64bit sys BSOD check plz.

c++ / delphi package - dll injection and api hooking
iconic
Site Admin
Posts: 974
Joined: Wed Jun 08, 2005 5:08 am

Re: 64bit sys BSOD check plz.

Post by iconic »

Yes, kernel local stack space is indeed very small compared to usermode especially on x86 targets :D

--Iconic
madshi
Site Admin
Posts: 10327
Joined: Sun Mar 21, 2004 5:25 pm

Re: 64bit sys BSOD check plz.

Post by madshi »

Yes, but I would have hoped Windows would properly report that a thread has run out of stack space instead of reporting "memory corruption". Finding and fixing the problem would have been so much easier and faster if the OS had complained properly... :(
iconic
Site Admin
Posts: 974
Joined: Wed Jun 08, 2005 5:08 am

Re: 64bit sys BSOD check plz.

Post by iconic »

Agreed. Main problem with a double stack fault is the original calling code has run over the limited stack space and hit a page guard. After this, the OS itself will push the exception record info onto the same stack, resulting in twice the problem. The DDK/WDK has some run-time APIs such as IoGetStackLimits(), IoGetRemainingStackSize() etc. to help you determine how much actual space is left but since local vars are statically declared beforehand it's not overly helpful unless you're using something like recursion and checking in between calls. Another thing, not that I recommend it but it can be useful, if you call PsConvertToGuiThread() (first call to any Win32k service does this auto-magically) the stack size is then converted to a "large"(r) stack. Ideally, just allocate memory dynamically from within the OS when you can which eliminates stack space restrictions

--Iconic
madshi
Site Admin
Posts: 10327
Joined: Sun Mar 21, 2004 5:25 pm

Re: 64bit sys BSOD check plz.

Post by madshi »

Yes, I've converted those large local arrays to allocated pointers.

Fixing is usually easy, once you know what's wrong... :D
Post Reply