How to register an NMI handler?

NTDEV
1

On our system, we have a watchdog timer, such that if the host (running NT
4.0) ever stops responding, it will first issue an NMI (via an ISA IOCHCHK)
and will eventually reset the system. The reason for the NMI is that if we
are running a debugger (SoftICE), it will hopefully pop into whatever is
hanging the system (ISR loop, etc.).

If there is no debugger running, however, it causes a hard error. This is
NOT a “blue screen”, and I think it only gives the hard error blue screen
for a few events, such as parity errors, bus errors, and NMI. I can tell
that it’s not a “normal” blue screen because it looks different, and also my
driver doesn’t get a callback via the KeRegisterBugCheckCallback mechanism
(which works fine with normal blue screens).

I figure that if the debugger can do it, there must be a way for me to
register with NT to “catch” the NMI.

Does anyone know what to register with IoConnectInterrupt /
HalGetInterruptVector (on an x86 NT 4.0 system) to get the NMI? Failing
that, is there another way to do it?

Thanks for any assistance!

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

The only way is to hook the NMI interrupt in IDT directly. In NT SMP
systems, every CPU has it’s own IDT table. Thus, your hooking code must
address this issue and ensure interrupt handler coheerncy on all CPUs. This
is how the debugger does it. By default, in Windows NT the gate for Int02
is a task gate. There is no documented way to hook the IDTs directly under
Windows NT, and no undocumented API exist for this purpose. You must write
your own code.

----- Original Message -----
From: “Taed Wynnell”
To: “NT Developers Interest List”
Sent: Thursday, July 12, 2001 1:11 AM
Subject: [ntdev] How to register an NMI handler?

> On our system, we have a watchdog timer, such that if the host (running NT
> 4.0) ever stops responding, it will first issue an NMI (via an ISA
IOCHCHK)
> and will eventually reset the system. The reason for the NMI is that if
we
> are running a debugger (SoftICE), it will hopefully pop into whatever is
> hanging the system (ISR loop, etc.).
>
> If there is no debugger running, however, it causes a hard error. This is
> NOT a “blue screen”, and I think it only gives the hard error blue screen
> for a few events, such as parity errors, bus errors, and NMI. I can tell
> that it’s not a “normal” blue screen because it looks different, and also
my
> driver doesn’t get a callback via the KeRegisterBugCheckCallback mechanism
> (which works fine with normal blue screens).
>
> I figure that if the debugger can do it, there must be a way for me to
> register with NT to “catch” the NMI.
>
> Does anyone know what to register with IoConnectInterrupt /
> HalGetInterruptVector (on an x86 NT 4.0 system) to get the NMI? Failing
> that, is there another way to do it?
>
> Thanks for any assistance!
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: danp@jb.rdsor.ro
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

Also note that the HAL was changed to support debug via NMI somewhere
around NT4 SP5, i.e., SP3 behaves differently from SP6 WRT NMI.

-DH

Dave Harvey, System Software Solutions, Inc.
617-964-7039, FAX 208-361-9395, xxxxx@syssoftsol.com, http://www.syssoftsol.com
Creators of RedunDisks - Robust RAID 1 for embedded systems.

----- Original Message -----
From: “Dan Partelly”
To: “NT Developers Interest List”
Sent: Wednesday, July 11, 2001 6:54 PM
Subject: [ntdev] Re: How to register an NMI handler?

> The only way is to hook the NMI interrupt in IDT directly. In NT SMP
> systems, every CPU has it’s own IDT table. Thus, your hooking code must
> address this issue and ensure interrupt handler coheerncy on all CPUs. This
> is how the debugger does it. By default, in Windows NT the gate for Int02
> is a task gate. There is no documented way to hook the IDTs directly under
> Windows NT, and no undocumented API exist for this purpose. You must write
> your own code.
>
> ----- Original Message -----
> From: “Taed Wynnell”
> To: “NT Developers Interest List”
> Sent: Thursday, July 12, 2001 1:11 AM
> Subject: [ntdev] How to register an NMI handler?
>
>
> > On our system, we have a watchdog timer, such that if the host (running NT
> > 4.0) ever stops responding, it will first issue an NMI (via an ISA
> IOCHCHK)
> > and will eventually reset the system. The reason for the NMI is that if
> we
> > are running a debugger (SoftICE), it will hopefully pop into whatever is
> > hanging the system (ISR loop, etc.).
> >
> > If there is no debugger running, however, it causes a hard error. This is
> > NOT a “blue screen”, and I think it only gives the hard error blue screen
> > for a few events, such as parity errors, bus errors, and NMI. I can tell
> > that it’s not a “normal” blue screen because it looks different, and also
> my
> > driver doesn’t get a callback via the KeRegisterBugCheckCallback mechanism
> > (which works fine with normal blue screens).
> >
> > I figure that if the debugger can do it, there must be a way for me to
> > register with NT to “catch” the NMI.
> >
> > Does anyone know what to register with IoConnectInterrupt /
> > HalGetInterruptVector (on an x86 NT 4.0 system) to get the NMI? Failing
> > that, is there another way to do it?
> >
> > Thanks for any assistance!
> >
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: danp@jb.rdsor.ro
> > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@syssoftsol.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

Well , the debugger support, if you can call that support, added to NMI is
ignored by NTICE which completly takes over the NMI. All this debugger
support does is to enter MS kernel debugger if the debugger is enable by
calling KeEnterKernelDebugger. Also, I know for sure that in Windows 2000
there is a flag which
controls if the NMI handler will bugcheck the system, which is controled by
the folowing registry key:

\Registry\Machine\System\CurrentControlSet\Control\CrashControl\NMICrashDump

This flag control whatever the HAL NMI handler will issue a call to
KeBugCheckEx after displaying the usual “Hardware Malfunction” stuff on the
screen. I strobgly beleive that it is present in NT 4.0 HALs as well,
altough I dont have time to check it, thing which explains why the original
poster does not have a crash dump and a regular BSOD. If this flag is
enabled, KeBugCheckEx will bring down the system in the regular way. But all
this is nothing you have to worry about
if you write your own NMI handler.

----- Original Message -----
From: “Dave Harvey”
To: “NT Developers Interest List”
Sent: Thursday, July 12, 2001 3:04 PM
Subject: [ntdev] Re: How to register an NMI handler?

> Also note that the HAL was changed to support debug via NMI somewhere
> around NT4 SP5, i.e., SP3 behaves differently from SP6 WRT NMI.
>
> -DH
> --------------------------------------------------------------------------
--------------------------------
> Dave Harvey, System Software Solutions, Inc.
> 617-964-7039, FAX 208-361-9395, xxxxx@syssoftsol.com,
http://www.syssoftsol.com
> Creators of RedunDisks - Robust RAID 1 for embedded systems.
>
> ----- Original Message -----
> From: “Dan Partelly”
> To: “NT Developers Interest List”
> Sent: Wednesday, July 11, 2001 6:54 PM
> Subject: [ntdev] Re: How to register an NMI handler?
>
>
> > The only way is to hook the NMI interrupt in IDT directly. In NT SMP
> > systems, every CPU has it’s own IDT table. Thus, your hooking code must
> > address this issue and ensure interrupt handler coheerncy on all CPUs.
This
> > is how the debugger does it. By default, in Windows NT the gate for
Int02
> > is a task gate. There is no documented way to hook the IDTs directly
under
> > Windows NT, and no undocumented API exist for this purpose. You must
write
> > your own code.
> >
> > ----- Original Message -----
> > From: “Taed Wynnell”
> > To: “NT Developers Interest List”
> > Sent: Thursday, July 12, 2001 1:11 AM
> > Subject: [ntdev] How to register an NMI handler?
> >
> >
> > > On our system, we have a watchdog timer, such that if the host
(running NT
> > > 4.0) ever stops responding, it will first issue an NMI (via an ISA
> > IOCHCHK)
> > > and will eventually reset the system. The reason for the NMI is that
if
> > we
> > > are running a debugger (SoftICE), it will hopefully pop into whatever
is
> > > hanging the system (ISR loop, etc.).
> > >
> > > If there is no debugger running, however, it causes a hard error.
This is
> > > NOT a “blue screen”, and I think it only gives the hard error blue
screen
> > > for a few events, such as parity errors, bus errors, and NMI. I can
tell
> > > that it’s not a “normal” blue screen because it looks different, and
also
> > my
> > > driver doesn’t get a callback via the KeRegisterBugCheckCallback
mechanism
> > > (which works fine with normal blue screens).
> > >
> > > I figure that if the debugger can do it, there must be a way for me to
> > > register with NT to “catch” the NMI.
> > >
> > > Does anyone know what to register with IoConnectInterrupt /
> > > HalGetInterruptVector (on an x86 NT 4.0 system) to get the NMI?
Failing
> > > that, is there another way to do it?
> > >
> > > Thanks for any assistance!
> > >
> > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: danp@jb.rdsor.ro
> > > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@syssoftsol.com
> > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: danp@jb.rdsor.ro
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

5

The replies to my question about handling an NMI generated via an ISA
IOCHCHK were right on the money – it’s not supported and it’s not simple.
However, here’s more information about how I finally solved my problem…

First, there’s an old post that gives code for registering an NMI handler on
a single-processor x86. I tried it, and it works just fine. Thanks, Chris
Budd!
http://www.ntdev.org/archive/ntdev9809/msg0074.html

However, the solution that works best for me – because all I really wanted
was the opportunity to have my KeRegisterBugCheckCallback routine run – was
to use the Windows 2000 Dump Switch support. This is described at
http://www.microsoft.com/hwdev/debugging/dmpsw.htm. “But,” you say, “aren’t
you running Windows NT?” Yes, but I got to thinking that maybe it was in NT
4.0 as well (all sorts of Windows 2000 debugging things were stuck into SP
4). So I searched the HAL and NTOSKRNL symbol tables and executables for
“NMI”, and I eventually found “NMICrashDump” and “HalpNMIDumpFlag”, as
described in the article. After following the steps in the article, it did
exactly what I wanted – did a KeBugCheck after handling the NMI.

Problem solved… twice!

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com