KeRegisterBugCheck

Hi, folks.

KeRegisterBugCheck() registers a callback routine, which
could use READ/WRITE_PORT functions to obtain
device status, and perform device clean-up operations
(by calling the READ/WRITE_REGISTER functions)
just before the system crashes with an unexpected Bug
Check.

However, the callback routine has limited functionality
(you cannot touch paged memory or do anything that
requires changing the IRQL; you cannot acquire Spin
Locks or synchronize with Adapter or Controller
Objects, etc.).

My question is fairly simple:
-Is it possible to use ZwWriteFile() to dump information
into a log file (kind of telling what went wrong with the
device)? I know it looks apelative and straightforward,
but it doesn’t seem very wise to me, as there are a lot of
nuisances to consider - namely:

a) The file system may be trashed and the o.s. does not
give you any guarantees of actually saving data to a
consistent file;
b) There’s no guarantee that the callback routine will be
ever called (it depends on what the device does to
the system; it could mess things so much, the system
becomes far to instable to do anything properly);
c) I’m not sure if it is *wise* to use ZwWriteFile() from
the callback routine…

Is there a better approach? What should I use to create
this log/dump file?..

Thank you all in advance,

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

> My question is fairly simple:

-Is it possible to use ZwWriteFile() to dump information
into a log file (kind of telling what went wrong with the

No.
You can rely on the kernel’s memory dump facitily though.

Max

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Why dont u try with ROM Bios File operation functions ? This will be
available after Dead of OS also.

Regards,
Satish K.S

----- Original Message -----
From: “Miguel Monteiro”
To: “NT Developers Interest List”
Sent: Friday, March 30, 2001 5:28 PM
Subject: [ntdev] KeRegisterBugCheck

> Hi, folks.
>
> KeRegisterBugCheck() registers a callback routine, which
> could use READ/WRITE_PORT functions to obtain
> device status, and perform device clean-up operations
> (by calling the READ/WRITE_REGISTER functions)
> just before the system crashes with an unexpected Bug
> Check.
>
> However, the callback routine has limited functionality
> (you cannot touch paged memory or do anything that
> requires changing the IRQL; you cannot acquire Spin
> Locks or synchronize with Adapter or Controller
> Objects, etc.).
>
> My question is fairly simple:
> -Is it possible to use ZwWriteFile() to dump information
> into a log file (kind of telling what went wrong with the
> device)? I know it looks apelative and straightforward,
> but it doesn’t seem very wise to me, as there are a lot of
> nuisances to consider - namely:
>
> a) The file system may be trashed and the o.s. does not
> give you any guarantees of actually saving data to a
> consistent file;
> b) There’s no guarantee that the callback routine will be
> ever called (it depends on what the device does to
> the system; it could mess things so much, the system
> becomes far to instable to do anything properly);
> c) I’m not sure if it is wise to use ZwWriteFile() from
> the callback routine…
>
> Is there a better approach? What should I use to create
> this log/dump file?..
>
> Thank you all in advance,
>
> Miguel Monteiro
> xxxxx@criticalsoftware.com
> www.criticalsoftware.com
> ------------------------------------------------------------
> «Humour and love are God’s answers
> to Human weaknesses»
> ------------------------------------------------------------
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@aalayance.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

On Friday, March 30, 2001 12:58 PM I wrote:

My question is fairly simple:
-Is it possible to use ZwWriteFile() to dump information
into a log file (kind of telling what went wrong with the

On Friday, March 30, 2001 2:47 PM “Maxim S. Shatskih” replied:

No.
You can rely on the kernel’s memory dump facitily though.

Max

Sure, I could rely on having the system creating the
small/kernel/complete
memory dump (.dmp) file. But what if I need to log some extra,
“user-defined” information (say, something quite simple like a
descriptive text or some binary information adapted to my “diagnostic”
needs)? Is there a non-“twelve human years of labor”* way to achieve
this?.. I would mostly appreciate your opinion about this subject.

*Quoting a famous developer’s expression on this list… :)))

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

The system passes to the callback a buffer you can write data to. You can
then access the data via windbg, or maybe open the file and search for it.

rob

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Miguel Monteiro
Sent: Friday, March 30, 2001 9:30 AM
To: NT Developers Interest List
Subject: [ntdev] Re: KeRegisterBugCheck

On Friday, March 30, 2001 12:58 PM I wrote:

> My question is fairly simple:
> -Is it possible to use ZwWriteFile() to dump information
> into a log file (kind of telling what went wrong with the

On Friday, March 30, 2001 2:47 PM “Maxim S. Shatskih” replied:

>No.
>You can rely on the kernel’s memory dump facitily though.
>
> Max

Sure, I could rely on having the system creating the
small/kernel/complete
memory dump (.dmp) file. But what if I need to log some extra,
“user-defined” information (say, something quite simple like a
descriptive text or some binary information adapted to my “diagnostic”
needs)? Is there a non-“twelve human years of labor”* way to achieve
this?.. I would mostly appreciate your opinion about this subject.

*Quoting a famous developer’s expression on this list… :)))

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»

---

You are currently subscribed to ntdev as: xxxxx@cdp.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

> Why dont u try with ROM Bios File operation functions ? This will be

available after Dead of OS also.

There is NO BIOS functions for working with files. Only with low-level
sectors - and only for IDE drives (SCSI drive is supported by BIOS only if
it is bootable one).

Also - I have great doubts NT performs return to real mode at bugcheck, so,
it is not guaranteed that BIOS functions will be available at this moment.

Max

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hello Miguel,
No. ZwWriteFile requires IRQL = PASSIVE_LEVEL and this is not always
the case when you bug check. Also the IRP rolled by ZwWriteFile is
likely to be handled down the stack by using synchronization objects,
spinlocks etc, paged memory, and all kinds of other normal system
behaviour.

The normal approach would be to put all information you need into
memory and use windbg to read a crash dump afterwards.

regards,
Anders Fogh

Friday, March 30, 2001, 3:58:49 AM, you wrote:

MM> Hi, folks.

MM> KeRegisterBugCheck() registers a callback routine, which
MM> could use READ/WRITE_PORT functions to obtain
MM> device status, and perform device clean-up operations
MM> (by calling the READ/WRITE_REGISTER functions)
MM> just before the system crashes with an unexpected Bug
MM> Check.

MM> However, the callback routine has limited functionality
MM> (you cannot touch paged memory or do anything that
MM> requires changing the IRQL; you cannot acquire Spin
MM> Locks or synchronize with Adapter or Controller
MM> Objects, etc.).

MM> My question is fairly simple:
MM> -Is it possible to use ZwWriteFile() to dump information
MM> into a log file (kind of telling what went wrong with the
MM> device)? I know it looks apelative and straightforward,
MM> but it doesn’t seem very wise to me, as there are a lot of
MM> nuisances to consider - namely:

MM> a) The file system may be trashed and the o.s. does not
MM> give you any guarantees of actually saving data to a
MM> consistent file;
MM> b) There’s no guarantee that the callback routine will be
MM> ever called (it depends on what the device does to
MM> the system; it could mess things so much, the system
MM> becomes far to instable to do anything properly);
MM> c) I’m not sure if it is *wise* to use ZwWriteFile() from
MM> the callback routine…

MM> Is there a better approach? What should I use to create
MM> this log/dump file?..

MM> Thank you all in advance,

MM> Miguel Monteiro
MM> xxxxx@criticalsoftware.com
MM> www.criticalsoftware.com
MM> ------------------------------------------------------------
MM> «Humour and love are God’s answers
MM> to Human weaknesses»
MM> ------------------------------------------------------------

MM> —
MM> You are currently subscribed to ntdev as: xxxxx@flaffer.com
MM> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

–
Best regards,
Anders mailto:xxxxx@flaffer.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

>Is there a non-"twelve human years

of labor"* way to achieve this?

1. allocate a buffer large enough to contain your information
2. initialize bugcheck callback
3. when crashed fill the buffer with unique string like
   “your_company_name_bugcheck_buffer”, then append all other data.
4. develop a simple utility, that will find your unique string in a file
   (in your case it’s the crash dump), then extract the usefull
   information.

Regards,
Max

From: Miguel Monteiro[SMTP:xxxxx@criticalsoftware.com]
Reply To: NT Developers Interest List
Sent: 30 ÍÁÒÔÁ 2001 Ç. 18:29
To: NT Developers Interest List
Subject: [ntdev] Re: KeRegisterBugCheck

On Friday, March 30, 2001 12:58 PM I wrote:

My question is fairly simple:
-Is it possible to use ZwWriteFile() to dump information
into a log file (kind of telling what went wrong with the

On Friday, March 30, 2001 2:47 PM “Maxim S. Shatskih” replied:

No.
You can rely on the kernel’s memory dump facitily though.

Max

Sure, I could rely on having the system creating the
small/kernel/complete
memory dump (.dmp) file. But what if I need to log some extra,
“user-defined” information (say, something quite simple like a
descriptive text or some binary information adapted to my “diagnostic”
needs)? Is there a non-“twelve human years of labor”* way to achieve
this?.. I would mostly appreciate your opinion about this subject.

*Quoting a famous developer’s expression on this list… :)))

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»

You are currently subscribed to ntdev as: xxxxx@telecom.sins.ru
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com