tag:blogger.com,1999:blog-8643966532123751496.post4503530888560826945..comments2022-11-30T11:41:51.074+01:00Comments on I work without regaining consciousness: How to get x64 dynamic function table critical section?Unknownnoreply@blogger.comBlogger11125tag:blogger.com,1999:blog-8643966532123751496.post-85779205524108182072012-10-31T19:28:56.073+01:002012-10-31T19:28:56.073+01:00This comment has been removed by the author.cadudehttps://www.blogger.com/profile/05384729591444689363noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-23597996648052382972012-10-31T09:43:42.930+01:002012-10-31T09:43:42.930+01:00This comment has been removed by the author.cadudehttps://www.blogger.com/profile/05384729591444689363noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-41256636377464125402012-10-28T11:35:39.497+01:002012-10-28T11:35:39.497+01:00I mean that new RIP/RSP values point to the valid ...I mean that new RIP/RSP values point to the valid memory. RSP is aligned in the right way and in valid range.Anonymoushttps://www.blogger.com/profile/08559056369876557207noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-15097562977981258002012-10-28T08:20:47.694+01:002012-10-28T08:20:47.694+01:00This comment has been removed by the author.cadudehttps://www.blogger.com/profile/05384729591444689363noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-44782405754283312192012-10-26T17:16:44.378+02:002012-10-26T17:16:44.378+02:00I don't use the loader critical section. I use...I don't use the loader critical section. I use the dynamic function table critical section.Anonymoushttps://www.blogger.com/profile/08559056369876557207noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-890683372071320002012-10-26T17:11:38.958+02:002012-10-26T17:11:38.958+02:00regarding checking critical secion
i found this, ...regarding checking critical secion<br /><br />i found this, is this doable, what are you using ?<br /><br />http://www.tech-archive.net/Archive/Development/microsoft.public.win32.programmer.kernel/2009-11/msg00020.htmlcadudehttps://www.blogger.com/profile/05384729591444689363noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-57678135621167572772012-10-26T09:36:20.683+02:002012-10-26T09:36:20.683+02:00Remove RtlZeroMemory() and NvContext. You should u...Remove <i>RtlZeroMemory()</i> and <i>NvContext</i>. You should use context in <i>RtlVirtualUnwind()</i>. Please add strong RSP and RIP check after unwinding.<br /><br />You should stop walking after <i>DoStackSnapshot()</i> call anyway.<br /><br />P.S. You need to fix CLR before or use CLR v2.0 x64 for debug.Anonymoushttps://www.blogger.com/profile/08559056369876557207noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-15708873545595998612012-10-26T09:19:31.770+02:002012-10-26T09:19:31.770+02:00This is the known issue of CLR v4.0 x64. It calls ...This is the known issue of CLR v4.0 x64. It calls <i>clr!EEGetThreadContext()</i> with <i>CONTEXT_EXCEPTION_REQUEST</i> by itself and checks that there the <i>CONTEXT_SERVICE_ACTIVE</i> or/and <i>CONTEXT_EXCEPTION_ACTIVE</i> in ContextFlags of <i>CONTEXT</i>.<br /><br />There is the only one way to fix it: the patch.Anonymoushttps://www.blogger.com/profile/08559056369876557207noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-33709105504966057872012-10-26T02:28:46.781+02:002012-10-26T02:28:46.781+02:00This comment has been removed by the author.cadudehttps://www.blogger.com/profile/05384729591444689363noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-1520663720010330212012-10-25T23:19:27.866+02:002012-10-25T23:19:27.866+02:00I tried to use StackWalk64(), but I really had som...I tried to use <i>StackWalk64()</i>, but I really had some trouble with it. It worked strange when I don't have PDB.<br /><br />Base is <a href="http://blogs.msdn.com/b/davbr/archive/2005/10/06/profiler-stack-walking-basics-and-beyond.aspx" rel="nofollow">here</a>, but I have some improvements:<br />0. suspend thread<br />1. check dynamic function table critical section to ability to enter<br />2. get <i>CONTEXT</i> for suspended thread<br />3. call <i>GetFunctionFromIP()</i>, goto #7 if it's success and returns non-zero FunctionID<br />4. call <i>RtlLookupFunctionEntry()</i><br />5. call <i>RtlVirtualUnwind()</i> if #4 returns non NULL or pop RIP from stack if NULL<br />6. check and update RSP + RIP in <i>CONTEXT</i>, goto #3<br />7. call <i>DoStackSnapshot()</i><br /><br />There are some critical bugs in CLR v2.0 x64 and CLR v4.0 x64 described <a href="http://workblog.pilin.name/2012/04/stack-walker-clr-x64.html" rel="nofollow">here</a>. However, the article in Russian now. I'm going to translate it when I will have time for it. Now, you can use Google Translate...Anonymoushttps://www.blogger.com/profile/08559056369876557207noreply@blogger.comtag:blogger.com,1999:blog-8643966532123751496.post-76697127787643898902012-10-25T18:42:13.312+02:002012-10-25T18:42:13.312+02:00This comment has been removed by the author.cadudehttps://www.blogger.com/profile/05384729591444689363noreply@blogger.com