1. Summary of kernel-mode support routines
Http://msdn.microsoft.com/en-us/library/ff563889%28VS.85%29.aspx
Never use a side-effect expression in the parameters of the kernel-mode service function.
2. Exceptions
Directly referenced by the user-mode virtual memoryCodeThe segment should be protected by a structured exception frame. Such a reference usually occurs when you call the functions of matrix, probeforread, and probeforwrite.
When an exception occurs, the operating system scans the stack exception frame to find the corresponding exception handling.Program.
Graphical structure Exception Handling Logic
Shows two calls to the filter function. One for locating the exception handler and the other for rolling back the stack.
If you need more information about exceptions, two functions can be called in the evaluate expression of _ expect T. They can provide information about this exception. In fact, these two functions are implemented within the Microsoft compiler, so they can only be used at specific times:
• Getexceptioncode () returns the numeric code of the current exception. The value is an ntstatus value. This function is only valid in the _ struct t expression and subsequent exception handling code.
• Getexceptioninformation () returns the address of the exception_pointers structure, which contains all detailed information about the exception, where the exception occurred, the register content when the exception occurred, and so on. This function is only valid in the _ struct t expression.
Generation exception
Only when you know that there is an exception handling code and you know what you are actually doing can you generate an exception in a non-arbitrary thread context.
Raiseexception
Exraisestatus
Exraiseaccessviolation
Exraisedatatypemisalignment
A structured exception handling mechanism must be used, that is, an exception handling routine must be established when the call of the matrix function is used by the MDL (memory Descriptor Table) to lock the Memory Page. This problem does not often occur for WDM drivers, because the MDL you use has been detected and locked by other programs. However, since you can define the I/O Control (IOCTL) operation using the method_neither buffer method, you must write the code as follows:
Pmdl MDL = mmcreatemdl (...);
_ Try
{
MMP robeandlockpages (MDL ,...);
}
_ Handler T (exception_execute_handler)
{
Ntstatus status = getexceptioncode ();
Exfreepool (pvoid) MDL );
Return completerequest (IRP, status, 0 );
}
The program can call kebugcheckex on any IRQL. If the program finds an irreparable error and the program continues to run will destroy the system, the program calls the kebugcheckex function, this function will make the system close in a controllable way.