Well, as it seems that no one replied to my other thread, i'll rephrase what the problem is:

I just want to write an exception handler which should temporarily replace int 3 and int 1 . I managed to get code into ring0 space and everything. My problem is that the stack doesn't look like it should, when the system enters my int 3/1 exception handlers. I modified IDT to point to my code (only changed the offset, not the selectors in IDT!).

But whenever I do "iretd" or "iret" in my handler, the system will crash because doesnt lead back to the thread it came from. I have to redirect to the original system handler ... but that works only for int 3. Interrupt 1 will reboot the system when I redirect it to the original system code.

So how do I have to design my own, system independant exception handler?

aweX <-
Posted on 2002-07-15 14:25:07 by aweX
KMD my friend make a KMD or a VxD depending on OS flavour. Also some IRQ can not be easy redirected beacuse they are already virtualized and there is no way to unvirtualize them safely (aka the keyboard IRQ :) )

The redirect IDT quick hack works only for your process and only if no context switch occurs ... its used for hacks but of little help for real working applications ... well ... cough ... hmmm
Posted on 2002-07-15 16:32:01 by BogdanOntanu
post the following parts of your code:

- piece that modifies IDT for int 1/3
- entry/exit of your exception handler code

does the problem occur with int 1/3 in ring 3 or ring 0?

Of course Bogdans reply cannot be ignored. Your handler code should reside in a shared dll.
Posted on 2002-07-15 17:43:01 by japheth
I already wrote the structure into the other thread. Please review it here: http://www.asmcommunity.net/board/showthread.php?postid=46305.msg46305
Posted on 2002-07-16 08:20:48 by aweX
Thats not sufficient. Its pseudo code and the code modifying IDT isnt shown.

If you cannot use a debugger use OutputDebugstring function and DbgView utility to show this output.
Posted on 2002-07-16 10:03:00 by japheth