2. 科技
  3. windows 中断处理学习笔记

windows 中断处理学习笔记

it2026-03-15  7

学习计算机原理和操作系统课程之后,希望能对一个目前流行的操作系统有一些更深层的了解,正好认识一位朋友在做这方面的研究,在他的指点下,我希望通过windbg强大的调试功能,结合书本学到的知识,对windows(Windows 7 Kernel Version 7601 (Service Pack 1) MP (1 procs) Free x64)有一些了解。

鉴于本人对操作系统的认识有限,如有错误请批评指正。

一、中断处理程序

在计算机科学中,中断(英语:Interrupt)是指处理器接收到来自硬件或软件的信号,提示发生了某个事件,应该被注意,这种情况就称为中断。

通常,在接收到来自外围硬件(相对于中央处理器和内存)的异步信号,或来自软件的同步信号之后,处理器将会进行相应的硬件/软件处理。发出这样的信号称为进行中断请求(interrupt request,IRQ)。硬件中断导致处理器通过一个运行信息切换(context switch)来保存执行状态(以程序计数器和程序状态字等寄存器信息为主);软件中断则通常作为CPU指令集中的一个指令,以可编程的方式直接指示这种运行信息切换,并将处理导向一段中断处理代码。中断在计算机多任务处理,尤其是即时系统中尤为有用。这样的系统,包括运行于其上的操作系统,也被称为“中断驱动的”(interrupt-driven)。(以上来自维基百科https://zh.wikipedia.org/wiki/%E4%B8%AD%E6%96%B7)。

处理中断是比较复杂的任务,硬件很难完成,目前来说都是由操作系统完成的。大致过程如下:

1.CPU接受到中断,原本执行的任务暂停执行

2.操作通过IDT(中断描述符表)找到对应的中断处理程序

3.调用中断处理程序

4.回到原来执行的任务或者结束原来的进程

 上面这个过程是极其不详细,不严谨的。实际的过程我们通过单步windows的中断处理程序来研究。

二、如何调试windows内核

windows调试内核态程序需要使用windbg通过串口进行双机调试(详细配置方法网上很多,不做过多的赘述)。为了方便操作,使用VM装了虚拟机,虚拟机的版本信息如下:

kd> versionWindows 7 Kernel Version 7601 (Service Pack 1) MP (1 procs) Free x64Product: WinNt, suite: TerminalServer SingleUserTSBuilt by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850Machine Name:Kernel base = 0xfffff800`03e65000 PsLoadedModuleList = 0xfffff800`040aae90Debug session time: Sat Mar 26 21:58:18.916 2016 (UTC + 8:00)System Uptime: 0 days 0:03:38.460Remote KD: KdSrv:Server=@{<Local>},Trans=@{COM:Port=\\.\pipe\kd_win7,Baud=19200,Pipe,Timeout=4000}

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64Copyright (c) Microsoft Corporation. All rights reserved.

command line: '"C:\Program Files\Debugging Tools for Windows (x64)\windbg.exe" -b -k com:pipe,resets=0,reconnect,port=\\.\pipe\kd_win7' Debugger Process 0x1C1C dbgeng: image 6.12.0002.633, built Tue Feb 02 04:15:54 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\dbgeng.dll]dbghelp: image 6.12.0002.633, built Tue Feb 02 04:15:44 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\dbghelp.dll] DIA version: 20921Extension DLL search Path: C:\Program Files\Debugging Tools for Windows (x64)\WINXP;C:\Program Files\Debugging Tools for Windows (x64)\winext;C:\Program Files\Debugging Tools for Windows (x64)\winext\arcade;C:\Program Files\Debugging Tools for Windows (x64)\pri;C:\Program Files\Debugging Tools for Windows (x64);C:\Program Files\Debugging Tools for Windows (x64)\winext\arcade;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;;C:\Program Files\Java\jdk1.8.0_66\bin;C:\Program Files\Java\jdk1.8.0_66\jre\bin;C:\SymbolsExtension DLL chain: dbghelp: image 6.12.0002.633, API 6.1.6, built Tue Feb 02 04:15:44 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\dbghelp.dll] ext: image 6.12.0002.633, API 1.0.0, built Tue Feb 02 04:15:46 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\winext\ext.dll] exts: image 6.12.0002.633, API 1.0.0, built Tue Feb 02 04:15:38 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\WINXP\exts.dll] kext: image 6.12.0002.633, API 1.0.0, built Tue Feb 02 04:15:36 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\winext\kext.dll] kdexts: image 6.1.7650.0, API 1.0.0, built Tue Feb 02 04:15:29 2010 [path: C:\Program Files\Debugging Tools for Windows (x64)\WINXP\kdexts.dll]

目前我也不能明白以上所有内容的意思,暂时将问题搁置。

 三、单步KiApicInterrupt:

由于刚刚起步,我并不清楚怎样完成这项工作。通过浏览windows internels和朋友的指点,在windbg通过!idt -a指令可以得到中断描述符表,内容如下:

Dumping IDT:

00: fffff80003ee23c0 nt!KiDivideErrorFault01: fffff80003ee24c0 nt!KiDebugTrapOrFault02: fffff80003ee2680 nt!KiNmiInterrupt Stack = 0xFFFFF80000BA7000

03: fffff80003ee2a00 nt!KiBreakpointTrap04: fffff80003ee2b00 nt!KiOverflowTrap05: fffff80003ee2c00 nt!KiBoundFault06: fffff80003ee2d00 nt!KiInvalidOpcodeFault07: fffff80003ee2f40 nt!KiNpxNotAvailableFault08: fffff80003ee3000 nt!KiDoubleFaultAbort Stack = 0xFFFFF80000BA5000

09: fffff80003ee30c0 nt!KiNpxSegmentOverrunAbort0a: fffff80003ee3180 nt!KiInvalidTssFault0b: fffff80003ee3240 nt!KiSegmentNotPresentFault0c: fffff80003ee3380 nt!KiStackFault0d: fffff80003ee34c0 nt!KiGeneralProtectionFault0e: fffff80003ee3600 nt!KiPageFault0f: fffff800040120f0 nt!KxUnexpectedInterrupt0+0xF010: fffff80003ee39c0 nt!KiFloatingErrorFault11: fffff80003ee3b40 nt!KiAlignmentFault12: fffff80003ee3c40 nt!KiMcheckAbort Stack = 0xFFFFF80000BA9000

13: fffff80003ee3fc0 nt!KiXmmException14: fffff80004012140 nt!KxUnexpectedInterrupt0+0x14015: fffff80004012150 nt!KxUnexpectedInterrupt0+0x15016: fffff80004012160 nt!KxUnexpectedInterrupt0+0x16017: fffff80004012170 nt!KxUnexpectedInterrupt0+0x17018: fffff80004012180 nt!KxUnexpectedInterrupt0+0x18019: fffff80004012190 nt!KxUnexpectedInterrupt0+0x1901a: fffff800040121a0 nt!KxUnexpectedInterrupt0+0x1A01b: fffff800040121b0 nt!KxUnexpectedInterrupt0+0x1B01c: fffff800040121c0 nt!KxUnexpectedInterrupt0+0x1C01d: fffff800040121d0 nt!KxUnexpectedInterrupt0+0x1D01e: fffff800040121e0 nt!KxUnexpectedInterrupt0+0x1E01f: fffff80003ed8ed0 nt!KiApcInterrupt20: fffff80004012200 nt!KxUnexpectedInterrupt0+0x20021: fffff80004012210 nt!KxUnexpectedInterrupt0+0x21022: fffff80004012220 nt!KxUnexpectedInterrupt0+0x22023: fffff80004012230 nt!KxUnexpectedInterrupt0+0x23024: fffff80004012240 nt!KxUnexpectedInterrupt0+0x24025: fffff80004012250 nt!KxUnexpectedInterrupt0+0x25026: fffff80004012260 nt!KxUnexpectedInterrupt0+0x26027: fffff80004012270 nt!KxUnexpectedInterrupt0+0x27028: fffff80004012280 nt!KxUnexpectedInterrupt0+0x28029: fffff80004012290 nt!KxUnexpectedInterrupt0+0x2902a: fffff800040122a0 nt!KxUnexpectedInterrupt0+0x2A02b: fffff800040122b0 nt!KxUnexpectedInterrupt0+0x2B02c: fffff80003ee4180 nt!KiRaiseAssertion2d: fffff80003ee4280 nt!KiDebugServiceTrap2e: fffff800040122e0 nt!KxUnexpectedInterrupt0+0x2E02f: fffff80003f31250 nt!KiDpcInterrupt30: fffff80004012300 nt!KxUnexpectedInterrupt0+0x30031: fffff80004012310 nt!KxUnexpectedInterrupt0+0x31032: fffff80004012320 nt!KxUnexpectedInterrupt0+0x32033: fffff80004012330 nt!KxUnexpectedInterrupt0+0x33034: fffff80004012340 nt!KxUnexpectedInterrupt0+0x34035: fffff80004012350 nt!KxUnexpectedInterrupt0+0x35036: fffff80004012360 nt!KxUnexpectedInterrupt0+0x36037: fffff80003e4c090 fffff80003e1d2bc (KINTERRUPT fffff80003e4c000)38: fffff80004012380 nt!KxUnexpectedInterrupt0+0x38039: fffff80004012390 nt!KxUnexpectedInterrupt0+0x3903a: fffff800040123a0 nt!KxUnexpectedInterrupt0+0x3A03b: fffff800040123b0 nt!KxUnexpectedInterrupt0+0x3B03c: fffff800040123c0 nt!KxUnexpectedInterrupt0+0x3C03d: fffff800040123d0 nt!KxUnexpectedInterrupt0+0x3D03e: fffff800040123e0 nt!KxUnexpectedInterrupt0+0x3E03f: fffff80003e4c130 fffff80003e1d2bc (KINTERRUPT fffff80003e4c0a0)40: fffff80004012400 nt!KxUnexpectedInterrupt0+0x40041: fffff80004012410 nt!KxUnexpectedInterrupt0+0x41042: fffff80004012420 nt!KxUnexpectedInterrupt0+0x42043: fffff80004012430 nt!KxUnexpectedInterrupt0+0x43044: fffff80004012440 nt!KxUnexpectedInterrupt0+0x44045: fffff80004012450 nt!KxUnexpectedInterrupt0+0x45046: fffff80004012460 nt!KxUnexpectedInterrupt0+0x46047: fffff80004012470 nt!KxUnexpectedInterrupt0+0x47048: fffff80004012480 nt!KxUnexpectedInterrupt0+0x48049: fffff80004012490 nt!KxUnexpectedInterrupt0+0x4904a: fffff800040124a0 nt!KxUnexpectedInterrupt0+0x4A04b: fffff800040124b0 nt!KxUnexpectedInterrupt0+0x4B04c: fffff800040124c0 nt!KxUnexpectedInterrupt0+0x4C04d: fffff800040124d0 nt!KxUnexpectedInterrupt0+0x4D04e: fffff800040124e0 nt!KxUnexpectedInterrupt0+0x4E04f: fffff800040124f0 nt!KxUnexpectedInterrupt0+0x4F050: fffff80003e4c270 fffff80003e2348c (KINTERRUPT fffff80003e4c1e0)51: fffffa8002601a50 fffff8800537fb88 (KINTERRUPT fffffa80026019c0)52: fffffa80023c4810 fffff80003eaad70 (KINTERRUPT fffffa80023c4780)53: fffffa80023c42d0 fffff80003eaad70 (KINTERRUPT fffffa80023c4240)54: fffffa80025a1d50 fffff80003eaad70 (KINTERRUPT fffffa80025a1cc0)55: fffffa80025a1810 fffff80003eaad70 (KINTERRUPT fffffa80025a1780)56: fffffa8002601750 fffff88005726344 (KINTERRUPT fffffa80026016c0)57: fffff80004012570 nt!KxUnexpectedInterrupt0+0x57058: fffff80004012580 nt!KxUnexpectedInterrupt0+0x58059: fffff80004012590 nt!KxUnexpectedInterrupt0+0x5905a: fffff800040125a0 nt!KxUnexpectedInterrupt0+0x5A05b: fffff800040125b0 nt!KxUnexpectedInterrupt0+0x5B05c: fffff800040125c0 nt!KxUnexpectedInterrupt0+0x5C05d: fffff800040125d0 nt!KxUnexpectedInterrupt0+0x5D05e: fffff800040125e0 nt!KxUnexpectedInterrupt0+0x5E05f: fffff800040125f0 nt!KxUnexpectedInterrupt0+0x5F060: fffffa80023c4bd0 fffff80003eaad70 (KINTERRUPT fffffa80023c4b40)61: fffff80004012610 nt!KxUnexpectedInterrupt0+0x61062: fffffa80023c48d0 fffff80003eaad70 (KINTERRUPT fffffa80023c4840)63: fffffa80023c4390 fffff80003eaad70 (KINTERRUPT fffffa80023c4300)64: fffffa80025a1e10 fffff80003eaad70 (KINTERRUPT fffffa80025a1d80)65: fffffa80025a18d0 fffff80003eaad70 (KINTERRUPT fffffa80025a1840)66: fffffa80025a12d0 fffff880010c7b4c (KINTERRUPT fffffa80025a1240) fffff880010c7b4c (KINTERRUPT fffffa80025a1180) fffff880010c7b4c (KINTERRUPT fffffa80025a10c0) fffff880010c7b4c (KINTERRUPT fffffa80025a1000) fffff880010c7b4c (KINTERRUPT fffffa8002602f00) fffff880010c7b4c (KINTERRUPT fffffa8002602e40) fffff880010c7b4c (KINTERRUPT fffffa8002602d80) fffff880010c7b4c (KINTERRUPT fffffa8002602cc0) fffff880010c7b4c (KINTERRUPT fffffa8002602c00) fffff880010c7b4c (KINTERRUPT fffffa8002602b40) fffff880010c7b4c (KINTERRUPT fffffa8002602a80) fffff880010c7b4c (KINTERRUPT fffffa80026029c0) fffff880010c7b4c (KINTERRUPT fffffa8002602900) fffff880010c7b4c (KINTERRUPT fffffa8002602840) fffff880010c7b4c (KINTERRUPT fffffa8002602780) fffff880010c7b4c (KINTERRUPT fffffa80026026c0) fffff880010c7b4c (KINTERRUPT fffffa8002602600) fffff880010c7b4c (KINTERRUPT fffffa8002602540) fffff880010c7b4c (KINTERRUPT fffffa8002602480) fffff880010c7b4c (KINTERRUPT fffffa80026023c0) fffff880010c7b4c (KINTERRUPT fffffa8002602300) fffff880010c7b4c (KINTERRUPT fffffa8002602240) fffff880010c7b4c (KINTERRUPT fffffa8002602180) fffff880010c7b4c (KINTERRUPT fffffa80026020c0) fffff880010c7b4c (KINTERRUPT fffffa8002602000) fffff880010c7b4c (KINTERRUPT fffffa8002601f00) fffff880010c7b4c (KINTERRUPT fffffa8002601e40) fffff880010c7b4c (KINTERRUPT fffffa8002601d80) fffff880010c7b4c (KINTERRUPT fffffa8002601cc0) fffff880010c7b4c (KINTERRUPT fffffa8002601c00) fffff88001488c90 (KINTERRUPT fffffa8002601780)67: fffff80004012670 nt!KxUnexpectedInterrupt0+0x67068: fffff80004012680 nt!KxUnexpectedInterrupt0+0x68069: fffff80004012690 nt!KxUnexpectedInterrupt0+0x6906a: fffff800040126a0 nt!KxUnexpectedInterrupt0+0x6A06b: fffff800040126b0 nt!KxUnexpectedInterrupt0+0x6B06c: fffff800040126c0 nt!KxUnexpectedInterrupt0+0x6C06d: fffff800040126d0 nt!KxUnexpectedInterrupt0+0x6D06e: fffff800040126e0 nt!KxUnexpectedInterrupt0+0x6E06f: fffff800040126f0 nt!KxUnexpectedInterrupt0+0x6F070: fffffa80023c4c90 fffff80003eaad70 (KINTERRUPT fffffa80023c4c00)71: fffffa8002601b10 fffff88004de8a70 (KINTERRUPT fffffa8002601a80)72: fffffa80023c4990 fffff80003eaad70 (KINTERRUPT fffffa80023c4900)73: fffffa80023c4450 fffff80003eaad70 (KINTERRUPT fffffa80023c43c0)74: fffffa80025a1ed0 fffff80003eaad70 (KINTERRUPT fffffa80025a1e40)75: fffffa80025a1990 fffff80003eaad70 (KINTERRUPT fffffa80025a1900)76: fffffa80025a1390 fffff80003eaad70 (KINTERRUPT fffffa80025a1300)77: fffff80004012770 nt!KxUnexpectedInterrupt0+0x77078: fffff80004012780 nt!KxUnexpectedInterrupt0+0x78079: fffff80004012790 nt!KxUnexpectedInterrupt0+0x7907a: fffff800040127a0 nt!KxUnexpectedInterrupt0+0x7A07b: fffff800040127b0 nt!KxUnexpectedInterrupt0+0x7B07c: fffff800040127c0 nt!KxUnexpectedInterrupt0+0x7C07d: fffff800040127d0 nt!KxUnexpectedInterrupt0+0x7D07e: fffff800040127e0 nt!KxUnexpectedInterrupt0+0x7E07f: fffff800040127f0 nt!KxUnexpectedInterrupt0+0x7F080: fffffa80023c4d50 fffff80003eaad70 (KINTERRUPT fffffa80023c4cc0)81: fffffa8002601bd0 fffff88004de2a04 (KINTERRUPT fffffa8002601b40)82: fffffa80023c4a50 fffff80003eaad70 (KINTERRUPT fffffa80023c49c0)83: fffffa80023c4510 fffff80003eaad70 (KINTERRUPT fffffa80023c4480)84: fffffa80025a1f90 fffff80003eaad70 (KINTERRUPT fffffa80025a1f00)85: fffffa80025a1a50 fffff80003eaad70 (KINTERRUPT fffffa80025a19c0)86: fffffa80025a15d0 fffff80003eaad70 (KINTERRUPT fffffa80025a1540)87: fffff80004012870 nt!KxUnexpectedInterrupt0+0x87088: fffff80004012880 nt!KxUnexpectedInterrupt0+0x88089: fffff80004012890 nt!KxUnexpectedInterrupt0+0x8908a: fffff800040128a0 nt!KxUnexpectedInterrupt0+0x8A08b: fffff800040128b0 nt!KxUnexpectedInterrupt0+0x8B08c: fffff800040128c0 nt!KxUnexpectedInterrupt0+0x8C08d: fffff800040128d0 nt!KxUnexpectedInterrupt0+0x8D08e: fffff800040128e0 nt!KxUnexpectedInterrupt0+0x8E08f: fffff800040128f0 nt!KxUnexpectedInterrupt0+0x8F090: fffffa80023c4e10 fffff80003eaad70 (KINTERRUPT fffffa80023c4d80)91: fffff80004012910 nt!KxUnexpectedInterrupt0+0x91092: fffffa80023c4b10 fffff80003eaad70 (KINTERRUPT fffffa80023c4a80)93: fffffa80023c45d0 fffff80003eaad70 (KINTERRUPT fffffa80023c4540)94: fffffa80023c4090 fffff80003eaad70 (KINTERRUPT fffffa80023c4000)95: fffffa80025a1b10 fffff80003eaad70 (KINTERRUPT fffffa80025a1a80)96: fffffa80025a1690 fffff80003eaad70 (KINTERRUPT fffffa80025a1600)97: fffff80004012970 nt!KxUnexpectedInterrupt0+0x97098: fffff80004012980 nt!KxUnexpectedInterrupt0+0x98099: fffff80004012990 nt!KxUnexpectedInterrupt0+0x9909a: fffff800040129a0 nt!KxUnexpectedInterrupt0+0x9A09b: fffff800040129b0 nt!KxUnexpectedInterrupt0+0x9B09c: fffff800040129c0 nt!KxUnexpectedInterrupt0+0x9C09d: fffff800040129d0 nt!KxUnexpectedInterrupt0+0x9D09e: fffff800040129e0 nt!KxUnexpectedInterrupt0+0x9E09f: fffff800040129f0 nt!KxUnexpectedInterrupt0+0x9F0a0: fffffa80023c4ed0 fffff80003eaad70 (KINTERRUPT fffffa80023c4e40)a1: fffff80004012a10 nt!KxUnexpectedInterrupt0+0xA10a2: fffff80004012a20 nt!KxUnexpectedInterrupt0+0xA20a3: fffffa80023c4690 fffff80003eaad70 (KINTERRUPT fffffa80023c4600)a4: fffffa80023c4150 fffff80003eaad70 (KINTERRUPT fffffa80023c40c0)a5: fffffa80025a1bd0 fffff80003eaad70 (KINTERRUPT fffffa80025a1b40)a6: fffffa80025a1450 fffff880010c7b4c (KINTERRUPT fffffa80025a13c0)a7: fffffa80026018d0 fffff88005726344 (KINTERRUPT fffffa8002601840)a8: fffff80004012a80 nt!KxUnexpectedInterrupt0+0xA80a9: fffff80004012a90 nt!KxUnexpectedInterrupt0+0xA90aa: fffff80004012aa0 nt!KxUnexpectedInterrupt0+0xAA0ab: fffff80004012ab0 nt!KxUnexpectedInterrupt0+0xAB0ac: fffff80004012ac0 nt!KxUnexpectedInterrupt0+0xAC0ad: fffff80004012ad0 nt!KxUnexpectedInterrupt0+0xAD0ae: fffff80004012ae0 nt!KxUnexpectedInterrupt0+0xAE0af: fffff80004012af0 nt!KxUnexpectedInterrupt0+0xAF0b0: fffffa80025a1750 fffff80003eaad70 (KINTERRUPT fffffa80025a16c0)b1: fffffa80023c4f90 fffff88000fa29c8 (KINTERRUPT fffffa80023c4f00)b2: fffffa8002601990 fffff8800537fb88 (KINTERRUPT fffffa8002601900)b3: fffffa80023c4750 fffff80003eaad70 (KINTERRUPT fffffa80023c46c0)b4: fffffa80023c4210 fffff80003eaad70 (KINTERRUPT fffffa80023c4180)b5: fffffa80025a1c90 fffff80003eaad70 (KINTERRUPT fffffa80025a1c00)b6: fffffa80025a1510 fffff880010c7b4c (KINTERRUPT fffffa80025a1480)b7: fffffa8002601690 fffff88005776f20 (KINTERRUPT fffffa8002601600) fffff880050885d4 (KINTERRUPT fffffa8002601540)b8: fffff80004012b80 nt!KxUnexpectedInterrupt0+0xB80b9: fffff80004012b90 nt!KxUnexpectedInterrupt0+0xB90ba: fffff80004012ba0 nt!KxUnexpectedInterrupt0+0xBA0bb: fffff80004012bb0 nt!KxUnexpectedInterrupt0+0xBB0bc: fffff80004012bc0 nt!KxUnexpectedInterrupt0+0xBC0bd: fffff80004012bd0 nt!KxUnexpectedInterrupt0+0xBD0be: fffff80004012be0 nt!KxUnexpectedInterrupt0+0xBE0bf: fffff80004012bf0 nt!KxUnexpectedInterrupt0+0xBF0c0: fffff80004012c00 nt!KxUnexpectedInterrupt0+0xC00c1: fffff80003e4c450 fffff80003e23388 (KINTERRUPT fffff80003e4c3c0)c2: fffff80004012c20 nt!KxUnexpectedInterrupt0+0xC20c3: fffff80004012c30 nt!KxUnexpectedInterrupt0+0xC30c4: fffff80004012c40 nt!KxUnexpectedInterrupt0+0xC40c5: fffff80004012c50 nt!KxUnexpectedInterrupt0+0xC50c6: fffff80004012c60 nt!KxUnexpectedInterrupt0+0xC60c7: fffff80004012c70 nt!KxUnexpectedInterrupt0+0xC70c8: fffff80004012c80 nt!KxUnexpectedInterrupt0+0xC80c9: fffff80004012c90 nt!KxUnexpectedInterrupt0+0xC90ca: fffff80004012ca0 nt!KxUnexpectedInterrupt0+0xCA0cb: fffff80004012cb0 nt!KxUnexpectedInterrupt0+0xCB0cc: fffff80004012cc0 nt!KxUnexpectedInterrupt0+0xCC0cd: fffff80004012cd0 nt!KxUnexpectedInterrupt0+0xCD0ce: fffff80004012ce0 nt!KxUnexpectedInterrupt0+0xCE0cf: fffff80004012cf0 nt!KxUnexpectedInterrupt0+0xCF0d0: fffff80004012d00 nt!KxUnexpectedInterrupt0+0xD00d1: fffff80003e4c4f0 fffff80003e26808 (KINTERRUPT fffff80003e4c460)d2: fffff80003e4c590 fffff80003e268a4 (KINTERRUPT fffff80003e4c500)d3: fffff80004012d30 nt!KxUnexpectedInterrupt0+0xD30d4: fffff80004012d40 nt!KxUnexpectedInterrupt0+0xD40d5: fffff80004012d50 nt!KxUnexpectedInterrupt0+0xD50d6: fffff80004012d60 nt!KxUnexpectedInterrupt0+0xD60d7: fffff80004012d70 nt!KxUnexpectedInterrupt0+0xD70d8: fffff80004012d80 nt!KxUnexpectedInterrupt0+0xD80d9: fffff80004012d90 nt!KxUnexpectedInterrupt0+0xD90da: fffff80004012da0 nt!KxUnexpectedInterrupt0+0xDA0db: fffff80004012db0 nt!KxUnexpectedInterrupt0+0xDB0dc: fffff80004012dc0 nt!KxUnexpectedInterrupt0+0xDC0dd: fffff80004012dd0 nt!KxUnexpectedInterrupt0+0xDD0de: fffff80004012de0 nt!KxUnexpectedInterrupt0+0xDE0df: fffff80003e4c3b0 fffff80003e23328 (KINTERRUPT fffff80003e4c320)e0: fffff80004012e00 nt!KxUnexpectedInterrupt0+0xE00e1: fffff80003ef0170 nt!KiIpiInterrupte2: fffff80003e4c310 fffff80003e22818 (KINTERRUPT fffff80003e4c280)e3: fffff80003e4c1d0 fffff80003e233f8 (KINTERRUPT fffff80003e4c140)e4: fffff80004012e40 nt!KxUnexpectedInterrupt0+0xE40e5: fffff80004012e50 nt!KxUnexpectedInterrupt0+0xE50e6: fffff80004012e60 nt!KxUnexpectedInterrupt0+0xE60e7: fffff80004012e70 nt!KxUnexpectedInterrupt0+0xE70e8: fffff80004012e80 nt!KxUnexpectedInterrupt0+0xE80e9: fffff80004012e90 nt!KxUnexpectedInterrupt0+0xE90ea: fffff80004012ea0 nt!KxUnexpectedInterrupt0+0xEA0eb: fffff80004012eb0 nt!KxUnexpectedInterrupt0+0xEB0ec: fffff80004012ec0 nt!KxUnexpectedInterrupt0+0xEC0ed: fffff80004012ed0 nt!KxUnexpectedInterrupt0+0xED0ee: fffff80004012ee0 nt!KxUnexpectedInterrupt0+0xEE0ef: fffff80004012ef0 nt!KxUnexpectedInterrupt0+0xEF0f0: fffff80004012f00 nt!KxUnexpectedInterrupt0+0xF00f1: fffff80004012f10 nt!KxUnexpectedInterrupt0+0xF10f2: fffff80004012f20 nt!KxUnexpectedInterrupt0+0xF20f3: fffff80004012f30 nt!KxUnexpectedInterrupt0+0xF30f4: fffff80004012f40 nt!KxUnexpectedInterrupt0+0xF40f5: fffff80004012f50 nt!KxUnexpectedInterrupt0+0xF50f6: fffff80004012f60 nt!KxUnexpectedInterrupt0+0xF60f7: fffff80004012f70 nt!KxUnexpectedInterrupt0+0xF70f8: fffff80004012f80 nt!KxUnexpectedInterrupt0+0xF80f9: fffff80004012f90 nt!KxUnexpectedInterrupt0+0xF90fa: fffff80004012fa0 nt!KxUnexpectedInterrupt0+0xFA0fb: fffff80004012fb0 nt!KxUnexpectedInterrupt0+0xFB0fc: fffff80004012fc0 nt!KxUnexpectedInterrupt0+0xFC0fd: fffff80003e4c630 fffff80003e235d0 (KINTERRUPT fffff80003e4c5a0)fe: fffff80003e4c6d0 fffff80003e23614 (KINTERRUPT fffff80003e4c640)ff: 0000000000000000

x64和x86一样,也是同样支持0xff个中断(严格来说不只是中断)信号,上述表格正好有0xff项。让我比较困惑的是有些项有两个地址,目前暂时将问题搁置。然后通过bp KiApcInterrupt!指令在该函数入口地址设置断点,这样我们就成功的单步进来了。

四、对KiApcInterrupt函数机制的猜测(待续)

 

转载于:https://www.cnblogs.com/Return-0/p/5324962.html

最新回复(0)