT * sizeof(ULONG),

                                     'frHG');

    if (!gpaulRefCount)

    {

        DPRINT1("INITGDI: Failed to allocate reference table.\n");

        ObDereferenceObject(gpvGdiHdlTblSection);

        return STATUS_INSUFFICIENT_RESOURCES;

    }


    gulFirstFree = 0;

    gulFirstUnused = RESERVE_ENTRIES_COUNT;


    GdiHandleTable = (PVOID)gpentHmgr;


    /* Initialize the lookaside lists */

    gpaLookasideList = ExAllocatePoolWithTag(NonPagedPool,

                           GDIObjTypeTotal * sizeof(PAGED_LOOKASIDE_LIST),

                           TAG_GDIHNDTBLE);

    if(!gpaLookasideList)

        return STATUS_NO_MEMORY;


    InitLookasideList(GDIObjType_DC_TYPE, sizeof(DC));

    InitLookasideList(GDIObjType_RGN_TYPE, sizeof(REGION));

    InitLookasideList(GDIObjType_SURF_TYPE, sizeof(SURFACE));

    InitLookasideList(GDIObjType_CLIENTOBJ_TYPE, sizeof(CLIENTOBJ));

    InitLookasideList(GDIObjType_PATH_TYPE, sizeof(PATH));

    InitLookasideList(GDIObjType_PAL_TYPE, sizeof(PALETTE));

    InitLookasideList(GDIObjType_ICMLCS_TYPE, sizeof(COLORSPACE));

    InitLookasideList(GDIObjType_LFONT_TYPE, sizeof(TEXTOBJ));

    InitLookasideList(GDIObjType_BRUSH_TYPE, sizeof(BRUSH));


    return STATUS_SUCCESS;

}


FORCEINLINE

VOID

IncrementCurrentProcessGdiHandleCount(void)

{

    PPROCESSINFO ppi = PsGetCurrentProcessWin32Process();

    if (ppi) InterlockedIncrement((LONG*)&ppi->GDIHandleCount);

}


FORCEINLINE

VOID

DecrementCurrentProcessGdiHandleCount(void)

{

    PPROCESSINFO ppi = PsGetCurrentProcessWin32Process();

    if (ppi) InterlockedDecrement((LONG*)&ppi->GDIHandleCount);

}


static inline

VOID

IncrementGdiHandleCount(ULONG ulProcessId)

{

    PEPROCESS pep;

    PPROCESSINFO ppi;

    NTSTATUS Status;


    Status = PsLookupProcessByProcessId(ULongToHandle(ulProcessId), &pep);

    NT_ASSERT(NT_SUCCESS(Status));

    __analysis_assume(NT_SUCCESS(Status));


    ppi = PsGetProcessWin32Process(pep);

    if (ppi) InterlockedIncrement((LONG*)&ppi->GDIHandleCount);

    if (NT_SUCCESS(Status)) ObDereferenceObject(pep);

}


static inline

VOID

DecrementGdiHandleCount(ULONG ulProcessId)

{

    PEPROCESS pep;

    PPROCESSINFO ppi;

    NTSTATUS Status;


    Status = PsLookupProcessByProcessId(ULongToHandle(ulProcessId), &pep);

    NT_ASSERT(NT_SUCCESS(Status));

    __analysis_assume(NT_SUCCESS(Status));


    ppi = PsGetProcessWin32Process(pep);

    if (ppi) InterlockedDecrement((LONG*)&ppi->GDIHandleCount);

    if (NT_SUCCESS(Status)) ObDereferenceObject(pep);

}


static

PENTRY

ENTRY_pentPopFreeEntry(VOID)

{

    ULONG iFirst, iNext, iPrev;

    PENTRY pentFree;


    DPRINT("Enter InterLockedPopFreeEntry\n");


    do

    {

        /* Get the index and sequence number of the first free entry */

        iFirst = InterlockedReadUlong(&gulFirstFree);


        /* Check if we have a free entry */

        if (!(iFirst & GDI_HANDLE_INDEX_MASK))

        {

            /* Increment FirstUnused and get the new index */

            iFirst = InterlockedIncrement((LONG*)&gulFirstUnused) - 1;


            /* Check if we have unused entries left */

            if (iFirst >= GDI_HANDLE_COUNT)

            {

                DPRINT1("No more GDI handles left!\n");

#if DBG_ENABLE_GDIOBJ_BACKTRACES

                DbgDumpGdiHandleTableWithBT();

#endif

                InterlockedDecrement((LONG*)&gulFirstUnused);

                return 0;

            }


            /* Return the old entry */

            return &gpentHmgr[iFirst];

        }


        /* Get a pointer to the first free entry */

        pentFree = &gpentHmgr[iFirst & GDI_HANDLE_INDEX_MASK];


        /* Create a new value with an increased sequence number */

        iNext = GDI_HANDLE_GET_INDEX(pentFree->einfo.hFree);

        iNext |= (iFirst & ~GDI_HANDLE_INDEX_MASK) + 0x10000;


        /* Try to exchange the FirstFree value */

        iPrev = InterlockedCompareExchange((LONG*)&gulFirstFree,

                                           iNext,

                                           iFirst);

    }

    while (iPrev != iFirst);


    /* Sanity check: is entry really free? */

    ASSERT(((ULONG_PTR)pentFree->einfo.pobj & ~GDI_HANDLE_INDEX_MASK) == 0);


    return pentFree;

}


/* Pushes an entry of the handle table to the free list,

   The entry must not have any references left */

static

VOID

ENTRY_vPushFreeEntry(PENTRY pentFree)

{

    ULONG iToFree, iFirst, iPrev, idxToFree;


    DPRINT("Enter ENTRY_vPushFreeEntry\n");


    idxToFree = pentFree - gpentHmgr;

    ASSERT((gpaulRefCount[idxToFree] & REF_MASK_INUSE) == 0);


    /* Initialize entry */

    pentFree->Objt = GDIObjType_DEF_TYPE;

    pentFree->ObjectOwner.ulObj = 0;

    pentFree->pUser = NULL;


    /* Increase reuse counter in entry and reference counter */

    InterlockedExchangeAdd((LONG*)&gpaulRefCount[idxToFree], REF_INC_REUSE);

    pentFree->FullUnique += 0x0100;


    do

    {

        /* Get the current first free index and sequence number */

        iFirst = InterlockedReadUlong(&gulFirstFree);


        /* Set the einfo.pobj member to the index of the first free entry */

        pentFree->einfo.pobj = UlongToPtr(iFirst & GDI_HANDLE_INDEX_MASK);


        /* Combine new index and increased sequence number in iToFree */

        iToFree = idxToFree | ((iFirst & ~GDI_HANDLE_INDEX_MASK) + 0x10000);


        /* Try to atomically update the first free entry */

        iPrev = InterlockedCompareExchange((LONG*)&gulFirstFree,

                                           iToFree,

                                           iFirst);

    }

    while (iPrev != iFirst);

}


static

PENTRY

ENTRY_ReferenceEntryByHandle(HGDIOBJ hobj, FLONG fl)

{

    ULONG ulIndex, cNewRefs, cOldRefs;

    PENTRY pentry;


    /* Get the handle index and check if its too big */

    ulIndex = GDI_HANDLE_GET_INDEX(hobj);


    /* Get pointer to the entry */

    pentry = &gpentHmgr[ulIndex];


    /* Get the current reference count */

    cOldRefs = gpaulRefCount[ulIndex];


    do

    {

        /* Check if the slot is deleted */

        if ((cOldRefs & REF_MASK_VALID) == 0)

        {

            DPRINT("GDIOBJ: Slot is not valid: 0x%lx, hobh=%p\n", cOldRefs, hobj);

            return NULL;

        }


        /* Check if the unique value matches */

        if (pentry->FullUnique != (USHORT)((ULONG_PTR)hobj >> 16))

        {

            DPRINT("GDIOBJ: Wrong unique value. Handle: 0x%4x, entry: 0x%4x\n",

                   (USHORT)((ULONG_PTR)hobj >> 16), pentry->FullUnique);

            return NULL;

        }


        /* Check if the object owner is this process or public */

        if (!(fl & GDIOBJFLAG_IGNOREPID) &&

            pentry->ObjectOwner.ulObj != GDI_OBJ_HMGR_PUBLIC &&

            pentry->ObjectOwner.ulObj != PtrToUlong(PsGetCurrentProcessId()))

        {

            DPRINT("GDIOBJ: Cannot reference foreign handle %p, pentry=%p:%lx.\n",

                    hobj, pentry, pentry->ObjectOwner.ulObj);

            return NULL;

        }


        /* Try to atomically increment the reference count */

        cNewRefs = cOldRefs + 1;

        cOldRefs = InterlockedCompareExchange((PLONG)&gpaulRefCount[ulIndex],

                                              cNewRefs,

                                              cOldRefs);

    }

    while (cNewRefs != cOldRefs + 1);


    /* Integrity checks */

    ASSERT((pentry->FullUnique & 0x1f) == pentry->Objt);

    ASSERT(pentry->einfo.pobj != NULL);


    /* Check if lower 32 bits match, the upper 32 bits are ignored */

    ASSERT(pentry->einfo.pobj->hHmgr == UlongToPtr(PtrToUlong(hobj)));


    return pentry;

}


static

HGDIOBJ

ENTRY_hInsertObject(PENTRY pentry, POBJ pobj, UCHAR objt, ULONG ulOwner)

{

    ULONG ulIndex;


    /* Calculate the handle index */

    ulIndex = pentry - gpentHmgr;


    /* Update the fields in the ENTRY */

    pentry->einfo.pobj = pobj;

    pentry->Objt = objt & 0x1f;

    pentry->FullUnique = (pentry->FullUnique & 0xff00) | objt;

    pentry->ObjectOwner.ulObj = ulOwner;


    /* Make the handle valid with 1 reference */

    ASSERT((gpaulRefCount[ulIndex] & REF_MASK_INUSE) == 0);

    InterlockedOr((LONG*)&gpaulRefCount[ulIndex], REF_MASK_VALID | 1);


    /* Return the handle */

    return (HGDIOBJ)(((ULONG_PTR)pentry->FullUnique << 16) | ulIndex);

}


POBJ

NTAPI

GDIOBJ_AllocateObject(UCHAR objt, ULONG cjSize, FLONG fl)

{

    POBJ pobj;


    if (fl & BASEFLAG_LOOKASIDE)

    {

        /* Allocate the object from a lookaside list */

        pobj = ExAllocateFromPagedLookasideList(&gpaLookasideList[objt & 0x1f]);

    }

    else

    {

        /* Allocate the object from paged pool */

        pobj = ExAllocatePoolWithTag(PagedPool, cjSize, GDIOBJ_POOL_TAG(objt));

    }


    if (!pobj) return NULL;


    /* Initialize the object */

    RtlZeroMemory(pobj, cjSize);

    pobj->hHmgr = (HGDIOBJ)((ULONG_PTR)objt << 16);

    pobj->cExclusiveLock = 0;

    pobj->ulShareCount = 1;

    pobj->BaseFlags = fl & 0xffff;

    DBG_INITLOG(&pobj->slhLog);

    DBG_LOGEVENT(&pobj->slhLog, EVENT_ALLOCATE, 0);

#if DBG_ENABLE_GDIOBJ_BACKTRACES

    DbgCaptureStackBackTace(pobj->apvBackTrace, 1, GDI_OBJECT_STACK_LEVELS);

#endif /* GDI_DEBUG */


    return pobj;

}


VOID

NTAPI

GDIOBJ_vFreeObject(POBJ pobj)

{

    UCHAR objt;


    DBG_CLEANUP_EVENT_LIST(&pobj->slhLog);


    /* Get the object type */

    objt = ((ULONG_PTR)pobj->hHmgr >> 16) & 0x1f;


    /* Check if we have a delete procedure (for C++ based objects) */

    if (apfnDelete[objt] != NULL)

    {

        /* Invoke the delete procedure */

        apfnDelete[objt](pobj);

    }

    else

    {

        /* Call the cleanup procedure */

        NT_ASSERT(apfnCleanup[objt]);

        apfnCleanup[objt](pobj);


        /* Check if the object is allocated from a lookaside list */

        if (pobj->BaseFlags & BASEFLAG_LOOKASIDE)

        {

            ExFreeToPagedLookasideList(&gpaLookasideList[objt], pobj);

        }

        else

        {

            ExFreePoolWithTag(pobj, GDIOBJ_POOL_TAG(objt));

        }

    }

}


VOID

NTAPI

GDIOBJ_vDereferenceObject(POBJ pobj)

{

    ULONG cRefs, ulIndex;


    /* Calculate the index */

    ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);


    /* Check if the object has a handle */

    if (ulIndex)

    {

        /* Decrement reference count */

        if ((gpaulRefCount[ulIndex] & REF_MASK_COUNT) == 0)

        {

            DBG_DUMP_EVENT_LIST(&pobj->slhLog);

        }

        ASSERT((gpaulRefCount[ulIndex] & REF_MASK_COUNT) > 0);

        cRefs = InterlockedDecrement((LONG*)&gpaulRefCount[ulIndex]);

        DBG_LOGEVENT(&pobj->slhLog, EVENT_DEREFERENCE, cRefs);


        /* Check if we reached 0 and handle bit is not set */

        if ((cRefs & REF_MASK_INUSE) == 0)

        {

            /* Make sure it's ok to delete the object */

            ASSERT(pobj->BaseFlags & BASEFLAG_READY_TO_DIE);


            /* Check if the handle was process owned */

            if (gpentHmgr[ulIndex].ObjectOwner.ulObj != GDI_OBJ_HMGR_PUBLIC &&

                gpentHmgr[ulIndex].ObjectOwner.ulObj != GDI_OBJ_HMGR_NONE)

            {

                /* Decrement the process handle count */

                ASSERT(gpentHmgr[ulIndex].ObjectOwner.ulObj ==

                       HandleToUlong(PsGetCurrentProcessId()));

                DecrementCurrentProcessGdiHandleCount();

            }


            /* Push entry to the free list */

            ENTRY_vPushFreeEntry(&gpentHmgr[ulIndex]);


            /* Free the object */

            GDIOBJ_vFreeObject(pobj);

        }

    }

    else

    {

        /* Decrement the objects reference count */

        ASSERT(pobj->ulShareCount > 0);

        cRefs = InterlockedDecrement((LONG*)&pobj->ulShareCount);

        DBG_LOGEVENT(&pobj->slhLog, EVENT_DEREFERENCE, cRefs);


        /* Check if we reached 0 */

        if (cRefs == 0)

        {

            /* Free the object */

            GDIOBJ_vFreeObject(pobj);

        }

    }

}


POBJ

NTAPI

GDIOBJ_ReferenceObjectByHandle(

    HGDIOBJ hobj,

    UCHAR objt)

{

    PENTRY pentry;

    POBJ pobj;


    /* Check if the handle type matches */

    ASSERT_SHARED_OBJECT_TYPE(objt);

    if ((((ULONG_PTR)hobj >> 16) & 0x1f) != objt)

    {

        DPRINT("GDIOBJ: Wrong type. handle=%p, type=%x\n", hobj, objt);

        return NULL;

    }


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(hobj, 0);

    if (!pentry)

    {

        DPRINT("GDIOBJ: Requested handle 0x%p is not valid.\n", hobj);

        return NULL;

    }


    /* Get the pointer to the BASEOBJECT */

    pobj = pentry->einfo.pobj;


    /* Check if the object is exclusively locked */

    if (pobj->cExclusiveLock != 0)

    {

        DPRINT1("GDIOBJ: Cannot reference object %p with exclusive lock.\n", hobj);

        GDIOBJ_vDereferenceObject(pobj);

        DBG_DUMP_EVENT_LIST(&pobj->slhLog);

        return NULL;

    }


    DBG_LOGEVENT(&pobj->slhLog, EVENT_REFERENCE, gpaulRefCount[pentry - gpentHmgr]);


    /* All is well, return the object */

    return pobj;

}


VOID

NTAPI

GDIOBJ_vReferenceObjectByPointer(POBJ pobj)

{

    ULONG cRefs;


    /* Check if the object has a handle */

    if (GDI_HANDLE_GET_INDEX(pobj->hHmgr))

    {

        /* Increase the handle's reference count */

        ULONG ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);

        ASSERT((gpaulRefCount[ulIndex] & REF_MASK_COUNT) > 0);

        cRefs = InterlockedIncrement((LONG*)&gpaulRefCount[ulIndex]);

    }

    else

    {

        /* Increase the object's reference count */

        cRefs = InterlockedIncrement((LONG*)&pobj->ulShareCount);

    }


    DBG_LOGEVENT(&pobj->slhLog, EVENT_REFERENCE, cRefs);

}


PGDIOBJ

NTAPI

GDIOBJ_TryLockObject(

    HGDIOBJ hobj,

    UCHAR objt)

{

    PENTRY pentry;

    POBJ pobj;

    DWORD dwThreadId;


    /* Check if the handle type matches */

    ASSERT_TRYLOCK_OBJECT_TYPE(objt);

    if ((((ULONG_PTR)hobj >> 16) & 0x1f) != objt)

    {

        DPRINT("Wrong object type: hobj=0x%p, objt=0x%x\n", hobj, objt);

        return NULL;

    }


    /* Make sure lock order is correct */

    ASSERT_LOCK_ORDER(objt);


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(hobj, 0);

    if (!pentry)

    {

        DPRINT("GDIOBJ: Requested handle 0x%p is not valid.\n", hobj);

        return NULL;

    }


    /* Get the pointer to the BASEOBJECT */

    pobj = pentry->einfo.pobj;


    /* Check if we already own the lock */

    dwThreadId = PtrToUlong(PsGetCurrentThreadId());

    if (pobj->dwThreadId != dwThreadId)

    {

        /* Disable APCs and try acquiring the push lock */

        KeEnterCriticalRegion();

        if(!ExTryAcquirePushLockExclusive(&pobj->pushlock))

        {

            ULONG cRefs, ulIndex;

            /* Already owned. Clean up and leave. */

            KeLeaveCriticalRegion();


            /* Calculate the index */

            ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);


            /* Decrement reference count */

            ASSERT((gpaulRefCount[ulIndex] & REF_MASK_COUNT) > 0);

            cRefs = InterlockedDecrement((LONG*)&gpaulRefCount[ulIndex]);

            ASSERT(cRefs & REF_MASK_VALID);


            return NULL;

        }


        /* Set us as lock owner */

        ASSERT(pobj->dwThreadId == 0);

        pobj->dwThreadId = dwThreadId;

    }


    /* Increase lock count */

    pobj->cExclusiveLock++;

    INCREASE_THREAD_LOCK_COUNT(hobj);

    DBG_LOGEVENT(&pobj->slhLog, EVENT_LOCK, 0);


    /* Return the object */

    return pobj;

}


PGDIOBJ

NTAPI

GDIOBJ_LockObject(

    HGDIOBJ hobj,

    UCHAR objt)

{

    PENTRY pentry;

    POBJ pobj;

    DWORD dwThreadId;


    /* Check if the handle type matches */

    ASSERT_EXCLUSIVE_OBJECT_TYPE(objt);

    if ((((ULONG_PTR)hobj >> 16) & 0x1f) != objt)

    {

        DPRINT("Wrong object type: hobj=0x%p, objt=0x%x\n", hobj, objt);

        return NULL;

    }


    /* Make sure lock order is correct */

    ASSERT_LOCK_ORDER(objt);


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(hobj, 0);

    if (!pentry)

    {

        DPRINT("GDIOBJ: Requested handle 0x%p is not valid.\n", hobj);

        return NULL;

    }


    /* Get the pointer to the BASEOBJECT */

    pobj = pentry->einfo.pobj;


    /* Check if we already own the lock */

    dwThreadId = PtrToUlong(PsGetCurrentThreadId());

    if (pobj->dwThreadId != dwThreadId)

    {

        /* Disable APCs and acquire the push lock */

        KeEnterCriticalRegion();

        ExAcquirePushLockExclusive(&pobj->pushlock);


        /* Set us as lock owner */

        ASSERT(pobj->dwThreadId == 0);

        pobj->dwThreadId = dwThreadId;

    }


    /* Increase lock count */

    pobj->cExclusiveLock++;

    INCREASE_THREAD_LOCK_COUNT(hobj);

    DBG_LOGEVENT(&pobj->slhLog, EVENT_LOCK, 0);


    /* Return the object */

    return pobj;

}


VOID

NTAPI

GDIOBJ_vUnlockObject(POBJ pobj)

{

    ULONG cRefs, ulIndex;

    ASSERT(pobj->cExclusiveLock > 0);


    /* Decrease lock count */

    pobj->cExclusiveLock--;

    DECREASE_THREAD_LOCK_COUNT(pobj->hHmgr);

    DBG_LOGEVENT(&pobj->slhLog, EVENT_UNLOCK, 0);


    /* Check if this was the last lock */

    if (pobj->cExclusiveLock == 0)

    {

        /* Reset lock owner */

        pobj->dwThreadId = 0;


        /* Release the pushlock and reenable APCs */

        ExReleasePushLockExclusive(&pobj->pushlock);

        KeLeaveCriticalRegion();

    }


    /* Calculate the index */

    ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);


    /* Decrement reference count */

    ASSERT((gpaulRefCount[ulIndex] & REF_MASK_COUNT) > 0);

    cRefs = InterlockedDecrement((LONG*)&gpaulRefCount[ulIndex]);

    ASSERT(cRefs & REF_MASK_VALID);

}


HGDIOBJ

NTAPI

GDIOBJ_hInsertObject(

    POBJ pobj,

    ULONG ulOwner)

{

    PENTRY pentry;

    UCHAR objt;


    /* Must have no handle and only one reference */

    ASSERT(GDI_HANDLE_GET_INDEX(pobj->hHmgr) == 0);

    ASSERT(pobj->cExclusiveLock == 0);

    ASSERT(pobj->ulShareCount == 1);


    /* Get a free handle entry */

    pentry = ENTRY_pentPopFreeEntry();

    if (!pentry)

    {

        DPRINT1("GDIOBJ: Could not get a free entry.\n");

        return NULL;

    }


    /* Make the object exclusively locked */

    ExInitializePushLock(&pobj->pushlock);

    KeEnterCriticalRegion();

    ExAcquirePushLockExclusive(&pobj->pushlock);

    pobj->cExclusiveLock = 1;

    pobj->dwThreadId = PtrToUlong(PsGetCurrentThreadId());

    INCREASE_THREAD_LOCK_COUNT(pobj->hHmgr);


    /* Get object type from the hHmgr field */

    objt = ((ULONG_PTR)pobj->hHmgr >> 16) & 0xff;

    ASSERT(objt != GDIObjType_DEF_TYPE);


    /* Check if current process is requested owner */

    if (ulOwner == GDI_OBJ_HMGR_POWNED)

    {

        /* Increment the process handle count */

        IncrementCurrentProcessGdiHandleCount();


        /* Use Process id */

        ulOwner = HandleToUlong(PsGetCurrentProcessId());

    }


    /* Insert the object into the handle table */

    pobj->hHmgr = ENTRY_hInsertObject(pentry, pobj, objt, ulOwner);


    /* Return the handle */

    DPRINT("GDIOBJ: Created handle: %p\n", pobj->hHmgr);

    DBG_LOGEVENT(&pobj->slhLog, EVENT_CREATE_HANDLE, 0);

    return pobj->hHmgr;

}


VOID

NTAPI

GDIOBJ_vSetObjectOwner(

    POBJ pobj,

    ULONG ulNewOwner)

{

    PENTRY pentry;

    ULONG ulOldOwner;


    /* This is a ugly HACK, needed to fix IntGdiSetDCOwnerEx */

    if (GDI_HANDLE_IS_STOCKOBJ(pobj->hHmgr))

    {

        DPRINT("Trying to set ownership of stock object %p to %lx\n", pobj->hHmgr, ulNewOwner);

        return;

    }


    /* Get the handle entry */

    NT_ASSERT(GDI_HANDLE_GET_INDEX(pobj->hHmgr));

    pentry = &gpentHmgr[GDI_HANDLE_GET_INDEX(pobj->hHmgr)];


    /* Check if the new owner is the same as the old one */

    ulOldOwner = pentry->ObjectOwner.ulObj;

    if (ulOldOwner == ulNewOwner)

    {

        /* Nothing to do */

        return;

    }


    /* Is the current process requested? */

    if (ulNewOwner == GDI_OBJ_HMGR_POWNED)

    {

        /* Use process id */

        ulNewOwner = HandleToUlong(PsGetCurrentProcessId());

    }


    // HACK

    if (ulNewOwner == GDI_OBJ_HMGR_NONE)

        ulNewOwner = GDI_OBJ_HMGR_PUBLIC;


    /* Was the object process owned? */

    if ((ulOldOwner != GDI_OBJ_HMGR_PUBLIC) &&

        (ulOldOwner != GDI_OBJ_HMGR_NONE))

    {

        /* Decrement the previous owners handle count */

        DecrementGdiHandleCount(ulOldOwner);

    }


    /* Is the new owner a process? */

    if ((ulNewOwner != GDI_OBJ_HMGR_PUBLIC) &&

        (ulNewOwner != GDI_OBJ_HMGR_NONE))

    {

        /* Increment the new owners handle count */

        IncrementGdiHandleCount(ulNewOwner);

    }

    else

    {

        /* Make sure we don't leak user mode memory */

        NT_ASSERT(pentry->pUser == NULL);

    }


    /* Set new owner */

    pentry->ObjectOwner.ulObj = ulNewOwner;

    DBG_LOGEVENT(&pobj->slhLog, EVENT_SET_OWNER, 0);

}


/* Locks 2 or 3 objects at a time */

BOOL

NTAPI

GDIOBJ_bLockMultipleObjects(

    IN ULONG ulCount,

    IN HGDIOBJ* ahObj,

    OUT PGDIOBJ* apObj,

    IN UCHAR objt)

{

    UINT auiIndices[3] = {0, 1, 2};

    UINT i, j, tmp;


    ASSERT(ulCount <= 3);


    /* Sort the handles */

    for (i = 0; i < ulCount - 1; i++)

    {

        for (j = i + 1; j < ulCount; j++)

        {

            if ((ULONG_PTR)ahObj[auiIndices[i]] <

                (ULONG_PTR)ahObj[auiIndices[j]])

            {

                tmp = auiIndices[i];

                auiIndices[i] = auiIndices[j];

                auiIndices[j] = tmp;

            }

        }

    }


    /* Lock the objects in safe order */

    for (i = 0; i < ulCount; i++)

    {

        /* Skip NULL handles */

        if (ahObj[auiIndices[i]] == NULL)

        {

            apObj[auiIndices[i]] = NULL;

            continue;

        }


        /* Lock the object */

        apObj[auiIndices[i]] = GDIOBJ_LockObject(ahObj[auiIndices[i]], objt);


        /* Check for failure */

        if (apObj[auiIndices[i]] == NULL)

        {

            /* Cleanup */

            while (i--)

            {

                if (apObj[auiIndices[i]])

                    GDIOBJ_vUnlockObject(apObj[auiIndices[i]]);

            }

            return FALSE;

        }

    }


    return TRUE;

}


PVOID

NTAPI

GDIOBJ_pvGetObjectAttr(POBJ pobj)

{

    ULONG ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);

    return gpentHmgr[ulIndex].pUser;

}


VOID

NTAPI

GDIOBJ_vSetObjectAttr(POBJ pobj, PVOID pvObjAttr)

{

    ULONG ulIndex;


    ASSERT(pobj->hHmgr);


    /* Get the handle index */

    ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);


    /* Set pointer to the usermode attribute */

    gpentHmgr[ulIndex].pUser = pvObjAttr;

}


VOID

NTAPI

GDIOBJ_vDeleteObject(POBJ pobj)

{

    ULONG ulIndex;


    /* Set the object's delete flag */

    InterlockedOr16((SHORT*)&pobj->BaseFlags, BASEFLAG_READY_TO_DIE);

    DBG_LOGEVENT(&pobj->slhLog, EVENT_DELETE, 0);


    /* Get the handle index */

    ulIndex = GDI_HANDLE_GET_INDEX(pobj->hHmgr);

    if (ulIndex)

    {

        /* Reset the handle valid bit */

        InterlockedAnd((LONG*)&gpaulRefCount[ulIndex], ~REF_MASK_VALID);


        /* Check if the object is exclusively locked */

        if (pobj->cExclusiveLock != 0)

        {

            /* Reset lock owner and lock count */

            pobj->dwThreadId = 0;

            pobj->cExclusiveLock = 0;


            /* Release the pushlock and reenable APCs */

            ExReleasePushLockExclusive(&pobj->pushlock);

            KeLeaveCriticalRegion();

            DECREASE_THREAD_LOCK_COUNT(pobj->hHmgr);

        }

    }


    /* Dereference the object (will take care of deletion) */

    GDIOBJ_vDereferenceObject(pobj);

}


BOOL

NTAPI

GreIsHandleValid(HGDIOBJ hobj)

{

    PENTRY pentry;


    pentry = ENTRY_ReferenceEntryByHandle(hobj, 0);

    if (!pentry) return FALSE;

    GDIOBJ_vDereferenceObject(pentry->einfo.pobj);

    return TRUE;

}


BOOL

NTAPI

GreDeleteObject(HGDIOBJ hobj)

{

    PENTRY pentry;


    /* Check for stock objects */

    if (GDI_HANDLE_IS_STOCKOBJ(hobj))

    {

        DPRINT1("GreDeleteObject: Cannot delete stock object %p.\n", hobj);

        return FALSE;

    }


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(hobj, 0);

    if (!pentry)

    {

        DPRINT1("GreDeleteObject: Trying to delete invalid object %p\n", hobj);

        return FALSE;

    }


    /* Check for public owner */

    if (pentry->ObjectOwner.ulObj == GDI_OBJ_HMGR_PUBLIC)

    {

        DPRINT1("GreDeleteObject: Trying to delete global object %p\n", hobj);

        GDIOBJ_vDereferenceObject(pentry->einfo.pobj);

        return FALSE;

    }


    /* Delete the object */

    GDIOBJ_vDeleteObject(pentry->einfo.pobj);

    return TRUE;

}


ULONG

NTAPI

GreGetObjectOwner(HGDIOBJ hobj)

{

    ULONG ulIndex, ulOwner;


    /* Get the handle index */

    ulIndex = GDI_HANDLE_GET_INDEX(hobj);


    /* Check if the handle is valid */

    if (ulIndex >= GDI_HANDLE_COUNT ||

        gpentHmgr[ulIndex].Objt == GDIObjType_DEF_TYPE ||

        ((ULONG_PTR)hobj >> 16) != gpentHmgr[ulIndex].FullUnique)

    {

        DPRINT1("GreGetObjectOwner: invalid handle 0x%p.\n", hobj);

        return GDI_OBJ_HMGR_RESTRICTED;

    }


    /* Get the object owner */

    ulOwner = gpentHmgr[ulIndex].ObjectOwner.ulObj;


    if (ulOwner == HandleToUlong(PsGetCurrentProcessId()))

        return GDI_OBJ_HMGR_POWNED;


    if (ulOwner == GDI_OBJ_HMGR_PUBLIC)

        return GDI_OBJ_HMGR_PUBLIC;


    return GDI_OBJ_HMGR_RESTRICTED;

}


BOOL

NTAPI

GreSetObjectOwnerEx(

    HGDIOBJ hobj,

    ULONG ulOwner,

    ULONG Flags)

{

    PENTRY pentry;


    /* Check for stock objects */

    if (GDI_HANDLE_IS_STOCKOBJ(hobj))

    {

        DPRINT("GreSetObjectOwner: Got stock object %p\n", hobj);

        return FALSE;

    }


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(hobj, Flags);

    if (!pentry)

    {

        DPRINT("GreSetObjectOwner: Invalid handle 0x%p.\n", hobj);

        return FALSE;

    }


    /* Call internal function */

    GDIOBJ_vSetObjectOwner(pentry->einfo.pobj, ulOwner);


    /* Dereference the object */

    GDIOBJ_vDereferenceObject(pentry->einfo.pobj);


    return TRUE;

}


BOOL

NTAPI

GreSetObjectOwner(

    HGDIOBJ hobj,

    ULONG ulOwner)

{

    return GreSetObjectOwnerEx(hobj, ulOwner, 0);

}


INT

NTAPI

GreGetObject(

    IN HGDIOBJ hobj,

    IN INT cbCount,

    OUT PVOID pvBuffer)

{

    PVOID pvObj;

    UCHAR objt;

    INT iResult = 0;


    /* Verify object type */

    objt = ((ULONG_PTR)hobj >> 16) & 0x1f;

    if (objt != GDIObjType_BRUSH_TYPE &&

        objt != GDIObjType_SURF_TYPE &&

        objt != GDIObjType_LFONT_TYPE &&

        objt != GDIObjType_PAL_TYPE)

    {

        DPRINT1("GreGetObject: Invalid object type\n");

        return 0;

    }


    pvObj = GDIOBJ_ReferenceObjectByHandle(hobj, objt);

    if (!pvObj)

    {

        DPRINT("GreGetObject: Could not lock object\n");

        return 0;

    }


    switch (GDI_HANDLE_GET_TYPE(hobj))

    {

        case GDILoObjType_LO_PEN_TYPE:

        case GDILoObjType_LO_EXTPEN_TYPE:

            iResult = PEN_GetObject(pvObj, cbCount, pvBuffer);

            break;


        case GDILoObjType_LO_BRUSH_TYPE:

            iResult = BRUSH_GetObject(pvObj, cbCount, pvBuffer);

            break;


        case GDILoObjType_LO_BITMAP_TYPE:

            iResult = BITMAP_GetObject(pvObj, cbCount, pvBuffer);

            break;


        case GDILoObjType_LO_FONT_TYPE:

            iResult = FontGetObject(pvObj, cbCount, pvBuffer);

            break;


        case GDILoObjType_LO_PALETTE_TYPE:

            iResult = PALETTE_GetObject(pvObj, cbCount, pvBuffer);

            break;


        default:

            DPRINT1("GDI object type of 0x%p not implemented\n", hobj);

            break;

    }


    GDIOBJ_vDereferenceObject(pvObj);

    return iResult;

}


W32KAPI

INT

APIENTRY

NtGdiExtGetObjectW(

    IN HANDLE hobj,

    IN INT cjBufferSize,

    OUT LPVOID lpBuffer)

{

    UINT iResult, cjMaxSize;

    union

    {

        BITMAP bitmap;

        DIBSECTION dibsection;

        LOGPEN logpen;

        LOGBRUSH logbrush;

        LOGFONTW logfontw;

        EXTLOGFONTW extlogfontw;

        ENUMLOGFONTEXDVW enumlogfontexdvw;

    } object;


    /* Normalize to the largest supported object size */

    cjMaxSize = min((UINT)cjBufferSize, sizeof(object));


    /* Now do the actual call */

    iResult = GreGetObject(hobj, cjMaxSize, lpBuffer ? &object : NULL);


    /* Check if we have a buffer and data */

    if ((lpBuffer != NULL) && (iResult != 0))

    {

        /* Enter SEH for buffer transfer */

        _SEH2_TRY

        {

            /* Probe the buffer and copy it */

            cjMaxSize = min(cjMaxSize, iResult);

            ProbeForWrite(lpBuffer, cjMaxSize, sizeof(WORD));

            RtlCopyMemory(lpBuffer, &object, cjMaxSize);

        }

        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)

        {

            /* Clear the return value.

             * Do *NOT* set last error here! */

            iResult = 0;

        }

        _SEH2_END;

    }


    /* Return the count */

    return iResult;

}


W32KAPI

HANDLE

APIENTRY

NtGdiCreateClientObj(

    IN ULONG ulType)

{

    POBJ pObject;

    HANDLE handle;


    /* Check if ulType is valid */

    if ((ulType != GDILoObjType_LO_METAFILE16_TYPE) &&

        (ulType != GDILoObjType_LO_METAFILE_TYPE) &&

        (ulType != GDILoObjType_LO_METADC16_TYPE))

    {

        DPRINT1("NtGdiCreateClientObj: Invalid object type 0x%lx.\n", ulType);

        return NULL;

    }


    /* Allocate a new object */

    pObject = GDIOBJ_AllocateObject(GDIObjType_CLIENTOBJ_TYPE,

                                    sizeof(CLIENTOBJ),

                                    BASEFLAG_LOOKASIDE);

    if (!pObject)

    {

        DPRINT1("NtGdiCreateClientObj: Could not allocate a clientobj.\n");

        return NULL;

    }


    /* Set the real object type */

    pObject->hHmgr = UlongToHandle(ulType | GDILoObjType_LO_CLIENTOBJ_TYPE);


    /* Create a handle */

    handle = GDIOBJ_hInsertObject(pObject, GDI_OBJ_HMGR_POWNED);

    if (!handle)

    {

        DPRINT1("NtGdiCreateClientObj: Could not create a handle.\n");

        GDIOBJ_vFreeObject(pObject);

        return NULL;

    }


    /* Unlock it */

    GDIOBJ_vUnlockObject(pObject);


    return handle;

}


W32KAPI

BOOL

APIENTRY

NtGdiDeleteClientObj(

    IN HANDLE hobj)

{

    /* We first need to get the real type from the handle */

    ULONG ulType = GDI_HANDLE_GET_TYPE(hobj);


    /* Check if it's really a CLIENTOBJ */

    if ((ulType & GDI_HANDLE_BASETYPE_MASK) != GDILoObjType_LO_CLIENTOBJ_TYPE)

    {

        /* FIXME: SetLastError? */

        return FALSE;

    }


    return GreDeleteObject(hobj);

}


PGDI_HANDLE_TABLE GdiHandleTable = NULL;


PGDIOBJ NTAPI

GDIOBJ_ShareLockObj(HGDIOBJ hObj, DWORD ExpectedType)

{

    if (ExpectedType == GDI_OBJECT_TYPE_DONTCARE)

        ExpectedType = GDI_HANDLE_GET_TYPE(hObj);

    return GDIOBJ_ReferenceObjectByHandle(hObj, (ExpectedType >> 16) & 0x1f);

}


// This function is not safe to use with concurrent deleting attempts

// That shouldn't be a problem, since we don't have any processes yet,

// that could delete the handle

BOOL

NTAPI

GDIOBJ_ConvertToStockObj(HGDIOBJ *phObj)

{

    PENTRY pentry;

    POBJ pobj;


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(*phObj, 0);

    if (!pentry)

    {

        DPRINT1("GDIOBJ: Requested handle 0x%p is not valid.\n", *phObj);

        return FALSE;

    }


    /* Update the entry */

    pentry->FullUnique |= GDI_ENTRY_STOCK_MASK;

    pentry->ObjectOwner.ulObj = 0;


    /* Get the pointer to the BASEOBJECT */

    pobj = pentry->einfo.pobj;


    /* Calculate the new handle */

    pobj->hHmgr = (HGDIOBJ)((ULONG_PTR)pobj->hHmgr | GDI_HANDLE_STOCK_MASK);


    /* Return the new handle */

    *phObj = pobj->hHmgr;


    /* Dereference the handle */

    GDIOBJ_vDereferenceObject(pobj);


    return TRUE;

}


BOOL

NTAPI

GDIOBJ_ConvertFromStockObj(HGDIOBJ *phObj)

{

    PENTRY pentry;

    POBJ pobj;


    /* Reference the handle entry */

    pentry = ENTRY_ReferenceEntryByHandle(*phObj, 0);

    if (!pentry)

    {

        DPRINT1("GDIOBJ: Requested handle 0x%p is not valid.\n", *phObj);

        return FALSE;

    }


    /* Update the entry */

    pentry->FullUnique &= ~GDI_ENTRY_STOCK_MASK;

    pentry->ObjectOwner.ulObj = PtrToUlong(PsGetCurrentProcessId());


    /* Get the pointer to the BASEOBJECT */

    pobj = pentry->einfo.pobj;


    /* Calculate the new handle */

    pobj->hHmgr = (HGDIOBJ)((ULONG_PTR)pobj->hHmgr & ~GDI_HANDLE_STOCK_MASK);


    /* Return the new handle */

    *phObj = pobj->hHmgr;


    /* Dereference the handle */

    GDIOBJ_vDereferenceObject(pobj);


    return TRUE;

}


POBJ NTAPI

GDIOBJ_AllocObjWithHandle(ULONG ObjectType, ULONG cjSize)

{

    POBJ pobj;

    FLONG fl = 0;

    UCHAR objt = (ObjectType >> 16) & 0xFF;


    if ((objt == GDIObjType_DC_TYPE && cjSize == sizeof(DC)) ||

        (objt == GDIObjType_PAL_TYPE && cjSize == sizeof(PALETTE)) ||

        (objt == GDIObjType_RGN_TYPE && cjSize == sizeof(REGION)) ||

        (objt == GDIObjType_SURF_TYPE && cjSize == sizeof(SURFACE)) ||

        (objt == GDIObjType_PATH_TYPE && cjSize == sizeof(PATH)))

    {

        fl |= BASEFLAG_LOOKASIDE;

    }


    pobj = GDIOBJ_AllocateObject(objt, cjSize, fl);

    if (!pobj)

    {

        return NULL;

    }


    if (!GDIOBJ_hInsertObject(pobj, GDI_OBJ_HMGR_POWNED))

    {

        GDIOBJ_vFreeObject(pobj);

        return NULL;

    }

    return pobj;

}


PVOID NTAPI

GDI_MapHandleTable(PEPROCESS pProcess)

{

    PVOID pvMappedView = NULL;

    NTSTATUS Status;

    LARGE_INTEGER liOffset;

    SIZE_T cjViewSize = sizeof(GDI_HANDLE_TABLE);


    liOffset.QuadPart = 0;


    ASSERT(gpvGdiHdlTblSection != NULL);

    ASSERT(pProcess != NULL);


    Status = MmMapViewOfSection(gpvGdiHdlTblSection,

                                pProcess,

                                &pvMappedView,

                                0,

                                0,

                                &liOffset,

                                &cjViewSize,

                                ViewUnmap,

                                SEC_NO_CHANGE,

                                PAGE_READONLY);


    if (!NT_SUCCESS(Status))

        return NULL;


    return pvMappedView;

}


BOOL NTAPI

GDI_CleanupForProcess(struct _EPROCESS *Process)

{

    PENTRY pentry;

    ULONG ulIndex;

    DWORD dwProcessId;

    PPROCESSINFO ppi;


    DPRINT("CleanupForProcess prochandle %p Pid %p\n",

           Process, Process->UniqueProcessId);


    ASSERT(Process == PsGetCurrentProcess());


    /* Get the current process Id */

    dwProcessId = PtrToUlong(PsGetCurrentProcessId());


    /* Loop all handles in the handle table */

    for (ulIndex = RESERVE_ENTRIES_COUNT; ulIndex < gulFirstUnused; ulIndex++)

    {

        pentry = &gpentHmgr[ulIndex];


        /* Check if the object is owned by the process */

        if (pentry->ObjectOwner.ulObj == dwProcessId)

        {

            ASSERT(pentry->einfo.pobj->cExclusiveLock == 0);


            /* Reference the object and delete it */

            InterlockedIncrement((LONG*)&gpaulRefCount[ulIndex]);

            GDIOBJ_vDeleteObject(pentry->einfo.pobj);

        }

    }


#if DBG

    DbgGdiHTIntegrityCheck();

#endif


    ppi = PsGetCurrentProcessWin32Process();

    DPRINT("Completed cleanup for process %p\n", Process->UniqueProcessId);

    if (ppi->GDIHandleCount != 0)

    {

        DPRINT1("Leaking %d handles!\n", ppi->GDIHandleCount);

        ASSERT(FALSE);

    }


    /* Loop all handles in the handle table */

    for (ulIndex = RESERVE_ENTRIES_COUNT; ulIndex < gulFirstUnused; ulIndex++)

    {

        pentry = &gpentHmgr[ulIndex];


        /* Check if the object is owned by the process */

        if (pentry->ObjectOwner.ulObj == dwProcessId)

        {

            DPRINT1("Leaking object. Index=%lx, type=0x%x, refcount=%lx\n",

                    ulIndex, pentry->Objt, gpaulRefCount[ulIndex]);

            DBG_DUMP_EVENT_LIST(&pentry->einfo.pobj->slhLog);

            //DBG_CLEANUP_EVENT_LIST(&pentry->einfo.pobj->slhLog);

            ASSERT(FALSE);

        }

    }


    return TRUE;

}


PGDI_POOL

GetBrushAttrPool(VOID)

{

    PPROCESSINFO ppi;


    ppi = PsGetCurrentProcessWin32Process();

    NT_ASSERT(ppi != NULL);


    return ppi->pPoolBrushAttr;

}


/* EOF */

MmMapViewInSessionSpace
NTSTATUS NTAPI MmMapViewInSessionSpace(IN PVOID Section, OUT PVOID *MappedBase, IN OUT PSIZE_T ViewSize)
Definition: section.c:3054

InterlockedIncrement
#define InterlockedIncrement
Definition: armddk.h:53

InterlockedDecrement
#define InterlockedDecrement
Definition: armddk.h:52

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

DPRINT1
#define DPRINT1
Definition: precomp.h:8

UlongToHandle
#define UlongToHandle(ul)
Definition: basetsd.h:97

HandleToUlong
#define HandleToUlong(h)
Definition: basetsd.h:79

ULongToHandle
#define ULongToHandle(h)
Definition: basetsd.h:81

BITMAP_GetObject
INT APIENTRY BITMAP_GetObject(SURFACE *psurf, INT Count, LPVOID buffer)
Definition: bitmaps.c:771

BRUSH_vDeleteObject
VOID NTAPI BRUSH_vDeleteObject(PVOID pvObject)
Definition: brush.cpp:263

BRUSH_GetObject
INT FASTCALL BRUSH_GetObject(PBRUSH pbr, INT cjBuffer, LPLOGBRUSH plbBuffer)
Definition: brush.cpp:271

GetBrushAttrPool
PGDI_POOL GetBrushAttrPool(VOID)

BRUSH
Definition: brush.hpp:16

lpBuffer
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:175

DC_vCleanup
VOID NTAPI DC_vCleanup(PVOID ObjectBody)
Definition: dclife.c:357

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

APIENTRY
#define APIENTRY
Definition: api.h:79

PAGE_READONLY
#define PAGE_READONLY
Definition: compat.h:138

DRIVEROBJ_vCleanup
VOID NTAPI DRIVEROBJ_vCleanup(PVOID pObject)
DRIVEROBJ cleanup function.
Definition: driverobj.c:24

UlongToPtr
#define UlongToPtr(u)
Definition: config.h:106

ULONG_PTR
#define ULONG_PTR
Definition: config.h:101

PtrToUlong
#define PtrToUlong(u)
Definition: config.h:107

ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350

NonPagedPool
#define NonPagedPool
Definition: env_spec_w32.h:307

PagedPool
#define PagedPool
Definition: env_spec_w32.h:308

ExInitializePushLock
#define ExInitializePushLock
Definition: ex.h:1012

ExAcquirePushLockExclusive
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1035

ExReleasePushLockExclusive
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1251

ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143

dwThreadId
DWORD dwThreadId
Definition: fdebug.c:31

_SEH2_END
#define _SEH2_END
Definition: filesup.c:22

_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19

PsGetCurrentThreadId
PsGetCurrentThreadId
Definition: CrNtStubs.h:8

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

WORD
unsigned short WORD
Definition: ntddk_ex.h:93

Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223

pObject
FxObject * pObject
Definition: fxobjectapi.cpp:302

GDI_OBJECT_TYPE_DONTCARE
#define GDI_OBJECT_TYPE_DONTCARE
Definition: gdi.h:64

GDI_HANDLE_STOCK_MASK
#define GDI_HANDLE_STOCK_MASK
Definition: gdi.h:19

GDI_HANDLE_GET_INDEX
#define GDI_HANDLE_GET_INDEX(h)
Definition: gdi.h:28

GDI_HANDLE_GET_TYPE
#define GDI_HANDLE_GET_TYPE(h)
Definition: gdi.h:31

GDI_HANDLE_BASETYPE_MASK
#define GDI_HANDLE_BASETYPE_MASK
Definition: gdi.h:18

GDI_HANDLE_COUNT
#define GDI_HANDLE_COUNT
Definition: gdi.h:12

GDI_HANDLE_INDEX_MASK
#define GDI_HANDLE_INDEX_MASK
Definition: gdi.h:16

GDI_HANDLE_IS_STOCKOBJ
#define GDI_HANDLE_IS_STOCKOBJ(h)
Definition: gdi.h:37

GDILoObjType_LO_FONT_TYPE
@ GDILoObjType_LO_FONT_TYPE
Definition: gdi_private.h:37

GDILoObjType_LO_PALETTE_TYPE
@ GDILoObjType_LO_PALETTE_TYPE
Definition: gdi_private.h:36

GDILoObjType_LO_CLIENTOBJ_TYPE
@ GDILoObjType_LO_CLIENTOBJ_TYPE
Definition: gdi_private.h:40

GDILoObjType_LO_BRUSH_TYPE
@ GDILoObjType_LO_BRUSH_TYPE
Definition: gdi_private.h:33

GDILoObjType_LO_BITMAP_TYPE
@ GDILoObjType_LO_BITMAP_TYPE
Definition: gdi_private.h:35

GDILoObjType_LO_METAFILE_TYPE
@ GDILoObjType_LO_METAFILE_TYPE
Definition: gdi_private.h:48

GDILoObjType_LO_METADC16_TYPE
@ GDILoObjType_LO_METADC16_TYPE
Definition: gdi_private.h:49

GDILoObjType_LO_EXTPEN_TYPE
@ GDILoObjType_LO_EXTPEN_TYPE
Definition: gdi_private.h:45

GDILoObjType_LO_METAFILE16_TYPE
@ GDILoObjType_LO_METAFILE16_TYPE
Definition: gdi_private.h:47

GDILoObjType_LO_PEN_TYPE
@ GDILoObjType_LO_PEN_TYPE
Definition: gdi_private.h:44

DBG_LOGEVENT
#define DBG_LOGEVENT(pslh, type, val)
Definition: gdidebug.h:109

DBG_CLEANUP_EVENT_LIST
#define DBG_CLEANUP_EVENT_LIST(pslh)
Definition: gdidebug.h:112

DBG_DUMP_EVENT_LIST
#define DBG_DUMP_EVENT_LIST(pslh)
Definition: gdidebug.h:111

DBG_INITLOG
#define DBG_INITLOG(pslh)
Definition: gdidebug.h:110

DbgGdiHTIntegrityCheck
BOOL NTAPI DbgGdiHTIntegrityCheck(VOID)

DbgCaptureStackBackTace
ULONG NTAPI DbgCaptureStackBackTace(_Out_writes_(cFramesToCapture) PVOID *ppvFrames, _In_ ULONG cFramesToSkip, _In_ ULONG cFramesToCapture)

BASEFLAG_READY_TO_DIE
@ BASEFLAG_READY_TO_DIE
Definition: gdiobj.h:61

BASEFLAG_LOOKASIDE
@ BASEFLAG_LOOKASIDE
Definition: gdiobj.h:58

GDIOBJFLAG_IGNOREPID
@ GDIOBJFLAG_IGNOREPID
Definition: gdiobj.h:72

GDICLEANUPPROC
VOID(NTAPI * GDICLEANUPPROC)(PVOID ObjectBody)
Definition: gdiobj.h:33

GDI_OBJECT_STACK_LEVELS
#define GDI_OBJECT_STACK_LEVELS
Definition: gdiobj.h:8

RESERVE_ENTRIES_COUNT
static const unsigned RESERVE_ENTRIES_COUNT
Definition: gdiobj.h:11

GDIOBJDELETEPROC
VOID(NTAPI * GDIOBJDELETEPROC)(PVOID ObjectBody)
Definition: gdiobj.h:34

GDI_HANDLE_TABLE
struct _GDI_HANDLE_TABLE GDI_HANDLE_TABLE

Status
Status
Definition: gdiplustypes.h:25

i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248

j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250

EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85

void
Definition: nsiface.idl:2307

InterlockedExchangeAdd
#define InterlockedExchangeAdd
Definition: interlocked.h:181

InterlockedOr
#define InterlockedOr
Definition: interlocked.h:224

InterlockedCompareExchange
#define InterlockedCompareExchange
Definition: interlocked.h:104

InterlockedOr16
#define InterlockedOr16
Definition: interlocked.h:239

InterlockedAnd
#define InterlockedAnd
Definition: interlocked.h:62

CODE_SEG
static CODE_SEG("PAGE")
Definition: isapnp.c:1482

KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119

KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88

ExInitializePagedLookasideList
VOID NTAPI ExInitializePagedLookasideList(IN PPAGED_LOOKASIDE_LIST Lookaside, IN PALLOCATE_FUNCTION Allocate OPTIONAL, IN PFREE_FUNCTION Free OPTIONAL, IN ULONG Flags, IN SIZE_T Size, IN ULONG Tag, IN USHORT Depth)
Definition: lookas.c:270

ASSERT
#define ASSERT(a)
Definition: mode.c:44

ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109

ObjectType
ObjectType
Definition: metafile.c:81

cbCount
static int cbCount
Definition: fiber.c:42

min
#define min(a, b)
Definition: monoChain.cc:55

__analysis_assume
#define __analysis_assume(expr)
Definition: ms_sal.h:2893

_In_
#define _In_
Definition: ms_sal.h:308

_Interlocked_operand_
#define _Interlocked_operand_
Definition: ms_sal.h:2951

UINT
unsigned int UINT
Definition: ndis.h:50

Source
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3169

SEC_COMMIT
#define SEC_COMMIT
Definition: mmtypes.h:99

SEC_NO_CHANGE
#define SEC_NO_CHANGE
Definition: mmtypes.h:94

PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304

SECTION_ALL_ACCESS
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293

ViewUnmap
@ ViewUnmap
Definition: nt_native.h:1279

FLONG
unsigned long FLONG
Definition: ntbasedef.h:366

DBG_UNREFERENCED_PARAMETER
#define DBG_UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:318

W32KAPI
#define W32KAPI
Definition: ntgdi.h:9

GDI_OBJ_HMGR_POWNED
#define GDI_OBJ_HMGR_POWNED
Definition: ntgdihdl.h:117

GDI_OBJ_HMGR_PUBLIC
#define GDI_OBJ_HMGR_PUBLIC
Definition: ntgdihdl.h:116

GDI_ENTRY_STOCK_MASK
#define GDI_ENTRY_STOCK_MASK
Definition: ntgdihdl.h:33

GDI_OBJ_HMGR_RESTRICTED
#define GDI_OBJ_HMGR_RESTRICTED
Definition: ntgdihdl.h:119

GDI_OBJ_HMGR_NONE
#define GDI_OBJ_HMGR_NONE
Definition: ntgdihdl.h:118

GDIObjType_ICMLCS_TYPE
@ GDIObjType_ICMLCS_TYPE
Definition: ntgdityp.h:129

GDIObjTypeTotal
@ GDIObjTypeTotal
Definition: ntgdityp.h:152

GDIObjType_PAL_TYPE
@ GDIObjType_PAL_TYPE
Definition: ntgdityp.h:128

GDIObjType_DC_TYPE
@ GDIObjType_DC_TYPE
Definition: ntgdityp.h:121

GDIObjType_LFONT_TYPE
@ GDIObjType_LFONT_TYPE
Definition: ntgdityp.h:130

GDIObjType_PATH_TYPE
@ GDIObjType_PATH_TYPE
Definition: ntgdityp.h:127

GDIObjType_BRUSH_TYPE
@ GDIObjType_BRUSH_TYPE
Definition: ntgdityp.h:136

GDIObjType_RGN_TYPE
@ GDIObjType_RGN_TYPE
Definition: ntgdityp.h:124

GDIObjType_SURF_TYPE
@ GDIObjType_SURF_TYPE
Definition: ntgdityp.h:125

GDIObjType_CLIENTOBJ_TYPE
@ GDIObjType_CLIENTOBJ_TYPE
Definition: ntgdityp.h:126

GDIObjType_DEF_TYPE
@ GDIObjType_DEF_TYPE
Definition: ntgdityp.h:120

PsGetProcessWin32Process
PVOID NTAPI PsGetProcessWin32Process(PEPROCESS Process)
Definition: process.c:1193

PsLookupProcessByProcessId
NTSTATUS NTAPI PsLookupProcessByProcessId(IN HANDLE ProcessId, OUT PEPROCESS *Process)
Definition: process.c:919

PsGetCurrentProcessWin32Process
PVOID NTAPI PsGetCurrentProcessWin32Process(VOID)
Definition: process.c:1183

PsGetCurrentProcessId
HANDLE NTAPI PsGetCurrentProcessId(VOID)
Definition: process.c:1123

PsGetCurrentThreadWin32Thread
PVOID NTAPI PsGetCurrentThreadWin32Thread(VOID)
Definition: thread.c:805

STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260

PATH
struct _PATH PATH

SHORT
short SHORT
Definition: pedump.c:59

LONG
long LONG
Definition: pedump.c:60

USHORT
unsigned short USHORT
Definition: pedump.c:61

FL_ZERO_MEMORY
#define FL_ZERO_MEMORY
Definition: polytest.cpp:58

_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34

REGION
struct _REGION REGION

MmMapViewOfSection
NTSTATUS NTAPI MmMapViewOfSection(IN PVOID SectionObject, IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3968

MmCreateSection
NTSTATUS NTAPI MmCreateSection(OUT PVOID *Section, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL, IN PFILE_OBJECT FileObject OPTIONAL)
Definition: section.c:4579

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

DPRINT
#define DPRINT
Definition: sndvol32.h:71

DC
Definition: polytest.cpp:41

LOGFONTW
Definition: dimm.idl:58

_BASEOBJECT
Definition: gdiobj.h:39

_BASEOBJECT::hHmgr
HGDIOBJ hHmgr
Definition: gdiobj.h:40

_BASEOBJECT::BaseFlags
USHORT BaseFlags
Definition: gdiobj.h:46

_BASEOBJECT::cExclusiveLock
USHORT cExclusiveLock
Definition: gdiobj.h:45

_BASEOBJECT::dwThreadId
DWORD dwThreadId
Definition: gdiobj.h:43

_BASEOBJECT::ulShareCount
ULONG ulShareCount
Definition: gdiobj.h:42

_BASEOBJECT::pushlock
EX_PUSH_LOCK pushlock
Definition: gdiobj.h:47

_BITMAP
Definition: bl.h:1331

_CLIENTOBJ
Definition: gdiobj.h:65

_COLORSPACE
Definition: color.h:10

_ENTRY
Definition: ntgdihdl.h:218

_ENTRY::ObjectOwner
union _ENTRY::_OBJECTOWNER ObjectOwner

_ENTRY::Objt
UCHAR Objt
Definition: ntgdihdl.h:236

_ENTRY::pUser
PVOID pUser
Definition: ntgdihdl.h:238

_ENTRY::einfo
union _ENTRY::_EINFO einfo

_ENTRY::FullUnique
USHORT FullUnique
Definition: ntgdihdl.h:235

_EPROCESS
Definition: pstypes.h:1261

_GDI_HANDLE_TABLE
Definition: gdiobj.h:14

_GDI_POOL
Definition: gdipool.c:30

_LFONT
Definition: text.h:60

_PALETTE
Definition: palette.h:33

_PATH
Definition: path.h:35

_PROCESSINFO
Definition: win32.h:253

_PROCESSINFO::pPoolBrushAttr
struct _GDI_POOL * pPoolBrushAttr
Definition: win32.h:292

_REGION
Definition: region.h:8

_SURFACE
Definition: surface.h:5

_THREADINFO
Definition: win32.h:84

_THREADINFO::cExclusiveLocks
ULONG cExclusiveLocks
Definition: win32.h:158

bitmap
Definition: uimain.c:89

handle
Definition: rpc_generic.c:61

object
Definition: bcrypt_main.c:258

status
Definition: ps.c:97

tagDIBSECTION
Definition: wingdi.h:1668

tagENUMLOGFONTEXDVW
Definition: wingdi.h:2778

tagEXTLOGFONTW
Definition: wingdi.h:1924

tagLOGBRUSH
Definition: wingdi.h:1746

tagLOGPEN
Definition: wingdi.h:1844

PULONG
uint32_t * PULONG
Definition: typedefs.h:59

NTAPI
#define NTAPI
Definition: typedefs.h:36

PVOID
void * PVOID
Definition: typedefs.h:50

SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80

INT
int32_t INT
Definition: typedefs.h:58

RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263

RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262

ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65

IN
#define IN
Definition: typedefs.h:39

PLONG
int32_t * PLONG
Definition: typedefs.h:58

ULONG
uint32_t ULONG
Definition: typedefs.h:59

OUT
#define OUT
Definition: typedefs.h:40

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

_ENTRY::_EINFO::pobj
struct _BASEOBJECT * pobj
Definition: ntgdihdl.h:221

_ENTRY::_EINFO::hFree
HGDIOBJ hFree
Definition: ntgdihdl.h:222

_ENTRY::_OBJECTOWNER::ulObj
ULONG ulObj
Definition: ntgdihdl.h:232

_LARGE_INTEGER
Definition: typedefs.h:103

_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114

ulType
_In_z_ PCWSTR _In_ ULONG ulType
Definition: ntuser.h:48

FORCEINLINE
#define FORCEINLINE
Definition: wdftypes.h:67

win32k.h

SURFACE_vCleanup
VOID NTAPI SURFACE_vCleanup(PVOID ObjectBody)
Definition: surface.c:67

SURFACE
struct _SURFACE SURFACE

FontGetObject
ULONG FASTCALL FontGetObject(PTEXTOBJ plfont, ULONG cjBuffer, PVOID pvBuffer)
Definition: font.c:293

GreSetObjectOwner
BOOL NTAPI GreSetObjectOwner(HGDIOBJ hobj, ULONG ulOwner)
Definition: gdiobj.c:1255

gulFirstUnused
volatile ULONG gulFirstUnused
Definition: gdiobj.c:152

InitLookasideList
static VOID InitLookasideList(UCHAR objt, ULONG cjSize)
Definition: gdiobj.c:245

gulFirstFree
volatile ULONG gulFirstFree
Definition: gdiobj.c:151

ENTRY_pentPopFreeEntry
static PENTRY ENTRY_pentPopFreeEntry(VOID)
Definition: gdiobj.c:382

GDIOBJ_ConvertToStockObj
BOOL NTAPI GDIOBJ_ConvertToStockObj(HGDIOBJ *phObj)
Definition: gdiobj.c:1455

GDIOBJ_ReferenceObjectByHandle
POBJ NTAPI GDIOBJ_ReferenceObjectByHandle(HGDIOBJ hobj, UCHAR objt)
Definition: gdiobj.c:691

GDIOBJ_vDereferenceObject
VOID NTAPI GDIOBJ_vDereferenceObject(POBJ pobj)
Definition: gdiobj.c:631

GDIOBJ_pvGetObjectAttr
PVOID NTAPI GDIOBJ_pvGetObjectAttr(POBJ pobj)
Definition: gdiobj.c:1088

gpvGdiHdlTblSection
static PVOID gpvGdiHdlTblSection
Definition: gdiobj.c:148

GreSetObjectOwnerEx
BOOL NTAPI GreSetObjectOwnerEx(HGDIOBJ hobj, ULONG ulOwner, ULONG Flags)
Definition: gdiobj.c:1222

GDIOBJ_ConvertFromStockObj
BOOL NTAPI GDIOBJ_ConvertFromStockObj(HGDIOBJ *phObj)
Definition: gdiobj.c:1489

InterlockedReadUlong
FORCEINLINE ULONG InterlockedReadUlong(_In_ _Interlocked_operand_ ULONG volatile *Source)
Definition: gdiobj.c:55

IncrementGdiHandleCount
static VOID IncrementGdiHandleCount(ULONG ulProcessId)
Definition: gdiobj.c:348

GDIOBJ_vCleanup
static VOID NTAPI GDIOBJ_vCleanup(PVOID ObjectBody)
Definition: gdiobj.c:238

GDIOBJ_vFreeObject
VOID NTAPI GDIOBJ_vFreeObject(POBJ pobj)
Definition: gdiobj.c:596

gpaLookasideList
static PPAGED_LOOKASIDE_LIST gpaLookasideList
Definition: gdiobj.c:153

NtGdiExtGetObjectW
W32KAPI INT APIENTRY NtGdiExtGetObjectW(IN HANDLE hobj, IN INT cjBufferSize, OUT LPVOID lpBuffer)
Definition: gdiobj.c:1326

INCREASE_THREAD_LOCK_COUNT
FORCEINLINE void INCREASE_THREAD_LOCK_COUNT(_In_ HANDLE hobj)
Definition: gdiobj.c:63

NtGdiDeleteClientObj
W32KAPI BOOL APIENTRY NtGdiDeleteClientObj(IN HANDLE hobj)
Definition: gdiobj.c:1422

GDIOBJ_hInsertObject
HGDIOBJ NTAPI GDIOBJ_hInsertObject(POBJ pobj, ULONG ulOwner)
Definition: gdiobj.c:912

GDIOBJ_vSetObjectAttr
VOID NTAPI GDIOBJ_vSetObjectAttr(POBJ pobj, PVOID pvObjAttr)
Definition: gdiobj.c:1096

DECREASE_THREAD_LOCK_COUNT
FORCEINLINE void DECREASE_THREAD_LOCK_COUNT(_In_ HANDLE hobj)
Definition: gdiobj.c:79

ENTRY_hInsertObject
static HGDIOBJ ENTRY_hInsertObject(PENTRY pentry, POBJ pobj, UCHAR objt, ULONG ulOwner)
Definition: gdiobj.c:539

DecrementGdiHandleCount
static VOID DecrementGdiHandleCount(ULONG ulProcessId)
Definition: gdiobj.c:365

REF_MASK_REUSE
@ REF_MASK_REUSE
Definition: gdiobj.c:138

REF_INC_REUSE
@ REF_INC_REUSE
Definition: gdiobj.c:139

REF_MASK_COUNT
@ REF_MASK_COUNT
Definition: gdiobj.c:141

REF_MASK_INUSE
@ REF_MASK_INUSE
Definition: gdiobj.c:142

REF_MASK_VALID
@ REF_MASK_VALID
Definition: gdiobj.c:140

GreDeleteObject
BOOL NTAPI GreDeleteObject(HGDIOBJ hobj)
Definition: gdiobj.c:1158

GDIOBJ_bLockMultipleObjects
BOOL NTAPI GDIOBJ_bLockMultipleObjects(IN ULONG ulCount, IN HGDIOBJ *ahObj, OUT PGDIOBJ *apObj, IN UCHAR objt)
Definition: gdiobj.c:1031

GDI_CleanupForProcess
BOOL NTAPI GDI_CleanupForProcess(struct _EPROCESS *Process)
Definition: gdiobj.c:1582

GDIOBJ_vSetObjectOwner
VOID NTAPI GDIOBJ_vSetObjectOwner(POBJ pobj, ULONG ulNewOwner)
Definition: gdiobj.c:965

GDIOBJ_POOL_TAG
#define GDIOBJ_POOL_TAG(type)
Definition: gdiobj.c:134

gpentHmgr
PENTRY gpentHmgr
Definition: gdiobj.c:149

ASSERT_SHARED_OBJECT_TYPE
#define ASSERT_SHARED_OBJECT_TYPE(objt)
Definition: gdiobj.c:125

GDIOBJ_LockObject
PGDIOBJ NTAPI GDIOBJ_LockObject(HGDIOBJ hobj, UCHAR objt)
Definition: gdiobj.c:826

GreGetObjectOwner
ULONG NTAPI GreGetObjectOwner(HGDIOBJ hobj)
Definition: gdiobj.c:1192

apfnCleanup
static const GDICLEANUPPROC apfnCleanup[]
Definition: gdiobj.c:159

InitGdiHandleTable
NTSTATUS NTAPI InitGdiHandleTable(void)
Definition: gdiobj.c:259

apfnDelete
static const GDIOBJDELETEPROC apfnDelete[]
Definition: gdiobj.c:197

IncrementCurrentProcessGdiHandleCount
FORCEINLINE VOID IncrementCurrentProcessGdiHandleCount(void)
Definition: gdiobj.c:332

GDIOBJ_AllocateObject
POBJ NTAPI GDIOBJ_AllocateObject(UCHAR objt, ULONG cjSize, FLONG fl)
Definition: gdiobj.c:562

GreIsHandleValid
BOOL NTAPI GreIsHandleValid(HGDIOBJ hobj)
Definition: gdiobj.c:1146

GDI_MapHandleTable
PVOID NTAPI GDI_MapHandleTable(PEPROCESS pProcess)
Definition: gdiobj.c:1552

gpaulRefCount
PULONG gpaulRefCount
Definition: gdiobj.c:150

ENTRY_vPushFreeEntry
static VOID ENTRY_vPushFreeEntry(PENTRY pentFree)
Definition: gdiobj.c:439

GDIOBJ_AllocObjWithHandle
POBJ NTAPI GDIOBJ_AllocObjWithHandle(ULONG ObjectType, ULONG cjSize)
Definition: gdiobj.c:1522

GDIOBJ_ShareLockObj
PGDIOBJ NTAPI GDIOBJ_ShareLockObj(HGDIOBJ hObj, DWORD ExpectedType)
Definition: gdiobj.c:1443

NtGdiCreateClientObj
W32KAPI HANDLE APIENTRY NtGdiCreateClientObj(IN ULONG ulType)
Definition: gdiobj.c:1376

GreGetObject
INT NTAPI GreGetObject(IN HGDIOBJ hobj, IN INT cbCount, OUT PVOID pvBuffer)
Definition: gdiobj.c:1264

ASSERT_TRYLOCK_OBJECT_TYPE
#define ASSERT_TRYLOCK_OBJECT_TYPE(objt)
Definition: gdiobj.c:127

GDIOBJ_vUnlockObject
VOID NTAPI GDIOBJ_vUnlockObject(POBJ pobj)
Definition: gdiobj.c:880

GdiHandleTable
PGDI_HANDLE_TABLE GdiHandleTable
Definition: gdiobj.c:1440

GDIOBJ_vDeleteObject
VOID NTAPI GDIOBJ_vDeleteObject(POBJ pobj)
Definition: gdiobj.c:1111

DecrementCurrentProcessGdiHandleCount
FORCEINLINE VOID DecrementCurrentProcessGdiHandleCount(void)
Definition: gdiobj.c:340

ASSERT_LOCK_ORDER
#define ASSERT_LOCK_ORDER(hobj)
Definition: gdiobj.c:124

ASSERT_EXCLUSIVE_OBJECT_TYPE
#define ASSERT_EXCLUSIVE_OBJECT_TYPE(objt)
Definition: gdiobj.c:126

GDIOBJ_TryLockObject
PGDIOBJ NTAPI GDIOBJ_TryLockObject(HGDIOBJ hobj, UCHAR objt)
Definition: gdiobj.c:757

ENTRY_ReferenceEntryByHandle
static PENTRY ENTRY_ReferenceEntryByHandle(HGDIOBJ hobj, FLONG fl)
Definition: gdiobj.c:478

GDIOBJ_vReferenceObjectByPointer
VOID NTAPI GDIOBJ_vReferenceObjectByPointer(POBJ pobj)
Definition: gdiobj.c:734

ExTryAcquirePushLockExclusive
FORCEINLINE BOOLEAN ExTryAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: misc.h:102

PALETTE_GetObject
INT FASTCALL PALETTE_GetObject(PPALETTE ppal, INT cbCount, LPLOGBRUSH lpBuffer)
Definition: palette.c:247

PALETTE_vCleanup
VOID NTAPI PALETTE_vCleanup(PVOID ObjectBody)
Definition: palette.c:236

PALETTE
struct _PALETTE PALETTE

PEN_GetObject
INT APIENTRY PEN_GetObject(PBRUSH pbrushPen, INT cbCount, PLOGPEN pBuffer)
Definition: pen.c:290

REGION_vCleanup
VOID NTAPI REGION_vCleanup(PVOID ObjectBody)
Definition: region.c:2449

TAG_GDIHNDTBLE
#define TAG_GDIHNDTBLE
Definition: tags.h:16

GDITAG_HMGR_LOOKASIDE_START
#define GDITAG_HMGR_LOOKASIDE_START
Definition: tags.h:131

fl
_In_ FLONG fl
Definition: winddi.h:1279

cjSize
_In_ ULONG cjSize
Definition: winddi.h:3634

HGDIOBJ
void * HGDIOBJ
Definition: windef.h:252

Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

PAGED_LOOKASIDE_LIST
struct LOOKASIDE_ALIGN _PAGED_LOOKASIDE_LIST PAGED_LOOKASIDE_LIST

PPAGED_LOOKASIDE_LIST
struct LOOKASIDE_ALIGN _PAGED_LOOKASIDE_LIST * PPAGED_LOOKASIDE_LIST

ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203

PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

NT_ASSERT
#define NT_ASSERT
Definition: rtlfuncs.h:3310

UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181