;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; ;;
;; Copyright (C) KolibriOS team 2004-2022. All rights reserved. ;;
;; Distributed under terms of the GNU General Public License. ;;
;; ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
$Revision: 9976 $
struct EXCEPT_STACK
RegEIP dd ?
ExcCode dd ? ; only exception 12 overflow stack
OldESP dd ?
RegCR2 dd ?
LockAccess dd ?
ends
align 4 ;3A08
build_interrupt_table:
mov edi, idts
mov esi, sys_int
mov ecx, 0x40
mov eax, (10001110b shl 24) + os_code
@@:
movsw ; low word of code-entry
stosd ; interrupt gate type : os_code selector
movsw ; high word of code-entry
loop @b
movsd ; copy low dword of trap gate for int 0x40
movsd ; copy high dword of trap gate for int 0x40
mov ecx, 23
mov eax, (10001110b shl 24) + os_code
@@:
movsw ; low word of code-entry
stosd ; interrupt gate type : os_code selector
movsw ; high word of code-entry
loop @b
lidt [esi]
ret
iglobal
align 4
sys_int:
; exception handlers addresses (for interrupt gate construction)
dd e0,e1,e2,e3,e4,e5,e6,except_7 ; SEE: core/fpu.inc
dd e8,e9,e10,e11,e12,e13,page_fault_exc,e15
dd e16, e17,e18, e19
times 12 dd unknown_interrupt ;int_20..int_31
; interrupt handlers addresses (for interrupt gate construction)
; 0x20+ are IRQ handlers
dd irq0
rept 12 irqn:1 \{dd irq_serv.irq_\#irqn\}
dd irqD
rept 18 irqn:14 \{dd irq_serv.irq_\#irqn\}
; int_0x40 gate trap (for directly copied)
dw i40 and 0xFFFF, os_code, 11101111b shl 8, i40 shr 16
rept 23 irqn:33 \{dd irq_serv.irq_\#irqn\}
idtreg: ; data for LIDT instruction (!!! must be immediately below sys_int data)
dw 2*($-sys_int-4)-1
dd idts ; 0x8000B100
dw 0 ; alignment
msg_fault_sel dd msg_exc_8,msg_exc_u,msg_exc_a,msg_exc_b
dd msg_exc_c,msg_exc_d,msg_exc_e,msg_exc_u
dd msg_exc_u,msg_exc_11
msg_exc_8 db "Double fault", 0
msg_exc_u db "Undefined Exception", 0
msg_exc_a db "Invalid TSS", 0
msg_exc_b db "Segment not present", 0
msg_exc_c db "Stack fault", 0
msg_exc_d db "General protection fault", 0
msg_exc_e db "Page fault", 0
msg_exc_11 db "Alignment Check", 0
if lang eq sp
include 'core/sys32-sp.inc'
else
msg_sel_ker db "kernel", 0
msg_sel_app db "application", 0
end if
endg
macro save_ring3_context {
pushad
}
macro restore_ring3_context {
popad
}
macro exc_wo_code [num] {
e#num :
save_ring3_context
mov bl, num
jmp exc_c
} exc_wo_code 0,1,2,3,4,5,6,15,16,19
macro exc_w_code [num] {
e#num :
add esp, 4
save_ring3_context
mov bl, num
jmp exc_c
} exc_w_code 8,9,10,11,12,13,17,18
uglobal
pf_err_code dd ?
endg
page_fault_exc: ; foolproof: selectors are clobbered ...
pop [ss:pf_err_code] ; actually, until the next #PF
save_ring3_context
mov bl, 14
exc_c: ; exceptions (all but 7th - #NM)
; stack frame when exception/interrupt from ring3 + pushad (i.e right here)
reg_ss equ esp+0x30
reg_esp3 equ esp+0x2C
reg_eflags equ esp+0x28
reg_cs3 equ esp+0x24
reg_eip equ esp+0x20
; this if frame from pushad
reg_eax equ esp+0x1C
reg_ecx equ esp+0x18
reg_edx equ esp+0x14
reg_ebx equ esp+0x10
reg_esp0 equ esp+0x0C
reg_ebp equ esp+0x08
reg_esi equ esp+0x04
reg_edi equ esp+0x00
mov ax, app_data ; exception
mov ds, ax ; load proper values
mov es, ax ; to registers
cld ; clear the direction flag
movzx ebx, bl
; redirect to V86 manager? (EFLAGS & 0x20000) != 0?
test byte[reg_eflags+2], 2
jnz v86_exc_c
cmp bl, 14 ; #PF
jne @f
call page_fault_handler ; SEE: core/memory.inc
@@:
mov esi, [current_slot]
btr [esi + APPDATA.except_mask], ebx
jnc @f
mov eax, [esi + APPDATA.exc_handler]
test eax, eax
jnz IRetToUserHook
@@:
cli
mov eax, [esi + APPDATA.debugger_slot]
test eax, eax
jnz .debug
; not debuggee => say error and terminate
call show_error_parameters ; this function output in edx = current_slot
sti
mov [edx + APPDATA.state], TSTATE_TERMINATING
call wakeup_osloop
call change_task
; If we're here, then the main OS thread has crashed before initializing IDLE thread.
; Or they both have crashed. Anyway, things are hopelessly broken.
hlt
jmp $-1
.debug:
; we are debugged process, notify debugger and suspend ourself
; eax=debugger PID
mov ecx, 1 ; debug_message code=other_exception
cmp bl, 1 ; #DB
jne .notify ; notify debugger and suspend ourself
mov ebx, dr6 ; debug_message data=DR6_image
xor edx, edx
mov dr6, edx
mov edx, dr7
mov cl, not 8
.l1:
shl dl, 2
jc @f
and bl, cl
@@:
sar cl, 1
jc .l1
mov cl, 3 ; debug_message code=debug_exception
.notify:
push ebx ; debug_message data
mov ebx, [current_slot]
push [ebx + APPDATA.tid] ; PID
push ecx ; debug_message code ((here: ecx==1/3))
mov cl, 12 ; debug_message size
call debugger_notify ;; only ONE using, inline ??? SEE: core/debug.inc
add esp, 12
mov edx, [current_slot]
mov [edx + APPDATA.state], TSTATE_RUN_SUSPENDED
call change_task ; SEE: core/shed.inc
restore_ring3_context
iretd
IRetToUserHook:
cmp ebx, 12
je .ex_stack
cmp ebx, 14
jne .nostack
mov ecx, cr2
sub ecx, [reg_esp3]
jg .nostack
add ecx, 1000h
jl .nostack
.ex_stack:
xor ecx, ecx
mov ecx, [ecx+APP_HEADER_01_.except_stack_top]
test ecx, ecx
jle .nostack
xchg edi, eax
sub ecx, sizeof.EXCEPT_STACK
push ebx
push 1
pop ebx
.lock:
lock bts [ecx+EXCEPT_STACK.LockAccess], 0
jnc .lock1
call delay_hs_unprotected
jmp .lock
.lock1:
pop ebx
cmp ebx, 14
jne .ex12
btr [esi+APPDATA.except_mask], 12
jc .ex_stack1
xchg eax, edi
jmp .nostack
.ex_stack1:
bts [esi+APPDATA.except_mask], ebx
dec ebx
dec ebx
.ex12:
mov [ecx+EXCEPT_STACK.ExcCode], ebx
mov eax, ecx
xchg [reg_esp3], eax
mov [ecx+EXCEPT_STACK.OldESP], eax
mov eax, cr2
mov [ecx+EXCEPT_STACK.RegCR2], eax
xchg edi, [reg_eip]
mov [ecx+EXCEPT_STACK.RegEIP], edi
jmp .end
.nostack:
xchg eax, [reg_eip]
sub dword[reg_esp3], 8
mov edi, [reg_esp3]
stosd
mov [edi], ebx
.end:
restore_ring3_context
; simply return control to interrupted process
unknown_interrupt:
iretd
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
; bl - error vector
show_error_parameters:
cmp bl, 0x06
jnz .no_ud
push ebx
mov ebx, ud_user_message
mov ebp, notifyapp
call fs_execute_from_sysdir_param
pop ebx
.no_ud:
mov edx, [current_slot];not scratched below
if lang eq sp
DEBUGF 1, "K : Proceso - terminado forzado PID: %x [%s]\n", [edx + APPDATA.tid], [current_slot]
else
DEBUGF 1, "K : Process - forced terminate PID: %x [%s]\n", [edx + APPDATA.tid], [current_slot]
end if
cmp bl, 0x08
jb .l0
cmp bl, 0x11
jbe .l1
.l0:
mov bl, 0x09
.l1:
mov eax, [msg_fault_sel+ebx*4 - 0x08*4]
DEBUGF 1, "K : %s\n", eax
mov eax, [reg_cs3+4]
mov edi, msg_sel_app
mov ebx, [reg_esp3+4]
cmp eax, app_code
je @f
mov edi, msg_sel_ker
mov ebx, [reg_esp0+4]
@@:
DEBUGF 1, "K : EAX : %x EBX : %x ECX : %x\n", [reg_eax+4], [reg_ebx+4], [reg_ecx+4]
DEBUGF 1, "K : EDX : %x ESI : %x EDI : %x\n", [reg_edx+4], [reg_esi+4], [reg_edi+4]
DEBUGF 1, "K : EBP : %x EIP : %x ESP : %x\n", [reg_ebp+4], [reg_eip+4], ebx
DEBUGF 1, "K : Flags : %x CS : %x (%s)\n", [reg_eflags+4], eax, edi
DEBUGF 1, "K : Stack dump:\n"
push eax ebx ecx edx
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, "K : [ESP+00]: %x",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, " [ESP+04]: %x",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, " [ESP+08]: %x\n",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, "K : [ESP+12]: %x",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, " [ESP+16]: %x",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, " [ESP+20]: %x\n",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, "K : [ESP+24]: %x",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, " [ESP+28]: %x",[ebx]
add ebx, 4
call .check_ESP
test eax, eax
jnz .error_ESP
DEBUGF 1, " [ESP+32]: %x\n",[ebx]
pop edx ecx ebx eax
ret
.error_ESP:
pop edx ecx ebx eax
DEBUGF 1, "\n"
DEBUGF 1, "K : Unexpected end of the stack\n"
ret
;--------------------------------------
.check_ESP:
push ebx
shr ebx, 12
mov ecx, ebx
shr ecx, 10
mov edx, [master_tab + ecx*4]
test edx, PG_READ
jz .fail ; page table is not created
; incorrect address in the program
mov eax, [page_tabs + ebx*4]
test eax, 2
jz .fail ; address not reserved for use. error
pop ebx
xor eax, eax
ret
.fail:
pop ebx
xor eax, eax
dec eax
ret
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
restore reg_ss
restore reg_esp3
restore reg_eflags
restore reg_cs
restore reg_eip
restore reg_eax
restore reg_ecx
restore reg_edx
restore reg_ebx
restore reg_esp0
restore reg_ebp
restore reg_esi
restore reg_edi
align 4
lock_application_table:
push eax ecx edx
mov ecx, application_table_mutex
call mutex_lock
mov eax, [current_slot]
mov eax, [eax + APPDATA.tid]
mov [application_table_owner], eax
pop edx ecx eax
ret
align 4
unlock_application_table:
push eax ecx edx
mov [application_table_owner], 0
mov ecx, application_table_mutex
call mutex_unlock
pop edx ecx eax
ret
; sysfn 64 implementation
align 4
sys_resize_app_memory:
; in: eax = 64 - function number
; ebx = 1 - number of its only subfunction
; ecx = new amount of memory
; out:
; eax = 0 - success
; eax = 1 - out of memory
; cmp eax,1
dec ebx
jnz .no_application_mem_resize
mov eax, [pg_data.pages_free]
shl eax, 12
cmp eax, ecx
jae @f
xor eax, eax
inc eax
jmp .store_result
@@:
stdcall new_mem_resize, ecx
.store_result:
mov [esp + SYSCALL_STACK.eax], eax
.no_application_mem_resize:
ret
iglobal
; process_terminating db 'K : Process - terminating',13,10,0
; process_terminated db 'K : Process - done',13,10,0
msg_obj_destroy db 'K : destroy app object',13,10,0
endg
; param
; esi= slot
align 4
terminate: ; terminate application
destroy_thread:
.slot equ esp+4 ;locals
.process equ esp ;ptr to parent process
push esi ;save .slot
shl esi, BSF sizeof.APPDATA
mov edx, [SLOT_BASE + esi + APPDATA.process]
test edx, edx
jnz @F
mov [SLOT_BASE + esi + APPDATA.state], TSTATE_FREE
pop esi
ret
@@:
push edx ;save .process
lea edx, [SLOT_BASE + esi]
call scheduler_remove_thread
call lock_application_table
; if the process is in V86 mode...
mov eax, [.slot]
shl eax, BSF sizeof.APPDATA
mov esi, [SLOT_BASE + eax + APPDATA.pl0_stack]
add esi, RING0_STACK_SIZE
cmp [SLOT_BASE + eax + APPDATA.saved_esp0], esi
jz .nov86
; ...it has page directory for V86 mode
mov esi, [SLOT_BASE + eax + APPDATA.saved_esp0]
mov ecx, [esi+4]
mov [SLOT_BASE + eax + APPDATA.process], ecx
; ...and I/O permission map for V86 mode
mov ecx, [esi+12]
mov [SLOT_BASE + eax + APPDATA.io_map], ecx
mov ecx, [esi+8]
mov [SLOT_BASE + eax + APPDATA.io_map+4], ecx
.nov86:
; destroy per-thread kernel objects
mov esi, [.slot]
shl esi, BSF sizeof.APPDATA
add esi, SLOT_BASE + APP_OBJ_OFFSET
@@:
mov eax, [esi + APPOBJ.fd]
test eax, eax
jz @F
cmp eax, esi
je @F
push esi
call [eax + APPOBJ.destroy]
DEBUGF 1,"%s",msg_obj_destroy
pop esi
jmp @B
@@:
mov esi, [.slot]
cmp [fpu_owner], esi ; if user fpu last -> fpu user = 2
jne @F
mov [fpu_owner], 2
mov eax, [SLOT_BASE + sizeof.APPDATA*2 + APPDATA.fpu_state]
clts
bt [cpu_caps], CAPS_SSE
jnc .no_SSE
fxrstor [eax]
jmp @F
.no_SSE:
fnclex
frstor [eax]
@@:
mov [KEY_COUNT], byte 0 ; empty keyboard buffer
mov [BTN_COUNT], byte 0 ; empty button buffer
; remove defined hotkeys
mov eax, hotkey_list
.loop:
cmp [eax+8], esi
jnz .cont
mov ecx, [eax]
jecxz @f
push dword [eax+12]
pop dword [ecx+12]
@@:
mov ecx, [eax+12]
push dword [eax]
pop dword [ecx]
xor ecx, ecx
mov [eax], ecx
mov [eax+4], ecx
mov [eax+8], ecx
mov [eax+12], ecx
.cont:
add eax, 16
cmp eax, hotkey_list+256*16
jb .loop
; get process PID
mov eax, esi
shl eax, BSF sizeof.APPDATA
mov eax, [eax + SLOT_BASE + APPDATA.tid]
; compare current lock input with process PID
cmp eax, [PID_lock_input]
jne @f
xor eax, eax
mov [PID_lock_input], eax
@@:
; remove hotkeys in buffer
mov eax, hotkey_buffer
.loop2:
cmp [eax], esi
jnz .cont2
and dword [eax+4], 0
and dword [eax], 0
.cont2:
add eax, 8
cmp eax, hotkey_buffer+120*8
jb .loop2
mov ecx, esi ; remove buttons
.bnewba2:
mov edi, [BTN_ADDR]
mov eax, edi
cld
movzx ebx, word [edi]
inc bx
.bnewba:
dec bx
jz .bnmba
add eax, 0x10
cmp cx, [eax]
jnz .bnewba
pusha
mov ecx, ebx
inc ecx
shl ecx, 4
mov ebx, eax
add eax, 0x10
call memmove
dec dword [edi]
popa
jmp .bnewba2
.bnmba:
pusha ; save window coordinates for window restoring
cld
shl esi, BSF sizeof.WDATA
add esi, window_data
mov eax, [esi + WDATA.box.left]
mov [draw_limits.left], eax
add eax, [esi + WDATA.box.width]
mov [draw_limits.right], eax
mov eax, [esi + WDATA.box.top]
mov [draw_limits.top], eax
add eax, [esi + WDATA.box.height]
mov [draw_limits.bottom], eax
xor eax, eax
mov edi, esi
mov ecx, sizeof.WDATA/4
rep stosd
popa
; debuggee test
pushad
mov edi, esi
shl edi, BSF sizeof.APPDATA
mov eax, [SLOT_BASE + edi + APPDATA.debugger_slot]
test eax, eax
jz .nodebug
movi ecx, 8
push dword [SLOT_BASE + edi + APPDATA.tid]; PID
push 2
call debugger_notify
pop ecx
pop ecx
.nodebug:
popad
mov ebx, [.slot]
shl ebx, BSF sizeof.APPDATA
push ebx
mov ebx, [SLOT_BASE + ebx + APPDATA.pl0_stack]
stdcall kernel_free, ebx
pop ebx
mov ebx, [SLOT_BASE + ebx + APPDATA.cur_dir]
stdcall kernel_free, ebx
mov edi, [.slot]
shl edi, BSF sizeof.APPDATA
add edi, SLOT_BASE
mov eax, [edi + APPDATA.io_map]
cmp eax, [SLOT_BASE + sizeof.APPDATA+APPDATA.io_map]
je @F
call free_page
@@:
mov eax, [edi+APPDATA.io_map+4]
cmp eax, [SLOT_BASE+sizeof.APPDATA+APPDATA.io_map+4]
je @F
call free_page
@@:
lea ebx, [edi + APPDATA.list]
list_del ebx ;destroys edx, ecx
; activate window
movzx eax, word [WIN_STACK + esi*2]
cmp eax, [thread_count]
jne .dont_activate
pushad
.check_next_window:
dec eax
cmp eax, 1
jbe .nothing_to_activate
lea esi, [WIN_POS + eax*2]
movzx edi, word [esi] ; edi = process
shl edi, BSF sizeof.APPDATA
cmp [SLOT_BASE + edi + APPDATA.state], TSTATE_FREE ; skip free slots
je .check_next_window
shr edi, (BSF sizeof.APPDATA - BSF sizeof.WDATA)
add edi, window_data
; \begin{diamond}[19.09.2006]
; skip minimized windows
test [edi + WDATA.fl_wstate], WSTATE_MINIMIZED
jnz .check_next_window
; \end{diamond}
call waredraw
.nothing_to_activate:
popad
.dont_activate:
push esi ; remove hd1 & cd & flp reservation
shl esi, BSF sizeof.APPDATA
mov esi, [SLOT_BASE + esi + APPDATA.tid]
cmp [cd_status], esi
jnz @f
call free_cd_channel
and [cd_status], 0
@@:
pop esi
cmp [bgrlockpid], esi
jnz @f
and [bgrlockpid], 0
and [bgrlock], 0
@@:
pusha ; remove all port reservations
mov edx, esi
shl edx, BSF sizeof.APPDATA
mov edx, [SLOT_BASE + edx + APPDATA.tid]
.rmpr0:
mov esi, [RESERVED_PORTS]
test esi, esi
jz .rmpr9
.rmpr3:
mov edi, esi
shl edi, 4
add edi, RESERVED_PORTS
cmp edx, [edi]
je .rmpr4
dec esi
jnz .rmpr3
jmp .rmpr9
.rmpr4:
mov ecx, 256
sub ecx, esi
shl ecx, 4
mov esi, edi
add esi, 16
cld
rep movsb
dec dword [RESERVED_PORTS]
jmp .rmpr0
.rmpr9:
popa
; clearing APPDATA structure this thread
pushad
mov edi, esi
shl edi, BSF sizeof.APPDATA
add edi, SLOT_BASE
mov eax, 0x20202020
stosd
stosd
stosd
mov ecx, 244/4
xor eax, eax
rep stosd
popad
mov edi, esi ; do not run this process slot
shl edi, BSF sizeof.APPDATA
mov [SLOT_BASE + edi + APPDATA.state], TSTATE_FREE
; debugger test - terminate all debuggees
mov eax, 2
mov ecx, SLOT_BASE + 2*sizeof.APPDATA + APPDATA.debugger_slot
.xd0:
cmp eax, [thread_count]
ja .xd1
cmp dword [ecx], esi
jnz @f
and dword [ecx], 0
pushad
xchg eax, ecx
mov ebx, 2
call sys_system
popad
@@:
inc eax
add ecx, sizeof.APPDATA
jmp .xd0
.xd1:
;release slot
bts [thr_slot_map], esi
mov ecx, [.process]
lea eax, [ecx + PROC.thr_list]
cmp eax, [eax + LHEAD.next]
jne @F
call destroy_process.internal
@@:
sti ; .. and life goes on
mov eax, [draw_limits.left]
mov ebx, [draw_limits.top]
mov ecx, [draw_limits.right]
mov edx, [draw_limits.bottom]
call calculatescreen
xor eax, eax
xor esi, esi
call redrawscreen
call unlock_application_table
;mov esi,process_terminated
;call sys_msg_board_str
add esp, 8
ret
restore .slot
restore .process
; Three following procedures are used to guarantee that
; some part of kernel code will not be terminated from outside
; while it is running.
; Note: they do not protect a thread from terminating due to errors inside
; the thread; accessing a nonexisting memory would still terminate it.
; First two procedures must be used in pair by thread-to-be-protected
; to signal the beginning and the end of an important part.
; It is OK to have nested areas.
; The last procedure must be used by outside wanna-be-terminators;
; if it is safe to terminate the given thread immediately, it returns eax=1;
; otherwise, it returns eax=0 and notifies the target thread that it should
; terminate itself when leaving a critical area (the last critical area if
; they are nested).
; Implementation. Those procedures use one dword in APPDATA for the thread,
; APPDATA.terminate_protection.
; * The upper bit is 1 during normal operations and 0 when terminate is requested.
; * Other bits form a number = depth of critical regions,
; plus 1 if the upper bit is 1.
; * When this dword goes to zero, the thread should be destructed,
; and the procedure in which it happened becomes responsible for destruction.
; Enter critical area. Called by thread which wants to be protected.
proc protect_from_terminate
mov edx, [current_slot]
; Atomically increment depth of critical areas and get the old value.
mov eax, 1
lock xadd [edx + APPDATA.terminate_protection], eax
; If the old value was zero, somebody has started to terminate us,
; so we are destructing and cannot do anything protected.
; Otherwise, return to the caller.
test eax, eax
jz @f
ret
@@:
; Wait for somebody to finish us.
call change_task
jmp @b
endp
; Leave critical area. Called by thread which wants to be protected.
proc unprotect_from_terminate
mov edx, [current_slot]
; Atomically decrement depth of critical areas.
lock dec [edx + APPDATA.terminate_protection]
; If the result of decrement is zero, somebody has requested termination,
; but at that moment we were inside a critical area; terminate now.
jz sys_end
; Otherwise, return to the caller.
ret
endp
; Request termination of thread identified by edx = SLOT_BASE + slot*sizeof.APPDATA.
; Called by anyone.
proc request_terminate
xor eax, eax ; set return value
; Atomically clear the upper bit. If it was already zero, then
; somebody has requested termination before us, so just exit.
lock btr [edx + APPDATA.terminate_protection], 31
jnc .unsafe
; Atomically decrement depth of critical areas.
lock dec [edx + APPDATA.terminate_protection]
; If the result of decrement is nonzero, the target thread is inside a
; critical area; leave termination to leaving that area.
jnz .unsafe
; Otherwise, it is safe to kill the target now and the caller is responsible
; for this. Return eax=1.
inc eax
.unsafe:
ret
endp