archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/sdktools/buggy/driver/bugcheck.c

394 lines
7.0 KiB
Raw Normal View History

commiting as it is
5 years ago
  1. #include <ntddk.h>
  3. #include "tdriver.h"
  4. #include "bugcheck.h"
  7. /////////////////////////////////////////////////////////////////////
  8. ////////////////////////////////////////////////// Bugcheck functions
  9. /////////////////////////////////////////////////////////////////////
  11. VOID
  12. BgChkForceCustomBugcheck (
  13. PVOID NotUsed
  14. )
  15. /*++
  17. Routine Description:
  19. This function breaks into debugger and waits for the user to set the
  20. value for bugcheck data. Then it will bugcheck using the specified code
  21. and data. It is useful to test the mini triage feature.
  23. Arguments:
  25. None.
  27. Return Value:
  29. None.
  31. Environment:
  33. Kernel mode.
  35. --*/
  36. {
  37. ULONG BugcheckData [5];
  39. DbgPrint ("Buggy: `ed %p' to enter the bugcheck code and data \n", BugcheckData );
  40. DbgBreakPoint();
  42. KeBugCheckEx (
  43. BugcheckData [ 0 ],
  44. BugcheckData [ 1 ],
  45. BugcheckData [ 2 ],
  46. BugcheckData [ 3 ],
  47. BugcheckData [ 4 ] );
  48. }
  51. VOID BgChkProcessHasLockedPages (
  52. PVOID NotUsed
  53. )
  54. {
  55. PMDL Mdl;
  56. PVOID Address;
  58. DbgPrint ("Buggy: ProcessHasLockedPages \n");
  60. Mdl = IoAllocateMdl(
  62. (PVOID)0x10000, // adress
  63. 0x1000, // size
  64. FALSE, // not secondary buffer
  65. FALSE, // do not charge quota
  66. NULL); // no irp
  68. if (Mdl != NULL) {
  69. DbgPrint ("Buggy: mdl created \n");
  70. }
  71. #if 0
  72. try {
  74. MmProbeAndLockPages (
  75. Mdl,
  76. KernelMode,
  77. IoReadAccess);
  79. DbgPrint ("Buggy: locked pages \n");
  80. }
  81. except (EXCEPTION_EXECUTE_HANDLER) {
  83. DbgPrint ("Buggy: exception raised while locking \n");
  84. }
  85. #endif
  86. }
  89. VOID BgChkNoMoreSystemPtes (
  90. PVOID NotUsed
  91. )
  92. {
  93. DWORDLONG Index;
  94. PHYSICAL_ADDRESS Address;
  95. ULONG Count = 0;
  96. char Buffer [1024];
  98. DbgPrint ("Buggy: NoMoresystemPtes\n");
  100. for (Index = 0; Index < (DWORDLONG)0x80000000 * 4; Index += 0x10000) {
  101. Address.QuadPart = (DWORDLONG)Index;
  102. if (MmMapIoSpace (Address, 0x10000, FALSE)) {
  103. Count += 0x10000;
  104. }
  105. }
  107. DbgPrint ("Finished eating system PTEs %08X ... \n", Count);
  108. }
  111. VOID BgChkBadPoolHeader (
  112. PVOID NotUsed
  113. )
  114. {
  115. PULONG Block;
  117. DbgPrint ("Buggy: BadPoolHeader\n");
  119. Block = (PULONG) ExAllocatePoolWithTag (
  120. NonPagedPool,
  121. 128,
  122. TD_POOL_TAG);
  124. //
  125. // Trash 4 bytes in the block header.
  126. //
  128. *(Block - 1) = 0xBADBAD01;
  130. //
  131. // This free operation should bugcheck.
  132. //
  134. ExFreePool (Block);
  135. }
  138. VOID BgChkDriverCorruptedSystemPtes (
  139. PVOID NotUsed
  140. )
  141. {
  142. PVOID Block;
  144. DbgPrint ("Buggy: DriverCorruptedSystemPtes\n");
  146. Block = (PULONG) ExAllocatePoolWithTag (
  147. NonPagedPool,
  148. 0x2000,
  149. TD_POOL_TAG);
  151. MmUnmapIoSpace (Block, 0x2000);
  153. }
  156. VOID BgChkDriverCorruptedExPool (
  157. PVOID NotUsed
  158. )
  159. {
  160. PULONG Block;
  162. DbgPrint ("Buggy: DriverCorruptedExPool\n");
  164. Block = (PULONG) ExAllocatePoolWithTag (
  165. NonPagedPool,
  166. 128,
  167. TD_POOL_TAG);
  169. //
  170. // Trash 8 bytes in the block header.
  171. //
  173. *(Block - 2) = 0xBADBAD01;
  174. *(Block - 1) = 0xBADBAD01;
  176. //
  177. // This free operation should bugcheck.
  178. //
  180. ExFreePool (Block);
  181. }
  184. VOID BgChkDriverCorruptedMmPool (
  185. PVOID NotUsed
  186. )
  187. {
  188. DbgPrint ("Buggy: DriverCorruptedMmPool\n");
  190. ExFreePool (NULL);
  191. }
  194. VOID BgChkIrqlNotLessOrEqual (
  195. PVOID NotUsed
  196. )
  197. {
  198. KIRQL irql;
  199. VOID *pPagedData;
  201. DbgPrint ("Buggy: IrqlNotLessOrEqual\n");
  203. pPagedData = ExAllocatePoolWithTag(
  204. PagedPool,
  205. 16,
  206. TD_POOL_TAG);
  208. if( pPagedData == NULL )
  209. {
  210. DbgPrint( "Cannot allocate 16 bytes of paged pool\n" );
  211. return;
  212. }
  214. KeRaiseIrql( DISPATCH_LEVEL, &irql );
  216. *((ULONG*)pPagedData) = 16;
  218. KeLowerIrql( irql );
  219. }
  222. VOID BgChkPageFaultBeyondEndOfAllocation (
  223. PVOID NotUsed
  224. )
  225. {
  226. PVOID *pHalfPage;
  227. PVOID *pLastUlongToWrite;
  228. ULONG *pCrtULONG;
  230. DbgPrint ("Buggy: PageFaultBeyondEndOfAllocation\n");
  232. //
  233. // allocate half a page
  234. //
  236. pHalfPage = ExAllocatePoolWithTag(
  237. NonPagedPool,
  238. PAGE_SIZE >> 1,
  239. TD_POOL_TAG);
  241. if( pHalfPage == NULL )
  242. {
  243. DbgPrint ("Buggy: cannot allocate half page of NP pool\n");
  244. }
  245. else
  246. {
  247. //
  248. // touch a page more
  249. //
  251. pCrtULONG = (ULONG*)pHalfPage;
  253. while( (ULONG_PTR)pCrtULONG < (ULONG_PTR)pHalfPage + (PAGE_SIZE >> 1) + 2 * PAGE_SIZE )
  254. {
  255. *pCrtULONG = PtrToUlong( pCrtULONG );
  256. pCrtULONG ++;
  257. }
  259. ExFreePool( pHalfPage );
  260. }
  261. }
  264. VOID BgChkDriverVerifierDetectedViolation (
  265. PVOID NotUsed
  266. )
  267. {
  268. PVOID *pHalfPage;
  269. PVOID *pLastUlongToWrite;
  270. ULONG *pCrtULONG;
  272. DbgPrint ("Buggy: DriverVerifierDetectedViolation\n");
  274. //
  275. // allocate half a page
  276. //
  278. pHalfPage = ExAllocatePoolWithTag(
  279. NonPagedPool,
  280. PAGE_SIZE >> 1,
  281. TD_POOL_TAG);
  283. if( pHalfPage == NULL )
  284. {
  285. DbgPrint ("Buggy: cannot allocate half page of NP pool\n");
  286. }
  287. else
  288. {
  289. //
  290. // touch 1 ULONG more
  291. //
  293. pCrtULONG = (ULONG*)pHalfPage;
  295. while( (ULONG_PTR)pCrtULONG < (ULONG_PTR)pHalfPage + (PAGE_SIZE >> 1) + sizeof( ULONG) )
  296. {
  297. *pCrtULONG = PtrToUlong( pCrtULONG );
  298. pCrtULONG ++;
  299. }
  301. //
  302. // free -> BC
  303. //
  305. ExFreePool( pHalfPage );
  306. }
  307. }
  310. VOID
  311. BgChkCorruptSystemPtes(
  312. PVOID NotUsed
  313. )
  314. /*++
  316. Routine Description:
  318. This function corrupts system PTEs area on purpose. This is
  319. done so that we can test if the crache is mini triaged correctly.
  321. Arguments:
  323. None.
  325. Return Value:
  327. None.
  329. Environment:
  331. Kernel mode.
  333. --*/
  335. {
  336. PULONG puCrtAdress = (PULONG)LongToPtr(0xC0300000);
  337. ULONG uCrtValue;
  338. int nCrtStep;
  340. #define NUM_ULONGS_TO_CORRUPT 0x100
  341. #define FIRST_ULONG_VALUE 0xABCDDCBA
  342. #define NUM_ULONGS_SKIP_EACH_STEP 16
  345. uCrtValue = FIRST_ULONG_VALUE;
  347. for( nCrtStep = 0; nCrtStep < NUM_ULONGS_TO_CORRUPT; nCrtStep++ )
  348. {
  349. *puCrtAdress = uCrtValue;
  351. puCrtAdress += NUM_ULONGS_SKIP_EACH_STEP;
  353. uCrtValue++;
  354. }
  355. }
  358. VOID
  359. BgChkHangCurrentProcessor (
  360. PVOID NotUsed
  361. )
  362. /*++
  364. Routine Description:
  366. This routine will hang the current processor.
  368. Arguments:
  370. None.
  372. Return Value:
  374. None.
  376. Environment:
  378. Kernel mode.
  380. --*/
  381. {
  382. KIRQL PreviousIrql;
  384. KeRaiseIrql( DISPATCH_LEVEL, &PreviousIrql );
  386. while ( TRUE ) {
  387. //
  388. // this will hang the current processor
  389. //
  390. }
  391. }