windows 中断处理学习笔记

学习计算机原理和操作系统课程之后，希望能对一个目前流行的操作系统有一些更深层的了解，正好认识一位朋友在做这方面的研究，在他的指点下，我希望通过windbg强大的调试功能，结合书本学到的知识，对windows(Windows 7 Kernel Version 7601 (Service Pack 1) MP (1 procs) Free x64)有一些了解。

鉴于本人对操作系统的认识有限，如有错误请批评指正。

一、中断处理程序

在计算机科学中，中断（英语：Interrupt）是指处理器接收到来自硬件或软件的信号，提示发生了某个事件，应该被注意，这种情况就称为中断。

通常，在接收到来自外围硬件（相对于中央处理器和内存）的异步信号，或来自软件的同步信号之后，处理器将会进行相应的硬件／软件处理。发出这样的信号称为进行中断请求（interrupt request，IRQ）。硬件中断导致处理器通过一个运行信息切换（context switch）来保存执行状态（以程序计数器和程序状态字等寄存器信息为主）；软件中断则通常作为CPU指令集中的一个指令，以可编程的方式直接指示这种运行信息切换，并将处理导向一段中断处理代码。中断在计算机多任务处理，尤其是即时系统中尤为有用。这样的系统，包括运行于其上的操作系统，也被称为“中断驱动的”（interrupt-driven）。（以上来自维基百科https://zh.wikipedia.org/wiki/%E4%B8%AD%E6%96%B7）。

处理中断是比较复杂的任务，硬件很难完成，目前来说都是由操作系统完成的。大致过程如下：

1.CPU接受到中断，原本执行的任务暂停执行

2.操作通过IDT（中断描述符表）找到对应的中断处理程序

3.调用中断处理程序

4.回到原来执行的任务或者结束原来的进程

 上面这个过程是极其不详细，不严谨的。实际的过程我们通过单步windows的中断处理程序来研究。

二、如何调试windows内核

windows调试内核态程序需要使用windbg通过串口进行双机调试(详细配置方法网上很多，不做过多的赘述)。为了方便操作，使用VM装了虚拟机，虚拟机的版本信息如下：

kd> version
Windows 7 Kernel Version 7601 (Service Pack 1) MP (1 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`03e65000 PsLoadedModuleList = 0xfffff800`040aae90
Debug session time: Sat Mar 26 21:58:18.916 2016 (UTC + 8:00)
System Uptime: 0 days 0:03:38.460
Remote KD: KdSrv:Server=@{<Local>},Trans=@{COM:Port=\.pipekd_win7,Baud=19200,Pipe,Timeout=4000}

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

command line: '"C:Program FilesDebugging Tools for Windows (x64)windbg.exe" -b -k com:pipe,resets=0,reconnect,port=\.pipekd_win7' Debugger Process 0x1C1C
dbgeng: image 6.12.0002.633, built Tue Feb 02 04:15:54 2010
[path: C:Program FilesDebugging Tools for Windows (x64)dbgeng.dll]
dbghelp: image 6.12.0002.633, built Tue Feb 02 04:15:44 2010
[path: C:Program FilesDebugging Tools for Windows (x64)dbghelp.dll]
DIA version: 20921
Extension DLL search Path:
C:Program FilesDebugging Tools for Windows (x64)WINXP;C:Program FilesDebugging Tools for Windows (x64)winext;C:Program FilesDebugging Tools for Windows (x64)winextarcade;C:Program FilesDebugging Tools for Windows (x64)pri;C:Program FilesDebugging Tools for Windows (x64);C:Program FilesDebugging Tools for Windows (x64)winextarcade;C:Program Files (x86)AMD APPinx86_64;C:Program Files (x86)AMD APPinx86;C:windowssystem32;C:windows;C:windowsSystem32Wbem;C:windowsSystem32WindowsPowerShellv1.0;C:Program Files (x86)IntelOpenCL SDK2.0inx86;C:Program Files (x86)IntelOpenCL SDK2.0inx64;C:Program Files (x86)ATI TechnologiesATI.ACECore-Static;c:Program Files (x86)QuickTimeQTSystem;C:Program FilesMicrosoft SQL Server120ToolsBinn;C:Program Files (x86)Windows Kits10Windows Performance Toolkit;C:Program Files (x86)Microsoft SQL Server80ToolsBinn;C:Program Files (x86)Microsoft SQL Server90DTSBinn;C:Program Files (x86)Microsoft SQL Server90Toolsinn;C:Program Files (x86)Microsoft SQL Server90ToolsBinnVSShellCommon7IDE;C:Program Files (x86)Microsoft Visual Studio 8Common7IDEPrivateAssemblies;C:Program FilesMicrosoft SQL Server110ToolsBinn;C:Program Files (x86)Microsoft SDKsTypeScript1.0;;C:Program FilesJavajdk1.8.0_66in;C:Program FilesJavajdk1.8.0_66jrein;C:Symbols
Extension DLL chain:
dbghelp: image 6.12.0002.633, API 6.1.6, built Tue Feb 02 04:15:44 2010
[path: C:Program FilesDebugging Tools for Windows (x64)dbghelp.dll]
ext: image 6.12.0002.633, API 1.0.0, built Tue Feb 02 04:15:46 2010
[path: C:Program FilesDebugging Tools for Windows (x64)winextext.dll]
exts: image 6.12.0002.633, API 1.0.0, built Tue Feb 02 04:15:38 2010
[path: C:Program FilesDebugging Tools for Windows (x64)WINXPexts.dll]
kext: image 6.12.0002.633, API 1.0.0, built Tue Feb 02 04:15:36 2010
[path: C:Program FilesDebugging Tools for Windows (x64)winextkext.dll]
kdexts: image 6.1.7650.0, API 1.0.0, built Tue Feb 02 04:15:29 2010
[path: C:Program FilesDebugging Tools for Windows (x64)WINXPkdexts.dll]

目前我也不能明白以上所有内容的意思，暂时将问题搁置。

 三、单步KiApicInterrupt：

由于刚刚起步，我并不清楚怎样完成这项工作。通过浏览windows internels和朋友的指点，在windbg通过!idt -a指令可以得到中断描述符表，内容如下：

Dumping IDT:

00: fffff80003ee23c0 nt!KiDivideErrorFault
01: fffff80003ee24c0 nt!KiDebugTrapOrFault
02: fffff80003ee2680 nt!KiNmiInterrupt Stack = 0xFFFFF80000BA7000

03: fffff80003ee2a00 nt!KiBreakpointTrap
04: fffff80003ee2b00 nt!KiOverflowTrap
05: fffff80003ee2c00 nt!KiBoundFault
06: fffff80003ee2d00 nt!KiInvalidOpcodeFault
07: fffff80003ee2f40 nt!KiNpxNotAvailableFault
08: fffff80003ee3000 nt!KiDoubleFaultAbort Stack = 0xFFFFF80000BA5000

09: fffff80003ee30c0 nt!KiNpxSegmentOverrunAbort
0a: fffff80003ee3180 nt!KiInvalidTssFault
0b: fffff80003ee3240 nt!KiSegmentNotPresentFault
0c: fffff80003ee3380 nt!KiStackFault
0d: fffff80003ee34c0 nt!KiGeneralProtectionFault
0e: fffff80003ee3600 nt!KiPageFault
0f: fffff800040120f0 nt!KxUnexpectedInterrupt0+0xF0
10: fffff80003ee39c0 nt!KiFloatingErrorFault
11: fffff80003ee3b40 nt!KiAlignmentFault
12: fffff80003ee3c40 nt!KiMcheckAbort Stack = 0xFFFFF80000BA9000

13: fffff80003ee3fc0 nt!KiXmmException
14: fffff80004012140 nt!KxUnexpectedInterrupt0+0x140
15: fffff80004012150 nt!KxUnexpectedInterrupt0+0x150
16: fffff80004012160 nt!KxUnexpectedInterrupt0+0x160
17: fffff80004012170 nt!KxUnexpectedInterrupt0+0x170
18: fffff80004012180 nt!KxUnexpectedInterrupt0+0x180
19: fffff80004012190 nt!KxUnexpectedInterrupt0+0x190
1a: fffff800040121a0 nt!KxUnexpectedInterrupt0+0x1A0
1b: fffff800040121b0 nt!KxUnexpectedInterrupt0+0x1B0
1c: fffff800040121c0 nt!KxUnexpectedInterrupt0+0x1C0
1d: fffff800040121d0 nt!KxUnexpectedInterrupt0+0x1D0
1e: fffff800040121e0 nt!KxUnexpectedInterrupt0+0x1E0
1f: fffff80003ed8ed0 nt!KiApcInterrupt
20: fffff80004012200 nt!KxUnexpectedInterrupt0+0x200
21: fffff80004012210 nt!KxUnexpectedInterrupt0+0x210
22: fffff80004012220 nt!KxUnexpectedInterrupt0+0x220
23: fffff80004012230 nt!KxUnexpectedInterrupt0+0x230
24: fffff80004012240 nt!KxUnexpectedInterrupt0+0x240
25: fffff80004012250 nt!KxUnexpectedInterrupt0+0x250
26: fffff80004012260 nt!KxUnexpectedInterrupt0+0x260
27: fffff80004012270 nt!KxUnexpectedInterrupt0+0x270
28: fffff80004012280 nt!KxUnexpectedInterrupt0+0x280
29: fffff80004012290 nt!KxUnexpectedInterrupt0+0x290
2a: fffff800040122a0 nt!KxUnexpectedInterrupt0+0x2A0
2b: fffff800040122b0 nt!KxUnexpectedInterrupt0+0x2B0
2c: fffff80003ee4180 nt!KiRaiseAssertion
2d: fffff80003ee4280 nt!KiDebugServiceTrap
2e: fffff800040122e0 nt!KxUnexpectedInterrupt0+0x2E0
2f: fffff80003f31250 nt!KiDpcInterrupt
30: fffff80004012300 nt!KxUnexpectedInterrupt0+0x300
31: fffff80004012310 nt!KxUnexpectedInterrupt0+0x310
32: fffff80004012320 nt!KxUnexpectedInterrupt0+0x320
33: fffff80004012330 nt!KxUnexpectedInterrupt0+0x330
34: fffff80004012340 nt!KxUnexpectedInterrupt0+0x340
35: fffff80004012350 nt!KxUnexpectedInterrupt0+0x350
36: fffff80004012360 nt!KxUnexpectedInterrupt0+0x360
37: fffff80003e4c090 fffff80003e1d2bc (KINTERRUPT fffff80003e4c000)
38: fffff80004012380 nt!KxUnexpectedInterrupt0+0x380
39: fffff80004012390 nt!KxUnexpectedInterrupt0+0x390
3a: fffff800040123a0 nt!KxUnexpectedInterrupt0+0x3A0
3b: fffff800040123b0 nt!KxUnexpectedInterrupt0+0x3B0
3c: fffff800040123c0 nt!KxUnexpectedInterrupt0+0x3C0
3d: fffff800040123d0 nt!KxUnexpectedInterrupt0+0x3D0
3e: fffff800040123e0 nt!KxUnexpectedInterrupt0+0x3E0
3f: fffff80003e4c130 fffff80003e1d2bc (KINTERRUPT fffff80003e4c0a0)
40: fffff80004012400 nt!KxUnexpectedInterrupt0+0x400
41: fffff80004012410 nt!KxUnexpectedInterrupt0+0x410
42: fffff80004012420 nt!KxUnexpectedInterrupt0+0x420
43: fffff80004012430 nt!KxUnexpectedInterrupt0+0x430
44: fffff80004012440 nt!KxUnexpectedInterrupt0+0x440
45: fffff80004012450 nt!KxUnexpectedInterrupt0+0x450
46: fffff80004012460 nt!KxUnexpectedInterrupt0+0x460
47: fffff80004012470 nt!KxUnexpectedInterrupt0+0x470
48: fffff80004012480 nt!KxUnexpectedInterrupt0+0x480
49: fffff80004012490 nt!KxUnexpectedInterrupt0+0x490
4a: fffff800040124a0 nt!KxUnexpectedInterrupt0+0x4A0
4b: fffff800040124b0 nt!KxUnexpectedInterrupt0+0x4B0
4c: fffff800040124c0 nt!KxUnexpectedInterrupt0+0x4C0
4d: fffff800040124d0 nt!KxUnexpectedInterrupt0+0x4D0
4e: fffff800040124e0 nt!KxUnexpectedInterrupt0+0x4E0
4f: fffff800040124f0 nt!KxUnexpectedInterrupt0+0x4F0
50: fffff80003e4c270 fffff80003e2348c (KINTERRUPT fffff80003e4c1e0)
51: fffffa8002601a50 fffff8800537fb88 (KINTERRUPT fffffa80026019c0)
52: fffffa80023c4810 fffff80003eaad70 (KINTERRUPT fffffa80023c4780)
53: fffffa80023c42d0 fffff80003eaad70 (KINTERRUPT fffffa80023c4240)
54: fffffa80025a1d50 fffff80003eaad70 (KINTERRUPT fffffa80025a1cc0)
55: fffffa80025a1810 fffff80003eaad70 (KINTERRUPT fffffa80025a1780)
56: fffffa8002601750 fffff88005726344 (KINTERRUPT fffffa80026016c0)
57: fffff80004012570 nt!KxUnexpectedInterrupt0+0x570
58: fffff80004012580 nt!KxUnexpectedInterrupt0+0x580
59: fffff80004012590 nt!KxUnexpectedInterrupt0+0x590
5a: fffff800040125a0 nt!KxUnexpectedInterrupt0+0x5A0
5b: fffff800040125b0 nt!KxUnexpectedInterrupt0+0x5B0
5c: fffff800040125c0 nt!KxUnexpectedInterrupt0+0x5C0
5d: fffff800040125d0 nt!KxUnexpectedInterrupt0+0x5D0
5e: fffff800040125e0 nt!KxUnexpectedInterrupt0+0x5E0
5f: fffff800040125f0 nt!KxUnexpectedInterrupt0+0x5F0
60: fffffa80023c4bd0 fffff80003eaad70 (KINTERRUPT fffffa80023c4b40)
61: fffff80004012610 nt!KxUnexpectedInterrupt0+0x610
62: fffffa80023c48d0 fffff80003eaad70 (KINTERRUPT fffffa80023c4840)
63: fffffa80023c4390 fffff80003eaad70 (KINTERRUPT fffffa80023c4300)
64: fffffa80025a1e10 fffff80003eaad70 (KINTERRUPT fffffa80025a1d80)
65: fffffa80025a18d0 fffff80003eaad70 (KINTERRUPT fffffa80025a1840)
66: fffffa80025a12d0 fffff880010c7b4c (KINTERRUPT fffffa80025a1240)
fffff880010c7b4c (KINTERRUPT fffffa80025a1180)
fffff880010c7b4c (KINTERRUPT fffffa80025a10c0)
fffff880010c7b4c (KINTERRUPT fffffa80025a1000)
fffff880010c7b4c (KINTERRUPT fffffa8002602f00)
fffff880010c7b4c (KINTERRUPT fffffa8002602e40)
fffff880010c7b4c (KINTERRUPT fffffa8002602d80)
fffff880010c7b4c (KINTERRUPT fffffa8002602cc0)
fffff880010c7b4c (KINTERRUPT fffffa8002602c00)
fffff880010c7b4c (KINTERRUPT fffffa8002602b40)
fffff880010c7b4c (KINTERRUPT fffffa8002602a80)
fffff880010c7b4c (KINTERRUPT fffffa80026029c0)
fffff880010c7b4c (KINTERRUPT fffffa8002602900)
fffff880010c7b4c (KINTERRUPT fffffa8002602840)
fffff880010c7b4c (KINTERRUPT fffffa8002602780)
fffff880010c7b4c (KINTERRUPT fffffa80026026c0)
fffff880010c7b4c (KINTERRUPT fffffa8002602600)
fffff880010c7b4c (KINTERRUPT fffffa8002602540)
fffff880010c7b4c (KINTERRUPT fffffa8002602480)
fffff880010c7b4c (KINTERRUPT fffffa80026023c0)
fffff880010c7b4c (KINTERRUPT fffffa8002602300)
fffff880010c7b4c (KINTERRUPT fffffa8002602240)
fffff880010c7b4c (KINTERRUPT fffffa8002602180)
fffff880010c7b4c (KINTERRUPT fffffa80026020c0)
fffff880010c7b4c (KINTERRUPT fffffa8002602000)
fffff880010c7b4c (KINTERRUPT fffffa8002601f00)
fffff880010c7b4c (KINTERRUPT fffffa8002601e40)
fffff880010c7b4c (KINTERRUPT fffffa8002601d80)
fffff880010c7b4c (KINTERRUPT fffffa8002601cc0)
fffff880010c7b4c (KINTERRUPT fffffa8002601c00)
fffff88001488c90 (KINTERRUPT fffffa8002601780)
67: fffff80004012670 nt!KxUnexpectedInterrupt0+0x670
68: fffff80004012680 nt!KxUnexpectedInterrupt0+0x680
69: fffff80004012690 nt!KxUnexpectedInterrupt0+0x690
6a: fffff800040126a0 nt!KxUnexpectedInterrupt0+0x6A0
6b: fffff800040126b0 nt!KxUnexpectedInterrupt0+0x6B0
6c: fffff800040126c0 nt!KxUnexpectedInterrupt0+0x6C0
6d: fffff800040126d0 nt!KxUnexpectedInterrupt0+0x6D0
6e: fffff800040126e0 nt!KxUnexpectedInterrupt0+0x6E0
6f: fffff800040126f0 nt!KxUnexpectedInterrupt0+0x6F0
70: fffffa80023c4c90 fffff80003eaad70 (KINTERRUPT fffffa80023c4c00)
71: fffffa8002601b10 fffff88004de8a70 (KINTERRUPT fffffa8002601a80)
72: fffffa80023c4990 fffff80003eaad70 (KINTERRUPT fffffa80023c4900)
73: fffffa80023c4450 fffff80003eaad70 (KINTERRUPT fffffa80023c43c0)
74: fffffa80025a1ed0 fffff80003eaad70 (KINTERRUPT fffffa80025a1e40)
75: fffffa80025a1990 fffff80003eaad70 (KINTERRUPT fffffa80025a1900)
76: fffffa80025a1390 fffff80003eaad70 (KINTERRUPT fffffa80025a1300)
77: fffff80004012770 nt!KxUnexpectedInterrupt0+0x770
78: fffff80004012780 nt!KxUnexpectedInterrupt0+0x780
79: fffff80004012790 nt!KxUnexpectedInterrupt0+0x790
7a: fffff800040127a0 nt!KxUnexpectedInterrupt0+0x7A0
7b: fffff800040127b0 nt!KxUnexpectedInterrupt0+0x7B0
7c: fffff800040127c0 nt!KxUnexpectedInterrupt0+0x7C0
7d: fffff800040127d0 nt!KxUnexpectedInterrupt0+0x7D0
7e: fffff800040127e0 nt!KxUnexpectedInterrupt0+0x7E0
7f: fffff800040127f0 nt!KxUnexpectedInterrupt0+0x7F0
80: fffffa80023c4d50 fffff80003eaad70 (KINTERRUPT fffffa80023c4cc0)
81: fffffa8002601bd0 fffff88004de2a04 (KINTERRUPT fffffa8002601b40)
82: fffffa80023c4a50 fffff80003eaad70 (KINTERRUPT fffffa80023c49c0)
83: fffffa80023c4510 fffff80003eaad70 (KINTERRUPT fffffa80023c4480)
84: fffffa80025a1f90 fffff80003eaad70 (KINTERRUPT fffffa80025a1f00)
85: fffffa80025a1a50 fffff80003eaad70 (KINTERRUPT fffffa80025a19c0)
86: fffffa80025a15d0 fffff80003eaad70 (KINTERRUPT fffffa80025a1540)
87: fffff80004012870 nt!KxUnexpectedInterrupt0+0x870
88: fffff80004012880 nt!KxUnexpectedInterrupt0+0x880
89: fffff80004012890 nt!KxUnexpectedInterrupt0+0x890
8a: fffff800040128a0 nt!KxUnexpectedInterrupt0+0x8A0
8b: fffff800040128b0 nt!KxUnexpectedInterrupt0+0x8B0
8c: fffff800040128c0 nt!KxUnexpectedInterrupt0+0x8C0
8d: fffff800040128d0 nt!KxUnexpectedInterrupt0+0x8D0
8e: fffff800040128e0 nt!KxUnexpectedInterrupt0+0x8E0
8f: fffff800040128f0 nt!KxUnexpectedInterrupt0+0x8F0
90: fffffa80023c4e10 fffff80003eaad70 (KINTERRUPT fffffa80023c4d80)
91: fffff80004012910 nt!KxUnexpectedInterrupt0+0x910
92: fffffa80023c4b10 fffff80003eaad70 (KINTERRUPT fffffa80023c4a80)
93: fffffa80023c45d0 fffff80003eaad70 (KINTERRUPT fffffa80023c4540)
94: fffffa80023c4090 fffff80003eaad70 (KINTERRUPT fffffa80023c4000)
95: fffffa80025a1b10 fffff80003eaad70 (KINTERRUPT fffffa80025a1a80)
96: fffffa80025a1690 fffff80003eaad70 (KINTERRUPT fffffa80025a1600)
97: fffff80004012970 nt!KxUnexpectedInterrupt0+0x970
98: fffff80004012980 nt!KxUnexpectedInterrupt0+0x980
99: fffff80004012990 nt!KxUnexpectedInterrupt0+0x990
9a: fffff800040129a0 nt!KxUnexpectedInterrupt0+0x9A0
9b: fffff800040129b0 nt!KxUnexpectedInterrupt0+0x9B0
9c: fffff800040129c0 nt!KxUnexpectedInterrupt0+0x9C0
9d: fffff800040129d0 nt!KxUnexpectedInterrupt0+0x9D0
9e: fffff800040129e0 nt!KxUnexpectedInterrupt0+0x9E0
9f: fffff800040129f0 nt!KxUnexpectedInterrupt0+0x9F0
a0: fffffa80023c4ed0 fffff80003eaad70 (KINTERRUPT fffffa80023c4e40)
a1: fffff80004012a10 nt!KxUnexpectedInterrupt0+0xA10
a2: fffff80004012a20 nt!KxUnexpectedInterrupt0+0xA20
a3: fffffa80023c4690 fffff80003eaad70 (KINTERRUPT fffffa80023c4600)
a4: fffffa80023c4150 fffff80003eaad70 (KINTERRUPT fffffa80023c40c0)
a5: fffffa80025a1bd0 fffff80003eaad70 (KINTERRUPT fffffa80025a1b40)
a6: fffffa80025a1450 fffff880010c7b4c (KINTERRUPT fffffa80025a13c0)
a7: fffffa80026018d0 fffff88005726344 (KINTERRUPT fffffa8002601840)
a8: fffff80004012a80 nt!KxUnexpectedInterrupt0+0xA80
a9: fffff80004012a90 nt!KxUnexpectedInterrupt0+0xA90
aa: fffff80004012aa0 nt!KxUnexpectedInterrupt0+0xAA0
ab: fffff80004012ab0 nt!KxUnexpectedInterrupt0+0xAB0
ac: fffff80004012ac0 nt!KxUnexpectedInterrupt0+0xAC0
ad: fffff80004012ad0 nt!KxUnexpectedInterrupt0+0xAD0
ae: fffff80004012ae0 nt!KxUnexpectedInterrupt0+0xAE0
af: fffff80004012af0 nt!KxUnexpectedInterrupt0+0xAF0
b0: fffffa80025a1750 fffff80003eaad70 (KINTERRUPT fffffa80025a16c0)
b1: fffffa80023c4f90 fffff88000fa29c8 (KINTERRUPT fffffa80023c4f00)
b2: fffffa8002601990 fffff8800537fb88 (KINTERRUPT fffffa8002601900)
b3: fffffa80023c4750 fffff80003eaad70 (KINTERRUPT fffffa80023c46c0)
b4: fffffa80023c4210 fffff80003eaad70 (KINTERRUPT fffffa80023c4180)
b5: fffffa80025a1c90 fffff80003eaad70 (KINTERRUPT fffffa80025a1c00)
b6: fffffa80025a1510 fffff880010c7b4c (KINTERRUPT fffffa80025a1480)
b7: fffffa8002601690 fffff88005776f20 (KINTERRUPT fffffa8002601600)
fffff880050885d4 (KINTERRUPT fffffa8002601540)
b8: fffff80004012b80 nt!KxUnexpectedInterrupt0+0xB80
b9: fffff80004012b90 nt!KxUnexpectedInterrupt0+0xB90
ba: fffff80004012ba0 nt!KxUnexpectedInterrupt0+0xBA0
bb: fffff80004012bb0 nt!KxUnexpectedInterrupt0+0xBB0
bc: fffff80004012bc0 nt!KxUnexpectedInterrupt0+0xBC0
bd: fffff80004012bd0 nt!KxUnexpectedInterrupt0+0xBD0
be: fffff80004012be0 nt!KxUnexpectedInterrupt0+0xBE0
bf: fffff80004012bf0 nt!KxUnexpectedInterrupt0+0xBF0
c0: fffff80004012c00 nt!KxUnexpectedInterrupt0+0xC00
c1: fffff80003e4c450 fffff80003e23388 (KINTERRUPT fffff80003e4c3c0)
c2: fffff80004012c20 nt!KxUnexpectedInterrupt0+0xC20
c3: fffff80004012c30 nt!KxUnexpectedInterrupt0+0xC30
c4: fffff80004012c40 nt!KxUnexpectedInterrupt0+0xC40
c5: fffff80004012c50 nt!KxUnexpectedInterrupt0+0xC50
c6: fffff80004012c60 nt!KxUnexpectedInterrupt0+0xC60
c7: fffff80004012c70 nt!KxUnexpectedInterrupt0+0xC70
c8: fffff80004012c80 nt!KxUnexpectedInterrupt0+0xC80
c9: fffff80004012c90 nt!KxUnexpectedInterrupt0+0xC90
ca: fffff80004012ca0 nt!KxUnexpectedInterrupt0+0xCA0
cb: fffff80004012cb0 nt!KxUnexpectedInterrupt0+0xCB0
cc: fffff80004012cc0 nt!KxUnexpectedInterrupt0+0xCC0
cd: fffff80004012cd0 nt!KxUnexpectedInterrupt0+0xCD0
ce: fffff80004012ce0 nt!KxUnexpectedInterrupt0+0xCE0
cf: fffff80004012cf0 nt!KxUnexpectedInterrupt0+0xCF0
d0: fffff80004012d00 nt!KxUnexpectedInterrupt0+0xD00
d1: fffff80003e4c4f0 fffff80003e26808 (KINTERRUPT fffff80003e4c460)
d2: fffff80003e4c590 fffff80003e268a4 (KINTERRUPT fffff80003e4c500)
d3: fffff80004012d30 nt!KxUnexpectedInterrupt0+0xD30
d4: fffff80004012d40 nt!KxUnexpectedInterrupt0+0xD40
d5: fffff80004012d50 nt!KxUnexpectedInterrupt0+0xD50
d6: fffff80004012d60 nt!KxUnexpectedInterrupt0+0xD60
d7: fffff80004012d70 nt!KxUnexpectedInterrupt0+0xD70
d8: fffff80004012d80 nt!KxUnexpectedInterrupt0+0xD80
d9: fffff80004012d90 nt!KxUnexpectedInterrupt0+0xD90
da: fffff80004012da0 nt!KxUnexpectedInterrupt0+0xDA0
db: fffff80004012db0 nt!KxUnexpectedInterrupt0+0xDB0
dc: fffff80004012dc0 nt!KxUnexpectedInterrupt0+0xDC0
dd: fffff80004012dd0 nt!KxUnexpectedInterrupt0+0xDD0
de: fffff80004012de0 nt!KxUnexpectedInterrupt0+0xDE0
df: fffff80003e4c3b0 fffff80003e23328 (KINTERRUPT fffff80003e4c320)
e0: fffff80004012e00 nt!KxUnexpectedInterrupt0+0xE00
e1: fffff80003ef0170 nt!KiIpiInterrupt
e2: fffff80003e4c310 fffff80003e22818 (KINTERRUPT fffff80003e4c280)
e3: fffff80003e4c1d0 fffff80003e233f8 (KINTERRUPT fffff80003e4c140)
e4: fffff80004012e40 nt!KxUnexpectedInterrupt0+0xE40
e5: fffff80004012e50 nt!KxUnexpectedInterrupt0+0xE50
e6: fffff80004012e60 nt!KxUnexpectedInterrupt0+0xE60
e7: fffff80004012e70 nt!KxUnexpectedInterrupt0+0xE70
e8: fffff80004012e80 nt!KxUnexpectedInterrupt0+0xE80
e9: fffff80004012e90 nt!KxUnexpectedInterrupt0+0xE90
ea: fffff80004012ea0 nt!KxUnexpectedInterrupt0+0xEA0
eb: fffff80004012eb0 nt!KxUnexpectedInterrupt0+0xEB0
ec: fffff80004012ec0 nt!KxUnexpectedInterrupt0+0xEC0
ed: fffff80004012ed0 nt!KxUnexpectedInterrupt0+0xED0
ee: fffff80004012ee0 nt!KxUnexpectedInterrupt0+0xEE0
ef: fffff80004012ef0 nt!KxUnexpectedInterrupt0+0xEF0
f0: fffff80004012f00 nt!KxUnexpectedInterrupt0+0xF00
f1: fffff80004012f10 nt!KxUnexpectedInterrupt0+0xF10
f2: fffff80004012f20 nt!KxUnexpectedInterrupt0+0xF20
f3: fffff80004012f30 nt!KxUnexpectedInterrupt0+0xF30
f4: fffff80004012f40 nt!KxUnexpectedInterrupt0+0xF40
f5: fffff80004012f50 nt!KxUnexpectedInterrupt0+0xF50
f6: fffff80004012f60 nt!KxUnexpectedInterrupt0+0xF60
f7: fffff80004012f70 nt!KxUnexpectedInterrupt0+0xF70
f8: fffff80004012f80 nt!KxUnexpectedInterrupt0+0xF80
f9: fffff80004012f90 nt!KxUnexpectedInterrupt0+0xF90
fa: fffff80004012fa0 nt!KxUnexpectedInterrupt0+0xFA0
fb: fffff80004012fb0 nt!KxUnexpectedInterrupt0+0xFB0
fc: fffff80004012fc0 nt!KxUnexpectedInterrupt0+0xFC0
fd: fffff80003e4c630 fffff80003e235d0 (KINTERRUPT fffff80003e4c5a0)
fe: fffff80003e4c6d0 fffff80003e23614 (KINTERRUPT fffff80003e4c640)
ff: 0000000000000000

x64和x86一样，也是同样支持0xff个中断（严格来说不只是中断）信号，上述表格正好有0xff项。让我比较困惑的是有些项有两个地址，目前暂时将问题搁置。然后通过bp KiApcInterrupt！指令在该函数入口地址设置断点，这样我们就成功的单步进来了。

四、对KiApcInterrupt函数机制的猜测（待续）