HyperPlatform
HyperPlatform copied to clipboard
tandasat
How to intercept software interrupts?
I would like to intercept software interrupts, such as the one issued when a APC is queued on a thread (0x1F). Despite my best efforts, I did not find a way to do this yet.
Description
As above
Expected behavior
VM-Exit on software interrupt
Actual behavior
N/A
Steps to reproduce the problem
Queue an APC, it will not be intercepted
Specifications
-
OS version: Windows 10 19042 (20H2)
-
Architecture: x64
-
Hardware: Physical/VMWare
Good question. IIUC, APC is triggered through local interrupts by lowering the task priority register (TRR), which is not covered by exceptions bitmap or acknowledging external interrupt.
I do not have a clear answer but you may want to look into and play with the "TPR threshold", which allows you to receive VM-exit when the TRR (CR8) is set to below the specified value. My current thinking is that you can set the TPR threshold to zero, so that you have an opportunity to inspect pending local interrupts in the local APIC and/or OS specific structures to manage APCs, when OS lowers CR8 to zero for APC delivery.
Good question. IIUC, APC is triggered through local interrupts by lowering the task priority register (TRR), which is not covered by exceptions bitmap or acknowledging external interrupt.
I do not have a clear answer but you may want to look into and play with the "TPR threshold", which allows you to receive VM-exit when the TRR (CR8) is set to below the specified value. My current thinking is that you can set the TPR threshold to zero, so that you have an opportunity to inspect pending local interrupts in the local APIC and/or OS specific structures to manage APCs, when OS lowers CR8 to zero for APC delivery.
Thank you for the information, I will investigate and report back.