User and Reference Guide

  • 2020
  • 07/29/2020
  • Public Content
Contents

Dumping the Interrupt Descriptor Table (IDT)

To dump the Interrupt Descriptor Table (IDT), follow the steps below:
  1. Launch the debugging session and open the ISD Shell.
  2. Define the function for searching a named register in a register list:
    def _get_reg(search_list, name): for reg in search_list: if reg.name == name: return reg # Try the children list (registers in a group) elif reg.children != None and len(reg.children): ret = _get_reg(reg.children, name) if ret != None: return ret return None
  3. Define the function for reading a register with a given name from a thread:
    def read_reg(thread, regname): reg = _get_reg(thread.registers.list(), regname) assert reg != None return reg.get()[1]
  4. Define the function for getting the IDT of a thread as an array of dictionaries:
    def get_idt(thread): # Get the IDT base address idtbas = read_reg(thread, "idtbas") desc_count = 255 # Number of IDT descriptors desc_size = 16 # Size of an IDT descriptor result = [] # Byte offsets in the IDT Descriptor of the offset offset = [0, 1, 6, 7, 8, 9, 10, 11] # Read the whole memory region for the descriptors raw = thread.memory.read(idtbas, desc_count * desc_size) for i in range(desc_count): addr = 0 # Get the raw bytes of the descriptor at index "i" raw_desc = raw[i * desc_size:(i + 1) * desc_size] # Go through all the bytes of the handler address for byte_idx in range(8): # Get one byte from the raw memory buffer raw_byte = raw_desc[offset[byte_idx]] # Pump that byte in the computation of the address addr += raw_byte << (byte_idx * 8) # Populate the entry for the result result.append({}) result[i]["address"] = hex(addr) # The Interrupt Stack Table (IST) offset is in the 4th byte result[i]["IST"] = raw_desc[4] # Get the attributes from the 5th bytes of the descriptor attr = raw_desc[5] result[i]["P"] = (attr & (1 << 7)) >> 7 result[i]["DPL"] = (attr & (3 << 5)) >> 5 # 2 bits result[i]["S"] = (attr & (1 << 4)) >> 4 return result

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804