i'm trying to hook windows keyboard interrupt with HalGetInterruptVector however BSOD when call HalGetInterruptVector and i kant hook teh keyboard interrupt in windows IDT. see part of my source code:
Start:
PUSH 0
MOV RAX,RSP
PUSH RAX
PUSH RAX
PUSH 1
PUSH 1
PUSH 0
PUSH 1
CALL HalGetInterruptVector ; Here BSOD happens
AND RAX,0FFH
MOV [IRQ1],RAX
Why my windows 8 x64 Blue Screen Of Death happens with my code? Where is wrong?
HalGetInterruptVector is an obsolete function and apparently it is not supported in 64-bit builts of Windows:
This interface is not supported on 64-bit Windows. Are you trying to port some ancient NT4-style driver to 64-bit platform? It is impossible - you have to re-write it.
I'm not familiar with HalGetInterruptVector but if your intent is to hook on a specific IRQ maybe that's not a good idea.
Even assuming the function takes the IOAPIC vs 8059A mode in consideration, a lot of keyboards are not PS/2 (this interface is emulated through SMM though) but are USB.
This means that the IRQ they generate is variable and can even be an MSI.
A better alternative is to hook on the right abstraction level: the HID class.
