The IDT extension mechanism of analytic Windows2000

Source: Internet
Author: User

Today we talk about the expansion of the interrupt mechanism under Windows 2000, first of all, that the techniques mentioned in this article are not what I found, but that I learned a little bit in the process of learning the Windows kernel in order to provide some useful information to my friends who have just stepped into the bottom of Windows. At the same time, incidentally recorded their own learning process. If you are a master of Windows kernel, also hope to have time to give a lot of guidance to us these juniors; If you are also a beginner, also welcome to our FZ5FZ website to exchange discussion! Well, let's go straight to the point, and if you don't know enough about the interruption, it's going to be an exciting journey.

Introduction to 1> windows trap mechanism

Traps are an indispensable system mechanism in Windows systems. When there is an interruption (hardware interruption or software interruption) in the system, the processor captures the action and transfers the control of the system to a fixed handler to handle the operation accordingly. Before the processor starts processing the interrupt or exception that occurred, you must save some of the processor environment parameters to the stack for use during System Restore. The system is implemented by means of a trap frame, which saves the environment data of all threads in the system to the kernel stack (Kernel stack) and restores the execution point in the system control flow through the stack mechanism after execution. The trap mechanism in the kernel is divided into interrupts and exceptions. Interrupts are asynchronous events that occur immediately in the system, regardless of the current system's processor state. At the same time, the interrupt in the system can be divided into the shielding interrupt and the non shielding interrupt. An exception is a synchronization event, where exceptions can recur and interrupts are not possible. Interrupts can also be divided into hardware interrupts and software outages. It is obvious that hardware interrupts are hardware-related, such as some operations performed by I/O devices, processor clocks, or processing on hardware ports. Software interrupts are introduced through interrupt instruction int XX, which is often the code that the application enters the operating system after the user mode is executed, and the system provides a variety of system services to the user. For example, the system service call, which we mentioned last time, was implemented under Windows nt/2000 via software interrupt int 0x2e (System service Interrupt), although in Windows xp/ 2003 Microsoft uses a "Fast system call Interface" to provide system services to users, but a large number of interrupt services still exist in the system.



2> interrupt processing and its related processes

Here we discuss the data structures associated with a particular processor, so there are some porting problems, this article is only for Intel's x86 family processors, and the programs included with this article only support normal execution on Intel x86 processors. What is IDT? The IDT (Interrupt descriptor table) is called the Interrupt descriptor table. It is an array of 8,192 cells, and each member of the array is a 8-byte segment descriptor called a "door". The doors in IDT can be divided into three types: Interrupt doors (interrrupt gate), Trap gates (Trap Gate), and task gate, but mainly interrupt doors and trap doors. And there is only a slight difference between them, we only care about the interrupt door in the IDT, if you are interested in this aspect, please refer to the Intel processor related documentation "Intel architecture Software Developer ' s Manual,volume 3 ". At the same time, there is an interrupt descriptor register (IDTR) in the system, which contains the base address of the system interrupt descriptor and IDT information, which is closely related to a compilation instruction Sidt. As we'll see below, it is the foundation and key to our implementation of various interrupt descriptor extensions! It is also important to note that in the Windows system introduced paging, segmentation and virtual storage mechanism, there is a scheduling mechanism, will need to execute the code and data into the memory, the unwanted data transferred to the external storage (secondary memory, such as hard disk, etc.). If we were to execute some code and found that the data we needed was not in memory, a "page break" would be issued, and then the system would search the IDT for the interrupted ISR (Interrupt service routine, interrupt the services routine) and perform the appropriate transfer work. Can you imagine what it would be like if our interrupt descriptor was paged out to the external memory? At that time the system will not be able to locate the "page break" service routines, so the system will crash!

In the Interrupt Descriptor table, we've just mentioned an interesting register IDTR, and of course we're more concerned with the data that is more direct to us: The code snippet selector in the IDT (Codes Segment Selector), the offset of the interrupt execution code and interrupt descriptor permission levels (descriptor privilege level) parameters. Let's look at the execution flow of the interrupt instruction, we should know that the application executes under User mode (Ring 3), and the interrupt descriptor is in the system address space that the kernel mode (ring 0) can access. After a software outage occurs, that is, after the application invokes a software interrupt instruction, the processor first retrieves the incoming interrupt number in the IDT, finds the response's entry unit, and checks the interrupt gate's permission level parameters to see if the application calls under Ring 3 are allowed. This allows the operating system to retain the power to control the software interrupt invocation, while hardware interrupts and exceptions are not concerned with information about permissions. If the current permission level (Privilge level,cpl) value is greater than the permissions required for the interrupt Gate descriptor (descriptor Privilege level), a generic protection failure can be caused by insufficient permissions (general Protection Fault), whereas switching the processor from the user stack to the kernel stack. Now is the time to save the thread environment, and the processor will push the stack pointer (SS:ESP) and standard interrupt frames (EFlags and CS:EIP) into the stack in user mode. The processor then enters our interrupt service routine, executes the associated code, and returns to the invoked application via assembly instruction Iretd. When the instruction IRETD executes, the system will store the thread environment data stack restore on the stack, and then execute the application's subsequent code after the system resumes the environment before the interrupt instruction is executed.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.