社区导航

 

搜索
查看: 1528|回复: 0

一个统计Sysenter指令的驱动,却会导致系统崩溃

[复制链接]

111

TA的帖子

0

TA的资源

一粒金砂(初级)

Rank: 1

发表于 2009-3-27 22:35 | 显示全部楼层 |阅读模式
我写了一个驱动用来统计 sysenter 指令发生的次数在 Windows XP操作系统上.
但是如果我在我的所有CPU上运行时(双核系统),系统会在几分钟后崩溃,崩溃点不同。如果我只在其中一个核上运行,不会有什么问题。
我不知道这是为什么。
x86 Platform, Duo Core T2300, windows xp sp2, WDK 6001.18001

我用PCMark05来做测试。请大牛们来帮我下

附加代码:

BOOLEAN StartRecording;
ULONG64 SyscallTimes;
ULONG32 pSyscallTimes;

ULONG32 OriginSysenterEIP[2];
ULONG32 OriginSysenterESP[2];
static ULONG lock;
static ULONG plock;

void __declspec(naked) CcFakeSysenterTrap()
{
   
    __asm{
    loop_down:
        lock    bts dword ptr [plock], 0
        jb    loop_down; Acquire A Spin Lock
    }

    __asm{

        push eax
        push ebx
        push ecx
        push edx
    }


    SyscallTimes++;


    __asm{
        pop edx
        pop ecx
        pop ebx
        pop eax
        lock    btr dword ptr [plock], 0; Release the Spin Lock

        jmp OriginSysenterEIP[0]
    }
}


void NTAPI CcSetupSysenterTrap(int cProcessorNumber)
{
    PVOID newSysenterESP;
    OriginSysenterEIP[cProcessorNumber] = MsrRead(MSR_IA32_SYSENTER_EIP);
    OriginSysenterESP[cProcessorNumber] = MsrRead(MSR_IA32_SYSENTER_ESP);
    DbgPrint(("In CcSetupSysenterTrap(): Core:%d, OriginSysenterEIP:%x\n",cProcessorNumber,OriginSysenterEIP[cProcessorNumber]));
    DbgPrint(("In CcSetupSysenterTrap(): Core:%d, OriginSysenterESP:%x\n",cProcessorNumber,OriginSysenterESP[cProcessorNumber]));
    newSysenterESP = ExAllocatePoolWithTag (NonPagedPool, 4 * PAGE_SIZE, 'ITL');
    MsrWrite(MSR_IA32_SYSENTER_EIP,&CcFakeSysenterTrap);
    MsrWrite(MSR_IA32_SYSENTER_ESP,newSysenterESP);
    DbgPrint(("In CcSetupSysenterTrap(): Core:%d, NewSysenterEntry:%x\n",cProcessorNumber,MsrRead(MSR_IA32_SYSENTER_EIP)));
   
    pSyscallTimes =&SyscallTimes;
    plock=&lock;
   
}
void NTAPI CcDestroySysenterTrap(int cProcessorNumber)
{
    MsrWrite(MSR_IA32_SYSENTER_EIP,OriginSysenterEIP[cProcessorNumber]);
    MsrWrite(MSR_IA32_SYSENTER_ESP,OriginSysenterESP[cProcessorNumber]);
}

NTSTATUS DriverUnload (
    PDRIVER_OBJECT DriverObject
)
{
    CCHAR cProcessorNumber;
    //cProcessorNumber = 0;
    for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++)
    {
        KeSetSystemAffinityThread ((KAFFINITY) (1 << cProcessorNumber));

        CcDestroySysenterTrap(cProcessorNumber);

    }

    DbgPrint("Sysenter %d times\n",SyscallTimes);
        return STATUS_SUCCESS;
}

NTSTATUS DriverEntry (
    PDRIVER_OBJECT DriverObject,
    PUNICODE_STRING RegistryPath
)
{
       NTSTATUS Status;
       CCHAR cProcessorNumber;
    //cProcessorNumber = 0;
        //__asm { int 3 }
    __asm{
        and    dword ptr [plock], 0
    }
    for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++)
    {
        KeSetSystemAffinityThread ((KAFFINITY) (1 << cProcessorNumber));

        CcSetupSysenterTrap(cProcessorNumber);

    }

    KeRevertToUserAffinityThread ();

          DriverObject->DriverUnload = DriverUnload;
        return STATUS_SUCCESS;
}


您需要登录后才可以回帖 登录 | 注册

关闭

站长推荐上一条 /5 下一条

  • 论坛活动 E手掌握

    扫码关注
    EEWORLD 官方微信

  • EE福利  唾手可得

    扫码关注
    EE福利 唾手可得

Archiver|手机版|小黑屋|电子工程世界 ( 京ICP证 060456 )

GMT+8, 2020-2-19 15:42 , Processed in 0.088457 second(s), 17 queries , Gzip On, MemCache On.

快速回复 返回顶部 返回列表