How to "fake an interrupt" ??????

Sorry for the post erros!!! Repost again.

Walter oney Programming the Microsoft Windows Driver Model:

Chapter 5 The I/O Request Packet:

The “Standard Model” for IRP Processing:

The StartIo Routine ???In fact, sometimes the easiest way to
commence a new operation is to store some state information in your device
extension and then fake an interrupt

But how to “fake an interrupt” ???

> But how to “fake an interrupt” ???

You can either request it via CPU’s Interrupt Command Register, or set up the stack properly (i.e. save CS and EFLAGS registers), disable interrupts and call interrupt handler stub, or just make INT n instruction…

However, if you want to simulate interrupt properly, you have to make sure that controller’s registers are in the appropriate state at the time when ISR reads them - otherwise, ISR will assume an error, and, instead of processing interrupt, will just return FALSE…

In any case, “faking interrupts” is not the thing you should normally do…

Anton Bassov

Oney is not suggesting touching the CPU’s interrupt command register or manually calling your ISR, or making your own INT call …that is all a bit overblown for the question asked. What Oney meant is that you synch to your interrupt’s IRQL using either KeSynchronizeExecution or KeAcquireInterruptSpinLock and touch the hardware to start the processing of the IRP.

Long FFang, if your device does not have interrupts, ignore this section. If it does, when processing a request you should initiate a hardware request that is appropriate for your device.

d

> Oney is not suggesting touching the CPU’s interrupt command register or manually

calling your ISR, or making your own INT call

Sure - this would be a bit too much for WDM book. Actually, even “Subverting kernel -Rootkits”
by Hoglund and Butler does not go that far…

> that is all a bit overblown for the question asked

Not really - the OP asked what “faking interrupts” is, so that I just explained to him what is actually needed to make the OS believe that interrupt has occured, and advised hom NOT to do anything like that…

> What Oney meant is that you synch to your interrupt’s IRQL using either KeSynchronizeExecution > or KeAcquireInterruptSpinLock and touch the hardware to start the processing of the IRP

This is what sometimes happens when people take a statement out of context it has been used in - instead of asking about X the OP asked about Y…

Anton Bassov

Without Walter’s book in front of me it is difficult to say exactly what
he meant by ‘fake an interrupt’. However my interpretation here is that
he did not mean to literally cause your isr to run as if an interrupt
had occurred. Instead I believe he meant to set up the appropriate state
for your device and then run your deferred interrupt routine (your dpc
routine), either by queueing a dpc request or by simply raising IRQL to
dispatch_level and calling your dpc routine directly, in order to have
the dpc routine convince the startio IRP processing mechanism to move
forward. A better idea is to not use the system queueing mechanism at
all and to use your own internal driver managed queues instead. However
I do not understand what circumstances Walter was referring to that
would cause one to not just call IoStartNextPacket on the next IO
completion processing event in the dpc routine.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Monday, March 19, 2007 5:06 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to “fake an interrupt” ???

Sorry for the post erros!!! Repost again.

Walter oney Programming the Microsoft Windows Driver Model:

Chapter 5 The I/O Request Packet:

The “Standard Model” for IRP Processing:

The StartIo Routine ???In fact, sometimes the easiest way
to
commence a new operation is to store some state information in your
device
extension and then fake an interrupt

But how to “fake an interrupt” ???


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

A fake SCSI miniport for a virtual device would be one place this is
applicable even if it is a bad design.

“Roddy, Mark” wrote in message news:xxxxx@ntdev…
Without Walter’s book in front of me it is difficult to say exactly what
he meant by ‘fake an interrupt’. However my interpretation here is that
he did not mean to literally cause your isr to run as if an interrupt
had occurred. Instead I believe he meant to set up the appropriate state
for your device and then run your deferred interrupt routine (your dpc
routine), either by queueing a dpc request or by simply raising IRQL to
dispatch_level and calling your dpc routine directly, in order to have
the dpc routine convince the startio IRP processing mechanism to move
forward. A better idea is to not use the system queueing mechanism at
all and to use your own internal driver managed queues instead. However
I do not understand what circumstances Walter was referring to that
would cause one to not just call IoStartNextPacket on the next IO
completion processing event in the dpc routine.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Monday, March 19, 2007 5:06 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to “fake an interrupt” ???

Sorry for the post erros!!! Repost again.

Walter oney Programming the Microsoft Windows Driver Model:

Chapter 5 The I/O Request Packet:

The “Standard Model” for IRP Processing:

The StartIo Routine ???In fact, sometimes the easiest way
to
commence a new operation is to store some state information in your
device
extension and then fake an interrupt

But how to “fake an interrupt” ???


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer