Log_Fault_Call_Out

include vmm.inc

mov     edi, ThreadHandle
mov     esi, FaultNumber
mov     eax, OFFSET32 EventProc
mov     edx, UpperStackLimit
mov     ebp, FrameClient_Regs
VMMCall Log_Fault_Call_Out
jnc     not_handled
 

This is a callout service that the VMM calls when it is about to report a fault to the user. It is provided so that a supplemental VxD can hook this service and log faults that are reported. The supplemental VxD can also handle the fault notification itself and indicate to the VMM that it shouldn't duplicate the notification. Virtual deices should not call this service directly.

• Sets the carry flag if the notification has been handled, indicating that the VMM should not do its own notification.

VMHandle

Handle of the current virtual machine.

FaultNumber

Number of the fault to report.

FrameClient_Regs

Ring 0 client registers of the fault stack frame.

EventProc

Address of the event procedure for the event being processed, address of the timeout procedure associated with the timeout being processed, or zero if neither an event nor a timeout was processed.

UpperStackLimit

Upper limit of stack used by event being processed, or garbage if neither an event nor a timeout was processed.

Before calling this service (that is, on entry to the hook procedure), the stack looks like this:

esp    <undefined area between the current ESP and EBP-16>
ebp-16  -> saved gs
ebp-12  -> saved fs
ebp-8   -> saved es
ebp-4   -> saved ds
ebp     -> pushad frame
        -> error code
        -> faulting eip
        -> faulting cs
        -> flags
edx     -> upper limit of stack used by event being processed
 

Notifications can not be suppressed if the fault was not caused by an event or timeout.

This service can modify any of the registers