Got BSOD with KeSaveExtendedProcessorState

Got BSOD with KeSaveExtendedProcessorState

This issuem isn't directly related to the subject forum, but I guessed that some of you may be familiar with KeSaveExtendedProcessorState in WinDDK, or you can direct me to post this thread in the appropriate Intel forum, I already posted this issue in MSDN forum. 

In my driver for Windows 7 64 bits, I tried to use KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState to save and restore extended processor states.

I used  RtlGetEnabledExtendedFeatures((ULONG64)(-1)) to get the enabled extended features (the returned value is 0x3 in one of my target system with Intel i7 dual core CPU, and use it as the first parameter for KeSaveExtendedProcessorState, and I used MmAllocateContiguousMemory(sizeof(XSTATE_SAVE), highAddress) with  highAddress  = 0xbfffffff to allocate the nonpaged memory used to save the extended states,  and raised IRQL to DISPATCH_LEVEL before KeSaveExtendedProcessorState. I got BSOD with following message:


0: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Invalid combination of parameters was detected while saving or restoring
extended processor state.
Arg1: 0000000000000000, Invalid feature mask was passed or extended processor state is
 not enabled.
Arg2: 0000000000800000, Nonzero if extended state is enabled.
Arg3: 0000000000000003, The low 32 bits of the feature mask.
Arg4: 0000000000000000, The high 32 bits of the feature mask.

Did I miss anything?

Also, I noticed that (sizeof(XSTATE_SAVE)) is 0x38 bytes, it is apparently far too small to save the enabled exteand features, should I intitialize any components of the XSTATE_SAVE structures to pass additional memory space to save the enabled extended features?  Is there any sample code or documentation to demo how to properly use KeSaveExtendedProcessorState ?  In my driver, I alreay specify this code to run on thread 2 only.



5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Please post your stack trace

Hi liliyapolak,

Thanks. Attached, please find the stack_trace.



Downloadtext/plain stack-trace.txt8.14 KB

Hi David
As I was able understand from your stack trace the crash has been caused due to some internal error inside KeSaveExtendedProcessorState routine which is part of NTOSKRNL module.Before calling offending routine try to run your code at IRQL level 0 or 1
Your allocated buffer is only 0x38 bytes could it be a failure of one of Memory Menager allocation routines?.I do not think that insuficient memory resource could cause a bugcheck error.
>>sample code or documentation to demo how to properly use KeSaveExtendedProcessorState.>>
Please follow this link ""
I would suggest you to put a breakpoint on KeSaveExtendedProcessorState function and perform single-stepping through the function ,while you are trying to reproduce the situation which caused the system crash.I would advise you to look carefuly at adress KeSaveExtendedProcessorState+0x1d5 where probably the crash has occured.
Another option is to use IDA PRO to learn the KeSaveExtendedProcessorState logic at machine code level

See the requirements for the underlying CPUi nstruction, that may help you understand what the problem is.

Leave a Comment

Please sign in to add a comment. Not a member? Join today