Raised This Month: $53 Target: $400
 13% 

[DEV/Windows] Interrupts, undefined opcodes.


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Sam839
Zero Posts
Join Date: Apr 2019
Location: Russian Federation
Old 02-18-2021 , 12:42   [DEV/Windows] Interrupts, undefined opcodes.
Reply With Quote #1

Interrupt handler based on VEH (SEH) exceptions with unused interrupts and unused opcodes.

Content:
  • About SEH and VEH.
  • About Interrupts and unused opcodes.
  • How it works with VEH (SEH)?
  • Why it?


About SEH and VEH.

Structured exception handling (SEH) is a Microsoft extension to C to handle certain exceptional code situations, such as hardware faults, gracefully. Source

Vectored exception handlers are an extension to structured exception handling (SEH). In a nutshell, vectored exception handling is similar to regular SEH, with three key differences:
  • Handlers aren't tied to a specific function nor are they tied to a stack frame.
  • The compiler doesn't have keywords (such as try or catch) to add a new handler to the list of handlers.
  • Vectored exception handlers are explicitly added by your code, rather than as a byproduct of try/catch statements.
Source 1
Source 2

VEH does not replace Structured Exception Handling (SEH), rather VEH and SEH coexist, with VEH handlers having priority over SEH handlers.

About Interrupts and unused opcodes.

Interrupts:
In modern operating systems, the programmer often doesn't need to use interrupts. In Windows, for example, the programmer conducts business with the Win32 API. However, these API calls interface with the kernel, and the kernel will often trigger interrupts to perform different tasks. In older operating systems (specifically DOS), the programmer didn't have an API to use, and so they had to do all their work through interrupts. Source
A software interrupt is requested by the processor itself upon executing particular instructions or when certain conditions are met. Every software interrupt signal is associated with a particular interrupt handler. Source

I did do research work and can tell which interrupts are NOT used in the standard windows of the latest version.
Unused interrupts:
  • 0x0F
  • 0x16-0x1E
  • 0x21-0x28
  • 0x2A-0x2B
  • 0x2E
  • 0x37-0x50
  • 0x53-0x60
  • 0x63-0x6F
  • 0x78-0x80
  • 0x83-0x91
  • 0x93-0xA0
  • 0xA4-0xAF
  • 0xB8-0xD0
  • 0xD3-0xD6
  • 0xD9-0xDE
  • 0xE0
  • 0xE4-0xFD
  • 0xFF

Undocumented interrupts:
  • 0x17
  • 0x1A
  • 0x2A
  • 0x47
  • 0x4B
  • 0x53-0x57
  • 0x60
  • 0x69
  • 0x6F
  • 0x79
  • 0x80
  • 0x83-0x85
  • 0xF2-0xF9
  • 0xFC
  • 0xFD

Reserved for user interrupts:
  • 0x63-0x66
  • 0xF1

True unused interrupts (these interrupts should always be unused):
  • 0x7D
  • 0x7E
To avoid errors with driver interrupts and future interrupts, use truly unused interrupts.

Unused (Undefined) opcodes:
Generates an invalid opcode exception. UD (Instruction)
Unused opcodes (instructions):
  • UD (UD0) - 0x0F 0xFF
  • UD1 - 0x0F 0xB9
  • UD2 - 0x0F 0x0B

How it works with VEH (SEH)?

So. We repeated the theory and learned something new, but how does it work? I will briefly talk about this.
The called interrupt refers to the kernel, the kernel executes the code located at a specific address in the interrupt vector. If the interrupt is not used, the address will be "null", and the program code will refer to a non-existent address and throw an exception (0xC0000005 - EXCEPTION_ACCESS_VIOLATION), in this case we can use the exception handler and then read and modify the registers!

Sample program:
PHP Code:
#include <Windows.h>
#include <iostream>

#define CALL_FIRST 1 // Will be called first
#define CALL_LAST  0 // Will be called last after first

PVOID pVEH nullptr;

LONG WINAPI VEH(PEXCEPTION_POINTERS pExcPtrs) {
    const 
unsigned charEIP const_cast<const unsigned char*>(reinterpret_cast<unsigned char*>(pExcPtrs->ContextRecord->Eip)); // Exception EIP
    
if ((EIP[0] == 0x0Fu) && (EIP[1] == 0xFFu) && (pExcPtrs->ExceptionRecord->ExceptionCode == EXCEPTION_ILLEGAL_INSTRUCTION)) { // IF EIP = UD (UD0) AND ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION
        
pExcPtrs->ContextRecord->Eip += 2// Bypass current instruction
        
pExcPtrs->ContextRecord->Eax 1// Store 1 in EAX register
        
return EXCEPTION_CONTINUE_EXECUTION;
    }
    if ((
EIP[0] == 0x0Fu) && (EIP[1] == 0xB9u) && (pExcPtrs->ExceptionRecord->ExceptionCode == EXCEPTION_ILLEGAL_INSTRUCTION)) { // IF EIP = UD1 AND ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION
        
pExcPtrs->ContextRecord->Eip += 2// Bypass current instruction
        
pExcPtrs->ContextRecord->Eax 2// Store 2 in EAX register
        
return EXCEPTION_CONTINUE_EXECUTION;
    }
    if ((
EIP[0] == 0x0Fu) && (EIP[1] == 0x0Bu) && (pExcPtrs->ExceptionRecord->ExceptionCode == EXCEPTION_ILLEGAL_INSTRUCTION)) { // IF EIP = UD2 AND ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION
        
pExcPtrs->ContextRecord->Eip += 2// Bypass current instruction
        
pExcPtrs->ContextRecord->Eax 3// Store 3 in EAX register
        
return EXCEPTION_CONTINUE_EXECUTION;
    }
    if ((
EIP[0] == 0xCDu) && (pExcPtrs->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION)) // IF EIP = Interrupt AND ExceptionCode = EXCEPTION_ACCESS_VIOLATION
    
{
        switch (
EIP[1]) {
            case 
0x7Du: { // IF InterruptNumber is 0x7D (int 0x7D)
                
pExcPtrs->ContextRecord->Eip += 2// Bypass current instruction
                
unsigned int edi pExcPtrs->ContextRecord->Edi;
                
unsigned int esi pExcPtrs->ContextRecord->Esi;
                
pExcPtrs->ContextRecord->Eax edi esi// EAX=EDI+ESI
                
break;
            }
            case 
0x7Eu: { // IF InterruptNumber is 0x7E (int 0x7E)
                
pExcPtrs->ContextRecord->Eip += 2// Bypass current instruction
                
unsigned int edi pExcPtrs->ContextRecord->Edi;
                
unsigned int esi pExcPtrs->ContextRecord->Esi;
                
pExcPtrs->ContextRecord->Eax edi esi// EAX=EDI-ESI
                
break;
            }
            default:
                
pExcPtrs->ContextRecord->Eip += 2// Bypass current instruction
                
pExcPtrs->ContextRecord->Eax 0// DEFAULT: EAX=0
        
}
    }
    return 
EXCEPTION_CONTINUE_EXECUTION;
}

#define UD0 __asm _emit 0x0F __asm _emit 0xFF
#define UD1 __asm _emit 0x0F __asm _emit 0xB9
#define UD2 __asm _emit 0x0F __asm _emit 0x0B

int main(void) {
#pragma region Adding VEH Handler
    
pVEH AddVectoredExceptionHandler(CALL_FIRSTVEH);
    if (!
pVEH) {
        
printf("AddVectoredExceptionHandler error!\n");
        return 
0;
    }
#pragma endregion

#pragma region Start
    // Reset+Start
    
unsigned int v_eax 0u// Variable for EAX
    
__asm { xor eaxeax // Zeroing the register
    
__asm mov v_eaxeax // Store EAX register in variable
    
printf("eax start = %08X\n"v_eax); // Printing variable
#pragma endregion

#pragma region Running UDs
    // UD0
    
UD0
    __asm 
mov v_eaxeax // Store EAX register in variable
    
printf("eax ud0 = %08X\n"v_eax); // Printing variable
    // UD1
    
UD1
    __asm 
mov v_eaxeax // Store EAX register in variable
    
printf("eax ud1 = %08X\n"v_eax); // Printing variable
    // UD2
    
UD2
    __asm 
mov v_eaxeax // Store EAX register in variable
    
printf("eax ud2 = %08X\n"v_eax); // Printing variable
#pragma endregion

#pragma region Running Interrupts
    // int 7D (EAX=EDI+ESI)
    
__asm mov edi// Store 2 in EDI register
    
__asm mov esi// Store 2 in ESI register
    
__asm int 0x7D // Calling Interrupt
    
__asm mov v_eaxeax // Store EAX register in variable
    
printf("eax int7D = %08X\n"v_eax); // Printing variable
    // int 7E (EAX=EDI-ESI)
    
__asm mov edi// Store 2 in EDI register
    
__asm mov esi// Store 2 in ESI register
    
__asm int 0x7E // Calling Interrupt
    
__asm mov v_eaxeax // Store EAX register in variable
    
printf("eax int7E = %08X\n"v_eax); // Printing variable
    // int F1 (Default: EAX=0)
    
__asm int 0xF1 // Calling Interrupt
    
__asm mov v_eaxeax // Store EAX register in variable
    
printf("eax intF1 = %08X\n"v_eax); // Printing variable
#pragma endregion

#pragma region Removing VEH Handler
    
if (pVEH) {
        
RemoveVectoredExceptionHandler(pVEH);
    }
#pragma endregion
    
return 0;

Why it?

The reasons for this may be:
  • Security - The use of interrupts complicates decompilation, but this can be bypassed if it is known that the program uses VEH (SEH).
  • Optimization - Large algorithms can be used without the need to import functions from a specific library, because VEH applies to the entire program and its modules.
  • Fun - How about the BIOS in the program?

Thanks for attention!

Last edited by Sam839; 03-21-2021 at 22:38. Reason: Added exception code for example + added php syntax.
Sam839 is offline
Sam839
Zero Posts
Join Date: Apr 2019
Location: Russian Federation
Old 05-08-2021 , 13:30   Re: [DEV/Windows] Interrupts, undefined opcodes.
Reply With Quote #2

Dumped IDT.

OS: Windows 10 19041 x64
Code:
# KernelBase = 0xFFFFF80218600000
# Dumping IDT: 0xFFFFF8021dE61000
0x00 -> 0xFFFFF80218A00800 nt!KiDivideErrorFault
0x01 -> 0xFFFFF80218A00B40 nt!KiDebugTrapOrFault (Stack = 0xFFFFF8021DE9F000)
0x02 -> 0xFFFFF80218A01040 nt!KiNmiInterrupt (Stack = 0xFFFFF8021DE91000)
0x03 -> 0xFFFFF80218A01500 nt!KiBreakpointTrap
0x04 -> 0xFFFFF80218A01840 nt!KiOverflowTrap
0x05 -> 0xFFFFF80218A01B80 nt!KiBoundFault
0x06 -> 0xFFFFF80218A020C0 nt!KiInvalidOpcodeFault
0x07 -> 0xFFFFF80218A025C0 nt!KiNpxNotAvailableFault
0x08 -> 0xFFFFF80218A028C0 nt!KiDoubleFaultAbort (Stack = 0xFFFFF8021DE8A000)
0x09 -> 0xFFFFF80218A02BC0 nt!KiNpxSegmentOverrunAbort
0x0A -> 0xFFFFF80218A02EC0 nt!KiInvalidTssFault
0x0B -> 0xFFFFF80218A031C0 nt!KiSegmentNotPresentFault
0x0C -> 0xFFFFF80218A03580 nt!KiStackFault
0x0D -> 0xFFFFF80218A038C0 nt!KiGeneralProtectionFault
0x0E -> 0xFFFFF80218A03C00 nt!KiPageFault
0x0F -> 0xFFFFF802189F8678 nt!KiIsrThunk+0x78
0x10 -> 0xFFFFF80218A04240 nt!KiFloatingErrorFault
0x11 -> 0xFFFFF80218A04600 nt!KiAlignmentFault
0x12 -> 0xFFFFF80218A04940 nt!KiMcheckAbort (Stack = 0xFFFFF8021DE98000)
0x13 -> 0xFFFFF80218A05440 nt!KiXmmException
0x14 -> 0xFFFFF80218A05800 nt!KiVirtualizationException
0x15 -> 0xFFFFF80218A05D00 nt!KiControlProtectionFault
0x16 -> 0xFFFFF802189F86B0 nt!KiIsrThunk+0xB0
0x17 -> 0xFFFFF802189F86B8 nt!KiIsrThunk+0xB8
0x18 -> 0xFFFFF802189F86C0 nt!KiIsrThunk+0xC0
0x19 -> 0xFFFFF802189F86C8 nt!KiIsrThunk+0xC8
0x1A -> 0xFFFFF802189F86D0 nt!KiIsrThunk+0xD0
0x1B -> 0xFFFFF802189F86D8 nt!KiIsrThunk+0xD8
0x1C -> 0xFFFFF802189F86E0 nt!KiIsrThunk+0xE0
0x1D -> 0xFFFFF802189F86E8 nt!KiIsrThunk+0xE8
0x1E -> 0xFFFFF802189F86F0 nt!KiIsrThunk+0xF0
0x1F -> 0xFFFFF802189F9EB0 nt!KiApcInterrupt
0x20 -> 0xFFFFF802189FBA90 nt!KiSwInterrupt
0x21 -> 0xFFFFF802189F8708 nt!KiIsrThunk+0x108
0x22 -> 0xFFFFF802189F8710 nt!KiIsrThunk+0x110
0x23 -> 0xFFFFF802189F8718 nt!KiIsrThunk+0x118
0x24 -> 0xFFFFF802189F8720 nt!KiIsrThunk+0x120
0x25 -> 0xFFFFF802189F8728 nt!KiIsrThunk+0x128
0x26 -> 0xFFFFF802189F8730 nt!KiIsrThunk+0x130
0x27 -> 0xFFFFF802189F8738 nt!KiIsrThunk+0x138
0x28 -> 0xFFFFF802189F8740 nt!KiIsrThunk+0x140
0x29 -> 0xFFFFF80218A06200 nt!KiRaiseSecurityCheckFailure
0x2A -> 0xFFFFF802189F8750 nt!KiIsrThunk+0x150
0x2B -> 0xFFFFF802189F8758 nt!KiIsrThunk+0x158
0x2C -> 0xFFFFF80218A06540 nt!KiRaiseAssertion
0x2D -> 0xFFFFF80218A06880 nt!KiDebugServiceTrap
0x2E -> 0xFFFFF802189F8770 nt!KiIsrThunk+0x170
0x2F -> 0xFFFFF802189FC050 nt!KiDpcInterrupt
0x30 -> 0xFFFFF802189FA450 nt!KiHvInterrupt
0x31 -> 0xFFFFF802189FA730 nt!KiVmbusInterrupt0
0x32 -> 0xFFFFF802189FAA10 nt!KiVmbusInterrupt1
0x33 -> 0xFFFFF802189FACF0 nt!KiVmbusInterrupt2
0x34 -> 0xFFFFF802189FAFD0 nt!KiVmbusInterrupt3
0x35 -> 0xFFFFF802189F87A8 nt!HalpInterruptCmciService (KINTERRUPT 0xFFFFF802192F30C0)
0x36 -> 0xFFFFF802189F87B0 nt!HalpInterruptCmciService (KINTERRUPT 0xFFFFF802192F3300)
0x37 -> 0xFFFFF802189F87B8 nt!KiIsrThunk+0x1B8
0x38 -> 0xFFFFF802189F87C0 nt!KiIsrThunk+0x1C0
0x39 -> 0xFFFFF802189F87C8 nt!KiIsrThunk+0x1C8
0x3A -> 0xFFFFF802189F87D0 nt!KiIsrThunk+0x1D0
0x3B -> 0xFFFFF802189F87D8 nt!KiIsrThunk+0x1D8
0x3C -> 0xFFFFF802189F87E0 nt!KiIsrThunk+0x1E0
0x3D -> 0xFFFFF802189F87E8 nt!KiIsrThunk+0x1E8
0x3E -> 0xFFFFF802189F87F0 nt!KiIsrThunk+0x1F0
0x3F -> 0xFFFFF802189F87F8 nt!KiIsrThunk+0x1F8
0x40 -> 0xFFFFF802189F8800 nt!KiIsrThunk+0x200
0x41 -> 0xFFFFF802189F8808 nt!KiIsrThunk+0x208
0x42 -> 0xFFFFF802189F8810 nt!KiIsrThunk+0x210
0x43 -> 0xFFFFF802189F8818 nt!KiIsrThunk+0x218
0x44 -> 0xFFFFF802189F8820 nt!KiIsrThunk+0x220
0x45 -> 0xFFFFF802189F8828 nt!KiIsrThunk+0x228
0x46 -> 0xFFFFF802189F8830 nt!KiIsrThunk+0x230
0x47 -> 0xFFFFF802189F8838 nt!KiIsrThunk+0x238
0x48 -> 0xFFFFF802189F8840 nt!KiIsrThunk+0x240
0x49 -> 0xFFFFF802189F8848 nt!KiIsrThunk+0x248
0x4A -> 0xFFFFF802189F8850 nt!KiIsrThunk+0x250
0x4B -> 0xFFFFF802189F8858 nt!KiIsrThunk+0x258
0x4C -> 0xFFFFF802189F8860 nt!KiIsrThunk+0x260
0x4D -> 0xFFFFF802189F8868 nt!KiIsrThunk+0x268
0x4E -> 0xFFFFF802189F8870 nt!KiIsrThunk+0x270
0x4F -> 0xFFFFF802189F8878 nt!KiIsrThunk+0x278
0x50 -> 0xFFFFF802189F8880 nt!KiIsrThunk+0x280
0x51 -> 0xFFFFF802189F8888 0xFFFFF802265E7360 (KINTERRUPT 0xFFFFA880777A7A00)
                           0xFFFFF802265E7360 (KINTERRUPT 0xFFFFA880777A7280)
0x52 -> 0xFFFFF802189F8890 0xFFFFF8021CE77960 (KINTERRUPT 0xFFFFA880777A78C0)
0x53 -> 0xFFFFF802189F8898 nt!KiIsrThunk+0x298
0x54 -> 0xFFFFF802189F88A0 nt!KiIsrThunk+0x2A0
0x55 -> 0xFFFFF802189F88A8 nt!KiIsrThunk+0x2A8
0x56 -> 0xFFFFF802189F88B0 nt!KiIsrThunk+0x2B0
0x57 -> 0xFFFFF802189F88B8 nt!KiIsrThunk+0x2B8
0x58 -> 0xFFFFF802189F88C0 nt!KiIsrThunk+0x2C0
0x59 -> 0xFFFFF802189F88C8 nt!KiIsrThunk+0x2C8
0x5A -> 0xFFFFF802189F88D0 nt!KiIsrThunk+0x2D0
0x5B -> 0xFFFFF802189F88D8 nt!KiIsrThunk+0x2D8
0x5C -> 0xFFFFF802189F88E0 nt!KiIsrThunk+0x2E0
0x5D -> 0xFFFFF802189F88E8 nt!KiIsrThunk+0x2E8
0x5E -> 0xFFFFF802189F88F0 nt!KiIsrThunk+0x2F0
0x5F -> 0xFFFFF802189F88F8 nt!KiIsrThunk+0x2F8
0x60 -> 0xFFFFF802189F8900 nt!KiIsrThunk+0x300
0x61 -> 0xFFFFF802189F8908 0xFFFFF802266D3550 (KINTERRUPT 0xFFFFA88078355B40)
                           0xFFFFF80227CB2760 (KINTERRUPT 0xFFFFA880777A7500)
                           0xFFFFF802266D1160 (KINTERRUPT 0xFFFFA88078355A00)
0x62 -> 0xFFFFF802189F8910 0xFFFFF8021C5B3C30 (KINTERRUPT 0xFFFFA88077983A00)
0x63 -> 0xFFFFF802189F8918 nt!KiIsrThunk+0x318
0x64 -> 0xFFFFF802189F8920 nt!KiIsrThunk+0x320
0x65 -> 0xFFFFF802189F8928 nt!KiIsrThunk+0x328
0x66 -> 0xFFFFF802189F8930 nt!KiIsrThunk+0x330
0x67 -> 0xFFFFF802189F8938 nt!KiIsrThunk+0x338
0x68 -> 0xFFFFF802189F8940 nt!KiIsrThunk+0x340
0x69 -> 0xFFFFF802189F8948 nt!KiIsrThunk+0x348
0x6A -> 0xFFFFF802189F8950 nt!KiIsrThunk+0x350
0x6B -> 0xFFFFF802189F8958 nt!KiIsrThunk+0x358
0x6C -> 0xFFFFF802189F8960 nt!KiIsrThunk+0x360
0x6D -> 0xFFFFF802189F8968 nt!KiIsrThunk+0x368
0x6E -> 0xFFFFF802189F8970 nt!KiIsrThunk+0x370
0x6F -> 0xFFFFF802189F8978 nt!KiIsrThunk+0x378
0x70 -> 0xFFFFF802189F8980 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA880779838C0)
0x71 -> 0xFFFFF802189F8988 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA88077983780)
0x72 -> 0xFFFFF802189F8990 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA88077983640)
0x73 -> 0xFFFFF802189F8998 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA88077983500)
0x74 -> 0xFFFFF802189F89A0 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA880779833C0)
0x75 -> 0xFFFFF802189F89A8 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA88077983280)
0x76 -> 0xFFFFF802189F89B0 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA88077983140)
0x77 -> 0xFFFFF802189F89B8 0xFFFFF8021CD1DF70 (KINTERRUPT 0xFFFFA880777A7DC0)
0x78 -> 0xFFFFF802189F89C0 nt!KiIsrThunk+0x3C0
0x79 -> 0xFFFFF802189F89C8 nt!KiIsrThunk+0x3C8
0x7A -> 0xFFFFF802189F89D0 nt!KiIsrThunk+0x3D0
0x7B -> 0xFFFFF802189F89D8 nt!KiIsrThunk+0x3D8
0x7C -> 0xFFFFF802189F89E0 nt!KiIsrThunk+0x3E0
0x7D -> 0xFFFFF802189F89E8 nt!KiIsrThunk+0x3E8
0x7E -> 0xFFFFF802189F89F0 nt!KiIsrThunk+0x3F0
0x7F -> 0xFFFFF802189F89F8 nt!KiIsrThunk+0x3F8
0x80 -> 0xFFFFF802189F8A00 nt!KiIsrThunk+0x400
0x81 -> 0xFFFFF802189F8A08 0xFFFFF80226656790 (KINTERRUPT 0xFFFFA88078355C80)
0x82 -> 0xFFFFF802189F8A10 0xFFFFF8021C5B3C30 (KINTERRUPT 0xFFFFA880783558C0)
0x83 -> 0xFFFFF802189F8A18 nt!KiIsrThunk+0x418
0x84 -> 0xFFFFF802189F8A20 nt!KiIsrThunk+0x420
0x85 -> 0xFFFFF802189F8A28 nt!KiIsrThunk+0x428
0x86 -> 0xFFFFF802189F8A30 nt!KiIsrThunk+0x430
0x87 -> 0xFFFFF802189F8A38 nt!KiIsrThunk+0x438
0x88 -> 0xFFFFF802189F8A40 nt!KiIsrThunk+0x440
0x89 -> 0xFFFFF802189F8A48 nt!KiIsrThunk+0x448
0x8A -> 0xFFFFF802189F8A50 nt!KiIsrThunk+0x450
0x8B -> 0xFFFFF802189F8A58 nt!KiIsrThunk+0x458
0x8C -> 0xFFFFF802189F8A60 nt!KiIsrThunk+0x460
0x8D -> 0xFFFFF802189F8A68 nt!KiIsrThunk+0x468
0x8E -> 0xFFFFF802189F8A70 nt!KiIsrThunk+0x470
0x8F -> 0xFFFFF802189F8A78 nt!KiIsrThunk+0x478
0x90 -> 0xFFFFF802189F8A80 nt!KiIsrThunk+0x480
0x91 -> 0xFFFFF802189F8A88 nt!KiIsrThunk+0x488
0x92 -> 0xFFFFF802189F8A90 0xFFFFF8021C5B3C30 (KINTERRUPT 0xFFFFA880777A7C80)
0x93 -> 0xFFFFF802189F8A98 nt!KiIsrThunk+0x498
0x94 -> 0xFFFFF802189F8AA0 nt!KiIsrThunk+0x4A0
0x95 -> 0xFFFFF802189F8AA8 nt!KiIsrThunk+0x4A8
0x96 -> 0xFFFFF802189F8AB0 nt!KiIsrThunk+0x4B0
0x97 -> 0xFFFFF802189F8AB8 nt!KiIsrThunk+0x4B8
0x98 -> 0xFFFFF802189F8AC0 nt!KiIsrThunk+0x4C0
0x99 -> 0xFFFFF802189F8AC8 nt!KiIsrThunk+0x4C8
0x9A -> 0xFFFFF802189F8AD0 nt!KiIsrThunk+0x4D0
0x9B -> 0xFFFFF802189F8AD8 nt!KiIsrThunk+0x4D8
0x9C -> 0xFFFFF802189F8AE0 nt!KiIsrThunk+0x4E0
0x9D -> 0xFFFFF802189F8AE8 nt!KiIsrThunk+0x4E8
0x9E -> 0xFFFFF802189F8AF0 nt!KiIsrThunk+0x4F0
0x9F -> 0xFFFFF802189F8AF8 nt!KiIsrThunk+0x4F8
0xA0 -> 0xFFFFF802189F8B00 nt!KiIsrThunk+0x500
0xA1 -> 0xFFFFF802189F8B08 0xFFFFF8021CA23D80 (KINTERRUPT 0xFFFFA88077983B40)
0xA2 -> 0xFFFFF802189F8B10 0xFFFFF8021C5B3C30 (KINTERRUPT 0xFFFFA880777A7B40)
0xA3 -> 0xFFFFF802189F8B18 0xFFFFF80223183F50 (KINTERRUPT 0xFFFFA88078355780)
0xA4 -> 0xFFFFF802189F8B20 nt!KiIsrThunk+0x520
0xA5 -> 0xFFFFF802189F8B28 nt!KiIsrThunk+0x528
0xA6 -> 0xFFFFF802189F8B30 nt!KiIsrThunk+0x530
0xA7 -> 0xFFFFF802189F8B38 nt!KiIsrThunk+0x538
0xA8 -> 0xFFFFF802189F8B40 nt!KiIsrThunk+0x540
0xA9 -> 0xFFFFF802189F8B48 nt!KiIsrThunk+0x548
0xAA -> 0xFFFFF802189F8B50 nt!KiIsrThunk+0x550
0xAB -> 0xFFFFF802189F8B58 nt!KiIsrThunk+0x558
0xAC -> 0xFFFFF802189F8B60 nt!KiIsrThunk+0x560
0xAD -> 0xFFFFF802189F8B68 nt!KiIsrThunk+0x568
0xAE -> 0xFFFFF802189F8B70 nt!KiIsrThunk+0x570
0xAF -> 0xFFFFF802189F8B78 nt!KiIsrThunk+0x578
0xB0 -> 0xFFFFF802189F8B80 0xFFFFF8021C865C30 (KINTERRUPT 0xFFFFA88077983DC0)
0xB1 -> 0xFFFFF802189F8B88 0xFFFFF8021CA23D80 (KINTERRUPT 0xFFFFA88077983C80)
0xB2 -> 0xFFFFF802189F8B90 0xFFFFF8021C5B3C30 (KINTERRUPT 0xFFFFA880777A7780)
0xB3 -> 0xFFFFF802189F8B98 0xFFFFF80227CB2760 (KINTERRUPT 0xFFFFA880777A7140)
0xB4 -> 0xFFFFF802189F8BA0 0xFFFFF8021CE77960 (KINTERRUPT 0xFFFFA880777A7000)
0xB5 -> 0xFFFFF802189F8BA8 0xFFFFF8021CE77960 (KINTERRUPT 0xFFFFA88078355DC0)
0xB6 -> 0xFFFFF802189F8BB0 0xFFFFF8021CE77960 (KINTERRUPT 0xFFFFA88077983000)
0xB7 -> 0xFFFFF802189F8BB8 0xFFFFF8021CE77960 (KINTERRUPT 0xFFFFA88078355640)
0xB8 -> 0xFFFFF802189F8BC0 nt!KiIsrThunk+0x5C0
0xB9 -> 0xFFFFF802189F8BC8 nt!KiIsrThunk+0x5C8
0xBA -> 0xFFFFF802189F8BD0 nt!KiIsrThunk+0x5D0
0xBB -> 0xFFFFF802189F8BD8 nt!KiIsrThunk+0x5D8
0xBC -> 0xFFFFF802189F8BE0 nt!KiIsrThunk+0x5E0
0xBD -> 0xFFFFF802189F8BE8 nt!KiIsrThunk+0x5E8
0xBE -> 0xFFFFF802189F8BF0 nt!KiIsrThunk+0x5F0
0xBF -> 0xFFFFF802189F8BF8 nt!KiIsrThunk+0x5F8
0xC0 -> 0xFFFFF802189F8C00 nt!KiIsrThunk+0x600
0xC1 -> 0xFFFFF802189F8C08 nt!KiIsrThunk+0x608
0xC2 -> 0xFFFFF802189F8C10 nt!KiIsrThunk+0x610
0xC3 -> 0xFFFFF802189F8C18 nt!KiIsrThunk+0x618
0xC4 -> 0xFFFFF802189F8C20 nt!KiIsrThunk+0x620
0xC5 -> 0xFFFFF802189F8C28 nt!KiIsrThunk+0x628
0xC6 -> 0xFFFFF802189F8C30 nt!KiIsrThunk+0x630
0xC7 -> 0xFFFFF802189F8C38 nt!KiIsrThunk+0x638
0xC8 -> 0xFFFFF802189F8C40 nt!KiIsrThunk+0x640
0xC9 -> 0xFFFFF802189F8C48 nt!KiIsrThunk+0x648
0xCA -> 0xFFFFF802189F8C50 nt!KiIsrThunk+0x650
0xCB -> 0xFFFFF802189F8C58 nt!KiIsrThunk+0x658
0xCC -> 0xFFFFF802189F8C60 nt!KiIsrThunk+0x660
0xCD -> 0xFFFFF802189F8C68 nt!KiIsrThunk+0x668
0xCE -> 0xFFFFF802189F8C70 nt!HalpIommuInterruptRoutine (KINTERRUPT 0xFFFFF802192F3C00)
0xCF -> 0xFFFFF802189F8C78 nt!KiIsrThunk+0x678
0xD0 -> 0xFFFFF802189F8C80 nt!KiIsrThunk+0x680
0xD1 -> 0xFFFFF802189F8C88 nt!HalpTimerClockInterrupt (KINTERRUPT 0xFFFFF802192F3AE0)
0xD2 -> 0xFFFFF802189F8C90 nt!HalpTimerClockIpiRoutine (KINTERRUPT 0xFFFFF802192F39C0)
0xD3 -> 0xFFFFF802189F8C98 nt!KiIsrThunk+0x698
0xD4 -> 0xFFFFF802189F8CA0 nt!KiIsrThunk+0x6A0
0xD5 -> 0xFFFFF802189F8CA8 nt!KiIsrThunk+0x6A8
0xD6 -> 0xFFFFF802189F8CB0 nt!KiIsrThunk+0x6B0
0xD7 -> 0xFFFFF802189F8CB8 nt!HalpInterruptRebootService (KINTERRUPT 0xFFFFF802192F3780)
0xD8 -> 0xFFFFF802189F8CC0 nt!HalpInterruptStubService (KINTERRUPT 0xFFFFF802192F3540)
0xD9 -> 0xFFFFF802189F8CC8 nt!KiIsrThunk+0x6C8
0xDA -> 0xFFFFF802189F8CD0 nt!KiIsrThunk+0x6D0
0xDB -> 0xFFFFF802189F8CD8 nt!KiIsrThunk+0x6D8
0xDC -> 0xFFFFF802189F8CE0 nt!KiIsrThunk+0x6E0
0xDD -> 0xFFFFF802189F8CE8 nt!KiIsrThunk+0x6E8
0xDE -> 0xFFFFF802189F8CF0 nt!KiIsrThunk+0x6F0
0xDF -> 0xFFFFF802189F8CF8 nt!HalpInterruptSpuriousService (KINTERRUPT 0xFFFFF802192F3420)
0xE0 -> 0xFFFFF802189F8D00 nt!KiIsrThunk+0x700
0xE1 -> 0xFFFFF802189FC540 nt!KiIpiInterrupt
0xE2 -> 0xFFFFF802189F8D10 nt!HalpInterruptLocalErrorService (KINTERRUPT 0xFFFFF802192F3660)
0xE3 -> 0xFFFFF802189F8D18 nt!HalpInterruptDeferredRecoveryService (KINTERRUPT 0xFFFFF802192F31E0)
0xE4 -> 0xFFFFF802189F8D20 nt!KiIsrThunk+0x720
0xE5 -> 0xFFFFF802189F8D28 nt!KiIsrThunk+0x728
0xE6 -> 0xFFFFF802189F8D30 nt!KiIsrThunk+0x730
0xE7 -> 0xFFFFF802189F8D38 nt!KiIsrThunk+0x738
0xE8 -> 0xFFFFF802189F8D40 nt!KiIsrThunk+0x740
0xE9 -> 0xFFFFF802189F8D48 nt!KiIsrThunk+0x748
0xEA -> 0xFFFFF802189F8D50 nt!KiIsrThunk+0x750
0xEB -> 0xFFFFF802189F8D58 nt!KiIsrThunk+0x758
0xEC -> 0xFFFFF802189F8D60 nt!KiIsrThunk+0x760
0xED -> 0xFFFFF802189F8D68 nt!KiIsrThunk+0x768
0xEE -> 0xFFFFF802189F8D70 nt!KiIsrThunk+0x770
0xEF -> 0xFFFFF802189F8D78 nt!KiIsrThunk+0x778
0xF0 -> 0xFFFFF802189F8D80 nt!KiIsrThunk+0x780
0xF1 -> 0xFFFFF802189F8D88 nt!KiIsrThunk+0x788
0xF2 -> 0xFFFFF802189F8D90 nt!KiIsrThunk+0x790
0xF3 -> 0xFFFFF802189F8D98 nt!KiIsrThunk+0x798
0xF4 -> 0xFFFFF802189F8DA0 nt!KiIsrThunk+0x7A0
0xF5 -> 0xFFFFF802189F8DA8 nt!KiIsrThunk+0x7A8
0xF6 -> 0xFFFFF802189F8DB0 nt!KiIsrThunk+0x7B0
0xF7 -> 0xFFFFF802189F8DB8 nt!KiIsrThunk+0x7B8
0xF8 -> 0xFFFFF802189F8DC0 nt!KiIsrThunk+0x7C0
0xF9 -> 0xFFFFF802189F8DC8 nt!KiIsrThunk+0x7C8
0xFA -> 0xFFFFF802189F8DD0 nt!KiIsrThunk+0x7D0
0xFB -> 0xFFFFF802189F8DD8 nt!KiIsrThunk+0x7D8
0xFC -> 0xFFFFF802189F8DE0 nt!KiIsrThunk+0x7E0
0xFD -> 0xFFFFF802189F8DE8 nt!KiIsrThunk+0x7E8
0xFE -> 0xFFFFF802189F8DF0 nt!HalpPerfInterrupt (KINTERRUPT 0xFFFFF802192F38A0)
0xFF -> 0xFFFFF802189F8DF8 nt!KiIsrThunk+0x7F8
Sam839 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 17:05.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode