able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/sdktools/buggy/driver/bugcheck.c
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

395 lines
6.6 KiB
C
Raw Blame History

#include <ntddk.h>
#include "tdriver.h"
#include "bugcheck.h"
/////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////// Bugcheck functions
/////////////////////////////////////////////////////////////////////
VOID
BgChkForceCustomBugcheck (
PVOID NotUsed
)
/*++
Routine Description:
This function breaks into debugger and waits for the user to set the
value for bugcheck data. Then it will bugcheck using the specified code
and data. It is useful to test the mini triage feature.
Arguments:
None.
Return Value:
None.
Environment:
Kernel mode.
--*/
{
ULONG BugcheckData [5];
DbgPrint ("Buggy: `ed %p' to enter the bugcheck code and data \n", BugcheckData );
DbgBreakPoint();
KeBugCheckEx (
BugcheckData [ 0 ],
BugcheckData [ 1 ],
BugcheckData [ 2 ],
BugcheckData [ 3 ],
BugcheckData [ 4 ] );
}
VOID BgChkProcessHasLockedPages (
PVOID NotUsed
)
{
PMDL Mdl;
PVOID Address;
DbgPrint ("Buggy: ProcessHasLockedPages \n");
Mdl = IoAllocateMdl(
(PVOID)0x10000, // adress
0x1000, // size
FALSE, // not secondary buffer
FALSE, // do not charge quota
NULL); // no irp
if (Mdl != NULL) {
DbgPrint ("Buggy: mdl created \n");
}
#if 0
try {
MmProbeAndLockPages (
Mdl,
KernelMode,
IoReadAccess);
DbgPrint ("Buggy: locked pages \n");
}
except (EXCEPTION_EXECUTE_HANDLER) {
DbgPrint ("Buggy: exception raised while locking \n");
}
#endif
}
VOID BgChkNoMoreSystemPtes (
PVOID NotUsed
)
{
DWORDLONG Index;
PHYSICAL_ADDRESS Address;
ULONG Count = 0;
char Buffer [1024];
DbgPrint ("Buggy: NoMoresystemPtes\n");
for (Index = 0; Index < (DWORDLONG)0x80000000 * 4; Index += 0x10000) {
Address.QuadPart = (DWORDLONG)Index;
if (MmMapIoSpace (Address, 0x10000, FALSE)) {
Count += 0x10000;
}
}
DbgPrint ("Finished eating system PTEs %08X ... \n", Count);
}
VOID BgChkBadPoolHeader (
PVOID NotUsed
)
{
PULONG Block;
DbgPrint ("Buggy: BadPoolHeader\n");
Block = (PULONG) ExAllocatePoolWithTag (
NonPagedPool,
128,
TD_POOL_TAG);
//
// Trash 4 bytes in the block header.
//
*(Block - 1) = 0xBADBAD01;
//
// This free operation should bugcheck.
//
ExFreePool (Block);
}
VOID BgChkDriverCorruptedSystemPtes (
PVOID NotUsed
)
{
PVOID Block;
DbgPrint ("Buggy: DriverCorruptedSystemPtes\n");
Block = (PULONG) ExAllocatePoolWithTag (
NonPagedPool,
0x2000,
TD_POOL_TAG);
MmUnmapIoSpace (Block, 0x2000);
}
VOID BgChkDriverCorruptedExPool (
PVOID NotUsed
)
{
PULONG Block;
DbgPrint ("Buggy: DriverCorruptedExPool\n");
Block = (PULONG) ExAllocatePoolWithTag (
NonPagedPool,
128,
TD_POOL_TAG);
//
// Trash 8 bytes in the block header.
//
*(Block - 2) = 0xBADBAD01;
*(Block - 1) = 0xBADBAD01;
//
// This free operation should bugcheck.
//
ExFreePool (Block);
}
VOID BgChkDriverCorruptedMmPool (
PVOID NotUsed
)
{
DbgPrint ("Buggy: DriverCorruptedMmPool\n");
ExFreePool (NULL);
}
VOID BgChkIrqlNotLessOrEqual (
PVOID NotUsed
)
{
KIRQL irql;
VOID *pPagedData;
DbgPrint ("Buggy: IrqlNotLessOrEqual\n");
pPagedData = ExAllocatePoolWithTag(
PagedPool,
16,
TD_POOL_TAG);
if( pPagedData == NULL )
{
DbgPrint( "Cannot allocate 16 bytes of paged pool\n" );
return;
}
KeRaiseIrql( DISPATCH_LEVEL, &irql );
*((ULONG*)pPagedData) = 16;
KeLowerIrql( irql );
}
VOID BgChkPageFaultBeyondEndOfAllocation (
PVOID NotUsed
)
{
PVOID *pHalfPage;
PVOID *pLastUlongToWrite;
ULONG *pCrtULONG;
DbgPrint ("Buggy: PageFaultBeyondEndOfAllocation\n");
//
// allocate half a page
//
pHalfPage = ExAllocatePoolWithTag(
NonPagedPool,
PAGE_SIZE >> 1,
TD_POOL_TAG);
if( pHalfPage == NULL )
{
DbgPrint ("Buggy: cannot allocate half page of NP pool\n");
}
else
{
//
// touch a page more
//
pCrtULONG = (ULONG*)pHalfPage;
while( (ULONG_PTR)pCrtULONG < (ULONG_PTR)pHalfPage + (PAGE_SIZE >> 1) + 2 * PAGE_SIZE )
{
*pCrtULONG = PtrToUlong( pCrtULONG );
pCrtULONG ++;
}
ExFreePool( pHalfPage );
}
}
VOID BgChkDriverVerifierDetectedViolation (
PVOID NotUsed
)
{
PVOID *pHalfPage;
PVOID *pLastUlongToWrite;
ULONG *pCrtULONG;
DbgPrint ("Buggy: DriverVerifierDetectedViolation\n");
//
// allocate half a page
//
pHalfPage = ExAllocatePoolWithTag(
NonPagedPool,
PAGE_SIZE >> 1,
TD_POOL_TAG);
if( pHalfPage == NULL )
{
DbgPrint ("Buggy: cannot allocate half page of NP pool\n");
}
else
{
//
// touch 1 ULONG more
//
pCrtULONG = (ULONG*)pHalfPage;
while( (ULONG_PTR)pCrtULONG < (ULONG_PTR)pHalfPage + (PAGE_SIZE >> 1) + sizeof( ULONG) )
{
*pCrtULONG = PtrToUlong( pCrtULONG );
pCrtULONG ++;
}
//
// free -> BC
//
ExFreePool( pHalfPage );
}
}
VOID
BgChkCorruptSystemPtes(
PVOID NotUsed
)
/*++
Routine Description:
This function corrupts system PTEs area on purpose. This is
done so that we can test if the crache is mini triaged correctly.
Arguments:
None.
Return Value:
None.
Environment:
Kernel mode.
--*/
{
PULONG puCrtAdress = (PULONG)LongToPtr(0xC0300000);
ULONG uCrtValue;
int nCrtStep;
#define NUM_ULONGS_TO_CORRUPT 0x100
#define FIRST_ULONG_VALUE 0xABCDDCBA
#define NUM_ULONGS_SKIP_EACH_STEP 16
uCrtValue = FIRST_ULONG_VALUE;
for( nCrtStep = 0; nCrtStep < NUM_ULONGS_TO_CORRUPT; nCrtStep++ )
{
*puCrtAdress = uCrtValue;
puCrtAdress += NUM_ULONGS_SKIP_EACH_STEP;
uCrtValue++;
}
}
VOID
BgChkHangCurrentProcessor (
PVOID NotUsed
)
/*++
Routine Description:
This routine will hang the current processor.
Arguments:
None.
Return Value:
None.
Environment:
Kernel mode.
--*/
{
KIRQL PreviousIrql;
KeRaiseIrql( DISPATCH_LEVEL, &PreviousIrql );
while ( TRUE ) {
//
// this will hang the current processor
//
}
}
Reference in a new issue View git blame Copy permalink