I want to create custom ints. in Win98SE
i tried that
This code causes a general protection fault.
What did I do wrong?
thanks for all answers

include \masm32\include\vmm.inc
include \masm32\include\vwin32.inc
include \masm32\include\shell.inc
Interrupt equ 9Fh
Begin_control_dispatch TESTVXD
Control_Dispatch w32_DeviceIoControl, OnDeviceIoControl
End_control_dispatch TESTVXD
BeginProc NewInt
sub eax,eax
inc eax
mov eax,dr7
EndProc NewInt
BeginProc OnDeviceIoControl
assume esi:ptr DIOCParams
.if [esi].dwIoControlCode==DIOC_Open
xor eax,eax
.elseif [esi].dwIoControlCode==1
xor edx,edx
push edx
sidt [esp-2]
pop edx
add edx,(Interrupt*8)
sub ecx,ecx
mov cx,cs
shl ecx,16
mov eax,OFFSET32 NewInt
and eax,0FFFFh
add eax,ecx
mov [edx],eax
mov eax,OFFSET32 NewInt
and eax,0FFFF0000h
or eax,0EE00h ;i fix th DPL (thaks OpCode)
mov [edx+4],eax
xor eax,eax
EndProc OnDeviceIoControl


.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
VxDName db "\\.\Testvxd.vxd",0
hDevice dd ?
invoke CreateFile,addr VxDName,0,0,0,0,FILE_FLAG_DELETE_ON_CLOSE,0
mov hDevice,eax
invoke DeviceIoControl,hDevice,1,NULL,NULL,NULL,NULL,NULL,NULL
int 9Fh
invoke CloseHandle,hDevice
invoke ExitProcess,0
end start
Posted on 2004-04-23 04:52:38 by Criminal2
I'm not sure, because I'm a NT device driver programmer
and no more create VxD, but maybe the


is not appropriate, because interrupts handlers
should not be in pageable code segments.

Posted on 2004-04-23 06:35:27 by Opcode
And don't forget to set the interrupt flag
with STI before exiting with IRETD.
Posted on 2004-04-23 06:37:59 by Opcode
thanks,but don't work

Everything is good if int number is 0

like that

xor eax,eax
xor ecx,ecx
xor edx,edx
div ecx

my code works perfect

but this code causes a general protection fault
int 0
why why why ? :( :( :( :(
Posted on 2004-04-23 06:45:01 by Criminal2
Did you checked the DPL value of your interrupt descriptor ?
After changed the IDT, dump the memory with
some debbuger and post here.
Try to use SoftICE or TRW2000.

Good luck :alright:
Posted on 2004-04-23 07:15:44 by Opcode
To handle interrupts is not that easy in win98. First you should never alter interrupt vectors table yourself. You should use virtual interrupts. Fill the VPICD_IRQ_Descriptor structure and do VxDCall VPICD_Virtualize_IRQ. See DDK for details. It's been too long since I did that, so i may omit some crucial points. The other important thing is that your interrupt handler has to be in VxD_LOCKED_CODE_SEG, because when interrupt comes the routine has to be in memory, not paged on disk, otherwise it will cause a GPF. I assume that you know what 'shared' interrupts are. So if you've virtualized a shared interrupt and interrupt comes from other device than you expect, your handler should set carry flag to let another interrupt handler mess with that interrupt. If you handle the interrupt, clear carry flag before return. Hope this helps.
Posted on 2004-04-23 08:35:42 by Vaxon
Ok,i get it
Posted on 2004-04-23 08:46:02 by Criminal2
limit of idt in win9x is 2ff, that is room for ints 0 - 5f only!
Posted on 2004-04-23 08:47:17 by japheth

limit of idt in win9x is 2ff, that is room for ints 0 - 5f only!

60h is never exits
that is the point
can i change IDT Limit ?? or windows slap me ? :)
Posted on 2004-04-23 09:07:43 by Criminal2
It is not a good idea to enter data past the existing IDT, there is probably other data there, although I don't remember exactly. Interrupts 0x42-0x4f are not used as far as I know.
You do not have to have a STI, since that would be quite pointless. The IRETD would change it back to what it was anyway.
If you do not want interrupts to become disabled during the execution of the interrupt, the gate type should be set to EF instead of EE.
Paged memory can be used. Only hardware interrupt handlers must avoid accessing paged memory.
Posted on 2004-04-23 09:38:39 by Sephiroth3

are you aware of the fact that in win9x each vm has its own idt? and even for protected mode/v86 mode there may be 2 different idts in one vm. so if you want your handler to act "globally", modifying idt by yourself isnt possibly the best approach - to say it mildly.

Posted on 2004-04-23 10:44:43 by japheth
Int 4e, worked
:grin: :grin: :grin: :) :) :) :) :cool: :cool: :cool:
thanks everone
Soruce Code
Posted on 2004-04-23 11:53:19 by Criminal2
Hmm... it doesn't have to be in a VXD, you can hook interrupts just fine in Ring3.
Posted on 2004-04-24 13:02:51 by Sephiroth3
but i need hook interrupts systemwide.
i want to control File I/O system.
Posted on 2004-04-24 13:41:32 by Criminal2
Why do you want to control the file I/O system?
Posted on 2004-04-24 15:04:30 by f0dder
Users will be able to apply read/write/execute permissions to selected files, exactly like in unix.
Posted on 2004-04-24 16:02:38 by Criminal2
Sounds good. Taking over the filesystem just sounded a bit fishy, considering your nickname :rolleyes:
Posted on 2004-04-24 16:21:39 by f0dder
:) :) :)
i know, "Criminal2" is nonsense
My English is very bad.
Posted on 2004-04-24 16:56:42 by Criminal2

Su?lu2 :)
Posted on 2004-04-24 17:00:29 by Vortex
i want to mean "Suspect" (Zanl?2)
Posted on 2004-04-25 03:30:45 by Criminal2