Archives

• September 2008
• April 2008
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005

Categories

• AI (1)
• authentication (4)
• Blogging (38)
• Culture (27)
• DDK (89)
• General nonsense (29)
• Intellectual Property (9)
• Microsoft (52)
• Networking (23)
• PhoneFactor (5)
• Positive Networks (8)
• Programming (115)
• Security (46)
• two-factor (4)
• Uncategorized (38)
• Vista (34)
• WDK (26)
• Windows (56)

Links

• A Hole In My Head
• Alex Ionescu's Blog
• Antimail
• Buggin' My Life Away
• craigrow: blogging about developing, testing and getting a logo for your drivers using the Windows Driver Kit and the Driver Test Manager
• Dana Epp's ramblings at the Sanctuary
• DebugInfo.com - Oleg Starodumov
• Fabulous Adventures In Coding
• Joel on Software
• Larry Osterman's WebLog
• Lori Pearce's WebLog
• Mark's Sysinternals Blog
• Metasploit
• Michael Howard's Web Log
• Nynaeve
• Pointless Blathering
• Positive Networks
• Positive Networks Blog
• Q & Stuff
• Schneier on Security
• Schwieb
• Sorting It All Out
• The Old New Thing
• Under The Hood - Matt Pietrek

Meta

• Register
• Login
• Valid XHTML
• XFN
• WordPress
• Domain
• Website Design
• Web Hosting

Be careful with MmGetSystemRoutineAddress

Bill McKenzie reported on NTDEV that he re-discovered a nasty crash bug in MmGetSystemRoutineAddress. Apparently, all versions of Windows XP and everything before Windows Server 2003 SP1 will bugcheck if they’re passed an invalid system routine name.

This bug is fixed in Vista and is scheduled for fix in XP SP3.

Meanwhile, Peter Viscarola from OSR offers this advice:

The work-around is to always call MmGetSystemRoutineAddress from within a try/except block. If you get the exception, I guess you can assume the routine you’re seeking isn’t there…

UPDATE from Doron Holan:

FYI, using SEH to recover from this bug is *NOT* recommended. SEH is not a formal contract for this API and as such, we (MSFT) cannot guarantee that the OS is still in a stable state after you have caught the exception. I am working on a better solution, but for now, SEH is not the answer.

This entry was posted on Thursday, May 31st, 2007 at 4:51 pm and is filed under Programming, Windows, WDK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Be careful with MmGetSystemRoutineAddress”

• Satya Das Says:
  June 2nd, 2007 at 9:40 am

  Does anyone know why that specific export causes this crash ?

• dispensa Says:
  June 2nd, 2007 at 11:22 am

  There have been reports of it breaking with other exports as well - someone reported DbgPrintEx doing the same thing. I hope we’ll see additional clarification soon from Microsoft. Unless I get bored and reverse it first.

Leave a Reply

Name

Mail (will not be published)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Recent Posts

• Windows 7 Server == Windows Server 2008 R2
• Bad Idea: Making assumptions about CPU number
• At Driver DevCon
• Free advice (being worth what you pay for it, of course)
• PhoneFactor video
• Interesting peek at Win7
• No more single-core chips
• I guess it depends on what you’re hex editing
• Metasploit as the security Mendoza line
• The return of err.exe

Recent Comments

• Manny
• dispensa
• doug
• dispensa
• Yossi