VxD and PageNotPresent

[ajron]

I'm writting VxD which dumps a memory. Maybe it's no problem to do it but I have one ;(.

Initially i call mem_dump() function while processing DEBUG_QUERY, but I read somewhere that it's not a good idea to process code which may cause page fault from DEBUG_QUERY. Next I call mem_dump() from W32_DEVICEIOCONTROL [DIOC_OPEN] (maybe it's not a good idea too - I don't know) but it's not solve my problem.

When I read some not present memory (not all) the system crashes. AFAIK the system process page fault to load not present page in this situation. And it's true but not at all in my case. When I test dumping memory, the system crashes in concrete pages in context. Different in different processes, but always at not present one. When I pass over this few non present pages (with other non present it's no problem) everything goes ok. Maybe someone know what is wrong.

Below is mem_dump() code. R0File is wrapper class for R0_XXXFile services.

void mem_dump()
{
char txt[256];
char fileNm[]="c:\\file.tmp";

Trace_Out("Prepare to die ;-)");

R0File file;

file.SetInContext();

if(file.Create(fileNm,OPEN_ACCESS_READWRITE|OPEN_SHARE_DENYREADWRITE|OPEN_FLAGS_COMMIT))
{
Trace_Out("[*] Memory dumping ...");

DWORD page = PAGE(0x00400000);

while((page << PAGESHIFT) < 0x80000000)
{
if(IsPageCommitted(page))
{
_Sprintf(txt,"--> Dumping committed page %x\n",page);
Out_Debug_String(txt);

file.Write((PBYTE)(page << PAGESHIFT),PAGESIZE);
}

page++;
}

file.Close();

Trace_Out("[*] Memory dumped!");
}
else
{
Trace_Out("[*] Create file failed");
}
}