US 7,322,027 B2 | ||
Detecting termination and providing information related to termination of a computer system process | ||
Patrick Tousignant, Bellevue, Wash. (US) | ||
Assigned to Microsoft Corporation, Redmond, Wash. (US) | ||
Filed on Jun. 30, 2003, as Appl. No. 10/611,450. | ||
Prior Publication US 2004/0268319 A1, Dec. 30, 2004 | ||
Int. Cl. G06F 9/44 (2006.01); G06F 15/00 (2006.01) |
U.S. Cl. 717—127 [717/124; 712/231; 712/234; 712/244] | 30 Claims |
1. In a computer system including system memory, a method for providing information related to the termination of a process,
the method comprising:
an act of loading a termination function into system memory, the termination function having termination instructions that,
when executed, cause a calling process to terminate without providing information related to a termination event that caused
the calling process to terminate;
an act of altering the code of the termination function to redirect the functionality of the termination function to a memory
resident invalid instruction such that a termination event causes the invalid instruction to be executed, execution of the
invalid instruction causing an exception that provides termination information related to the termination event;
an act of a memory resident process detecting a termination event;
an act of the memory resident process calling the termination function; and
an act of executing the invalid instruction to provide termination information related to the detected termination event,
in response to the termination function being called.
|