| 1492,60 → 1492,11 |
|---|
| |
| destroy_hdll: |
| push ebx ecx esi edi |
| push eax |
| mov ebx, [eax+HDLL.base] |
| mov esi, [eax+HDLL.parent] |
| mov edx, [esi+DLLDESCR.size] |
| ; The following actions require the context of application where HDLL is mapped. |
| ; However, destroy_hdll can be called in the context of OS thread when |
| ; cleaning up objects created by the application which is destroyed. |
| ; So remember current cr3 and set it to page table of target. |
| mov eax, [ecx+APPDATA.process] |
| ; Because we cheat with cr3, disable interrupts: task switch would restore |
| ; page table from APPDATA of current thread. |
| ; Also set [current_slot] because it is used by user_free. |
| pushf |
| cli |
| push [current_slot] |
| mov [current_slot], ecx |
| mov ecx, cr3 |
| push ecx |
| mov cr3, eax |
| push ebx ; argument for user_free |
| mov eax, ebx |
| shr ebx, 12 |
| push ebx |
| mov esi, [esi+DLLDESCR.data] |
| shr esi, 12 |
| .unmap_loop: |
| |
| push eax |
| mov eax, 2 |
| xchg eax, [page_tabs+ebx*4] |
| mov ecx, [page_tabs+esi*4] |
| and eax, not 0xFFF |
| and ecx, not 0xFFF |
| cmp eax, ecx |
| jz @f |
| call free_page |
| @@: |
| pop eax |
| invlpg [eax] |
| add eax, 0x1000 |
| inc ebx |
| inc esi |
| sub edx, 0x1000 |
| ja .unmap_loop |
| pop ebx |
| and dword [page_tabs+(ebx-1)*4], not DONT_FREE_BLOCK |
| call user_free |
| ; Restore context. |
| pop eax |
| mov cr3, eax |
| pop [current_slot] |
| popf |
| ; Ok, cheating is done. |
| pop eax |
| push eax |
| mov esi, [eax+HDLL.parent] |
| mov eax, [eax+HDLL.refcount] |
| call dereference_dll |