Menu
We have ported our driver successfully to 64 bit systems a while ago.
But one thing is missing, which is not very important but it was a very handy debugging feature.
The callbacks registered with KeRegisterBugCheckReasonCallback is never called. The function returns a TRUE for success, but my callback is never called. I also tried different values for the parameter reason with no success. A try with the older KeRegisterBugCheckCallback also failed.
What I am doing wrong?
Did I missed something in the documentation?
735
Many drivers supply bug check callback routines. When Windows issues a bug check, it calls these routines before shutting down the system. These routines can specify and write to areas of memory known as callback data and secondary callback data. Data written by this routine becomes part of callback data.
But one thing is missing, which is not very important but it was a very handy debugging feature. The callbacks registered with KeRegisterBugCheckReasonCallback is never called. The function returns a TRUE for success, but my callback is never called.
If the callback routine causes a second bug check, this new bug check will be processed first. However, Windows will not repeat certain parts of the Stop process—for example, it will not write a second crash dump file. The Stop code displayed on the blue screen will be the second bug check code.
A kernel-mode driver can implement a KBUGCHECK_REASON_CALLBACK_ROUTINE callback function of type KbCallbackDumpIo to perform work each time data is written to the crash dump file. The system passes, in the ReasonSpecificData parameter, a pointer to a KBUGCHECK_DUMP_IO structure.
I found the problem.
Windows only calls the callbacks if corresponding KBUGCHECK_CALLBACK_RECORD is aligned to an 8 byte address.
For some reason mine where aligned to 4 byte addresses.
It is a bummer that KeRegisterBugCheckReasonCallback does not check this.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
