Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hi all!
WinDbg (Version 10.0.22000.194 AMD64) displays in disassembly of the crash dump:
xxx!SaveCR0: fffff807`55f5d6d8 0f22c1 mov tmm,rcx fffff807`55f5d6db c3 ret fffff807`55f5d6dc 66666690 xchg ax,ax xxx!ReadCR2: fffff807`55f5d6e0 0f20d0 mov rax,tmm fffff807`55f5d6e3 c3 ret fffff807`55f5d6e4 66666690 xchg ax,ax xxx!SaveCR2: fffff807`55f5d6e8 0f22d1 mov tmm,rcx fffff807`55f5d6eb c3 ret
According to my knowledge, the "0F 22 C1" should be disassembled as "mov cr0, ecx"; "0F 20 D0" as "mov eax, cr2" and "0F 22 D1" as "mov cr2,ecx"
Is it bug in WinDbg or something else?
Thank you
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Kernel Debugging | 16-20 October 2023 | Live, Online |
Developing Minifilters | 13-17 November 2023 | Live, Online |
Internals & Software Drivers | 4-8 Dec 2023 | Live, Online |
Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Comments
That's an interesting bug. The TMM registers are part of the "Advanced Matrix Extensions", or "AMX". It is a two-dimensional block of registers that can be used for fast matrix multiplies. There's a CR0 bit involved, but your assessment is correct.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
Hi Tim,
You are correct. The AMX was the first thing that come to my mind. But AMX registers are numbered (tmm0 - tmm7). For this reason I started to disassemble opcodes manually and found that WinDbg apparently have bug in disassembling module. Since we all rely heavily on proper disassembling, it made sense to ask. Maybe someone else has encountered something like this.
Best regards,
Al