windbg学习24(!idt)

!idt显示指定的中断分配表(interrupt dispatch table (IDT))中的中断服务例程(interrupt service routine (ISR))

最典型的自陷int 2e,其中断表使用的是:

lkd> !idt 2e

Dumping IDT:

2e:	82c8369e nt!KiSystemService

如不指定IDT,会简短的显示目标机中所有处理器的IDT:

lkd> !idt

Dumping IDT:

37:	82c29104 hal!PicSpuriousService37
51:	85e672d8 ataport!IdePortInterrupt (KINTERRUPT 85e67280)
	         ataport!IdePortInterrupt (KINTERRUPT 85e67000)
80:	869412d8 ndis!ndisMiniportMessageIsr (KINTERRUPT 86941280)
82:	86941cd8 9517ef00 (KINTERRUPT 86941c80)
90:	85e67558 pci!ExpressRootPortMessageRoutine (KINTERRUPT 85e67500)
91:	86fc4cd8 9460749a (KINTERRUPT 86fc4c80)
92:	86941a58 9519b486 (KINTERRUPT 86941a00)
	         951b67ab (KINTERRUPT 86941780)
	         9509dd47 (KINTERRUPT 86fc4a00)
a0:	85e677d8 pci!ExpressRootPortMessageRoutine (KINTERRUPT 85e67780)
a2:	86941558 9517ef00 (KINTERRUPT 86941500)
b0:	85e67a58 pci!ExpressRootPortMessageRoutine (KINTERRUPT 85e67a00)
b1:	85e67cd8 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT 85e67c80)
b2:	86941058 951b67ab (KINTERRUPT 86941000)
c1:	82c293f4 hal!HalpBroadcastCallService
d1:	82c11634 hal!HalpHpetClockInterrupt
d2:	82c11898 hal!HalpHpetRolloverInterrupt
df:	82c291dc hal!HalpApicRebootService
e1:	82c29958 hal!HalpIpiHandler
e3:	82c296f8 hal!HalpLocalApicErrorService
fd:	82c29f2c hal!HalpProfileInterrupt
fe:	82c2a1a8 hal!HalpPerfInterrupt

如果指定了-a,则显示所有IDT的ISR

lkd> !idt -a

Dumping IDT:

00:	82c84670 nt!KiTrap00
01:	82c84800 nt!KiTrap01
02:	Task Selector = 0x0058
03:	82c46ffb nt!_imp__VidBitBlt <PERF> (nt+0xffb)
04:	82c84df8 nt!KiTrap04
05:	82c84f58 nt!KiTrap05
06:	82c850cc nt!KiTrap06
07:	82c856c8 nt!KiTrap07
08:	Task Selector = 0x0050
09:	82c85b28 nt!KiTrap09
0a:	82c85c4c nt!KiTrap0A
0b:	82c85d8c nt!KiTrap0B
0c:	82c85fec nt!KiTrap0C
0d:	82c862dc nt!KiTrap0D
0e:	82c869ac nt!KiTrap0E
0f:	82c86d60 nt!KiTrap0F
10:	82c86e84 nt!KiTrap10
11:	82c86fc4 nt!KiTrap11
12:	Task Selector = 0x00A0

你可能感兴趣的:(windbg学习24(!idt))