https://git.reactos.org/?p=reactos.git;a=commitdiff;h=97d15909142b04f12b95ef21b7507a0835eb7741
commit 97d15909142b04f12b95ef21b7507a0835eb7741 Author: Mark Jansen <[email protected]> AuthorDate: Mon Jun 10 19:47:50 2019 +0200 Commit: Mark Jansen <[email protected]> CommitDate: Sat Jun 15 21:26:41 2019 +0200 [WIN32K] Attach to the target process before unhooking CORE-16083 --- win32ss/user/ntuser/hook.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/win32ss/user/ntuser/hook.c b/win32ss/user/ntuser/hook.c index 904b53aa7b1..735578d0eaf 100644 --- a/win32ss/user/ntuser/hook.c +++ b/win32ss/user/ntuser/hook.c @@ -1037,12 +1037,15 @@ BOOLEAN IntRemoveHook(PVOID Object) { INT HookId; - PTHREADINFO ptiHook; + PTHREADINFO ptiHook, pti; PDESKTOP pdo; PHOOK Hook = Object; + BOOL bOtherProcess; + NT_ASSERT(UserIsEnteredExclusive()); HookId = Hook->HookId; + pti = PsGetCurrentThreadWin32Thread(); if (Hook->ptiHooked) // Local { @@ -1053,6 +1056,10 @@ IntRemoveHook(PVOID Object) if (IsListEmpty(&ptiHook->aphkStart[HOOKID_TO_INDEX(HookId)])) { ptiHook->fsHooks &= ~HOOKID_TO_FLAG(HookId); + bOtherProcess = (ptiHook->ppi != pti->ppi); + + if (bOtherProcess) + KeAttachProcess(&ptiHook->ppi->peProcess->Pcb); _SEH2_TRY { @@ -1064,6 +1071,9 @@ IntRemoveHook(PVOID Object) (void)0; } _SEH2_END; + + if (bOtherProcess) + KeDetachProcess(); } } else // Global
