add details on Vista+ win32k.sys syscalls

[derekbruening]

From [email protected] on December 07, 2012 15:41:33

xref issue #96 xref issue #484 xref issue #485 xref issue #487 xref issue #728 xref issue #98 the NtUser* and NtGdi* syscall data I added in the past was all for
pre-Vista. there are a number of new syscalls to add. I will be adding
blank table entries for them as part of issue #822 .

Original issue: http://code.google.com/p/drmemory/issues/detail?id=1095

[derekbruening]

From [email protected] on February 17, 2013 10:16:58

Labels: GoodContrib

[derekbruening]

From [email protected] on October 29, 2013 10:07:23

Based on user32!GetPropW, the return value of NtUserGetProp should be a
HANDLE. But the MSDN docs say it returns NULL on failure and I keep seeing
-1 (this is launching calc) (initially had the type wrong as NTSTATUS):
% grep -A 4 UserGetProp ~/x | grep retval | sort | uniq -c
472 retval: 0x0 (type=NTSTATUS, size=0x4)
62 retval: 0x2 (type=NTSTATUS, size=0x4)
49 retval: 0x23b6ec0 (type=NTSTATUS, size=0x4)
2 retval: 0x23b7790 (type=NTSTATUS, size=0x4)
2 retval: 0x23b7c60 (type=NTSTATUS, size=0x4)
6 retval: 0x23b8130 (type=NTSTATUS, size=0x4)
15 retval: 0x23b8600 (type=NTSTATUS, size=0x4)
205 retval: 0xffffffff (type=NTSTATUS, size=0x4)

There are a lot of 0 values so maybe -1 is a pseudo-handle? But the large
values look like pointers.
=>
/* XXX: NtUserGetProp's return value should match GetProp == HANDLE, but it
* returns -1 and pointer-looking values in addition to NULL and 2, so I'm
* not sure what it is -- the type may vary.
*/