none
IDT entry and ISR RRS feed

  • Question

  • Hi, 

    When i dump the x64 IDT table using !idt command the output displays in this format.

    VectorNumber,  Offset_XYZ,    IsrFunctionName

    The disassembly at address Offset_XYZ not containing the IsrFunctionName code, but something else.

    So my question is, what exactly the Offset_XYZ contains?

    Monday, November 2, 2015 4:29 AM

Answers

  • Windows has code it needs to execute as part of the ISR processing.  For example PCI interrupts are shared, so why do you think your ISR would be in the vector?

    It really is time to get the Windows Internals books are start reading, instead of just asking questions on the forums.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com


    Monday, November 2, 2015 12:12 PM

All replies

  • Windows has code it needs to execute as part of the ISR processing.  For example PCI interrupts are shared, so why do you think your ISR would be in the vector?

    It really is time to get the Windows Internals books are start reading, instead of just asking questions on the forums.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com


    Monday, November 2, 2015 12:12 PM
  • Ok finally i got the flow. 

    The IDT entry first items contains some stub offset, this stub code invokes the KiIinterruptDispatch routine passing the interrupt object and trap frame. From this point onwards the real interrupt processing happens. 

    From the stub code offset which is specified in the IDT gate descriptor, OS can calculate InterruptObject address. 

    Tuesday, November 3, 2015 3:48 PM