Re: [ros-dev] [ros-diffs] [tfaber] 64665: [NTOS:KE] - Implement KiRaiseSecurityCheckFailure[Handler] to handle int 0x29 (__fastfail). Based on patch by Timo Kreuzer. (Yes, this is a Windows 8 feature. However all it does is...
Now improve the LIST_ENTRY Macros to use it :)
Best regards, Alex Ionescu
On Sat, Oct 11, 2014 at 6:15 AM, tfaber@svn.reactos.org wrote:
Author: tfaber Date: Sat Oct 11 13:15:10 2014 New Revision: 64665
URL: http://svn.reactos.org/svn/reactos?rev=64665&view=rev Log: [NTOS:KE]
- Implement KiRaiseSecurityCheckFailure[Handler] to handle int 0x29
(__fastfail). Based on patch by Timo Kreuzer. (Yes, this is a Windows 8 feature. However all it does is improve the debugging experience, and we have a need for that) CORE-8419
Modified: trunk/reactos/include/reactos/mc/bugcodes.mc trunk/reactos/ntoskrnl/ke/i386/trap.s trunk/reactos/ntoskrnl/ke/i386/traphdlr.c
Modified: trunk/reactos/include/reactos/mc/bugcodes.mc URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/mc/bugcodes...
============================================================================== --- trunk/reactos/include/reactos/mc/bugcodes.mc [iso-8859-1] (original) +++ trunk/reactos/include/reactos/mc/bugcodes.mc [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -1128,7 +1128,7 @@ Run a system diagnostic utility supplied by your hardware manufacturer. In particular, run a memory check, and check for faulty or mismatched memory. Try changing video adapters.
Disable or remove any newly installed hardware and drivers. Disable or remove any newly installed software. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select @@ -1322,7 +1322,7 @@ SymbolicName=DRIVER_CORRUPTED_EXPOOL Language=English A device driver has pool.
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any ReactOS updates you might need. @@ -1478,7 +1478,7 @@ must not contain such items. Usually this is memory being freed. This is usually caused by a device driver that has not cleaned up properly before freeing memory.
If Parameter1 == 1, an attempt was made to queue an executive worker item with a usermode execution routine. . @@ -1570,3 +1570,11 @@ Language=English An attempt was made to execute to non-executable memory. .
+MessageId=0x139 +Severity=Success +Facility=System +SymbolicName=KERNEL_SECURITY_CHECK_FAILURE +Language=English +A critical kernel security check failed. +.
Modified: trunk/reactos/ntoskrnl/ke/i386/trap.s URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/trap.s?rev...
============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/trap.s [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/trap.s [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -59,9 +59,11 @@ idt _KiTrap11, INT_32_DPL0 /* INT 11: Align Check Exception (#AC) */ idt _KiTrap0F, INT_32_DPL0 /* INT 12: Machine Check Exception (#MC)*/ idt _KiTrap0F, INT_32_DPL0 /* INT 13: SIMD FPU Exception (#XF) */ -REPEAT 22 -idt _KiTrap0F, INT_32_DPL0 /* INT 14-29: UNDEFINED INTERRUPTS */ +REPEAT 21 +idt _KiTrap0F, INT_32_DPL0 /* INT 14-28: UNDEFINED INTERRUPTS */ ENDR +idt _KiRaiseSecurityCheckFailure, INT_32_DPL3
/* INT 29: Handler for __fastfailidt _KiGetTickCount, INT_32_DPL3 /* INT 2A: Get Tick Count Handler */ idt _KiCallbackReturn, INT_32_DPL3 /* INT 2B: User-Mode Callback Return */ idt _KiRaiseAssertion, INT_32_DPL3 /* INT 2C: Debug Assertion Handler */ @@ -113,6 +115,7 @@ TRAP_ENTRY KiTrap10, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiTrap11, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiTrap13, KI_PUSH_FAKE_ERROR_CODE +TRAP_ENTRY KiRaiseSecurityCheckFailure, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiGetTickCount, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiCallbackReturn, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiRaiseAssertion, KI_PUSH_FAKE_ERROR_CODE
Modified: trunk/reactos/ntoskrnl/ke/i386/traphdlr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/traphdlr.c...
============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -1462,6 +1462,46 @@
VOID FASTCALL +KiRaiseSecurityCheckFailureHandler(IN PKTRAP_FRAME TrapFrame) +{
- /* Save trap frame */
- KiEnterTrap(TrapFrame);
- /* Decrement EIP to point to the INT29 instruction (2 bytes, not 1
like INT3) */
- TrapFrame->Eip -= 2;
- /* Check if this is a user trap */
- if (KiUserTrap(TrapFrame))
- {
/* Dispatch exception to user mode */KiDispatchException1Args(STATUS_STACK_BUFFER_OVERRUN,TrapFrame->Eip,TrapFrame->Ecx,TrapFrame);- }
- else
- {
EXCEPTION_RECORD ExceptionRecord;/* Bugcheck the system */ExceptionRecord.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN;ExceptionRecord.ExceptionFlags = EXCEPTION_NONCONTINUABLE;ExceptionRecord.ExceptionRecord = NULL;ExceptionRecord.ExceptionAddress = (PVOID)TrapFrame->Eip;ExceptionRecord.NumberParameters = 1;ExceptionRecord.ExceptionInformation[0] = TrapFrame->Ecx;KeBugCheckWithTf(KERNEL_SECURITY_CHECK_FAILURE,TrapFrame->Ecx,(ULONG_PTR)TrapFrame,(ULONG_PTR)&ExceptionRecord,0,TrapFrame);- }
+}
+VOID +FASTCALL KiGetTickCountHandler(IN PKTRAP_FRAME TrapFrame) { UNIMPLEMENTED_DBGBREAK();
This is not what Windows 2003 Server SP1 CHK does. Can you prove that this change in low level behavior does not break applications that rely on this? Our kernel is based on Windows 2003 SP1 and nothing else. If we start to introduce Windows 8 features, we are doomed!
* Just kidding *
Am 11.10.2014 18:46, schrieb Alex Ionescu:
Now improve the LIST_ENTRY Macros to use it :)
Best regards, Alex Ionescu
On Sat, Oct 11, 2014 at 6:15 AM, <tfaber@svn.reactos.org mailto:tfaber@svn.reactos.org> wrote:
Author: tfaber Date: Sat Oct 11 13:15:10 2014 New Revision: 64665 URL: http://svn.reactos.org/svn/reactos?rev=64665&view=rev Log: [NTOS:KE] - Implement KiRaiseSecurityCheckFailure[Handler] to handle int 0x29 (__fastfail). Based on patch by Timo Kreuzer. (Yes, this is a Windows 8 feature. However all it does is improve the debugging experience, and we have a need for that) CORE-8419 Modified: trunk/reactos/include/reactos/mc/bugcodes.mc <http://bugcodes.mc> trunk/reactos/ntoskrnl/ke/i386/trap.s trunk/reactos/ntoskrnl/ke/i386/traphdlr.c Modified: trunk/reactos/include/reactos/mc/bugcodes.mc <http://bugcodes.mc> URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/mc/bugcodes.mc?rev=64665&r1=64664&r2=64665&view=diff ============================================================================== --- trunk/reactos/include/reactos/mc/bugcodes.mc <http://bugcodes.mc> [iso-8859-1] (original) +++ trunk/reactos/include/reactos/mc/bugcodes.mc <http://bugcodes.mc> [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -1128,7 +1128,7 @@ Run a system diagnostic utility supplied by your hardware manufacturer. In particular, run a memory check, and check for faulty or mismatched memory. Try changing video adapters. - + Disable or remove any newly installed hardware and drivers. Disable or remove any newly installed software. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select @@ -1322,7 +1322,7 @@ SymbolicName=DRIVER_CORRUPTED_EXPOOL Language=English A device driver has pool. - + Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any ReactOS updates you might need. @@ -1478,7 +1478,7 @@ must not contain such items. Usually this is memory being freed. This is usually caused by a device driver that has not cleaned up properly before freeing memory. - + If Parameter1 == 1, an attempt was made to queue an executive worker item with a usermode execution routine. . @@ -1570,3 +1570,11 @@ Language=English An attempt was made to execute to non-executable memory. . + +MessageId=0x139 +Severity=Success +Facility=System +SymbolicName=KERNEL_SECURITY_CHECK_FAILURE +Language=English +A critical kernel security check failed. +. Modified: trunk/reactos/ntoskrnl/ke/i386/trap.s URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/trap.s?rev=64665&r1=64664&r2=64665&view=diff ============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/trap.s [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/trap.s [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -59,9 +59,11 @@ idt _KiTrap11, INT_32_DPL0 /* INT 11: Align Check Exception (#AC) */ idt _KiTrap0F, INT_32_DPL0 /* INT 12: Machine Check Exception (#MC)*/ idt _KiTrap0F, INT_32_DPL0 /* INT 13: SIMD FPU Exception (#XF) */ -REPEAT 22 -idt _KiTrap0F, INT_32_DPL0 /* INT 14-29: UNDEFINED INTERRUPTS */ +REPEAT 21 +idt _KiTrap0F, INT_32_DPL0 /* INT 14-28: UNDEFINED INTERRUPTS */ ENDR +idt _KiRaiseSecurityCheckFailure, INT_32_DPL3 + /* INT 29: Handler for __fastfail */ idt _KiGetTickCount, INT_32_DPL3 /* INT 2A: Get Tick Count Handler */ idt _KiCallbackReturn, INT_32_DPL3 /* INT 2B: User-Mode Callback Return */ idt _KiRaiseAssertion, INT_32_DPL3 /* INT 2C: Debug Assertion Handler */ @@ -113,6 +115,7 @@ TRAP_ENTRY KiTrap10, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiTrap11, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiTrap13, KI_PUSH_FAKE_ERROR_CODE +TRAP_ENTRY KiRaiseSecurityCheckFailure, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiGetTickCount, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiCallbackReturn, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiRaiseAssertion, KI_PUSH_FAKE_ERROR_CODE Modified: trunk/reactos/ntoskrnl/ke/i386/traphdlr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/traphdlr.c?rev=64665&r1=64664&r2=64665&view=diff ============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -1462,6 +1462,46 @@ VOID FASTCALL +KiRaiseSecurityCheckFailureHandler(IN PKTRAP_FRAME TrapFrame) +{ + /* Save trap frame */ + KiEnterTrap(TrapFrame); + + /* Decrement EIP to point to the INT29 instruction (2 bytes, not 1 like INT3) */ + TrapFrame->Eip -= 2; + + /* Check if this is a user trap */ + if (KiUserTrap(TrapFrame)) + { + /* Dispatch exception to user mode */ + KiDispatchException1Args(STATUS_STACK_BUFFER_OVERRUN, + TrapFrame->Eip, + TrapFrame->Ecx, + TrapFrame); + } + else + { + EXCEPTION_RECORD ExceptionRecord; + + /* Bugcheck the system */ + ExceptionRecord.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN; + ExceptionRecord.ExceptionFlags = EXCEPTION_NONCONTINUABLE; + ExceptionRecord.ExceptionRecord = NULL; + ExceptionRecord.ExceptionAddress = (PVOID)TrapFrame->Eip; + ExceptionRecord.NumberParameters = 1; + ExceptionRecord.ExceptionInformation[0] = TrapFrame->Ecx; + + KeBugCheckWithTf(KERNEL_SECURITY_CHECK_FAILURE, + TrapFrame->Ecx, + (ULONG_PTR)TrapFrame, + (ULONG_PTR)&ExceptionRecord, + 0, + TrapFrame); + } +} + +VOID +FASTCALL KiGetTickCountHandler(IN PKTRAP_FRAME TrapFrame) { UNIMPLEMENTED_DBGBREAK();
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Your "joke" is why the new behavior, on Windows 8, is optional, and not forced upon applications.
So you killed your own 'joke' -- because it does break applications.
Best regards, Alex Ionescu
On Sat, Oct 11, 2014 at 4:59 PM, Timo Kreuzer timo.kreuzer@web.de wrote:
This is not what Windows 2003 Server SP1 CHK does. Can you prove that this change in low level behavior does not break applications that rely on this? Our kernel is based on Windows 2003 SP1 and nothing else. If we start to introduce Windows 8 features, we are doomed!
- Just kidding *
Am 11.10.2014 18:46, schrieb Alex Ionescu:
Now improve the LIST_ENTRY Macros to use it :)
Best regards, Alex Ionescu
On Sat, Oct 11, 2014 at 6:15 AM, tfaber@svn.reactos.org wrote:
Author: tfaber Date: Sat Oct 11 13:15:10 2014 New Revision: 64665
URL: http://svn.reactos.org/svn/reactos?rev=64665&view=rev Log: [NTOS:KE]
- Implement KiRaiseSecurityCheckFailure[Handler] to handle int 0x29
(__fastfail). Based on patch by Timo Kreuzer. (Yes, this is a Windows 8 feature. However all it does is improve the debugging experience, and we have a need for that) CORE-8419
Modified: trunk/reactos/include/reactos/mc/bugcodes.mc trunk/reactos/ntoskrnl/ke/i386/trap.s trunk/reactos/ntoskrnl/ke/i386/traphdlr.c
Modified: trunk/reactos/include/reactos/mc/bugcodes.mc URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/mc/bugcodes...
============================================================================== --- trunk/reactos/include/reactos/mc/bugcodes.mc [iso-8859-1] (original) +++ trunk/reactos/include/reactos/mc/bugcodes.mc [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -1128,7 +1128,7 @@ Run a system diagnostic utility supplied by your hardware manufacturer. In particular, run a memory check, and check for faulty or mismatched memory. Try changing video adapters.
Disable or remove any newly installed hardware and drivers. Disable or remove any newly installed software. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select @@ -1322,7 +1322,7 @@ SymbolicName=DRIVER_CORRUPTED_EXPOOL Language=English A device driver has pool.
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any ReactOS updates you might need. @@ -1478,7 +1478,7 @@ must not contain such items. Usually this is memory being freed. This is usually caused by a device driver that has not cleaned up properly before freeing memory.
If Parameter1 == 1, an attempt was made to queue an executive worker item with a usermode execution routine. . @@ -1570,3 +1570,11 @@ Language=English An attempt was made to execute to non-executable memory. .
+MessageId=0x139 +Severity=Success +Facility=System +SymbolicName=KERNEL_SECURITY_CHECK_FAILURE +Language=English +A critical kernel security check failed. +.
Modified: trunk/reactos/ntoskrnl/ke/i386/trap.s URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/trap.s?rev...
============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/trap.s [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/trap.s [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -59,9 +59,11 @@ idt _KiTrap11, INT_32_DPL0 /* INT 11: Align Check Exception (#AC) */ idt _KiTrap0F, INT_32_DPL0 /* INT 12: Machine Check Exception (#MC)*/ idt _KiTrap0F, INT_32_DPL0 /* INT 13: SIMD FPU Exception (#XF) */ -REPEAT 22 -idt _KiTrap0F, INT_32_DPL0 /* INT 14-29: UNDEFINED INTERRUPTS */ +REPEAT 21 +idt _KiTrap0F, INT_32_DPL0 /* INT 14-28: UNDEFINED INTERRUPTS */ ENDR +idt _KiRaiseSecurityCheckFailure, INT_32_DPL3
/* INT 29: Handler for __fastfailidt _KiGetTickCount, INT_32_DPL3 /* INT 2A: Get Tick Count Handler */ idt _KiCallbackReturn, INT_32_DPL3 /* INT 2B: User-Mode Callback Return */ idt _KiRaiseAssertion, INT_32_DPL3 /* INT 2C: Debug Assertion Handler */ @@ -113,6 +115,7 @@ TRAP_ENTRY KiTrap10, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiTrap11, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiTrap13, KI_PUSH_FAKE_ERROR_CODE +TRAP_ENTRY KiRaiseSecurityCheckFailure, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiGetTickCount, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiCallbackReturn, KI_PUSH_FAKE_ERROR_CODE TRAP_ENTRY KiRaiseAssertion, KI_PUSH_FAKE_ERROR_CODE
Modified: trunk/reactos/ntoskrnl/ke/i386/traphdlr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/traphdlr.c...
============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] Sat Oct 11 13:15:10 2014 @@ -1462,6 +1462,46 @@
VOID FASTCALL +KiRaiseSecurityCheckFailureHandler(IN PKTRAP_FRAME TrapFrame) +{
- /* Save trap frame */
- KiEnterTrap(TrapFrame);
- /* Decrement EIP to point to the INT29 instruction (2 bytes, not 1
like INT3) */
- TrapFrame->Eip -= 2;
- /* Check if this is a user trap */
- if (KiUserTrap(TrapFrame))
- {
/* Dispatch exception to user mode */KiDispatchException1Args(STATUS_STACK_BUFFER_OVERRUN,TrapFrame->Eip,TrapFrame->Ecx,TrapFrame);- }
- else
- {
EXCEPTION_RECORD ExceptionRecord;/* Bugcheck the system */ExceptionRecord.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN;ExceptionRecord.ExceptionFlags = EXCEPTION_NONCONTINUABLE;ExceptionRecord.ExceptionRecord = NULL;ExceptionRecord.ExceptionAddress = (PVOID)TrapFrame->Eip;ExceptionRecord.NumberParameters = 1;ExceptionRecord.ExceptionInformation[0] = TrapFrame->Ecx;KeBugCheckWithTf(KERNEL_SECURITY_CHECK_FAILURE,TrapFrame->Ecx,(ULONG_PTR)TrapFrame,(ULONG_PTR)&ExceptionRecord,0,TrapFrame);- }
+}
+VOID +FASTCALL KiGetTickCountHandler(IN PKTRAP_FRAME TrapFrame) { UNIMPLEMENTED_DBGBREAK();
Ros-dev mailing listRos-dev@reactos.orghttp://www.reactos.org/mailman/listinfo/ros-dev
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
-
Alex Ionescu -
Timo Kreuzer