-
-
[求助]关于windows internals这本巨著的一个困惑
-
发表于:
2015-4-29 17:39
4148
-
[求助]关于windows internals这本巨著的一个困惑
第三章中提到 x86单处理器系统上中断映射IRQL的关系是IRQL减去27得到IRQ,而我却得到一个无法理解的实验结果,如下所示:
kd> !idt -a
Dumping IDT:
2a: 8053e9de nt!KiGetTickCount
2b: 8053eae0 nt!KiCallbackReturn
2c: 8053ec80 nt!KiSetLowWaitHighThread
2d: 8053f5c0 nt!KiDebugService
2e: 8053e481 nt!KiSystemService
2f: 80541780 nt!KiTrap0F
30: 8053db40 nt!KiUnexpectedInterrupt0
31: 8053db4a nt!KiUnexpectedInterrupt1
32: 8053db54 nt!KiUnexpectedInterrupt2
33: 8053db5e nt!KiUnexpectedInterrupt3
34: 8053db68 nt!KiUnexpectedInterrupt4
35: 8053db72 nt!KiUnexpectedInterrupt5
36: 8053db7c nt!KiUnexpectedInterrupt6
37: 806d2728 hal!PicSpuriousService37
得到键盘中断关联的中断对象的地址 31: 8053db4a nt!KiUnexpectedInterrupt1,然后:
kd> dt nt!_kinterrupt 8053db4a
+0x000 Type : 0n12648
+0x002 Size : 0n0
+0x004 InterruptListEntry : _LIST_ENTRY [ 0x7d3e900 - 0x32680000 ]
+0x00c ServiceRoutine : 0xe9000000 unsigned char +ffffffffe9000000
+0x010 ServiceContext : 0x000007c9 Void
+0x014 SpinLock : 0x3368
+0x018 TickCount : 0x7bfe900
+0x01c ActualLock : 0x34680000 -> ??
+0x020 DispatchAddress : 0xe9000000 void +ffffffffe9000000
+0x024 Vector : 0x7b5
+0x028 Irql : 0x68 'h'
+0x029 SynchronizeIrql : 0x35 '5'
+0x02a FloatingSave : 0 ''
+0x02b Connected : 0 ''
+0x02c Number : 0 ''
+0x02d ShareVector : 0xe9 ''
+0x030 Mode : 0x36680000 (No matching name)
+0x034 ServiceCount : 0xe9000000
+0x038 DispatchCount : 0x7a1
+0x03c DispatchCode : [106] 0x3768
这里+0x028 Irql : 0x68 'h',
中断级别怎么算也不可能是这么奇怪的值呀,求解释啊!谢谢!
注:用于调试的虚拟机环境是windows xp sp3,单处理器的
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)