Is there such a thing that is called "Interrupt Trap Handler" that is not ISR??

NTDEV
1

This is my computer’s idt:

lkd> !idt

Dumping IDT:

00: fffff800032c6f40 nt!KiDivideErrorFault
01: fffff800032c7040 nt!KiDebugTrapOrFault
02: fffff800032c7200 nt!KiNmiInterruptStart Stack = 0xFFFFF80000BA7000

03: fffff800032c7580 nt!KiBreakpointTrap
04: fffff800032c7680 nt!KiOverflowTrap
05: fffff800032c7780 nt!KiBoundFault
06: fffff800032c7880 nt!KiInvalidOpcodeFault
07: fffff800032c7ac0 nt!KiNpxNotAvailableFault
08: fffff800032c7b80 nt!KiDoubleFaultAbort Stack = 0xFFFFF80000BA5000

09: fffff800032c7c40 nt!KiNpxSegmentOverrunAbort
0a: fffff800032c7d00 nt!KiInvalidTssFault
0b: fffff800032c7dc0 nt!KiSegmentNotPresentFault
0c: fffff800032c7f00 nt!KiStackFault
0d: fffff800032c8040 nt!KiGeneralProtectionFault
0e: fffff800032c8180 nt!KiPageFault
10: fffff800032c8540 nt!KiFloatingErrorFault
11: fffff800032c86c0 nt!KiAlignmentFault
12: fffff800032c87c0 nt!KiMcheckAbort Stack = 0xFFFFF80000BA9000

13: fffff800032c8b40 nt!KiXmmException
1f: fffff800032bcdb0 nt!KiApcInterrupt
2c: fffff800032c8d00 nt!KiRaiseAssertion
2d: fffff800032c8e00 nt!KiDebugServiceTrap
2f: fffff80003314f90 nt!KiDpcInterrupt
37: fffff80003232090 hal!HalpApicSpuriousService (KINTERRUPT fffff80003232000)
3f: fffff80003232130 hal!HalpApicSpuriousService (KINTERRUPT fffff800032320a0)
50: fffff80003232270 hal!HalpCmciService (KINTERRUPT fffff800032321e0)
51: fffffa8005055750 i8042prt!I8042MouseInterruptService (KINTERRUPT fffffa80050556c0)
61: fffffa8005055810 i8042prt!I8042KeyboardInterruptService (KINTERRUPT fffffa8005055780)
62: fffffa8005055b10 HDAudBus!HdaController::Isr (KINTERRUPT fffffa8005055a80)
72: fffffa8005055990 USBPORT!USBPORT_InterruptService (KINTERRUPT fffffa8005055900)
82: fffffa80050558d0 Impcd+0x9950 (KINTERRUPT fffffa8005055840)
92: fffffa8005055ed0 iaStor+0x2D5E8 (KINTERRUPT fffffa8005055e40)
a2: fffffa8005055a50 ndis!ndisMiniportIsr (KINTERRUPT fffffa80050559c0)
b0: fffffa8005055bd0 ndis!ndisMiniportMessageIsr (KINTERRUPT fffffa8005055b40)
b1: fffffa8005055f90 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT fffffa8005055f00)
b2: fffffa8005055e10 HECIx64+0x1008 (KINTERRUPT fffffa8005055d80)
USBPORT!USBPORT_InterruptService (KINTERRUPT fffffa8005055c00)
dxgkrnl!DpiFdoLineInterruptRoutine (KINTERRUPT fffffa8005055600)
HDAudBus!HdaController::Isr (KINTERRUPT fffffa8005055cc0)
c1: fffff80003232450 hal!HalpBroadcastCallService (KINTERRUPT fffff800032323c0)
d1: fffff800032324f0 hal!HalpHpetClockInterrupt (KINTERRUPT fffff80003232460)
d2: fffff80003232590 hal!HalpHpetRolloverInterrupt (KINTERRUPT fffff80003232500)
df: fffff800032323b0 hal!HalpApicRebootService (KINTERRUPT fffff80003232320)
e1: fffff800032d3f50 nt!KiIpiInterrupt
e2: fffff80003232310 hal!HalpDeferredRecoveryService (KINTERRUPT fffff80003232280)
e3: fffff800032321d0 hal!HalpLocalApicErrorService (KINTERRUPT fffff80003232140)
fd: fffff80003232630 hal!HalpProfileInterrupt (KINTERRUPT fffff800032325a0)
fe: fffff800032326d0 hal!HalpPerfInterrupt (KINTERRUPT fffff80003232640)
ff: 0000000000000000

Windows Internals book says:
“The kernel installs interrupt trap handlers to respond to device interrupts. Interrupt trap handlers transfer control either to an external routine (the ISR) that handles the interrupt or to an internal kernel routine that responds to the interrupt. Device drivers supply ISRs to service device interrupts, and the kernel provides interrupt-handling routines for other types of interrupts.”

Aren’t ndis!ndisMiniportIsr or i8042prt!I8042KeyboardInterruptService or hal!HalpLocalApicErrorService ISRs?

It looks, according to W.I. book, there are 2 things for interrupt handling:

1-) Interrupt Trap Handlers (according to W.I, which transfer control to ISR)
2-) ISRs.

But I know that when an interrupt occurs, CPU immediately looks IDT, there can’t be any routine before IDT’s routines. What I understand is from Windbg’s IDT output is they are all ISRs.

So, For interrupt handling. There is just one thing: -As can be seen windbg output- ISRs. And their code are what device developers’ compiled.

There is not a such thing that is called Interrupt trap handler that is executed before ISRs. (Because, after exception or interrupt is starting to handle by CPU, there can’t be any routine that can be called before IDT’s routines)

Am I completely right?

2

OK. I found the answer.

Yes, there is such a thing interrupt trap handler and it is KiInterruptDispatch which is called by KiInterruptTemplate .

windows kernel fills idt with KiInterruptTemplate but windbg lists the related KINTERRUPT.ServiceRoutines.

3

The !idt command shows the “OS level” handlers installed for
particular IDT entries. So you understand it
correctly, these are not raw trap handlers. It’s just a little magic of
the tools.
– pa

On 20-Jul-2012 22:41, xxxxx@gmail.com wrote:

This is my computer’s idt:

lkd> !idt

Dumping IDT:

00: fffff800032c6f40 nt!KiDivideErrorFault
01: fffff800032c7040 nt!KiDebugTrapOrFault
02: fffff800032c7200 nt!KiNmiInterruptStart Stack = 0xFFFFF80000BA7000

03: fffff800032c7580 nt!KiBreakpointTrap
04: fffff800032c7680 nt!KiOverflowTrap
05: fffff800032c7780 nt!KiBoundFault
06: fffff800032c7880 nt!KiInvalidOpcodeFault
07: fffff800032c7ac0 nt!KiNpxNotAvailableFault
08: fffff800032c7b80 nt!KiDoubleFaultAbort Stack = 0xFFFFF80000BA5000

09: fffff800032c7c40 nt!KiNpxSegmentOverrunAbort
0a: fffff800032c7d00 nt!KiInvalidTssFault
0b: fffff800032c7dc0 nt!KiSegmentNotPresentFault
0c: fffff800032c7f00 nt!KiStackFault
0d: fffff800032c8040 nt!KiGeneralProtectionFault
0e: fffff800032c8180 nt!KiPageFault
10: fffff800032c8540 nt!KiFloatingErrorFault
11: fffff800032c86c0 nt!KiAlignmentFault
12: fffff800032c87c0 nt!KiMcheckAbort Stack = 0xFFFFF80000BA9000

13: fffff800032c8b40 nt!KiXmmException
1f: fffff800032bcdb0 nt!KiApcInterrupt
2c: fffff800032c8d00 nt!KiRaiseAssertion
2d: fffff800032c8e00 nt!KiDebugServiceTrap
2f: fffff80003314f90 nt!KiDpcInterrupt
37: fffff80003232090 hal!HalpApicSpuriousService (KINTERRUPT fffff80003232000)
3f: fffff80003232130 hal!HalpApicSpuriousService (KINTERRUPT fffff800032320a0)
50: fffff80003232270 hal!HalpCmciService (KINTERRUPT fffff800032321e0)
51: fffffa8005055750 i8042prt!I8042MouseInterruptService (KINTERRUPT fffffa80050556c0)
61: fffffa8005055810 i8042prt!I8042KeyboardInterruptService (KINTERRUPT fffffa8005055780)
62: fffffa8005055b10 HDAudBus!HdaController::Isr (KINTERRUPT fffffa8005055a80)
72: fffffa8005055990 USBPORT!USBPORT_InterruptService (KINTERRUPT fffffa8005055900)
82: fffffa80050558d0 Impcd+0x9950 (KINTERRUPT fffffa8005055840)
92: fffffa8005055ed0 iaStor+0x2D5E8 (KINTERRUPT fffffa8005055e40)
a2: fffffa8005055a50 ndis!ndisMiniportIsr (KINTERRUPT fffffa80050559c0)
b0: fffffa8005055bd0 ndis!ndisMiniportMessageIsr (KINTERRUPT fffffa8005055b40)
b1: fffffa8005055f90 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT fffffa8005055f00)
b2: fffffa8005055e10 HECIx64+0x1008 (KINTERRUPT fffffa8005055d80)
USBPORT!USBPORT_InterruptService (KINTERRUPT fffffa8005055c00)
dxgkrnl!DpiFdoLineInterruptRoutine (KINTERRUPT fffffa8005055600)
HDAudBus!HdaController::Isr (KINTERRUPT fffffa8005055cc0)
c1: fffff80003232450 hal!HalpBroadcastCallService (KINTERRUPT fffff800032323c0)
d1: fffff800032324f0 hal!HalpHpetClockInterrupt (KINTERRUPT fffff80003232460)
d2: fffff80003232590 hal!HalpHpetRolloverInterrupt (KINTERRUPT fffff80003232500)
df: fffff800032323b0 hal!HalpApicRebootService (KINTERRUPT fffff80003232320)
e1: fffff800032d3f50 nt!KiIpiInterrupt
e2: fffff80003232310 hal!HalpDeferredRecoveryService (KINTERRUPT fffff80003232280)
e3: fffff800032321d0 hal!HalpLocalApicErrorService (KINTERRUPT fffff80003232140)
fd: fffff80003232630 hal!HalpProfileInterrupt (KINTERRUPT fffff800032325a0)
fe: fffff800032326d0 hal!HalpPerfInterrupt (KINTERRUPT fffff80003232640)
ff: 0000000000000000

Windows Internals book says:
“The kernel installs interrupt trap handlers to respond to device interrupts. Interrupt trap handlers transfer control either to an external routine (the ISR) that handles the interrupt or to an internal kernel routine that responds to the interrupt. Device drivers supply ISRs to service device interrupts, and the kernel provides interrupt-handling routines for other types of interrupts.”

Aren’t ndis!ndisMiniportIsr or i8042prt!I8042KeyboardInterruptService or hal!HalpLocalApicErrorService ISRs?

It looks, according to W.I. book, there are 2 things for interrupt handling:

1-) Interrupt Trap Handlers (according to W.I, which transfer control to ISR)
2-) ISRs.

But I know that when an interrupt occurs, CPU immediately looks IDT, there can’t be any routine before IDT’s routines. What I understand is from Windbg’s IDT output is they are all ISRs.

So, For interrupt handling. There is just one thing: -As can be seen windbg output- ISRs. And their code are what device developers’ compiled.

There is not a such thing that is called Interrupt trap handler that is executed before ISRs. (Because, after exception or interrupt is starting to handle by CPU, there can’t be any routine that can be called before IDT’s routines)

Am I completely right?

4

>before IDT’s routines. What I understand is from Windbg’s IDT output is they are all ISRs.

!idt debugger command post-processes the IDT a bit.

The actual IDT entry points at a tiny assembler thunk of several opcodes inside KINTERRUPT object, which is generated inside IoConnectInterrupt.

This thunk calls the genetic kernel’s ISR, which calls HalBeginSystemInterrupt/your driver/HalEndSystemInterrupt.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com