INT (x86 instruction)

From Wikipedia, the free encyclopedia

You have new messages (last change).

INT is an assembly language instruction for x86 processors for generating a software interrupt. It takes one argument that must be a constant byte value. (This should not be confused with the concept of a hardware interrupt.) Depending on the writer and the context, a software interrupt is usually referred to in hexadecimal, either with a prefix 0x or the suffix h (i.e. interrupt 0x21, interrupt 21h).

When done in assembly language code, the instruction is written like this:

INT X

Where X is the software interrupt that should be generated. For example:

INT 0x40

Will generate interrupt 0x40. (See hexadecimal)

[edit] Real mode

When generating a software interrupt, the processor calls one of the 256 functions pointed to by the interrupt address table, which is located in the first 1024 bytes of memory while in real mode (See Interrupt vector). It is therefore entirely possible to use an x86-call instruction to call the interrupt-function manually.

One of the most useful DOS software interrupts was interrupt 0x21. By calling it with different parameters in the registers (mostly ah and al) you could access various IO operations, string output and more. A common computer virus behavior for computers running DOS was to hook the 0x21 interrupt by modifying the interrupt address table so that the virus code would be called before the interrupt. Then, an unsuspecting program would call the 0x21 interrupt and request for a file to be opened. The virus would check if the requested file was an executable, and then insert its code into it.

Most Unix systems and derivates do not use software interrupts, although Linux allows programs to use interrupt 0x80 to make system calls. This is accomplished by entering a 32-bit value corresponding to a kernel function into the EAX register of the processor and then executing INT 0x80.

[edit] INT 3

The INT 3 instruction is defined for use by debuggers to temporarily replace an instruction in a running program, in order to set a breakpoint. Other INT instructions are encoded using two bytes. This makes them unsuitable for use in patching instructions (which can be one byte long).

[edit] See also

Retrieved from "http://en.wikipedia.org../../../i/n/t/INT_%28x86_instruction%29_c26a.html"