Geoff Chappell, Software Analyst
There follows a header, PROFILE.H, to use with the one source file, PROCRASH.CPP, for a small console application that demonstrates a Bug Check From User Mode By Profiling.
/* ************************************************************************ *
* profile.h *
* ************************************************************************ */
/* This header defines various programming elements that support profiling
but which are not ordinarily available in headers from the Windows SDK. */
#pragma once
/* Keep the Visual Studio text editor happy. Perhaps it doesn't even try to
work out that all use of this header in its project - or in the whole
solution it comes from - includes WINDOWS.H first. */
#ifdef __INTELLISENSE__
#include <windows.h>
#endif
/* ************************************************************************ */
/* From Microsoft's headers for kernel-mode programming */
extern "C" {
/* The demonstration is of a coding error in the undocumented functions
for profiling. Being low-level, these work with the well-known
kernel-mode status code, not the Win32 error code. There are SDK headers
that define the NTSTATUS and some selection of related macros, but
arguably not naturally. */
typedef __success (return >= 0) LONG NTSTATUS;
#define NT_SUCCESS(Status) ((NTSTATUS) (Status) >= 0)
#define STATUS_SUCCESS ((NTSTATUS) 0)
/* The functions that create a profile object take among their arguments a
profile source that is defined in headers from the Windows Driver Kit
(WDK) and which may as well be reproduced whole. */
typedef enum _KPROFILE_SOURCE {
ProfileTime,
ProfileAlignmentFixup,
ProfileTotalIssues,
ProfilePipelineDry,
ProfileLoadInstructions,
ProfilePipelineFrozen,
ProfileBranchInstructions,
ProfileTotalNonissues,
ProfileDcacheMisses,
ProfileIcacheMisses,
ProfileCacheMisses,
ProfileBranchMispredictions,
ProfileStoreInstructions,
ProfileFpInstructions,
ProfileIntegerInstructions,
Profile2Issue,
Profile3Issue,
Profile4Issue,
ProfileSpecialInstructions,
ProfileTotalCycles,
ProfileIcacheIssues,
ProfileDcacheAccesses,
ProfileMemoryBarrierCycles,
ProfileLoadLinkedIssues,
ProfileMaximum
} KPROFILE_SOURCE;
/* Another argument specifies processors. Again, the type is defined in the
WDK. */
typedef ULONG_PTR KAFFINITY;
/* The functions themselves have been undocumented for two decades but
nowadays have declarations in a header from an Enterprise WDK for
Windows 10. */
NTSYSAPI
NTSTATUS
NTAPI
NtCreateProfile (
HANDLE *ProfileHandle,
HANDLE Process,
PVOID ProfileBase,
SIZE_T ProfileSize,
ULONG BucketSize,
ULONG *Buffer,
ULONG BufferSize,
KPROFILE_SOURCE ProfileSource,
KAFFINITY Affinity);
NTSYSAPI
NTSTATUS
NTAPI
NtStartProfile (
HANDLE ProfileHandle);
NTSYSAPI
NTSTATUS
NTAPI
NtStopProfile (
HANDLE ProfileHandle);
/* A helpful macro that Microsoft defines in WDK headers but omits from the
SDK */
#ifndef ALIGN_UP_BY
#define ALIGN_UP_BY(x,n) (((ULONG_PTR) (x) + (n) - 1) & ~((n) - 1))
#endif
} // extern "C"
/* ************************************************************************ */
The only reason this is presented as a separate header is so that the source file is more easily read just for what’s particular to what it demonstrates.