#1
|
|||
|
|||
VxD and PageNotPresent
I'm writting VxD which dumps a memory. Maybe it's no problem to do it but I have one ;(.
Initially i call mem_dump() function while processing DEBUG_QUERY, but I read somewhere that it's not a good idea to process code which may cause page fault from DEBUG_QUERY. Next I call mem_dump() from W32_DEVICEIOCONTROL [DIOC_OPEN] (maybe it's not a good idea too - I don't know) but it's not solve my problem. When I read some not present memory (not all) the system crashes. AFAIK the system process page fault to load not present page in this situation. And it's true but not at all in my case. When I test dumping memory, the system crashes in concrete pages in context. Different in different processes, but always at not present one. When I pass over this few non present pages (with other non present it's no problem) everything goes ok. Maybe someone know what is wrong. Below is mem_dump() code. R0File is wrapper class for R0_XXXFile services. void mem_dump() { char txt[256]; char fileNm[]="c:\\file.tmp"; Trace_Out("Prepare to die ;-)"); R0File file; file.SetInContext(); if(file.Create(fileNm,OPEN_ACCESS_READWRITE|OPEN_SHARE_DENYREADWRITE|OPEN_FLAGS_COMMIT)) { Trace_Out("[*] Memory dumping ..."); DWORD page = PAGE(0x00400000); while((page << PAGESHIFT) < 0x80000000) { if(IsPageCommitted(page)) { _Sprintf(txt,"--> Dumping committed page %x\n",page); Out_Debug_String(txt); file.Write((PBYTE)(page << PAGESHIFT),PAGESIZE); } page++; } file.Close(); Trace_Out("[*] Memory dumped!"); } else { Trace_Out("[*] Create file failed"); } } |
#2
|
|||
|
|||
Hi,
When I was a little boy, I played with VxD. I remember that I coulndn't access to non present pages from certain parts in Ring-0. Example, when processing interrupt requests. I guess that your problem might be in accesing those pages from a DEBUG_QUERY event, that as you well have read, it can cause page faults. (dunno about W32_DEVICEIOCONTROL) It could be a similar mechanism like KMD with PassiveLevel, DispatchLevel....though VxD architecture is quite different from the NT one. Could you first lock the pages with function like "PageLock", "LinPageLock" and friends? Hope I'm right, hope it helps Last edited by peleon; 05-20-2004 at 14:04. |
#3
|
|||
|
|||
Quote:
Quote:
Quote:
|
#4
|
|||
|
|||
Yeah, LinPageLock() solves problem . Thanks again.
|
Thread Tools | |
Display Modes | |
|
|