[Go] Interrupt

1. Breaking Basic concepts

What is interrupts. Let's make an analogy. When a manager is working on a file, the phone rings (interrupts the request), has to make a mark on the file (return address), suspend work, go to the phone (interrupt), and instruct the "Do it by the second program" (Interrupt Service program), then, then calm down (resume the pre-outage state), and then process the file ... Computer scientists have observed a similar example, "Foreign teacher materialization, endogenous heart source", borrowed these ideas, processing methods and names, developed a series of interrupt service program and its scheduling system.

Interrupts are an important technique for the CPU to handle external emergencies. It enables the CPU to process the interrupt request of the external event in time, and then returns the breakpoint immediately after processing, and continues the CPU's original work. The cause of the interruption or the source of the interrupt request is called the interrupt source. Depending on the source of the interruption, interrupts can be divided into two categories, hardware interrupts and software interrupts, and hardware interrupts can be divided into external interrupts and internal interrupts.

External interrupts generally refer to interrupt requests made by computer peripherals such as keyboard interrupts, printer interrupts, timer interrupts, and so on. An external interrupt is an interrupt that can be masked, that is, an interrupt controller can be used to block interrupt requests from these external devices.

Internal interrupts are interrupts caused by hardware errors (such as sudden power-down, parity errors, etc.) or errors in operations (divisor zero, operation overflow, single-step interrupt, etc.). An internal interrupt is a non-blocking interrupt.

Software interrupts are not really interrupts, they are just generic programs that can be invoked to execute. For example: the various external Device management interrupt service programs in the ROM BIOS (keyboard management interrupts, display management interrupts, printer management interrupts, etc.) and DOS system function calls (INT 21H) are software interrupts. In order to handle a concurrent interrupt request, the CPU specifies the priority of the interrupt, the order in which the interrupt priority is high to Low is: (1) Division error, overflow interrupt, software interrupt (2) unshielded interrupt (3) unshielded interrupt (4) Single-step interrupt.

2. Interruption and computer virus operating system is open, users can modify the expansion of the operating system, the computer to achieve new features.
One of the main ways to modify the operating system is to extend the interrupt function. Computers provide a lot of interruptions, and a reasonable and reasonable modification of interrupts will add useful new features to your computer. such as int 10H is the screen display interrupt, the original can only display Latin, and in a variety of Chinese character system can be modified by the INT 10H to enable the computer to display Chinese. On the other hand, the computer virus tampering interrupts for its reach, such as infection, excitation and other services, the important virus-related interrupts are: int 08H and int 1CH timer interrupt, 18.2 times per second, some viruses use their time-lapse to determine the excitation conditions. The INT 09H keyboard input is interrupted and the virus is used to monitor user keystrokes. INT 10H screen input and output interrupts, some viruses are used to display character graphics on the screen to express themselves. INT 13H disk input/output interrupt, boot virus for infectious disease virus and formatted disk. The Int 21H dos function call, which contains most of DOS functions, has been found by most file type virus modified int 21H interrupt, so it becomes the focus of anti-virus monitoring. The serious error handling of the INT 24H dos is interrupted, and the file type virus is often modified to prevent the infection from being discovered when writing to protect the disk.

The entry address of the interrupt subroutine is stored at the lowest end of the computer's memory, the virus steals and modifies the interrupted population address to gain control of the interruption, inserting the "Sihuo" of the virus during the interrupt service.

In short, interrupts can be modified by the user program, which allows the interrupt service program to be replaced by the user-specified program. This is greatly convenient for users, but also to the computer virus makers to exploit. It is by modifying interrupts so that the interrupt points to the virus itself for seizures and infections.