NT / Subsystem

It's interesting to work with the subsystem. Recently I discovered a bug of CPL(Control Panel) in reactos. The original one didn't send SPI to subsystem, and also the way of sending is incorrect. How do we get system parameter set and sent to the kernel space and also updated in registry? It itself is complicated problem. While my understanding is , CPL itself a dll calls SystemParametersInfo, and this API is in user32.dll, the API is implemented in the user32\misc\desktop.c we get two versions there SystemParametersInfoA and SystemParametersInfoW dealing with different encoding as other APIs do. And this API establishes a call to NtUserSystemParametersInfo which switch to the kernel mode. And the kernel mode subsystem would deal with the DATA sent from CPL. At last we understand the calling chain clear. Inside the subsystem , the core func calls UserSystemParametersInfo internally. After some protection check in kernel mode being done , the kernel func calls IntSystemParametersInfo. This at last deal with the data we sent. There are two ways of sending data to this func.

c 代码

ULONG FASTCALL IntSystemParametersInfo( UINT uiAction, UINT uiParam, PVOID pvParam, UINT fWinIni)

As we can see there are uiAction which stands for our action, uiParam & pvParam represents different data sent. When we are sending some int like builtin small data we use the 2nd arg uiParam, while if we want to pass more we need pvParam. And obviously pvParam points to area of user space. So it's already get probed correct in order to not result KeBugCheck. That's how our Control Panel works. And at last I developed the software mouse acceleration for Reactos. It's also in subsystem. Subsystem is really a funny place to play with. And I hope someday POSIX subsystem gets done, and running linux binaries in Reactos. Maybe coLinux uses the similar implementation as a subsystem