Windows Kernel Internals Traps, Interrupts, Exceptions

Slides:



Advertisements
Similar presentations
Exceptional Control Flow Processes Today. Control Flow Processors do only one thing: From startup to shutdown, a CPU simply reads and executes (interprets)
Advertisements

Memory Management Paging &Segmentation CS311, CS350 & CS550.
Unit 4 Chapter-1 Multitasking. The Task State Segment.
Intel MP.
Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.
OS Memory Addressing.
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
Page-Faults in Linux How can we study the handling of page-fault exceptions?
Context Switch Animation Another one by Anastasia.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
Linux Operating System
Linux Operating System
Introduction to Interrupts
What are Exception and Interrupts? MIPS terminology Exception: any unexpected change in the internal control flow – Invoking an operating system service.
Windows Kernel Internals II x86 overview Traps, Interrupts, Exceptions
UNIT 2 Memory Management Unit and Segment Description and Paging
Intel IA32 OS Support -Refresh
Traps and Faults. Review: Mode and Space data user mode kernel mode A B C “kernel space”
80386DX.
Multitasking Mr. Mahendra B. Salunke Asst. Prof. Dept. of Computer Engg., STES SITS, Narhe, Pune-41 STES Sinhgad Institute of Tech. & Science Dept. of.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.
1 COMPUTER ARCHITECTURE (for Erasmus students) Assoc.Prof. Stasys Maciulevičius Computer Dept.
Windows 2000 System Mechanisms Computing Department, Lancaster University, UK.
NT Kernel CS Spring Overview Interrupts and Exceptions: Trap Handler Interrupt Request Levels and IRT DPC’s, and APC’s System Service Dispatching.
CSC 2405 Computer Systems II Exceptions Mini-Lecture Traps & Interrupts.
CSNB374: Microprocessor Systems Chapter 5: Procedures and Interrupts.
1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.
Virtual 8086 Mode  The supports execution of one or more 8086, 8088, 80186, or programs in an protected-mode environment.  An 8086.
Exceptional Control Flow Topics Exceptions except1.ppt CS 105 “Tour of the Black Holes of Computing”
15-410, S’ Hardware Overview Jan. 19, 2004 Dave Eckhardt Bruce Maggs L04_Hardware “Dude, what were you thinking?”
Microprocessor system architectures – IA32 tasks Jakub Yaghob.
80386DX. Programming Model The basic programming model consists of the following aspects: – Registers – Instruction Set – Addressing Modes – Data Types.
University of Washington Exceptional Control Flow The Hardware/Software Interface CSE351 Winter 2013.
6. HAL and IDT ENGI 3655 Lab Sessions. Richard Khoury2 Textbook Readings  Interrupts ◦ Section  Hardware Abstraction Layer ◦ Section
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS3: Concurrency 3.3. Advanced Windows Synchronization.
10. Epilogue ENGI 3655 Lab Sessions.  We took control of the computer as early as possible, right after the end of the BIOS  Our multi-stage bootloader.
Managing Processors Jeff Chase Duke University. The story so far: protected CPU mode user mode kernel mode kernel “top half” kernel “bottom half” (interrupt.
What You Need to Know for Project Three Steve Muckle Wednesday, February 19 th Spring 2003.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Information Security - 2. Task Switching Every process has an associated Task State Segment, whose starting point is stored in the Task register. A task.
The Microprocessor & Its Architecture A Course in Microprocessor Electrical Engineering Department Universitas 17 Agustus 1945 Jakarta.
Exceptional Control Flow
Introduction to Operating Systems
Homework / Exam Return and Review Exam #1 Reading Machine Projects
Memory Management Paging (continued) Segmentation
Operating Systems Engineering
Exceptional Control Flow
Microprocessor Systems Design I
Session 3 Memory Management
Exceptional Control Flow
Anton Burtsev February, 2017
Exceptional Control Flow
Anton Burtsev February, 2017
Computer Organization And Assembly Language
Overview of today’s lecture
Exceptional Control Flow
Basic Microprocessor Architecture
x86 segmentation, page tables, and interrupts
Chapter 3: Windows7 Part 2.
Memory Management Paging (continued) Segmentation
Introduction to Intel IA-32 and IA-64 Instruction Set Architectures
CS 301 Fall 2002 Computer Organization
Chapter 3: Windows7 Part 2.
Exceptions Control Flow
Low-Level Thread Dispatching on the x86
CS-401 Computer Architecture & Assembly Language Programming
Memory Management Paging (continued) Segmentation
Interrupts and System Calls
Presentation transcript:

Windows Kernel Internals Traps, Interrupts, Exceptions David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation © Microsoft Corporation

What makes an OS interesting! Fundamental abstractions in modern CPUs: normal processor execution virtual address protection/mapping interruptions to the above Traps, hardware interrupts (devices, timers), exceptions, faults, machine checks, software interrupts © Microsoft Corporation

© Microsoft Corporation

Intel’s System Architecture © Microsoft Corporation

© Microsoft Corporation The local APIC APIC: Advanced Programmable Interrupt Controller) Local APIC built into modern Pentium processors Receives interrupts from: processor interrupt pins external interrupt sources hardwired devices timers (including internal timer) Perf monitors Thermal monitors Internal errors and/OR an external I/O APIC Sends IPIs in MP systems © Microsoft Corporation

© Microsoft Corporation

© Microsoft Corporation NT Interrupt levels © Microsoft Corporation

Software Interrupt Delivery Software interrupts delivered by writing ICR in APIC xor ecx, ecx mov cl, _HalpIRQLtoTPR[eax] ; get IDTEntry for IRQL or ecx, (DELIVER_FIXED OR ICR_SELF) mov dword ptr APIC[LU_INT_CMD_LOW], ecx _HalpIRQLtoTPR label byte db ZERO_VECTOR ; IRQL 0 db APC_VECTOR ; IRQL 1 db DPC_VECTOR ; IRQL 2 #define APC_VECTOR 0x3D // IRQL 01 APC #define DPC_VECTOR 0x41 // IRQL 02 DPC © Microsoft Corporation

© Microsoft Corporation IDT table _IDT label byte IDTEntry _KiTrap00 ; 0: Divide Error IDTEntry _KiTrap01 ; 1: DEBUG TRAP IDTEntry _KiTrap02 ; 2: NMI/NPX Error IDTEntry _KiTrap03 ; 3: Breakpoint IDTEntry _KiTrap04 ; 4: INTO IDTEntry _KiTrap05 ; 5: PrintScreen IDTEntry _KiTrap06 ; 6: Invalid Opcode IDTEntry _KiTrap07 ; 7: no NPX IDTEntry _KiTrap08 ; 8: DoubleFault IDTEntry _KiTrap09 ; 9: NPX SegOvrn ... IDTEntry _KiTrap0A ; A: Invalid TSS IDTEntry _KiTrap0B ; B: no Segment IDTEntry _KiTrap0C ; C: Stack Fault IDTEntry _KiTrap0D ; D: GenProt IDTEntry _KiTrap0E ; E: Page Fault IDTEntry _KiTrap0F ; F: Reserved IDTEntry _KiTrap10 ;10: 486 coproc IDTEntry _KiTrap11 ;11: 486 align IDTEntry _KiTrap0F ;12: Reserved IDTEntry _KiTrap0F ;13: XMMI IDTEntry _KiTrap0F ;14: Reserved © Microsoft Corporation

© Microsoft Corporation

Entry of Interrupt Descriptor Table (KIDTENTRY) typedef struct _KIDTENTRY { USHORT Offset; USHORT Selector; USHORT Access; USHORT ExtendedOffset; } KIDTENTRY; © Microsoft Corporation

© Microsoft Corporation

_KiTrapxx - trap entry points Entry points are for internally generated exceptions not external interrupts, or user software interrupts On entry the stack looks like: [ss] [esp] eflags cs eip ss:sp-> [error] CPU saves previous SS:ESP, eflags, and CS:EIP on the new stack if there was a privilige transition Some exceptions save an error code, others do not © Microsoft Corporation

© Microsoft Corporation ENTER_TRAP Macro Description: Build frame and set registers needed by trap or exception. Save: Non-volatile regs, FS, ExceptionList, PreviousMode, Volatile regs Seg Regs from V86 mode DS, ES, GS Don't Save: Floating point state Set: Direction, DS, ES Don't Set: PreviousMode, ExceptionList © Microsoft Corporation

Intel exception lexicon Faults - correctable, faulting instuction re-executed Traps - correctable, trapping instruction generally skipped Aborts - unrecoverable, cause © Microsoft Corporation

CommonDispatchException() ExceptCode - Exception code to put into exception record ExceptAddress - Instruction at which HW exception NumParms, Parameters 1, 2, 3 ) Allocates exception record on stack Sets up exception record using specified parameters Sets up arguments and calls _KiDispatchException() © Microsoft Corporation

KiDispatchException() IN PEXCEPTION_RECORD ExceptionRecord, IN PKEXCEPTION_FRAME ExceptionFrame, IN PKTRAP_FRAME TrapFrame, IN KPROCESSOR_MODE PreviousMode, IN BOOLEAN FirstChance ) Move machine state from trap and exception frames to a context frame Select method of handling the exception based on previous mode Kernel-mode: try KD, try RtlDispatchException(), otherwise bugcheck User-mode: try DebugPort, else copy exception to user stack, set TrapFrame->Eip = (ULONG)KeUserExceptionDispatcher and return © Microsoft Corporation

PspLookupKernelUserEntryPoints() // Lookup the user mode "trampoline" code for exception dispatching PspLookupSystemDllEntryPoint ("KiUserExceptionDispatcher“, &KeUserExceptionDispatcher) // Lookup the user mode "trampoline" code for APC dispatching ("KiUserApcDispatcher", &KeUserApcDispatcher) // Lookup the user mode "trampoline" code for callback dispatching ("KiUserCallbackDispatcher", &KeUserCallbackDispatcher) PspLookupSystemDllEntryPoint ("KiRaiseUserExceptionDispatcher", &KeRaiseUserExceptionDispatcher) © Microsoft Corporation

KeUserExceptionDispatcher ntdll:KiUserExceptionDispatcher() // Entered on return from kernel mode to dispatch user mode exception // If a frame based handler handles the exception // then the execution is continued // else last chance processing is performed basically this just wraps RtlDispatchException() © Microsoft Corporation

RtlDispatchException() RtlDispatchException(ExceptionRecord, ContextRecord) // attempts to dispatch an exception to a call frame based handler // searches backwards through the stack based call frames // search begins with the frame specified in the context record // search ends when handler found, stack is invalid, or end of call chain for (RegistrationPointer = RtlpGetRegistrationHead(); RegistrationPointer != EXCEPTION_CHAIN_END; RegistrationPointer = RegistrationPointer->Next) { check for valid record (#if ntos: check DPC stack too) switch RtlpExecuteHandlerForException() case ExceptionContinueExecution: return TRUE case ExceptionContinueSearch: continue case ExceptionNestedException: … default: return FALSE } © Microsoft Corporation

© Microsoft Corporation Discussion © Microsoft Corporation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.