search

can1357 / ByePg

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
804 stars 182 forks source link

ExceptionHandler.h: HandleBugCheck fails to handle bugcheck, successfully shows blue screen with bug check 0x7F #9

Closed nicholaskunes closed 4 years ago

nicholaskunes commented 4 years ago

Version 10.0.18362 Build 18362

DismantleOS!ExceptionHandler::HandleBugCheck+240 [C:\Users\kunes\Desktop\ByePG-InfHook\ByePgLib\ExceptionHandler.h @ 102] fffff805`525d16f4 cc int 3

FAULTING_SOURCE_LINE: C:\Users\kunes\Desktop\ByePG-InfHook\ByePgLib\ExceptionHandler.h

FAULTING_SOURCE_FILE: C:\Users\kunes\Desktop\ByePG-InfHook\ByePgLib\ExceptionHandler.h

FAULTING_SOURCE_LINE_NUMBER: 102

FAULTING_SOURCE_CODE:
98: // Failed to handle, try to show blue screen 99: HlCallback = nullptr; 100: ProcessorIpiFrozen() = 0; 101: *KiFreezeExecutionLock = false; 102: return KeBugCheckEx( BugCheckCode, BugCheckArgs[ 0 ], BugCheckArgs[ 1 ], BugCheckArgs[ 2 ], BugCheckArgs[ 3 ] ); <-- FAILS HERE 103: } 104: 105: static void OnFreezeNotification() 106: { 107: FnExceptionCallback Cb = HlCallback;

nicholaskunes commented 4 years ago

Bugcheck 0x7F Arguments:

Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: ffff9981fb4630b0 Arg3: ffff9981fb1ebca0 Arg4: fffff8053e8a81f3

nicholaskunes commented 4 years ago

I am going to update to 1903 to see if this solves the bug.

Update: It does not.

can1357 commented 4 years ago

Are you handling EXCEPTION_DOUBLE_FAULT in your exception handler?

nicholaskunes commented 4 years ago

I don't have time to check at the moment but will update tomorrow. As far as I know, this is the base (unedited) master branch of your repository ExceptionHookingDemo.sys, so your answer should be there. It Bugchecks immediately.

can1357 commented 4 years ago

If you are testing ExceptionHookingDemo as is, __debugcheck should not be causing a EXCEPTION_DOUBLE_FAULT.

Would be nice if you could check where it fails or send a minidump.