00001 /*++ 00002 00003 Copyright (c) 1989-1993 Microsoft Corporation 00004 00005 Module Name: 00006 00007 stubs.c 00008 00009 Abstract: 00010 00011 This module implements bug check and system shutdown code. 00012 00013 Author: 00014 00015 Mark Lucovsky (markl) 30-Aug-1990 00016 00017 Environment: 00018 00019 Kernel mode only. 00020 00021 Revision History: 00022 00023 --*/ 00024 00025 #include "ki.h" 00026 #define NOEXTAPI 00027 #include "wdbgexts.h" 00028 #include <inbv.h> 00029 00030 // 00031 // 00032 // 00033 00034 extern KDDEBUGGER_DATA64 KdDebuggerDataBlock; 00035 00036 extern PVOID ExPoolCodeStart; 00037 extern PVOID ExPoolCodeEnd; 00038 extern PVOID MmPoolCodeStart; 00039 extern PVOID MmPoolCodeEnd; 00040 extern PVOID MmPteCodeStart; 00041 extern PVOID MmPteCodeEnd; 00042 00043 #if defined (i386) 00044 #define PROGRAM_COUNTER(_trapframe) ((_trapframe)->Eip) 00045 #elif defined (ALPHA) 00046 #define PROGRAM_COUNTER(_trapframe) ((_trapframe)->Fir) 00047 #elif defined (_IA64_) 00048 #define PROGRAM_COUNTER(_trapframe) ((_trapframe)->StIIP) 00049 #else 00050 #error ("unknown processor type") 00051 #endif 00052 00053 // 00054 // Define forward referenced prototypes. 00055 // 00056 00057 VOID 00058 KiScanBugCheckCallbackList ( 00059 VOID 00060 ); 00061 00062 // 00063 // Define bug count recursion counter and a context buffer. 00064 // 00065 00066 ULONG KeBugCheckCount = 1; 00067 00068 00069 VOID 00070 KeBugCheck ( 00071 IN ULONG BugCheckCode 00072 ) 00073 00074 /*++ 00075 00076 Routine Description: 00077 00078 This function crashes the system in a controlled manner. 00079 00080 Arguments: 00081 00082 BugCheckCode - Supplies the reason for the bug check. 00083 00084 Return Value: 00085 00086 None. 00087 00088 --*/ 00089 { 00090 KeBugCheckEx(BugCheckCode,0,0,0,0); 00091 } 00092 00093 ULONG_PTR KiBugCheckData[5]; 00094 PUNICODE_STRING KiBugCheckDriver; 00095 00096 BOOLEAN 00097 KeGetBugMessageText( 00098 IN ULONG MessageId, 00099 IN PANSI_STRING ReturnedString OPTIONAL 00100 ) 00101 { 00102 ULONG i; 00103 PUCHAR s; 00104 PMESSAGE_RESOURCE_BLOCK MessageBlock; 00105 PUCHAR Buffer; 00106 BOOLEAN Result; 00107 00108 Result = FALSE; 00109 try { 00110 if (KiBugCodeMessages != NULL) { 00111 MmMakeKernelResourceSectionWritable (); 00112 MessageBlock = &KiBugCodeMessages->Blocks[0]; 00113 for (i = KiBugCodeMessages->NumberOfBlocks; i; i -= 1) { 00114 if (MessageId >= MessageBlock->LowId && 00115 MessageId <= MessageBlock->HighId) { 00116 00117 s = (PCHAR)KiBugCodeMessages + MessageBlock->OffsetToEntries; 00118 for (i = MessageId - MessageBlock->LowId; i; i -= 1) { 00119 s += ((PMESSAGE_RESOURCE_ENTRY)s)->Length; 00120 } 00121 00122 Buffer = ((PMESSAGE_RESOURCE_ENTRY)s)->Text; 00123 00124 i = strlen(Buffer) - 1; 00125 while (i > 0 && (Buffer[i] == '\n' || 00126 Buffer[i] == '\r' || 00127 Buffer[i] == 0 00128 ) 00129 ) { 00130 if (!ARGUMENT_PRESENT( ReturnedString )) { 00131 Buffer[i] = 0; 00132 } 00133 i -= 1; 00134 } 00135 00136 if (!ARGUMENT_PRESENT( ReturnedString )) { 00137 InbvDisplayString(Buffer); 00138 } 00139 else { 00140 ReturnedString->Buffer = Buffer; 00141 ReturnedString->Length = (USHORT)(i+1); 00142 ReturnedString->MaximumLength = (USHORT)(i+1); 00143 } 00144 Result = TRUE; 00145 break; 00146 } 00147 MessageBlock += 1; 00148 } 00149 } 00150 } except ( EXCEPTION_EXECUTE_HANDLER ) { 00151 ; 00152 } 00153 00154 return Result; 00155 } 00156 00157 00158 00159 PCHAR 00160 KeBugCheckUnicodeToAnsi( 00161 IN PUNICODE_STRING UnicodeString, 00162 OUT PCHAR AnsiBuffer, 00163 IN ULONG MaxAnsiLength 00164 ) 00165 { 00166 PCHAR Dst; 00167 PWSTR Src; 00168 ULONG Length; 00169 00170 Length = UnicodeString->Length / sizeof( WCHAR ); 00171 if (Length >= MaxAnsiLength) { 00172 Length = MaxAnsiLength - 1; 00173 } 00174 Src = UnicodeString->Buffer; 00175 Dst = AnsiBuffer; 00176 while (Length--) { 00177 *Dst++ = (UCHAR)*Src++; 00178 } 00179 *Dst = '\0'; 00180 return AnsiBuffer; 00181 } 00182 00183 VOID 00184 KiBugCheckDebugBreak ( 00185 IN ULONG BreakStatus 00186 ) 00187 { 00188 do { 00189 try { 00190 00191 // 00192 // Issue a breakpoint 00193 // 00194 00195 DbgBreakPointWithStatus (BreakStatus); 00196 00197 } except(EXCEPTION_EXECUTE_HANDLER) { 00198 00199 // 00200 // Failure to issue breakpoint, halt the system 00201 // 00202 00203 try { 00204 00205 HalHaltSystem(); 00206 00207 } except(EXCEPTION_EXECUTE_HANDLER) { 00208 00209 for (;;) { 00210 } 00211 } 00212 00213 for (;;) { 00214 } 00215 } 00216 } while (BreakStatus != DBG_STATUS_BUGCHECK_FIRST); 00217 } 00218 00219 PVOID 00220 KiPcToFileHeader( 00221 IN PVOID PcValue, 00222 OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry, 00223 IN LOGICAL DriversOnly, 00224 OUT PBOOLEAN InKernelOrHal 00225 ) 00226 00227 /*++ 00228 00229 Routine Description: 00230 00231 This function returns the base of an image that contains the 00232 specified PcValue. An image contains the PcValue if the PcValue 00233 is within the ImageBase, and the ImageBase plus the size of the 00234 virtual image. 00235 00236 Arguments: 00237 00238 PcValue - Supplies a PcValue. 00239 00240 DataTableEntry - Supplies a pointer to a variable that receives the 00241 address of the data table entry that describes the image. 00242 00243 DriversOnly - Supplies TRUE if the kernel and HAL should be skipped. 00244 00245 InKernelOrHal - Set to TRUE if the PcValue is in the kernel or the HAL. 00246 This only has meaning if DriversOnly is FALSE. 00247 00248 Return Value: 00249 00250 NULL - No image was found that contains the PcValue. 00251 00252 NON-NULL - Returns the base address of the image that contains the 00253 PcValue. 00254 00255 --*/ 00256 00257 { 00258 ULONG i; 00259 PLIST_ENTRY ModuleListHead; 00260 PLDR_DATA_TABLE_ENTRY Entry; 00261 PLIST_ENTRY Next; 00262 ULONG_PTR Bounds; 00263 PVOID ReturnBase, Base; 00264 00265 // 00266 // If the module list has been initialized, then scan the list to 00267 // locate the appropriate entry. 00268 // 00269 00270 if (KeLoaderBlock != NULL) { 00271 ModuleListHead = &KeLoaderBlock->LoadOrderListHead; 00272 00273 } else { 00274 ModuleListHead = &PsLoadedModuleList; 00275 } 00276 00277 *InKernelOrHal = FALSE; 00278 00279 ReturnBase = NULL; 00280 Next = ModuleListHead->Flink; 00281 if (Next != NULL) { 00282 i = 0; 00283 while (Next != ModuleListHead) { 00284 if (MmDbgReadCheck(Next) == NULL) { 00285 return NULL; 00286 } 00287 i += 1; 00288 if ((i <= 2) && (DriversOnly == TRUE)) { 00289 Next = Next->Flink; 00290 continue; 00291 } 00292 00293 Entry = CONTAINING_RECORD(Next, 00294 LDR_DATA_TABLE_ENTRY, 00295 InLoadOrderLinks); 00296 00297 Next = Next->Flink; 00298 Base = Entry->DllBase; 00299 Bounds = (ULONG_PTR)Base + Entry->SizeOfImage; 00300 if ((ULONG_PTR)PcValue >= (ULONG_PTR)Base && (ULONG_PTR)PcValue < Bounds) { 00301 *DataTableEntry = Entry; 00302 ReturnBase = Base; 00303 if (i <= 2) { 00304 *InKernelOrHal = TRUE; 00305 } 00306 break; 00307 } 00308 } 00309 } 00310 00311 return ReturnBase; 00312 } 00313 00314 00315 00316 VOID 00317 KiDumpParameterImages( 00318 IN PCHAR Buffer, 00319 IN PULONG_PTR BugCheckParameters, 00320 IN ULONG NumberOfParameters, 00321 IN PKE_BUGCHECK_UNICODE_TO_ANSI UnicodeToAnsiRoutine 00322 ) 00323 00324 /*++ 00325 00326 Routine Description: 00327 00328 This function formats and displays the image names of boogcheck parameters 00329 that happen to match an address in an image. 00330 00331 Arguments: 00332 00333 Buffer - Supplies a pointer to a buffer to be used to output machine 00334 state information. 00335 00336 BugCheckParameters - Supplies additional bugcheck information. 00337 00338 NumberOfParameters - sizeof BugCheckParameters array. 00339 00340 UnicodeToAnsiRoutine - Supplies a pointer to a routine to convert Unicode 00341 strings to Ansi strings without touching paged translation tables. 00342 00343 Return Value: 00344 00345 None. 00346 00347 --*/ 00348 00349 { 00350 PUNICODE_STRING BugCheckDriver; 00351 PLIST_ENTRY ModuleListHead; 00352 PLIST_ENTRY Next; 00353 ULONG i; 00354 PLDR_DATA_TABLE_ENTRY DataTableEntry; 00355 PVOID ImageBase; 00356 UCHAR AnsiBuffer[ 32 ]; 00357 ULONG DateStamp; 00358 PIMAGE_NT_HEADERS NtHeaders; 00359 BOOLEAN FirstPrint = TRUE; 00360 BOOLEAN InKernelOrHal; 00361 00362 // 00363 // At this point the context record contains the machine state at the 00364 // call to bug check. 00365 // 00366 // Put out the system version and the title line with the PSR and FSR. 00367 // 00368 00369 // 00370 // Check to see if any BugCheckParameters are valid code addresses. 00371 // If so, print them for the user. 00372 // 00373 00374 for (i = 0; i < NumberOfParameters; i += 1) { 00375 ImageBase = KiPcToFileHeader((PVOID) BugCheckParameters[i], 00376 &DataTableEntry, 00377 FALSE, 00378 &InKernelOrHal); 00379 if (ImageBase == NULL) { 00380 BugCheckDriver = MmLocateUnloadedDriver ((PVOID)BugCheckParameters[i]); 00381 if (BugCheckDriver == NULL) { 00382 continue; 00383 } 00384 ImageBase = (PVOID)BugCheckParameters[i]; 00385 DateStamp = 0; 00386 (*UnicodeToAnsiRoutine) (BugCheckDriver, 00387 AnsiBuffer, 00388 sizeof (AnsiBuffer)); 00389 } 00390 else { 00391 if (MmDbgReadCheck(DataTableEntry->DllBase) != NULL) { 00392 00393 NtHeaders = RtlImageNtHeader(DataTableEntry->DllBase); 00394 DateStamp = NtHeaders->FileHeader.TimeDateStamp; 00395 00396 } else { 00397 DateStamp = 0; 00398 } 00399 (*UnicodeToAnsiRoutine)( &DataTableEntry->BaseDllName, 00400 AnsiBuffer, 00401 sizeof( AnsiBuffer )); 00402 } 00403 00404 sprintf (Buffer, "%s** Address %p base at %p, DateStamp %08lx - %-12.12s\n", 00405 FirstPrint ? "\n*":"*", 00406 BugCheckParameters[i], 00407 ImageBase, 00408 DateStamp, 00409 AnsiBuffer); 00410 00411 InbvDisplayString(Buffer); 00412 FirstPrint = FALSE; 00413 } 00414 00415 return; 00416 } 00417 00418 // 00419 // MessageId: POWER_FAILURE_SIMULATE 00420 // 00421 // MessageText: 00422 // 00423 // POWER_FAILURE_SIMULATE 00424 // 00425 #define POWER_FAILURE_SIMULATE ((ULONG)0x000000E5L) 00426 00427 VOID 00428 KeBugCheckEx ( 00429 IN ULONG BugCheckCode, 00430 IN ULONG_PTR BugCheckParameter1, 00431 IN ULONG_PTR BugCheckParameter2, 00432 IN ULONG_PTR BugCheckParameter3, 00433 IN ULONG_PTR BugCheckParameter4 00434 ) 00435 00436 /*++ 00437 00438 Routine Description: 00439 00440 This function crashes the system in a controlled manner. 00441 00442 Arguments: 00443 00444 BugCheckCode - Supplies the reason for the bug check. 00445 00446 BugCheckParameter1-4 - Supplies additional bug check information 00447 00448 Return Value: 00449 00450 None. 00451 00452 --*/ 00453 00454 { 00455 UCHAR Buffer[100]; 00456 ULONG_PTR BugCheckParameters[4]; 00457 CONTEXT ContextSave; 00458 ULONG PssMessage; 00459 PCHAR HardErrorCaption; 00460 PCHAR HardErrorMessage; 00461 KIRQL OldIrql; 00462 PKTRAP_FRAME TrapInformation; 00463 PVOID ExecutionAddress; 00464 PVOID ImageBase; 00465 PVOID VirtualAddress; 00466 PLDR_DATA_TABLE_ENTRY DataTableEntry; 00467 UCHAR AnsiBuffer[32]; 00468 PKTHREAD Thread; 00469 BOOLEAN InKernelOrHal; 00470 BOOLEAN DontCare; 00471 00472 #if !defined(NT_UP) 00473 00474 ULONG TargetSet; 00475 00476 #endif 00477 BOOLEAN hardErrorCalled; 00478 00479 // 00480 // Try to simulate a power failure for Cluster testing 00481 // 00482 00483 if (BugCheckCode == POWER_FAILURE_SIMULATE) { 00484 KiScanBugCheckCallbackList(); 00485 HalReturnToFirmware(HalRebootRoutine); 00486 } 00487 00488 // 00489 // Capture the callers context as closely as possible into the debugger's 00490 // processor state area of the Prcb. 00491 // 00492 // N.B. There may be some prologue code that shuffles registers such that 00493 // they get destroyed. 00494 // 00495 00496 #if defined(i386) 00497 KiSetHardwareTrigger(); 00498 #else 00499 KiHardwareTrigger = 1; 00500 #endif 00501 00502 RtlCaptureContext(&KeGetCurrentPrcb()->ProcessorState.ContextFrame); 00503 KiSaveProcessorControlState(&KeGetCurrentPrcb()->ProcessorState); 00504 00505 // 00506 // This is necessary on machines where the virtual unwind that happens 00507 // during KeDumpMachineState() destroys the context record. 00508 // 00509 00510 ContextSave = KeGetCurrentPrcb()->ProcessorState.ContextFrame; 00511 00512 // 00513 // If we are called by hard error then we don't want to dump the 00514 // processor state on the machine. 00515 // 00516 // We know that we are called by hard error because the bug check 00517 // code will be FATAL_UNHANDLED_HARD_ERROR. If this is so then the 00518 // error status passed to harderr is the first parameter, and a pointer 00519 // to the parameter array from hard error is passed as the second 00520 // argument. 00521 // 00522 // The third argument is the OemCaption to be printed. 00523 // The last argument is the OemMessage to be printed. 00524 // 00525 00526 if (BugCheckCode == FATAL_UNHANDLED_HARD_ERROR) { 00527 00528 PULONG_PTR parameterArray; 00529 00530 hardErrorCalled = TRUE; 00531 00532 HardErrorCaption = (PCHAR)BugCheckParameter3; 00533 HardErrorMessage = (PCHAR)BugCheckParameter4; 00534 parameterArray = (PULONG_PTR)BugCheckParameter2; 00535 BugCheckCode = (ULONG)BugCheckParameter1; 00536 BugCheckParameter1 = parameterArray[0]; 00537 BugCheckParameter2 = parameterArray[1]; 00538 BugCheckParameter3 = parameterArray[2]; 00539 BugCheckParameter4 = parameterArray[3]; 00540 00541 } else { 00542 00543 hardErrorCalled = FALSE; 00544 00545 switch (BugCheckCode) { 00546 00547 case IRQL_NOT_LESS_OR_EQUAL: 00548 00549 ExecutionAddress = (PVOID)BugCheckParameter4; 00550 00551 if (ExecutionAddress >= ExPoolCodeStart && ExecutionAddress < ExPoolCodeEnd) { 00552 BugCheckCode = DRIVER_CORRUPTED_EXPOOL; 00553 } 00554 else if (ExecutionAddress >= MmPoolCodeStart && ExecutionAddress < MmPoolCodeEnd) { 00555 BugCheckCode = DRIVER_CORRUPTED_MMPOOL; 00556 } 00557 else if (ExecutionAddress >= MmPteCodeStart && ExecutionAddress < MmPteCodeEnd) { 00558 BugCheckCode = DRIVER_CORRUPTED_SYSPTES; 00559 } 00560 else { 00561 ImageBase = KiPcToFileHeader (ExecutionAddress, 00562 &DataTableEntry, 00563 FALSE, 00564 &InKernelOrHal); 00565 if (InKernelOrHal == TRUE) { 00566 00567 // 00568 // The kernel faulted at raised IRQL. Quite often this 00569 // is a driver that has unloaded without deleting its 00570 // lookaside lists or other resources. Or its resources 00571 // are marked pagable and shouldn't be. Detect both 00572 // cases here and identify the offending driver 00573 // whenever possible. 00574 // 00575 00576 VirtualAddress = (PVOID)BugCheckParameter1; 00577 00578 ImageBase = KiPcToFileHeader (VirtualAddress, 00579 &DataTableEntry, 00580 TRUE, 00581 &InKernelOrHal); 00582 00583 if (ImageBase != NULL) { 00584 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00585 BugCheckCode = DRIVER_PORTION_MUST_BE_NONPAGED; 00586 } 00587 else { 00588 KiBugCheckDriver = MmLocateUnloadedDriver (VirtualAddress); 00589 if (KiBugCheckDriver != NULL) { 00590 BugCheckCode = SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD; 00591 } 00592 } 00593 } 00594 else { 00595 BugCheckCode = DRIVER_IRQL_NOT_LESS_OR_EQUAL; 00596 } 00597 } 00598 break; 00599 00600 case ATTEMPTED_WRITE_TO_READONLY_MEMORY: 00601 00602 KiBugCheckDriver = NULL; 00603 TrapInformation = (PKTRAP_FRAME)BugCheckParameter3; 00604 00605 // 00606 // Extract the execution address from the trap frame to 00607 // identify the component. 00608 // 00609 00610 if (TrapInformation != NULL) { 00611 ExecutionAddress = (PVOID)PROGRAM_COUNTER (TrapInformation); 00612 ImageBase = KiPcToFileHeader (ExecutionAddress, 00613 &DataTableEntry, 00614 TRUE, 00615 &InKernelOrHal); 00616 00617 if (ImageBase != NULL) { 00618 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00619 } 00620 } 00621 00622 break; 00623 00624 case DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS: 00625 00626 ExecutionAddress = (PVOID)BugCheckParameter1; 00627 00628 ImageBase = KiPcToFileHeader (ExecutionAddress, 00629 &DataTableEntry, 00630 TRUE, 00631 &InKernelOrHal); 00632 00633 if (ImageBase != NULL) { 00634 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00635 } 00636 else { 00637 KiBugCheckDriver = MmLocateUnloadedDriver (ExecutionAddress); 00638 } 00639 00640 BugCheckParameter4 = (ULONG_PTR)KiBugCheckDriver; 00641 00642 break; 00643 00644 case DRIVER_USED_EXCESSIVE_PTES: 00645 00646 DataTableEntry = (PLDR_DATA_TABLE_ENTRY)BugCheckParameter1; 00647 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00648 00649 break; 00650 00651 case PAGE_FAULT_IN_NONPAGED_AREA: 00652 00653 ExecutionAddress = NULL; 00654 KiBugCheckDriver = NULL; 00655 00656 VirtualAddress = (PVOID)BugCheckParameter1; 00657 00658 TrapInformation = (PKTRAP_FRAME)BugCheckParameter3; 00659 00660 // 00661 // Extract the execution address from the trap frame to 00662 // identify the component. 00663 // 00664 00665 if (TrapInformation != NULL) { 00666 00667 ExecutionAddress = (PVOID)PROGRAM_COUNTER (TrapInformation); 00668 BugCheckParameter3 = (ULONG_PTR)ExecutionAddress; 00669 00670 KiPcToFileHeader (ExecutionAddress, 00671 &DataTableEntry, 00672 FALSE, 00673 &InKernelOrHal); 00674 00675 ImageBase = KiPcToFileHeader (ExecutionAddress, 00676 &DataTableEntry, 00677 TRUE, 00678 &DontCare); 00679 00680 if (ImageBase != NULL) { 00681 KiBugCheckDriver = &DataTableEntry->BaseDllName; 00682 } 00683 } 00684 else { 00685 00686 // 00687 // No trap frame, so no execution address either. 00688 // 00689 00690 BugCheckParameter3 = 0; 00691 } 00692 00693 Thread = KeGetCurrentThread(); 00694 00695 if ((VirtualAddress >= MmSpecialPoolStart) && 00696 (VirtualAddress < MmSpecialPoolEnd)) { 00697 00698 // 00699 // Update the bugcheck number so the administrator gets 00700 // useful feedback that enabling special pool has enabled 00701 // the system to locate the corruptor. 00702 // 00703 00704 if (MmIsSpecialPoolAddressFree (VirtualAddress) == TRUE) { 00705 if (InKernelOrHal == TRUE) { 00706 BugCheckCode = PAGE_FAULT_IN_FREED_SPECIAL_POOL; 00707 } 00708 else { 00709 BugCheckCode = DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL; 00710 } 00711 } 00712 else { 00713 if (InKernelOrHal == TRUE) { 00714 BugCheckCode = PAGE_FAULT_BEYOND_END_OF_ALLOCATION; 00715 } 00716 else { 00717 BugCheckCode = DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION; 00718 } 00719 } 00720 } 00721 else if ((ExecutionAddress == VirtualAddress) && 00722 (MmIsHydraAddress (VirtualAddress) == TRUE) && 00723 ((Thread->Teb == NULL) || (IS_SYSTEM_ADDRESS(Thread->Teb)))) { 00724 // 00725 // This is a driver reference to session space from a 00726 // worker thread. Since the system process has no session 00727 // space this is illegal and the driver must be fixed. 00728 // 00729 00730 BugCheckCode = TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE; 00731 } 00732 else { 00733 KiBugCheckDriver = MmLocateUnloadedDriver (VirtualAddress); 00734 if (KiBugCheckDriver != NULL) { 00735 BugCheckCode = DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS; 00736 } 00737 } 00738 00739 break; 00740 00741 default: 00742 break; 00743 } 00744 } 00745 00746 if (KiBugCheckDriver != NULL) { 00747 KeBugCheckUnicodeToAnsi (KiBugCheckDriver, 00748 AnsiBuffer, 00749 sizeof (AnsiBuffer)); 00750 } 00751 00752 KiBugCheckData[0] = BugCheckCode; 00753 KiBugCheckData[1] = BugCheckParameter1; 00754 KiBugCheckData[2] = BugCheckParameter2; 00755 KiBugCheckData[3] = BugCheckParameter3; 00756 KiBugCheckData[4] = BugCheckParameter4; 00757 00758 BugCheckParameters[0] = BugCheckParameter1; 00759 BugCheckParameters[1] = BugCheckParameter2; 00760 BugCheckParameters[2] = BugCheckParameter3; 00761 BugCheckParameters[3] = BugCheckParameter4; 00762 00763 if (KdPitchDebugger == FALSE ) { 00764 KdDebuggerDataBlock.SavedContext = (ULONG_PTR) &ContextSave; 00765 } 00766 00767 // 00768 // If the user manually crashed the machine, skips the DbgPrints and 00769 // go to the crashdump. 00770 // Trying to do DbgPrint causes us to reeeter the debugger which causes 00771 // some problems. 00772 // 00773 // Otherwise, if the debugger is enabled, print out the information and 00774 // stop. 00775 // 00776 00777 if ((BugCheckCode != MANUALLY_INITIATED_CRASH) && 00778 (KdDebuggerEnabled)) { 00779 00780 DbgPrint("\n*** Fatal System Error: 0x%08lx\n" 00781 " (0x%p,0x%p,0x%p,0x%p)\n\n", 00782 BugCheckCode, 00783 BugCheckParameter1, 00784 BugCheckParameter2, 00785 BugCheckParameter3, 00786 BugCheckParameter4); 00787 00788 // 00789 // If the debugger is not actually connected, or the user manually 00790 // crashed the machine by typing .crash in the debugger, proceed to 00791 // "blue screen" the system. 00792 // 00793 // The call to DbgPrint above will have set the state of 00794 // KdDebuggerNotPresent if the debugger has become disconnected 00795 // since the system was booted. 00796 // 00797 00798 if (KdDebuggerNotPresent == FALSE) { 00799 00800 if (KiBugCheckDriver != NULL) { 00801 DbgPrint("The %s driver may be at fault.\n", AnsiBuffer); 00802 } 00803 00804 if (hardErrorCalled != FALSE) { 00805 if (HardErrorCaption) { 00806 DbgPrint(HardErrorCaption); 00807 } 00808 if (HardErrorMessage) { 00809 DbgPrint(HardErrorMessage); 00810 } 00811 } 00812 00813 KiBugCheckDebugBreak (DBG_STATUS_BUGCHECK_FIRST); 00814 } 00815 } 00816 00817 // 00818 // Freeze execution of the system by disabling interrupts and looping. 00819 // 00820 00821 KiDisableInterrupts(); 00822 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 00823 00824 // 00825 // Don't attempt to display message more than once. 00826 // 00827 00828 if (InterlockedDecrement (&KeBugCheckCount) == 0) { 00829 00830 #if !defined(NT_UP) 00831 00832 // 00833 // Attempt to get the other processors frozen now, but don't wait 00834 // for them to freeze (in case someone is stuck). 00835 // 00836 00837 TargetSet = KeActiveProcessors & ~KeGetCurrentPrcb()->SetMember; 00838 if (TargetSet != 0) { 00839 KiIpiSend((KAFFINITY) TargetSet, IPI_FREEZE); 00840 00841 // 00842 // Give the other processors one second to flush their data caches. 00843 // 00844 // N.B. This cannot be synchronized since the reason for the bug 00845 // may be one of the other processors failed. 00846 // 00847 00848 KeStallExecutionProcessor(1000 * 1000); 00849 } 00850 00851 #endif 00852 00853 // 00854 // Enable InbvDisplayString calls to make it through to bootvid driver. 00855 // 00856 00857 if (InbvIsBootDriverInstalled()) { 00858 00859 InbvAcquireDisplayOwnership(); 00860 00861 InbvResetDisplay(); 00862 InbvSolidColorFill(0,0,639,479,4); // make the screen blue 00863 InbvSetTextColor(15); 00864 InbvInstallDisplayStringFilter((INBV_DISPLAY_STRING_FILTER)NULL); 00865 InbvEnableDisplayString(TRUE); // enable display string 00866 InbvSetScrollRegion(0,0,639,479); // set to use entire screen 00867 } 00868 00869 if (!hardErrorCalled) { 00870 sprintf((char *)Buffer, 00871 "\n*** STOP: 0x%08lX (0x%p,0x%p,0x%p,0x%p)\n", 00872 BugCheckCode, 00873 BugCheckParameter1, 00874 BugCheckParameter2, 00875 BugCheckParameter3, 00876 BugCheckParameter4 00877 ); 00878 InbvDisplayString((char *)Buffer); 00879 00880 KeGetBugMessageText(BugCheckCode, NULL); 00881 InbvDisplayString("\n"); 00882 00883 if (KiBugCheckDriver != NULL) { 00884 00885 // 00886 // Output the driver name. 00887 // 00888 00889 KeGetBugMessageText(BUGCODE_ID_DRIVER, NULL); 00890 InbvDisplayString(AnsiBuffer); 00891 InbvDisplayString("\n"); 00892 } 00893 00894 } else { 00895 if (HardErrorCaption) { 00896 InbvDisplayString(HardErrorCaption); 00897 } 00898 if (HardErrorMessage) { 00899 InbvDisplayString(HardErrorMessage); 00900 } 00901 } 00902 00903 // 00904 // Process the bug check callback list. 00905 // 00906 00907 KiScanBugCheckCallbackList(); 00908 00909 // 00910 // If the debugger is not enabled, then dump the machine state and 00911 // attempt to enable the debugger. 00912 // 00913 00914 if (!hardErrorCalled) { 00915 00916 KiDumpParameterImages( 00917 (char *)Buffer, 00918 BugCheckParameters, 00919 4, 00920 KeBugCheckUnicodeToAnsi); 00921 00922 } 00923 00924 if (KdDebuggerEnabled == FALSE && KdPitchDebugger == FALSE ) { 00925 KdInitSystem(NULL, FALSE); 00926 00927 } else { 00928 InbvDisplayString("\n"); 00929 } 00930 00931 // 00932 // Write a crash dump and optionally reboot if the system has been 00933 // so configured. 00934 // 00935 00936 KeGetCurrentPrcb()->ProcessorState.ContextFrame = ContextSave; 00937 00938 if (!IoWriteCrashDump(BugCheckCode, 00939 BugCheckParameter1, 00940 BugCheckParameter2, 00941 BugCheckParameter3, 00942 BugCheckParameter4, 00943 &ContextSave 00944 )) { 00945 // 00946 // If no crashdump take, display the PSS message. 00947 // 00948 00949 switch ( BugCheckCode ) { 00950 00951 case IRQL_NOT_LESS_OR_EQUAL: 00952 case DRIVER_IRQL_NOT_LESS_OR_EQUAL: 00953 case DRIVER_CORRUPTED_EXPOOL: 00954 case DRIVER_CORRUPTED_MMPOOL: 00955 case DRIVER_PORTION_MUST_BE_NONPAGED: 00956 case SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD: 00957 PssMessage = BUGCODE_PSS_MESSAGE_A; 00958 break; 00959 00960 case KMODE_EXCEPTION_NOT_HANDLED: 00961 PssMessage = BUGCODE_PSS_MESSAGE_1E; 00962 break; 00963 00964 case FAT_FILE_SYSTEM: 00965 case NTFS_FILE_SYSTEM: 00966 PssMessage = BUGCODE_PSS_MESSAGE_23; 00967 break; 00968 00969 case DATA_BUS_ERROR: 00970 PssMessage = BUGCODE_PSS_MESSAGE_2E; 00971 break; 00972 00973 case NO_MORE_SYSTEM_PTES: 00974 PssMessage = BUGCODE_PSS_MESSAGE_3F; 00975 break; 00976 00977 case INACCESSIBLE_BOOT_DEVICE: 00978 PssMessage = BUGCODE_PSS_MESSAGE_7B; 00979 break; 00980 00981 case UNEXPECTED_KERNEL_MODE_TRAP: 00982 PssMessage = BUGCODE_PSS_MESSAGE_7F; 00983 break; 00984 00985 case STATUS_SYSTEM_IMAGE_BAD_SIGNATURE: 00986 PssMessage = BUGCODE_PSS_MESSAGE_SIGNATURE; 00987 break; 00988 00989 case ACPI_BIOS_ERROR: 00990 PssMessage = BUGCODE_PSS_MESSAGE_A5; 00991 break; 00992 00993 case ACPI_BIOS_FATAL_ERROR: 00994 PssMessage = ACPI_BIOS_FATAL_ERROR; 00995 break; 00996 00997 default: 00998 PssMessage = BUGCODE_PSS_MESSAGE; 00999 break; 01000 } 01001 01002 KeGetBugMessageText(PssMessage, NULL); 01003 } 01004 } 01005 01006 // 01007 // Attempt to enter the kernel debugger. 01008 // 01009 01010 KiBugCheckDebugBreak (DBG_STATUS_BUGCHECK_SECOND); 01011 return; 01012 } 01013 01014 VOID 01015 KeEnterKernelDebugger ( 01016 VOID 01017 ) 01018 01019 /*++ 01020 01021 Routine Description: 01022 01023 This function crashes the system in a controlled manner attempting 01024 to invoke the kernel debugger. 01025 01026 Arguments: 01027 01028 None. 01029 01030 Return Value: 01031 01032 None. 01033 01034 --*/ 01035 01036 { 01037 01038 #if !defined(i386) 01039 KIRQL OldIrql; 01040 #endif 01041 01042 // 01043 // Freeze execution of the system by disabling interrupts and looping. 01044 // 01045 01046 KiHardwareTrigger = 1; 01047 KiDisableInterrupts(); 01048 #if !defined(i386) 01049 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 01050 #endif 01051 if (InterlockedDecrement (&KeBugCheckCount) == 0) { 01052 if (KdDebuggerEnabled == FALSE) { 01053 if ( KdPitchDebugger == FALSE ) { 01054 KdInitSystem(NULL, FALSE); 01055 } 01056 } 01057 } 01058 01059 KiBugCheckDebugBreak (DBG_STATUS_FATAL); 01060 } 01061 01062 NTKERNELAPI 01063 BOOLEAN 01064 KeDeregisterBugCheckCallback ( 01065 IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord 01066 ) 01067 01068 /*++ 01069 01070 Routine Description: 01071 01072 This function deregisters a bug check callback record. 01073 01074 Arguments: 01075 01076 CallbackRecord - Supplies a pointer to a bug check callback record. 01077 01078 Return Value: 01079 01080 If the specified bug check callback record is successfully deregistered, 01081 then a value of TRUE is returned. Otherwise, a value of FALSE is returned. 01082 01083 --*/ 01084 01085 { 01086 01087 BOOLEAN Deregister; 01088 KIRQL OldIrql; 01089 01090 // 01091 // Raise IRQL to HIGH_LEVEL and acquire the bug check callback list 01092 // spinlock. 01093 // 01094 01095 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 01096 KiAcquireSpinLock(&KeBugCheckCallbackLock); 01097 01098 // 01099 // If the specified callback record is currently registered, then 01100 // deregister the callback record. 01101 // 01102 01103 Deregister = FALSE; 01104 if (CallbackRecord->State == BufferInserted) { 01105 CallbackRecord->State = BufferEmpty; 01106 RemoveEntryList(&CallbackRecord->Entry); 01107 Deregister = TRUE; 01108 } 01109 01110 // 01111 // Release the bug check callback spinlock, lower IRQL to its previous 01112 // value, and return whether the callback record was successfully 01113 // deregistered. 01114 // 01115 01116 KiReleaseSpinLock(&KeBugCheckCallbackLock); 01117 KeLowerIrql(OldIrql); 01118 return Deregister; 01119 } 01120 01121 NTKERNELAPI 01122 BOOLEAN 01123 KeRegisterBugCheckCallback ( 01124 IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord, 01125 IN PKBUGCHECK_CALLBACK_ROUTINE CallbackRoutine, 01126 IN PVOID Buffer, 01127 IN ULONG Length, 01128 IN PUCHAR Component 01129 ) 01130 01131 /*++ 01132 01133 Routine Description: 01134 01135 This function registers a bug check callback record. If the system 01136 crashes, then the specified function will be called during bug check 01137 processing so it may dump additional state in the specified bug check 01138 buffer. 01139 01140 N.B. Bug check callback routines are called in reverse order of 01141 registration, i.e., in LIFO order. 01142 01143 Arguments: 01144 01145 CallbackRecord - Supplies a pointer to a callback record. 01146 01147 CallbackRoutine - Supplies a pointer to the callback routine. 01148 01149 Buffer - Supplies a pointer to the bug check buffer. 01150 01151 Length - Supplies the length of the bug check buffer in bytes. 01152 01153 Component - Supplies a pointer to a zero terminated component 01154 identifier. 01155 01156 Return Value: 01157 01158 If the specified bug check callback record is successfully registered, 01159 then a value of TRUE is returned. Otherwise, a value of FALSE is returned. 01160 01161 --*/ 01162 01163 { 01164 01165 BOOLEAN Inserted; 01166 KIRQL OldIrql; 01167 01168 // 01169 // Raise IRQL to HIGH_LEVEL and acquire the bug check callback list 01170 // spinlock. 01171 // 01172 01173 KeRaiseIrql(HIGH_LEVEL, &OldIrql); 01174 KiAcquireSpinLock(&KeBugCheckCallbackLock); 01175 01176 // 01177 // If the specified callback record is currently not registered, then 01178 // register the callback record. 01179 // 01180 01181 Inserted = FALSE; 01182 if (CallbackRecord->State == BufferEmpty) { 01183 CallbackRecord->CallbackRoutine = CallbackRoutine; 01184 CallbackRecord->Buffer = Buffer; 01185 CallbackRecord->Length = Length; 01186 CallbackRecord->Component = Component; 01187 CallbackRecord->Checksum = 01188 ((ULONG_PTR)CallbackRoutine + (ULONG_PTR)Buffer + Length + (ULONG_PTR)Component); 01189 01190 CallbackRecord->State = BufferInserted; 01191 InsertHeadList(&KeBugCheckCallbackListHead, &CallbackRecord->Entry); 01192 Inserted = TRUE; 01193 } 01194 01195 // 01196 // Release the bug check callback spinlock, lower IRQL to its previous 01197 // value, and return whether the callback record was successfully 01198 // registered. 01199 // 01200 01201 KiReleaseSpinLock(&KeBugCheckCallbackLock); 01202 KeLowerIrql(OldIrql); 01203 return Inserted; 01204 } 01205 01206 VOID 01207 KiScanBugCheckCallbackList ( 01208 VOID 01209 ) 01210 01211 /*++ 01212 01213 Routine Description: 01214 01215 This function scans the bug check callback list and calls each bug 01216 check callback routine so it can dump component specific information 01217 that may identify the cause of the bug check. 01218 01219 N.B. The scan of the bug check callback list is performed VERY 01220 carefully. Bug check callback routines are called at HIGH_LEVEL 01221 and may not acquire ANY resources. 01222 01223 Arguments: 01224 01225 None. 01226 01227 Return Value: 01228 01229 None. 01230 01231 --*/ 01232 01233 { 01234 01235 PKBUGCHECK_CALLBACK_RECORD CallbackRecord; 01236 ULONG_PTR Checksum; 01237 ULONG Index; 01238 PLIST_ENTRY LastEntry; 01239 PLIST_ENTRY ListHead; 01240 PLIST_ENTRY NextEntry; 01241 PUCHAR Source; 01242 01243 // 01244 // If the bug check callback listhead is not initialized, then the 01245 // bug check has occured before the system has gotten far enough 01246 // in the initialization code to enable anyone to register a callback. 01247 // 01248 01249 ListHead = &KeBugCheckCallbackListHead; 01250 if ((ListHead->Flink != NULL) && (ListHead->Blink != NULL)) { 01251 01252 // 01253 // Scan the bug check callback list. 01254 // 01255 01256 LastEntry = ListHead; 01257 NextEntry = ListHead->Flink; 01258 while (NextEntry != ListHead) { 01259 01260 // 01261 // The next entry address must be aligned properly, the 01262 // callback record must be readable, and the callback record 01263 // must have back link to the last entry. 01264 // 01265 01266 if (((ULONG_PTR)NextEntry & (sizeof(ULONG_PTR) - 1)) != 0) { 01267 return; 01268 01269 } else { 01270 CallbackRecord = CONTAINING_RECORD(NextEntry, 01271 KBUGCHECK_CALLBACK_RECORD, 01272 Entry); 01273 01274 Source = (PUCHAR)CallbackRecord; 01275 for (Index = 0; Index < sizeof(KBUGCHECK_CALLBACK_RECORD); Index += 1) { 01276 if (MmDbgReadCheck((PVOID)Source) == NULL) { 01277 return; 01278 } 01279 01280 Source += 1; 01281 } 01282 01283 if (CallbackRecord->Entry.Blink != LastEntry) { 01284 return; 01285 } 01286 01287 // 01288 // If the callback record has a state of inserted and the 01289 // computed checksum matches the callback record checksum, 01290 // then call the specified bug check callback routine. 01291 // 01292 01293 Checksum = (ULONG_PTR)CallbackRecord->CallbackRoutine; 01294 Checksum += (ULONG_PTR)CallbackRecord->Buffer; 01295 Checksum += CallbackRecord->Length; 01296 Checksum += (ULONG_PTR)CallbackRecord->Component; 01297 if ((CallbackRecord->State == BufferInserted) && 01298 (CallbackRecord->Checksum == Checksum)) { 01299 01300 // 01301 // Call the specified bug check callback routine and 01302 // handle any exceptions that occur. 01303 // 01304 01305 CallbackRecord->State = BufferStarted; 01306 try { 01307 (CallbackRecord->CallbackRoutine)(CallbackRecord->Buffer, 01308 CallbackRecord->Length); 01309 01310 CallbackRecord->State = BufferFinished; 01311 01312 } except(EXCEPTION_EXECUTE_HANDLER) { 01313 CallbackRecord->State = BufferIncomplete; 01314 } 01315 } 01316 } 01317 01318 LastEntry = NextEntry; 01319 NextEntry = NextEntry->Flink; 01320 } 01321 } 01322 01323 return; 01324 }
1.3.7