mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1909 lines
52 KiB
1909 lines
52 KiB
/*++
|
|
|
|
Copyright (c) 1989-1993 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
stubs.c
|
|
|
|
Abstract:
|
|
|
|
This module implements bug check and system shutdown code.
|
|
|
|
Author:
|
|
|
|
Mark Lucovsky (markl) 30-Aug-1990
|
|
|
|
Environment:
|
|
|
|
Kernel mode only.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "ki.h"
|
|
#define NOEXTAPI
|
|
#include "wdbgexts.h"
|
|
#include <inbv.h>
|
|
#include <hdlsblk.h>
|
|
#include <hdlsterm.h>
|
|
|
|
//
|
|
//
|
|
//
|
|
|
|
extern KDDEBUGGER_DATA64 KdDebuggerDataBlock;
|
|
|
|
extern PVOID ExPoolCodeStart;
|
|
extern PVOID ExPoolCodeEnd;
|
|
extern PVOID MmPoolCodeStart;
|
|
extern PVOID MmPoolCodeEnd;
|
|
extern PVOID MmPteCodeStart;
|
|
extern PVOID MmPteCodeEnd;
|
|
|
|
#if defined(_AMD64_)
|
|
|
|
#define PROGRAM_COUNTER(_trapframe) ((_trapframe)->Rip)
|
|
|
|
#elif defined(_X86_)
|
|
|
|
#define PROGRAM_COUNTER(_trapframe) ((_trapframe)->Eip)
|
|
|
|
#elif defined(_IA64_)
|
|
|
|
#define PROGRAM_COUNTER(_trapframe) ((_trapframe)->StIIP)
|
|
|
|
#else
|
|
|
|
#error "no target architecture"
|
|
|
|
#endif
|
|
|
|
//
|
|
// Define forward referenced prototypes.
|
|
//
|
|
|
|
VOID
|
|
KiScanBugCheckCallbackList (
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
KiInvokeBugCheckEntryCallbacks (
|
|
VOID
|
|
);
|
|
|
|
//
|
|
// Define bug count recursion counter and a context buffer.
|
|
//
|
|
|
|
ULONG KeBugCheckCount = 1;
|
|
|
|
|
|
VOID
|
|
KeBugCheck (
|
|
IN ULONG BugCheckCode
|
|
)
|
|
{
|
|
KeBugCheck2(BugCheckCode,0,0,0,0,NULL);
|
|
}
|
|
|
|
VOID
|
|
KeBugCheckEx (
|
|
IN ULONG BugCheckCode,
|
|
IN ULONG_PTR P1,
|
|
IN ULONG_PTR P2,
|
|
IN ULONG_PTR P3,
|
|
IN ULONG_PTR P4
|
|
)
|
|
{
|
|
KeBugCheck2(BugCheckCode,P1,P2,P3,P4,NULL);
|
|
}
|
|
|
|
ULONG_PTR KiBugCheckData[5];
|
|
PUNICODE_STRING KiBugCheckDriver;
|
|
|
|
BOOLEAN
|
|
KeGetBugMessageText(
|
|
IN ULONG MessageId,
|
|
IN PANSI_STRING ReturnedString OPTIONAL
|
|
)
|
|
{
|
|
ULONG i;
|
|
PUCHAR s;
|
|
PMESSAGE_RESOURCE_BLOCK MessageBlock;
|
|
PUCHAR Buffer;
|
|
BOOLEAN Result;
|
|
|
|
Result = FALSE;
|
|
try {
|
|
if (KiBugCodeMessages != NULL) {
|
|
MmMakeKernelResourceSectionWritable ();
|
|
MessageBlock = &KiBugCodeMessages->Blocks[0];
|
|
for (i = KiBugCodeMessages->NumberOfBlocks; i; i -= 1) {
|
|
if (MessageId >= MessageBlock->LowId &&
|
|
MessageId <= MessageBlock->HighId) {
|
|
|
|
s = (PCHAR)KiBugCodeMessages + MessageBlock->OffsetToEntries;
|
|
for (i = MessageId - MessageBlock->LowId; i; i -= 1) {
|
|
s += ((PMESSAGE_RESOURCE_ENTRY)s)->Length;
|
|
}
|
|
|
|
Buffer = ((PMESSAGE_RESOURCE_ENTRY)s)->Text;
|
|
|
|
i = strlen(Buffer) - 1;
|
|
while (i > 0 && (Buffer[i] == '\n' ||
|
|
Buffer[i] == '\r' ||
|
|
Buffer[i] == 0
|
|
)
|
|
) {
|
|
if (!ARGUMENT_PRESENT( ReturnedString )) {
|
|
Buffer[i] = 0;
|
|
}
|
|
i -= 1;
|
|
}
|
|
|
|
if (!ARGUMENT_PRESENT( ReturnedString )) {
|
|
InbvDisplayString(Buffer);
|
|
}
|
|
else {
|
|
ReturnedString->Buffer = Buffer;
|
|
ReturnedString->Length = (USHORT)(i+1);
|
|
ReturnedString->MaximumLength = (USHORT)(i+1);
|
|
}
|
|
Result = TRUE;
|
|
break;
|
|
}
|
|
MessageBlock += 1;
|
|
}
|
|
}
|
|
} except ( EXCEPTION_EXECUTE_HANDLER ) {
|
|
;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
|
|
PCHAR
|
|
KeBugCheckUnicodeToAnsi(
|
|
IN PUNICODE_STRING UnicodeString,
|
|
OUT PCHAR AnsiBuffer,
|
|
IN ULONG MaxAnsiLength
|
|
)
|
|
{
|
|
PCHAR Dst;
|
|
PWSTR Src;
|
|
ULONG Length;
|
|
|
|
Length = UnicodeString->Length / sizeof( WCHAR );
|
|
if (Length >= MaxAnsiLength) {
|
|
Length = MaxAnsiLength - 1;
|
|
}
|
|
Src = UnicodeString->Buffer;
|
|
Dst = AnsiBuffer;
|
|
while (Length--) {
|
|
*Dst++ = (UCHAR)*Src++;
|
|
}
|
|
*Dst = '\0';
|
|
return AnsiBuffer;
|
|
}
|
|
|
|
VOID
|
|
KiBugCheckDebugBreak (
|
|
IN ULONG BreakStatus
|
|
)
|
|
{
|
|
do {
|
|
|
|
try {
|
|
|
|
//
|
|
// Issue a breakpoint
|
|
//
|
|
|
|
DbgBreakPointWithStatus (BreakStatus);
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
HEADLESS_RSP_QUERY_INFO Response;
|
|
NTSTATUS Status;
|
|
SIZE_T Length;
|
|
|
|
//
|
|
// Failed to issue the breakpoint, must be no debugger. Now, give
|
|
// the headless terminal a chance to reboot the system, if there is one.
|
|
//
|
|
Length = sizeof(HEADLESS_RSP_QUERY_INFO);
|
|
Status = HeadlessDispatch(HeadlessCmdQueryInformation,
|
|
NULL,
|
|
0,
|
|
&Response,
|
|
&Length
|
|
);
|
|
|
|
if (NT_SUCCESS(Status) &&
|
|
(Response.PortType == HeadlessSerialPort) &&
|
|
Response.Serial.TerminalAttached) {
|
|
|
|
HeadlessDispatch(HeadlessCmdPutString,
|
|
"\r\n",
|
|
sizeof("\r\n"),
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
for (;;) {
|
|
HeadlessDispatch(HeadlessCmdDoBugCheckProcessing, NULL, 0, NULL, NULL);
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// No terminal, or it failed, halt the system
|
|
//
|
|
|
|
try {
|
|
|
|
HalHaltSystem();
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
for (;;) {
|
|
}
|
|
|
|
}
|
|
}
|
|
} while (BreakStatus != DBG_STATUS_BUGCHECK_FIRST);
|
|
}
|
|
|
|
PVOID
|
|
KiPcToFileHeader(
|
|
IN PVOID PcValue,
|
|
OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry,
|
|
IN LOGICAL DriversOnly,
|
|
OUT PBOOLEAN InKernelOrHal
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns the base of an image that contains the
|
|
specified PcValue. An image contains the PcValue if the PcValue
|
|
is within the ImageBase, and the ImageBase plus the size of the
|
|
virtual image.
|
|
|
|
Arguments:
|
|
|
|
PcValue - Supplies a PcValue.
|
|
|
|
DataTableEntry - Supplies a pointer to a variable that receives the
|
|
address of the data table entry that describes the image.
|
|
|
|
DriversOnly - Supplies TRUE if the kernel and HAL should be skipped.
|
|
|
|
InKernelOrHal - Set to TRUE if the PcValue is in the kernel or the HAL.
|
|
This only has meaning if DriversOnly is FALSE.
|
|
|
|
Return Value:
|
|
|
|
NULL - No image was found that contains the PcValue.
|
|
|
|
NON-NULL - Returns the base address of the image that contains the
|
|
PcValue.
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG i;
|
|
PLIST_ENTRY ModuleListHead;
|
|
PLDR_DATA_TABLE_ENTRY Entry;
|
|
PLIST_ENTRY Next;
|
|
ULONG_PTR Bounds;
|
|
PVOID ReturnBase, Base;
|
|
|
|
//
|
|
// If the module list has been initialized, then scan the list to
|
|
// locate the appropriate entry.
|
|
//
|
|
|
|
if (KeLoaderBlock != NULL) {
|
|
ModuleListHead = &KeLoaderBlock->LoadOrderListHead;
|
|
|
|
} else {
|
|
ModuleListHead = &PsLoadedModuleList;
|
|
}
|
|
|
|
*InKernelOrHal = FALSE;
|
|
|
|
ReturnBase = NULL;
|
|
Next = ModuleListHead->Flink;
|
|
if (Next != NULL) {
|
|
i = 0;
|
|
while (Next != ModuleListHead) {
|
|
if (MmIsAddressValid(Next) == FALSE) {
|
|
return NULL;
|
|
}
|
|
i += 1;
|
|
if ((i <= 2) && (DriversOnly == TRUE)) {
|
|
Next = Next->Flink;
|
|
continue;
|
|
}
|
|
|
|
Entry = CONTAINING_RECORD(Next,
|
|
LDR_DATA_TABLE_ENTRY,
|
|
InLoadOrderLinks);
|
|
|
|
Next = Next->Flink;
|
|
Base = Entry->DllBase;
|
|
Bounds = (ULONG_PTR)Base + Entry->SizeOfImage;
|
|
if ((ULONG_PTR)PcValue >= (ULONG_PTR)Base && (ULONG_PTR)PcValue < Bounds) {
|
|
*DataTableEntry = Entry;
|
|
ReturnBase = Base;
|
|
if (i <= 2) {
|
|
*InKernelOrHal = TRUE;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
return ReturnBase;
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
KiDumpParameterImages(
|
|
IN PCHAR Buffer,
|
|
IN PULONG_PTR BugCheckParameters,
|
|
IN ULONG NumberOfParameters,
|
|
IN PKE_BUGCHECK_UNICODE_TO_ANSI UnicodeToAnsiRoutine
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function formats and displays the image names of boogcheck parameters
|
|
that happen to match an address in an image.
|
|
|
|
Arguments:
|
|
|
|
Buffer - Supplies a pointer to a buffer to be used to output machine
|
|
state information.
|
|
|
|
BugCheckParameters - Supplies additional bugcheck information.
|
|
|
|
NumberOfParameters - sizeof BugCheckParameters array.
|
|
if just 1 parameter is passed in, just save the string.
|
|
|
|
UnicodeToAnsiRoutine - Supplies a pointer to a routine to convert Unicode
|
|
strings to Ansi strings without touching paged translation tables.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PUNICODE_STRING BugCheckDriver;
|
|
ULONG i;
|
|
PLDR_DATA_TABLE_ENTRY DataTableEntry;
|
|
PVOID ImageBase;
|
|
UCHAR AnsiBuffer[ 32 ];
|
|
ULONG DateStamp;
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
|
BOOLEAN FirstPrint = TRUE;
|
|
BOOLEAN InKernelOrHal;
|
|
PUNICODE_STRING DriverName;
|
|
|
|
//
|
|
// At this point the context record contains the machine state at the
|
|
// call to bug check.
|
|
//
|
|
// Put out the system version and the title line with the PSR and FSR.
|
|
//
|
|
|
|
//
|
|
// Check to see if any BugCheckParameters are valid code addresses.
|
|
// If so, print them for the user.
|
|
//
|
|
|
|
DriverName = NULL;
|
|
|
|
for (i = 0; i < NumberOfParameters; i += 1)
|
|
{
|
|
DateStamp = 0;
|
|
ImageBase = KiPcToFileHeader((PVOID) BugCheckParameters[i],
|
|
&DataTableEntry,
|
|
TRUE,
|
|
&InKernelOrHal);
|
|
if (ImageBase == NULL)
|
|
{
|
|
BugCheckDriver = MmLocateUnloadedDriver ((PVOID)BugCheckParameters[i]);
|
|
if (BugCheckDriver == NULL)
|
|
{
|
|
continue;
|
|
}
|
|
DriverName = BugCheckDriver;
|
|
ImageBase = (PVOID)BugCheckParameters[i];
|
|
(*UnicodeToAnsiRoutine) (BugCheckDriver,
|
|
AnsiBuffer,
|
|
sizeof (AnsiBuffer));
|
|
}
|
|
else
|
|
{
|
|
if (MmIsAddressValid(DataTableEntry->DllBase) == TRUE)
|
|
{
|
|
NtHeaders = RtlImageNtHeader(DataTableEntry->DllBase);
|
|
if (NtHeaders)
|
|
{
|
|
DateStamp = NtHeaders->FileHeader.TimeDateStamp;
|
|
}
|
|
}
|
|
DriverName = &DataTableEntry->BaseDllName;
|
|
(*UnicodeToAnsiRoutine)( DriverName,
|
|
AnsiBuffer,
|
|
sizeof( AnsiBuffer ));
|
|
}
|
|
|
|
sprintf(Buffer, "%s** %12s - Address %p base at %p, DateStamp %08lx\n",
|
|
FirstPrint ? "\n*":"*",
|
|
AnsiBuffer,
|
|
(PVOID)BugCheckParameters[i],
|
|
ImageBase,
|
|
DateStamp);
|
|
|
|
//
|
|
// Only print the string if we are called to print multiple.
|
|
//
|
|
|
|
if (NumberOfParameters > 1)
|
|
{
|
|
InbvDisplayString(Buffer);
|
|
}
|
|
else
|
|
{
|
|
KiBugCheckDriver = DriverName;
|
|
}
|
|
|
|
FirstPrint = FALSE;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
#ifdef _X86_
|
|
#pragma optimize("y", off) // RtlCaptureContext needs EBP to be correct
|
|
#endif
|
|
|
|
VOID
|
|
KeBugCheck2 (
|
|
IN ULONG BugCheckCode,
|
|
IN ULONG_PTR BugCheckParameter1,
|
|
IN ULONG_PTR BugCheckParameter2,
|
|
IN ULONG_PTR BugCheckParameter3,
|
|
IN ULONG_PTR BugCheckParameter4,
|
|
IN PVOID SaveDataPage
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function crashes the system in a controlled manner.
|
|
|
|
Arguments:
|
|
|
|
BugCheckCode - Supplies the reason for the bug check.
|
|
|
|
BugCheckParameter1-4 - Supplies additional bug check information
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
UCHAR Buffer[103];
|
|
CONTEXT ContextSave;
|
|
ULONG PssMessage;
|
|
PCHAR HardErrorCaption = NULL;
|
|
PCHAR HardErrorMessage = NULL;
|
|
KIRQL OldIrql;
|
|
PKTRAP_FRAME TrapInformation;
|
|
PVOID ExecutionAddress = NULL;
|
|
PVOID ImageBase;
|
|
PVOID VirtualAddress;
|
|
PLDR_DATA_TABLE_ENTRY DataTableEntry;
|
|
CHAR AnsiBuffer[100];
|
|
PKTHREAD Thread = KeGetCurrentThread();
|
|
BOOLEAN InKernelOrHal;
|
|
BOOLEAN Reboot;
|
|
|
|
#if !defined(NT_UP)
|
|
|
|
KAFFINITY TargetSet;
|
|
|
|
#endif
|
|
BOOLEAN hardErrorCalled = FALSE;
|
|
|
|
//
|
|
// Initialization
|
|
//
|
|
|
|
Reboot = FALSE;
|
|
KiBugCheckDriver = NULL;
|
|
|
|
//
|
|
// Try to simulate a power failure for Cluster testing
|
|
//
|
|
|
|
if (BugCheckCode == POWER_FAILURE_SIMULATE) {
|
|
KiScanBugCheckCallbackList();
|
|
HalReturnToFirmware(HalRebootRoutine);
|
|
}
|
|
|
|
//
|
|
// Capture the callers context as closely as possible into the debugger's
|
|
// processor state area of the Prcb.
|
|
//
|
|
// N.B. There may be some prologue code that shuffles registers such that
|
|
// they get destroyed.
|
|
//
|
|
|
|
#if defined(_X86_)
|
|
|
|
KiSetHardwareTrigger();
|
|
|
|
#else
|
|
|
|
InterlockedIncrement64((LONGLONG volatile *)&KiHardwareTrigger);
|
|
|
|
#endif
|
|
|
|
RtlCaptureContext(&KeGetCurrentPrcb()->ProcessorState.ContextFrame);
|
|
KiSaveProcessorControlState(&KeGetCurrentPrcb()->ProcessorState);
|
|
|
|
//
|
|
// This is necessary on machines where the virtual unwind that happens
|
|
// during KeDumpMachineState() destroys the context record.
|
|
//
|
|
|
|
ContextSave = KeGetCurrentPrcb()->ProcessorState.ContextFrame;
|
|
|
|
//
|
|
// Get the correct string for bugchecks
|
|
//
|
|
|
|
|
|
switch (BugCheckCode) {
|
|
|
|
case SYSTEM_THREAD_EXCEPTION_NOT_HANDLED:
|
|
case KERNEL_MODE_EXCEPTION_NOT_HANDLED:
|
|
case KMODE_EXCEPTION_NOT_HANDLED:
|
|
PssMessage = KMODE_EXCEPTION_NOT_HANDLED;
|
|
break;
|
|
|
|
case DATA_BUS_ERROR:
|
|
case NO_MORE_SYSTEM_PTES:
|
|
case INACCESSIBLE_BOOT_DEVICE:
|
|
case UNEXPECTED_KERNEL_MODE_TRAP:
|
|
case ACPI_BIOS_ERROR:
|
|
case ACPI_BIOS_FATAL_ERROR:
|
|
case FAT_FILE_SYSTEM:
|
|
case DRIVER_CORRUPTED_EXPOOL:
|
|
case THREAD_STUCK_IN_DEVICE_DRIVER:
|
|
PssMessage = BugCheckCode;
|
|
break;
|
|
|
|
case DRIVER_CORRUPTED_MMPOOL:
|
|
PssMessage = DRIVER_CORRUPTED_EXPOOL;
|
|
break;
|
|
|
|
case NTFS_FILE_SYSTEM:
|
|
PssMessage = FAT_FILE_SYSTEM;
|
|
break;
|
|
|
|
case STATUS_SYSTEM_IMAGE_BAD_SIGNATURE:
|
|
PssMessage = BUGCODE_PSS_MESSAGE_SIGNATURE;
|
|
break;
|
|
default:
|
|
PssMessage = BUGCODE_PSS_MESSAGE;
|
|
break;
|
|
}
|
|
|
|
|
|
//
|
|
// Do further processing on bugcheck codes
|
|
//
|
|
|
|
|
|
KiBugCheckData[0] = BugCheckCode;
|
|
KiBugCheckData[1] = BugCheckParameter1;
|
|
KiBugCheckData[2] = BugCheckParameter2;
|
|
KiBugCheckData[3] = BugCheckParameter3;
|
|
KiBugCheckData[4] = BugCheckParameter4;
|
|
|
|
switch (BugCheckCode) {
|
|
|
|
case FATAL_UNHANDLED_HARD_ERROR:
|
|
//
|
|
// If we are called by hard error then we don't want to dump the
|
|
// processor state on the machine.
|
|
//
|
|
// We know that we are called by hard error because the bug check
|
|
// code will be FATAL_UNHANDLED_HARD_ERROR. If this is so then the
|
|
// error status passed to harderr is the first parameter, and a pointer
|
|
// to the parameter array from hard error is passed as the second
|
|
// argument.
|
|
//
|
|
// The third argument is the OemCaption to be printed.
|
|
// The last argument is the OemMessage to be printed.
|
|
//
|
|
{
|
|
PULONG_PTR parameterArray;
|
|
|
|
hardErrorCalled = TRUE;
|
|
|
|
HardErrorCaption = (PCHAR)BugCheckParameter3;
|
|
HardErrorMessage = (PCHAR)BugCheckParameter4;
|
|
parameterArray = (PULONG_PTR)BugCheckParameter2;
|
|
KiBugCheckData[0] = (ULONG)BugCheckParameter1;
|
|
KiBugCheckData[1] = parameterArray[0];
|
|
KiBugCheckData[2] = parameterArray[1];
|
|
KiBugCheckData[3] = parameterArray[2];
|
|
KiBugCheckData[4] = parameterArray[3];
|
|
}
|
|
break;
|
|
|
|
case IRQL_NOT_LESS_OR_EQUAL:
|
|
|
|
ExecutionAddress = (PVOID)BugCheckParameter4;
|
|
|
|
if (ExecutionAddress >= ExPoolCodeStart && ExecutionAddress < ExPoolCodeEnd) {
|
|
KiBugCheckData[0] = DRIVER_CORRUPTED_EXPOOL;
|
|
}
|
|
else if (ExecutionAddress >= MmPoolCodeStart && ExecutionAddress < MmPoolCodeEnd) {
|
|
KiBugCheckData[0] = DRIVER_CORRUPTED_MMPOOL;
|
|
}
|
|
else if (ExecutionAddress >= MmPteCodeStart && ExecutionAddress < MmPteCodeEnd) {
|
|
KiBugCheckData[0] = DRIVER_CORRUPTED_SYSPTES;
|
|
}
|
|
else {
|
|
ImageBase = KiPcToFileHeader (ExecutionAddress,
|
|
&DataTableEntry,
|
|
FALSE,
|
|
&InKernelOrHal);
|
|
if (InKernelOrHal == TRUE) {
|
|
|
|
//
|
|
// The kernel faulted at raised IRQL. Quite often this
|
|
// is a driver that has unloaded without deleting its
|
|
// lookaside lists or other resources. Or its resources
|
|
// are marked pagable and shouldn't be. Detect both
|
|
// cases here and identify the offending driver
|
|
// whenever possible.
|
|
//
|
|
|
|
VirtualAddress = (PVOID)BugCheckParameter1;
|
|
|
|
ImageBase = KiPcToFileHeader (VirtualAddress,
|
|
&DataTableEntry,
|
|
TRUE,
|
|
&InKernelOrHal);
|
|
|
|
if (ImageBase != NULL) {
|
|
KiBugCheckDriver = &DataTableEntry->BaseDllName;
|
|
KiBugCheckData[0] = DRIVER_PORTION_MUST_BE_NONPAGED;
|
|
}
|
|
else {
|
|
KiBugCheckDriver = MmLocateUnloadedDriver (VirtualAddress);
|
|
if (KiBugCheckDriver != NULL) {
|
|
KiBugCheckData[0] = SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD;
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
KiBugCheckData[0] = DRIVER_IRQL_NOT_LESS_OR_EQUAL;
|
|
}
|
|
}
|
|
|
|
ExecutionAddress = NULL;
|
|
break;
|
|
|
|
case ATTEMPTED_WRITE_TO_READONLY_MEMORY:
|
|
|
|
TrapInformation = (PKTRAP_FRAME)BugCheckParameter3;
|
|
|
|
//
|
|
// Extract the execution address from the trap frame to
|
|
// identify the component.
|
|
//
|
|
|
|
if (TrapInformation != NULL) {
|
|
ExecutionAddress = (PVOID) PROGRAM_COUNTER (TrapInformation);
|
|
}
|
|
|
|
break;
|
|
|
|
case DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS:
|
|
|
|
ExecutionAddress = (PVOID)BugCheckParameter1;
|
|
break;
|
|
|
|
case DRIVER_USED_EXCESSIVE_PTES:
|
|
|
|
DataTableEntry = (PLDR_DATA_TABLE_ENTRY)BugCheckParameter1;
|
|
KiBugCheckDriver = &DataTableEntry->BaseDllName;
|
|
|
|
break;
|
|
|
|
case PAGE_FAULT_IN_NONPAGED_AREA:
|
|
|
|
ImageBase = NULL;
|
|
|
|
//
|
|
// Extract the execution address from the trap frame to
|
|
// identify the component.
|
|
//
|
|
|
|
if (BugCheckParameter3) {
|
|
|
|
ExecutionAddress = (PVOID)PROGRAM_COUNTER
|
|
((PKTRAP_FRAME)BugCheckParameter3);
|
|
|
|
KiBugCheckData[3] = (ULONG_PTR)ExecutionAddress;
|
|
|
|
ImageBase = KiPcToFileHeader (ExecutionAddress,
|
|
&DataTableEntry,
|
|
FALSE,
|
|
&InKernelOrHal);
|
|
}
|
|
else {
|
|
|
|
//
|
|
// No trap frame, so no execution address either.
|
|
//
|
|
|
|
InKernelOrHal = TRUE;
|
|
}
|
|
|
|
VirtualAddress = (PVOID)BugCheckParameter1;
|
|
|
|
if (MmIsSpecialPoolAddress (VirtualAddress) == TRUE) {
|
|
|
|
//
|
|
// Update the bugcheck number so the administrator gets
|
|
// useful feedback that enabling special pool has enabled
|
|
// the system to locate the corruptor.
|
|
//
|
|
|
|
if (MmIsSpecialPoolAddressFree (VirtualAddress) == TRUE) {
|
|
if (InKernelOrHal == TRUE) {
|
|
KiBugCheckData[0] = PAGE_FAULT_IN_FREED_SPECIAL_POOL;
|
|
}
|
|
else {
|
|
KiBugCheckData[0] = DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL;
|
|
}
|
|
}
|
|
else {
|
|
if (InKernelOrHal == TRUE) {
|
|
KiBugCheckData[0] = PAGE_FAULT_BEYOND_END_OF_ALLOCATION;
|
|
}
|
|
else {
|
|
KiBugCheckData[0] = DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION;
|
|
}
|
|
}
|
|
}
|
|
else if ((ExecutionAddress == VirtualAddress) &&
|
|
(MmIsSessionAddress (VirtualAddress) == TRUE) &&
|
|
((Thread->Teb == NULL) || (IS_SYSTEM_ADDRESS(Thread->Teb)))) {
|
|
//
|
|
// This is a driver reference to session space from a
|
|
// worker thread. Since the system process has no session
|
|
// space this is illegal and the driver must be fixed.
|
|
//
|
|
|
|
KiBugCheckData[0] = TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE;
|
|
}
|
|
else if (ImageBase == NULL) {
|
|
KiBugCheckDriver = MmLocateUnloadedDriver (VirtualAddress);
|
|
if (KiBugCheckDriver != NULL) {
|
|
KiBugCheckData[0] = DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS;
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
case THREAD_STUCK_IN_DEVICE_DRIVER:
|
|
|
|
KiBugCheckDriver = (PUNICODE_STRING) BugCheckParameter3;
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
if (KiBugCheckDriver)
|
|
{
|
|
KeBugCheckUnicodeToAnsi(KiBugCheckDriver,
|
|
AnsiBuffer,
|
|
sizeof(AnsiBuffer));
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// This will set KiBugCheckDriver to 1 if successful.
|
|
//
|
|
|
|
if (ExecutionAddress)
|
|
{
|
|
KiDumpParameterImages(AnsiBuffer,
|
|
(PULONG_PTR)&ExecutionAddress,
|
|
1,
|
|
KeBugCheckUnicodeToAnsi);
|
|
}
|
|
}
|
|
|
|
if (KdPitchDebugger == FALSE ) {
|
|
KdDebuggerDataBlock.SavedContext = (ULONG_PTR) &ContextSave;
|
|
}
|
|
|
|
//
|
|
// If the user manually crashed the machine, skips the DbgPrints and
|
|
// go to the crashdump.
|
|
// Trying to do DbgPrint causes us to reeeter the debugger which causes
|
|
// some problems.
|
|
//
|
|
// Otherwise, if the debugger is enabled, print out the information and
|
|
// stop.
|
|
//
|
|
|
|
if ((BugCheckCode != MANUALLY_INITIATED_CRASH) &&
|
|
(KdDebuggerEnabled)) {
|
|
|
|
DbgPrint("\n*** Fatal System Error: 0x%08lx\n"
|
|
" (0x%p,0x%p,0x%p,0x%p)\n\n",
|
|
(ULONG)KiBugCheckData[0],
|
|
KiBugCheckData[1],
|
|
KiBugCheckData[2],
|
|
KiBugCheckData[3],
|
|
KiBugCheckData[4]);
|
|
|
|
//
|
|
// If the debugger is not actually connected, or the user manually
|
|
// crashed the machine by typing .crash in the debugger, proceed to
|
|
// "blue screen" the system.
|
|
//
|
|
// The call to DbgPrint above will have set the state of
|
|
// KdDebuggerNotPresent if the debugger has become disconnected
|
|
// since the system was booted.
|
|
//
|
|
|
|
if (KdDebuggerNotPresent == FALSE) {
|
|
|
|
if (KiBugCheckDriver != NULL) {
|
|
DbgPrint("Driver at fault: %s.\n", AnsiBuffer);
|
|
}
|
|
|
|
if (hardErrorCalled != FALSE) {
|
|
if (HardErrorCaption) {
|
|
DbgPrint(HardErrorCaption);
|
|
}
|
|
if (HardErrorMessage) {
|
|
DbgPrint(HardErrorMessage);
|
|
}
|
|
}
|
|
|
|
KiBugCheckDebugBreak (DBG_STATUS_BUGCHECK_FIRST);
|
|
}
|
|
}
|
|
|
|
//
|
|
// Freeze execution of the system by disabling interrupts and looping.
|
|
//
|
|
|
|
KeDisableInterrupts();
|
|
KeRaiseIrql(HIGH_LEVEL, &OldIrql);
|
|
|
|
|
|
//
|
|
// Don't attempt to display message more than once.
|
|
//
|
|
|
|
if (InterlockedDecrement (&KeBugCheckCount) == 0) {
|
|
|
|
#if !defined(NT_UP)
|
|
|
|
//
|
|
// Attempt to get the other processors frozen now, but don't wait
|
|
// for them to freeze (in case someone is stuck).
|
|
//
|
|
|
|
TargetSet = KeActiveProcessors & ~KeGetCurrentPrcb()->SetMember;
|
|
if (TargetSet != 0) {
|
|
KiIpiSend((KAFFINITY) TargetSet, IPI_FREEZE);
|
|
|
|
//
|
|
// Give the other processors one second to flush their data caches.
|
|
//
|
|
// N.B. This cannot be synchronized since the reason for the bug
|
|
// may be one of the other processors failed.
|
|
//
|
|
|
|
KeStallExecutionProcessor(1000 * 1000);
|
|
}
|
|
|
|
#endif
|
|
|
|
//
|
|
// Enable terminal output and turn on bugcheck processing.
|
|
//
|
|
{
|
|
HEADLESS_CMD_ENABLE_TERMINAL HeadlessCmd;
|
|
HEADLESS_CMD_SEND_BLUE_SCREEN_DATA HeadlessCmdBlueScreen;
|
|
|
|
HeadlessCmdBlueScreen.BugcheckCode = (ULONG)KiBugCheckData[0];
|
|
|
|
HeadlessCmd.Enable = TRUE;
|
|
|
|
HeadlessDispatch(HeadlessCmdStartBugCheck, NULL, 0, NULL, NULL);
|
|
|
|
HeadlessDispatch(HeadlessCmdEnableTerminal,
|
|
&HeadlessCmd,
|
|
sizeof(HEADLESS_CMD_ENABLE_TERMINAL),
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
HeadlessDispatch(HeadlessCmdSendBlueScreenData,
|
|
&HeadlessCmdBlueScreen,
|
|
sizeof(HEADLESS_CMD_SEND_BLUE_SCREEN_DATA),
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
}
|
|
|
|
//
|
|
// Enable InbvDisplayString calls to make it through to bootvid driver.
|
|
//
|
|
|
|
if (InbvIsBootDriverInstalled()) {
|
|
|
|
InbvAcquireDisplayOwnership();
|
|
|
|
InbvResetDisplay();
|
|
InbvSolidColorFill(0,0,639,479,4); // make the screen blue
|
|
InbvSetTextColor(15);
|
|
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRING_FILTER)NULL);
|
|
InbvEnableDisplayString(TRUE); // enable display string
|
|
InbvSetScrollRegion(0,0,639,475); // set to use entire screen
|
|
}
|
|
|
|
if (!hardErrorCalled)
|
|
{
|
|
|
|
InbvDisplayString("\n");
|
|
KeGetBugMessageText(BUGCHECK_MESSAGE_INTRO, NULL);
|
|
InbvDisplayString("\n\n");
|
|
|
|
if (KiBugCheckDriver) {
|
|
|
|
//
|
|
// Output the driver name.
|
|
//
|
|
|
|
KeGetBugMessageText(BUGCODE_ID_DRIVER, NULL);
|
|
|
|
KeBugCheckUnicodeToAnsi (KiBugCheckDriver, Buffer, sizeof (Buffer));
|
|
InbvDisplayString(" ");
|
|
InbvDisplayString (Buffer);
|
|
InbvDisplayString("\n\n");
|
|
}
|
|
|
|
//
|
|
// Display the PSS message.
|
|
// If we have no special text, get the text for the bugcode
|
|
// which will be the bugcode name.
|
|
//
|
|
|
|
if (PssMessage == BUGCODE_PSS_MESSAGE)
|
|
{
|
|
KeGetBugMessageText((ULONG)KiBugCheckData[0], NULL);
|
|
InbvDisplayString("\n\n");
|
|
}
|
|
|
|
KeGetBugMessageText(PSS_MESSAGE_INTRO, NULL);
|
|
InbvDisplayString("\n\n");
|
|
KeGetBugMessageText(PssMessage, NULL);
|
|
InbvDisplayString("\n\n");
|
|
|
|
KeGetBugMessageText(BUGCHECK_TECH_INFO, NULL);
|
|
|
|
sprintf((char *)Buffer,
|
|
"\n\n*** STOP: 0x%08lX (0x%p,0x%p,0x%p,0x%p)\n\n",
|
|
(ULONG)KiBugCheckData[0],
|
|
(PVOID)KiBugCheckData[1],
|
|
(PVOID)KiBugCheckData[2],
|
|
(PVOID)KiBugCheckData[3],
|
|
(PVOID)KiBugCheckData[4]);
|
|
|
|
InbvDisplayString((char *)Buffer);
|
|
|
|
if (KiBugCheckDriver) {
|
|
InbvDisplayString(AnsiBuffer);
|
|
}
|
|
|
|
if (!KiBugCheckDriver)
|
|
{
|
|
KiDumpParameterImages(AnsiBuffer,
|
|
&(KiBugCheckData[1]),
|
|
4,
|
|
KeBugCheckUnicodeToAnsi);
|
|
}
|
|
|
|
} else {
|
|
if (HardErrorCaption) {
|
|
InbvDisplayString(HardErrorCaption);
|
|
}
|
|
if (HardErrorMessage) {
|
|
InbvDisplayString(HardErrorMessage);
|
|
}
|
|
}
|
|
|
|
KiInvokeBugCheckEntryCallbacks();
|
|
|
|
//
|
|
// If the debugger is not enabled, attempt to enable it.
|
|
//
|
|
|
|
if (KdDebuggerEnabled == FALSE && KdPitchDebugger == FALSE ) {
|
|
KdInitSystem(0, NULL);
|
|
|
|
} else {
|
|
InbvDisplayString("\n");
|
|
}
|
|
|
|
// Restore the original Context frame
|
|
KeGetCurrentPrcb()->ProcessorState.ContextFrame = ContextSave;
|
|
|
|
//
|
|
// For some bugchecks we want to change the thread and context before
|
|
// it is written to the dump file IFF it is a minidump.
|
|
// Look at the original bugcheck data, not the processed data from
|
|
// above
|
|
//
|
|
|
|
#define MINIDUMP_BUGCHECK 0x10000000
|
|
|
|
if (IoIsTriageDumpEnabled())
|
|
{
|
|
switch (BugCheckCode) {
|
|
|
|
//
|
|
// System thread stores a context record as the 4th parameter.
|
|
// use that.
|
|
// Also save the context record in case someone needs to look
|
|
// at it.
|
|
//
|
|
|
|
case SYSTEM_THREAD_EXCEPTION_NOT_HANDLED:
|
|
if (BugCheckParameter4)
|
|
{
|
|
ContextSave = *((PCONTEXT)BugCheckParameter4);
|
|
|
|
KiBugCheckData[0] |= MINIDUMP_BUGCHECK;
|
|
}
|
|
break;
|
|
|
|
#if defined (_X86_)
|
|
|
|
//
|
|
// 3rd parameter is a trap frame.
|
|
//
|
|
// Build a context record out of that only if it's a kernel mode
|
|
// failure because esp may be wrong in that case ???.
|
|
//
|
|
|
|
case ATTEMPTED_WRITE_TO_READONLY_MEMORY:
|
|
case KERNEL_MODE_EXCEPTION_NOT_HANDLED:
|
|
case PAGE_FAULT_IN_NONPAGED_AREA:
|
|
|
|
if (BugCheckParameter3)
|
|
{
|
|
PKTRAP_FRAME Trap = (PKTRAP_FRAME) BugCheckParameter3;
|
|
|
|
if ((Trap->SegCs & 1) ||
|
|
(Trap->EFlags & EFLAGS_V86_MASK))
|
|
{
|
|
ContextSave.Esp = Trap->HardwareEsp;
|
|
}
|
|
else
|
|
{
|
|
ContextSave.Esp = (ULONG)Trap +
|
|
FIELD_OFFSET(KTRAP_FRAME, HardwareEsp);
|
|
}
|
|
if (Trap->EFlags & EFLAGS_V86_MASK)
|
|
{
|
|
ContextSave.SegSs = Trap->HardwareSegSs & 0xffff;
|
|
}
|
|
else if (Trap->SegCs & 1)
|
|
{
|
|
//
|
|
// It's user mode.
|
|
// The HardwareSegSs contains R3 data selector.
|
|
//
|
|
|
|
ContextSave.SegSs =
|
|
(Trap->HardwareSegSs | 3) & 0xffff;
|
|
}
|
|
else
|
|
{
|
|
ContextSave.SegSs = KGDT_R0_DATA;
|
|
}
|
|
|
|
ContextSave.SegGs = Trap->SegGs & 0xffff;
|
|
ContextSave.SegFs = Trap->SegFs & 0xffff;
|
|
ContextSave.SegEs = Trap->SegEs & 0xffff;
|
|
ContextSave.SegDs = Trap->SegDs & 0xffff;
|
|
ContextSave.SegCs = Trap->SegCs & 0xffff;
|
|
ContextSave.Eip = Trap->Eip;
|
|
ContextSave.Ebp = Trap->Ebp;
|
|
ContextSave.Eax = Trap->Eax;
|
|
ContextSave.Ebx = Trap->Ebx;
|
|
ContextSave.Ecx = Trap->Ecx;
|
|
ContextSave.Edx = Trap->Edx;
|
|
ContextSave.Edi = Trap->Edi;
|
|
ContextSave.Esi = Trap->Esi;
|
|
ContextSave.EFlags = Trap->EFlags;
|
|
|
|
KiBugCheckData[0] |= MINIDUMP_BUGCHECK;
|
|
}
|
|
break;
|
|
|
|
case THREAD_STUCK_IN_DEVICE_DRIVER:
|
|
|
|
// Extract the address of the spinning code from the thread
|
|
// object, so the dump is based off this thread.
|
|
|
|
Thread = (PKTHREAD) BugCheckParameter1;
|
|
|
|
if (Thread->State == Running)
|
|
{
|
|
//
|
|
// If the thread was running, the thread is now in a
|
|
// frozen state and the registers are in the PRCB
|
|
// context
|
|
//
|
|
ULONG Processor = Thread->NextProcessor;
|
|
ASSERT(Processor < (ULONG) KeNumberProcessors);
|
|
ContextSave =
|
|
KiProcessorBlock[Processor]->ProcessorState.ContextFrame;
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// This should be a uniproc machine, and the thread
|
|
// should be suspended. Just get the data off the
|
|
// switch frame.
|
|
//
|
|
|
|
PKSWITCHFRAME SwitchFrame = (PKSWITCHFRAME)Thread->KernelStack;
|
|
|
|
ASSERT(Thread->State == Ready);
|
|
|
|
ContextSave.Esp = (ULONG)Thread->KernelStack + sizeof(KSWITCHFRAME);
|
|
ContextSave.Ebp = *((PULONG)(ContextSave.Esp));
|
|
ContextSave.Eip = SwitchFrame->RetAddr;
|
|
}
|
|
|
|
KiBugCheckData[0] |= MINIDUMP_BUGCHECK;
|
|
break;
|
|
|
|
case UNEXPECTED_KERNEL_MODE_TRAP:
|
|
|
|
//
|
|
// Double fault
|
|
//
|
|
|
|
if (BugCheckParameter1 == 0x8)
|
|
{
|
|
// The thread is correct in this case.
|
|
// Second parameter is the TSS. If we have a TSS, convert
|
|
// the context and mark the bugcheck as converted.
|
|
|
|
PKTSS Tss = (PKTSS) BugCheckParameter2;
|
|
|
|
if (Tss)
|
|
{
|
|
if (Tss->EFlags & EFLAGS_V86_MASK)
|
|
{
|
|
ContextSave.SegSs = Tss->Ss & 0xffff;
|
|
}
|
|
else if (Tss->Cs & 1)
|
|
{
|
|
//
|
|
// It's user mode.
|
|
// The HardwareSegSs contains R3 data selector.
|
|
//
|
|
|
|
ContextSave.SegSs = (Tss->Ss | 3) & 0xffff;
|
|
}
|
|
else
|
|
{
|
|
ContextSave.SegSs = KGDT_R0_DATA;
|
|
}
|
|
|
|
ContextSave.SegGs = Tss->Gs & 0xffff;
|
|
ContextSave.SegFs = Tss->Fs & 0xffff;
|
|
ContextSave.SegEs = Tss->Es & 0xffff;
|
|
ContextSave.SegDs = Tss->Ds & 0xffff;
|
|
ContextSave.SegCs = Tss->Cs & 0xffff;
|
|
ContextSave.Esp = Tss->Esp;
|
|
ContextSave.Eip = Tss->Eip;
|
|
ContextSave.Ebp = Tss->Ebp;
|
|
ContextSave.Eax = Tss->Eax;
|
|
ContextSave.Ebx = Tss->Ebx;
|
|
ContextSave.Ecx = Tss->Ecx;
|
|
ContextSave.Edx = Tss->Edx;
|
|
ContextSave.Edi = Tss->Edi;
|
|
ContextSave.Esi = Tss->Esi;
|
|
ContextSave.EFlags = Tss->EFlags;
|
|
}
|
|
|
|
KiBugCheckData[0] |= MINIDUMP_BUGCHECK;
|
|
break;
|
|
}
|
|
#endif
|
|
default:
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Write a crash dump and optionally reboot if the system has been
|
|
// so configured.
|
|
//
|
|
|
|
IoAddTriageDumpDataBlock(PAGE_ALIGN(KiBugCheckData[1]), PAGE_SIZE);
|
|
IoAddTriageDumpDataBlock(PAGE_ALIGN(KiBugCheckData[2]), PAGE_SIZE);
|
|
IoAddTriageDumpDataBlock(PAGE_ALIGN(KiBugCheckData[3]), PAGE_SIZE);
|
|
IoAddTriageDumpDataBlock(PAGE_ALIGN(KiBugCheckData[4]), PAGE_SIZE);
|
|
IoAddTriageDumpDataBlock(PAGE_ALIGN(SaveDataPage), PAGE_SIZE);
|
|
|
|
//
|
|
// If the DPC stack is active, save that data page as well.
|
|
//
|
|
|
|
#if defined (_X86_)
|
|
if (KeGetCurrentPrcb()->DpcRoutineActive)
|
|
{
|
|
IoAddTriageDumpDataBlock(PAGE_ALIGN(KeGetCurrentPrcb()->DpcRoutineActive), PAGE_SIZE);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
IoWriteCrashDump((ULONG)KiBugCheckData[0],
|
|
KiBugCheckData[1],
|
|
KiBugCheckData[2],
|
|
KiBugCheckData[3],
|
|
KiBugCheckData[4],
|
|
&ContextSave,
|
|
Thread,
|
|
&Reboot);
|
|
}
|
|
|
|
//
|
|
// Invoke bugcheck callbacks after crashdump, so the callbacks will
|
|
// not prevent us from crashdumping.
|
|
//
|
|
|
|
KiScanBugCheckCallbackList();
|
|
|
|
|
|
//
|
|
// Reboot the machine if necessary.
|
|
//
|
|
|
|
if (Reboot) {
|
|
DbgUnLoadImageSymbols (NULL, (PVOID)-1, 0);
|
|
HalReturnToFirmware (HalRebootRoutine);
|
|
}
|
|
|
|
|
|
//
|
|
// Attempt to enter the kernel debugger.
|
|
//
|
|
|
|
KiBugCheckDebugBreak (DBG_STATUS_BUGCHECK_SECOND);
|
|
}
|
|
#ifdef _X86_
|
|
#pragma optimize("", on)
|
|
#endif
|
|
|
|
|
|
VOID
|
|
KeEnterKernelDebugger (
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function crashes the system in a controlled manner attempting
|
|
to invoke the kernel debugger.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
#if !defined(i386)
|
|
KIRQL OldIrql;
|
|
#endif
|
|
|
|
//
|
|
// Freeze execution of the system by disabling interrupts and looping.
|
|
//
|
|
|
|
KiHardwareTrigger = 1;
|
|
KeDisableInterrupts();
|
|
#if !defined(i386)
|
|
KeRaiseIrql(HIGH_LEVEL, &OldIrql);
|
|
#endif
|
|
if (InterlockedDecrement (&KeBugCheckCount) == 0) {
|
|
if (KdDebuggerEnabled == FALSE) {
|
|
if ( KdPitchDebugger == FALSE ) {
|
|
KdInitSystem(0, NULL);
|
|
}
|
|
}
|
|
}
|
|
|
|
KiBugCheckDebugBreak (DBG_STATUS_FATAL);
|
|
}
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
KeDeregisterBugCheckCallback (
|
|
IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function deregisters a bug check callback record.
|
|
|
|
Arguments:
|
|
|
|
CallbackRecord - Supplies a pointer to a bug check callback record.
|
|
|
|
Return Value:
|
|
|
|
If the specified bug check callback record is successfully deregistered,
|
|
then a value of TRUE is returned. Otherwise, a value of FALSE is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
BOOLEAN Deregister;
|
|
KIRQL OldIrql;
|
|
|
|
//
|
|
// Raise IRQL to HIGH_LEVEL and acquire the bug check callback list
|
|
// spinlock.
|
|
//
|
|
|
|
KeRaiseIrql(HIGH_LEVEL, &OldIrql);
|
|
KiAcquireSpinLock(&KeBugCheckCallbackLock);
|
|
|
|
//
|
|
// If the specified callback record is currently registered, then
|
|
// deregister the callback record.
|
|
//
|
|
|
|
Deregister = FALSE;
|
|
if (CallbackRecord->State == BufferInserted) {
|
|
CallbackRecord->State = BufferEmpty;
|
|
RemoveEntryList(&CallbackRecord->Entry);
|
|
Deregister = TRUE;
|
|
}
|
|
|
|
//
|
|
// Release the bug check callback spinlock, lower IRQL to its previous
|
|
// value, and return whether the callback record was successfully
|
|
// deregistered.
|
|
//
|
|
|
|
KiReleaseSpinLock(&KeBugCheckCallbackLock);
|
|
KeLowerIrql(OldIrql);
|
|
return Deregister;
|
|
}
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
KeRegisterBugCheckCallback (
|
|
IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord,
|
|
IN PKBUGCHECK_CALLBACK_ROUTINE CallbackRoutine,
|
|
IN PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN PUCHAR Component
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function registers a bug check callback record. If the system
|
|
crashes, then the specified function will be called during bug check
|
|
processing so it may dump additional state in the specified bug check
|
|
buffer.
|
|
|
|
N.B. Bug check callback routines are called in reverse order of
|
|
registration, i.e., in LIFO order.
|
|
|
|
Arguments:
|
|
|
|
CallbackRecord - Supplies a pointer to a callback record.
|
|
|
|
CallbackRoutine - Supplies a pointer to the callback routine.
|
|
|
|
Buffer - Supplies a pointer to the bug check buffer.
|
|
|
|
Length - Supplies the length of the bug check buffer in bytes.
|
|
|
|
Component - Supplies a pointer to a zero terminated component
|
|
identifier.
|
|
|
|
Return Value:
|
|
|
|
If the specified bug check callback record is successfully registered,
|
|
then a value of TRUE is returned. Otherwise, a value of FALSE is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
BOOLEAN Inserted;
|
|
KIRQL OldIrql;
|
|
|
|
//
|
|
// Raise IRQL to HIGH_LEVEL and acquire the bug check callback list
|
|
// spinlock.
|
|
//
|
|
|
|
KeRaiseIrql(HIGH_LEVEL, &OldIrql);
|
|
KiAcquireSpinLock(&KeBugCheckCallbackLock);
|
|
|
|
//
|
|
// If the specified callback record is currently not registered, then
|
|
// register the callback record.
|
|
//
|
|
|
|
Inserted = FALSE;
|
|
if (CallbackRecord->State == BufferEmpty) {
|
|
CallbackRecord->CallbackRoutine = CallbackRoutine;
|
|
CallbackRecord->Buffer = Buffer;
|
|
CallbackRecord->Length = Length;
|
|
CallbackRecord->Component = Component;
|
|
CallbackRecord->Checksum =
|
|
((ULONG_PTR)CallbackRoutine + (ULONG_PTR)Buffer + Length + (ULONG_PTR)Component);
|
|
|
|
CallbackRecord->State = BufferInserted;
|
|
InsertHeadList(&KeBugCheckCallbackListHead, &CallbackRecord->Entry);
|
|
Inserted = TRUE;
|
|
}
|
|
|
|
//
|
|
// Release the bug check callback spinlock, lower IRQL to its previous
|
|
// value, and return whether the callback record was successfully
|
|
// registered.
|
|
//
|
|
|
|
KiReleaseSpinLock(&KeBugCheckCallbackLock);
|
|
KeLowerIrql(OldIrql);
|
|
return Inserted;
|
|
}
|
|
|
|
VOID
|
|
KiScanBugCheckCallbackList (
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function scans the bug check callback list and calls each bug
|
|
check callback routine so it can dump component specific information
|
|
that may identify the cause of the bug check.
|
|
|
|
N.B. The scan of the bug check callback list is performed VERY
|
|
carefully. Bug check callback routines are called at HIGH_LEVEL
|
|
and may not acquire ANY resources.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PKBUGCHECK_CALLBACK_RECORD CallbackRecord;
|
|
ULONG_PTR Checksum;
|
|
ULONG Index;
|
|
PLIST_ENTRY LastEntry;
|
|
PLIST_ENTRY ListHead;
|
|
PLIST_ENTRY NextEntry;
|
|
PUCHAR Source;
|
|
|
|
//
|
|
// If the bug check callback listhead is not initialized, then the
|
|
// bug check has occured before the system has gotten far enough
|
|
// in the initialization code to enable anyone to register a callback.
|
|
//
|
|
|
|
ListHead = &KeBugCheckCallbackListHead;
|
|
if ((ListHead->Flink != NULL) && (ListHead->Blink != NULL)) {
|
|
|
|
//
|
|
// Scan the bug check callback list.
|
|
//
|
|
|
|
LastEntry = ListHead;
|
|
NextEntry = ListHead->Flink;
|
|
while (NextEntry != ListHead) {
|
|
|
|
//
|
|
// The next entry address must be aligned properly, the
|
|
// callback record must be readable, and the callback record
|
|
// must have back link to the last entry.
|
|
//
|
|
|
|
if (((ULONG_PTR)NextEntry & (sizeof(ULONG_PTR) - 1)) != 0) {
|
|
return;
|
|
|
|
} else {
|
|
CallbackRecord = CONTAINING_RECORD(NextEntry,
|
|
KBUGCHECK_CALLBACK_RECORD,
|
|
Entry);
|
|
|
|
Source = (PUCHAR)CallbackRecord;
|
|
for (Index = 0; Index < sizeof(KBUGCHECK_CALLBACK_RECORD); Index += 1) {
|
|
if (MmIsAddressValid((PVOID)Source) == FALSE) {
|
|
return;
|
|
}
|
|
|
|
Source += 1;
|
|
}
|
|
|
|
if (CallbackRecord->Entry.Blink != LastEntry) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// If the callback record has a state of inserted and the
|
|
// computed checksum matches the callback record checksum,
|
|
// then call the specified bug check callback routine.
|
|
//
|
|
|
|
Checksum = (ULONG_PTR)CallbackRecord->CallbackRoutine;
|
|
Checksum += (ULONG_PTR)CallbackRecord->Buffer;
|
|
Checksum += CallbackRecord->Length;
|
|
Checksum += (ULONG_PTR)CallbackRecord->Component;
|
|
if ((CallbackRecord->State == BufferInserted) &&
|
|
(CallbackRecord->Checksum == Checksum)) {
|
|
|
|
//
|
|
// Call the specified bug check callback routine and
|
|
// handle any exceptions that occur.
|
|
//
|
|
|
|
CallbackRecord->State = BufferStarted;
|
|
try {
|
|
(CallbackRecord->CallbackRoutine)(CallbackRecord->Buffer,
|
|
CallbackRecord->Length);
|
|
|
|
CallbackRecord->State = BufferFinished;
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
CallbackRecord->State = BufferIncomplete;
|
|
}
|
|
}
|
|
}
|
|
|
|
LastEntry = NextEntry;
|
|
NextEntry = NextEntry->Flink;
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
KeDeregisterBugCheckReasonCallback (
|
|
IN PKBUGCHECK_REASON_CALLBACK_RECORD CallbackRecord
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function deregisters a bug check callback record.
|
|
|
|
Arguments:
|
|
|
|
CallbackRecord - Supplies a pointer to a bug check callback record.
|
|
|
|
Return Value:
|
|
|
|
If the specified bug check callback record is successfully deregistered,
|
|
then a value of TRUE is returned. Otherwise, a value of FALSE is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
BOOLEAN Deregister;
|
|
KIRQL OldIrql;
|
|
|
|
//
|
|
// Raise IRQL to HIGH_LEVEL and acquire the bug check callback list
|
|
// spinlock.
|
|
//
|
|
|
|
KeRaiseIrql(HIGH_LEVEL, &OldIrql);
|
|
KiAcquireSpinLock(&KeBugCheckCallbackLock);
|
|
|
|
//
|
|
// If the specified callback record is currently registered, then
|
|
// deregister the callback record.
|
|
//
|
|
|
|
Deregister = FALSE;
|
|
if (CallbackRecord->State == BufferInserted) {
|
|
CallbackRecord->State = BufferEmpty;
|
|
RemoveEntryList(&CallbackRecord->Entry);
|
|
Deregister = TRUE;
|
|
}
|
|
|
|
//
|
|
// Release the bug check callback spinlock, lower IRQL to its previous
|
|
// value, and return whether the callback record was successfully
|
|
// deregistered.
|
|
//
|
|
|
|
KiReleaseSpinLock(&KeBugCheckCallbackLock);
|
|
KeLowerIrql(OldIrql);
|
|
return Deregister;
|
|
}
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
KeRegisterBugCheckReasonCallback (
|
|
IN PKBUGCHECK_REASON_CALLBACK_RECORD CallbackRecord,
|
|
IN PKBUGCHECK_REASON_CALLBACK_ROUTINE CallbackRoutine,
|
|
IN KBUGCHECK_CALLBACK_REASON Reason,
|
|
IN PUCHAR Component
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function registers a bug check callback record. If the system
|
|
crashes, then the specified function will be called during bug check
|
|
processing.
|
|
|
|
N.B. Bug check callback routines are called in reverse order of
|
|
registration, i.e., in LIFO order.
|
|
|
|
Arguments:
|
|
|
|
CallbackRecord - Supplies a pointer to a callback record.
|
|
|
|
CallbackRoutine - Supplies a pointer to the callback routine.
|
|
|
|
Reason - Specifies the conditions under which the callback
|
|
should be called.
|
|
|
|
Component - Supplies a pointer to a zero terminated component
|
|
identifier.
|
|
|
|
Return Value:
|
|
|
|
If the specified bug check callback record is successfully registered,
|
|
then a value of TRUE is returned. Otherwise, a value of FALSE is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
BOOLEAN Inserted;
|
|
KIRQL OldIrql;
|
|
|
|
//
|
|
// Raise IRQL to HIGH_LEVEL and acquire the bug check callback list
|
|
// spinlock.
|
|
//
|
|
|
|
KeRaiseIrql(HIGH_LEVEL, &OldIrql);
|
|
KiAcquireSpinLock(&KeBugCheckCallbackLock);
|
|
|
|
//
|
|
// If the specified callback record is currently not registered, then
|
|
// register the callback record.
|
|
//
|
|
|
|
Inserted = FALSE;
|
|
if (CallbackRecord->State == BufferEmpty) {
|
|
CallbackRecord->CallbackRoutine = CallbackRoutine;
|
|
CallbackRecord->Reason = Reason;
|
|
CallbackRecord->Component = Component;
|
|
CallbackRecord->Checksum =
|
|
((ULONG_PTR)CallbackRoutine + Reason + (ULONG_PTR)Component);
|
|
|
|
CallbackRecord->State = BufferInserted;
|
|
InsertHeadList(&KeBugCheckReasonCallbackListHead,
|
|
&CallbackRecord->Entry);
|
|
Inserted = TRUE;
|
|
}
|
|
|
|
//
|
|
// Release the bug check callback spinlock, lower IRQL to its previous
|
|
// value, and return whether the callback record was successfully
|
|
// registered.
|
|
//
|
|
|
|
KiReleaseSpinLock(&KeBugCheckCallbackLock);
|
|
KeLowerIrql(OldIrql);
|
|
return Inserted;
|
|
}
|
|
|
|
VOID
|
|
KiInvokeBugCheckEntryCallbacks (
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function scans the bug check reason callback list and calls
|
|
each bug check entry callback routine.
|
|
|
|
This may seem like a duplication of KiScanBugCheckCallbackList
|
|
but the critical difference is that the bug check entry callbacks
|
|
are called immediately upon entry to KeBugCheck2 whereas
|
|
KSBCCL does not invoke its callbacks until after all bug check
|
|
processing has finished.
|
|
|
|
In order to avoid people from abusing this callback it's
|
|
semi-private and the reason -- KbCallbackReserved1 -- has
|
|
an obscure name.
|
|
|
|
N.B. The scan of the bug check callback list is performed VERY
|
|
carefully. Bug check callback routines may be called at HIGH_LEVEL
|
|
and may not acquire ANY resources.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PKBUGCHECK_REASON_CALLBACK_RECORD CallbackRecord;
|
|
ULONG_PTR Checksum;
|
|
ULONG Index;
|
|
PLIST_ENTRY LastEntry;
|
|
PLIST_ENTRY ListHead;
|
|
PLIST_ENTRY NextEntry;
|
|
PUCHAR Source;
|
|
|
|
//
|
|
// If the bug check callback listhead is not initialized, then the
|
|
// bug check has occured before the system has gotten far enough
|
|
// in the initialization code to enable anyone to register a callback.
|
|
//
|
|
|
|
ListHead = &KeBugCheckReasonCallbackListHead;
|
|
if (ListHead->Flink == NULL || ListHead->Blink == NULL) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Scan the bug check callback list.
|
|
//
|
|
|
|
LastEntry = ListHead;
|
|
NextEntry = ListHead->Flink;
|
|
while (NextEntry != ListHead) {
|
|
|
|
//
|
|
// The next entry address must be aligned properly, the
|
|
// callback record must be readable, and the callback record
|
|
// must have back link to the last entry.
|
|
//
|
|
|
|
if (((ULONG_PTR)NextEntry & (sizeof(ULONG_PTR) - 1)) != 0) {
|
|
return;
|
|
}
|
|
|
|
CallbackRecord = CONTAINING_RECORD(NextEntry,
|
|
KBUGCHECK_REASON_CALLBACK_RECORD,
|
|
Entry);
|
|
|
|
Source = (PUCHAR)CallbackRecord;
|
|
for (Index = 0; Index < sizeof(*CallbackRecord); Index += 1) {
|
|
if (MmIsAddressValid((PVOID)Source) == FALSE) {
|
|
return;
|
|
}
|
|
|
|
Source += 1;
|
|
}
|
|
|
|
if (CallbackRecord->Entry.Blink != LastEntry) {
|
|
return;
|
|
}
|
|
|
|
LastEntry = NextEntry;
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
//
|
|
// If the callback record has a state of inserted and the
|
|
// computed checksum matches the callback record checksum,
|
|
// then call the specified bug check callback routine.
|
|
//
|
|
|
|
Checksum = (ULONG_PTR)CallbackRecord->CallbackRoutine;
|
|
Checksum += (ULONG_PTR)CallbackRecord->Reason;
|
|
Checksum += (ULONG_PTR)CallbackRecord->Component;
|
|
if ((CallbackRecord->State != BufferInserted) ||
|
|
(CallbackRecord->Checksum != Checksum) ||
|
|
(CallbackRecord->Reason != KbCallbackReserved1) ||
|
|
MmIsAddressValid((PVOID)(ULONG_PTR)CallbackRecord->
|
|
CallbackRoutine) == FALSE) {
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// Call the specified bug check callback routine and
|
|
// handle any exceptions that occur.
|
|
//
|
|
|
|
try {
|
|
(CallbackRecord->CallbackRoutine)(KbCallbackReserved1,
|
|
CallbackRecord,
|
|
NULL, 0);
|
|
CallbackRecord->State = BufferFinished;
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
CallbackRecord->State = BufferIncomplete;
|
|
}
|
|
}
|
|
}
|