nt!KiTrap00 question

Paul_Sanders · September 15, 2014, 2:29pm

Please consider this to be a low priority question, but it’s one that has bugged me for a while. I searched (quickly) and didn’t find an answer, so I am putting it here:

The first two instructions of KiTrap00 (and maybe other trap handlers) are,

push 0
mov word ptr[esp+2], 0

Isn’t the second instruction redundant? It’s writing a 16-bit 0 on top of a 32-bit 0 that you just pushed. Does it serve any purpose that might not be obvious?

Thanks,
Paul

Tim_Roberts · September 16, 2014, 1:02pm

xxxxx@gmail.com wrote:

Please consider this to be a low priority question, but it’s one that has bugged me for a while. I searched (quickly) and didn’t find an answer, so I am putting it here:

The first two instructions of KiTrap00 (and maybe other trap handlers) are,

push 0
mov word ptr[esp+2], 0

Isn’t the second instruction redundant? It’s writing a 16-bit 0 on top of a 32-bit 0 that you just pushed. Does it serve any purpose that might not be obvious?

It’s not impossible, I suppose, that they were trying to write machine
code that could be used in either 16-bit or 32-bit modes.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Paul_Sanders · September 16, 2014, 4:03pm

Tim,
You’re probably correct. Still, I would have expected a subtraction from the esp for local storage.

Like I said, it really isn’t important. I ran across it again yesterday and the internet was close by.

Anyone else have any alternate ideas?
Thanks,
Paul

OSR_Community_User · September 17, 2014, 5:29am

This behaviour is a consequence of Intel’s hardware specifications. You can find details in the the Volume 3 of Intel’s developper’s manual titled:

Intel? 64 and IA-32 Architectures Software Developer?s Manual Volume 3 (3A, 3B & 3C): System Programming Guide

The first DWORD (0) pushed on the stack is called the ERROR CODE of the trap handler. Some handlers push this 0 ERROR CODE on the stack and others do not: KiTrap11, for example, does not so the ERROR CODE is assumed to be on the stack. The second instruction clears the upper 16 bits of the ERROR CODE. KiTrap11 just clears the upper 16 bits of the DWORD on the stack. This is required by the hardware. Following is a description of the ERROR CODE:

22.31.2 Error Code Pushes

The Intel486 processor implements the error code pushed on the stack as a 16-bit value. When pushed onto a 32bit stack, the Intel486 processor only pushes 2 bytes and updates ESP by 4. The P6 family and Pentium processors? error code is a full 32 bits with the upper 16 bits set to zero. The P6 family and Pentium processors, therefore, push 4 bytes and update ESP by 4. Any code that relies on the state of the upper 16 bits may produce inconsistent results.

I think the handlers are writen using MASM macros like the so many system calls.

Paul_Sanders · September 17, 2014, 4:25pm

Superb answer. The mystery is solved.
Thanks,
Paul

Peter_Viscarola_OSR · September 18, 2014, 12:30pm

In case there was any doubt, Ntdev Geek’s answer is indeed correct.

As to this:

This is also correct. Either macros or specific code (to push, for example, a zero error code onto the stack at entry).

Peter
OSR
@OSRDrivers