pgflt.c File Reference

#include "remods.h"
#include "precomp.h"

Include dependency graph for pgflt.c:

Go to the source code of this file.

Functions
void	NewInt31Handler (void)
ULONG	HandleInDebuggerFault (FRAME *ptr, ULONG address)
ULONG	HandlePageFault (FRAME *ptr)
	__asm__ ("\n\t \ NewIntEHandler:\n\t \ pushfl\n\t \ cli\n\t \ cld\n\t \ pushal\n\t \ pushl %ds\n\t \ \n\t \ // setup default data selectors\n\t \ movw %ss,%ax\n\t \ movw %ax,%ds\n\t \ \n\t \ /*\n\t \ * Load the PCR selector.\n\t \ */\n\t \ movl %fs, %eax\n\t \ movl %eax, _OLD_PCR\n\t \ movl _PCR_SEL, %eax\n\t \ movl %eax, %fs\n\t \ \n\t \ // get frame ptr\n\t \ lea 40(%esp),%eax\n\t \ pushl %eax\n\t \ call _HandlePageFault\n\t \ addl $4,%esp\n\t \ \n\t \ pushl %eax\n\t \ movl _OLD_PCR, %eax\n\t \ movl %eax, %fs\n\t \ popl %eax\n\t \ \n\t \ cmpl $0,%eax\n\t \ je call_old_inte_handler\n\t \ \n\t \ cmpl $2,%eax\n\t \ je call_handler_unknown_reason\n\t \ \n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \ // remove error code. will be restored later when we call\n\t \ // original handler again.\n\t \ addl $4,%esp\n\t \ // call debugger loop\n\t \ pushl $" STR(REASON_PAGEFAULT) "\n\t \ jmp NewInt31Handler\n\t \ \n\t \ call_old_inte_handler:\n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \ // chain to old handler\n\t \ .byte 0x2e\n\t \ jmp *_OldIntEHandler\n\t \ \n\t \ call_handler_unknown_reason:\n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \ // remove error code. will be restored later when we call\n\t \ // original handler again.\n\t \ addl $4,%esp\n\t \ // call debugger loop\n\t \ pushl $" STR(REASON_INTERNAL_ERROR) "\n\t \ jmp NewInt31Handler\n\t \ ")
void	InstallIntEHook (void)
void	DeInstallIntEHook (void)

Variables
char	tempPageFault [1024]
ULONG	OldIntEHandler =0
ULONG	error_code
BOOLEAN	bInPageFaultHandler = FALSE
static ULONG	PCR_SEL = PCR_SELECTOR
static ULONG	OLD_PCR

Function Documentation

__asm__()

__asm__	(	"\n\t \NewIntEHandler:\n\t \ pushfl\n\t \ cli\n\t \ cld\n\t \ pushal\n\t \ pushl %ds\n\t \\n\t \ // setup default data selectors\n\t \ movw %	ss,
		%ax\n\t \ movw %	ax,
		%ds\n\t \\n\t \/*\n\t \ *Load the PCR selector.\n\t \ */\n\t \ movl %	fs,
		%eax\n\t \ movl %	eax,
		_OLD_PCR\n\t \ movl	_PCR_SEL,
		%eax\n\t \ movl %	eax,
		%fs\n\t \\n\t \//get frame ptr\n\t \ lea	40%esp,
		%eax\n\t \ pushl %eax\n\t \ call _HandlePageFault\n\t \ addl	$4,
		%esp\n\t \\n\t \ pushl %eax\n\t \ movl	_OLD_PCR,
		%eax\n\t \ movl %	eax,
		%fs\n\t \ popl %eax\n\t \\n\t \ cmpl	$0,
		%eax\n\t \ je call_old_inte_handler\n\t \\n\t \ cmpl	$2,
		%eax\n\t \ je call_handler_unknown_reason\n\t \\n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \//remove error code. will be restored later when we call\n\t \//original handler again.\n\t \ addl	$4,
		%esp\n\t \//call debugger loop\n\t \ pushl $" STR(REASON_PAGEFAULT) "\n\t \ jmp NewInt31Handler\n\t \\n\t \call_old_inte_handler:\n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \//chain to old handler\n\t \ .byte 0x2e\n\t \ jmp *_OldIntEHandler\n\t \\n\t \call_handler_unknown_reason:\n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \//remove error code. will be restored later when we call\n\t \//original handler again.\n\t \ addl	$4,
		%esp\n\t \//call debugger loop\n\t \ pushl $" STR(REASON_INTERNAL_ERROR) "\n\t \ jmp NewInt31Handler\n\t \ "
	)

Referenced by HandleInDebuggerFault(), HandlePageFault(), and InstallIntEHook().

DeInstallIntEHook()

void DeInstallIntEHook

(

void

)

Definition at line 389 of file pgflt.c.

{
    ENTER_FUNC();

    MaskIrqs();
    if(OldIntEHandler)
    {
        SetGlobalInt(0x0E,(ULONG)OldIntEHandler);
        OldIntEHandler=0;
    }
    UnmaskIrqs();

    LEAVE_FUNC();
}

Referenced by CleanUpPICE().

HandleInDebuggerFault()

ULONG HandleInDebuggerFault	(	FRAME *	ptr,
		ULONG	address
	)

Definition at line 60 of file pgflt.c.

{
    PEPROCESS tsk;

    ENTER_FUNC();

    DPRINT((0,"HandleInDebuggerFault(): ###### page fault @ %.8X while inside debugger, eip: %x\n",address, ptr->eip));

    // fault in this page fault handler
    if(bInPageFaultHandler)
    {
        DPRINT((0,"HandleInDebuggerFault(): ###### page fault @ %.8X while in page fault handler\n",address));

        DPRINT((0,"!!! machine is halted !!!\n"));
        __asm__ __volatile__ ("hlt");

        LEAVE_FUNC();
        return 0;
    }

    bInPageFaultHandler = TRUE;

    // when we come here from DebuggerShell() we live on a different stack
    // so the current task is different as well
    tsk = IoGetCurrentProcess();

    DPRINT((0,"%.8X (%.4X:%.8X %.8X %s %s %s task=%.8X )\n",
        address,
        ptr->cs,
        ptr->eip,
        ptr->eflags,
        (ptr->error_code&1)?"PLP":"NP",
        (ptr->error_code&2)?"WRITE":"READ",
        (ptr->error_code&4)?"USER-MODE":"KERNEL-MODE",
        (ULONG)tsk));

    if(!bInPrintk)
    {
        DPRINT((0,"HandleInDebuggerFault(): unexpected pagefault in command handler!\n",address));
    }
    else
    {
        DPRINT((0,"HandleInDebuggerFault(): unexpected pagefault in command handler while in PrintkCallback()!\n",address));
    }

    if(tsk)
    {
        PULONG pPGD;
        PULONG pPTE;

        pPGD = ADDR_TO_PDE(address);

        DPRINT((0,"PGD for %.8X @ %.8X = %.8X\n",address,(ULONG)pPGD,(ULONG)(*pPGD) ));

        if(pPGD && (*pPGD)&_PAGE_PRESENT)
        {
            // not large page
            if(!((*pPGD)&_PAGE_4M))
            {
                pPTE = ADDR_TO_PTE(address);
                if(pPTE)
                {
                    DPRINT((0,"PTE for %.8X @ %.8X = %.8X\n",address,(ULONG)pPTE,(ULONG)(*pPTE) ));
                }
            }
        }
    }

    IntelStackWalk(ptr->eip,CurrentEBP,ulRealStackPtr);

    DPRINT((0,"!!! machine is halted !!!\n"));
    __asm__ __volatile__ ("hlt");

    LEAVE_FUNC();

    return 2;
}

Referenced by HandlePageFault().

HandlePageFault()

ULONG HandlePageFault

(

FRAME *

ptr

)

Definition at line 146 of file pgflt.c.

{
    PVOID address;
    PEPROCESS tsk, tsk1;
    PMADDRESS_SPACE vma;
    PLIST_ENTRY current_entry;
    MEMORY_AREA* current;
    ULONG value;
    PKTHREAD CurrentThread;
    PETHREAD CurrentEThread;

    // get linear address of page fault
    __asm__ __volatile__("movl %%cr2,%0"
                          :"=r" (address));

    DPRINT((0,"\nPageFault: bInDebShell: %d, error: %d, addr: %x\n", bInDebuggerShell, ptr->error_code, address));

    // there's something terribly wrong if we get a fault in our command handler
    if(bInDebuggerShell)
    {
        DPRINT((0,"return handleindebuggerfault\n"));
        return HandleInDebuggerFault(ptr,(ULONG)address);
    }

    ASSERT(IsAddressValid((ULONG)ptr));
    // remember error code so we can push it back on the stack
    error_code = ptr->error_code;

    //ei Check IRQL here!!!
/*
    if(in_interrupt())
    {
        Print(OUTPUT_WINDOW,"pICE: system is currently processing an interrupt!\n");
        return 1;
    }
*/
    // current process
    tsk = IoGetCurrentProcess();
    DPRINT((0,"tsk: %x\t", tsk));
    if( !tsk || !(IsAddressValid((ULONG)tsk))){
        DPRINT((0,"tsk address not valid: tsk: %x\n", tsk));
        return 0;
    }

    // lookup VMA for this address
    if( (ULONG)address > KERNEL_BASE )
      vma = my_init_mm;                // use kernel mem area for kernel addresses
    else vma = &(tsk->AddressSpace);   // otherwise, use user memory area

    if( !vma ){
        DPRINT((0,"vma not valid: vma: %x\n", vma));
        return 0;
    }

    current_entry = vma->MAreaListHead.Flink;
    ASSERT(current_entry);
    DPRINT((0,"vma: %x, current_entry: %x, kernel arena: %x\n", vma, current_entry, my_init_mm));
    while(current_entry != &vma->MAreaListHead)
    {
        ASSERT(current_entry);
        ASSERT(IsAddressValid((ULONG)current_entry));
        current = CONTAINING_RECORD(current_entry,
                        MEMORY_AREA,
                        Entry);


        if( (address >= current->BaseAddress) && (address <= current->BaseAddress + current->Length ))
        {
            DPRINT((0,"address: %x    %x - %x Attrib: %x, Type: %x\n", address, current->BaseAddress, current->BaseAddress + current->Length, current->Attributes, current->Type));
            //page not present
            if( !(error_code & 1) ){
                //check it is in pageable area
                if( current->Type == MEMORY_AREA_SECTION_VIEW ||
                    current->Type == MEMORY_AREA_VIRTUAL_MEMORY ||
                    current->Type == MEMORY_AREA_PAGED_POOL ||
                    current->Type == MEMORY_AREA_SHARED_DATA
                        ){
                    //ei too much output Print(OUTPUT_WINDOW,"pICE: VMA Pageable Section.\n");
                    //ei DPRINT((0,"return 0 1\n"));
                    return 0; //let the system handle this
                }
                Print(OUTPUT_WINDOW,"pICE: VMA Page not present in non-pageable Section!\n");
                //ei DPRINT((0,"Type: currenttype: %x return 1 2\n", current->Type));
                return 0;
            }
            else{ //access violation

                if( error_code & 4 )
                {   //user mode
                    if( (ULONG)address >= KERNEL_BASE )
                    {
                        Print(OUTPUT_WINDOW,"pICE: User mode program trying to access kernel memory!\n");
                        //DPRINT((0,"return 0 3\n"));
                        return 1;
                    }
                    //DPRINT((0,"return 0 4\n"));
                    return 0;
                }
                /*
                if(error_code & 2)
                {
                    //on write
                    if(!(current->Attributes & PAGE_READONLY))
                    {
                        Print(OUTPUT_WINDOW,"pICE: virtual memory arena is not writeable!\n");
                        return 1;
                    }
                }
                // READ ACCESS
                else
                {
                    // test EXT bit in error code
                    if (error_code & 1)
                    {
                        Print(OUTPUT_WINDOW,"pICE: page-level protection fault!\n");
                        return 1;
                    }
                    //
                */
                    /*
                    if (!(current->Attributes & PAGE_EXECUTE_READ))
                    {
                        Print(OUTPUT_WINDOW,"pICE: VMA is not readable!\n");
                        return 1;
                    }
                    */

                // let the system handle it
                //DPRINT((0,"return 0 5\n"));
                return 0;
            }
        }
        current_entry = current_entry->Flink;
    }

    Print(OUTPUT_WINDOW,"pICE: no virtual memory arena at this address!\n");
    DPRINT((0,"return 0 6\n"));
    return 1;

    // let the system handle it
//    return 0;
}

InstallIntEHook()

void InstallIntEHook

(

void

)

Definition at line 365 of file pgflt.c.

{
    ULONG LocalIntEHandler;

    ENTER_FUNC();

    MaskIrqs();
    if(!OldIntEHandler)
    {
        __asm__ __volatile__("mov $NewIntEHandler,%0"
            :"=r" (LocalIntEHandler)
            :
            :"eax");
        OldIntEHandler=SetGlobalInt(0x0E,(ULONG)LocalIntEHandler);
    }
    UnmaskIrqs();
    DPRINT((0,"OldIntE @ %x\n", OldIntEHandler));
    LEAVE_FUNC();
}

Referenced by InitPICE().

NewInt31Handler()

void NewInt31Handler

(

void

)

Variable Documentation

bInPageFaultHandler

BOOLEAN bInPageFaultHandler = FALSE

Definition at line 48 of file pgflt.c.

Referenced by HandleInDebuggerFault().

error_code

ULONG error_code

Definition at line 47 of file pgflt.c.

Referenced by HandlePageFault().

OLD_PCR

ULONG OLD_PCR

static

Definition at line 50 of file pgflt.c.

OldIntEHandler

ULONG OldIntEHandler =0

Definition at line 46 of file pgflt.c.

Referenced by DeInstallIntEHook(), and InstallIntEHook().

PCR_SEL

ULONG PCR_SEL = PCR_SELECTOR

static

Definition at line 49 of file pgflt.c.

tempPageFault

char tempPageFault[1024]

Definition at line 43 of file pgflt.c.