堆栈内存溢出
  简体   繁体   English

我不懂Windows IRQL

[英]I don't understand Windows IRQL

 原文  2014-11-16 04:34:43       windows/ kernel/ driver

问题描述

http://msdn.microsoft.com/en-us/library/windows/hardware/ff553079(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/hardware/ff553079(v=vs.85).aspx

MSDN says KeRaiseIrql(newIrql, &oldIrql) must be called with newIrql which is >= currentIrql . MSDN表示KeRaiseIrql(newIrql, &oldIrql)必须使用newIrql调用,该newIrql > = currentIrql

"If the new IRQL is less than the current IRQL, a bug check occurs." “如果新的IRQL小于当前的IRQL,则会进行错误检查。”

But in below code KeRaiseIrql() works well with newIrql which is < currentIrql . 但是在下面的代码中, KeRaiseIrql()newIrql配合newIrql很好,它是< currentIrql (Also, both loading and unloading this driver worked well.) (此外,加载和卸载此驱动程序都工作良好。)

Is there anyone to explain this? 有谁可以解释吗?

Test Environment: WinXp(32bit, Vmware Player), Win7(32bit, Vmware Player) 测试环境:WinXp(32位,Vmware Player),Win7(32位,Vmware Player) 

#include <ntddk.h>

VOID DriverUnload
(
    IN PDRIVER_OBJECT DriverObject
)
{
    DbgPrint("BYE!\n");
}

NTSTATUS DriverEntry
(
    IN PDRIVER_OBJECT DriverObject,
    IN PUNICODE_STRING RegistryPath
)
{
    KIRQL oldIrql;

    DriverObject->DriverUnload = DriverUnload;

    DbgPrint("Hello!\n");

    KeRaiseIrql(3, &oldIrql);

    DbgPrint("%d\n", KeGetCurrentIrql()); // 3

    KeRaiseIrqlToDpcLevel();

    DbgPrint("%d\n", KeGetCurrentIrql()); // 2

    KeRaiseIrql(1, &oldIrql);

    DbgPrint("%d\n", KeGetCurrentIrql()); // 1

    KeRaiseIrql(0, &oldIrql);

    DbgPrint("%d\n", KeGetCurrentIrql()); // 0

    DbgPrint("Yo!\n");

    return STATUS_SUCCESS;
}

1 个解决方案

解决方案1
 1  2014-11-16 10:37:24

As someone above suggested it depends on the given OS implementation. 如上述建议,这取决于给定的OS实现。 If you have issues like this, the best is to use debugger. 如果遇到这样的问题,最好是使用调试器。

Eg in win xp sp2 release i386 I have: 例如在Win XP SP2版本I386中,我有: 

    hal!KfRaiseIrql:
    806e43b8 0fb6d1          movzx   edx,cl
    806e43bb 0fb68a98436e80  movzx   ecx,byte ptr hal!HalpIRQLtoTPR (806e4398)[edx]
    806e43c2 a18000feff      mov     eax,dword ptr ds:[FFFE0080h]
    806e43c7 890d8000feff    mov     dword ptr ds:[0FFFE0080h],ecx
    806e43cd c1e804          shr     eax,4
    806e43d0 0fb68018f26e80  movzx   eax,byte ptr hal!HalpVectorToIRQL (806ef218)[eax]
    806e43d7 c3              ret

As you can see there's no previous irql checking. 如您所见,以前没有进行irql检查。 If you'd look into wrk sources you would find versions of KfRaiseIrql where it is checked, also keep in mind there is checked and free windows version. 如果您查看wrk的源代码,会发现KfRaiseIrql的版本已被检查,还请记住,这里有已检查和免费的Windows版本。 Most probabbly in checked version you would have bugcheck. 最有可能在检查版本中进行错误检查。

If you want to see bsod on your code, use Driver Verifier :) afair it is checking if raising/lowering irql are used correctly. 如果您想在代码上看到bsod,请使用Driver Verifier :),它正在检查是否正确使用了升高/降低irql。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我不太明白MySql连接的样子 - I don't quite understand how a MySql connection looks like 当IRQL下降时,如何在Windows中触发软件中断? - How are software interrupts triggered in windows when the IRQL drops? pdftk update_info 命令发出我不明白的警告 - pdftk update_info command raising a warning which I don't understand 我不了解调用堆栈中重复的DispatchMessageW的堆栈溢出错误 - I don't understand stack overflow error with repeated DispatchMessageW in the call stack 我不知道如何通过 windows 命令提示符输入 - I don't know how to input through windows command prompt tkinter属性错误-对象没有属性。 我不明白为什么找不到该对象的属性 - tkinter Attribute error - Object has no attribute. I don't understand why it can't find the attribute of this object QtQuickControls,在Windows上不起作用 - QtQuickControls, don't work on Windows 我不明白为什么所有派生的孩子都不能在Perl中使用Parallel :: ForkManager完全同时启动 - I don't understand why all forked children do not start at exactly the same time using Parallel::ForkManager in Perl 仍然不了解C中数字数组的指针 - Still don't understand pointers to an array of numbers in C 创建类Stopwatch Python。 不明白为什么行得通吗? - Creating Class Stopwatch Python. Don't Understand Why it Works?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM