https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e6a9aafe58f8938de7884fd06fb867144fe568ed
commit e6a9aafe58f8938de7884fd06fb867144fe568ed
Author: maharmstone <m...@harmstone.com>
AuthorDate: Tue Aug 27 01:39:27 2019 +0100
Commit: Hermès BÉLUSCA - MAÏTO <hermes.belusca-ma...@reactos.org>
CommitDate: Tue Aug 27 02:39:27 2019 +0200
[CMLIB] Clean volatile registry entries in the same manner as Windows
(#1883)
This fixes the crashes in HvpGetCellMapped on Windows Server 2003 when
booting from Freeloader, as mentioned in maharmstone/btrfs#16.
When the bootloader loads the system hive, it cleans the data pertaining to
any volatile keys. The Windows bootloader does this by setting
SubKeyCounts[Volatile] to 0. After boot, the kernel marks any cell where this
is 0 but SubKeyLists[Volatile] isn't HCELL_NIL as dirty, meaning that the
sanitized version will then get flushed to the disk.
Because Freeloader sets SubKeyLists[Volatile] to HCELL_NIL straightaway,
Windows thinks the cell is clean, and can unload it without flushing. If it
then reads it from the disk, it will crash in HvpGetCellMapped due to the stale
volatile pointers.
If you break on nt!CmpInitializeSystemHive on Windows and "gu" to the let
the function run, you'll see that DirtyVector of the HHIVE has only the first 8
bits set. If you run it using the official bootloader, it'll have a lot more
than that.
---
sdk/lib/cmlib/cminit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sdk/lib/cmlib/cminit.c b/sdk/lib/cmlib/cminit.c
index b1b060d8c41..699376e75d9 100644
--- a/sdk/lib/cmlib/cminit.c
+++ b/sdk/lib/cmlib/cminit.c
@@ -120,8 +120,8 @@ CmpPrepareKey(
ASSERT(KeyCell->Signature == CM_KEY_NODE_SIGNATURE);
- KeyCell->SubKeyLists[Volatile] = HCELL_NIL;
KeyCell->SubKeyCounts[Volatile] = 0;
+ // KeyCell->SubKeyLists[Volatile] = HCELL_NIL; // FIXME! Done only on
Windows < XP.
/* Enumerate and add subkeys */
if (KeyCell->SubKeyCounts[Stable] > 0)
