2 * Unit test suite for ntdll exceptions
4 * Copyright 2005 Alexandre Julliard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 #define _WIN32_WINNT 0x500 /* For NTSTATUS */
28 #define WIN32_NO_STATUS
35 #include "wine/test.h"
39 static struct _TEB * (WINAPI *pNtCurrentTeb)(void);
40 static NTSTATUS (WINAPI *pNtGetContextThread)(HANDLE,CONTEXT*);
41 static NTSTATUS (WINAPI *pNtSetContextThread)(HANDLE,CONTEXT*);
42 static void *code_mem;
44 /* Test various instruction combinations that cause a protection fault on the i386,
45 * and check what the resulting exception looks like.
48 static const struct exception
50 BYTE code[18]; /* asm code */
51 BYTE offset; /* offset of faulting instruction */
52 BYTE length; /* length of faulting instruction */
53 NTSTATUS status; /* expected status code */
54 DWORD nb_params; /* expected number of parameters */
55 DWORD params[4]; /* expected parameters */
58 /* test some privileged instructions */
59 { { 0xfb, 0xc3 }, /* sti; ret */
60 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
61 { { 0x6c, 0xc3 }, /* insb (%dx); ret */
62 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
63 { { 0x6d, 0xc3 }, /* insl (%dx); ret */
64 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
65 { { 0x6e, 0xc3 }, /* outsb (%dx); ret */
66 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
67 { { 0x6f, 0xc3 }, /* outsl (%dx); ret */
68 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
69 { { 0xe4, 0x11, 0xc3 }, /* inb $0x11,%al; ret */
70 0, 2, STATUS_PRIVILEGED_INSTRUCTION, 0 },
71 { { 0xe5, 0x11, 0xc3 }, /* inl $0x11,%eax; ret */
72 0, 2, STATUS_PRIVILEGED_INSTRUCTION, 0 },
73 { { 0xe6, 0x11, 0xc3 }, /* outb %al,$0x11; ret */
74 0, 2, STATUS_PRIVILEGED_INSTRUCTION, 0 },
75 { { 0xe7, 0x11, 0xc3 }, /* outl %eax,$0x11; ret */
76 0, 2, STATUS_PRIVILEGED_INSTRUCTION, 0 },
77 { { 0xed, 0xc3 }, /* inl (%dx),%eax; ret */
78 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
79 { { 0xee, 0xc3 }, /* outb %al,(%dx); ret */
80 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
81 { { 0xef, 0xc3 }, /* outl %eax,(%dx); ret */
82 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
83 { { 0xf4, 0xc3 }, /* hlt; ret */
84 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
85 { { 0xfa, 0xc3 }, /* cli; ret */
86 0, 1, STATUS_PRIVILEGED_INSTRUCTION, 0 },
88 /* test long jump to invalid selector */
89 { { 0xea, 0, 0, 0, 0, 0, 0, 0xc3 }, /* ljmp $0,$0; ret */
90 0, 7, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
92 /* test iret to invalid selector */
93 { { 0x6a, 0x00, 0x6a, 0x00, 0x6a, 0x00, 0xcf, 0x83, 0xc4, 0x0c, 0xc3 },
94 /* pushl $0; pushl $0; pushl $0; iret; addl $12,%esp; ret */
95 6, 1, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
97 /* test loading an invalid selector */
98 { { 0xb8, 0xef, 0xbe, 0x00, 0x00, 0x8e, 0xe8, 0xc3 }, /* mov $beef,%ax; mov %ax,%gs; ret */
99 5, 2, STATUS_ACCESS_VIOLATION, 2, { 0, 0xbee8 } },
101 /* test accessing a zero selector */
102 { { 0x06, 0x31, 0xc0, 0x8e, 0xc0, 0x26, 0xa1, 0, 0, 0, 0, 0x07, 0xc3 },
103 /* push %es; xor %eax,%eax; mov %ax,%es; mov %es:(0),%ax; pop %es */
104 5, 6, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
106 /* test moving %cs -> %ss */
107 { { 0x0e, 0x17, 0x58, 0xc3 }, /* pushl %cs; popl %ss; popl %eax; ret */
108 1, 1, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
110 /* test overlong instruction (limit is 16 bytes) */
111 { { 0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0xfa,0xc3 },
112 0, 16, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
113 { { 0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0x64,0xfa,0xc3 },
114 0, 15, STATUS_PRIVILEGED_INSTRUCTION, 0 },
116 /* test invalid interrupt */
117 { { 0xcd, 0xff, 0xc3 }, /* int $0xff; ret */
118 0, 2, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
120 /* test moves to/from Crx */
121 { { 0x0f, 0x20, 0xc0, 0xc3 }, /* movl %cr0,%eax; ret */
122 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
123 { { 0x0f, 0x20, 0xe0, 0xc3 }, /* movl %cr4,%eax; ret */
124 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
125 { { 0x0f, 0x22, 0xc0, 0xc3 }, /* movl %eax,%cr0; ret */
126 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
127 { { 0x0f, 0x22, 0xe0, 0xc3 }, /* movl %eax,%cr4; ret */
128 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
130 /* test moves to/from Drx */
131 { { 0x0f, 0x21, 0xc0, 0xc3 }, /* movl %dr0,%eax; ret */
132 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
133 { { 0x0f, 0x21, 0xc8, 0xc3 }, /* movl %dr1,%eax; ret */
134 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
135 { { 0x0f, 0x21, 0xf8, 0xc3 }, /* movl %dr7,%eax; ret */
136 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
137 { { 0x0f, 0x23, 0xc0, 0xc3 }, /* movl %eax,%dr0; ret */
138 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
139 { { 0x0f, 0x23, 0xc8, 0xc3 }, /* movl %eax,%dr1; ret */
140 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
141 { { 0x0f, 0x23, 0xf8, 0xc3 }, /* movl %eax,%dr7; ret */
142 0, 3, STATUS_PRIVILEGED_INSTRUCTION, 0 },
144 /* test memory reads */
145 { { 0xa1, 0xfc, 0xff, 0xff, 0xff, 0xc3 }, /* movl 0xfffffffc,%eax; ret */
146 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xfffffffc } },
147 { { 0xa1, 0xfd, 0xff, 0xff, 0xff, 0xc3 }, /* movl 0xfffffffd,%eax; ret */
148 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
149 { { 0xa1, 0xfe, 0xff, 0xff, 0xff, 0xc3 }, /* movl 0xfffffffe,%eax; ret */
150 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
151 { { 0xa1, 0xff, 0xff, 0xff, 0xff, 0xc3 }, /* movl 0xffffffff,%eax; ret */
152 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
154 /* test memory writes */
155 { { 0xa3, 0xfc, 0xff, 0xff, 0xff, 0xc3 }, /* movl %eax,0xfffffffc; ret */
156 0, 5, STATUS_ACCESS_VIOLATION, 2, { 1, 0xfffffffc } },
157 { { 0xa3, 0xfd, 0xff, 0xff, 0xff, 0xc3 }, /* movl %eax,0xfffffffd; ret */
158 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
159 { { 0xa3, 0xfe, 0xff, 0xff, 0xff, 0xc3 }, /* movl %eax,0xfffffffe; ret */
160 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
161 { { 0xa3, 0xff, 0xff, 0xff, 0xff, 0xc3 }, /* movl %eax,0xffffffff; ret */
162 0, 5, STATUS_ACCESS_VIOLATION, 2, { 0, 0xffffffff } },
165 static int got_exception;
167 static void run_exception_test(const void *handler, const void* context,
168 const void *code, unsigned int code_size)
171 EXCEPTION_REGISTRATION_RECORD frame;
174 void (*func)(void) = code_mem;
176 exc_frame.frame.Handler = handler;
177 exc_frame.frame.Prev = pNtCurrentTeb()->Tib.ExceptionList;
178 exc_frame.context = context;
180 memcpy(code_mem, code, code_size);
182 pNtCurrentTeb()->Tib.ExceptionList = &exc_frame.frame;
184 pNtCurrentTeb()->Tib.ExceptionList = exc_frame.frame.Prev;
187 static DWORD handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTRATION_RECORD *frame,
188 CONTEXT *context, EXCEPTION_REGISTRATION_RECORD **dispatcher )
190 const struct exception *except = *(const struct exception **)(frame + 1);
191 unsigned int i, entry = except - exceptions;
194 trace( "exception: %x flags:%x addr:%p\n",
195 rec->ExceptionCode, rec->ExceptionFlags, rec->ExceptionAddress );
197 ok( rec->ExceptionCode == except->status,
198 "%u: Wrong exception code %x/%x\n", entry, rec->ExceptionCode, except->status );
199 ok( rec->ExceptionAddress == (char*)code_mem + except->offset,
200 "%u: Wrong exception address %p/%p\n", entry,
201 rec->ExceptionAddress, (char*)code_mem + except->offset );
203 ok( rec->NumberParameters == except->nb_params,
204 "%u: Wrong number of parameters %u/%u\n", entry, rec->NumberParameters, except->nb_params );
205 for (i = 0; i < rec->NumberParameters; i++)
206 ok( rec->ExceptionInformation[i] == except->params[i],
207 "%u: Wrong parameter %d: %lx/%x\n",
208 entry, i, rec->ExceptionInformation[i], except->params[i] );
210 /* don't handle exception if it's not the address we expected */
211 if (rec->ExceptionAddress != (char*)code_mem + except->offset) return ExceptionContinueSearch;
213 context->Eip += except->length;
214 return ExceptionContinueExecution;
217 static void test_prot_fault(void)
221 for (i = 0; i < sizeof(exceptions)/sizeof(exceptions[0]); i++)
224 run_exception_test(handler, &exceptions[i], &exceptions[i].code,
225 sizeof(exceptions[i].code));
226 if (!i && !got_exception)
228 trace( "No exception, assuming win9x, no point in testing further\n" );
231 ok( got_exception == (exceptions[i].status != 0),
232 "%u: bad exception count %d\n", i, got_exception );
236 /* test handling of debug registers */
237 static DWORD dreg_handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTRATION_RECORD *frame,
238 CONTEXT *context, EXCEPTION_REGISTRATION_RECORD **dispatcher )
240 context->Eip += 2; /* Skips the popl (%eax) */
241 context->Dr0 = 0x42424242;
246 context->Dr7 = 0x155;
247 return ExceptionContinueExecution;
250 static const BYTE segfault_code[5] = {
251 0x31, 0xc0, /* xor %eax,%eax */
252 0x8f, 0x00, /* popl (%eax) - cause exception */
256 /* test the single step exception behaviour */
257 static DWORD single_step_handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTRATION_RECORD *frame,
258 CONTEXT *context, EXCEPTION_REGISTRATION_RECORD **dispatcher )
261 ok (!(context->EFlags & 0x100), "eflags has single stepping bit set\n");
263 if( got_exception < 3)
264 context->EFlags |= 0x100; /* single step until popf instruction */
266 /* show that the last single step exception on the popf instruction
267 * (which removed the TF bit), still is a EXCEPTION_SINGLE_STEP exception */
268 ok( rec->ExceptionCode == EXCEPTION_SINGLE_STEP,
269 "exception is not EXCEPTION_SINGLE_STEP: %x\n", rec->ExceptionCode);
272 return ExceptionContinueExecution;
275 static const BYTE single_stepcode[] = {
278 0x0d,0,1,0,0, /* or $0x100,%eax */
279 0x50, /* push %eax */
281 0x35,0,1,0,0, /* xor $0x100,%eax */
282 0x50, /* push %eax */
287 /* Test the alignment check (AC) flag handling. */
288 static const BYTE align_check_code[] = {
289 0x55, /* push %ebp */
290 0x89,0xe5, /* mov %esp,%ebp */
293 0x0d,0,0,4,0, /* or $0x40000,%eax */
294 0x50, /* push %eax */
296 0x89,0xe0, /* mov %esp, %eax */
297 0x8b,0x40,0x1, /* mov 0x1(%eax), %eax - cause exception */
300 0x35,0,0,4,0, /* xor $0x40000,%eax */
301 0x50, /* push %eax */
307 static DWORD align_check_handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTRATION_RECORD *frame,
308 CONTEXT *context, EXCEPTION_REGISTRATION_RECORD **dispatcher )
310 ok (!(context->EFlags & 0x40000), "eflags has AC bit set\n");
312 return ExceptionContinueExecution;
315 /* test single stepping over hardware breakpoint */
316 static DWORD bpx_handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTRATION_RECORD *frame,
317 CONTEXT *context, EXCEPTION_REGISTRATION_RECORD **dispatcher )
320 ok( rec->ExceptionCode == EXCEPTION_SINGLE_STEP,
321 "wrong exception code: %x\n", rec->ExceptionCode);
323 if(got_exception == 1) {
324 /* hw bp exception on first nop */
325 ok( context->Eip == (DWORD)code_mem, "eip is wrong: %x instead of %x\n",
326 context->Eip, (DWORD)code_mem);
327 ok( (context->Dr6 & 0xf) == 1, "B0 flag is not set in Dr6\n");
328 ok( !(context->Dr6 & 0x4000), "BS flag is set in Dr6\n");
329 context->Dr0 = context->Dr0 + 1; /* set hw bp again on next instruction */
330 context->EFlags |= 0x100; /* enable single stepping */
331 } else if( got_exception == 2) {
332 /* single step exception on second nop */
333 ok( context->Eip == (DWORD)code_mem + 1, "eip is wrong: %x instead of %x\n",
334 context->Eip, (DWORD)code_mem + 1);
335 todo_wine{ ok( (context->Dr6 & 0x4000), "BS flag is not set in Dr6\n"); };
336 ok( (context->Dr6 & 0xf) == 0, "B0...3 flags in Dr6 shouldn't be set\n");
337 context->EFlags |= 0x100;
338 } else if( got_exception == 3) {
339 /* hw bp exception on second nop */
340 ok( context->Eip == (DWORD)code_mem + 1, "eip is wrong: %x instead of %x\n",
341 context->Eip, (DWORD)code_mem + 1);
342 todo_wine{ ok( (context->Dr6 & 0xf) == 1, "B0 flag is not set in Dr6\n"); };
343 ok( !(context->Dr6 & 0x4000), "BS flag is set in Dr6\n");
344 context->Dr0 = 0; /* clear breakpoint */
345 context->EFlags |= 0x100;
347 /* single step exception on ret */
348 ok( context->Eip == (DWORD)code_mem + 2, "eip is wrong: %x instead of %x\n",
349 context->Eip, (DWORD)code_mem + 2);
350 ok( (context->Dr6 & 0xf) == 0, "B0...3 flags in Dr6 shouldn't be set\n");
351 todo_wine{ ok( (context->Dr6 & 0x4000), "BS flag is not set in Dr6\n"); };
354 context->Dr6 = 0; /* clear status register */
355 return ExceptionContinueExecution;
358 static const BYTE dummy_code[] = { 0x90, 0x90, 0xc3 }; /* nop, nop, ret */
360 /* test int3 handling */
361 static DWORD int3_handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTRATION_RECORD *frame,
362 CONTEXT *context, EXCEPTION_REGISTRATION_RECORD **dispatcher )
364 ok( rec->ExceptionAddress == code_mem, "exception address not at: %p, but at %p\n",
365 code_mem, rec->ExceptionAddress);
367 ok( context->Eip == (DWORD)code_mem, "eip not at: %p, but at %#x\n", code_mem, context->Eip);
369 if(context->Eip == (DWORD)code_mem) context->Eip++; /* skip breakpoint */
371 return ExceptionContinueExecution;
374 static const BYTE int3_code[] = { 0xCC, 0xc3 }; /* int 3, ret */
377 static void test_exceptions(void)
382 pNtGetContextThread = (void *)GetProcAddress( GetModuleHandleA("ntdll.dll"), "NtGetContextThread" );
383 pNtSetContextThread = (void *)GetProcAddress( GetModuleHandleA("ntdll.dll"), "NtSetContextThread" );
384 if (!pNtGetContextThread || !pNtSetContextThread)
386 trace( "NtGetContextThread/NtSetContextThread not found, skipping tests\n" );
390 /* test handling of debug registers */
391 run_exception_test(dreg_handler, NULL, &segfault_code, sizeof(segfault_code));
393 ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
394 res = pNtGetContextThread(GetCurrentThread(), &ctx);
395 ok (res == STATUS_SUCCESS,"NtGetContextThread failed with %x\n", res);
396 ok(ctx.Dr0 == 0x42424242,"failed to set debugregister 0 to 0x42424242, got %x\n", ctx.Dr0);
397 ok(ctx.Dr7 == 0x155,"failed to set debugregister 7 to 0x155, got %x\n", ctx.Dr7);
399 /* test single stepping behavior */
401 run_exception_test(single_step_handler, NULL, &single_stepcode, sizeof(single_stepcode));
402 ok(got_exception == 3, "expected 3 single step exceptions, got %d\n", got_exception);
404 /* test alignment exceptions */
406 run_exception_test(align_check_handler, NULL, align_check_code, sizeof(align_check_code));
407 ok(got_exception == 0, "got %d alignment faults, expected 0\n", got_exception);
409 /* test single stepping over hardware breakpoint */
410 memset(&ctx, 0, sizeof(ctx));
411 ctx.Dr0 = (DWORD) code_mem; /* set hw bp on first nop */
413 ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
414 res = pNtSetContextThread( GetCurrentThread(), &ctx);
415 ok( res == STATUS_SUCCESS, "NtSetContextThread faild with %x\n", res);
418 run_exception_test(bpx_handler, NULL, dummy_code, sizeof(dummy_code));
419 ok( got_exception == 4,"expected 4 exceptions, got %d\n", got_exception);
421 /* test int3 handling */
422 run_exception_test(int3_handler, NULL, int3_code, sizeof(int3_code));
425 #endif /* __i386__ */
427 START_TEST(exception)
430 pNtCurrentTeb = (void *)GetProcAddress( GetModuleHandleA("ntdll.dll"), "NtCurrentTeb" );
433 trace( "NtCurrentTeb not found, skipping tests\n" );
437 /* 1024 byte should be sufficient */
438 code_mem = VirtualAlloc(NULL, 1024, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
440 trace("VirtualAlloc failed\n");
446 VirtualFree(code_mem, 1024, MEM_RELEASE);
projects / wine / blob