Use KeBugCheck2

GDATASoftwareAG · Jan 19, 2023 · faa9fea · faa9fea
1 parent 103926e
commit faa9fea
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/vmicore/src/lib/os/windows/SystemEventSupervisor.cpp b/vmicore/src/lib/os/windows/SystemEventSupervisor.cpp
@@ -30,7 +30,7 @@ namespace VmiCore::Windows
         activeProcessesSupervisor->initialize();
         interruptEventSupervisor->initialize();
         startPspCallProcessNotifyRoutinesMonitoring();
-        startKeBugCheckExMonitoring();
+        startKeBugCheck2Monitoring();
     }
 
     void SystemEventSupervisor::startPspCallProcessNotifyRoutinesMonitoring()
@@ -45,13 +45,13 @@ namespace VmiCore::Windows
             processNotifyFunctionVA, vmiInterface->convertPidToDtb(systemPid), notifyProcessCallbackFunction);
     }
 
-    void SystemEventSupervisor::startKeBugCheckExMonitoring()
+    void SystemEventSupervisor::startKeBugCheck2Monitoring()
     {
-        auto bugCheckFunctionVA = vmiInterface->translateKernelSymbolToVA("KeBugCheckEx");
-        logger->debug("Obtained starting address of KeBugCheckEx",
+        auto bugCheckFunctionVA = vmiInterface->translateKernelSymbolToVA("KeBugCheck2");
+        logger->debug("Obtained starting address of KeBugCheck2",
                       {logfield::create("VA", fmt::format("{:#x}", bugCheckFunctionVA))});
         auto bugCheckCallbackFunction =
-            IBreakpoint::createBreakpointCallback(weak_from_this(), &SystemEventSupervisor::keBugCheckExCallback);
+            IBreakpoint::createBreakpointCallback(weak_from_this(), &SystemEventSupervisor::keBugCheck2Callback);
 
         bugCheckInterruptEvent = interruptEventSupervisor->createBreakpoint(
             bugCheckFunctionVA, vmiInterface->convertPidToDtb(systemPid), bugCheckCallbackFunction);
@@ -88,7 +88,7 @@ namespace VmiCore::Windows
         return BpResponse::Continue;
     }
 
-    BpResponse SystemEventSupervisor::keBugCheckExCallback(IInterruptEvent& event)
+    BpResponse SystemEventSupervisor::keBugCheck2Callback(IInterruptEvent& event)
     {
         auto bugCheckCode = event.getRcx();
         eventStream->sendBSODEvent(static_cast<int64_t>(bugCheckCode));

diff --git a/vmicore/src/lib/os/windows/SystemEventSupervisor.h b/vmicore/src/lib/os/windows/SystemEventSupervisor.h
@@ -30,7 +30,7 @@ namespace VmiCore::Windows
 
         BpResponse pspCallProcessNotifyRoutinesCallback(IInterruptEvent& event);
 
-        BpResponse keBugCheckExCallback(IInterruptEvent& event);
+        BpResponse keBugCheck2Callback(IInterruptEvent& event);
 
         void teardown() override;
 
@@ -48,7 +48,7 @@ namespace VmiCore::Windows
 
         void startPspCallProcessNotifyRoutinesMonitoring();
 
-        void startKeBugCheckExMonitoring();
+        void startKeBugCheck2Monitoring();
     };
 }