none
Handling Interruptions RRS feed

  • Question

  • I'm implementing branch tracing recording for my academic research, using Intel i5 processor and x64 W7 and W8, and i got some doubts.

    I configured the processor to fill my buffer with data and i checked its working correctly. Currently i'm trying to dispatch processor interrupt when this buffer is full. I set MSR processor flag to do that but i couldn't see any interrupt. I guess the problem is probably more related to OS handling than processor issues. Due this, i'm asking this forum for qualified help.

    I checked APIC is enabled in the system. APIC Performance counter is set to edge and fixed delivery. Its vector index is 254.

    I read IDTR and pointed to IDT. I set IDT[254] for my interrupt routine, using 0x2 as GDT selector (Kernel code) and Gate mode (instead of trap).

    When i run, neither i get unhandled exception nor my interception handler is launched.

    I checked WIndows Internals book but i couldn't find a clue. I also took a look on WDK examples but there's no interrupt example.

    Did I forget anything ? Am I doing anything wrong ?

    Thanks in Advance

    Marcus Botacin

    Wednesday, September 16, 2015 11:57 PM

Answers

  • I asked one of the I/O architects, and here is his response:

    The short answer is that he can probably get what he wants by pretending to have a message-signaled interrupt on a pretend device and then programming the APIC to use that vector.  Of course, it will break with any machine with an I/O MMU enabled.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Thursday, September 17, 2015 11:10 PM
    Moderator

All replies

  • Messing with the IDTR or the IDT at all is something very wrong.  I don't know enough about the data you are trying to get to tell you exactly what you need to do but under no circumstance do you mess with interrupts the way you are doing.   There are lots of samples that use interrupts, they do not mess with the IDT.

    Does the APIC driver create a PDO for this device, or provide an interface to access it?


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, September 17, 2015 12:13 AM
  • In fact I'm a beginner on low level development (however, i'm used to develop filter drivers), so I tried to follow Intel's manual. However, I understand its directions are more "raw" than a real system like Windows is.

    The thing is the processor will raise a wired interruption when the buffer is overflowed. By now I'd like only to be callbacked when this interrupt happens and print something.

    I'm confused about how doing that. Maybe I misunderstood, but what I found was related to handling software interrupts, which is not the case.

    Could you give me some directions ?

    In answer to what you asked me: I didn't create any device object. However, even doing that, i'm not sure about how to handle APIC interruptions through it.

    Marcus


    • Edited by Botacin Thursday, September 17, 2015 2:08 AM adding more details
    Thursday, September 17, 2015 12:32 AM
  • First you need to see if the device is claimed by an existing driver.  In the Device Manager take a look at the "Resources by Type" view and see if the registers and/or the interrupt are claimed.  If so you have a challenge, and you probably need to figure out if the claiming driver has an interface to allow you access what you need.  If they don't you can use LogConfig in the INF file to claim those resources.  Using LogConfig means that this will act as a standard PnP driver with interrupts like any other driver, and register access the same.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, September 17, 2015 1:37 PM
  • I checked and there's no device on list.

    If I got the idea then i should create a device, attach it to device stack, call ioconnectinterrupt, an so on, as we do on ordinary drivers, right ? However, the interrupt source will be given by the logconfig parameter on INF file.
    If i'm right, I still don't know what to tell to set on logconfig (should it be APIC performance counter address ?)

    Thanks again,

    Marcus

    Thursday, September 17, 2015 8:16 PM
  • I cannot say for sure this will work, but you state "APIC Performance counter is set to edge and fixed delivery. Its vector index is 254."  If this is the case you would use:

    IRQConfig=254

    If you have registers you are accessing, I would put them in the LogConfig section also.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, September 17, 2015 8:22 PM
  • I asked one of the I/O architects, and here is his response:

    The short answer is that he can probably get what he wants by pretending to have a message-signaled interrupt on a pretend device and then programming the APIC to use that vector.  Of course, it will break with any machine with an I/O MMU enabled.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Thursday, September 17, 2015 11:10 PM
    Moderator
  • Well, I started to develop my driver as a fake device, as suggested, but now i`m facing another problem.

    On EvtDeviceAdd, I am filling a WDF_PDO_EVENT_CALLBACKS structure with my EvtDeviceResourcesQuery routine address in order to initialize it with the appropriated CM_PARTIAL_RESOURCE_DESCRIPTOR parameters.

    After filling such structure, i perform WdfPdoInitSetEventCallbacks, CreateDevice and WdfInterruptCreate.

    The thing is that my evtdeviceresourcequery routine is not callbacked, so i can`t setup resources properly and so none interruption is called.

    Any insights about that ?

    Thanks again

    Monday, September 21, 2015 5:12 PM
  • The bus driver doesn't have resources for you, so you'll have to add the resources yourself using an EvtDeviceFilterAddResourceRequirements callback. You can find info on that here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, September 21, 2015 7:13 PM
    Moderator
  • The bus driver doesn't have resources for you, so you'll have to add the resources yourself using an EvtDeviceFilterAddResourceRequirements callback.

    I tried this but the callback wasn`t called too. From what I understand, it should be called right after I create an interruption object.
    Tuesday, September 22, 2015 4:10 PM
  • How did you request the callback?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, September 22, 2015 11:08 PM
    Moderator
  • Trying to explain better: I instantiate the WDF example from Visual Studio. On EvtDeviceAdd I declared and initiated WDF_FDO_EVENT_CALLBACKS, and set:     resource.EvtDeviceFilterAddResourceRequirements=MyDeviceFilterAddResourceRequirements;

    (and called WdfFdoInitSetEventCallbacks)

    After that comes the default CreateDevice and then I create an interruption:

    WDF_INTERRUPT_CONFIG_INIT(&interruptConfig, EvtInterruptIsr, NULL ); and
    status = WdfInterruptCreate(device,&interruptConfig,NULL,&interrupthandler);

    Both callbacks (interrupt and resources add) just DbgPrint(FUNCTION_NAME_CALLED)

    From what I understand, as soon as I call InterruptCreate, the resource callback would be called to fill resources needed. After that, interrupts would be functional.

    However, Checking from DbgView, I can only see my Dbgprint of entering and leaving EvtDeviceAdd, and no callback or interrupt DBG message is printed.

    As I'm newer to such development, i can have made some mistakes. Feel free to point and ask me.

    Thanks in advance.

    Tuesday, September 22, 2015 11:31 PM
  • I'm really confused. I'm installing it through device manager.

    I checked WDK examples, I found PLX9x5x driver creating interrupt objects but not handling hardware resources. Are there any other example i could check ?

    An additional detail i noticed is my prepare/release hardware and entry/exitD0 callbacks are called, but my interruptenable not. From MSDN, "The framework calls the driver's EvtInterruptEnable callback function each time the device enters its working (D0) state."

    Thanks again

    • Edited by Botacin Thursday, September 24, 2015 2:42 PM adding more information
    Thursday, September 24, 2015 2:09 PM
  • I think I got what was going on. I have to implement ALL callbacks in order to work. As a did it, most of them started  being called. This is not on MSDN material, so i don't know it should be like that or just is something wrong with my environment. Anyway, now i can fill hardware resources.

    Marcus

    Thursday, September 24, 2015 3:11 PM
  • I asked one of the I/O architects, and here is his response:

    The short answer is that he can probably get what he wants by pretending to have a message-signaled interrupt on a pretend device and then programming the APIC to use that vector.  Of course, it will break with any machine with an I/O MMU enabled.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    I finally got success on settting up hardware resources on my device driver. I attempted to register both LineBased and MessageInterrupt.

    On LineBased, as expected, IRQ 254 is considered already in use by APIC, and no resource is assigned.

    On Message Interrupt, resources are succesfully assigned. However, the system choice is 0xFFFFFFF5 (-11) IRQ.

    I would like to know how to proceed from here: How to say APIC to call me on the assigned IRQ as suggested ?

    Thanks again,

    Marcus

    Tuesday, September 29, 2015 4:55 PM
  • You need to connect the ISR to the interrupt using WdfInterruptCreate. Look at the PCIDRV sample for an example on how to do this.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, September 29, 2015 8:22 PM
    Moderator
  • You need to connect the ISR to the interrupt using WdfInterruptCreate. Look at the PCIDRV sample for an example on how to do this.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Thanks for answering but I already did it, it's successfully registered, InterruptEnable callback is called. Maybe i didn't state my doubt properly:

    From what I get from Intel's Manual, the interrupt is generated on Local Vector Table of performance counter. I checked performance counter LVT, and its vector is 254. I imagine that I should to have IRQ 254 as my resource, once WdfInterruptCreate will use this. The fact is that the value assigned by PnP is other than 254. I would like to know how to match these ones.

    Thanks again

    Tuesday, September 29, 2015 9:46 PM
  • Remember, this is not guaranteed to work and is an unsupported use of the APIs. There are a lot of potential reasons why this might not work: perhaps the interrupt is mapped to another vector, or the APIs are detecting that the vector is already in use. It is very hard to say how to proceed at this point.

    If you were one of my clients, I'd have to spend many hours looking through the sources to see if this is even possible, and then if so, how to force the system to do what you want. Since I'm not being paid, I cannot spend that kind of time on a forum question. Sorry.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, September 29, 2015 9:55 PM
    Moderator
  • Remember, this is not guaranteed to work and is an unsupported use of the APIs. There are a lot of potential reasons why this might not work: perhaps the interrupt is mapped to another vector, or the APIs are detecting that the vector is already in use. It is very hard to say how to proceed at this point.

    If you were one of my clients, I'd have to spend many hours looking through the sources to see if this is even possible, and then if so, how to force the system to do what you want. Since I'm not being paid, I cannot spend that kind of time on a forum question. Sorry.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    I though there was an stardand way. If not, OK. I understand.

    Thanks anyway.

    Wednesday, September 30, 2015 1:35 PM