获取CPU每个核心的IDT信息
0x00 简介
记得2008年看保护模式的教程时,痛苦与那些众多的位信息等复杂的结构。 后来入这行,干了几年的驱动。 这是才对这些CPU基本的知识有点了解。
IDT,中断描述符表,这个基本的东西,岂能不会。 IDT HOOK的东西已经很多了,不过这里不是搞这个的(因为64位windows上是不建议的,除非...),而是检测IDT HOOK,向处理器虚拟化进军的。
好了,闲话不说,进入正题,之前之所以没有搞是因为没有找到权威的,可行的资料,具体的说是结构。
0x01 start
这里不说保护模式的一些基本原理,假定看官已经知道了。
下面正式进入主题: 如何开始呢? IDT是由IDTR指定的
这里先用WINDBG手工分析下,然后编程实现。
0: kd> r idtr idtr=8003f400
这个IDT有多大呢?
0: kd> r idtl idtl=000007ff
其实大小就是这个数加一。
地址找到了,大小找到了,关键是这个是啥结构,IDT长啥样呢?
0: kd> dt _KIDTENTRY ntdll!_KIDTENTRY +0x000 Offset : Uint2B +0x002 Selector : Uint2B +0x004 Access : Uint2B +0x006 ExtendedOffset : Uint2B
就这样。
就是这个结构的数组。
下面看看第一个成员。
0: kd> dt _KIDTENTRY 8003f400 ntdll!_KIDTENTRY +0x000 Offset : 0x3360 +0x002 Selector : 8 +0x004 Access : 0x8e00 +0x006 ExtendedOffset : 0x8054
这个结构的具体的含义,请看Intel的手册或者相关的资料。
经过计算得出地址是:0x80543360
验证的方式之一:
0: kd> u 0x80543360 nt!KiTrap00: 80543360 6a00 push 0 80543362 66c74424020000 mov word ptr [esp+2],0 80543369 55 push ebp 8054336a 53 push ebx 8054336b 56 push esi 8054336c 57 push edi 8054336d 0fa0 push fs 8054336f bb30000000 mov ebx,30h
看到了吧!显示的是正确的。
另一个办法是:
0: kd> !idt -a Dumping IDT: 8003f400 8cde863500000000: 80543360 nt!KiTrap00 8cde863500000001: 805434dc nt!KiTrap01 8cde863500000002: Task Selector = 0x0058 8cde863500000003: 805438f0 nt!KiTrap03 8cde863500000004: 80543a70 nt!KiTrap04 8cde863500000005: 80543bd0 nt!KiTrap05 8cde863500000006: 80543d44 nt!KiTrap06 8cde863500000007: 805443bc nt!KiTrap07 8cde863500000008: Task Selector = 0x0050 8cde863500000009: 805447c0 nt!KiTrap09 8cde86350000000a: 805448e0 nt!KiTrap0A 8cde86350000000b: 80544a20 nt!KiTrap0B 8cde86350000000c: 80544c80 nt!KiTrap0C 8cde86350000000d: 80544f6c nt!KiTrap0D 8cde86350000000e: 8054568c nt!KiTrap0E 8cde86350000000f: 8054590c nt!KiTrap0F 8cde863500000010: 80545a2c nt!KiTrap10 8cde863500000011: 80545b68 nt!KiTrap11 8cde863500000012: Task Selector = 0x00A0 8cde863500000013: 80545cd0 nt!KiTrap13 8cde863500000014: 8054590c nt!KiTrap0F 8cde863500000015: 8054590c nt!KiTrap0F 8cde863500000016: 8054590c nt!KiTrap0F 8cde863500000017: 8054590c nt!KiTrap0F 8cde863500000018: 8054590c nt!KiTrap0F 8cde863500000019: 8054590c nt!KiTrap0F 8cde86350000001a: 8054590c nt!KiTrap0F 8cde86350000001b: 8054590c nt!KiTrap0F 8cde86350000001c: 8054590c nt!KiTrap0F 8cde86350000001d: 8054590c nt!KiTrap0F 8cde86350000001e: 8054590c nt!KiTrap0F 8cde86350000001f: 806e810c hal!HalpApicSpuriousService 8cde863500000020: 00000000 8cde863500000021: 00000000 8cde863500000022: 00000000 8cde863500000023: 00000000 8cde863500000024: 00000000 8cde863500000025: 00000000 8cde863500000026: 00000000 8cde863500000027: 00000000 8cde863500000028: 00000000 8cde863500000029: 00000000 8cde86350000002a: 80542b8e nt!KiGetTickCount 8cde86350000002b: 80542c90 nt!KiCallbackReturn 8cde86350000002c: 80542e40 nt!KiSetLowWaitHighThread 8cde86350000002d: 805437cc nt!KiDebugService 8cde86350000002e: 80542611 nt!KiSystemService 8cde86350000002f: 8054590c nt!KiTrap0F 8cde863500000030: 80541cd0 nt!KiStartUnexpectedRange 8cde863500000031: 80541cda nt!KiUnexpectedInterrupt1 8cde863500000032: 80541ce4 nt!KiUnexpectedInterrupt2 8cde863500000033: 80541cee nt!KiUnexpectedInterrupt3 8cde863500000034: 80541cf8 nt!KiUnexpectedInterrupt4 8cde863500000035: 80541d02 nt!KiUnexpectedInterrupt5 8cde863500000036: 80541d0c nt!KiUnexpectedInterrupt6 8cde863500000037: 806e7864 hal!PicSpuriousService37 8cde863500000038: 80541d20 nt!KiUnexpectedInterrupt8 8cde863500000039: 80541d2a nt!KiUnexpectedInterrupt9 8cde86350000003a: 80541d34 nt!KiUnexpectedInterrupt10 8cde86350000003b: 80541d3e nt!KiUnexpectedInterrupt11 8cde86350000003c: 80541d48 nt!KiUnexpectedInterrupt12 8cde86350000003d: 806e8e2c hal!HalpApcInterrupt 8cde86350000003e: 80541d5c nt!KiUnexpectedInterrupt14 8cde86350000003f: 80541d66 nt!KiUnexpectedInterrupt15 8cde863500000040: 80541d70 nt!KiUnexpectedInterrupt16 8cde863500000041: 806e8c88 hal!HalpDispatchInterrupt 8cde863500000042: 80541d84 nt!KiUnexpectedInterrupt18 8cde863500000043: 80541d8e nt!KiUnexpectedInterrupt19 8cde863500000044: 80541d98 nt!KiUnexpectedInterrupt20 8cde863500000045: 80541da2 nt!KiUnexpectedInterrupt21 8cde863500000046: 80541dac nt!KiUnexpectedInterrupt22 8cde863500000047: 80541db6 nt!KiUnexpectedInterrupt23 8cde863500000048: 80541dc0 nt!KiUnexpectedInterrupt24 8cde863500000049: 80541dca nt!KiUnexpectedInterrupt25 8cde86350000004a: 80541dd4 nt!KiUnexpectedInterrupt26 8cde86350000004b: 80541dde nt!KiUnexpectedInterrupt27 8cde86350000004c: 80541de8 nt!KiUnexpectedInterrupt28 8cde86350000004d: 80541df2 nt!KiUnexpectedInterrupt29 8cde86350000004e: 80541dfc nt!KiUnexpectedInterrupt30 8cde86350000004f: 80541e06 nt!KiUnexpectedInterrupt31 8cde863500000050: 806e793c hal!HalpApicRebootService 8cde863500000051: 80541e1a nt!KiUnexpectedInterrupt33 8cde863500000052: 80541e24 nt!KiUnexpectedInterrupt34 8cde863500000053: 80541e2e nt!KiUnexpectedInterrupt35 8cde863500000054: 80541e38 nt!KiUnexpectedInterrupt36 8cde863500000055: 80541e42 nt!KiUnexpectedInterrupt37 8cde863500000056: 80541e4c nt!KiUnexpectedInterrupt38 8cde863500000057: 80541e56 nt!KiUnexpectedInterrupt39 8cde863500000058: 80541e60 nt!KiUnexpectedInterrupt40 8cde863500000059: 80541e6a nt!KiUnexpectedInterrupt41 8cde86350000005a: 80541e74 nt!KiUnexpectedInterrupt42 8cde86350000005b: 80541e7e nt!KiUnexpectedInterrupt43 8cde86350000005c: 80541e88 nt!KiUnexpectedInterrupt44 8cde86350000005d: 80541e92 nt!KiUnexpectedInterrupt45 8cde86350000005e: 80541e9c nt!KiUnexpectedInterrupt46 8cde86350000005f: 80541ea6 nt!KiUnexpectedInterrupt47 8cde863500000060: 80541eb0 nt!KiUnexpectedInterrupt48 8cde863500000061: 80541eba nt!KiUnexpectedInterrupt49 8cde863500000062: 81c2f044 atapi!IdePortInterrupt (KINTERRUPT 81c2f008) 8cde863500000063: 81c0a624 portcls!CKsShellRequestor::`vector deleting destructor'+0x26 (KINTERRUPT 81c0a5e8) 8cde863500000064: 80541ed8 nt!KiUnexpectedInterrupt52 8cde863500000065: 80541ee2 nt!KiUnexpectedInterrupt53 8cde863500000066: 80541eec nt!KiUnexpectedInterrupt54 8cde863500000067: 80541ef6 nt!KiUnexpectedInterrupt55 8cde863500000068: 80541f00 nt!KiUnexpectedInterrupt56 8cde863500000069: 80541f0a nt!KiUnexpectedInterrupt57 8cde86350000006a: 80541f14 nt!KiUnexpectedInterrupt58 8cde86350000006b: 80541f1e nt!KiUnexpectedInterrupt59 8cde86350000006c: 80541f28 nt!KiUnexpectedInterrupt60 8cde86350000006d: 80541f32 nt!KiUnexpectedInterrupt61 8cde86350000006e: 80541f3c nt!KiUnexpectedInterrupt62 8cde86350000006f: 80541f46 nt!KiUnexpectedInterrupt63 8cde863500000070: 80541f50 nt!KiUnexpectedInterrupt64 8cde863500000071: 80541f5a nt!KiUnexpectedInterrupt65 8cde863500000072: 80541f64 nt!KiUnexpectedInterrupt66 8cde863500000073: 81efabec SCSIPORT!ScsiPortInterrupt (KINTERRUPT 81efabb0) 8cde863500000074: 80541f78 nt!KiUnexpectedInterrupt68 8cde863500000075: 80541f82 nt!KiUnexpectedInterrupt69 8cde863500000076: 80541f8c nt!KiUnexpectedInterrupt70 8cde863500000077: 80541f96 nt!KiUnexpectedInterrupt71 8cde863500000078: 80541fa0 nt!KiUnexpectedInterrupt72 8cde863500000079: 80541faa nt!KiUnexpectedInterrupt73 8cde86350000007a: 80541fb4 nt!KiUnexpectedInterrupt74 8cde86350000007b: 80541fbe nt!KiUnexpectedInterrupt75 8cde86350000007c: 80541fc8 nt!KiUnexpectedInterrupt76 8cde86350000007d: 80541fd2 nt!KiUnexpectedInterrupt77 8cde86350000007e: 80541fdc nt!KiUnexpectedInterrupt78 8cde86350000007f: 80541fe6 nt!KiUnexpectedInterrupt79 8cde863500000080: 80541ff0 nt!KiUnexpectedInterrupt80 8cde863500000081: 80541ffa nt!KiUnexpectedInterrupt81 8cde863500000082: 820c1bec atapi!IdePortInterrupt (KINTERRUPT 820c1bb0) 8cde863500000083: 81c1d044 *** ERROR: Symbol file could not be found. Defaulted to export symbols for vmci.sys - vmci!DllUnload+0x7d6 (KINTERRUPT 81c1d008) 8cde863500000084: 80542018 nt!KiUnexpectedInterrupt84 8cde863500000085: 80542022 nt!KiUnexpectedInterrupt85 8cde863500000086: 8054202c nt!KiUnexpectedInterrupt86 8cde863500000087: 80542036 nt!KiUnexpectedInterrupt87 8cde863500000088: 80542040 nt!KiUnexpectedInterrupt88 8cde863500000089: 8054204a nt!KiUnexpectedInterrupt89 8cde86350000008a: 80542054 nt!KiUnexpectedInterrupt90 8cde86350000008b: 8054205e nt!KiUnexpectedInterrupt91 8cde86350000008c: 80542068 nt!KiUnexpectedInterrupt92 8cde86350000008d: 80542072 nt!KiUnexpectedInterrupt93 8cde86350000008e: 8054207c nt!KiUnexpectedInterrupt94 8cde86350000008f: 80542086 nt!KiUnexpectedInterrupt95 8cde863500000090: 80542090 nt!KiUnexpectedInterrupt96 8cde863500000091: 8054209a nt!KiUnexpectedInterrupt97 8cde863500000092: 805420a4 nt!KiUnexpectedInterrupt98 8cde863500000093: 82059bec i8042prt!I8042KeyboardInterruptService (KINTERRUPT 82059bb0) 8cde863500000094: 805420b8 nt!KiUnexpectedInterrupt100 8cde863500000095: 805420c2 nt!KiUnexpectedInterrupt101 8cde863500000096: 805420cc nt!KiUnexpectedInterrupt102 8cde863500000097: 805420d6 nt!KiUnexpectedInterrupt103 8cde863500000098: 805420e0 nt!KiUnexpectedInterrupt104 8cde863500000099: 805420ea nt!KiUnexpectedInterrupt105 8cde86350000009a: 805420f4 nt!KiUnexpectedInterrupt106 8cde86350000009b: 805420fe nt!KiUnexpectedInterrupt107 8cde86350000009c: 80542108 nt!KiUnexpectedInterrupt108 8cde86350000009d: 80542112 nt!KiUnexpectedInterrupt109 8cde86350000009e: 8054211c nt!KiUnexpectedInterrupt110 8cde86350000009f: 80542126 nt!KiUnexpectedInterrupt111 8cde8635000000a0: 80542130 nt!KiUnexpectedInterrupt112 8cde8635000000a1: 8054213a nt!KiUnexpectedInterrupt113 8cde8635000000a2: 80542144 nt!KiUnexpectedInterrupt114 8cde8635000000a3: 82002044 i8042prt!I8042MouseInterruptService (KINTERRUPT 82002008) 8cde8635000000a4: 80542158 nt!KiUnexpectedInterrupt116 8cde8635000000a5: 80542162 nt!KiUnexpectedInterrupt117 8cde8635000000a6: 8054216c nt!KiUnexpectedInterrupt118 8cde8635000000a7: 80542176 nt!KiUnexpectedInterrupt119 8cde8635000000a8: 80542180 nt!KiUnexpectedInterrupt120 8cde8635000000a9: 8054218a nt!KiUnexpectedInterrupt121 8cde8635000000aa: 80542194 nt!KiUnexpectedInterrupt122 8cde8635000000ab: 8054219e nt!KiUnexpectedInterrupt123 8cde8635000000ac: 805421a8 nt!KiUnexpectedInterrupt124 8cde8635000000ad: 805421b2 nt!KiUnexpectedInterrupt125 8cde8635000000ae: 805421bc nt!KiUnexpectedInterrupt126 8cde8635000000af: 805421c6 nt!KiUnexpectedInterrupt127 8cde8635000000b0: 805421d0 nt!KiUnexpectedInterrupt128 8cde8635000000b1: 820ca044 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT 820ca008) 8cde8635000000b2: 805421e4 nt!KiUnexpectedInterrupt130 8cde8635000000b3: 805421ee nt!KiUnexpectedInterrupt131 8cde8635000000b4: 81f43a94 NDIS!ndisMIsr (KINTERRUPT 81f43a58) 8cde8635000000b5: 80542202 nt!KiUnexpectedInterrupt133 8cde8635000000b6: 8054220c nt!KiUnexpectedInterrupt134 8cde8635000000b7: 80542216 nt!KiUnexpectedInterrupt135 8cde8635000000b8: 80542220 nt!KiUnexpectedInterrupt136 8cde8635000000b9: 8054222a nt!KiUnexpectedInterrupt137 8cde8635000000ba: 80542234 nt!KiUnexpectedInterrupt138 8cde8635000000bb: 8054223e nt!KiUnexpectedInterrupt139 8cde8635000000bc: 80542248 nt!KiUnexpectedInterrupt140 8cde8635000000bd: 80542252 nt!KiUnexpectedInterrupt141 8cde8635000000be: 8054225c nt!KiUnexpectedInterrupt142 8cde8635000000bf: 80542266 nt!KiUnexpectedInterrupt143 8cde8635000000c0: 80542270 nt!KiUnexpectedInterrupt144 8cde8635000000c1: 806e7ac0 hal!HalpBroadcastCallService 8cde8635000000c2: 80542284 nt!KiUnexpectedInterrupt146 8cde8635000000c3: 8054228e nt!KiUnexpectedInterrupt147 8cde8635000000c4: 80542298 nt!KiUnexpectedInterrupt148 8cde8635000000c5: 805422a2 nt!KiUnexpectedInterrupt149 8cde8635000000c6: 805422ac nt!KiUnexpectedInterrupt150 8cde8635000000c7: 805422b6 nt!KiUnexpectedInterrupt151 8cde8635000000c8: 805422c0 nt!KiUnexpectedInterrupt152 8cde8635000000c9: 805422ca nt!KiUnexpectedInterrupt153 8cde8635000000ca: 805422d4 nt!KiUnexpectedInterrupt154 8cde8635000000cb: 805422de nt!KiUnexpectedInterrupt155 8cde8635000000cc: 805422e8 nt!KiUnexpectedInterrupt156 8cde8635000000cd: 805422f2 nt!KiUnexpectedInterrupt157 8cde8635000000ce: 805422fc nt!KiUnexpectedInterrupt158 8cde8635000000cf: 80542306 nt!KiUnexpectedInterrupt159 8cde8635000000d0: 80542310 nt!KiUnexpectedInterrupt160 8cde8635000000d1: 806e6e54 hal!HalpClockInterrupt 8cde8635000000d2: 80542324 nt!KiUnexpectedInterrupt162 8cde8635000000d3: 8054232e nt!KiUnexpectedInterrupt163 8cde8635000000d4: 80542338 nt!KiUnexpectedInterrupt164 8cde8635000000d5: 80542342 nt!KiUnexpectedInterrupt165 8cde8635000000d6: 8054234c nt!KiUnexpectedInterrupt166 8cde8635000000d7: 80542356 nt!KiUnexpectedInterrupt167 8cde8635000000d8: 80542360 nt!KiUnexpectedInterrupt168 8cde8635000000d9: 8054236a nt!KiUnexpectedInterrupt169 8cde8635000000da: 80542374 nt!KiUnexpectedInterrupt170 8cde8635000000db: 8054237e nt!KiUnexpectedInterrupt171 8cde8635000000dc: 80542388 nt!KiUnexpectedInterrupt172 8cde8635000000dd: 80542392 nt!KiUnexpectedInterrupt173 8cde8635000000de: 8054239c nt!KiUnexpectedInterrupt174 8cde8635000000df: 805423a6 nt!KiUnexpectedInterrupt175 8cde8635000000e0: 805423b0 nt!KiUnexpectedInterrupt176 8cde8635000000e1: 806e8048 hal!HalpIpiHandler 8cde8635000000e2: 805423c4 nt!KiUnexpectedInterrupt178 8cde8635000000e3: 806e7dac hal!HalpLocalApicErrorService 8cde8635000000e4: 805423d8 nt!KiUnexpectedInterrupt180 8cde8635000000e5: 805423e2 nt!KiUnexpectedInterrupt181 8cde8635000000e6: 805423ec nt!KiUnexpectedInterrupt182 8cde8635000000e7: 805423f6 nt!KiUnexpectedInterrupt183 8cde8635000000e8: 80542400 nt!KiUnexpectedInterrupt184 8cde8635000000e9: 8054240a nt!KiUnexpectedInterrupt185 8cde8635000000ea: 80542414 nt!KiUnexpectedInterrupt186 8cde8635000000eb: 8054241e nt!KiUnexpectedInterrupt187 8cde8635000000ec: 80542428 nt!KiUnexpectedInterrupt188 8cde8635000000ed: 80542432 nt!KiUnexpectedInterrupt189 8cde8635000000ee: 80542439 nt!KiUnexpectedInterrupt190 8cde8635000000ef: 80542440 nt!KiUnexpectedInterrupt191 8cde8635000000f0: 80542447 nt!KiUnexpectedInterrupt192 8cde8635000000f1: 8054244e nt!KiUnexpectedInterrupt193 8cde8635000000f2: 80542455 nt!KiUnexpectedInterrupt194 8cde8635000000f3: 8054245c nt!KiUnexpectedInterrupt195 8cde8635000000f4: 80542463 nt!KiUnexpectedInterrupt196 8cde8635000000f5: 8054246a nt!KiUnexpectedInterrupt197 8cde8635000000f6: 80542471 nt!KiUnexpectedInterrupt198 8cde8635000000f7: 80542478 nt!KiUnexpectedInterrupt199 8cde8635000000f8: 8054247f nt!KiUnexpectedInterrupt200 8cde8635000000f9: 80542486 nt!KiUnexpectedInterrupt201 8cde8635000000fa: 8054248d nt!KiUnexpectedInterrupt202 8cde8635000000fb: 80542494 nt!KiUnexpectedInterrupt203 8cde8635000000fc: 8054249b nt!KiUnexpectedInterrupt204 8cde8635000000fd: 806e85a8 hal!HalpProfileInterrupt 8cde8635000000fe: 806e8748 hal!HalpPerfInterrupt 8cde8635000000ff: 805424b0 nt!KiUnexpectedInterrupt207
注意:要带参数,不然不显示NTOS*.EXE中的中断。
至此:X86上的一个CPU的IDT样例分析完毕。
至于剩余CPU的,X64的分析类似,具体的分析可以看附件。
也可以作为看官的作业题。作业完成算是看懂了本文。
下面简单说一下编码的注意事项:
1.首先是多CPU。
早期的Windows版本可以用内核导出的变量KeNumberProcessors。
高版本的可以搜索KeGet*或者KeQuery系列的函数。
2.附加/贴近CPU,具体的说是线程,可以参考:
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
3.因为是底层的操作,大多是用汇编实现的,还好微软提供了:
__sidt 参见:http://msdn.microsoft.com/zh-cn/library/aa983358%28v=vs.120%29.aspx
另一个思路是用:KeGetPcr()。
这个在X86上可以自己实现,其实也是用封装的汇编指令。
X64上这个可以直接调用。
4.如果要HOOK,看看如下两个链接:
_disable https://msdn.microsoft.com/zh-cn/library/y14401ab(v=vs.90).aspx
_enable https://msdn.microsoft.com/zh-cn/library/ad820yz3(v=vs.90).aspx
5.具体的编码和处理就看你的了。
再补充点: 32位下IDTR指向的位置可以用结构:
1 // Special Registers for i386 2 typedef struct _X86_DESCRIPTOR { 3 USHORT Pad; 4 USHORT Limit; 5 ULONG Base; 6 } X86_DESCRIPTOR, *PX86_DESCRIPTOR; 7 8 kd> dt _DESCRIPTOR 注意:64位下没有这个结构。 9 nt!_DESCRIPTOR 10 +0x000 Pad : Uint2B 11 +0x002 Limit : Uint2B 12 +0x004 Base : Uint4B
64位下IDTR指向的位置可以用结构:
1 // Special Registers for AMD64. 2 typedef struct _AMD64_DESCRIPTOR { 3 USHORT Pad[3]; 4 USHORT Limit; 5 ULONG64 Base; 6 } AMD64_DESCRIPTOR, *PAMD64_DESCRIPTOR; 7 8 1: kd> dt _AMD64_DESCRIPTOR 注意:运行环境是64位系统。 9 test!_AMD64_DESCRIPTOR 10 +0x000 Pad : [3] Uint2B 11 +0x006 Limit : Uint2B 12 +0x008 Base : Uint8B
不说了:看垃圾代码吧! 注释以上的结构摘自:WRK。 书于匆忙之后,如有不足请指正。
1 /* 2 功能:显示每个CPU的IDT信息。 3 注释:一下结构摘自WRK。 4 5 参考: 6 http://uninformed.org/index.cgi?v=8&a=2&p=8 7 http://resources.infosecinstitute.com/hooking-idt/ 8 9 made by correy. 10 made at 2015.01.05. 11 */ 12 13 #include <ntifs.h> 14 #include <windef.h> 15 16 typedef 17 VOID 18 (*PKINTERRUPT_ROUTINE) ( 19 VOID 20 ); 21 22 struct _KINTERRUPT; 23 24 // begin_ntddk begin_wdm begin_ntifs begin_ntosp 25 26 typedef 27 BOOLEAN 28 (*PKSERVICE_ROUTINE) ( 29 IN struct _KINTERRUPT *Interrupt, 30 IN PVOID ServiceContext 31 ); 32 33 #define NORMAL_DISPATCH_LENGTH 106 // ntddk wdm 34 #define DISPATCH_LENGTH NORMAL_DISPATCH_LENGTH // ntddk wdm 35 36 // Interrupt object 37 typedef struct _KINTERRUPT { 38 CSHORT Type; 39 CSHORT Size; 40 LIST_ENTRY InterruptListEntry; 41 PKSERVICE_ROUTINE ServiceRoutine; 42 PVOID ServiceContext; 43 KSPIN_LOCK SpinLock; 44 ULONG TickCount; 45 PKSPIN_LOCK ActualLock; 46 PKINTERRUPT_ROUTINE DispatchAddress; 47 ULONG Vector; 48 KIRQL Irql; 49 KIRQL SynchronizeIrql; 50 BOOLEAN FloatingSave; 51 BOOLEAN Connected; 52 CCHAR Number; 53 BOOLEAN ShareVector; 54 KINTERRUPT_MODE Mode; 55 ULONG ServiceCount; 56 ULONG DispatchCount; 57 58 #if defined(_AMD64_) 59 PKTRAP_FRAME TrapFrame; 60 PVOID Reserved; 61 ULONG DispatchCode[DISPATCH_LENGTH]; 62 #else 63 ULONG DispatchCode[DISPATCH_LENGTH]; 64 #endif 65 66 } KINTERRUPT; 67 68 69 70 #if defined(_WIN64) 71 72 // Special Registers for AMD64. 73 typedef struct _AMD64_DESCRIPTOR { 74 USHORT Pad[3]; 75 USHORT Limit; 76 ULONG64 Base; 77 } AMD64_DESCRIPTOR, *PAMD64_DESCRIPTOR; 78 79 // Define Interrupt Descriptor Table (IDT) entry structure and constants. 80 typedef union _KIDTENTRY64 { 81 struct { 82 USHORT OffsetLow; 83 USHORT Selector; 84 USHORT IstIndex : 3; 85 USHORT Reserved0 : 5; 86 USHORT Type : 5; 87 USHORT Dpl : 2; 88 USHORT Present : 1; 89 USHORT OffsetMiddle; 90 ULONG OffsetHigh; 91 ULONG Reserved1; 92 }; 93 94 ULONG64 Alignment; 95 } KIDTENTRY64, *PKIDTENTRY64; 96 97 typedef union _KIDT_HANDLER_ADDRESS { 98 struct { 99 USHORT OffsetLow; 100 USHORT OffsetMiddle; 101 ULONG OffsetHigh; 102 }; 103 104 ULONG64 Address; 105 } KIDT_HANDLER_ADDRESS, *PKIDT_HANDLER_ADDRESS; 106 107 #define KiGetIdtFromVector(Vector) \ 108 &KeGetPcr()->IdtBase[HalVectorToIDTEntry(Vector)] 109 110 #define KeGetIdtHandlerAddress(Vector,Addr) { \ 111 KIDT_HANDLER_ADDRESS Handler; \ 112 PKIDTENTRY64 Idt; \ 113 \ 114 Idt = KiGetIdtFromVector(Vector); \ 115 Handler.OffsetLow = Idt->OffsetLow; \ 116 Handler.OffsetMiddle = Idt->OffsetMiddle; \ 117 Handler.OffsetHigh = Idt->OffsetHigh; \ 118 *(Addr) = (PVOID)(Handler.Address); \ 119 } 120 121 #define KeSetIdtHandlerAddress(Vector,Addr) { \ 122 KIDT_HANDLER_ADDRESS Handler; \ 123 PKIDTENTRY64 Idt; \ 124 \ 125 Idt = KiGetIdtFromVector(Vector); \ 126 Handler.Address = (ULONG64)(Addr); \ 127 Idt->OffsetLow = Handler.OffsetLow; \ 128 Idt->OffsetMiddle = Handler.OffsetMiddle; \ 129 Idt->OffsetHigh = Handler.OffsetHigh; \ 130 } 131 132 #else 133 134 // Special Registers for i386 135 typedef struct _X86_DESCRIPTOR { 136 USHORT Pad; 137 USHORT Limit; 138 ULONG Base; 139 } X86_DESCRIPTOR, *PX86_DESCRIPTOR; 140 141 142 // Entry of Interrupt Descriptor Table (IDTENTRY) 143 typedef struct _KIDTENTRY { 144 USHORT Offset; 145 USHORT Selector; 146 USHORT Access; 147 USHORT ExtendedOffset; 148 } KIDTENTRY; 149 typedef KIDTENTRY *PKIDTENTRY; 150 151 // begin_nthal 152 // 153 // Macro to set address of a trap/interrupt handler to IDT 154 // 155 #define KiSetHandlerAddressToIDT(Vector, HandlerAddress) {\ 156 UCHAR IDTEntry = HalVectorToIDTEntry(Vector); \ 157 ULONG Ha = (ULONG)HandlerAddress; \ 158 KeGetPcr()->IDT[IDTEntry].ExtendedOffset = HIGHWORD(Ha); \ 159 KeGetPcr()->IDT[IDTEntry].Offset = LOWWORD(Ha); \ 160 } 161 162 // 163 // Macro to return address of a trap/interrupt handler in IDT 164 // 165 #define KiReturnHandlerAddressFromIDT(Vector) \ 166 MAKEULONG(KiPcr()->IDT[HalVectorToIDTEntry(Vector)].ExtendedOffset, KiPcr()->IDT[HalVectorToIDTEntry(Vector)].Offset) 167 168 #endif 169 170 171 DRIVER_UNLOAD DriverUnload; 172 VOID DriverUnload(__in PDRIVER_OBJECT DriverObject) 173 { 174 175 } 176 177 178 #if defined(_WIN64) 179 void show_idt(int i) 180 /* 181 i的取值可以是0. 182 */ 183 { 184 AMD64_DESCRIPTOR idtr = {0}; 185 186 SIZE_T r = 0; 187 PVOID p = 0; 188 int index = 0; 189 int maximun = 0; 190 191 PKIDTENTRY64 pkidte = 0; 192 SIZE_T ISR = 0; 193 USHORT us = 0; 194 195 KeSetSystemAffinityThread(i + 1); 196 __sidt(&idtr);//KeGetPcr函数可是可用的哟! 197 KeRevertToUserAffinityThread(); 198 199 p = &idtr.Pad[1]; 200 r = * (SIZE_T *)p; 201 202 pkidte = (PKIDTENTRY64)r; 203 204 if (idtr.Pad[0] % sizeof(KIDTENTRY64) == 0) {//idtr.Pad[0] == 0xfff. 205 maximun = idtr.Pad[0] / sizeof(KIDTENTRY64); 206 } else { 207 maximun = idtr.Pad[0] / sizeof(KIDTENTRY64); 208 maximun++;//这个数也是256. 209 } 210 211 for ( ;index < maximun ;index++ ) 212 { 213 PKIDTENTRY64 pkidte_t = &pkidte[index]; 214 215 ISR = pkidte_t->OffsetHigh; 216 ISR = (ISR << 32); 217 ISR += (pkidte_t->OffsetLow + (pkidte_t->OffsetMiddle << 16)); 218 219 if (pkidte_t->IstIndex == 0) { 220 KdPrint(("第%d号CPU的第0x%02x中断的地址:0x%p\n", i, index, ISR)); 221 } else { 222 KdPrint(("第%d号CPU的第0x%02x中断的地址:0x%p\n", i, index, ISR));//还可以进一步获取Stack的信息。 223 } 224 } 225 } 226 #else 227 void show_idt(int i) 228 /* 229 i的取值可以是0. 230 */ 231 { 232 //SIZE_T IDTR; 233 X86_DESCRIPTOR idtr = {0};//A pointer to the memory location where the IDTR is stored. 234 235 SIZE_T r = 0; 236 PVOID p = 0; 237 int index = 0; 238 int maximun = 0; 239 240 PKIDTENTRY pkidte; 241 SIZE_T ISR = 0; 242 243 KeSetSystemAffinityThread(i + 1); 244 __sidt(&idtr);// http://msdn.microsoft.com/zh-cn/library/aa983358%28v=vs.120%29.aspx 另一个思路是自己实现:KeGetPcr()。 245 KeRevertToUserAffinityThread(); 246 247 p = &idtr.Limit; 248 r = * (SIZE_T *)p; 249 250 pkidte = (PKIDTENTRY)r; 251 252 /* 253 其实直接: 254 maximun = (idtr.Base + 1) / sizeof(KIDTENTRY); 255 也可以。 256 maximun一般等于256. 257 */ 258 if (idtr.Pad % sizeof(KIDTENTRY) == 0) { 259 maximun = idtr.Pad / sizeof(KIDTENTRY); 260 } else { 261 maximun = idtr.Pad / sizeof(KIDTENTRY); 262 maximun++; 263 } 264 265 for ( ;index < maximun ;index++ ) //另一个思路是根据Limit来遍历,这个数一般是2047 == 0x7ff. 266 { 267 PKIDTENTRY pkidte_t = &pkidte[index]; 268 269 if (pkidte_t->ExtendedOffset) { 270 ISR = pkidte_t->Offset + (pkidte_t->ExtendedOffset << 16); 271 KdPrint(("第%d号CPU的第0x%02x中断的地址:0x%p\n", i, index, ISR)); 272 } else {//注意:pkidte_t->ExtendedOffset == 0的情况的分析。 273 if (pkidte_t->Selector == 8) { 274 KdPrint(("第%d号CPU的第0x%02x中断没有使用。Offset:0x%x,Access:0x%x.\n", i, index, pkidte_t->Offset, pkidte_t->Access)); 275 } else { 276 KdPrint(("第%d号CPU的第0x%02x中断的Task Selector:0x%x, Offset:0x%x, Access:0x%x。\n", i, index, pkidte_t->Selector, pkidte_t->Offset, pkidte_t->Access)); 277 } 278 } 279 } 280 } 281 #endif 282 283 284 #pragma INITCODE 285 DRIVER_INITIALIZE DriverEntry; 286 NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT * DriverObject, __in PUNICODE_STRING RegistryPath) 287 { 288 int i = 0; 289 290 KdBreakPoint(); 291 292 DriverObject->DriverUnload = DriverUnload; 293 294 for ( ;i < KeNumberProcessors ;i++ )//KeQueryMaximumProcessorCount() 295 { 296 show_idt(i); 297 } 298 299 return STATUS_SUCCESS; 300 }
1 /* 2 0: kd> !idt 3 4 Dumping IDT: 8003f400 5 6 455901d000000037: 806e7864 hal!PicSpuriousService37 7 455901d00000003d: 806e8e2c hal!HalpApcInterrupt 8 455901d000000041: 806e8c88 hal!HalpDispatchInterrupt 9 455901d000000050: 806e793c hal!HalpApicRebootService 10 455901d000000062: 81fd6044 atapi!IdePortInterrupt (KINTERRUPT 81fd6008) 11 455901d000000063: 81f1ebec portcls!CKsShellRequestor::`vector deleting destructor'+0x26 (KINTERRUPT 81f1ebb0) 12 455901d000000073: 81d17bec SCSIPORT!ScsiPortInterrupt (KINTERRUPT 81d17bb0) 13 455901d000000082: 81e26bec atapi!IdePortInterrupt (KINTERRUPT 81e26bb0) 14 455901d000000083: 81c42044 vmci!DllUnload+0x7d6 (KINTERRUPT 81c42008) 15 VIDEOPRT!pVideoPortInterrupt (KINTERRUPT 81d0e758) 16 455901d000000093: 81fcd684 i8042prt!I8042KeyboardInterruptService (KINTERRUPT 81fcd648) 17 455901d0000000a3: 81d0ebec i8042prt!I8042MouseInterruptService (KINTERRUPT 81d0ebb0) 18 455901d0000000b1: 820ce8cc ACPI!ACPIInterruptServiceRoutine (KINTERRUPT 820ce890) 19 455901d0000000b4: 81e1e9ec NDIS!ndisMIsr (KINTERRUPT 81e1e9b0) 20 455901d0000000c1: 806e7ac0 hal!HalpBroadcastCallService 21 455901d0000000d1: 806e6e54 hal!HalpClockInterrupt 22 455901d0000000e1: 806e8048 hal!HalpIpiHandler 23 455901d0000000e3: 806e7dac hal!HalpLocalApicErrorService 24 455901d0000000fd: 806e85a8 hal!HalpProfileInterrupt 25 455901d0000000fe: 806e8748 hal!HalpPerfInterrupt 26 27 0: kd> !pcr 28 KPCR for Processor 0 at ffdff000: 29 Major 1 Minor 1 30 NtTib.ExceptionList: 80551cb0 31 NtTib.StackBase: 805524f0 32 NtTib.StackLimit: 8054f700 33 NtTib.SubSystemTib: 00000000 34 NtTib.Version: 00000000 35 NtTib.UserPointer: 00000000 36 NtTib.SelfTib: 00000000 37 38 SelfPcr: ffdff000 39 Prcb: ffdff120 40 Irql: 00000000 41 IRR: 00000000 42 IDR: ffffffff 43 InterruptMode: 00000000 44 IDT: 8003f400 45 GDT: 8003f000 46 TSS: 80042000 47 48 CurrentThread: 8055ce60 49 NextThread: 00000000 50 IdleThread: 8055ce60 51 52 DpcQueue: 53 0: kd> r idtr 54 idtr=8003f400 55 0: kd> dw idtr 56 8003f400 3360 0008 8e00 8054 34dc 0008 8e00 8054 57 8003f410 113e 0058 8500 0000 38f0 0008 ee00 8054 58 8003f420 3a70 0008 ee00 8054 3bd0 0008 8e00 8054 59 8003f430 3d44 0008 8e00 8054 43bc 0008 8e00 8054 60 8003f440 1198 0050 8500 0000 47c0 0008 8e00 8054 61 8003f450 48e0 0008 8e00 8054 4a20 0008 8e00 8054 62 8003f460 4c80 0008 8e00 8054 4f6c 0008 8e00 8054 63 8003f470 568c 0008 8e00 8054 590c 0008 8e00 8054 64 0: kd> u 80543360 65 nt!KiTrap00: 66 80543360 6a00 push 0 67 80543362 66c74424020000 mov word ptr [esp+2],0 68 80543369 55 push ebp 69 8054336a 53 push ebx 70 8054336b 56 push esi 71 8054336c 57 push edi 72 8054336d 0fa0 push fs 73 8054336f bb30000000 mov ebx,30h 74 0: kd> u 805434dc 75 nt!KiTrap01: 76 805434dc 6a00 push 0 77 805434de 66c74424020000 mov word ptr [esp+2],0 78 805434e5 55 push ebp 79 805434e6 53 push ebx 80 805434e7 56 push esi 81 805434e8 57 push edi 82 805434e9 0fa0 push fs 83 805434eb bb30000000 mov ebx,30h 84 1: kd> !idt -a 85 86 Dumping IDT: f8733590 87 88 2d65dee600000000: 80543360 nt!KiTrap00 89 2d65dee600000001: 805434dc nt!KiTrap01 90 2d65dee600000002: Task Selector = 0x0058 91 2d65dee600000003: 805438f0 nt!KiTrap03 92 2d65dee600000004: 80543a70 nt!KiTrap04 93 2d65dee600000005: 80543bd0 nt!KiTrap05 94 2d65dee600000006: 80543d44 nt!KiTrap06 95 2d65dee600000007: 805443bc nt!KiTrap07 96 2d65dee600000008: Task Selector = 0x0050 97 2d65dee600000009: 805447c0 nt!KiTrap09 98 2d65dee60000000a: 805448e0 nt!KiTrap0A 99 2d65dee60000000b: 80544a20 nt!KiTrap0B 100 2d65dee60000000c: 80544c80 nt!KiTrap0C 101 2d65dee60000000d: 80544f6c nt!KiTrap0D 102 2d65dee60000000e: 8054568c nt!KiTrap0E 103 2d65dee60000000f: 8054590c nt!KiTrap0F 104 2d65dee600000010: 80545a2c nt!KiTrap10 105 2d65dee600000011: 80545b68 nt!KiTrap11 106 2d65dee600000012: Task Selector = 0x00A0 107 2d65dee600000013: 80545cd0 nt!KiTrap13 108 2d65dee600000014: 8054590c nt!KiTrap0F 109 2d65dee600000015: 8054590c nt!KiTrap0F 110 2d65dee600000016: 8054590c nt!KiTrap0F 111 2d65dee600000017: 8054590c nt!KiTrap0F 112 2d65dee600000018: 8054590c nt!KiTrap0F 113 2d65dee600000019: 8054590c nt!KiTrap0F 114 2d65dee60000001a: 8054590c nt!KiTrap0F 115 2d65dee60000001b: 8054590c nt!KiTrap0F 116 2d65dee60000001c: 8054590c nt!KiTrap0F 117 2d65dee60000001d: 8054590c nt!KiTrap0F 118 2d65dee60000001e: 8054590c nt!KiTrap0F 119 2d65dee60000001f: 806e810c hal!HalpApicSpuriousService 120 2d65dee600000020: 00000000 121 2d65dee600000021: 00000000 122 2d65dee600000022: 00000000 123 2d65dee600000023: 00000000 124 2d65dee600000024: 00000000 125 2d65dee600000025: 00000000 126 2d65dee600000026: 00000000 127 2d65dee600000027: 00000000 128 2d65dee600000028: 00000000 129 2d65dee600000029: 00000000 130 2d65dee60000002a: 80542b8e nt!KiGetTickCount 131 2d65dee60000002b: 80542c90 nt!KiCallbackReturn 132 2d65dee60000002c: 80542e40 nt!KiSetLowWaitHighThread 133 2d65dee60000002d: 805437cc nt!KiDebugService 134 2d65dee60000002e: 80542611 nt!KiSystemService 135 2d65dee60000002f: 8054590c nt!KiTrap0F 136 2d65dee600000030: 80541cd0 nt!KiStartUnexpectedRange 137 2d65dee600000031: 80541cda nt!KiUnexpectedInterrupt1 138 2d65dee600000032: 80541ce4 nt!KiUnexpectedInterrupt2 139 2d65dee600000033: 80541cee nt!KiUnexpectedInterrupt3 140 2d65dee600000034: 80541cf8 nt!KiUnexpectedInterrupt4 141 2d65dee600000035: 80541d02 nt!KiUnexpectedInterrupt5 142 2d65dee600000036: 80541d0c nt!KiUnexpectedInterrupt6 143 2d65dee600000037: 806e7864 hal!PicSpuriousService37 144 2d65dee600000038: 80541d20 nt!KiUnexpectedInterrupt8 145 2d65dee600000039: 80541d2a nt!KiUnexpectedInterrupt9 146 2d65dee60000003a: 80541d34 nt!KiUnexpectedInterrupt10 147 2d65dee60000003b: 80541d3e nt!KiUnexpectedInterrupt11 148 2d65dee60000003c: 80541d48 nt!KiUnexpectedInterrupt12 149 2d65dee60000003d: 806e8e2c hal!HalpApcInterrupt 150 2d65dee60000003e: 80541d5c nt!KiUnexpectedInterrupt14 151 2d65dee60000003f: 80541d66 nt!KiUnexpectedInterrupt15 152 2d65dee600000040: 80541d70 nt!KiUnexpectedInterrupt16 153 2d65dee600000041: 806e8c88 hal!HalpDispatchInterrupt 154 2d65dee600000042: 80541d84 nt!KiUnexpectedInterrupt18 155 2d65dee600000043: 80541d8e nt!KiUnexpectedInterrupt19 156 2d65dee600000044: 80541d98 nt!KiUnexpectedInterrupt20 157 2d65dee600000045: 80541da2 nt!KiUnexpectedInterrupt21 158 2d65dee600000046: 80541dac nt!KiUnexpectedInterrupt22 159 2d65dee600000047: 80541db6 nt!KiUnexpectedInterrupt23 160 2d65dee600000048: 80541dc0 nt!KiUnexpectedInterrupt24 161 2d65dee600000049: 80541dca nt!KiUnexpectedInterrupt25 162 2d65dee60000004a: 80541dd4 nt!KiUnexpectedInterrupt26 163 2d65dee60000004b: 80541dde nt!KiUnexpectedInterrupt27 164 2d65dee60000004c: 80541de8 nt!KiUnexpectedInterrupt28 165 2d65dee60000004d: 80541df2 nt!KiUnexpectedInterrupt29 166 2d65dee60000004e: 80541dfc nt!KiUnexpectedInterrupt30 167 2d65dee60000004f: 80541e06 nt!KiUnexpectedInterrupt31 168 2d65dee600000050: 806e793c hal!HalpApicRebootService 169 2d65dee600000051: 80541e1a nt!KiUnexpectedInterrupt33 170 2d65dee600000052: 80541e24 nt!KiUnexpectedInterrupt34 171 2d65dee600000053: 80541e2e nt!KiUnexpectedInterrupt35 172 2d65dee600000054: 80541e38 nt!KiUnexpectedInterrupt36 173 2d65dee600000055: 80541e42 nt!KiUnexpectedInterrupt37 174 2d65dee600000056: 80541e4c nt!KiUnexpectedInterrupt38 175 2d65dee600000057: 80541e56 nt!KiUnexpectedInterrupt39 176 2d65dee600000058: 80541e60 nt!KiUnexpectedInterrupt40 177 2d65dee600000059: 80541e6a nt!KiUnexpectedInterrupt41 178 2d65dee60000005a: 80541e74 nt!KiUnexpectedInterrupt42 179 2d65dee60000005b: 80541e7e nt!KiUnexpectedInterrupt43 180 2d65dee60000005c: 80541e88 nt!KiUnexpectedInterrupt44 181 2d65dee60000005d: 80541e92 nt!KiUnexpectedInterrupt45 182 2d65dee60000005e: 80541e9c nt!KiUnexpectedInterrupt46 183 2d65dee60000005f: 80541ea6 nt!KiUnexpectedInterrupt47 184 2d65dee600000060: 80541eb0 nt!KiUnexpectedInterrupt48 185 2d65dee600000061: 80541eba nt!KiUnexpectedInterrupt49 186 2d65dee600000062: 8208e63c atapi!IdePortInterrupt (KINTERRUPT 8208e600) 187 2d65dee600000063: 82070c74 portcls!CKsShellRequestor::`vector deleting destructor'+0x26 (KINTERRUPT 82070c38) 188 2d65dee600000064: 80541ed8 nt!KiUnexpectedInterrupt52 189 2d65dee600000065: 80541ee2 nt!KiUnexpectedInterrupt53 190 2d65dee600000066: 80541eec nt!KiUnexpectedInterrupt54 191 2d65dee600000067: 80541ef6 nt!KiUnexpectedInterrupt55 192 2d65dee600000068: 80541f00 nt!KiUnexpectedInterrupt56 193 2d65dee600000069: 80541f0a nt!KiUnexpectedInterrupt57 194 2d65dee60000006a: 80541f14 nt!KiUnexpectedInterrupt58 195 2d65dee60000006b: 80541f1e nt!KiUnexpectedInterrupt59 196 2d65dee60000006c: 80541f28 nt!KiUnexpectedInterrupt60 197 2d65dee60000006d: 80541f32 nt!KiUnexpectedInterrupt61 198 2d65dee60000006e: 80541f3c nt!KiUnexpectedInterrupt62 199 2d65dee60000006f: 80541f46 nt!KiUnexpectedInterrupt63 200 2d65dee600000070: 80541f50 nt!KiUnexpectedInterrupt64 201 2d65dee600000071: 80541f5a nt!KiUnexpectedInterrupt65 202 2d65dee600000072: 80541f64 nt!KiUnexpectedInterrupt66 203 2d65dee600000073: 81f80bbc SCSIPORT!ScsiPortInterrupt (KINTERRUPT 81f80b80) 204 2d65dee600000074: 80541f78 nt!KiUnexpectedInterrupt68 205 2d65dee600000075: 80541f82 nt!KiUnexpectedInterrupt69 206 2d65dee600000076: 80541f8c nt!KiUnexpectedInterrupt70 207 2d65dee600000077: 80541f96 nt!KiUnexpectedInterrupt71 208 2d65dee600000078: 80541fa0 nt!KiUnexpectedInterrupt72 209 2d65dee600000079: 80541faa nt!KiUnexpectedInterrupt73 210 2d65dee60000007a: 80541fb4 nt!KiUnexpectedInterrupt74 211 2d65dee60000007b: 80541fbe nt!KiUnexpectedInterrupt75 212 2d65dee60000007c: 80541fc8 nt!KiUnexpectedInterrupt76 213 2d65dee60000007d: 80541fd2 nt!KiUnexpectedInterrupt77 214 2d65dee60000007e: 80541fdc nt!KiUnexpectedInterrupt78 215 2d65dee60000007f: 80541fe6 nt!KiUnexpectedInterrupt79 216 2d65dee600000080: 80541ff0 nt!KiUnexpectedInterrupt80 217 2d65dee600000081: 80541ffa nt!KiUnexpectedInterrupt81 218 2d65dee600000082: 81f99bbc atapi!IdePortInterrupt (KINTERRUPT 81f99b80) 219 2d65dee600000083: 81ccd48c vmci!DllUnload+0x7d6 (KINTERRUPT 81ccd450) 220 VIDEOPRT!pVideoPortInterrupt (KINTERRUPT 82091ca0) 221 2d65dee600000084: 80542018 nt!KiUnexpectedInterrupt84 222 2d65dee600000085: 80542022 nt!KiUnexpectedInterrupt85 223 2d65dee600000086: 8054202c nt!KiUnexpectedInterrupt86 224 2d65dee600000087: 80542036 nt!KiUnexpectedInterrupt87 225 2d65dee600000088: 80542040 nt!KiUnexpectedInterrupt88 226 2d65dee600000089: 8054204a nt!KiUnexpectedInterrupt89 227 2d65dee60000008a: 80542054 nt!KiUnexpectedInterrupt90 228 2d65dee60000008b: 8054205e nt!KiUnexpectedInterrupt91 229 2d65dee60000008c: 80542068 nt!KiUnexpectedInterrupt92 230 2d65dee60000008d: 80542072 nt!KiUnexpectedInterrupt93 231 2d65dee60000008e: 8054207c nt!KiUnexpectedInterrupt94 232 2d65dee60000008f: 80542086 nt!KiUnexpectedInterrupt95 233 2d65dee600000090: 80542090 nt!KiUnexpectedInterrupt96 234 2d65dee600000091: 8054209a nt!KiUnexpectedInterrupt97 235 2d65dee600000092: 805420a4 nt!KiUnexpectedInterrupt98 236 2d65dee600000093: 81c7435c i8042prt!I8042KeyboardInterruptService (KINTERRUPT 81c74320) 237 2d65dee600000094: 805420b8 nt!KiUnexpectedInterrupt100 238 2d65dee600000095: 805420c2 nt!KiUnexpectedInterrupt101 239 2d65dee600000096: 805420cc nt!KiUnexpectedInterrupt102 240 2d65dee600000097: 805420d6 nt!KiUnexpectedInterrupt103 241 2d65dee600000098: 805420e0 nt!KiUnexpectedInterrupt104 242 2d65dee600000099: 805420ea nt!KiUnexpectedInterrupt105 243 2d65dee60000009a: 805420f4 nt!KiUnexpectedInterrupt106 244 2d65dee60000009b: 805420fe nt!KiUnexpectedInterrupt107 245 2d65dee60000009c: 80542108 nt!KiUnexpectedInterrupt108 246 2d65dee60000009d: 80542112 nt!KiUnexpectedInterrupt109 247 2d65dee60000009e: 8054211c nt!KiUnexpectedInterrupt110 248 2d65dee60000009f: 80542126 nt!KiUnexpectedInterrupt111 249 2d65dee6000000a0: 80542130 nt!KiUnexpectedInterrupt112 250 2d65dee6000000a1: 8054213a nt!KiUnexpectedInterrupt113 251 2d65dee6000000a2: 80542144 nt!KiUnexpectedInterrupt114 252 2d65dee6000000a3: 81f306ec i8042prt!I8042MouseInterruptService (KINTERRUPT 81f306b0) 253 2d65dee6000000a4: 80542158 nt!KiUnexpectedInterrupt116 254 2d65dee6000000a5: 80542162 nt!KiUnexpectedInterrupt117 255 2d65dee6000000a6: 8054216c nt!KiUnexpectedInterrupt118 256 2d65dee6000000a7: 80542176 nt!KiUnexpectedInterrupt119 257 2d65dee6000000a8: 80542180 nt!KiUnexpectedInterrupt120 258 2d65dee6000000a9: 8054218a nt!KiUnexpectedInterrupt121 259 2d65dee6000000aa: 80542194 nt!KiUnexpectedInterrupt122 260 2d65dee6000000ab: 8054219e nt!KiUnexpectedInterrupt123 261 2d65dee6000000ac: 805421a8 nt!KiUnexpectedInterrupt124 262 2d65dee6000000ad: 805421b2 nt!KiUnexpectedInterrupt125 263 2d65dee6000000ae: 805421bc nt!KiUnexpectedInterrupt126 264 2d65dee6000000af: 805421c6 nt!KiUnexpectedInterrupt127 265 2d65dee6000000b0: 805421d0 nt!KiUnexpectedInterrupt128 266 2d65dee6000000b1: 821522ac ACPI!ACPIInterruptServiceRoutine (KINTERRUPT 82152270) 267 2d65dee6000000b2: 805421e4 nt!KiUnexpectedInterrupt130 268 2d65dee6000000b3: 805421ee nt!KiUnexpectedInterrupt131 269 2d65dee6000000b4: 8201b2ac NDIS!ndisMIsr (KINTERRUPT 8201b270) 270 2d65dee6000000b5: 80542202 nt!KiUnexpectedInterrupt133 271 2d65dee6000000b6: 8054220c nt!KiUnexpectedInterrupt134 272 2d65dee6000000b7: 80542216 nt!KiUnexpectedInterrupt135 273 2d65dee6000000b8: 80542220 nt!KiUnexpectedInterrupt136 274 2d65dee6000000b9: 8054222a nt!KiUnexpectedInterrupt137 275 2d65dee6000000ba: 80542234 nt!KiUnexpectedInterrupt138 276 2d65dee6000000bb: 8054223e nt!KiUnexpectedInterrupt139 277 2d65dee6000000bc: 80542248 nt!KiUnexpectedInterrupt140 278 2d65dee6000000bd: 80542252 nt!KiUnexpectedInterrupt141 279 2d65dee6000000be: 8054225c nt!KiUnexpectedInterrupt142 280 2d65dee6000000bf: 80542266 nt!KiUnexpectedInterrupt143 281 2d65dee6000000c0: 80542270 nt!KiUnexpectedInterrupt144 282 2d65dee6000000c1: 806e7ac0 hal!HalpBroadcastCallService 283 2d65dee6000000c2: 80542284 nt!KiUnexpectedInterrupt146 284 2d65dee6000000c3: 8054228e nt!KiUnexpectedInterrupt147 285 2d65dee6000000c4: 80542298 nt!KiUnexpectedInterrupt148 286 2d65dee6000000c5: 805422a2 nt!KiUnexpectedInterrupt149 287 2d65dee6000000c6: 805422ac nt!KiUnexpectedInterrupt150 288 2d65dee6000000c7: 805422b6 nt!KiUnexpectedInterrupt151 289 2d65dee6000000c8: 805422c0 nt!KiUnexpectedInterrupt152 290 2d65dee6000000c9: 805422ca nt!KiUnexpectedInterrupt153 291 2d65dee6000000ca: 805422d4 nt!KiUnexpectedInterrupt154 292 2d65dee6000000cb: 805422de nt!KiUnexpectedInterrupt155 293 2d65dee6000000cc: 805422e8 nt!KiUnexpectedInterrupt156 294 2d65dee6000000cd: 805422f2 nt!KiUnexpectedInterrupt157 295 2d65dee6000000ce: 805422fc nt!KiUnexpectedInterrupt158 296 2d65dee6000000cf: 80542306 nt!KiUnexpectedInterrupt159 297 2d65dee6000000d0: 80542310 nt!KiUnexpectedInterrupt160 298 2d65dee6000000d1: 806e72a0 hal!HalpClockInterruptPn 299 2d65dee6000000d2: 80542324 nt!KiUnexpectedInterrupt162 300 2d65dee6000000d3: 8054232e nt!KiUnexpectedInterrupt163 301 2d65dee6000000d4: 80542338 nt!KiUnexpectedInterrupt164 302 2d65dee6000000d5: 80542342 nt!KiUnexpectedInterrupt165 303 2d65dee6000000d6: 8054234c nt!KiUnexpectedInterrupt166 304 2d65dee6000000d7: 80542356 nt!KiUnexpectedInterrupt167 305 2d65dee6000000d8: 80542360 nt!KiUnexpectedInterrupt168 306 2d65dee6000000d9: 8054236a nt!KiUnexpectedInterrupt169 307 2d65dee6000000da: 80542374 nt!KiUnexpectedInterrupt170 308 2d65dee6000000db: 8054237e nt!KiUnexpectedInterrupt171 309 2d65dee6000000dc: 80542388 nt!KiUnexpectedInterrupt172 310 2d65dee6000000dd: 80542392 nt!KiUnexpectedInterrupt173 311 2d65dee6000000de: 8054239c nt!KiUnexpectedInterrupt174 312 2d65dee6000000df: 805423a6 nt!KiUnexpectedInterrupt175 313 2d65dee6000000e0: 805423b0 nt!KiUnexpectedInterrupt176 314 2d65dee6000000e1: 806e8048 hal!HalpIpiHandler 315 2d65dee6000000e2: 805423c4 nt!KiUnexpectedInterrupt178 316 2d65dee6000000e3: 806e7dac hal!HalpLocalApicErrorService 317 2d65dee6000000e4: 805423d8 nt!KiUnexpectedInterrupt180 318 2d65dee6000000e5: 805423e2 nt!KiUnexpectedInterrupt181 319 2d65dee6000000e6: 805423ec nt!KiUnexpectedInterrupt182 320 2d65dee6000000e7: 805423f6 nt!KiUnexpectedInterrupt183 321 2d65dee6000000e8: 80542400 nt!KiUnexpectedInterrupt184 322 2d65dee6000000e9: 8054240a nt!KiUnexpectedInterrupt185 323 2d65dee6000000ea: 80542414 nt!KiUnexpectedInterrupt186 324 2d65dee6000000eb: 8054241e nt!KiUnexpectedInterrupt187 325 2d65dee6000000ec: 80542428 nt!KiUnexpectedInterrupt188 326 2d65dee6000000ed: 80542432 nt!KiUnexpectedInterrupt189 327 2d65dee6000000ee: 80542439 nt!KiUnexpectedInterrupt190 328 2d65dee6000000ef: 80542440 nt!KiUnexpectedInterrupt191 329 2d65dee6000000f0: 80542447 nt!KiUnexpectedInterrupt192 330 2d65dee6000000f1: 8054244e nt!KiUnexpectedInterrupt193 331 2d65dee6000000f2: 80542455 nt!KiUnexpectedInterrupt194 332 2d65dee6000000f3: 8054245c nt!KiUnexpectedInterrupt195 333 2d65dee6000000f4: 80542463 nt!KiUnexpectedInterrupt196 334 2d65dee6000000f5: 8054246a nt!KiUnexpectedInterrupt197 335 2d65dee6000000f6: 80542471 nt!KiUnexpectedInterrupt198 336 2d65dee6000000f7: 80542478 nt!KiUnexpectedInterrupt199 337 2d65dee6000000f8: 8054247f nt!KiUnexpectedInterrupt200 338 2d65dee6000000f9: 80542486 nt!KiUnexpectedInterrupt201 339 2d65dee6000000fa: 8054248d nt!KiUnexpectedInterrupt202 340 2d65dee6000000fb: 80542494 nt!KiUnexpectedInterrupt203 341 2d65dee6000000fc: 8054249b nt!KiUnexpectedInterrupt204 342 2d65dee6000000fd: 806e85a8 hal!HalpProfileInterrupt 343 2d65dee6000000fe: 806e8748 hal!HalpPerfInterrupt 344 2d65dee6000000ff: 805424b0 nt!KiUnexpectedInterrupt207 345 346 kd> r idtr 347 idtr=8003f400 348 kd> !idt 8003f400 349 350 Dumping IDT: 8003f400 351 352 fbf4ec7d8003f400: Task Selector = 0x6F4C 353 kd> dt _KIDTENTRY 354 nt!_KIDTENTRY 355 +0x000 Offset : Uint2B 356 +0x002 Selector : Uint2B 357 +0x004 Access : Uint2B 358 +0x006 ExtendedOffset : Uint2B 359 kd> dt _X86_DESCRIPTOR 360 Symbol _X86_DESCRIPTOR not found. 361 kd> dt _DESCRIPTOR 注意:64位下没有这个结构。 362 nt!_DESCRIPTOR 363 +0x000 Pad : Uint2B 364 +0x002 Limit : Uint2B 365 +0x004 Base : Uint4B 366 0: kd> dt nt!_KINTERRUPT 8208e398 367 +0x000 Type : 0n22 368 +0x002 Size : 0n484 369 +0x004 InterruptListEntry : _LIST_ENTRY [ 0x8208e39c - 0x8208e39c ] 370 +0x00c ServiceRoutine : 0xba63e67e unsigned char atapi!IdePortInterrupt+0 371 +0x010 ServiceContext : 0x81fa4030 Void 372 +0x014 SpinLock : 0 373 +0x018 TickCount : 0xffffffff 374 +0x01c ActualLock : 0x8208e5fc -> 0 375 +0x020 DispatchAddress : 0x80546780 void nt!KiInterruptDispatch+0 376 +0x024 Vector : 0x162 377 +0x028 Irql : 0x5 '' 378 +0x029 SynchronizeIrql : 0x5 '' 379 +0x02a FloatingSave : 0 '' 380 +0x02b Connected : 0x1 '' 381 +0x02c Number : 0 '' 382 +0x02d ShareVector : 0 '' 383 +0x030 Mode : 1 ( Latched ) 384 +0x034 ServiceCount : 0 385 +0x038 DispatchCount : 0xffffffff 386 +0x03c DispatchCode : [106] 0x56535554 387 388 1: kd> dt _AMD64_DESCRIPTOR 注意:运行环境是64位系统。 389 test!_AMD64_DESCRIPTOR 390 +0x000 Pad : [3] Uint2B 391 +0x006 Limit : Uint2B 392 +0x008 Base : Uint8B 393 1: kd> dt _KIDTENTRY64 注意:运行环境是64位系统。 394 nt!_KIDTENTRY64 395 +0x000 OffsetLow : Uint2B 396 +0x002 Selector : Uint2B 397 +0x004 IstIndex : Pos 0, 3 Bits 398 +0x004 Reserved0 : Pos 3, 5 Bits 399 +0x004 Type : Pos 8, 5 Bits 400 +0x004 Dpl : Pos 13, 2 Bits 401 +0x004 Present : Pos 15, 1 Bit 402 +0x006 OffsetMiddle : Uint2B 403 +0x008 OffsetHigh : Uint4B 404 +0x00c Reserved1 : Uint4B 405 +0x000 Alignment : Uint8B 406 */
