Hi All,
I am posting this message because i have very little knowledge in the system level. Please help me if you guys have any pointer on this.


1) I want to run two different modules(one in kernel level,other one is user level). My intesnion of running two different modules are to get the notification from user module to kernel module.
2) Using kernel module i would like to modify the InterruptDescriptorTable (IDT) table entries(Any entry which is unused. For example 19-31 are unused).
3) Trigger modified interrupt from the user module and catch that trigger in kernel module...


I am looking for help in modifying the IDT table and firing the interrrupt from the user module.... Please point me if already there is any pointer on this....


Thanks

rijnahts:

Your posts begs for being reminded of our searching requirements. First, is seems somewhat obvious that you have several "ready made" search criteria, and there is nothing in your post which suggests that you have made an attempt to "help yourself" find any of this information.

Have you put entries, such as:

notification user module kernel module

intercept user mode interrupts kernel mode

in your favorite search engine and read anything which you might find?

At the moment, it looks like you want someone else to do even your preliminary research on these topics. If you actually started research on your own, how would we know??

Regards,

rijnahts, what is it you need help with? A search for 'idt hooking' should give you most of what you need to start with, that and the Intel docs (Vol.3A/Ch.5).

It all starts with a driver, so forget about everything else until you've coded a driver skeleton and are able to transfer data through the system IOCTL input and output buffers using DeviceIoControl. Study several source examples from this board, as well as places like rootkit.com. Concentrate on how the driver is constructed and how to properly manage things like memory allocations and string handling.

Then and only then should you worry about what you're going to "do" with your driver. You want to hook the IDT, go ahead. Will you be able to call your new interrupt from usermode? Maybe, you'll have to see.


If you need certain notifications, beyond the basic IOCTL interface, things like APC's, Events, etc. can be used to trigger user mode code for example.

It would help to know how you want to use this new interrupt, if that's what the question deals with.

Kayaker

Thanks for your inforamtion. As you guys suggested i will start looking into them....

Thanks once again.....