Solved

Tracing an interrupt-based program

Posted on 1998-03-19
6
353 Views
Last Modified: 2010-04-02
I don't know where I should put this question in. I chose here anyway....
Hi, everyone. I have a problem for you concerning a set of
interrupt-based programs.
Its particulars are as follows:
  1. it contains a driver (written in C) which alters a high
     interrupt vector (i.e. driver.exe) and the main code is in here.

  for example:
      int_60h_entry proc near
           :
           :
           call get_string

      int_60h_entry endp

      get_string proc near   <--- this part is where I want to know of.
          :
          :
          ret
      get_string endp
     
           

  2. A calling program (i.e 1.exe) calls the interrupt vector

  for example:
       mov ax, 0ah
       int 60h     <--- the debugger traces over this point
       add sp, 4
       ret

 p.s: there is an interrupt entry point in the driver, in which there are
      cores and guts that I want to know of.

What I would like to do with these programs is:

   Using Turbo Debugger 5.0 to trace into the interrupt, but debugger
   only traces up to the point where it calls the interrupt (e.g. int 60h).
   Then it steps over it.

Do you guys know how to trace into the interrupt?
,from the calling program to the driver?

0
Comment
Question by:whluk
6 Comments
 
LVL 16

Accepted Solution

by:
imladris earned 200 total points
ID: 1257771
Assuming that the interrupt routine is in RAM (as opposed to ROM) which you seem to indicate (the driver is written in C), it should be possible.
What I generally do in such circumstances is to find the entry point of the interrupt handler (by looking at the interrupt vector table if need be), then put a breakpoint early in the interrupt handling code. Depending on your debugger and system, the first one may be a poor choice. Try and look down until registers have been saved, and interrupts reenabled (so that the keyboard will work), and put a breakpoint there.

0
 
LVL 16

Expert Comment

by:imladris
ID: 1257772
P.S. the interrupt vector for int 60h on a PC will be at address:

0:180

Remember that the raw memory contents on Intel process is kind of backward. So if the contents at 0:180 is: DF D0 00 F0, the referenced address for the start of the interrupt routine will be: F000:D0DF

0
 
LVL 16

Expert Comment

by:imladris
ID: 1257773
Sorry, for "Intel process" please read "Intel processors"

0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 1

Expert Comment

by:Nexial
ID: 1257774
If you are running on a 386 or later, find a copy of PDVIM.EXE
which is available on the depositories.   This is a Public
Domain Virtual Machine which when run will execute your program in a protected mode Dos Box and allows full interrupt and hardware tracing.   You can also get a more powerful registered version, but from your description, the PD version should suffice.   (PDVIM is a command line oriented system, and the debug commands are very similar to DOS's debug.)

0
 
LVL 1

Expert Comment

by:focht
ID: 1257775
You can easily step into every software interrupt using Turbo Debugger. Use following procedure:
Step through the program until the cursor (blue line) is at Int 60h (next step would execute the int).
Now press ALT+F10 and you will see a menu popping up.
Choose "Follow" and press ENTER. You will see now the begin of the INT 60h Handler. Set a breakpoint at the beginning (F2) of the handler (same line).
Now simply let the program run and you will see it will stop at the breakpoint in the interrupt handler. You can now trace through the handler ;).


0
 
LVL 2

Expert Comment

by:tdubroff
ID: 1257776
You probably did this and it is unrelated to your question, but remember to put an 'iret' at the end of your interrupt handler (not just a 'ret').
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using unmanaged DLL from managed application 14 294
Adjust Mfcapp 29 171
What's the Difference Between a VI, the Command Prompt and a Shell 7 122
smtp c source code 7 85
Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
The goal of this video is to provide viewers with basic examples to understand opening and reading files in the C programming language.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question