hal!KfRaiseIrql函数分析之对应的汇编代码和调试分析把0xffmov给APIC[LU_TPR]后irql=30

hal!KfRaiseIrql函数分析之对应的汇编代码和调试分析把0xffmov给APIC[LU_TPR]后irql=30

第一部分：对应的汇编代码

cPublicFastCall KfRaiseIrql,1
cPublicFpo 0,0

movzx edx, cl ; (edx) = New Irql
movzx ecx, byte ptr _HalpIRQLtoTPR[edx] ; get TPR value for IRQL
mov eax, dword ptr APIC[LU_TPR] ; (eax) = Old Priority
mov dword ptr APIC[LU_TPR], ecx ; Write New Priority to the TPR

;
; get IRQL for Old Priority, and return it
;
shr eax, 4
movzx eax, _HalpVectorToIRQL[eax] ; (al) = OldIrql
fstRET KfRaiseIrql

fstENDP KfRaiseIrql

第二部分：

0: kd> g
Breakpoint 12 hit
nt!KeInsertQueueDpc:
80a36484 55 push ebp
0: kd> kc
#
00 nt!KeInsertQueueDpc
01 nt!KiTimerExpiration
02 nt!KiRetireDpcList
03 nt!KiIdleLoop
0: kd> p
nt!KeInsertQueueDpc+0x8:
80a3648c 8b7d08 mov edi,dword ptr [ebp+8]
0: kd> bp nt!KeRaiseIrql
breakpoint 11 redefined
0: kd> p
nt!KeInsertQueueDpc+0x30:
80a364b4 b11f mov cl,1Fh
0: kd> t
hal!KfRaiseIrql:
804edbd8 0fb6d1 movzx edx,cl
0: kd> pr
eax=00000013 ebx=ba9ae708 ecx=0000001f edx=0000001f esi=ba9ae728 edi=ba9ae708
eip=804edbdb esp=80b14580 ebp=80b14598 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfRaiseIrql+0x3:
804edbdb 0fb68ab8db4e80 movzx ecx,byte ptr hal!HalpIRQLtoTPR (804edbb8)[edx] ds:0023:804edbd7=ff

0: kd> db 804edbb8
804edbb8 00 3d 41 41 51 61 71 81-91 a1 b1 b1 b1 b1 b1 b1 .=AAQaq.........
804edbc8 b1 b1 b1 b1 b1 b1 b1 b1-b1 b1 b1 c1 d1 e1 efff................
804edbd8 0f b6 d1 0f b6 8a b8 db-4e 80 a1 80 00 fe ff 89 ........N.......
804edbe8 0d 80 00 fe ff c1 e8 04-0f b6 80 1c a2 4f 80 c3 .............O..
804edbf8 8b 15 80 00 fe ff c7 05-80 00 fe ff 41 00 00 00 ............A...
804edc08 c1 ea 04 0f b6 82 1c a2-4f 80 c3 90 8b 15 80 00 ........O.......
804edc18 fe ff c7 05 80 00 fe ff-c1 00 00 00 c1 ea 04 0f ................
804edc28 b6 82 1c a2 4f 80 c3 90-33 c0 8a c1 8b 0d 80 00 ....O...3.......

0: kd> p
eax=00000013 ebx=ba9ae708 ecx=000000ff edx=0000001f esi=ba9ae728 edi=ba9ae708
eip=804edbe2 esp=80b14580 ebp=80b14598 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfRaiseIrql+0xa:
804edbe2 a18000feffmov eax,dword ptr ds:[FFFE0080h]ds:0023:fffe0080=000000ff
0: kd> p
eax=000000c1 ebx=ba9ae708ecx=000000ffedx=0000001f esi=ba9ae728 edi=ba9ae708
eip=804edbe7 esp=80b14580 ebp=80b14598 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfRaiseIrql+0xf:
804edbe7 890d8000feffmov dword ptr ds:[0FFFE0080h],ecxds:0023:fffe0080=000000ff
0: kd> p
eax=000000c1 ebx=ba9ae708 ecx=000000ff edx=0000001f esi=ba9ae728 edi=ba9ae708
eip=804edbed esp=80b14580 ebp=80b14598 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfRaiseIrql+0x15:
804edbed c1e804 shr eax,4
0: kd> !irql
Debugger saved IRQL for processor 0x0 -- 30 (POWER_LEVEL)
0: kd> p
eax=0000000c ebx=ba9ae708 ecx=000000ff edx=0000001f esi=ba9ae728 edi=ba9ae708
eip=804edbf0 esp=80b14580 ebp=80b14598 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
hal!KfRaiseIrql+0x18:
804edbf0 0fb6801ca24f80 movzx eax,byte ptr hal!_HalpVectorToIRQL (804fa21c)[eax] ds:0023:804fa228=1b

0: kd> p
eax=0000001b ebx=ba9ae708 ecx=000000ff edx=0000001f esi=ba9ae728 edi=ba9ae708
eip=804edbf7 esp=80b14580 ebp=80b14598 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
hal!KfRaiseIrql+0x1f:
804edbf7 c3 ret
0: kd> p
eax=0000001b ebx=ba9ae708 ecx=000000ff edx=0000001f esi=ba9ae728 edi=ba9ae708
eip=80a364bc esp=80b14584 ebp=80b14598 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KeInsertQueueDpc+0x38:
80a364bc 8845ff mov byte ptr [ebp-1],al ss:0010:80b14597=00
0: kd> !irql
Debugger saved IRQL for processor 0x0 -- 29 (IPI_LEVEL)

第三部分：参考

0: kd> !idt

Dumping IDT: 8003f400

54cb784900000037: 804ed194 hal!PicSpuriousService37
54cb78490000003d: 804ee7d8 hal!HalpApcInterrupt
54cb784900000041: 804ee618 hal!HalpDispatchInterrupt
54cb784900000050: 804ed26c hal!HalpApicRebootService
54cb784900000062: 8997dadc atapi!IdePortInterrupt (KINTERRUPT 8997daa0)

54cb784900000063: 89769044 NDIS!ndisMIsr (KINTERRUPT 89769008)

54cb784900000073: 89a98bec USBPORT!USBPORT_InterruptService (KINTERRUPT 89a98bb0)

54cb784900000082: 89c3fbec atapi!IdePortInterrupt (KINTERRUPT 89c3fbb0)

54cb784900000083: 8991abec SCSIPORT!ScsiPortInterrupt (KINTERRUPT 8991abb0)

USBPORT!USBPORT_InterruptService (KINTERRUPT 89bce008)

54cb784900000092: 8998e7a4 serial!SerialCIsrSw (KINTERRUPT 8998e768)

54cb784900000093: 898e94cc i8042prt!I8042KeyboardInterruptService (KINTERRUPT 898e9490)

54cb7849000000a3: 89ce2bec i8042prt!I8042MouseInterruptService (KINTERRUPT 89ce2bb0)

54cb7849000000b1: 89d394d4 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT 89d39498)

54cb7849000000c1: 804ed408 hal!HalpBroadcastCallService
54cb7849000000d1: 804ec714 hal!HalpClockInterrupt
54cb7849000000e1: 804ed83c hal!HalpIpiHandler
54cb7849000000e3: 804ed650 hal!HalpLocalApicErrorService
54cb7849000000fd: 804edde8 hal!HalpProfileInterrupt
54cb7849000000fe: 804edfa0 hal!HalpPerfInterrupt