[_Lynn]

hello! I am debug (kernel) NtRaiseException because I curious how interrupt stack and IRETQ (amd64) works. This cause issue because when I set breakpoint at NtRaiseException in kernel.. once called from user-mode through the system dispatcher.. system freezes.

I have guess maybe this is because there is no exception handler at this point? Or is something I am do wrongly?

thank you!

[everdox]

hey,

when execution reaches NtRaiseException within the kernel, interrupts are disabled. This means you would need to execute 'sti'. I'm not entirely sure but since windbg uses hardware breakpoints for instruction fetch by default... you might wind up with a double_fault since that type of exception raises a trap prior to execution. This means you would need to write in an int3 manually.

Hope this helps :D