Windows exception handling process

SoBeIt

Let's talk about the difference between exceptions and interruptions. An interruption can occur at any time, regardless of the instructions being executed by the CPU. the interruption is mainly caused by hardware such as the I/O device, processor clock, or timer, and can be allowed or canceled. The exception is caused by CPU execution of certain commands, including memory access violations, Division of 0 or specific Debugging commands. The kernel also regards the system service as an exception. The underlying difference between an interrupt and an exception is that an interrupt (including an exception and a hardware interrupt) in a broad sense) if it is not set in the service register when it occurs (use the command code 0xb to read the port 0x20 from the 8259-1 interrupt controller to the service register 1, and use 0xb to read the port 0xa0 from the 8259-2 interrupt controller to the service register 2) the related in-service bit (each in the service register has 8 bits, which corresponds to a total of IRQ 0-15) is the CPU exception, otherwise the hardware is interrupted.

The following is the definition of the INTEL x86 processor in WINDOWS2000. The first few items in IDT are registered as corresponding exception handling programs (different operating systems have different implementation standards, the information provided here is different from other materials because it is a specific implementation of windows ):

Reason of Interrupt number name
0x0 Division Error 1. DIV and IDIV commands except 0
2. division result Overflow
0x1 debugging Trap 1. TF position of EFLAG
2. Execute the breakpoint set to the debug register (DR0-DR4)
3. Execute the INT 1 command.
0x2 NMI interrupt positions the NMI input pin of the CPU (this exception is retained because the hardware is unshielded)
0x3 breakpoint execute INT 3 command
0x4 integer overflow execute INTO command and OF location
0x5 BOUND check error BOUND command compares values outside the specified range
0x6 invalid operation code cannot be identified
0x7 coprocessor unavailable 1. execute any coprocessor commands when the EM position of CR0
2. Environment switching is performed when the coprocessor is working.
0x8 double exception handling exception another exception occurs
0x9 co-processor segment out of limit floating point instruction Reference Memory exceeds end of segment
Invalid 0xA task segment the descriptor contained in the task segment is invalid (windows does not
When TSS is used for Environment switching, this exception indicates other problems)
0 x B segment does not have referenced segment replaced by memory
0xC stack Error 1. The referenced memory exceeds the stack segment limit.
2. Add the present position of the descriptor loaded into the SS register to 0
0xD general protective error all exceptions that cannot be handled by other exception handling routines
0xE page Error 1. The accessed address is not swapped into the memory
2. Access Operations violate page protection rules
0x10 indicates that the WAIT or ESCape command is executed when the EM position of CR0 is incorrect in the coprocessor.
0x11 alignment check error alignment check when enabled (EFLAG alignment position) access non-alignment data

Other exceptions include getting the system startup time service int 0x2a, user callback int 0x2b, System Service int 0x2e, debugging service int 0x2d, and other systems used to implement their own functions, the trigger method is to execute the corresponding int command.

Here are several important structures for exception handling:

Trap frame TrapFrame structure (the exception frame predictionframe structure mentioned later is actually a KTRAP_FRAME structure ):

Typedef struct _ KTRAP_FRAME {
ULONG DbgEbp;
ULONG DbgEip;
ULONG DbgArgMark;
ULONG DbgArgPointer;
ULONG TempSegCs;
ULONG TempEsp;
ULONG Dr0;
ULONG Dr1;
ULONG Dr2;
ULONG Dr3;
ULONG Dr6;
ULONG Dr7;
ULONG SegGs;
ULONG SegEs;
ULONG SegDs;
ULONG Edx;
ULONG Ecx;
ULONG Eax;
ULONG PreviousPreviousMode;
PEXCEPTION_REGISTRATION_RECORD ExceptionList;
ULONG SegFs;
ULONG Edi;
ULONG Esi;
ULONG Ebx;
ULONG Ebp;
ULONG ErrCode;
ULONG Eip;
U