search

sysrom / Kernel-DWM-Overlay

KernelMode DWM(GDI) Overlay
10 stars 7 forks source link

ExtTextOutW triggers blue screen #1

Open romanholidaypancakes opened 1 month ago

romanholidaypancakes commented 1 month ago 
0: kd> K
 # Child-SP          RetAddr               Call Site
00 ffff8e05`cdebb388 fffff806`66d40572     nt!DbgBreakPointWithStatus
01 ffff8e05`cdebb390 fffff806`66d3fcf7     nt!KiBugCheckDebugBreak+0x12
02 ffff8e05`cdebb3f0 fffff806`66c60147     nt!KeBugCheck2+0x957
03 ffff8e05`cdebbb10 fffff806`66c71869     nt!KeBugCheckEx+0x107
04 ffff8e05`cdebbb50 fffff806`66c71c10     nt!KiBugCheckDispatch+0x69
05 ffff8e05`cdebbc90 fffff806`66c70008     nt!KiFastFailDispatch+0xd0
06 ffff8e05`cdebbe70 ffff8f8f`09e69e5f     nt!KiRaiseSecurityCheckFailure+0x308
07 ffff8e05`cdebc000 ffff8f8f`09a53207     win32kbase!RGNMEMOBJ::vPushThreadGuardedObject+0xabb0f
08 ffff8e05`cdebc030 ffff8f8f`09a559b3     win32kfull!vSpUpdateDirtyRgn+0x97
09 ffff8e05`cdebc140 ffff8f8f`09a581a5     win32kfull!GreUpdateSpriteInternal+0x3b3
0a ffff8e05`cdebc390 ffff8f8f`09a51c0f     win32kfull!GreUpdateSpriteDevLockEnd+0x1b5
0b ffff8e05`cdebc680 ffff8f8f`09a4b240     win32kfull!DEVLOCKOBJ::vDestructor+0x2cf
0c ffff8e05`cdebc6f0 ffff8f8f`09a4aace     win32kfull!GreExtTextOutWInternal+0x104
0d ffff8e05`cdebc7e0 fffff806`4daf212e     win32kfull!NtGdiExtTextOutW+0x2fe
0e ffff8e05`cdebc9d0 fffff806`4daf1742     KernelOverlay!NtGdiExtTextOutW+0x9e [ Kernel-DWM-Overlay-master\KernelDWMOverlay\Import.h @ 255] 
0f ffff8e05`cdebca50 fffff806`4daf148e     KernelOverlay!Overlay::ExtTextOutW+0x222 [ Kernel-DWM-Overlay-master\KernelDWMOverlay\Overlay.h @ 276] 
10 ffff8e05`cdebcb00 fffff806`4daf1fcc     KernelOverlay!Overlay::DrawText+0x8e [ Kernel-DWM-Overlay-master\KernelDWMOverlay\Overlay.h @ 347] 
11 ffff8e05`cdebcb80 fffff806`66bd06c5     KernelOverlay!MainThread+0xec [ Kernel-DWM-Overlay-master\KernelDWMOverlay\Main.cpp @ 18] 
12 ffff8e05`cdebcc10 fffff806`66c6749c     nt!PspSystemThreadStartup+0x55
13 ffff8e05`cdebcc60 00000000`00000000     nt!KiStartSystemThread+0x1c

I also saw that the code would modify the eprocess and ethread related fields, which seems to cause the pg blue screen. Do you have any good suggestions?

sysrom commented 1 month ago

have no idea, Only BSOD On DrawText? whats ur OS version, I only tested it on win10 22H2 19045

romanholidaypancakes commented 1 month ago

have no idea, Only BSOD On DrawText? whats ur OS version, I only tested it on win10 22H2 19045

Version: 10.0.17763, only uses DrawText blue screen, and the test found that it seems to be able to be screenshotted