Dear Experts,
I recently started learning Device Driver programming & windows system internals. I found a very strange thing in my Intel HT system(Windows XP SP2). Let me explain what I did and what I found.
I dummped ISRs of each CPU’s IDT table periodically, once in 200 ms. I found 2 diffrent ISRs in IDT index 0x93 & 0x94. I mean one ISR for some time & second ISR for some time. I think kernel is replacing ISRs periodically.
When I check the ISR’s address, hal.dll base address and hal.dll size, I understand that both ISRs are part of hal.dll.
Can you please explain me why windows is using 2 ISRs for one IDT index? 0x93/0x94 is it for software interrupt or hardware interrupt?
Send instant messages to your online friends http://in.messenger.yahoo.com
Stay connected with your friends even when away from PC. Link: http://in.mobile.yahoo.com/new/messenger/
Rama Krishna wrote:
I recently started learning Device Driver programming & windows
system internals. I found a very strange thing in my Intel HT
system(Windows XP SP2). Let me explain what I did and what I found.
I dummped ISRs of each CPU’s IDT table periodically, once in 200 ms. I
found 2 diffrent ISRs in IDT index 0x93 & 0x94. I mean one ISR for
some time & second ISR for some time. I think kernel is replacing ISRs
periodically.
I doubt that. Remember that there is one IDT per processor, and you
have two processors. Sometimes you’re running in CPU 0, sometimes
you’re running in CPU 1. It’s not impossible to imagine scenarios in
which you’d want different vectors for different processors.
When I check the ISR’s address, hal.dll base address and hal.dll
size, I understand that both ISRs are part of hal.dll.
Can you please explain me why windows is using 2 ISRs for one IDT
index? 0x93/0x94 is it for software interrupt or hardware interrupt?
Who knows? It’s an insignificant implementation detail within the
operating system. Maybe it’s a convention for communicating with the BIOS.
I just checked my own (dual-core) system, and vectors 0x02, 0x08, and
0x12 differ between the two processors.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Please be more concrete about your question. In your debugger, type:
!idt f
That will dump the IDT. Then switch to your other processor (if you feel
like it) and do it again. Tell us which entry you’re curious about.
–
Jake Oshins
Windows Kernel Group
The Virtual Machine Team at Microsoft is hiring. Contact
xxxxx@microsoft.com for more information.
This posting is provided “AS IS” with no warranties, and confers no rights.
“Rama Krishna” wrote in message
news:xxxxx@ntdev…
Dear Experts,
I recently started learning Device Driver programming & windows system
internals. I found a very strange thing in my Intel HT system(Windows XP
SP2). Let me explain what I did and what I found.
I dummped ISRs of each CPU’s IDT table periodically, once in 200 ms. I found
2 diffrent ISRs in IDT index 0x93 & 0x94. I mean one ISR for some time &
second ISR for some time. I think kernel is replacing ISRs periodically.
When I check the ISR’s address, hal.dll base address and hal.dll size, I
understand that both ISRs are part of hal.dll.
Can you please explain me why windows is using 2 ISRs for one IDT index?
0x93/0x94 is it for software interrupt or hardware interrupt?
Send instant messages to your online friends http://in.messenger.yahoo.com
Stay connected with your friends even when away from PC. Link:
http://in.mobile.yahoo.com/new/messenger/
I found several vectors which are having more than one ISR. Please see the following information also.
NtOsKrnlmp Loaded at: 0x804d7000
Hal.dll Loaded at: 0x80701000
( I used lm debugger command to get above 2 values).
For CPU 0 , IDT Vector 0x93 , the ISR address is 0x841971B4.
For CPU 1 , IDT Vector 0x93 , the ISR address is 0x8419741C.
Why windows is using 2 ISRs for same IDT vector?
And another strange thing I noticed is, the above 2 ISRs are not part of any sys/dll. The code at 0x841971B4/0x8419741C addresses belongs to which sys/dll?
Please clarify my doubts.
Thank you.
Send instant messages to your online friends http://in.messenger.yahoo.com
Stay connected with your friends even when away from PC. Link: http://in.mobile.yahoo.com/new/messenger/
Rama Krishna wrote:
I found several vectors which are having more than one ISR. Please see
the following information also.
NtOsKrnlmp Loaded at: 0x804d7000
Hal.dll Loaded at: 0x80701000
( I used lm debugger command to get above 2 values).
For CPU 0 , IDT Vector 0x93 , the ISR address is 0x841971B4.
For CPU 1 , IDT Vector 0x93 , the ISR address is 0x8419741C.
Why windows is using 2 ISRs for same IDT vector?
Why not? Is it really so unbelievable that some ISR might want to know
which processor got interrupted?
And another strange thing I noticed is, the above 2 ISRs are not part
of any sys/dll. The code at 0x841971B4/0x8419741C addresses belongs to
which sys/dll?
It will vary from system to system. It’s possible that it is some
non-paged pool allocation with code that got compiled on the fly.
It’s also possible that it’s not executable code at all, but that it’s
just a data pointer used by the operating system to tell which processor
it’s actually running on.
Please clarify my doubts.
You have already spent way too much time on this. This is an operating
system implementation detail. It doesn’t matter.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.