[ros-dev] [ros-diffs] [tfaber] 64665: [NTOS:KE] - Implement KiRaiseSecurityCheckFailure[Handler] to handle int 0x29 (__fastfail). Based on patch by Timo Kreuzer. (Yes, this is a Windows 8 feature. However all it does is...

Alex Ionescu ionucu at videotron.ca
Sun Oct 12 04:19:55 UTC 2014 

Your "joke" is why the new behavior, on Windows 8, is optional, and not
forced upon applications.

So you killed your own 'joke' -- because it does break applications.

Best regards,
Alex Ionescu

On Sat, Oct 11, 2014 at 4:59 PM, Timo Kreuzer <timo.kreuzer at web.de> wrote:

>
> This is not what Windows 2003 Server SP1 CHK does. Can you prove that this
> change in low level behavior does not break applications that rely on this?
> Our kernel is based on Windows 2003 SP1 and nothing else. If we start to
> introduce Windows 8 features, we are doomed!
>
> * Just kidding *
>
>
> Am 11.10.2014 18:46, schrieb Alex Ionescu:
>
> Now improve the LIST_ENTRY Macros to use it :)
>
> Best regards,
> Alex Ionescu
>
> On Sat, Oct 11, 2014 at 6:15 AM, <tfaber at svn.reactos.org> wrote:
>
>> Author: tfaber
>> Date: Sat Oct 11 13:15:10 2014
>> New Revision: 64665
>>
>> URL: http://svn.reactos.org/svn/reactos?rev=64665&view=rev
>> Log:
>> [NTOS:KE]
>> - Implement KiRaiseSecurityCheckFailure[Handler] to handle int 0x29
>> (__fastfail). Based on patch by Timo Kreuzer.
>> (Yes, this is a Windows 8 feature. However all it does is improve the
>> debugging experience, and we have a need for that)
>> CORE-8419
>>
>> Modified:
>>     trunk/reactos/include/reactos/mc/bugcodes.mc
>>     trunk/reactos/ntoskrnl/ke/i386/trap.s
>>     trunk/reactos/ntoskrnl/ke/i386/traphdlr.c
>>
>> Modified: trunk/reactos/include/reactos/mc/bugcodes.mc
>> URL:
>> http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/mc/bugcodes.mc?rev=64665&r1=64664&r2=64665&view=diff
>>
>> ==============================================================================
>> --- trunk/reactos/include/reactos/mc/bugcodes.mc        [iso-8859-1]
>> (original)
>> +++ trunk/reactos/include/reactos/mc/bugcodes.mc        [iso-8859-1] Sat
>> Oct 11 13:15:10 2014
>> @@ -1128,7 +1128,7 @@
>>  Run a system diagnostic utility supplied by your hardware manufacturer.
>>  In particular, run a memory check, and check for faulty or mismatched
>>  memory. Try changing video adapters.
>> -
>> +
>>  Disable or remove any newly installed hardware and drivers. Disable or
>>  remove any newly installed software. If you need to use Safe Mode to
>>  remove or disable components, restart your computer, press F8 to select
>> @@ -1322,7 +1322,7 @@
>>  SymbolicName=DRIVER_CORRUPTED_EXPOOL
>>  Language=English
>>  A device driver has pool.
>> -
>> +
>>  Check to make sure any new hardware or software is properly installed.
>>  If this is a new installation, ask your hardware or software manufacturer
>>  for any ReactOS updates you might need.
>> @@ -1478,7 +1478,7 @@
>>  must not contain such items.  Usually this is memory being freed.  This
>>  is usually caused by a device driver that has not cleaned up properly
>>  before freeing memory.
>> -
>> +
>>  If Parameter1 == 1, an attempt was made to queue an executive worker item
>>  with a usermode execution routine.
>>  .
>> @@ -1570,3 +1570,11 @@
>>  Language=English
>>  An attempt was made to execute to non-executable memory.
>>  .
>> +
>> +MessageId=0x139
>> +Severity=Success
>> +Facility=System
>> +SymbolicName=KERNEL_SECURITY_CHECK_FAILURE
>> +Language=English
>> +A critical kernel security check failed.
>> +.
>>
>> Modified: trunk/reactos/ntoskrnl/ke/i386/trap.s
>> URL:
>> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/trap.s?rev=64665&r1=64664&r2=64665&view=diff
>>
>> ==============================================================================
>> --- trunk/reactos/ntoskrnl/ke/i386/trap.s       [iso-8859-1] (original)
>> +++ trunk/reactos/ntoskrnl/ke/i386/trap.s       [iso-8859-1] Sat Oct 11
>> 13:15:10 2014
>> @@ -59,9 +59,11 @@
>>  idt _KiTrap11,         INT_32_DPL0  /* INT 11: Align Check Exception
>> (#AC)  */
>>  idt _KiTrap0F,         INT_32_DPL0  /* INT 12: Machine Check Exception
>> (#MC)*/
>>  idt _KiTrap0F,         INT_32_DPL0  /* INT 13: SIMD FPU Exception (#XF)
>>    */
>> -REPEAT 22
>> -idt _KiTrap0F,         INT_32_DPL0  /* INT 14-29: UNDEFINED INTERRUPTS
>>     */
>> +REPEAT 21
>> +idt _KiTrap0F,         INT_32_DPL0  /* INT 14-28: UNDEFINED INTERRUPTS
>>     */
>>  ENDR
>> +idt _KiRaiseSecurityCheckFailure, INT_32_DPL3
>> +                                    /* INT 29: Handler for __fastfail
>>    */
>>  idt _KiGetTickCount,   INT_32_DPL3  /* INT 2A: Get Tick Count Handler
>>    */
>>  idt _KiCallbackReturn, INT_32_DPL3  /* INT 2B: User-Mode Callback
>> Return    */
>>  idt _KiRaiseAssertion, INT_32_DPL3  /* INT 2C: Debug Assertion Handler
>>     */
>> @@ -113,6 +115,7 @@
>>  TRAP_ENTRY KiTrap10, KI_PUSH_FAKE_ERROR_CODE
>>  TRAP_ENTRY KiTrap11, KI_PUSH_FAKE_ERROR_CODE
>>  TRAP_ENTRY KiTrap13, KI_PUSH_FAKE_ERROR_CODE
>> +TRAP_ENTRY KiRaiseSecurityCheckFailure, KI_PUSH_FAKE_ERROR_CODE
>>  TRAP_ENTRY KiGetTickCount, KI_PUSH_FAKE_ERROR_CODE
>>  TRAP_ENTRY KiCallbackReturn, KI_PUSH_FAKE_ERROR_CODE
>>  TRAP_ENTRY KiRaiseAssertion, KI_PUSH_FAKE_ERROR_CODE
>>
>> Modified: trunk/reactos/ntoskrnl/ke/i386/traphdlr.c
>> URL:
>> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/traphdlr.c?rev=64665&r1=64664&r2=64665&view=diff
>>
>> ==============================================================================
>> --- trunk/reactos/ntoskrnl/ke/i386/traphdlr.c   [iso-8859-1] (original)
>> +++ trunk/reactos/ntoskrnl/ke/i386/traphdlr.c   [iso-8859-1] Sat Oct 11
>> 13:15:10 2014
>> @@ -1462,6 +1462,46 @@
>>
>>  VOID
>>  FASTCALL
>> +KiRaiseSecurityCheckFailureHandler(IN PKTRAP_FRAME TrapFrame)
>> +{
>> +    /* Save trap frame */
>> +    KiEnterTrap(TrapFrame);
>> +
>> +    /* Decrement EIP to point to the INT29 instruction (2 bytes, not 1
>> like INT3) */
>> +    TrapFrame->Eip -= 2;
>> +
>> +    /* Check if this is a user trap */
>> +    if (KiUserTrap(TrapFrame))
>> +    {
>> +        /* Dispatch exception to user mode */
>> +        KiDispatchException1Args(STATUS_STACK_BUFFER_OVERRUN,
>> +                                 TrapFrame->Eip,
>> +                                 TrapFrame->Ecx,
>> +                                 TrapFrame);
>> +    }
>> +    else
>> +    {
>> +        EXCEPTION_RECORD ExceptionRecord;
>> +
>> +        /* Bugcheck the system */
>> +        ExceptionRecord.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN;
>> +        ExceptionRecord.ExceptionFlags = EXCEPTION_NONCONTINUABLE;
>> +        ExceptionRecord.ExceptionRecord = NULL;
>> +        ExceptionRecord.ExceptionAddress = (PVOID)TrapFrame->Eip;
>> +        ExceptionRecord.NumberParameters = 1;
>> +        ExceptionRecord.ExceptionInformation[0] = TrapFrame->Ecx;
>> +
>> +        KeBugCheckWithTf(KERNEL_SECURITY_CHECK_FAILURE,
>> +                         TrapFrame->Ecx,
>> +                         (ULONG_PTR)TrapFrame,
>> +                         (ULONG_PTR)&ExceptionRecord,
>> +                         0,
>> +                         TrapFrame);
>> +    }
>> +}
>> +
>> +VOID
>> +FASTCALL
>>  KiGetTickCountHandler(IN PKTRAP_FRAME TrapFrame)
>>  {
>>      UNIMPLEMENTED_DBGBREAK();
>>
>>
>>
>
>
> _______________________________________________
> Ros-dev mailing listRos-dev at reactos.orghttp://www.reactos.org/mailman/listinfo/ros-dev
>
>
>
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.reactos.org/pipermail/ros-dev/attachments/20141011/f7b1ab9e/attachment-0001.html>

More information about the Ros-dev mailing list