Hy, can you help me in writing an ISR that runs under Win2K?

To hook an interrupt vector I need to use HalGetInterruptVector and IoConnectInterrupt functions but
they seem to be very complicated, there are a lot of parameters to pass which are difficult to control.
Another way is playing with the sidt instruction to replace the vector directly...which is the "best" way?

I'd prefer the second one but without a similar example source code it is hard to guess how to write it.

I have written an ISR that runs under DOS hooking INT 0F (IRQ7 - Parallel Port) so everytime I send a signal by the -ACK pin, INT 0F is called and my ISR is executed. It works fine....is it possible to port this ISR in a W2K driver ? Is it the "right" way to do this ?

I 've written W2K drivers so my only problem is interrupt hooking...

Thanks in advance,

fooCoder
Posted on 2003-01-22 16:31:43 by fooCoder
I have tried before too hhok IRQs by IDT table patching in WIn2k, bottom line i have failed :(.

It somehow works for a short time but usually you will end up crashing the system and/or loosing IRQ's.

Also some IRQ's like Keyboard are harder to hook because they are already virtualized and connected to a low level system driver that has no sypport for IRQ sharring... like in i8042prt.sys

MS considered those drivers are critical to the OS (aka keyboard and mouse) and it is unlikely that someone will run the system without them ... so they do not allow you to catch/hook/unhook/load/unload their IRQs at the lowest available level...

You can do it a at slightly higher levels but you will not be the first one in the chain... like in an intemediate level (filtering) KMD driver

AFAIK it can be done but with extreeme caution and knowledge using techniques that are beyond the purpose and rules of this forum (aka hacking info)
Posted on 2003-01-22 18:27:46 by BogdanOntanu
To hook an interrupt vector I need to use HalGetInterruptVector and...


i think this one would be the one you should stick with. running in DOS is doesnt same like in kmd of course, you know it . maybe some kmd gurus could help you out on this ;)
Posted on 2003-01-22 20:19:28 by dion
i want ot ask as this is on the same sort of subject, i want to patch in my own inturupt any one that isnt used of cource, so like 0x080 or some interupt#, and i want it to execute the code i provide an address to for the int. how would i do this?(*NT5.xx*)
Posted on 2003-01-22 20:32:16 by Qages
ftp://mm-ftp.cs.berkeley.edu/pub/winnt/ddk_utils/skel.tar.gz

look at this c example (sample pci driver skeleton)..

if your isr takes long time to execute, there are other things you should do.. (request a DPC for later processing)

example : ftp://mm-ftp.cs.berkeley.edu/pub/winnt/ddk_utils/skel_pci_dma.tar.gz
Posted on 2003-01-23 03:42:02 by kamilh
Thanks to everyone,

I imagined it was a difficult task :)

To BogdanOntanu:

thanks for your advice, perhaps the best thing to do is to install a callback procedure without using interrupts.
I did this with VxDs, installing my procs in a legal way hooking inputs from keyboard and mouse...I wasn' t the first in the chain but I could process the input before other applications :

..........
GetVxDServiceOrdinal eax, VKD_Filter_Keyboard_Input; get the id of the filter service
mov esi, offset32 Record_Keyboard ; address of our hook routine
VMMCall Hook_Device_Service ; hook
.............

Is there a way to do the same thing under Win2K ? This should be sufficient, I could hook the lpt driver and perform my action....

To dion :

Yes, you are right....if only it was more simple :)
Posted on 2003-01-23 06:04:52 by fooCoder