interrupts in when in NT version

Zsolt Rizsanyi rizsanyi at
Sat Oct 26 09:18:42 CDT 2002

I have forgotten to cc this discussion to wine-devel. But who is interested 
can catch up from this mail.

On Saturday 26 October 2002 14:07, Eric Pouech wrote:
> > > > Could somebody answer/test if calling interrupt int 0x01 is allowed
> > > > from a win32 program in WinNT environment? I would pretty like to
> > > > know that!
> > >
> > > I don't think it is
> >
> > Should I write then a patch, which would deny calling of int 0x01 from
> > win32 code when winver is NT?
> > Would that be applied?
> the rule of thumb is: if there's a program which depends on this to be
> implemented, then yes patch will be applied
> otherwise, leave it as it is

Tough all safedisc programs depend on this, I have decided not to make an 
official patch. The reason is that additional info is needed for a proper 
fix. Safedisc depends on that EXCEPTION_ACCESS_VIOLATION is returned on an 
int 0x01 call. But it should be checked what exceptions are raised on 
different windows versions when int 0x01 is called. And maybe the same should 
be done with other interrupts.
It would be good if somebody could make that test program. Else I will keep 
the non proper fix.

> > > it was allowed on Win9x, and is used in this context IIRC as a ring 3
> > > to ring 0 transition code (how to create a cheap call gate)
> >
> > How good it would be if I could understand what you are speaking about :(
> > But could you explain what a call gate is?
> > If it is too long, then dont bother tough...
> I'll try to make it short
> context:
> - i386 have 4 levels of privilege => ring 3 (less privilege) up to ring
> 0
> - certain operations are only allowed at ring 0 (or 1)
> - user code runs in ring 3
> - kernel code runs in ring 0 (to be exact, NT had been designed to have
> kernel in ring 0, and device drivers in ring 1, but this has been
> altered - some drivers run in ring 0 too)
> - you can always call into a less priviledged level (ring 0 => ring 3
> for example)
> - the other way around requires what is known as call gates (ring 0 for
> example defines the "entry points" in some way)
> - most of the interrupt handlers run in ring 0
> what the safedisc code was doing was:
> 0/ code is running in ring 3
> 1/ install an interrupt handler for division by zero (IIRC)
> 2/ trigger the division
> 3/ have the interrupt handler called, but this is done in ring 0, even
> if the code has been loaded from a user space program. here, in the
> interrupt handler, you can do any ring 0 operation you want
> that's why I called it a cheap call gate (no real call gate has been
> installed, and the code run in ring 0 isn't decided by the kernel but
> the app)
> NT doesn't allow this to run. step 1 is not allowed (only the kernel can
> decide to change an interrupt handler, which makes lots of sense)

Thanks for the detailed explanation.

And for completeness I will include here the explanation of Laurent Pinchart 
why a safedisc program calls int 0x01 :
> - the last attempt to detect a debugger uses int 0x01 (enter SMM/ICE mode),
> which checks if an external hardware emulator is connected to the
> processor. I haven't been able to understand what the code is supposed to
> do.


More information about the wine-devel mailing list