> Assuming that Nt!Foo and Nt!Bar unwind reliably when any non-continuable OS exception is ‘thrown’, such as by
ExRaiseStatus, then there should be no perceptible difference with our library. That is, the Nt!Foo and Nt!Bar
handlers are invoked just like they would be by the OS unwinder.
Huge assumption to make. I would say <1% of the kernel’s functions are safe from ExRaiseStatus raising and exception below them in the callstack and unwinding expectedly. Nevermind that <0.1% of the drivers out there might actually handle callstack unwinding via ExRaiseStatus. What happens when you throw an exception from that leaks out of the current call frame and your driver is not anywhere up the stack? Unhandled exception/bugcheck?
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Peter Hurley
Sent: Friday, April 15, 2011 7:22 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Writing drivers in C++
Off-list, Peter Viscarola and I have resolved his concerns regarding the appearance of my original post as commercial in nature. That wasn’t my intention and I apologize to the list for that impression.
As I said at the the beginning of my original post, I don’t intend to discuss the merits of C++ drivers on this list. But I will start a thread over in NTTALK and respond there to the C++ driver issues that have been raised here.
So, onto the other questions/issues that have been raised.
Doron said:
… I want to be clear that there is no support for this in the
compiler …
Of course, the compiler is what defines and provides the necessary structures and interfaces for C++ exceptions to work at all so it’s unclear what you mean by “no support”.
Doron continued:
… and that future compiler changes may break this library.
That’s always a possibility. But I should note here that since it’s a static library, compiler changes won’t affect your existing driver binaries. Also, the compiler structures are versioned (again by the compiler) to preserve the implied ABI. The situation is akin to prior ABI changes in the VC++ compiler: an app compiled with the newest compiler version still needs to interop with DLLs compiled with previous versions.
In any event, by most, it’s considered best-practices to hold onto the DDK/WDK/compiler version with which you release.
Doron said:
How does throwing an exception across call frames which are not C++
aware or written to your framework handle unwind? Ie if you throw from
a callstack like this
Driver!ThrowingFunction
Nt!Foo
Nt!Bar
Driver!CallIntoNt
How can you guarantee state / cleanup in ntoskrnl when Foo and Bar
unwind unexpectedly?
Assuming that Nt!Foo and Nt!Bar unwind reliably when any non-continuable OS exception is ‘thrown’, such as by ExRaiseStatus, then there should be no perceptible difference with our library. That is, the Nt!Foo and Nt!Bar handlers are invoked just like they would be by the OS unwinder.
Similarly, if an OS exception unwinds across the C++ call frame, that frame is properly unwound by us, regardless of whether the exception is “handled” by that frame or not.
All that being said, raising ANY exception across different binaries is imprudent at best unless the anticipated call-stack is well-known. This is true regardless of the origin of the exception.
Also, I should be clear that this library does not perform any OS-magic. Just like an SEH handler, the C++ handler is only going to see those exceptions that are actually dispatched. So, for example, true processor faults at anything other than passive level are still going to bug check, as will processor faults that are never dispatched like bounds, divide-by-zero, etc.
Lastly, mm said:
Peter, do you support x64?
That’s currently delayed for non-technical reasons. Right now, we’re looking at mid-May. It’s hard enough getting out open-source code when we have regular duties to attend to.
Currently, the main shortcoming of our exception handling (and on our To-Do list) is that our dispatcher and unwinder does not validate the handler (ala SafeSEH). So well our handlers will properly validate with the OS, I haven’t coded the image walk yet to be able to validate other handlers.
Hope this clears some misconceptions up.
Thanks,
Peter Hurley
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer