bugcheck.c File Reference

#include "ki.h"
#include "wdbgexts.h"
#include <inbv.h>

Go to the source code of this file.

Defines
#define	NOEXTAPI
#define	POWER_FAILURE_SIMULATE   ((ULONG)0x000000E5L)
Functions
VOID	KiScanBugCheckCallbackList (VOID)
VOID	KeBugCheck (IN ULONG BugCheckCode)
BOOLEAN	KeGetBugMessageText (IN ULONG MessageId, IN PANSI_STRING ReturnedString OPTIONAL)
PCHAR	KeBugCheckUnicodeToAnsi (IN PUNICODE_STRING UnicodeString, OUT PCHAR AnsiBuffer, IN ULONG MaxAnsiLength)
VOID	KiBugCheckDebugBreak (IN ULONG BreakStatus)
PVOID	KiPcToFileHeader (IN PVOID PcValue, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry, IN LOGICAL DriversOnly, OUT PBOOLEAN InKernelOrHal)
VOID	KiDumpParameterImages (IN PCHAR Buffer, IN PULONG_PTR BugCheckParameters, IN ULONG NumberOfParameters, IN PKE_BUGCHECK_UNICODE_TO_ANSI UnicodeToAnsiRoutine)
VOID	KeBugCheckEx (IN ULONG BugCheckCode, IN ULONG_PTR BugCheckParameter1, IN ULONG_PTR BugCheckParameter2, IN ULONG_PTR BugCheckParameter3, IN ULONG_PTR BugCheckParameter4)
VOID	KeEnterKernelDebugger (VOID)
NTKERNELAPI BOOLEAN	KeDeregisterBugCheckCallback (IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord)
NTKERNELAPI BOOLEAN	KeRegisterBugCheckCallback (IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord, IN PKBUGCHECK_CALLBACK_ROUTINE CallbackRoutine, IN PVOID Buffer, IN ULONG Length, IN PUCHAR Component)
Variables
KDDEBUGGER_DATA64	KdDebuggerDataBlock
PVOID	ExPoolCodeStart
PVOID	ExPoolCodeEnd
PVOID	MmPoolCodeStart
PVOID	MmPoolCodeEnd
PVOID	MmPteCodeStart
PVOID	MmPteCodeEnd
ULONG	KeBugCheckCount = 1
ULONG_PTR	KiBugCheckData [5]
PUNICODE_STRING	KiBugCheckDriver

---

Define Documentation

#define NOEXTAPI

Definition at line 26 of file bugcheck.c.

#define POWER_FAILURE_SIMULATE   ((ULONG)0x000000E5L)

Definition at line 425 of file bugcheck.c. Referenced by KeBugCheckEx().

---

Function Documentation

VOID KeBugCheck (  IN ULONG  BugCheckCode  )

Definition at line 70 of file bugcheck.c. References exit, and KeBugCheckEx(). Referenced by CheckPool(), ExAllocatePool(), ExAllocatePoolWithQuota(), ExAllocatePoolWithQuotaTag(), ExFreePool(), ExpFindCurrentThread(), InitializePool(), IoBuildPartialMdl(), IopAssignNetworkDriveLetter(), KeDetachProcess(), KePhase0DeleteIoMap(), KeSetAffinityThread(), KeUnstackDetachProcess(), KeWaitForMultipleObjects(), Ki386CheckDivideByZeroTrap(), KiDataBusError(), KiEspToTrapFrame(), KiGetVectorInfo(), KiInitializeGDT(), KiInitializeKernel(), KiInstructionBusError(), KiMachineCheck(), KiMemoryFault(), KiSystemServiceHandler(), LfsGetLbcb(), MiInitMachineDependent(), MiMapImageHeaderInHyperSpace(), MiMapPageInHyperSpace(), MiMapPageToZeroInHyperSpace(), PsInitSystem(), PspExitNormalApc(), PspExitThread(), PspProcessDelete(), PspSystemThreadStartup(), PspThreadDelete(), SeDefaultObjectMethod(), SeInitSystem(), SepAuditFailed(), SepDeReferenceLogonSession(), and xHalIoAssignDriveLetters(). : This function crashes the system in a controlled manner. Arguments: BugCheckCode - Supplies the reason for the bug check. Return Value: None. --*/ { KeBugCheckEx(BugCheckCode,0,0,0,0); }

VOID KeBugCheckEx (  IN ULONG  BugCheckCode, IN ULONG_PTR  BugCheckParameter1, IN ULONG_PTR  BugCheckParameter2, IN ULONG_PTR  BugCheckParameter3, IN ULONG_PTR  BugCheckParameter4 )

Definition at line 428 of file bugcheck.c. References Buffer, DATA_BUS_ERROR, DbgPrint, ExPoolCodeEnd, ExPoolCodeStart, FALSE, HalRebootRoutine, HalReturnToFirmware(), HIGH_LEVEL, INBV_DISPLAY_STRING_FILTER, InbvAcquireDisplayOwnership(), InbvDisplayString(), InbvEnableDisplayString(), InbvInstallDisplayStringFilter(), InbvIsBootDriverInstalled(), InbvResetDisplay(), InbvSetScrollRegion(), InbvSetTextColor(), InbvSolidColorFill(), IoWriteCrashDump(), IPI_FREEZE, IRQL_NOT_LESS_OR_EQUAL, IS_SYSTEM_ADDRESS, KdDebuggerDataBlock, KdDebuggerEnabled, KdDebuggerNotPresent, KdInitSystem(), KdPitchDebugger, KeActiveProcessors, KeBugCheckCount, KeBugCheckUnicodeToAnsi(), KeGetBugMessageText(), KeGetCurrentPrcb, KeGetCurrentThread, KeRaiseIrql(), KeStallExecutionProcessor(), KiBugCheckData, KiBugCheckDebugBreak(), KiBugCheckDriver, KiDisableInterrupts(), KiDumpParameterImages(), KiHardwareTrigger, KiIpiSend(), KiPcToFileHeader(), KiSaveProcessorControlState(), KiScanBugCheckCallbackList(), KMODE_EXCEPTION_NOT_HANDLED, MmIsHydraAddress(), MmIsSpecialPoolAddressFree(), MmLocateUnloadedDriver(), MmPoolCodeEnd, MmPoolCodeStart, MmPteCodeEnd, MmPteCodeStart, MmSpecialPoolEnd, MmSpecialPoolStart, NULL, POWER_FAILURE_SIMULATE, sprintf(), _KTHREAD::Teb, TRUE, and UNEXPECTED_KERNEL_MODE_TRAP. Referenced by CmBootLastKnownGood(), CmGetSystemControlValues(), CmGetSystemDriverList(), CmInitSystem1(), CmpCheckLockExceptionFilter(), CmpHiveRootSecurityDescriptor(), CmpInitializeCache(), CmpInitializeHiveList(), CmpInitializeSystemHive(), CmpReleaseGlobalQuota(), CmpSecurityMethod(), CmpWorker(), DrvDriverFailure(), ExAllocatePoolSanityChecks(), ExFreePoolSanityChecks(), ExFreePoolWithTag(), ExInitializeRegion(), ExInterlockedExtendRegion(), ExpCheckForWorker(), ExpSystemErrorHandler(), ExpWorkerThread(), ExReleaseResourceLite(), ExUnlockHandleTableEntry(), FsRtlWorkerThread(), HvRefreshHive(), InitializePool(), IoAssignResources(), IoBuildPoDeviceNotifyList(), IoCancelIrp(), IoInitSystem(), IopDestroyDeviceNode(), IopDriverCorrectnessThrowBugCheck(), IopEnumerateDevice(), IopfCallDriver(), IopFreeIrp(), IopInitializeBootDrivers(), IopMarkBootPartition(), IopMountVolume(), IopProcessNewDeviceNode(), IopProcessRelation(), IopStartAndEnumerateDevice(), IoReportResourceForDetection(), IoReportResourceUsage(), IovBuildAsynchronousFsdRequest(), IovBuildDeviceIoControlRequest(), IovCallDriver(), IovCompleteRequest(), IovFreeIrpPrivate(), IovInitializeTimer(), IovpCompleteRequest(), IovSpecialIrpCallDriver(), KdpCauseBugCheck(), KeAttachProcess(), KeBugCheck(), KeBusError(), KeCheckForTimer(), KeForceAttachProcess(), KeRemoveQueue(), KeRundownThread(), KeStackAttachProcess(), KfSanityCheckLowerIrql(), KfSanityCheckRaiseIrql(), KiDeliverApc(), KiDispatchException(), KiEmulateFloat(), KiGeneralExceptions(), KiIA32ExceptionNoDevice(), KiIA32ExceptionPanic(), KiIA32InterceptInstruction(), KiInitializeKernel(), KiMemoryFault(), KiNatExceptions(), KiRequestSoftwareInterrupt(), MiAddMdlTracker(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiCheckSessionPoolAllocations(), MiCleanSection(), MiCloneProcessAddressSpace(), MiConvertToLoaderVirtual(), MiDecrementCloneBlockReference(), MiDecrementReferenceCount(), MiDecrementShareCount(), MiDeletePte(), MiDeleteSystemPagableVm(), MiEliminateWorkingSetEntry(), MiEnsureAvailablePageOrWait(), MiEnsureAvailablePagesInFreeDescriptor(), MiFreeMdlTracker(), MiFreePoolPages(), MiFreeSessionSpaceMap(), MiGetNextPhysicalPage(), MiHandleForkTransitionPte(), MiInitializeCopyOnWritePfn(), MiInitializePfn(), MiInitializeReadInProgressPfn(), MiInitializeTransitionPfn(), MiInitMachineDependent(), MiInsertPageInList(), MiInsertStandbyListAtFront(), MiLocateWsle(), MiLookupWsleHashIndex(), MiMakeOutswappedPageResident(), MiMakeSystemAddressValid(), MiMakeSystemAddressValidPfn(), MiMakeSystemAddressValidPfnSystemWs(), MiMakeSystemAddressValidPfnWs(), MiReleaseSystemPtes(), MiRemoveFromSystemSpace(), MiRemovePageByColor(), MiRemovePageFromList(), MiRemovePteTracker(), MiRemoveWsle(), MiReserveSystemPtes(), MiReserveSystemPtes2(), MiResolveMappedFileFault(), MiUnlinkPageFromList(), MiVerifyingDriverUnloading(), MiWaitForInPageComplete(), MmAccessFault(), MmCleanProcessAddressSpace(), MmFreeLoaderBlock(), MmFreeSpecialPool(), MmInPageKernelStack(), MmLockPagableDataSection(), MmMapViewInSystemCache(), MmPurgeSection(), MmUnloadSystemImage(), MmUnlockCachedPage(), MmUnlockPages(), MmZeroPageThread(), MxGetNextPage(), NtClose(), NtNotifyChangeMultipleKeys(), NtUserInitialize(), PsLocateSystemDll(), PspExitThread(), PspInitializeSystemDll(), PspInitPhase0(), PspUnhandledExceptionInSystemThread(), VerifierExAcquireFastMutex(), VerifierExAcquireFastMutexUnsafe(), VerifierExAcquireResourceExclusive(), VerifierExReleaseFastMutex(), VerifierExReleaseFastMutexUnsafe(), VerifierExReleaseResource(), VerifierExTryToAcquireFastMutex(), VerifierFreeTrackedPool(), VerifierKeReleaseSpinLock(), VerifierMapIoSpace(), VerifierMapLockedPages(), VerifierMapLockedPagesSpecifyCache(), VerifierProbeAndLockPages(), VerifierProbeAndLockProcessPages(), VerifierProbeAndLockSelectedPages(), VerifierSetEvent(), VerifierUnlockPages(), VerifierUnmapIoSpace(), VerifierUnmapLockedPages(), ViReleasePoolAllocation(), xHalAssignSlotResources(), and xHalTranslateBusAddress(). 00438 : 00439 00440 This function crashes the system in a controlled manner. 00441 00442 Arguments: 00443 00444 BugCheckCode - Supplies the reason for the bug check. 00445 00446 BugCheckParameter1-4 - Supplies additional bug check information 00447 00448 Return Value: 00449 00450 None. 00451 00452 --*/ 00453 00454 { 00455 UCHAR Buffer[100]; 00456 ULONG_PTR BugCheckParameters[4]; 00457 CONTEXT ContextSave; 00458 ULONG PssMessage; 00459 PCHAR HardErrorCaption; 00460 PCHAR HardErrorMessage; 00461 KIRQL OldIrql; 00462 PKTRAP_FRAME TrapInformation; 00463 PVOID ExecutionAddress; 00464 PVOID ImageBase; 00465 PVOID VirtualAddress; 00466 PLDR_DATA_TABLE_ENTRY DataTableEntry; 00467 UCHAR AnsiBuffer[32]; 00468 PKTHREAD Thread; 00469 BOOLEAN InKernelOrHal; 00470 BOOLEAN DontCare; 00471 00472 #if !defined(NT_UP) 00473 00474 ULONG TargetSet; 00475 00476 #endif 00477 BOOLEAN hardErrorCalled; 00478 00479 // 00480 // Try to simulate a power failure for Cluster testing 00481 // 00482 00483 if (BugCheckCode == POWER_FAILURE_SIMULATE) { 00484 KiScanBugCheckCallbackList(); 00485 HalReturnToFirmware(HalRebootRoutine); 00486 } 00487 00488 // 00489 // Capture the callers context as closely as possible into the debugger's 00490 // processor state area of the Prcb. 00491 // 00492 // N.B. There may be some prologue code that shuffles registers such that 00493 // they get destroyed. 00494 // 00495 00496 #if defined(i386) 00497 KiSetHardwareTrigger(); 00498 #else 00499 KiHardwareTrigger = 1; 00500 #endif 00501 00502 RtlCaptureContext(&KeGetCurrentPrcb()->ProcessorState.ContextFrame); 00503 KiSaveProcessorControlState(&KeGetCurrentPrcb()->ProcessorState); 00504 00505 // 00506 // This is necessary on machines where the virtual unwind that happens 00507 // during KeDumpMachineState() destroys the context record. 00508 // 00509 00510 ContextSave = KeGetCurrentPrcb()->ProcessorState.ContextFrame; 00511 00512 // 00513 // If we are called by hard error then we don't want to dump the 00514 // processor state on the machine. 00515 // 00516 // We know that we are called by hard error because the bug check 00517 // code will be FATAL_UNHANDLED_HARD_ERROR. If this is so then the 00518 // error status passed to harderr is the first parameter, and a pointer 00519 // to the parameter array from hard error is passed as the second 00520 // argument. 00521 // 00522 // The third argument is the OemCaption to be printed. 00523 // The last argument is the OemMessage to be printed. 00524 // 00525 00526 if (BugCheckCode == FATAL_UNHANDLED_HARD_ERROR) { 00527 00528 PULONG_PTR parameterArray; 00529 00530 hardErrorCalled = TRUE; 00531 00532 HardErrorCaption = (PCHAR)BugCheckParameter3; 00533 HardErrorMessage = (PCHAR)BugCheckParameter4; 00534 parameterArray = (PULONG_PTR)BugCheckParameter2; 00535 BugCheckCode = (ULONG)BugCheckParameter1; 00536 BugCheckParameter1 = parameterArray[0]; 00537 BugCheckParameter2 = parameterArray[1]; 00538 BugCheckParameter3 = parameterArray[2]; 00539 BugCheckParameter4 = parameterArray[3]; 00540 00541 } else { 00542 00543 hardErrorCalled = FALSE; 00544 00545 switch (BugCheckCode) { 00546 00547 case IRQL_NOT_LESS_OR_EQUAL: 00548 00549 ExecutionAddress = (PVOID)BugCheckParameter4; 00550 00551 if (ExecutionAddress >= ExPoolCodeStart && ExecutionAddress < ExPoolCodeEnd) { 00552 BugCheckCode = DRIVER_CORRUPTED_EXPOOL; 00553 } 00554 else if (ExecutionAddress >= MmPoolCodeStart && ExecutionAddress < MmPoolCodeEnd) { 00555 BugCheckCode = DRIVER_CORRUPTED_MMPOOL; 00556 } 00557 else if (ExecutionAddress >= MmPteCodeStart && ExecutionAddress < MmPteCodeEnd) { 00558 BugCheckCode = DRIVER_CORRUPTED_SYSPTES; 00559 } 00560 else { 00561 ImageBase = KiPcToFileHeader (ExecutionAddress, 00562 &DataTableEntry, 00563 FALSE, 00564 &InKernelOrHal); 00565 if (InKernelOrHal == TRUE) { 00566 00567 // 00568 // The kernel faulted at raised IRQL. Quite often this 00569 // is a driver that has unloaded without deleting its 00570 // lookaside lists or other resources. Or its resources 00571 // are marked pagable and shouldn't be. Detect both 00572 // cases here and identify the offending driver 00573 // whenever possible. 00574 // 00575 00576 VirtualAddress = (PVOID)BugCheckParameter1; 00577 00578 ImageBase = KiPcToFileHeader (VirtualAddress, 00579 &DataTableEntry, 00580 TRUE, 00581 &InKernelOrHal); 00582 00583 if (ImageBase != NULL) { 00584 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00585 BugCheckCode = DRIVER_PORTION_MUST_BE_NONPAGED; 00586 } 00587 else { 00588 KiBugCheckDriver = MmLocateUnloadedDriver (VirtualAddress); 00589 if (KiBugCheckDriver != NULL) { 00590 BugCheckCode = SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD; 00591 } 00592 } 00593 } 00594 else { 00595 BugCheckCode = DRIVER_IRQL_NOT_LESS_OR_EQUAL; 00596 } 00597 } 00598 break; 00599 00600 case ATTEMPTED_WRITE_TO_READONLY_MEMORY: 00601 00602 KiBugCheckDriver = NULL; 00603 TrapInformation = (PKTRAP_FRAME)BugCheckParameter3; 00604 00605 // 00606 // Extract the execution address from the trap frame to 00607 // identify the component. 00608 // 00609 00610 if (TrapInformation != NULL) { 00611 ExecutionAddress = (PVOID)PROGRAM_COUNTER (TrapInformation); 00612 ImageBase = KiPcToFileHeader (ExecutionAddress, 00613 &DataTableEntry, 00614 TRUE, 00615 &InKernelOrHal); 00616 00617 if (ImageBase != NULL) { 00618 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00619 } 00620 } 00621 00622 break; 00623 00624 case DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS: 00625 00626 ExecutionAddress = (PVOID)BugCheckParameter1; 00627 00628 ImageBase = KiPcToFileHeader (ExecutionAddress, 00629 &DataTableEntry, 00630 TRUE, 00631 &InKernelOrHal); 00632 00633 if (ImageBase != NULL) { 00634 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00635 } 00636 else { 00637 KiBugCheckDriver = MmLocateUnloadedDriver (ExecutionAddress); 00638 } 00639 00640 BugCheckParameter4 = (ULONG_PTR)KiBugCheckDriver; 00641 00642 break; 00643 00644 case DRIVER_USED_EXCESSIVE_PTES: 00645 00646 DataTableEntry = (PLDR_DATA_TABLE_ENTRY)BugCheckParameter1; 00647 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00648 00649 break; 00650 00651 case PAGE_FAULT_IN_NONPAGED_AREA: 00652 00653 ExecutionAddress = NULL; 00654 KiBugCheckDriver = NULL; 00655 00656 VirtualAddress = (PVOID)BugCheckParameter1; 00657 00658 TrapInformation = (PKTRAP_FRAME)BugCheckParameter3; 00659 00660 // 00661 // Extract the execution address from the trap frame to 00662 // identify the component. 00663 // 00664 00665 if (TrapInformation != NULL) { 00666 00667 ExecutionAddress = (PVOID)PROGRAM_COUNTER (TrapInformation); 00668 BugCheckParameter3 = (ULONG_PTR)ExecutionAddress; 00669 00670 KiPcToFileHeader (ExecutionAddress, 00671 &DataTableEntry, 00672 FALSE, 00673 &InKernelOrHal); 00674 00675 ImageBase = KiPcToFileHeader (ExecutionAddress, 00676 &DataTableEntry, 00677 TRUE, 00678 &DontCare); 00679 00680 if (ImageBase != NULL) { 00681 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00682 } 00683 } 00684 else { 00685 00686 // 00687 // No trap frame, so no execution address either. 00688 // 00689 00690 BugCheckParameter3 = 0; 00691 } 00692 00693 Thread = KeGetCurrentThread(); 00694 00695 if ((VirtualAddress >= MmSpecialPoolStart) && 00696 (VirtualAddress < MmSpecialPoolEnd)) { 00697 00698 // 00699 // Update the bugcheck number so the administrator gets 00700 // useful feedback that enabling special pool has enabled 00701 // the system to locate the corruptor. 00702 // 00703 00704 if (MmIsSpecialPoolAddressFree (VirtualAddress) == TRUE) { 00705 if (InKernelOrHal == TRUE) { 00706 BugCheckCode = PAGE_FAULT_IN_FREED_SPECIAL_POOL; 00707 } 00708 else { 00709 BugCheckCode = DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL; 00710 } 00711 } 00712 else { 00713 if (InKernelOrHal == TRUE) { 00714 BugCheckCode = PAGE_FAULT_BEYOND_END_OF_ALLOCATION; 00715 } 00716 else { 00717 BugCheckCode = DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION; 00718 } 00719 } 00720 } 00721 else if ((ExecutionAddress == VirtualAddress) && 00722 (MmIsHydraAddress (VirtualAddress) == TRUE) && 00723 ((Thread->Teb == NULL) || (IS_SYSTEM_ADDRESS(Thread->Teb)))) { 00724 // 00725 // This is a driver reference to session space from a 00726 // worker thread. Since the system process has no session 00727 // space this is illegal and the driver must be fixed. 00728 // 00729 00730 BugCheckCode = TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE; 00731 } 00732 else { 00733 KiBugCheckDriver = MmLocateUnloadedDriver (VirtualAddress); 00734 if (KiBugCheckDriver != NULL) { 00735 BugCheckCode = DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS; 00736 } 00737 } 00738 00739 break; 00740 00741 default: 00742 break; 00743 } 00744 } 00745 00746 if (KiBugCheckDriver != NULL) { 00747 KeBugCheckUnicodeToAnsi (KiBugCheckDriver, 00748 AnsiBuffer, 00749 sizeof (AnsiBuffer)); 00750 } 00751 00752 KiBugCheckData[0] = BugCheckCode; 00753 KiBugCheckData[1] = BugCheckParameter1; 00754 KiBugCheckData[2] = BugCheckParameter2; 00755 KiBugCheckData[3] = BugCheckParameter3; 00756 KiBugCheckData[4] = BugCheckParameter4; 00757 00758 BugCheckParameters[0] = BugCheckParameter1; 00759 BugCheckParameters[1] = BugCheckParameter2; 00760 BugCheckParameters[2] = BugCheckParameter3; 00761 BugCheckParameters[3] = BugCheckParameter4; 00762 00763 if (KdPitchDebugger == FALSE ) { 00764 KdDebuggerDataBlock.SavedContext = (ULONG_PTR) &ContextSave; 00765 } 00766 00767 // 00768 // If the user manually crashed the machine, skips the DbgPrints and 00769 // go to the crashdump. 00770 // Trying to do DbgPrint causes us to reeeter the debugger which causes 00771 // some problems. 00772 // 00773 // Otherwise, if the debugger is enabled, print out the information and 00774 // stop. 00775 // 00776 00777 if ((BugCheckCode != MANUALLY_INITIATED_CRASH) && 00778 (KdDebuggerEnabled)) { 00779 00780 DbgPrint("\n*** Fatal System Error: 0x%08lx\n" 00781 " (0x%p,0x%p,0x%p,0x%p)\n\n", 00782 BugCheckCode, 00783 BugCheckParameter1, 00784 BugCheckParameter2, 00785 BugCheckParameter3, 00786 BugCheckParameter4); 00787 00788 // 00789 // If the debugger is not actually connected, or the user manually 00790 // crashed the machine by typing .crash in the debugger, proceed to 00791 // "blue screen" the system. 00792 // 00793 // The call to DbgPrint above will have set the state of 00794 // KdDebuggerNotPresent if the debugger has become disconnected 00795 // since the system was booted. 00796 // 00797 00798 if (KdDebuggerNotPresent == FALSE) { 00799 00800 if (KiBugCheckDriver != NULL) { 00801 DbgPrint("The %s driver may be at fault.\n", AnsiBuffer); 00802 } 00803 00804 if (hardErrorCalled != FALSE) { 00805 if (HardErrorCaption) { 00806 DbgPrint(HardErrorCaption); 00807 } 00808 if (HardErrorMessage) { 00809 DbgPrint(HardErrorMessage); 00810 } 00811 } 00812 00813 KiBugCheckDebugBreak (DBG_STATUS_BUGCHECK_FIRST); 00814 } 00815 } 00816 00817 // 00818 // Freeze execution of the system by disabling interrupts and looping. 00819 // 00820 00821 KiDisableInterrupts(); 00822 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 00823 00824 // 00825 // Don't attempt to display message more than once. 00826 // 00827 00828 if (InterlockedDecrement (&KeBugCheckCount) == 0) { 00829 00830 #if !defined(NT_UP) 00831 00832 // 00833 // Attempt to get the other processors frozen now, but don't wait 00834 // for them to freeze (in case someone is stuck). 00835 // 00836 00837 TargetSet = KeActiveProcessors & ~KeGetCurrentPrcb()->SetMember; 00838 if (TargetSet != 0) { 00839 KiIpiSend((KAFFINITY) TargetSet, IPI_FREEZE); 00840 00841 // 00842 // Give the other processors one second to flush their data caches. 00843 // 00844 // N.B. This cannot be synchronized since the reason for the bug 00845 // may be one of the other processors failed. 00846 // 00847 00848 KeStallExecutionProcessor(1000 * 1000); 00849 } 00850 00851 #endif 00852 00853 // 00854 // Enable InbvDisplayString calls to make it through to bootvid driver. 00855 // 00856 00857 if (InbvIsBootDriverInstalled()) { 00858 00859 InbvAcquireDisplayOwnership(); 00860 00861 InbvResetDisplay(); 00862 InbvSolidColorFill(0,0,639,479,4); // make the screen blue 00863 InbvSetTextColor(15); 00864 InbvInstallDisplayStringFilter((INBV_DISPLAY_STRING_FILTER)NULL); 00865 InbvEnableDisplayString(TRUE); // enable display string 00866 InbvSetScrollRegion(0,0,639,479); // set to use entire screen 00867 } 00868 00869 if (!hardErrorCalled) { 00870 sprintf((char *)Buffer, 00871 "\n*** STOP: 0x%08lX (0x%p,0x%p,0x%p,0x%p)\n", 00872 BugCheckCode, 00873 BugCheckParameter1, 00874 BugCheckParameter2, 00875 BugCheckParameter3, 00876 BugCheckParameter4 00877 ); 00878 InbvDisplayString((char *)Buffer); 00879 00880 KeGetBugMessageText(BugCheckCode, NULL); 00881 InbvDisplayString("\n"); 00882 00883 if (KiBugCheckDriver != NULL) { 00884 00885 // 00886 // Output the driver name. 00887 // 00888 00889 KeGetBugMessageText(BUGCODE_ID_DRIVER, NULL); 00890 InbvDisplayString(AnsiBuffer); 00891 InbvDisplayString("\n"); 00892 } 00893 00894 } else { 00895 if (HardErrorCaption) { 00896 InbvDisplayString(HardErrorCaption); 00897 } 00898 if (HardErrorMessage) { 00899 InbvDisplayString(HardErrorMessage); 00900 } 00901 } 00902 00903 // 00904 // Process the bug check callback list. 00905 // 00906 00907 KiScanBugCheckCallbackList(); 00908 00909 // 00910 // If the debugger is not enabled, then dump the machine state and 00911 // attempt to enable the debugger. 00912 // 00913 00914 if (!hardErrorCalled) { 00915 00916 KiDumpParameterImages( 00917 (char *)Buffer, 00918 BugCheckParameters, 00919 4, 00920 KeBugCheckUnicodeToAnsi); 00921 00922 } 00923 00924 if (KdDebuggerEnabled == FALSE && KdPitchDebugger == FALSE ) { 00925 KdInitSystem(NULL, FALSE); 00926 00927 } else { 00928 InbvDisplayString("\n"); 00929 } 00930 00931 // 00932 // Write a crash dump and optionally reboot if the system has been 00933 // so configured. 00934 // 00935 00936 KeGetCurrentPrcb()->ProcessorState.ContextFrame = ContextSave; 00937 00938 if (!IoWriteCrashDump(BugCheckCode, 00939 BugCheckParameter1, 00940 BugCheckParameter2, 00941 BugCheckParameter3, 00942 BugCheckParameter4, 00943 &ContextSave 00944 )) { 00945 // 00946 // If no crashdump take, display the PSS message. 00947 // 00948 00949 switch ( BugCheckCode ) { 00950 00951 case IRQL_NOT_LESS_OR_EQUAL: 00952 case DRIVER_IRQL_NOT_LESS_OR_EQUAL: 00953 case DRIVER_CORRUPTED_EXPOOL: 00954 case DRIVER_CORRUPTED_MMPOOL: 00955 case DRIVER_PORTION_MUST_BE_NONPAGED: 00956 case SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD: 00957 PssMessage = BUGCODE_PSS_MESSAGE_A; 00958 break; 00959 00960 case KMODE_EXCEPTION_NOT_HANDLED: 00961 PssMessage = BUGCODE_PSS_MESSAGE_1E; 00962 break; 00963 00964 case FAT_FILE_SYSTEM: 00965 case NTFS_FILE_SYSTEM: 00966 PssMessage = BUGCODE_PSS_MESSAGE_23; 00967 break; 00968 00969 case DATA_BUS_ERROR: 00970 PssMessage = BUGCODE_PSS_MESSAGE_2E; 00971 break; 00972 00973 case NO_MORE_SYSTEM_PTES: 00974 PssMessage = BUGCODE_PSS_MESSAGE_3F; 00975 break; 00976 00977 case INACCESSIBLE_BOOT_DEVICE: 00978 PssMessage = BUGCODE_PSS_MESSAGE_7B; 00979 break; 00980 00981 case UNEXPECTED_KERNEL_MODE_TRAP: 00982 PssMessage = BUGCODE_PSS_MESSAGE_7F; 00983 break; 00984 00985 case STATUS_SYSTEM_IMAGE_BAD_SIGNATURE: 00986 PssMessage = BUGCODE_PSS_MESSAGE_SIGNATURE; 00987 break; 00988 00989 case ACPI_BIOS_ERROR: 00990 PssMessage = BUGCODE_PSS_MESSAGE_A5; 00991 break; 00992 00993 case ACPI_BIOS_FATAL_ERROR: 00994 PssMessage = ACPI_BIOS_FATAL_ERROR; 00995 break; 00996 00997 default: 00998 PssMessage = BUGCODE_PSS_MESSAGE; 00999 break; 01000 } 01001 01002 KeGetBugMessageText(PssMessage, NULL); 01003 } 01004 } 01005 01006 // 01007 // Attempt to enter the kernel debugger. 01008 // 01009 01010 KiBugCheckDebugBreak (DBG_STATUS_BUGCHECK_SECOND); 01011 return; 01012 }

PCHAR KeBugCheckUnicodeToAnsi (  IN PUNICODE_STRING  UnicodeString, OUT PCHAR  AnsiBuffer, IN ULONG  MaxAnsiLength )

Definition at line 160 of file bugcheck.c. Referenced by IopDriverCorrectnessPrintBuffer(), IopDriverCorrectnessProcessParams(), IopDriverCorrectnessThrowBugCheck(), and KeBugCheckEx(). { PCHAR Dst; PWSTR Src; ULONG Length; Length = UnicodeString->Length / sizeof( WCHAR ); if (Length >= MaxAnsiLength) { Length = MaxAnsiLength - 1; } Src = UnicodeString->Buffer; Dst = AnsiBuffer; while (Length--) { *Dst++ = (UCHAR)*Src++; } *Dst = '\0'; return AnsiBuffer; }

NTKERNELAPI BOOLEAN KeDeregisterBugCheckCallback (  IN PKBUGCHECK_CALLBACK_RECORD  CallbackRecord  )

Definition at line 1064 of file bugcheck.c. References BufferEmpty, BufferInserted, FALSE, HIGH_LEVEL, KeBugCheckCallbackLock, KeLowerIrql(), KeRaiseIrql(), PKBUGCHECK_CALLBACK_RECORD, and TRUE. 01070 : 01071 01072 This function deregisters a bug check callback record. 01073 01074 Arguments: 01075 01076 CallbackRecord - Supplies a pointer to a bug check callback record. 01077 01078 Return Value: 01079 01080 If the specified bug check callback record is successfully deregistered, 01081 then a value of TRUE is returned. Otherwise, a value of FALSE is returned. 01082 01083 --*/ 01084 01085 { 01086 01087 BOOLEAN Deregister; 01088 KIRQL OldIrql; 01089 01090 // 01091 // Raise IRQL to HIGH_LEVEL and acquire the bug check callback list 01092 // spinlock. 01093 // 01094 01095 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 01096 KiAcquireSpinLock(&KeBugCheckCallbackLock); 01097 01098 // 01099 // If the specified callback record is currently registered, then 01100 // deregister the callback record. 01101 // 01102 01103 Deregister = FALSE; 01104 if (CallbackRecord->State == BufferInserted) { 01105 CallbackRecord->State = BufferEmpty; 01106 RemoveEntryList(&CallbackRecord->Entry); 01107 Deregister = TRUE; 01108 } 01109 01110 // 01111 // Release the bug check callback spinlock, lower IRQL to its previous 01112 // value, and return whether the callback record was successfully 01113 // deregistered. 01114 // 01115 01116 KiReleaseSpinLock(&KeBugCheckCallbackLock); 01117 KeLowerIrql(OldIrql); 01118 return Deregister; 01119 }

VOID KeEnterKernelDebugger (  VOID   )

Definition at line 1015 of file bugcheck.c. References FALSE, HIGH_LEVEL, KdDebuggerEnabled, KdInitSystem(), KdPitchDebugger, KeBugCheckCount, KeRaiseIrql(), KiBugCheckDebugBreak(), KiDisableInterrupts(), KiHardwareTrigger, and NULL. 01021 : 01022 01023 This function crashes the system in a controlled manner attempting 01024 to invoke the kernel debugger. 01025 01026 Arguments: 01027 01028 None. 01029 01030 Return Value: 01031 01032 None. 01033 01034 --*/ 01035 01036 { 01037 01038 #if !defined(i386) 01039 KIRQL OldIrql; 01040 #endif 01041 01042 // 01043 // Freeze execution of the system by disabling interrupts and looping. 01044 // 01045 01046 KiHardwareTrigger = 1; 01047 KiDisableInterrupts(); 01048 #if !defined(i386) 01049 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 01050 #endif 01051 if (InterlockedDecrement (&KeBugCheckCount) == 0) { 01052 if (KdDebuggerEnabled == FALSE) { 01053 if ( KdPitchDebugger == FALSE ) { 01054 KdInitSystem(NULL, FALSE); 01055 } 01056 } 01057 } 01058 01059 KiBugCheckDebugBreak (DBG_STATUS_FATAL); 01060 }

BOOLEAN KeGetBugMessageText (  IN ULONG  MessageId, IN PANSI_STRING ReturnedString  OPTIONAL )

Definition at line 97 of file bugcheck.c. References Buffer, EXCEPTION_EXECUTE_HANDLER, FALSE, InbvDisplayString(), MmMakeKernelResourceSectionWritable(), NULL, strlen(), TRUE, and USHORT. Referenced by IopGetDumpStack(), and KeBugCheckEx(). { ULONG i; PUCHAR s; PMESSAGE_RESOURCE_BLOCK MessageBlock; PUCHAR Buffer; BOOLEAN Result; Result = FALSE; try { if (KiBugCodeMessages != NULL) { MmMakeKernelResourceSectionWritable (); MessageBlock = &KiBugCodeMessages->Blocks[0]; for (i = KiBugCodeMessages->NumberOfBlocks; i; i -= 1) { if (MessageId >= MessageBlock->LowId && MessageId <= MessageBlock->HighId) { s = (PCHAR)KiBugCodeMessages + MessageBlock->OffsetToEntries; for (i = MessageId - MessageBlock->LowId; i; i -= 1) { s += ((PMESSAGE_RESOURCE_ENTRY)s)->Length; } Buffer = ((PMESSAGE_RESOURCE_ENTRY)s)->Text; i = strlen(Buffer) - 1; while (i > 0 && (Buffer[i] == '\n' || Buffer[i] == '\r' || Buffer[i] == 0 ) ) { if (!ARGUMENT_PRESENT( ReturnedString )) { Buffer[i] = 0; } i -= 1; } if (!ARGUMENT_PRESENT( ReturnedString )) { InbvDisplayString(Buffer); } else { ReturnedString->Buffer = Buffer; ReturnedString->Length = (USHORT)(i+1); ReturnedString->MaximumLength = (USHORT)(i+1); } Result = TRUE; break; } MessageBlock += 1; } } } except ( EXCEPTION_EXECUTE_HANDLER ) { ; } return Result; }

NTKERNELAPI BOOLEAN KeRegisterBugCheckCallback (  IN PKBUGCHECK_CALLBACK_RECORD  CallbackRecord, IN PKBUGCHECK_CALLBACK_ROUTINE  CallbackRoutine, IN PVOID  Buffer, IN ULONG  Length, IN PUCHAR  Component )

Definition at line 1123 of file bugcheck.c. References Buffer, BufferEmpty, BufferInserted, FALSE, HIGH_LEVEL, KeBugCheckCallbackListHead, KeBugCheckCallbackLock, KeLowerIrql(), KeRaiseIrql(), PKBUGCHECK_CALLBACK_ROUTINE, and TRUE. 01133 : 01134 01135 This function registers a bug check callback record. If the system 01136 crashes, then the specified function will be called during bug check 01137 processing so it may dump additional state in the specified bug check 01138 buffer. 01139 01140 N.B. Bug check callback routines are called in reverse order of 01141 registration, i.e., in LIFO order. 01142 01143 Arguments: 01144 01145 CallbackRecord - Supplies a pointer to a callback record. 01146 01147 CallbackRoutine - Supplies a pointer to the callback routine. 01148 01149 Buffer - Supplies a pointer to the bug check buffer. 01150 01151 Length - Supplies the length of the bug check buffer in bytes. 01152 01153 Component - Supplies a pointer to a zero terminated component 01154 identifier. 01155 01156 Return Value: 01157 01158 If the specified bug check callback record is successfully registered, 01159 then a value of TRUE is returned. Otherwise, a value of FALSE is returned. 01160 01161 --*/ 01162 01163 { 01164 01165 BOOLEAN Inserted; 01166 KIRQL OldIrql; 01167 01168 // 01169 // Raise IRQL to HIGH_LEVEL and acquire the bug check callback list 01170 // spinlock. 01171 // 01172 01173 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 01174 KiAcquireSpinLock(&KeBugCheckCallbackLock); 01175 01176 // 01177 // If the specified callback record is currently not registered, then 01178 // register the callback record. 01179 // 01180 01181 Inserted = FALSE; 01182 if (CallbackRecord->State == BufferEmpty) { 01183 CallbackRecord->CallbackRoutine = CallbackRoutine; 01184 CallbackRecord->Buffer = Buffer; 01185 CallbackRecord->Length = Length; 01186 CallbackRecord->Component = Component; 01187 CallbackRecord->Checksum = 01188 ((ULONG_PTR)CallbackRoutine + (ULONG_PTR)Buffer + Length + (ULONG_PTR)Component); 01189 01190 CallbackRecord->State = BufferInserted; 01191 InsertHeadList(&KeBugCheckCallbackListHead, &CallbackRecord->Entry); 01192 Inserted = TRUE; 01193 } 01194 01195 // 01196 // Release the bug check callback spinlock, lower IRQL to its previous 01197 // value, and return whether the callback record was successfully 01198 // registered. 01199 // 01200 01201 KiReleaseSpinLock(&KeBugCheckCallbackLock); 01202 KeLowerIrql(OldIrql); 01203 return Inserted; 01204 }

VOID KiBugCheckDebugBreak (  IN ULONG  BreakStatus  )

Definition at line 184 of file bugcheck.c. References EXCEPTION_EXECUTE_HANDLER, and HalHaltSystem. Referenced by KeBugCheckEx(), and KeEnterKernelDebugger(). { do { try { // // Issue a breakpoint // DbgBreakPointWithStatus (BreakStatus); } except(EXCEPTION_EXECUTE_HANDLER) { // // Failure to issue breakpoint, halt the system // try { HalHaltSystem(); } except(EXCEPTION_EXECUTE_HANDLER) { for (;;) { } } for (;;) { } } } while (BreakStatus != DBG_STATUS_BUGCHECK_FIRST); }

VOID KiDumpParameterImages (  IN PCHAR  Buffer, IN PULONG_PTR  BugCheckParameters, IN ULONG  NumberOfParameters, IN PKE_BUGCHECK_UNICODE_TO_ANSI  UnicodeToAnsiRoutine )

Definition at line 317 of file bugcheck.c. References Buffer, FALSE, FirstPrint, InbvDisplayString(), KiPcToFileHeader(), MmDbgReadCheck(), MmLocateUnloadedDriver(), NULL, PKE_BUGCHECK_UNICODE_TO_ANSI, RtlImageNtHeader(), sprintf(), and TRUE. Referenced by KeBugCheckEx(). : This function formats and displays the image names of boogcheck parameters that happen to match an address in an image. Arguments: Buffer - Supplies a pointer to a buffer to be used to output machine state information. BugCheckParameters - Supplies additional bugcheck information. NumberOfParameters - sizeof BugCheckParameters array. UnicodeToAnsiRoutine - Supplies a pointer to a routine to convert Unicode strings to Ansi strings without touching paged translation tables. Return Value: None. --*/ { PUNICODE_STRING BugCheckDriver; PLIST_ENTRY ModuleListHead; PLIST_ENTRY Next; ULONG i; PLDR_DATA_TABLE_ENTRY DataTableEntry; PVOID ImageBase; UCHAR AnsiBuffer[ 32 ]; ULONG DateStamp; PIMAGE_NT_HEADERS NtHeaders; BOOLEAN FirstPrint = TRUE; BOOLEAN InKernelOrHal; // // At this point the context record contains the machine state at the // call to bug check. // // Put out the system version and the title line with the PSR and FSR. // // // Check to see if any BugCheckParameters are valid code addresses. // If so, print them for the user. // for (i = 0; i < NumberOfParameters; i += 1) { ImageBase = KiPcToFileHeader((PVOID) BugCheckParameters[i], &DataTableEntry, FALSE, &InKernelOrHal); if (ImageBase == NULL) { BugCheckDriver = MmLocateUnloadedDriver ((PVOID)BugCheckParameters[i]); if (BugCheckDriver == NULL) { continue; } ImageBase = (PVOID)BugCheckParameters[i]; DateStamp = 0; (*UnicodeToAnsiRoutine) (BugCheckDriver, AnsiBuffer, sizeof (AnsiBuffer)); } else { if (MmDbgReadCheck(DataTableEntry->DllBase) != NULL) { NtHeaders = RtlImageNtHeader(DataTableEntry->DllBase); DateStamp = NtHeaders->FileHeader.TimeDateStamp; } else { DateStamp = 0; } (*UnicodeToAnsiRoutine)( &DataTableEntry->BaseDllName, AnsiBuffer, sizeof( AnsiBuffer )); } sprintf (Buffer, "%s** Address %p base at %p, DateStamp %08lx - %-12.12s\n", FirstPrint ? "\n*":"*", BugCheckParameters[i], ImageBase, DateStamp, AnsiBuffer); InbvDisplayString(Buffer); FirstPrint = FALSE; } return; }

PVOID KiPcToFileHeader (  IN PVOID  PcValue, OUT PLDR_DATA_TABLE_ENTRY *  DataTableEntry, IN LOGICAL  DriversOnly, OUT PBOOLEAN  InKernelOrHal )

Definition at line 220 of file bugcheck.c. References FALSE, KeLoaderBlock, _LOADER_PARAMETER_BLOCK::LoadOrderListHead, MmDbgReadCheck(), NULL, PsLoadedModuleList, and TRUE. : This function returns the base of an image that contains the specified PcValue. An image contains the PcValue if the PcValue is within the ImageBase, and the ImageBase plus the size of the virtual image. Arguments: PcValue - Supplies a PcValue. DataTableEntry - Supplies a pointer to a variable that receives the address of the data table entry that describes the image. DriversOnly - Supplies TRUE if the kernel and HAL should be skipped. InKernelOrHal - Set to TRUE if the PcValue is in the kernel or the HAL. This only has meaning if DriversOnly is FALSE. Return Value: NULL - No image was found that contains the PcValue. NON-NULL - Returns the base address of the image that contains the PcValue. --*/ { ULONG i; PLIST_ENTRY ModuleListHead; PLDR_DATA_TABLE_ENTRY Entry; PLIST_ENTRY Next; ULONG_PTR Bounds; PVOID ReturnBase, Base; // // If the module list has been initialized, then scan the list to // locate the appropriate entry. // if (KeLoaderBlock != NULL) { ModuleListHead = &KeLoaderBlock->LoadOrderListHead; } else { ModuleListHead = &PsLoadedModuleList; } *InKernelOrHal = FALSE; ReturnBase = NULL; Next = ModuleListHead->Flink; if (Next != NULL) { i = 0; while (Next != ModuleListHead) { if (MmDbgReadCheck(Next) == NULL) { return NULL; } i += 1; if ((i <= 2) && (DriversOnly == TRUE)) { Next = Next->Flink; continue; } Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); Next = Next->Flink; Base = Entry->DllBase; Bounds = (ULONG_PTR)Base + Entry->SizeOfImage; if ((ULONG_PTR)PcValue >= (ULONG_PTR)Base && (ULONG_PTR)PcValue < Bounds) { *DataTableEntry = Entry; ReturnBase = Base; if (i <= 2) { *InKernelOrHal = TRUE; } break; } } } return ReturnBase; }

VOID KiScanBugCheckCallbackList (  VOID   )

Definition at line 1207 of file bugcheck.c. References _KBUGCHECK_CALLBACK_RECORD::Buffer, BufferFinished, BufferIncomplete, BufferInserted, BufferStarted, _KBUGCHECK_CALLBACK_RECORD::CallbackRoutine, _KBUGCHECK_CALLBACK_RECORD::Checksum, _KBUGCHECK_CALLBACK_RECORD::Component, _KBUGCHECK_CALLBACK_RECORD::Entry, EXCEPTION_EXECUTE_HANDLER, Index, KBUGCHECK_CALLBACK_RECORD, KeBugCheckCallbackListHead, _KBUGCHECK_CALLBACK_RECORD::Length, MmDbgReadCheck(), NULL, and _KBUGCHECK_CALLBACK_RECORD::State. Referenced by KeBugCheckEx(). 01213 : 01214 01215 This function scans the bug check callback list and calls each bug 01216 check callback routine so it can dump component specific information 01217 that may identify the cause of the bug check. 01218 01219 N.B. The scan of the bug check callback list is performed VERY 01220 carefully. Bug check callback routines are called at HIGH_LEVEL 01221 and may not acquire ANY resources. 01222 01223 Arguments: 01224 01225 None. 01226 01227 Return Value: 01228 01229 None. 01230 01231 --*/ 01232 01233 { 01234 01235 PKBUGCHECK_CALLBACK_RECORD CallbackRecord; 01236 ULONG_PTR Checksum; 01237 ULONG Index; 01238 PLIST_ENTRY LastEntry; 01239 PLIST_ENTRY ListHead; 01240 PLIST_ENTRY NextEntry; 01241 PUCHAR Source; 01242 01243 // 01244 // If the bug check callback listhead is not initialized, then the 01245 // bug check has occured before the system has gotten far enough 01246 // in the initialization code to enable anyone to register a callback. 01247 // 01248 01249 ListHead = &KeBugCheckCallbackListHead; 01250 if ((ListHead->Flink != NULL) && (ListHead->Blink != NULL)) { 01251 01252 // 01253 // Scan the bug check callback list. 01254 // 01255 01256 LastEntry = ListHead; 01257 NextEntry = ListHead->Flink; 01258 while (NextEntry != ListHead) { 01259 01260 // 01261 // The next entry address must be aligned properly, the 01262 // callback record must be readable, and the callback record 01263 // must have back link to the last entry. 01264 // 01265 01266 if (((ULONG_PTR)NextEntry & (sizeof(ULONG_PTR) - 1)) != 0) { 01267 return; 01268 01269 } else { 01270 CallbackRecord = CONTAINING_RECORD(NextEntry, 01271 KBUGCHECK_CALLBACK_RECORD, 01272 Entry); 01273 01274 Source = (PUCHAR)CallbackRecord; 01275 for (Index = 0; Index < sizeof(KBUGCHECK_CALLBACK_RECORD); Index += 1) { 01276 if (MmDbgReadCheck((PVOID)Source) == NULL) { 01277 return; 01278 } 01279 01280 Source += 1; 01281 } 01282 01283 if (CallbackRecord->Entry.Blink != LastEntry) { 01284 return; 01285 } 01286 01287 // 01288 // If the callback record has a state of inserted and the 01289 // computed checksum matches the callback record checksum, 01290 // then call the specified bug check callback routine. 01291 // 01292 01293 Checksum = (ULONG_PTR)CallbackRecord->CallbackRoutine; 01294 Checksum += (ULONG_PTR)CallbackRecord->Buffer; 01295 Checksum += CallbackRecord->Length; 01296 Checksum += (ULONG_PTR)CallbackRecord->Component; 01297 if ((CallbackRecord->State == BufferInserted) && 01298 (CallbackRecord->Checksum == Checksum)) { 01299 01300 // 01301 // Call the specified bug check callback routine and 01302 // handle any exceptions that occur. 01303 // 01304 01305 CallbackRecord->State = BufferStarted; 01306 try { 01307 (CallbackRecord->CallbackRoutine)(CallbackRecord->Buffer, 01308 CallbackRecord->Length); 01309 01310 CallbackRecord->State = BufferFinished; 01311 01312 } except(EXCEPTION_EXECUTE_HANDLER) { 01313 CallbackRecord->State = BufferIncomplete; 01314 } 01315 } 01316 } 01317 01318 LastEntry = NextEntry; 01319 NextEntry = NextEntry->Flink; 01320 } 01321 } 01322 01323 return; 01324 } }

---

Variable Documentation

PVOID ExPoolCodeEnd

Definition at line 37 of file bugcheck.c. Referenced by KeBugCheckEx(), and MiLocateKernelSections().

PVOID ExPoolCodeStart

Definition at line 36 of file bugcheck.c. Referenced by KeBugCheckEx(), and MiLocateKernelSections().

KDDEBUGGER_DATA64 KdDebuggerDataBlock

Definition at line 34 of file bugcheck.c.

ULONG KeBugCheckCount = 1

Definition at line 66 of file bugcheck.c. Referenced by KeBugCheckEx(), and KeEnterKernelDebugger().

ULONG_PTR KiBugCheckData[5]

Definition at line 93 of file bugcheck.c.

PUNICODE_STRING KiBugCheckDriver

Definition at line 94 of file bugcheck.c. Referenced by KeBugCheckEx().

PVOID MmPoolCodeEnd

Definition at line 39 of file bugcheck.c. Referenced by KeBugCheckEx(), and MiLocateKernelSections().

PVOID MmPoolCodeStart

Definition at line 38 of file bugcheck.c. Referenced by KeBugCheckEx(), and MiLocateKernelSections().

PVOID MmPteCodeEnd

Definition at line 41 of file bugcheck.c. Referenced by KeBugCheckEx(), and MiLocateKernelSections().

PVOID MmPteCodeStart

Definition at line 40 of file bugcheck.c. Referenced by KeBugCheckEx(), and MiLocateKernelSections().

---