一个统计Sysenter指令的驱动，却会导致系统崩溃

NetCom

一个统计Sysenter指令的驱动，却会导致系统崩溃 [复制链接]

我写了一个驱动用来统计 sysenter 指令发生的次数在 Windows XP操作系统上.
但是如果我在我的所有CPU上运行时（双核系统)，系统会在几分钟后崩溃，崩溃点不同。如果我只在其中一个核上运行，不会有什么问题。
我不知道这是为什么。
x86 Platform, Duo Core T2300, windows xp sp2, WDK 6001.18001

我用PCMark05来做测试。请大牛们来帮我下

附加代码：

BOOLEAN StartRecording;
ULONG64 SyscallTimes;
ULONG32 pSyscallTimes;

ULONG32 OriginSysenterEIP[2];
ULONG32 OriginSysenterESP[2];
static ULONG lock;
static ULONG plock;

void __declspec(naked) CcFakeSysenterTrap()
{
   
    __asm{
    loop_down:
        lock    bts dword ptr [plock], 0
        jb    loop_down; Acquire A Spin Lock
    }

    __asm{

        push eax
        push ebx
        push ecx
        push edx
    }


    SyscallTimes++;


    __asm{
        pop edx
        pop ecx
        pop ebx
        pop eax
        lock    btr dword ptr [plock], 0; Release the Spin Lock

        jmp OriginSysenterEIP[0]
    }
}


void NTAPI CcSetupSysenterTrap(int cProcessorNumber)
{
    PVOID newSysenterESP;
    OriginSysenterEIP[cProcessorNumber] = MsrRead(MSR_IA32_SYSENTER_EIP);
    OriginSysenterESP[cProcessorNumber] = MsrRead(MSR_IA32_SYSENTER_ESP);
    DbgPrint(("In CcSetupSysenterTrap(): Core:%d, OriginSysenterEIP:%x\n",cProcessorNumber,OriginSysenterEIP[cProcessorNumber]));
    DbgPrint(("In CcSetupSysenterTrap(): Core:%d, OriginSysenterESP:%x\n",cProcessorNumber,OriginSysenterESP[cProcessorNumber]));
    newSysenterESP = ExAllocatePoolWithTag (NonPagedPool, 4 * PAGE_SIZE, 'ITL');
    MsrWrite(MSR_IA32_SYSENTER_EIP,&CcFakeSysenterTrap);
    MsrWrite(MSR_IA32_SYSENTER_ESP,newSysenterESP);
    DbgPrint(("In CcSetupSysenterTrap(): Core:%d, NewSysenterEntry:%x\n",cProcessorNumber,MsrRead(MSR_IA32_SYSENTER_EIP)));
   
    pSyscallTimes =&SyscallTimes;
    plock=&lock;
   
}
void NTAPI CcDestroySysenterTrap(int cProcessorNumber)
{
    MsrWrite(MSR_IA32_SYSENTER_EIP,OriginSysenterEIP[cProcessorNumber]);
    MsrWrite(MSR_IA32_SYSENTER_ESP,OriginSysenterESP[cProcessorNumber]);
}

NTSTATUS DriverUnload (
    PDRIVER_OBJECT DriverObject
)
{
    CCHAR cProcessorNumber;
    //cProcessorNumber = 0;
    for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++)
    {
        KeSetSystemAffinityThread ((KAFFINITY) (1 << cProcessorNumber));

        CcDestroySysenterTrap(cProcessorNumber);

    }

    DbgPrint("Sysenter %d times\n",SyscallTimes);
        return STATUS_SUCCESS;
}

NTSTATUS DriverEntry (
    PDRIVER_OBJECT DriverObject,
    PUNICODE_STRING RegistryPath
)
{
       NTSTATUS Status;
       CCHAR cProcessorNumber;
    //cProcessorNumber = 0;
        //__asm { int 3 }
    __asm{
        and    dword ptr [plock], 0
    }
    for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++)
    {
        KeSetSystemAffinityThread ((KAFFINITY) (1 << cProcessorNumber));

        CcSetupSysenterTrap(cProcessorNumber);

    }

    KeRevertToUserAffinityThread ();

          DriverObject->DriverUnload = DriverUnload;
        return STATUS_SUCCESS;
}