415 lines
13 KiB
C
415 lines
13 KiB
C
/*++
|
||
|
||
Copyright (c) 1989 Microsoft Corporation
|
||
|
||
Module Name:
|
||
|
||
excptdbg.c
|
||
|
||
Abstract:
|
||
|
||
This module implements an exception dispatcher logging facility.
|
||
|
||
Author:
|
||
|
||
Kent Forschmiedt (kentf) 05-Oct-1995
|
||
|
||
Revision History:
|
||
|
||
Jonathan Schwartz (jschwart) 16-Jun-2000
|
||
Added RtlUnhandledExceptionFilter
|
||
|
||
Jay Krell (a-JayK) November 2000
|
||
Added RtlUnhandledExceptionFilter2, takes __FUNCTION__ parameter
|
||
|
||
--*/
|
||
|
||
#include "ntrtlp.h"
|
||
|
||
PLAST_EXCEPTION_LOG RtlpExceptionLog;
|
||
ULONG RtlpExceptionLogCount;
|
||
ULONG RtlpExceptionLogSize;
|
||
|
||
|
||
VOID
|
||
RtlInitializeExceptionLog(
|
||
IN ULONG Entries
|
||
)
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine allocates space for the exception dispatcher logging
|
||
facility, and records the address and size of the log area in globals
|
||
where they can be found by the debugger.
|
||
|
||
If memory is not available, the table pointer will remain NULL
|
||
and the logging functions will do nothing.
|
||
|
||
Arguments:
|
||
|
||
Entries - Supplies the number of entries to allocate for
|
||
|
||
Return Value:
|
||
|
||
None
|
||
|
||
--*/
|
||
{
|
||
#if defined(NTOS_KERNEL_RUNTIME)
|
||
RtlpExceptionLog = (PLAST_EXCEPTION_LOG)ExAllocatePoolWithTag( NonPagedPool, sizeof(LAST_EXCEPTION_LOG) * Entries, 'gbdE' );
|
||
#else
|
||
//RtlpExceptionLog = (PLAST_EXCEPTION_LOG)RtlAllocateHeap( RtlProcessHeap(), 0, sizeof(LAST_EXCEPTION_LOG) * Entries );
|
||
#endif
|
||
if (RtlpExceptionLog) {
|
||
RtlpExceptionLogSize = Entries;
|
||
}
|
||
}
|
||
|
||
|
||
ULONG
|
||
RtlpLogExceptionHandler(
|
||
IN PEXCEPTION_RECORD ExceptionRecord,
|
||
IN PCONTEXT ContextRecord,
|
||
IN ULONG_PTR ControlPc,
|
||
IN PVOID HandlerData,
|
||
IN ULONG Size
|
||
)
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
Records the dispatching of exceptions to frame-based handlers.
|
||
The debugger may inspect the table later and interpret the data
|
||
to discover the address of the filters and handlers.
|
||
|
||
Arguments:
|
||
|
||
ExceptionRecord - Supplies an exception record
|
||
|
||
ContextRecord - Supplies the context at the exception
|
||
|
||
ControlPc - Supplies the PC where control left the frame being
|
||
dispatched to.
|
||
|
||
HandlerData - Supplies a pointer to the host-dependent exception
|
||
data. On the RISC machines this is a RUNTIME_FUNCTION record;
|
||
on x86 it is the registration record from the stack frame.
|
||
|
||
Size - Supplies the size of HandlerData
|
||
|
||
Returns:
|
||
|
||
The index to the log entry used, so that if the handler returns
|
||
a disposition it may be recorded.
|
||
|
||
--*/
|
||
{
|
||
#if !defined(NTOS_KERNEL_RUNTIME)
|
||
|
||
return 0;
|
||
|
||
#else
|
||
|
||
ULONG LogIndex;
|
||
|
||
if (!RtlpExceptionLog) {
|
||
return 0;
|
||
}
|
||
|
||
ASSERT(Size <= MAX_EXCEPTION_LOG_DATA_SIZE * sizeof(ULONG));
|
||
|
||
do {
|
||
LogIndex = RtlpExceptionLogCount;
|
||
} while (LogIndex != (ULONG)InterlockedCompareExchange(
|
||
(PLONG)&RtlpExceptionLogCount,
|
||
((LogIndex + 1) % MAX_EXCEPTION_LOG),
|
||
LogIndex));
|
||
|
||
//
|
||
// the debugger will have to interpret the exception handler
|
||
// data, because it cannot be done safely here.
|
||
//
|
||
|
||
RtlCopyMemory(RtlpExceptionLog[LogIndex].HandlerData,
|
||
HandlerData,
|
||
Size);
|
||
RtlpExceptionLog[LogIndex].ExceptionRecord = *ExceptionRecord;
|
||
RtlpExceptionLog[LogIndex].ContextRecord = *ContextRecord;
|
||
RtlpExceptionLog[LogIndex].Disposition = -1;
|
||
|
||
return LogIndex;
|
||
#endif // !NTOS_KERNEL_RUNTIME
|
||
}
|
||
|
||
|
||
VOID
|
||
RtlpLogLastExceptionDisposition(
|
||
ULONG LogIndex,
|
||
EXCEPTION_DISPOSITION Disposition
|
||
)
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
Records the disposition from an exception handler.
|
||
|
||
Arguments:
|
||
|
||
LogIndex - Supplies the entry number of the exception log record.
|
||
|
||
Disposition - Supplies the disposition code
|
||
|
||
Return Value:
|
||
|
||
None
|
||
|
||
--*/
|
||
|
||
{
|
||
// If MAX_EXCEPTION_LOG or more exceptions were dispatched while
|
||
// this one was being handled, this disposition will get written
|
||
// on the wrong record. Oh well.
|
||
if (RtlpExceptionLog) {
|
||
RtlpExceptionLog[LogIndex].Disposition = Disposition;
|
||
}
|
||
}
|
||
|
||
LONG
|
||
NTAPI
|
||
RtlUnhandledExceptionFilter(
|
||
IN struct _EXCEPTION_POINTERS *ExceptionInfo
|
||
)
|
||
{
|
||
return RtlUnhandledExceptionFilter2(ExceptionInfo, "");
|
||
}
|
||
|
||
LONG
|
||
NTAPI
|
||
RtlUnhandledExceptionFilter2(
|
||
IN struct _EXCEPTION_POINTERS *ExceptionInfo,
|
||
IN CONST CHAR* Function
|
||
)
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
Default exception handler that prints info and does a DbgBreak if
|
||
a debugger is attached to the machine.
|
||
|
||
Arguments:
|
||
|
||
ExceptionInfo - Structure containing the exception and context records
|
||
|
||
Function - the function containing the __except, such as returned by __FUNCTION__
|
||
|
||
Returns:
|
||
|
||
EXCEPTION_CONTINUE_EXECUTION or EXCEPTION_CONTINUE_SEARCH
|
||
|
||
--*/
|
||
|
||
{
|
||
LPCWSTR lpProcessName = NtCurrentPeb()->ProcessParameters->CommandLine.Buffer;
|
||
BOOLEAN DebuggerPresent = NtCurrentPeb()->BeingDebugged;
|
||
|
||
if (!DebuggerPresent)
|
||
{
|
||
SYSTEM_KERNEL_DEBUGGER_INFORMATION KdInfo = { 0 };
|
||
|
||
NtQuerySystemInformation(
|
||
SystemKernelDebuggerInformation,
|
||
&KdInfo,
|
||
sizeof(KdInfo),
|
||
NULL);
|
||
DebuggerPresent = KdInfo.KernelDebuggerEnabled;
|
||
}
|
||
|
||
if (DebuggerPresent)
|
||
{
|
||
switch ( ExceptionInfo->ExceptionRecord->ExceptionCode )
|
||
{
|
||
case STATUS_POSSIBLE_DEADLOCK:
|
||
{
|
||
PRTL_CRITICAL_SECTION CritSec;
|
||
PRTL_CRITICAL_SECTION_DEBUG CritSecDebug;
|
||
|
||
CritSec = (PRTL_CRITICAL_SECTION)
|
||
ExceptionInfo->ExceptionRecord->ExceptionInformation[ 0 ];
|
||
|
||
if ( CritSec )
|
||
{
|
||
try
|
||
{
|
||
CritSecDebug = CritSec->DebugInfo ;
|
||
|
||
if ( CritSecDebug->Type == RTL_RESOURCE_TYPE )
|
||
{
|
||
PRTL_RESOURCE Resource = (PRTL_RESOURCE) CritSec;
|
||
|
||
DbgPrint("\n\n *** Resource timeout (%p) in %ws:%s\n\n",
|
||
Resource, lpProcessName, Function );
|
||
|
||
if ( Resource->NumberOfActive < 0 )
|
||
{
|
||
DbgPrint("The resource is owned exclusively by thread %x\n",
|
||
Resource->ExclusiveOwnerThread);
|
||
}
|
||
else if ( Resource->NumberOfActive > 0 )
|
||
{
|
||
DbgPrint("The resource is owned shared by %d threads\n",
|
||
Resource->NumberOfActive);
|
||
}
|
||
else
|
||
{
|
||
DbgPrint("The resource is unowned. This usually implies a "
|
||
"slow-moving machine due to memory pressure\n\n");
|
||
}
|
||
}
|
||
else
|
||
{
|
||
DbgPrint("\n\n *** Critical Section Timeout (%p) in %ws:%s\n\n",
|
||
CritSec, lpProcessName, Function );
|
||
|
||
if (CritSec->OwningThread != 0)
|
||
{
|
||
DbgPrint("The critical section is owned by thread %x.\n",
|
||
CritSec->OwningThread );
|
||
DbgPrint("Go determine why that thread has not released "
|
||
"the critical section.\n\n" );
|
||
}
|
||
else
|
||
{
|
||
DbgPrint("The critical section is unowned. This "
|
||
"usually implies a slow-moving machine "
|
||
"due to memory pressure\n\n");
|
||
}
|
||
}
|
||
}
|
||
except( EXCEPTION_EXECUTE_HANDLER )
|
||
{
|
||
NOTHING ;
|
||
}
|
||
}
|
||
|
||
break;
|
||
}
|
||
|
||
case STATUS_IN_PAGE_ERROR:
|
||
|
||
DbgPrint("\n\n *** Inpage error in %ws:%s\n\n", lpProcessName, Function );
|
||
DbgPrint("The instruction at %p referenced memory at %p.\n",
|
||
ExceptionInfo->ExceptionRecord->ExceptionAddress,
|
||
ExceptionInfo->ExceptionRecord->ExceptionInformation[1]);
|
||
DbgPrint("This failed because of error %x.\n\n",
|
||
ExceptionInfo->ExceptionRecord->ExceptionInformation[2]);
|
||
|
||
|
||
switch (ExceptionInfo->ExceptionRecord->ExceptionInformation[2])
|
||
{
|
||
case STATUS_INSUFFICIENT_RESOURCES:
|
||
|
||
DbgPrint("This means the machine is out of memory. Use !vm "
|
||
"to see where all the memory is being used.\n\n");
|
||
|
||
break;
|
||
|
||
case STATUS_DEVICE_DATA_ERROR:
|
||
case STATUS_DISK_OPERATION_FAILED:
|
||
|
||
DbgPrint("This means the data could not be read, typically because "
|
||
"of a bad block on the disk. Check your hardware.\n\n");
|
||
|
||
|
||
break;
|
||
|
||
case STATUS_IO_DEVICE_ERROR:
|
||
|
||
DbgPrint("This means that the I/O device reported an I/O error. "
|
||
"Check your hardware.");
|
||
|
||
break;
|
||
}
|
||
|
||
break;
|
||
|
||
case STATUS_ACCESS_VIOLATION:
|
||
|
||
DbgPrint("\n\n *** An Access Violation occurred in %ws:%s\n\n", lpProcessName, Function );
|
||
DbgPrint("The instruction at %p tried to %s ",
|
||
ExceptionInfo->ExceptionRecord->ExceptionAddress,
|
||
ExceptionInfo->ExceptionRecord->ExceptionInformation[0] ?
|
||
"write to" : "read from" );
|
||
|
||
if ( ExceptionInfo->ExceptionRecord->ExceptionInformation[1] )
|
||
{
|
||
DbgPrint("an invalid address, %p\n\n",
|
||
ExceptionInfo->ExceptionRecord->ExceptionInformation[1] );
|
||
}
|
||
else
|
||
{
|
||
DbgPrint("a NULL pointer\n\n" );
|
||
}
|
||
|
||
break;
|
||
|
||
case STATUS_STACK_BUFFER_OVERRUN:
|
||
|
||
DbgPrint("\n\n *** A stack buffer overrun occurred in %ws:%s\n\n",
|
||
lpProcessName,
|
||
Function);
|
||
DbgPrint("This is usually the result of a memory copy to a local buffer "
|
||
"or structure where the size is not properly calculated/checked.\n");
|
||
DbgPrint("If this bug ends up in the shipping product, it could be a severe "
|
||
"security hole.\n");
|
||
DbgPrint("The stack trace should show the guilty function (the function "
|
||
"directly above __report_gsfailure).\n");
|
||
|
||
break;
|
||
|
||
default:
|
||
|
||
DbgPrint("\n\n *** Unhandled exception 0x%08lx, hit in %ws:%s\n\n", ExceptionInfo->ExceptionRecord->ExceptionCode, lpProcessName, Function);
|
||
}
|
||
|
||
DbgPrint(" *** enter .exr %p for the exception record\n",
|
||
ExceptionInfo->ExceptionRecord);
|
||
|
||
//
|
||
// STATUS_STACK_BUFFER_OVERRUN is a fake exception (since we
|
||
// can't trust exception handling once we detect a stack overrun)
|
||
// so the context record is empty.
|
||
//
|
||
|
||
if (ExceptionInfo->ExceptionRecord->ExceptionCode != STATUS_STACK_BUFFER_OVERRUN)
|
||
{
|
||
DbgPrint(" *** enter .cxr %p for the context\n",
|
||
ExceptionInfo->ContextRecord);
|
||
}
|
||
|
||
//
|
||
// .cxr <foo> now changes the debugger state so kb
|
||
// will do the trick (vs. !kb previously)
|
||
//
|
||
|
||
DbgPrint(" *** then kb to get the faulting stack\n\n");
|
||
|
||
DbgBreakPoint();
|
||
}
|
||
|
||
if (ExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_POSSIBLE_DEADLOCK)
|
||
{
|
||
if (DebuggerPresent)
|
||
{
|
||
DbgPrint(" *** Restarting wait on critsec or resource at %p (in %ws:%s)\n\n",
|
||
ExceptionInfo->ExceptionRecord->ExceptionInformation[0],
|
||
lpProcessName,
|
||
Function);
|
||
}
|
||
|
||
return EXCEPTION_CONTINUE_EXECUTION;
|
||
}
|
||
|
||
return EXCEPTION_CONTINUE_SEARCH;
|
||
}
|