[_Lynn]

Hi, I am currently analyzing how an int3 vector from user mode is dispatched. I have been lucky enough to make my way to the IDT and watch the function that the 3rd 8 byte value points to. Here is my stupid question, the thread that hits the interrupt, is this then the SAME thread that is dispatched through the IDT and starts executing in supervisor mode on said handler function. Is it also the SAME thread for system service dispatching?

I guess I just had this preconceived notion that it's not the same thread that then executes in supervisor mode, but I can't seem to get the thread ID with windbg when breaking at those locations.

Thanks :roll:

[Vrtule]

When a thread executes code in usermode and an interrupt occurs, the thread dispatches it. There is no change of the the thread identity.

The situation is the same in case of system call dispatching. Thread that issued a system call, also dispatches it. Of course, there might be some interactions with another threads, however, I think you ment only the basic principles.