Page 2 of 2

Re: 64bit sys BSOD check plz.

PostPosted: Mon Jan 01, 2018 5:01 pm
by iconic
Yes, kernel local stack space is indeed very small compared to usermode especially on x86 targets :D

--Iconic

Re: 64bit sys BSOD check plz.

PostPosted: Mon Jan 01, 2018 6:12 pm
by madshi
Yes, but I would have hoped Windows would properly report that a thread has run out of stack space instead of reporting "memory corruption". Finding and fixing the problem would have been so much easier and faster if the OS had complained properly... :(

Re: 64bit sys BSOD check plz.

PostPosted: Mon Jan 01, 2018 6:18 pm
by iconic
Agreed. Main problem with a double stack fault is the original calling code has run over the limited stack space and hit a page guard. After this, the OS itself will push the exception record info onto the same stack, resulting in twice the problem. The DDK/WDK has some run-time APIs such as IoGetStackLimits(), IoGetRemainingStackSize() etc. to help you determine how much actual space is left but since local vars are statically declared beforehand it's not overly helpful unless you're using something like recursion and checking in between calls. Another thing, not that I recommend it but it can be useful, if you call PsConvertToGuiThread() (first call to any Win32k service does this auto-magically) the stack size is then converted to a "large"(r) stack. Ideally, just allocate memory dynamically from within the OS when you can which eliminates stack space restrictions

--Iconic

Re: 64bit sys BSOD check plz.

PostPosted: Mon Jan 01, 2018 6:21 pm
by madshi
Yes, I've converted those large local arrays to allocated pointers.

Fixing is usually easy, once you know what's wrong... :D