hal!HalEndSystemInterrupt函数分析之汇编代码和调试分析

hal!HalEndSystemInterrupt函数分析之汇编代码和调试分析

LOCALAPIC equ 0fffe0000h
APIC equ ds:[LOCALAPIC]
LU_EOI equ 000000B0H ;

第一部分：

HeiNewIrql equ [esp + 4]
HeiVector equ [esp + 8]

cPublicProc _HalEndSystemInterrupt ,2
cPublicFpo 2, 0
xor ecx,ecx
mov cl, byte ptr HeiNewIrql ; get new IRQL
mov cl, _HalpIRQLtoTPR[ecx] ; get corresponding TPR value

mov dword ptr APIC[LU_EOI], 0 ; send EOI to APIC local unit
APICFIX edx

cmp cl, DPC_VECTOR ; Is new irql < DPC?
jc short es10 ; Yes, go check for pending DPC

es05: mov dword ptr APIC[LU_TPR], ecx ; Set new Priority

;
; We have to ensure that the requested priority is set before
; we return. The caller is counting on it.
;
mov edx, dword ptr APIC[LU_TPR]
CHECKTPR ecx, edx
stdRET _HalEndSystemInterrupt

es10: cmp PCR[PcHal.DpcPending], 0 ; Is a DPC pending?
mov PCR[PcHal.ShortDpc], 0 ; Clear short dpc flag
jz short es05 ; No, eoi

mov dword ptr APIC[LU_TPR], DPC_VECTOR ; lower to DPC level
APICFIX edx

push ebx ; Save EBX (used by KiDispatchInterrupt)
push ecx ; Save OldIrql
cPublicFpo 2, 2

sti

es20: mov PCR[PcHal.DpcPending], 0 ; Clear pending flag

stdCall _KiDispatchInterrupt ; Dispatch interrupt

cli

pop ecx
pop ebx
jmp short es05

stdENDP _HalEndSystemInterrupt

第二部分：

0: kd> g
Breakpoint 21 hit
eax=0002625a ebx=00000000 ecx=80b18af8 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8d0 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000006
hal!HalEndSystemInterrupt:
804ee8d0 33c9 xor ecx,ecx

0: kd> kc 3
#
00 hal!HalEndSystemInterrupt
01 nt!KeUpdateSystemTime
02 nt!KiDispatchInterrupt
0: kd> !irql
Debugger saved IRQL for processor 0x0 -- 29 (IPI_LEVEL)
0: kd> p
eax=0002625a ebx=00000000 ecx=00000000 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8d2 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x2:
804ee8d2 8a4c2404 mov cl,byte ptr [esp+4] ss:0010:f78cdeec=02
0: kd> p
eax=0002625a ebx=00000000 ecx=00000002 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8d6 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x6:
804ee8d6 8a89b8db4e80 mov cl,byte ptr hal!HalpIRQLtoTPR (804edbb8)[ecx] ds:0023:804edbba=41
0: kd> p
eax=8949c5d8 ebx=b9e46854 ecx=8948b5a8 edx=e14b45a0 esi=b9e46864 edi=f7142e24
eip=804ee934 esp=b9e465dc ebp=b9e465f4 iopl=0 nv up di ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000092
hal!HalBeginSystemInterrupt:
804ee934 33c0 xor eax,eax

1: kd> g
Single step exception - code 80000004 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0002625a ebx=00000000 ecx=00000041 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8dc esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0xc:
804ee8dc c705b000feff00000000mov dword ptr ds:[0FFFE00B0h],0ds:0023:fffe00b0=00000000
0: kd> p
eax=0002625a ebx=00000000 ecx=00000041 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8e6 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x16:
804ee8e6 80f941 cmp cl,41h
0: kd> p
eax=0002625a ebx=00000000 ecx=00000041 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8e9 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x19:
804ee8e9 7214 jb hal!HalEndSystemInterrupt+0x2f (804ee8ff) [br=0]
0: kd> p
eax=0002625a ebx=00000000 ecx=00000041 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8eb esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x1b:
804ee8eb 890d8000feff mov dword ptr ds:[0FFFE0080h],ecx ds:0023:fffe0080=000000ff
0: kd> p
eax=0002625a ebx=00000000 ecx=00000041 edx=00000349 esi=80affb51 edi=80b00720
eip=804ee8f1 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x21:
804ee8f1 8b158000feff mov edx,dword ptr ds:[0FFFE0080h] ds:0023:fffe0080=000000ff
0: kd> p
eax=0002625a ebx=00000000 ecx=00000041 edx=00000041 esi=80affb51 edi=80b00720
eip=804ee8f7 esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x27:
804ee8f7 3bca cmp ecx,edx
0: kd> p
eax=0002625a ebx=00000000 ecx=00000041 edx=00000041 esi=80affb51 edi=80b00720
eip=804ee8fc esp=f78cdee8 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalEndSystemInterrupt+0x2c:
804ee8fc c20800 ret 8
0: kd> p
Breakpoint 23 hit
eax=0002625a ebx=00000000 ecx=00000041 edx=00000041 esi=80affb51 edi=80b00720
eip=80affb5d esp=f78cdef4 ebp=f78cdef4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
nt!KeUpdateSystemTime+0x135:
80affb5d e926cbffff jmp nt!KiExceptionExit (80afc688)
0: kd> !irql
Debugger saved IRQL for processor 0x0 -- 2 (DISPATCH_LEVEL)