Hi there,
honestly, I'm not sure if this is an appropriate place to ask this type of question
as it isn't really ASM-specific, but as I'm implementing the code in assembly (and
ASM guys are more likely to have a clue of low-level programming ;)) I'll try anyway...

Basically, I'm currently coding a KMD for WinXP that hooks the page-fault interrupt (0Eh)
via IDT patching to collect some paging performance data at the lowest possible level.
Now the problem arises of how to pass the collected data to user mode (or at least pass it
to some file I/O routines) while executing at an arbitrary IRQL <= DISPATCH_LEVEL (some MSDN
sources indicate that page faults cannot be triggered at IRQL=DISPATCH_LEVEL, but from my
observations this obviously isn't true). So what type of kernel mechanism could be used to
solve this issue (preferrably in a synchronized, event-driven way, i.e. w/o having to use
timer-based polls of the collection buffers or the like)?

Any hints on this subject (even not strictly ASM ones ;)) are very welcome...

Thanks and regards,
Posted on 2005-10-27 04:52:48 by bisi
IIRC, page faults can't occur at IRQL > DISPATCH_LEVEL !

One solution for your problem, is to save your data inside a
buffer and use the IOCTLs (DeviceIoControl) to communicate
usermode-kernel mode.

Maybe this will help you:

Good luck,

Posted on 2005-10-27 21:06:53 by Opcode
This article will be definitelly useful to you:
http://www.codeproject.com/system/driverdev2.asp  :D
Posted on 2005-10-27 21:10:39 by Opcode

An efficient method of doing this kind of I/O from within an interrupt handler might be to use paged lookaside lists (vis ExAllocateFromNPagedLookasideList, ExInterlockedInsertTailList), and a dedicated system thread (created with PsCreateSystemThread) which waits for and processes the pending I/O requests (ExInterlockedRemoveHeadList, ExFreeToNPagedLookasideList).

This sets up a work queue managed by a semaphore and spin lock for the data you want to export.  This is a fairly common method of handling file I/O from kernel mode which you could probably adapt for getting the information directly to your gui app.

Use a few of the phrases above as search words and you should be able to find some info on setting up a dedicated file I/O thread you can trigger from within the int handler.


Posted on 2005-10-28 01:22:39 by Kayaker
Thank you both, guys.
Actually, I already read the OSR article, but reading up a bit on the used APIs on MSDN, I found it to probably be - at least - very problematic to use events while operating at DISPATCH_LEVEL. The Codeproject.com article seems informative, indeed, but it doesn't really seem to cover the particular IRQL problem involved.
Kayaker's solution sounds interesting as well, I'll probably give it a quick hack next. ;)
From what I see now, it seems like there simply isn't any more 'direct' I/O while running at DISPATCH_LEVEL than using some kind of APC/DPC mechanism for pushing/polling the collected data...

Thanks again,
Posted on 2005-10-30 10:52:28 by bisi