Interrupt Descriptor Table (IDT)modification
https://stackoverflow.com/questions/4654383
-
09-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
In the flow of control in linux kernel, found that control moves to IDT which has the location of interrupts(ex: 0x80 system call). And then control moves to the appropriate System call. Also read that IDT is initialized at boot time only.
I would like to know more about the IDT information from a real kernel, like its location. Also like to know, wthether at any other time its being modified?
Please help.
Solution
Writing a rooktit, are we ?
Anyways, you can use the LIDT/SIDT x86 instructions to directly find and manipulate the IDT. You can also find some information about IDT hooking on some good phrack articles about exactly this subject.
OTHER TIPS
In Linux, the declarations for IRQ-handling functions can be found in include/linux/interrupt.h. Generic handling code can be found in kernel/irq/, and platform specific code under the arch/ directories - take a look at eg, arch/x86/kernel/irq.c and the other irq*.c files in that directory.
You should read the comments in the kernel/irc/*.c files to understand locking rules and mechanisms regarding IRQs in Linux. Note that other OSes can and will have different locking rules. Good luck!
