From : Ed Beroset 1:3641/1.250 Subj : Hooking PM Ints ──────────────────────────────────────────────────────────────────────────────── In a msg on <Mar 19 18:28>, to All, John Lobraico writes: JL> Does anybody have any code snippets that will show me how to hook JL> any interrupt in the protected mode interupt table. I'll be doing JL> this as a Vxd so protection shouldn't be a problem. Just like real mode, protected mode interrupts are handled through a table of vectors. Unlike real mode, however, this table can be anywhere in memory. Use the SIDT instruction to get the 48-bit base and limit into memory. From there you can do one of two things. Either you can search the GDT and LDT for a selector which matches the base and limit, or you can create a new selector since VxDs run in ring 0. Once you've done that, you can access the contents of the IDT. Now here's the tricky part. The IDT is a table of gates, one for each interrupt, up to a maximum of 256 interrupts. Unlike the GDT, the first entry in the IDT is used and is valid (for interrupt 0, of course). Each gate entry is eight bytes long and may be one of three possible kinds of descriptors: task gate, interrupt gate, or trap gate. The descriptors are as follows: Task Gate: 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 <- bit +-----------------------------------------------+ | RESERVED | 6 +-----------------------------------------------+ | P| DPL | 0 0 1 0 1| RESERVED | 4 +-----------------------------------------------+ | TSS SEGMENT SELECTOR | 2 +-----------------------------------------------+ | RESERVED | 0 <- byte +-----------------------------------------------+ Interrupt Gate: 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 +-----------------------------------------------+ | OFFSET 31..16 | 6 +-----------------------------------------------+ | P| DPL | 0 1 1 1 0| 0 0 0| RESERVED | 4 +-----------------------------------------------+ | SEGMENT SELECTOR | 2 +-----------------------------------------------+ | OFFSET 15..0 | 0 +-----------------------------------------------+ Trap Gate: 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 +-----------------------------------------------+ | OFFSET 31..16 | 6 +-----------------------------------------------+ | P| DPL | 0 1 1 1 1| 0 0 0| RESERVED | 4 +-----------------------------------------------+ | SEGMENT SELECTOR | 2 +-----------------------------------------------+ | OFFSET 15..0 | 0 +-----------------------------------------------+ DPL = descriptor privilege level OFFSET = offset to procedure entry point P = segment present bit RESERVED = do not use -- reserved by Intel SELECTOR = segment selector for destination code segment To reroute an interrupt vector to your own routine, you'd just have to multiply the interrupt number by eight and place the appropriate gate structure at that location (relative to the start of the IDT). Be warned, though, that whatever selector you load into the structure must still exist whenever the interrupt is triggered or you will suffer difficult-to-trace system crashes. Interrupt gates and trap gates are just like any other gate, but task gates are a bit more complex, referring to the base of a TSS descriptor instead of pointing to interrupt handler code. The part I'm not so sure about is how one would actually "chain" through to the original handler. You can't just JMP through a gate in the IDT since there'd be no way to address it, AFAIK. However, you could copy the original gate to the GDT or to an LDT and jump via that instead. If it's a task gate, I'm sure that will work; if it's a trap or interrupt gate, I'm not as sure since I've never tried it and my documents don't seem to say whether or not JMPing via a task gate is legal. If you go that route, let me know -- I'm curious now. -> Ed <- --- Squish v1.01 * Origin: = Psychotronic BBS // 919-286-4542 // Durham, NC = (1:3641/1.250)