I have a question about Interrupt handler.

[bwahn]

In "reactos/ntoskrnl/ke/i386/irq.c",

There are the interrupt code :

#define BUILD_COMMON_INTERRUPT_HANDLER() \
__asm__( \
"_KiCommonInterrupt:\n\t" \
"cld\n\t" \
"pushl %ds\n\t" \
"pushl %es\n\t" \
"pushl %fs\n\t" \
"pushl %gs\n\t" \
"movl $0xceafbeef,%eax\n\t" \
"pushl %eax\n\t" \
"movl $" STR(KERNEL_DS) ",%eax\n\t" \
"movl %eax,%ds\n\t" \
"movl %eax,%es\n\t" \
"movl %eax,%gs\n\t" \
"movl $" STR(PCR_SELECTOR) ",%eax\n\t" \
"movl %eax,%fs\n\t" \
"pushl %esp\n\t" \
"pushl %ebx\n\t" \
"call _KiInterruptDispatch\n\t" \
"popl %eax\n\t" \
"popl %eax\n\t" \
"popl %eax\n\t" \
"popl %gs\n\t" \
"popl %fs\n\t" \
"popl %es\n\t" \
"popl %ds\n\t" \
"popa\n\t" \
"iret\n\t");

In above code, I will try to change the interrupt chain, as follow.


_declspec(naked)
BuildInterruptHandler()
{
__asm {
pushad
push ds
push es
push fs
push gs
mov eax, 0xceafbeef
push eax
mov ax, KERNEL_DS
mov ds, ax
mov es, ax
mov gs, ax
mov ax, PCR_SELECTOR
mov fs, ax
call InterruptDispatch
mov eax, cs:g_oldornew
cmp eax, 0
jz short rtn_orign
jmp short rtn_new
rtn_orign:
pushad
push ds
push es
push fs
push gs
mov eax, 0x5342beef // I don't know what it means.
push eax
mov ax, KERNEL_DS
mov ds, ax
mov es, ax
mov gs, ax
mov ax, 0x30
mov fs, ax
jmp dword ptr cs:[OldIntHandler]
pop eax
pop gs
pop fs
pop es
pop ds
popad
iretd
rtn_new:
pop eax
pop gs
pop fs
pop es
pop ds
popad
iretd
}

interrupt has possibly int1 - 255.
It branch with a "g_oldornew" variable.
The branch of "rtn_new :" are very well process.
but, branch of "rtn_old" are very bad. it has windbg dump.

dump message :
*** Fatal System Error: 0x0000007f
(0x0000000D,0x00000000,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)
Bugcheck code 0000007F
Arguments 0000000d 00000000 00000000 00000000

ChildEBP RetAddr Args to Child
80471344 8042a9e3 00000003 8047138c 0000000d nt!RtlpBreakWithStatusInstruction
80471374 8042afd6 00000003 8046d630 8046d8c0 nt!KiBugCheckDebugBreak+0x31
80471700 8046846a 0000007f 0000000d 00000000 nt!KeBugCheckEx+0x390
80471700 804656d7 0000007f 0000000d 00000000 nt!KiSystemFatalException+0xe
80471820 00000000 ceafbeef 80460000 00060030 nt!KiExceptionExit+0xab
WARNING: Frame IP not in any known module. Following frames may be wrong.
ffdf001f ffffb490 ffffb4ff 4c014cff 3a004301 0x0
00000000 00000000 00000000 00000000 00000000 0xffffb490


----------
after "jmp dword ptr cs:[OldIntHandler]" processing,
maybe will die?

where can i fix it?

please, advice me

thanks

Code: Select all

[logan_V8]

Hi!,
hmm i think that the code after the jmp "jmp dword ptr cs:[OldIntHandler]" will never get executed (the code will return from the old interrupt handler and you already pushed some things on the stack. This will corrupt the stack pointer ). Maybe you could do a call or something. As i'm not very involved with ReactOS you are better off making this type of question to the ros-dev mailing list!

bye and good luck,
Logan_V8