[Windbg]IDT corruption issue on server2012.

Hi Experts,
In my driver I am trying to hook some interrupts into IDT table. It is
working fine on all OSes but It is somehow failing on server2012. To debug
that problem I have dumped IDT table corresponding to all processor and I
could see my interrupts in the table but don’t know how to proceed further.
What else I should check? What are the other checks in IDT may leads to
critical structure corruption error?

Any suggestion/guidance will be appreciated.

sarbojit

My suggestion is: DON’T TOUCH THE IDT

My suggestion on how to proceed further: REWRITE YOUR DRIVER TO USE DOCUMENTED APIs

Jan

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Sarbojit Sarkar
Sent: Friday, August 03, 2012 6:03 PM
To: Kernel Debugging Interest List
Subject: [windbg] [Windbg]IDT corruption issue on server2012.

Hi Experts,
In my driver I am trying to hook some interrupts into IDT table. It is working fine on all OSes but It is somehow failing on server2012. To debug that problem I have dumped IDT table corresponding to all processor and I could see my interrupts in the table but don’t know how to proceed further. What else I should check? What are the other checks in IDT may leads to critical structure corruption error?

Any suggestion/guidance will be appreciated.

sarbojit
— WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Don’t be too hard on the guy; all newbies seem to make this same blunder.
They think it is so much easier than doing the job right.
joe

My suggestion is: DON’T TOUCH THE IDT

My suggestion on how to proceed further: REWRITE YOUR DRIVER TO USE
DOCUMENTED APIs

Jan

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Sarbojit Sarkar
Sent: Friday, August 03, 2012 6:03 PM
To: Kernel Debugging Interest List
Subject: [windbg] [Windbg]IDT corruption issue on server2012.

Hi Experts,
In my driver I am trying to hook some interrupts into IDT table. It is
working fine on all OSes but It is somehow failing on server2012. To
debug that problem I have dumped IDT table corresponding to all
processor and I could see my interrupts in the table but don’t know
how to proceed further. What else I should check? What are the other
checks in IDT may leads to critical structure corruption error?

Any suggestion/guidance will be appreciated.

sarbojit
— WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Truely speaking I have not developped that part it was there in XP days and
worked till win7, infact win8 as well but unfortunately it is failing on
server2012.
I wanted to know few things:
1.> What is the check in OS failing? Asking this because I have seen it is
hooked properly.
2.> What are other ways to achieve the same, I mean Interrupt hooking?

On Sat, Aug 4, 2012 at 7:44 AM, wrote:

> Don’t be too hard on the guy; all newbies seem to make this same blunder.
> They think it is so much easier than doing the job right.
> joe
>
> > My suggestion is: DON’T TOUCH THE IDT
> >
> > My suggestion on how to proceed further: REWRITE YOUR DRIVER TO USE
> > DOCUMENTED APIs
> >
> > Jan
> >
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Sarbojit Sarkar
> > Sent: Friday, August 03, 2012 6:03 PM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] [Windbg]IDT corruption issue on server2012.
> >
> > Hi Experts,
> > In my driver I am trying to hook some interrupts into IDT table. It
> is
> > working fine on all OSes but It is somehow failing on server2012. To
> > debug that problem I have dumped IDT table corresponding to all
> > processor and I could see my interrupts in the table but don’t know
> > how to proceed further. What else I should check? What are the other
> > checks in IDT may leads to critical structure corruption error?
> >
> > Any suggestion/guidance will be appreciated.
> >
> > sarbojit
> > — WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging
> and
> > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> > the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > —
> > WINDBG is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Sarbojit Sarkar wrote:

Truely speaking I have not developped that part it was there in XP
days and worked till win7, infact win8 as well but unfortunately it is
failing on server2012.
I wanted to know few things:
1.> What is the check in OS failing? Asking this because I have seen
it is hooked properly.

There is no such thing as “hooked properly”. Really. The IDT does not
belong to you. The kernel owns the IDT, and it is free to modify it
whenever it wants, as long as the established interfaces work as per the
contract.

2.> What are other ways to achieve the same, I mean Interrupt hooking?

The correct interface is IoConnectInterrupt. There is no proper way to
hook the IDT.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.