1. #1
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    47
    Posts
    175

    What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    I normally try to look up some of the calls in the stack trace to try and help me understand what is going on.

    But win32k!xxxInternalGetMessage has got me stumped.
    P.66 & 67 of Windows Internals 6th Ed. does not list "xxx"


    Call Site
    nt!KeBugCheckEx
    nt!KiBugCheckDispatch
    nt!KiSystemServiceHandler
    nt!RtlpExecuteHandlerForException
    nt!RtlDispatchException
    nt!KiDispatchException
    nt!KiExceptionDispatch
    nt!KiGeneralProtectionFault
    win32k!xxxWindowHitTest
    win32k!xxxWindowHitTest2
    win32k!xxxWindowHitTest
    win32k!xxxScanSysQueue
    win32k!xxxRealInternalGetMessage
    win32k!xxxInternalGetMessage
    win32k!NtUserGetMessage
    nt!KiSystemServiceCopyEnd
    0x0
    Ke = Kernel
    Ki = Kernel Interupt Handling
    Rtl = Runtime Library
    Nt = Native API calls

    xxx= ???? ***??

    Virus?? Malware??

    Any ideas?? Anybody??
    Try to live an ordinary life, in a non-ordinary way.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    writhziden's Avatar
    Join Date
    May 2012
    Location
    Colorado
    Posts
    2,304
    • specs System Specs
      • Manufacturer:
        Sony
      • Model Number:
        VPCF232FX/B
      • Motherboard:
        Sony Corporation VAIO
      • CPU:
      • Memory:
        8.00 GB Crucial CT2KIT51264BF1339 DDR3 1333
      • Graphics:
      • Sound Card:
        Realtek High Definition Audio/nVidia High Definition Audio
      • Hard Drives:
        TOSHIBA MK5061GSY 500 GB (465 GB actual)
      • Case:
        Laptop black matte case with backlit keyboard
      • Cooling:
        Air cooling via fan and heat exchanger heatsink
      • Display:
        Laptop display
      • Operating System:
        Windows 7 Home Premium 64 Bit

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    It does not appear to be a virus or malware. I find multiple references to it in Windows debugging articles, books, etc. Here is the best source of information I found about what it is doing: http://blog.airesoft.co.uk/2010/10/a...ting-messages/
    LilBambi says thanks for this.

  3. #3

    Join Date
    Mar 2012
    Posts
    469

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    I've been curious about this myself. There's some nomenclature for symbol (function) names that Windows uses that I've been trying to wrap my head around. This is one of them. If anyone can find out about it that'd be splendid, but so far all I've seen are people putting them to use, rather than describing them. Given that it's from win32k module, it's definite it relates to usermode stuff, and this in particular is relevant to window handling, so that much at least can be discerned.
    writhziden says thanks for this.

  4. #4

    Join Date
    Feb 2012
    Posts
    2,081
    Blog Entries
    7

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    Started looking into this, and I found a lot of stuff about these prefixes.

    Here's my start page: http://www.carrona.org/stacpref.html

    Then I found this: http://en.wikipedia.org/wiki/Native_API

    The most compelling explanation I've found suggested is that the xxx is for experimental stuff. But going through the info on Native API's in MSDN rapidly gets confusing and goes well beyond my understanding: http://msdn.microsoft.com/en-us/libr...7%28v=vs.85%29

    Got this before I got too confused:
    Driver Support Routines
    http://msdn.microsoft.com/en-us/libr...0%28v=vs.85%29


    Ob - Object Manager
    Mm - Memory Manager
    Ps - Process and Thread Manager Routines
    Io - I/O Manager Routines
    Po - Power Manager Routines
    Cm - Configuration Manager Routines
    Tm (and Zw) - Kernel Transaction Manager (KTM) Routines
    Se - Security Reference Monitor Routines
    Ke - Core Kernel Library Support Routines
    Ex - Executive Library Support Routines
    Rtl - Run-Time Library (RTL) Routines/Safe String Library Routines/Safe Integer Library Routines
    Dma - DMA Library Routines (?)
    Hal - HAL Library Routines
    Clfs - CLFS Management Library Routines
    Zw - ZwXxx Routines
    Aux - Auxiliary Kernel-Mode Library Routines and Structures
    BTW - the ZwXxx Routines is a dead-end for the xxx prefix.
    It actually stands for the the stuff after ZW when the routine is listed (for example, KeXxx is shorthand for the stuff after Ke here: KeBugCheckEx)
    Last edited by usasma; 07-31-2012 at 10:16 AM.
    Vir Gnarus, writhziden, Shintaro and 1 others say thanks for this.

  5. #5

    Join Date
    Mar 2012
    Posts
    469

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    Awesome googling there, usasma. Thanks a mil!

  6. #6
    writhziden's Avatar
    Join Date
    May 2012
    Location
    Colorado
    Posts
    2,304
    • specs System Specs
      • Manufacturer:
        Sony
      • Model Number:
        VPCF232FX/B
      • Motherboard:
        Sony Corporation VAIO
      • CPU:
      • Memory:
        8.00 GB Crucial CT2KIT51264BF1339 DDR3 1333
      • Graphics:
      • Sound Card:
        Realtek High Definition Audio/nVidia High Definition Audio
      • Hard Drives:
        TOSHIBA MK5061GSY 500 GB (465 GB actual)
      • Case:
        Laptop black matte case with backlit keyboard
      • Cooling:
        Air cooling via fan and heat exchanger heatsink
      • Display:
        Laptop display
      • Operating System:
        Windows 7 Home Premium 64 Bit

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    Thank you both for adding to my (lack of) information.

    I know very little about the stack outside of what I do with it for C++ programming; it is one area I would like to improve upon. I just did a quick Google search to see if the xxx meant the trace showed an item that was malware related.

  7. #7
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    47
    Posts
    175

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    Thanks heaps Usasma.

    Now down to reading more and trying to understand more.
    Try to live an ordinary life, in a non-ordinary way.

  8. #8

    Join Date
    Feb 2012
    Posts
    2,081
    Blog Entries
    7

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    Read it and read it again, then again!

    I've read version 4 and version 5 of Windows Internals from cover-to-cover several times.
    Each time through I understand a bit more.

    Good luck!
    LilBambi says thanks for this.

  9. #9

    Join Date
    Mar 2012
    Posts
    469

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    You're a better man than I. I have a hard time reading through a several pages without dozing off, yet to finish 5th edition.

  10. #10

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    Quote Originally Posted by Vir Gnarus View Post
    You're a better man than I. I have a hard time reading through a several pages without dozing off, yet to finish 5th edition.
    Indeed. I have difficulty staying focused on what I'm reading and usually get sidetracked

    I still do wish I had the actual books though, it would make for great reference.

  11. #11

    Join Date
    Mar 2012
    Posts
    469

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    I have both digital and hardback versions of 5th edition. I much prefer reading the printed version when I want to do extended reading on a subject, but digital is always vastly superior for reference given the ability to do text search and whatnot.

  12. #12
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    47
    Posts
    175

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    I must admit I like the physical books, but it is a pain to carry around. I went out and bought a $140 AUD 7" pad with Android 4 on it. I have all my books in PDF format on it.
    I later on I might buy a 10" pad.
    Try to live an ordinary life, in a non-ordinary way.

  13. #13

    Join Date
    Feb 2017
    Location
    WA
    Posts
    1

    Re: What is xxx in win32k!xxxInternalGetMessage Anybody seen that?

    The xxx prefix means the function may leave the critical section.
    The xxx name is a hint to Microsoft engineers that the function may leave the critical section, which has consequences on the way the code must be written: for example, objects need to be locked (refcounted) before calling an xxx function if you want to ensure they do not get deleted by some other thread before the xxx function returns.
    xxx was chosen because it was easy to search for, easy to see.

Similar Threads

  1. Symbols could not be loaded for win32k.sys
    By writhziden in forum BSOD Processing Apps Download | Information | Discussions
    Replies: 47
    Last Post: 08-24-2012, 08:19 PM
  2. win32k symbol errors
    By jcgriff2 in forum BSOD, Crashes, Kernel Debugging
    Replies: 7
    Last Post: 06-06-2012, 07:41 AM

Log in

Log in