VOID HalpVerifyPrcbVersion( VOID ) /*++ Routine Description: This function verifies that the HAL matches the kernel. If there is a mismatch the HAL bugchecks the system. Arguments: None. Return Value: None. --*/ { PKPRCB Prcb; // // Verify Prcb major version number, and build options are // all conforming to this binary image // Prcb = KeGetCurrentPrcb(); #if DBG if (!(Prcb->BuildType & PRCB_BUILD_DEBUG)) { // This checked hal requires a checked kernel KeBugCheckEx (MISMATCHED_HAL, 2, Prcb->BuildType, PRCB_BUILD_DEBUG, 0); } #else if (Prcb->BuildType & PRCB_BUILD_DEBUG) { // This free hal requires a free kernel KeBugCheckEx (MISMATCHED_HAL, 2, Prcb->BuildType, 0, 0); } #endif #ifndef NT_UP if (Prcb->BuildType & PRCB_BUILD_UNIPROCESSOR) { // This MP hal requires an MP kernel KeBugCheckEx (MISMATCHED_HAL, 2, Prcb->BuildType, 0, 0); } #endif if (Prcb->MajorVersion != PRCB_MAJOR_VERSION) { KeBugCheckEx (MISMATCHED_HAL, 1, Prcb->MajorVersion, PRCB_MAJOR_VERSION, 0); } }
VOID NTAPI INIT_FUNCTION CmpInitializeCache(VOID) { ULONG Length, i; /* Calculate length for the table */ Length = CmpHashTableSize * sizeof(CM_KEY_HASH_TABLE_ENTRY); /* Allocate it */ CmpCacheTable = CmpAllocate(Length, TRUE, TAG_CM); if (!CmpCacheTable) { /* Take the system down */ KeBugCheckEx(CONFIG_INITIALIZATION_FAILED, 3, 1, 0, 0); } /* Zero out the table */ RtlZeroMemory(CmpCacheTable, Length); /* Initialize the locks */ for (i = 0; i < CmpHashTableSize; i++) { /* Setup the pushlock */ ExInitializePushLock(&CmpCacheTable[i].Lock); } /* Calculate length for the name cache */ Length = CmpHashTableSize * sizeof(CM_NAME_HASH_TABLE_ENTRY); /* Now allocate the name cache table */ CmpNameCacheTable = CmpAllocate(Length, TRUE, TAG_CM); if (!CmpNameCacheTable) { /* Take the system down */ KeBugCheckEx(CONFIG_INITIALIZATION_FAILED, 3, 3, 0, 0); } /* Zero out the table */ RtlZeroMemory(CmpNameCacheTable, Length); /* Initialize the locks */ for (i = 0; i < CmpHashTableSize; i++) { /* Setup the pushlock */ ExInitializePushLock(&CmpNameCacheTable[i].Lock); } /* Setup the delayed close table */ CmpInitializeDelayedCloseTable(); }
VOID FASTCALL IovCompleteRequest( IN PIRP Irp, IN CCHAR PriorityBoost ) { if (!IopVerifierOn) { IopfCompleteRequest(Irp, PriorityBoost); return; } if (IovpVerifierLevel > 1) { IovSpecialIrpCompleteRequest(Irp, PriorityBoost); return; } if (Irp->CurrentLocation > (CCHAR) (Irp->StackCount + 1) || Irp->Type != IO_TYPE_IRP) { KeBugCheckEx( MULTIPLE_IRP_COMPLETE_REQUESTS, (ULONG_PTR) Irp, __LINE__, 0, 0); } if (Irp->CancelRoutine) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_COMPLETE_REQUEST_CANCEL_ROUTINE_SET, (ULONG_PTR)Irp->CancelRoutine, (ULONG_PTR)Irp, 0); } if (Irp->IoStatus.Status == STATUS_PENDING || Irp->IoStatus.Status == 0xffffffff) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_COMPLETE_REQUEST_INVALID_STATUS, Irp->IoStatus.Status, (ULONG_PTR)Irp, 0); } if (KeGetCurrentIrql() > DISPATCH_LEVEL) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_COMPLETE_REQUEST_INVALID_IRQL, KeGetCurrentIrql(), (ULONG_PTR)Irp, 0); } IopfCompleteRequest(Irp, PriorityBoost); }
static void dc_simple_encryption_test() { PXTS_TEST_CONTEXT ctx; unsigned char dk[256]; unsigned long e_crc, d_crc, i; // test PKDBF2 for (i = 0; i < (sizeof(pkcs5_vectors) / sizeof(pkcs5_vectors[0])); i++) { sha512_pkcs5_2(pkcs5_vectors[i].i_count, pkcs5_vectors[i].password, strlen(pkcs5_vectors[i].password), pkcs5_vectors[i].salt, strlen(pkcs5_vectors[i].salt), dk, pkcs5_vectors[i].dklen); if (memcmp(dk, pkcs5_vectors[i].key, pkcs5_vectors[i].dklen) != 0) { KeBugCheckEx(STATUS_ENCRYPTION_FAILED, 'DCRP', i, 0, 0); } } DbgMsg("PKDBF2 test passed\n"); // test XTS engine if memory may be allocated if ( (KeGetCurrentIrql() <= DISPATCH_LEVEL) && (ctx = (PXTS_TEST_CONTEXT)mm_secure_alloc(sizeof(XTS_TEST_CONTEXT))) != NULL ) { // fill key and test buffer for (i = 0; i < (sizeof(ctx->key) / sizeof(ctx->key[0])); i++) ctx->key[i] = (unsigned char)i; for (i = 0; i < (sizeof(ctx->test) / sizeof(ctx->test[0])); i++) ctx->test[i] = (unsigned short)i; // run test cases for (i = 0; i < (sizeof(xts_crc_vectors) / sizeof(xts_crc_vectors[0])); i++) { xts_set_key(ctx->key, xts_crc_vectors[i].alg, &ctx->xkey); xts_encrypt((const unsigned char*)ctx->test, (unsigned char*)ctx->buff, sizeof(ctx->test), 0x3FFFFFFFC00, &ctx->xkey); e_crc = crc32((const unsigned char*)ctx->buff, sizeof(ctx->buff)); xts_decrypt((const unsigned char*)ctx->test, (unsigned char*)ctx->buff, sizeof(ctx->test), 0x3FFFFFFFC00, &ctx->xkey); d_crc = crc32((const unsigned char*)ctx->buff, sizeof(ctx->buff)); if ( e_crc != xts_crc_vectors[i].e_crc || d_crc != xts_crc_vectors[i].d_crc ) { KeBugCheckEx(STATUS_ENCRYPTION_FAILED, 'DCRP', 0xFF00 | i, e_crc, d_crc); } } DbgMsg("XTS test passed\n"); mm_secure_free(ctx); } }
BOOLEAN ExInitSystem( VOID ) /*++ Routine Description: This function initializes the executive component of the NT system. It will perform Phase 0 or Phase 1 initialization as appropriate. Arguments: None. Return Value: A value of TRUE is returned if the initialization succeeded. Otherwise a value of FALSE is returned. --*/ { switch ( InitializationPhase ) { case 0: return ExpInitSystemPhase0(); case 1: return ExpInitSystemPhase1(); default: KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL, 3, InitializationPhase, 0, 0); } }
VOID KeCheckIfStackExpandCalloutActive ( VOID ) /*++ Routine Description: This function check whether a kernel stack expand callout is active for the current thread and bugchecks if the result is positive. Arguments: None. Return Value: None. --*/ { PKERNEL_STACK_CONTROL Control; PKTHREAD Thread; Thread = KeGetCurrentThread(); Control = (PKERNEL_STACK_CONTROL)Thread->InitialStack; if (Control->Previous.StackBase != 0) { KeBugCheckEx(KERNEL_EXPAND_STACK_ACTIVE, (ULONG64)Thread, 0, 0, 0); } return; }
VOID CmpReleaseGlobalQuota( IN ULONG Size ) /*++ Routine Description: If Size <= CmpGlobalQuotaUsed, then decrement it. Else BugCheck. Arguments: Size - number of bytes of GlobalQuota caller wants to release Return Value: NONE. --*/ { if (Size > CmpGlobalQuotaUsed) { KeBugCheckEx(REGISTRY_ERROR,2,1,0,0); } CmpGlobalQuotaUsed -= Size; }
VOID NTAPI MiSpecialPoolCheckPattern(PUCHAR P, PPOOL_HEADER Header) { ULONG BytesToCheck, BytesRequested, Index; PUCHAR Ptr; /* Get amount of bytes user requested to be allocated by clearing out the paged mask */ BytesRequested = (Header->Ulong1 & ~SPECIAL_POOL_PAGED) & 0xFFFF; /* Get a pointer to the end of user's area */ Ptr = P + BytesRequested; /* Calculate how many bytes to check */ BytesToCheck = (ULONG)((PUCHAR)PAGE_ALIGN(P) + PAGE_SIZE - Ptr); /* Remove pool header size if we're catching underruns */ if (((ULONG_PTR)P & (PAGE_SIZE - 1)) == 0) { /* User buffer is located in the beginning of the page */ BytesToCheck -= sizeof(POOL_HEADER); } /* Check the pattern after user buffer */ for (Index = 0; Index < BytesToCheck; Index++) { /* Bugcheck if bytes don't match */ if (Ptr[Index] != Header->BlockSize) { KeBugCheckEx(BAD_POOL_HEADER, (ULONG_PTR)P, (ULONG_PTR)&Ptr[Index], Header->BlockSize, 0x24); } } }
VOID ExpCheckForWorker ( IN PVOID p, IN SIZE_T Size ) { KIRQL OldIrql; PLIST_ENTRY Entry; PCHAR BeginBlock; PCHAR EndBlock; WORK_QUEUE_TYPE wqt; BeginBlock = (PCHAR)p; EndBlock = (PCHAR)p + Size; KiLockDispatcherDatabase (&OldIrql); for (wqt = CriticalWorkQueue; wqt < MaximumWorkQueue; wqt += 1) { for (Entry = (PLIST_ENTRY) ExWorkerQueue[wqt].WorkerQueue.EntryListHead.Flink; Entry && (Entry != (PLIST_ENTRY) &ExWorkerQueue[wqt].WorkerQueue.EntryListHead); Entry = Entry->Flink) { if (((PCHAR) Entry >= BeginBlock) && ((PCHAR) Entry < EndBlock)) { KeBugCheckEx(WORKER_INVALID, 0x0, (ULONG_PTR)Entry, (ULONG_PTR)BeginBlock, (ULONG_PTR)EndBlock); } } } KiUnlockDispatcherDatabase (OldIrql); }
VOID ScsiPortFlushDma( IN PVOID HwDeviceExtension ) /*++ Routine Description: This routine checks to see if the perivious IoMapTransfer has been done started. If it has not, then the PD_MAP_TRANSER flag is cleared, and the routine returns; otherwise, this routine schedules a DPC which will call IoFlushAdapter buffers. Arguments: HwDeviceExtension - Supplies a the hardware device extension for the host bus adapter which will be doing the data transfer. Return Value: None. --*/ { PADAPTER_EXTENSION deviceExtension = GET_FDO_EXTENSION(HwDeviceExtension); if(Sp64BitPhysicalAddresses) { KeBugCheckEx(PORT_DRIVER_INTERNAL, 0, STATUS_NOT_SUPPORTED, (ULONG_PTR) HwDeviceExtension, (ULONG_PTR) deviceExtension->DeviceObject->DriverObject); } if (deviceExtension->InterruptData.InterruptFlags & PD_MAP_TRANSFER) { // // The transfer has not been started so just clear the map transfer // flag and return. // deviceExtension->InterruptData.InterruptFlags &= ~PD_MAP_TRANSFER; return; } deviceExtension->InterruptData.InterruptFlags |= PD_FLUSH_ADAPTER_BUFFERS; // // Request a DPC be queued after the interrupt completes. // deviceExtension->InterruptData.InterruptFlags |= PD_NOTIFICATION_REQUIRED; return; }
NTSTATUS FASTCALL IovCallDriver( IN PDEVICE_OBJECT DeviceObject, IN OUT PIRP Irp ) { KIRQL saveIrql; NTSTATUS status; if (!IopVerifierOn) { status = IopfCallDriver(DeviceObject, Irp); return status; } if (IovpVerifierLevel > 1) { status = IovSpecialIrpCallDriver(DeviceObject, Irp); return status; } if (Irp->Type != IO_TYPE_IRP) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_IRP_TYPE_INVALID, (ULONG_PTR)Irp, 0, 0); } if (!IovpValidateDeviceObject(DeviceObject)) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_INVALID_DEVICE_OBJECT, (ULONG_PTR)DeviceObject, 0, 0); } saveIrql = KeGetCurrentIrql(); status = IopfCallDriver(DeviceObject, Irp); if (saveIrql != KeGetCurrentIrql()) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_IRQL_NOT_EQUAL, (ULONG_PTR)DeviceObject, saveIrql, KeGetCurrentIrql()); } return status; }
/**************************************************************************** REMARKS: Handle fatal errors internally in the driver. ****************************************************************************/ void PMAPI PM_fatalError( const char *msg) { ULONG BugCheckCode = 0; ULONG MoreBugCheckData[4] = {0}; char *p; ULONG len; // Clean up the system first! if (fatalErrorCleanup) fatalErrorCleanup(); // KeBugCheckEx brings down the system in a controlled // manner when the caller discovers an unrecoverable // inconsistency that would corrupt the system if // the caller continued to run. // // hack - dump the first 20 chars in hex using the variables // provided - Each ULONG is equal to four characters... for(len = 0; len < 20; len++) if (msg[len] == (char)0) break; // This looks bad but it's quick and reliable... p = (char *)&BugCheckCode; if(len > 0) p[3] = msg[0]; if(len > 1) p[2] = msg[1]; if(len > 2) p[1] = msg[2]; if(len > 3) p[0] = msg[3]; p = (char *)&MoreBugCheckData[0]; if(len > 4) p[3] = msg[4]; if(len > 5) p[2] = msg[5]; if(len > 6) p[1] = msg[6]; if(len > 7) p[0] = msg[7]; p = (char *)&MoreBugCheckData[1]; if(len > 8) p[3] = msg[8]; if(len > 9) p[2] = msg[9]; if(len > 10) p[1] = msg[10]; if(len > 11) p[0] = msg[11]; p = (char *)&MoreBugCheckData[2]; if(len > 12) p[3] = msg[12]; if(len > 13) p[2] = msg[13]; if(len > 14) p[1] = msg[14]; if(len > 15) p[0] = msg[15]; p = (char *)&MoreBugCheckData[3]; if(len > 16) p[3] = msg[16]; if(len > 17) p[2] = msg[17]; if(len > 18) p[1] = msg[18]; if(len > 19) p[0] = msg[19]; // Halt the system! KeBugCheckEx(BugCheckCode, MoreBugCheckData[0], MoreBugCheckData[1], MoreBugCheckData[2], MoreBugCheckData[3]); }
VOID MyAssert (const unsigned char *file, int line) { DEBUGP (("MYASSERT failed %s/%d\n", file, line)); KeBugCheckEx (0x0F00BABA, (ULONG_PTR) line, (ULONG_PTR) 0, (ULONG_PTR) 0, (ULONG_PTR) 0); }
BOOLEAN FASTCALL KiSwapContextExit(IN PKTHREAD OldThread, IN PKSWITCHFRAME SwitchFrame) { PKIPCR Pcr = (PKIPCR)KeGetPcr(); PKPROCESS OldProcess, NewProcess; PKTHREAD NewThread; ARM_TTB_REGISTER TtbRegister; /* We are on the new thread stack now */ NewThread = Pcr->PrcbData.CurrentThread; /* Now we are the new thread. Check if it's in a new process */ OldProcess = OldThread->ApcState.Process; NewProcess = NewThread->ApcState.Process; if (OldProcess != NewProcess) { TtbRegister.AsUlong = NewProcess->DirectoryTableBase[0]; ASSERT(TtbRegister.Reserved == 0); KeArmTranslationTableRegisterSet(TtbRegister); } /* Increase thread context switches */ NewThread->ContextSwitches++; /* Load data from switch frame */ Pcr->NtTib.ExceptionList = SwitchFrame->ExceptionList; /* DPCs shouldn't be active */ if (Pcr->PrcbData.DpcRoutineActive) { /* Crash the machine */ KeBugCheckEx(ATTEMPTED_SWITCH_FROM_DPC, (ULONG_PTR)OldThread, (ULONG_PTR)NewThread, (ULONG_PTR)OldThread->InitialStack, 0); } /* Kernel APCs may be pending */ if (NewThread->ApcState.KernelApcPending) { /* Are APCs enabled? */ if (!NewThread->SpecialApcDisable) { /* Request APC delivery */ if (SwitchFrame->ApcBypassDisable) HalRequestSoftwareInterrupt(APC_LEVEL); return TRUE; } } /* Return */ return FALSE; }
VOID NTAPI KiEspToTrapFrame(IN PKTRAP_FRAME TrapFrame, IN ULONG_PTR Esp) { KIRQL OldIrql; ULONG Previous; /* Raise to APC_LEVEL if needed */ OldIrql = KeGetCurrentIrql(); if (OldIrql < APC_LEVEL) KeRaiseIrql(APC_LEVEL, &OldIrql); /* Get the old ESP */ Previous = KiEspFromTrapFrame(TrapFrame); /* Check if this is user-mode */ if ((TrapFrame->SegCs & MODE_MASK)) { /* Write it directly */ TrapFrame->Rsp = Esp; } else { /* Don't allow ESP to be lowered, this is illegal */ if (Esp < Previous) KeBugCheckEx(SET_OF_INVALID_CONTEXT, Esp, Previous, (ULONG_PTR)TrapFrame, 0); /* Create an edit frame, check if it was alrady */ if (!(TrapFrame->SegCs & FRAME_EDITED)) { /* Update the value */ TrapFrame->Rsp = Esp; } else { /* Check if ESP changed */ if (Previous != Esp) { /* Save CS */ TrapFrame->SegCs &= ~FRAME_EDITED; /* Save ESP */ TrapFrame->Rsp = Esp; } } } /* Restore IRQL */ if (OldIrql < APC_LEVEL) KeLowerIrql(OldIrql); }
VOID NTAPI PopShutdownSystem(IN POWER_ACTION SystemAction) { /* Note should notify caller of NtPowerInformation(PowerShutdownNotification) */ /* Unload symbols */ DPRINT("It's the final countdown...%lx\n", SystemAction); DbgUnLoadImageSymbols(NULL, (PVOID)-1, 0); /* Run the thread on the boot processor */ KeSetSystemAffinityThread(1); /* Now check what the caller wants */ switch (SystemAction) { /* Reset */ case PowerActionShutdownReset: /* Try platform driver first, then legacy */ //PopInvokeSystemStateHandler(PowerStateShutdownReset, NULL); PopSetSystemPowerState(PowerSystemShutdown, SystemAction); HalReturnToFirmware(HalRebootRoutine); break; case PowerActionShutdown: /* Check for group policy that says to use "it is now safe" screen */ if (PopShutdownPowerOffPolicy) { /* FIXFIX: Switch to legacy shutdown handler */ //PopPowerStateHandlers[PowerStateShutdownOff].Handler = PopShutdownHandler; } case PowerActionShutdownOff: /* Call shutdown handler */ //PopInvokeSystemStateHandler(PowerStateShutdownOff, NULL); /* ReactOS Hack */ PopSetSystemPowerState(PowerSystemShutdown, SystemAction); PopShutdownHandler(); /* If that didn't work, call the HAL */ HalReturnToFirmware(HalPowerDownRoutine); break; default: break; } /* Anything else should not happen */ KeBugCheckEx(INTERNAL_POWER_ERROR, 5, 0, 0, 0); }
VOID NTAPI PspCatchCriticalBreak(IN PCHAR Message, IN PVOID ProcessOrThread, IN PCHAR ImageName) { CHAR Action[2]; BOOLEAN Handled = FALSE; PAGED_CODE(); /* Check if a debugger is enabled */ if (KdDebuggerEnabled) { /* Print out the message */ DbgPrint(Message, ProcessOrThread, ImageName); do { /* If a debugger isn't present, don't prompt */ if (KdDebuggerNotPresent) break; /* A debuger is active, prompt for action */ DbgPrompt("Break, or Ignore (bi)?", Action, sizeof(Action)); switch (Action[0]) { /* Break */ case 'B': case 'b': /* Do a breakpoint */ DbgBreakPoint(); /* Ignore */ case 'I': case 'i': /* Handle it */ Handled = TRUE; /* Unrecognized */ default: break; } } while (!Handled); } /* Did we ultimately handle this? */ if (!Handled) { /* We didn't, bugcheck */ KeBugCheckEx(CRITICAL_OBJECT_TERMINATION, ((PKPROCESS)ProcessOrThread)->Header.Type, (ULONG_PTR)ProcessOrThread, (ULONG_PTR)ImageName, (ULONG_PTR)Message); } }
VOID CmpInitializeCache() { ULONG TotalCmCacheSize; ULONG i; TotalCmCacheSize = CmpHashTableSize * sizeof(PCM_KEY_HASH); CmpCacheTable = ExAllocatePoolWithTag(PagedPool, TotalCmCacheSize, 'aCMC'); if (CmpCacheTable == NULL) { KeBugCheckEx(CONFIG_INITIALIZATION_FAILED,6,1,0,0); return; } RtlZeroMemory(CmpCacheTable, TotalCmCacheSize); TotalCmCacheSize = CmpHashTableSize * sizeof(PCM_NAME_HASH); CmpNameCacheTable = ExAllocatePoolWithTag(PagedPool, TotalCmCacheSize, 'aCMC'); if (CmpNameCacheTable == NULL) { KeBugCheckEx(CONFIG_INITIALIZATION_FAILED,6,1,0,0); return; } RtlZeroMemory(CmpNameCacheTable, TotalCmCacheSize); CmpDelayedCloseTable = ExAllocatePoolWithTag(PagedPool, CmpDelayedCloseSize * sizeof(PCM_KEY_CONTROL_BLOCK), 'cDMC'); if (CmpDelayedCloseTable == NULL) { KeBugCheckEx(CONFIG_INITIALIZATION_FAILED,6,2,0,0); return; } CmpDelayedFreeIndex = 0; for (i=0; i<CmpDelayedCloseSize-1; i++) { CmpDelayedCloseTable[i] = (PCM_KEY_CONTROL_BLOCK)ULongToPtr(i+1); } CmpDelayedCloseTable[CmpDelayedCloseSize-1] = (PCM_KEY_CONTROL_BLOCK)-1; CmpDelayedCloseCurrent = CmpDelayedCloseTable; }
BOOLEAN NTAPI xHalTranslateBusAddress(IN INTERFACE_TYPE InterfaceType, IN ULONG BusNumber, IN PHYSICAL_ADDRESS BusAddress, IN OUT PULONG AddressSpace, OUT PPHYSICAL_ADDRESS TranslatedAddress) { KeBugCheckEx(HAL_INITIALIZATION_FAILED, 0, 0, 0, 0); return FALSE; }
VOID IovFreeIrpPrivate( IN PIRP Irp ) { #ifndef NO_SPECIAL_IRP BOOLEAN freeHandled ; #endif if (IopVerifierOn) { if (Irp->Type != IO_TYPE_IRP) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_FREE_IRP_TYPE_INVALID, (ULONG_PTR)Irp, 0, 0); } if (!IsListEmpty(&(Irp)->ThreadListEntry)) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_FREE_IRP_NOT_ASSOCIATED_WITH_THREAD, (ULONG_PTR)Irp, 0, 0); } } #ifndef NO_SPECIAL_IRP SPECIALIRP_IO_FREE_IRP(Irp, &freeHandled) ; if (freeHandled) { return ; } #endif IopFreeIrp(Irp); }
POOL_TYPE NTAPI MmDeterminePoolType(IN PVOID PoolAddress) { // // Use a simple bounds check // if (PoolAddress >= MmPagedPoolStart && PoolAddress <= MmPagedPoolEnd) return PagedPool; else if (PoolAddress >= MmNonPagedPoolStart && PoolAddress <= MmNonPagedPoolEnd) return NonPagedPool; KeBugCheckEx(BAD_POOL_CALLER, 0x42, (ULONG_PTR)PoolAddress, 0, 0); }
VOID MiBadRefCount ( __in PMMPFN Pfn1 ) { KeBugCheckEx (PFN_LIST_CORRUPT, 0x9A, Pfn1 - MmPfnDatabase, Pfn1->u3.e1.PageLocation, Pfn1->u3.e2.ReferenceCount); return; }
/// <summary> /// Allocate page at IRQL > DISPATCH_LEVEL /// </summary> /// <param name="pEPT">CPU EPT data</param> /// <returns>Allocated page or NULL</returns> PEPT_MMPTE EptpAllocatePageHighIRQL( IN PEPT_DATA pEPT ) { // Get preallocated page if (pEPT->Preallocations < EPT_PREALLOC_PAGES) { PEPT_MMPTE ptr = pEPT->Pages[pEPT->Preallocations]; pEPT->Preallocations++; return ptr; } // Can't allocate any more pages KeBugCheckEx( HYPERVISOR_ERROR, BUG_CHECK_EPT_NO_PAGES, pEPT->Preallocations, EPT_PREALLOC_PAGES, 0 ); }
VOID FsRtlWorkerThread( IN PVOID StartContext ) { PLIST_ENTRY Entry; PWORK_QUEUE_ITEM WorkItem; ULONG PagingFile = (ULONG)StartContext; // // Set our priority to low realtime, or +1 for PagingFile. // (PVOID)KeSetPriorityThread( &PsGetCurrentThread()->Tcb, LOW_REALTIME_PRIORITY + PagingFile ); // // Loop forever waiting for a work queue item, calling the processing // routine, and then waiting for another work queue item. // do { // // Wait until something is put in the queue. // // By specifying a wait mode of KernelMode, the thread's kernel stack is // NOT swappable // Entry = KeRemoveQueue(&FsRtlWorkerQueues[PagingFile], KernelMode, NULL); WorkItem = CONTAINING_RECORD(Entry, WORK_QUEUE_ITEM, List); // // Execute the specified routine. // (WorkItem->WorkerRoutine)(WorkItem->Parameter); if (KeGetCurrentIrql() != 0) { KeBugCheckEx( IRQL_NOT_LESS_OR_EQUAL, (ULONG)WorkItem->WorkerRoutine, (ULONG)KeGetCurrentIrql(), (ULONG)WorkItem->WorkerRoutine, (ULONG)WorkItem ); } } while(TRUE); }
void NetKvmAssert(bool Statement, ULONG Code) { if (!Statement) { #pragma warning (push) #pragma warning (disable:28159) KeBugCheckEx(0x0ABCDEF0, 0x0ABCDEF0, Code, NDIS_MINIPORT_MAJOR_VERSION, NDIS_MINIPORT_MINOR_VERSION); #pragma warning (pop) } }
int _RosLogBugcheck ( ULONG Level ) { volatile void* returnAddress = _ReturnAddress(); #pragma prefast(suppress:__WARNING_USE_OTHER_FUNCTION, "We really-really want to bugcheck here...)") KeBugCheckEx( BUGCODE_ID_DRIVER, ULONG_PTR(returnAddress), Level, 0, 0); //return 1; } // _RosLogBugcheck (...)
/// <summary> /// EPT misconfiguration handler /// </summary> /// <param name="GuestState">Guest VM state</param> VOID VmExitEptMisconfig( IN PGUEST_STATE GuestState ) { DPRINT( "HyperBone: CPU %d: %s: EPT misconfiguration, physical %p, Data 0x%X\n", CPU_IDX, __FUNCTION__, GuestState->PhysicalAddress.QuadPart, GuestState->ExitQualification ); /*PEPT_DATA pEPT = NULL; EptGetPTEForPhysical( GuestState->Vcpu->EPT.PML4Ptr, GuestState->PhysicalAddress, &pEPT ); if (pEPT) { }*/ KeBugCheckEx( HYPERVISOR_ERROR, BUG_CHECK_EPT_MISCONFIG, GuestState->PhysicalAddress.QuadPart, GuestState->ExitQualification, 0 ); }
/* * @implemented */ NTSTATUS NTAPI IoAssignResources(IN PUNICODE_STRING RegistryPath, IN PUNICODE_STRING DriverClassName, IN PDRIVER_OBJECT DriverObject, IN PDEVICE_OBJECT DeviceObject, IN PIO_RESOURCE_REQUIREMENTS_LIST RequestedResources, IN OUT PCM_RESOURCE_LIST* AllocatedResources) { PDEVICE_NODE DeviceNode; /* Do we have a DO? */ if (DeviceObject) { /* Get its device node */ DeviceNode = IopGetDeviceNode(DeviceObject); if ((DeviceNode) && !(DeviceNode->Flags & DNF_LEGACY_RESOURCE_DEVICENODE)) { /* New drivers should not call this API */ KeBugCheckEx(PNP_DETECTED_FATAL_ERROR, 0, 0, (ULONG_PTR)DeviceObject, (ULONG_PTR)DriverObject); } } /* Did the driver supply resources? */ if (RequestedResources) { /* Make sure there's actually something useful in them */ if (!(RequestedResources->AlternativeLists) || !(RequestedResources->List[0].Count)) { /* Empty resources are no resources */ RequestedResources = NULL; } } /* Initialize output if given */ if (AllocatedResources) *AllocatedResources = NULL; /* Call internal helper function */ return IopLegacyResourceAllocation(ArbiterRequestLegacyAssigned, DriverObject, DeviceObject, RequestedResources, AllocatedResources); }
/** * Callback DPC for received packets. When a new packet comes in, this DPC is scheduled for processing. * @param dpc the KDPC object representing this DPC * @param adapterContext the context associated with this adapter */ _Use_decl_annotations_ NON_PAGEABLE_FUNCTION void AX25Adapter::receiveDpcCallback(_In_ KDPC* dpc, _In_opt_ void* adapterContext, _In_opt_ void* systemArgument1, _In_opt_ void* systemArgument2) { // Normally I would call ExRaiseStatus(STATUS_NOT_IMPLEMENTED) here, but that is illegal // at DISPATCH_LEVEL, so we're just going to issue a bugcheck instead. UNREFERENCED_PARAMETER(dpc); UNREFERENCED_PARAMETER(adapterContext); UNREFERENCED_PARAMETER(systemArgument1); UNREFERENCED_PARAMETER(systemArgument2); KeBugCheckEx(KMODE_EXCEPTION_NOT_HANDLED, static_cast<ULONG_PTR>(STATUS_NOT_IMPLEMENTED), reinterpret_cast<ULONG_PTR>(__FUNCTION__), NULL, NULL); }
/* * @implemented */ VOID NTAPI FsRtlWorkerThread(IN PVOID StartContext) { KIRQL Irql; PLIST_ENTRY Entry; PWORK_QUEUE_ITEM WorkItem; ULONG QueueId = (ULONG)StartContext; /* Set our priority according to the queue we're dealing with */ KeSetPriorityThread(&PsGetCurrentThread()->Tcb, LOW_REALTIME_PRIORITY + QueueId); /* Loop for events */ for (;;) { /* Look for next event */ Entry = KeRemoveQueue(&FsRtlWorkerQueues[QueueId], KernelMode, NULL); WorkItem = CONTAINING_RECORD(Entry, WORK_QUEUE_ITEM, List); /* Call its routine (here: FsRtlStackOverflowRead) */ WorkItem->WorkerRoutine(WorkItem->Parameter); /* Check we're still at passive level or bugcheck */ Irql = KeGetCurrentIrql(); if (Irql != PASSIVE_LEVEL) { KeBugCheckEx(IRQL_NOT_LESS_OR_EQUAL, (ULONG_PTR)WorkItem->WorkerRoutine, (ULONG_PTR)Irql, (ULONG_PTR)WorkItem->WorkerRoutine, (ULONG_PTR)WorkItem); } } }