If a thread calls MiInsertPageInFreeList after the zero page thread has
woken up from its wait but before it acquired the PFN lock,
MmZeroingPageEvent might get set again even though there is no additional
work to be done.
By setting MmZeroingPageThreadActive together with the event, the variable
correctly indicates for future callers that the zero thread will process
newly added free pages.
This partially reverts r72990.
The SYSTEM_PD_SIZE constant should not be used to determine the page boundary for page tables. It is better to use the portable MiIsPteOnPdeBoundary() macro for this.
Revert "[NTOS] On DBG builds, fill pool allocations with 0xCD and freed pool with 0xDD"
This reverts commit 24f240be8a.
Revert "[NTOS] Add compile time option to trace callers of pool allocations"
This reverts commit 8b20755040.
Revert "WIP"
This reverts commit 8cfd5c601f.
As documented in https://docs.microsoft.com/fr-fr/windows-hardware/drivers/ddi/wdm/nf-wdm-exallocatepoolwithtag
pool tag "characters" must be a value in the range 0x20 (space) to 0x7E (tilde),
which happen indeed to be the range of printable (non-extended) ASCII characters.
(The display problem was originally caught while attempting to display
the pool tag 0x3a306847 corresponding to 'Gh0:', a win32ss GDIOBJ pool tag
encoded with macro GDIOBJ_POOL_TAG().)
This allows setting the memory protection of the kernel's resource
section as will. MmMakeKernelResourceSectionWritable() is re-implemented
around this helper.
- MiLocateKernelSections(): Fix the calculation of MiKernelResourceEndPte,
MmPoolCodeEnd and MmPteCodeEnd.
- MmMakeKernelResourceSectionWritable(): Fix PTE looping upper limit;
use MI_MAKE_HARDWARE_PTE_KERNEL to build the updated read-write PTE.
- Introduce the MmMakeKernelResourceSectionWritable() helper for
making the kernel resource memory section writable, and use it
in KeGetBugMessageText(). Indeed, this latter function patches
in place the bugcheck resource message to trim any trailing
newlines before displaying the message on screen.
See also https://github.com/osresearch/uxen/blob/83bad53/dm/introspection-win7.c#L286
that mentions it too.
This fixes bugcheck text display (e.g. the MANUALLY_INITIATED_CRASH one)
when using (at least) MSVC-built ReactOS, avoiding a Page-Fault
exception during the bugcheck.
- Cover KeGetBugMessageText() in SEH since we are accessing kernel
resources that could also be corrupted in bugcheck scenarii, and we
don't want to further bugcheck.
- Fix newline trimming loop.
- KiDoBugCheckCallbacks():
* Wrap the bugcheck CallbackRoutine call in SEH.
* Add a FIXME concerning the need of further memory validation of CurrentRecord.
- Add a FIXME concerning the need to run the bugcheck-reason callbacks
with the KbCallbackReserved1 reason, in KeBugCheckWithTf().
Mentioned in http://blog.ptsecurity.com/2012/06/customizing-blue-screen-of-death.html
"Release" builds should not BSoD on 'Freeing pool - invalid tag specified' case,
this is compatible with Windows behaviour.
Nothing changes otherwise concerning the "Debug" builds, where pool-tag mismatch
triggers a BSoD as expected.
CORE-15446
- Correctly probe the FileName user pointer before capturing its contents.
- A paging file name with zero length is invalid too.
- Remember (TODO!) in the code that the lower bounds of the Safe*Size values
need to be checked too!
* The previous version was overcomplicated and broken and therefore disabled.
* The new version also enforces NX protection on x64.
* Now that protecting works, also protect the boot loaded images.
