include vmm.inc mov edi, ThreadHandle mov esi, FaultNumber mov eax, OFFSET32 EventProc mov edx, UpperStackLimit mov ebp, FrameClient_Regs VMMcall Log_Fault_Call_Out jnc not_handled
This is a callout service that the VMM calls when it is about to report a fault to the user. It is provided so that a supplemental VxD can hook this service and log faults that are reported. The supplemental VxD can also handle the fault notification itself and indicate to the VMM that it shouldn't duplicate the notification. Virtual deices should not call this service directly.
VMHandle
Handle of the current virtual machine.
FaultNumber
Number of the fault to report.
FrameClient_Regs
Ring 0 client registers of the fault stack frame.
EventProc
Address of the event procedure for the event being processed, address of the timeout procedure associated with the timeout being processed, or zero if neither an event nor a timeout was processed.
UpperStackLimit
Upper limit of stack used by event being processed, or garbage if neither an event nor a timeout was processed.
Before calling this service (that is, on entry to the hook procedure), the stack looks like this:
esp <undefined area between the current ESP and EBP-16> ebp-16 -> saved gs ebp-12 -> saved fs ebp-8 -> saved es ebp-4 -> saved ds ebp -> pushad frame -> error code -> faulting eip -> faulting cs -> flags edx -> upper limit of stack used by event being processed
Notifications can not be suppressed if the fault was not caused by an event or timeout.
This service can modify any of the registers