page ,132
subttl "Single Byte INT3 Breakpoin"
;++
;
; Routine Description:
;
; Handle INT 3 breakpoint.
;
; The trap is caused by a single byte INT 3 instruction. A
; BREAKPOINT exception with additional parameter indicating
; READ access is raised for this trap if previous mode is user.
;
; Arguments:
;
; At entry, the saved CS:EIP point to the instruction immediately
; following the INT 3 instruction.
; No error code is provided with the error.
;
; Return value:
;
; None
;
;--
ASSUME DS:NOTHING, SS:NOTHING, ES:NOTHING

ENTER_DR_ASSIST kit3_a, kit3_t, NoAbiosAssist
align dword
public _KiTrap03
_KiTrap03 proc
push 0 ; push dummy error code
ENTER_TRAP kit3_a, kit3_t

cmp ds:_PoHiberInProgress, 0
jnz short kit03_01

lock inc ds:_KiHardwareTrigger ; trip hardware analyzer

kit03_01:
mov eax, BREAKPOINT_BREAK

KiTrap03DebugService:
;
; If caller is user mode, we want interrupts back on.
; . all relevant state has already been saved
; . user mode code always runs with ints on
;
; If caller is kernel mode, we want them off!
; . some state still in registers, must prevent races
; . kernel mode code can run with ints off
;
;
; Arguments:
; eax - ServiceClass - which call is to be performed
; ecx - Arg1 - generic first argument
; edx - Arg2 - generic second argument
;

.errnz (EFLAGS_V86_MASK AND 0FF00FFFFh)
test byte ptr [ebp]+TsEFlags+2,EFLAGS_V86_MASK/010000h
jnz kit03_30 ; fault occured in V86 mode => Usermode

.errnz (MODE_MASK AND 0FFFFFF00h)
test byte ptr [ebp]+TsSegCs,MODE_MASK
jz kit03_10

cmp word ptr [ebp]+TsSegCs,KGDT_R3_CODE OR RPL_MASK
jne kit03_30

kit03_05:
sti
kit03_10:


;
; Set up exception record and arguments for raising breakpoint exception
;

mov esi, ecx ; ExceptionInfo 2
mov edi, edx ; ExceptionInfo 3
mov edx, eax ; ExceptionInfo 1

mov ebx, [ebp]+TsEip
dec ebx ; (ebx)-> int3 instruction
mov ecx, 3
mov eax, STATUS_BREAKPOINT
call CommonDispatchException ; Never return

kit03_30:
; Check to see if this process is a vdm

mov ebx,PCR[PcPrcbData+PbCurrentThread]
mov ebx,[ebx]+ThApcState+AsProcess
cmp dword ptr [ebx]+PrVdmObjects,0 ; is this a vdm process?
je kit03_05

stdCall _Ki386VdmReflectException_A, <03h>
test ax,0FFFFh
jz Kit03_10

jmp _KiExceptionExit

_KiTrap03 endp

public CommonDispatchException
align dword
CommonDispatchException proc
cPublicFpo 0, ExceptionRecordLength/4
;
; Set up exception record for raising exception
;

sub esp, ExceptionRecordLength
; allocate exception record
mov dword ptr [esp]+ErExceptionCode, eax
; set up exception code
xor eax, eax
mov dword ptr [esp]+ErExceptionFlags, eax
; set exception flags
mov dword ptr [esp]+ErExceptionRecord, eax
; set associated exception record
mov dword ptr [esp]+ErExceptionAddress, ebx
mov dword ptr [esp]+ErNumberParameters, ecx
; set number of parameters
cmp ecx, 0
je short de00

lea ebx, [esp + ErExceptionInformation]
mov [ebx], edx
mov [ebx+4], esi
mov [ebx+8], edi
de00:
;
; set up arguments and call _KiDispatchException
;

mov ecx, esp ; (ecx)->exception record

.errnz (EFLAGS_V86_MASK AND 0FF00FFFFh)
test byte ptr [ebp]+TsEFlags+2,EFLAGS_V86_MASK/010000h
jz short de10

mov eax,0FFFFh
jmp short de20

de10: mov eax,[ebp]+TsSegCs
de20: and eax,MODE_MASK

; 1 - first chance TRUE
; eax - PreviousMode
; ebp - trap frame addr
; 0 - Null exception frame
; ecx - exception record addr

stdCall _KiDispatchException,<ecx, 0, ebp, eax, 1>

mov esp, ebp ; (esp) -> trap frame
jmp _KiExceptionExit

CommonDispatchException endp

对于CPU异常，KiTrapXX例程在完成针对本异常的特别动作后，通常会调用CommonDispatchException函数，并通过寄存器将如下信息传递给这个函数。
·将唯一标识该异常的一个异常代码（表11-2）放入EAX寄存器。
·将导致异常的指令地址放入EBX寄存器。
·将其他信息作为附带参数（最多3个）分别放入EDX（参数1）、ESI（参数2）和EDI（参数3）寄存器，并将参数个数放入ECX寄存器。
CommonDispatchException被调用后，它会在栈中分配一个EXCEPTION_RECORD结构，并把以上异常信息存储到该结构中。在准备好这个结构后，它会调用内核中的KiDispatchException函数来分发异常。