29 Nov
2005
29 Nov
'05
4:56 a.m.
(./ntoskrnl/ke/main.c:295) -----------------------------------------------------
----------
(./ntoskrnl/ke/main.c:296) ReactOS 0.3-SVN (Build 20051129-r19742)
Used memory 1015744Kb
(./ntoskrnl/mm/mminit.c:386) Kernel Stack Limits. InitTop = 0x80122000, Init = 0
x8011f000
(./ntoskrnl/mm/mm.c:283) No current process
(./ntoskrnl/io/driver.c:1294) Driver 'buslogic.sys' load failed, status (c000000
1)
(./ntoskrnl/ldr/loader.c:267) Could not open module file: \SystemRoot\system32\d
rivers\sndblst.sys (Status 0xc0000034)
(./ntoskrnl/ldr/loader.c:267) Could not open module file: \SystemRoot\system32\d
rivers\mpu401.sys (Status 0xc0000034)
(./ntoskrnl/io/disk.c:630) RDiskCount 1
Entered debugger on last-chance exception number 14 (Page Fault)
Memory at 0x800affb4 could not be written: Page protection violation.
kdb:>bt
Eip:
<ntoskrnl.exe:d7e9c (ntoskrnl/ke/i386/kernel.c:525 (Ki386SetProcessorFeatures))>
Frames:
<ntoskrnl.exe:ccdd3 (./ntoskrnl/ex/init.c:0 ())>
<ntoskrnl.exe:cd87e (./ntoskrnl/ex/init.c:672 (ExpInitializeExecutive))>
<ntoskrnl.exe:63d5 (./ntoskrnl/ke/main.c:106 (KiSystemStartup))>
<ntoskrnl.exe:cb851 (./ntoskrnl/ke/main.c:300 (_main))>
<ntoskrnl.exe:104b (ntoskrnl/ke/i386/main_asm.S:46 (NtProcessStartup))>
(lib/rtl/i386/exception.c:90) Invalid exception frame
Entered debugger on last-chance exception number 14 (Page Fault)
Memory at 0x000764e0 could not be read: Page not present.
KeBugCheckWithTf at ntoskrnl/ke/i386/exp.c:1242
A problem has been detected and ReactOS has been shut down to prevent damage to
your computer.
The problem seems to be caused by the following file: ntoskrnl.exe
Technical information:
*** STOP: 0x0000001E (0xc0000005,0x800c939c,0x00000000,0x000764e0)
*** ntoskrnl.exe - Address 0x800c939c base at 0x80000000, DateStamp 0x0
Page Fault Exception: 14(0)
Processor: 0 CS:EIP 8:800c939c <ntoskrnl.exe:c939c (lib/string/i386/memcpy_asm.s
:43 (memcpy))>
cr2 764e0 cr3 22000 Proc: 81004ba0 Pid: 4 <System> Thrd: 81005630 Tid: 0
DS 23 ES 23 FS 30 GS 0
EAX: 8011b1d4 EBX: 800aee40 ECX: 00000004
EDX: 8011b130 EBP: 8011b124 ESI: 000764e0 ESP: 8011b0a8
EDI: 8011b1d4 EFLAGS: 00210002 kESP 8011b0a8 kernel stack base 80118260
Frames:
<ntoskrnl.exe:a2f00 (ntoskrnl/kdbg/kdb.c:1557 (KdbpSafeReadMemory))>
<ntoskrnl.exe:a3e49 (ntoskrnl/kdbg/kdb_cli.c:570 (KdbpCmdBackTrace))>
<ntoskrnl.exe:a72c8 (ntoskrnl/kdbg/kdb_cli.c:2178 (KdbpDoCommand))>
<ntoskrnl.exe:a7402 (ntoskrnl/kdbg/kdb_cli.c:2237 (KdbpCliMainLoop))>
<ntoskrnl.exe:a2453 (ntoskrnl/kdbg/kdb.c:1119 (KdbpCallMainLoop))>
<ntoskrnl.exe:a0b1d (ntoskrnl/kdbg/i386/kdb_help.S:134 (KdbpStackSwitchAndCall))
<ntoskrnl.exe:a24e1 (ntoskrnl/kdbg/kdb.c:1150
(KdbpInternalEnter))>
<ntoskrnl.exe:a2c96 (ntoskrnl/kdbg/kdb.c:1457 (KdbEnterDebuggerException))>
<ntoskrnl.exe:53adb (./ntoskrnl/kd/kdmain.c:127 (KdpEnterDebuggerException))>
<ntoskrnl.exe:9782d (ntoskrnl/ke/i386/exp.c:1226 (KiDispatchException))>
<ntoskrnl.exe:9639f (ntoskrnl/ke/i386/exp.c:194 (KiKernelTrapHandler))>
<ntoskrnl.exe:af0a4 (ntoskrnl/mm/i386/pfault.c:128 (KiPageFaultHandler))>
<ntoskrnl.exe:9aab1 (ntoskrnl/ke/i386/trap.s:151 (KiTrapProlog2))>
<ntoskrnl.exe:d7e9c (ntoskrnl/ke/i386/kernel.c:525 (Ki386SetProcessorFeatures))>
<ntoskrnl.exe:ccdd3 (./ntoskrnl/ex/init.c:0 ())>
<ntoskrnl.exe:cd87e (./ntoskrnl/ex/init.c:672 (ExpInitializeExecutive))>
<ntoskrnl.exe:63d5 (./ntoskrnl/ke/main.c:106 (KiSystemStartup))>
<ntoskrnl.exe:cb851 (./ntoskrnl/ke/main.c:300 (_main))>
<ntoskrnl.exe:104b (ntoskrnl/ke/i386/main_asm.S:46 (NtProcessStartup))>
Entered debugger on embedded INT3 at 0x0008:0x800b0076.
(lib/rtl/i386/exception.c:90) Invalid exception frame
29 Nov
29 Nov
9:52 a.m.
This is caused by the self-modifying code:
+ /* Replace the ret by a nop */
+ *(PCHAR)RtlPrefetchMemoryNonTemporal = 0x90;
I guess we should have function where all self-modifying code is located
in that takes care of page protections before and after modifying the code.
- Thomas
3:06 p.m.
Thomas Weidenmueller wrote:
<ntoskrnl.exe:a2511 (ntoskrnl/kdbg/kdb.c:1150
(KdbpInternalEnter))>
<ntoskrnl.exe:a2cc6 (ntoskrnl/kdbg/kdb.c:1457 (KdbEnterDebuggerException))>
<ntoskrnl.exe:53b0b (./ntoskrnl/kd/kdmain.c:127 (KdpEnterDebuggerException))>
<ntoskrnl.exe:9785d (ntoskrnl/ke/i386/exp.c:1226 (KiDispatchException))>
<ntoskrnl.exe:963cf (ntoskrnl/ke/i386/exp.c:194 (KiKernelTrapHandler))>
<ntoskrnl.exe:af0d4 (ntoskrnl/mm/i386/pfault.c:128 (KiPageFaultHandler))>
<ntoskrnl.exe:9aae1 (ntoskrnl/ke/i386/trap.s:151 (KiTrapProlog2))>
<ntoskrnl.exe:d7e9c (ntoskrnl/ke/i386/kernel.c:530 (Ki386SetProcessorFeatures))>
<ntoskrnl.exe:ccdd3 (./ntoskrnl/ex/init.c:0 ())>
<ntoskrnl.exe:cd87e (./ntoskrnl/ex/init.c:672 (ExpInitializeExecutive))>
<ntoskrnl.exe:63d5 (./ntoskrnl/ke/main.c:106 (KiSystemStartup))>
<ntoskrnl.exe:cb851 (./ntoskrnl/ke/main.c:300 (_main))>
<ntoskrnl.exe:104b (ntoskrnl/ke/i386/main_asm.S:46 (NtProcessStartup))>
Entered debugger on embedded INT3 at 0x0008:0x800b00a6.
(lib/rtl/i386/exception.c:90) Invalid exception frame
This is caused by the self-modifying code:
+ /* Replace the ret by a nop */
+ *(PCHAR)RtlPrefetchMemoryNonTemporal = 0x90;
I guess we should have function where all self-modifying code is located
in that takes care of page protections before and after modifying the code.
- Thomas
I've just tried 19751 and its doing the same thing.
gcc version 3.4.2 (mingw-special)
GNU ld version 2.15.94 20050118
GNU assembler 2.15.94 20050118
Please advise,
James
(./ntoskrnl/ke/main.c:295) -----------------------------------------------------
----------
(./ntoskrnl/ke/main.c:296) ReactOS 0.3-SVN (Build 20051129-r19751)
Used memory 1015744Kb
(./ntoskrnl/mm/mminit.c:386) Kernel Stack Limits. InitTop = 0x80122000, Init = 0
x8011f000
(./ntoskrnl/mm/mm.c:283) No current process
(./ntoskrnl/io/driver.c:1294) Driver 'buslogic.sys' load failed, status (c000000
1)
(./ntoskrnl/ldr/loader.c:267) Could not open module file: \SystemRoot\system32\d
rivers\sndblst.sys (Status 0xc0000034)
(./ntoskrnl/ldr/loader.c:267) Could not open module file: \SystemRoot\system32\d
rivers\mpu401.sys (Status 0xc0000034)
(./ntoskrnl/io/disk.c:630) RDiskCount 1
Entered debugger on last-chance exception number 14 (Page Fault)
Memory at 0x800affe4 could not be written: Page protection violation.
kdb:> bt
Eip:
<ntoskrnl.exe:d7e9c (ntoskrnl/ke/i386/kernel.c:530 (Ki386SetProcessorFeatures))>
Frames:
<ntoskrnl.exe:ccdd3 (./ntoskrnl/ex/init.c:0 ())>
<ntoskrnl.exe:cd87e (./ntoskrnl/ex/init.c:672 (ExpInitializeExecutive))>
<ntoskrnl.exe:63d5 (./ntoskrnl/ke/main.c:106 (KiSystemStartup))>
<ntoskrnl.exe:cb851 (./ntoskrnl/ke/main.c:300 (_main))>
<ntoskrnl.exe:104b (ntoskrnl/ke/i386/main_asm.S:46 (NtProcessStartup))>
(lib/rtl/i386/exception.c:90) Invalid exception frame
Entered debugger on last-chance exception number 14 (Page Fault)
Memory at 0x000764e0 could not be read: Page not present.
KeBugCheckWithTf at ntoskrnl/ke/i386/exp.c:1242
A problem has been detected and ReactOS has been shut down to prevent damage to
your computer.
The problem seems to be caused by the following file: ntoskrnl.exe
Technical information:
*** STOP: 0x0000001E (0xc0000005,0x800c93cc,0x00000000,0x000764e0)
*** ntoskrnl.exe - Address 0x800c93cc base at 0x80000000, DateStamp 0x0
Page Fault Exception: 14(0)
Processor: 0 CS:EIP 8:800c93cc <ntoskrnl.exe:c93cc (lib/string/i386/memcpy_asm.s
:43 (memcpy))>
cr2 764e0 cr3 26000 Proc: 81004ba0 Pid: 4 <System> Thrd: 81005630 Tid: 0
DS 23 ES 23 FS 30 GS 0
EAX: 8011b1d4 EBX: 800aee70 ECX: 00000004
EDX: 8011b130 EBP: 8011b124 ESI: 000764e0 ESP: 8011b0a8
EDI: 8011b1d4 EFLAGS: 00210002 kESP 8011b0a8 kernel stack base 80118260
Frames:
<ntoskrnl.exe:a2f30 (ntoskrnl/kdbg/kdb.c:1557 (KdbpSafeReadMemory))>
<ntoskrnl.exe:a3e79 (ntoskrnl/kdbg/kdb_cli.c:570 (KdbpCmdBackTrace))>
<ntoskrnl.exe:a72f8 (ntoskrnl/kdbg/kdb_cli.c:2178 (KdbpDoCommand))>
<ntoskrnl.exe:a7432 (ntoskrnl/kdbg/kdb_cli.c:2237 (KdbpCliMainLoop))>
<ntoskrnl.exe:a2483 (ntoskrnl/kdbg/kdb.c:1119 (KdbpCallMainLoop))>
<ntoskrnl.exe:a0b4d (ntoskrnl/kdbg/i386/kdb_help.S:134 (KdbpStackSwitchAndCall))
6924
days inactive
6924
days old
2 comments
2 participants
participants (2)
-
James Tabor -
Thomas Weidenmueller