Geoff Chappell - Software Analyst
The REGISTERED_INTERRUPT_CONTROLLER (formally _REGISTERED_INTERRUPT_CONTROLLER) is the HAL’s abstraction of an interrupt controller.
The REGISTERED_INTERRUPT_CONTROLLER is not documented. Neither is Microsoft known to have ever published a C-language definition in any Windows Driver Kit (WDK).
The practical equivalent of a C-language definition is available as type information in public symbol files for the HAL, starting with Windows 8. The merging of the HAL into the kernel for the 2004 release of 64-bit Windows moves this type information into the public symbols for the kernel.
Exactly why the public symbols have type information for the REGISTERED_INTERRUPT_CONTROLLER is unclear. That it’s unintended is not impossible. When compiling the separate source file, HALSYM.C, to merge type information into the public symbols for the already built HAL, what the compiler counted as this structure’s use is a reference by pointer—but this pointer type is itself unreferenced. This situation can have been produced by as little as the pointer type’s use in an inline routine or just its appearance in the declaration of an internal routine that is in turn called from an inline routine. On the other hand, HALSYM.C can have used the pointer type explicitly, e.g., by defining a variable of this type. A reason to do this would be that the KDEXTS debugger extension’s !gicr_findapending and !ioapic commands depend on having type information for the REGISTERED_INTERRUPT_CONTROLLER. Intention is hard to gauge. It’s not as if either command is documented—at all, let alone as intended to work for those outside Microsoft who are not blessed with access to private symbols.
For a structure that looks to be used only within the HAL (not that any effort has yet been put into the looking), the REGISTERED_INTERRUPT_CONTROLLER is remarkably stable. The structure has grown, but only because one sub-structure pushes subsequent members ever further along:
| Version | Size (x86) | Size (x64) |
|---|---|---|
| 6.2 to 1607 | 0xBC | 0x0148 |
| 1703 to 1809 | 0xC0 | 0x0150 |
| 1903 | 0xC4 | 0x0158 |
| 2004 | 0xC8 | 0x0160 |
The sizes in the preceding table and the offsets and definitions in the next are from type information in public symbols as noted above for Windows 8 and higher. Whether the structure even exists in earlier versions is left for another time.
| Offset (x86) | Offset (x64) | Definition | Versions |
|---|---|---|---|
| 0x00 | 0x00 |
LIST_ENTRY ListEntry; |
6.2 and higher |
| 0x08 | 0x10 |
PVOID InternalData; |
6.2 and higher |
| 0x0C | 0x18 |
ULONG InternalDataSize; |
6.2 and higher |
| 0x10 | 0x20 |
INTERRUPT_FUNCTION_TABLE FunctionTable; |
6.2 and higher |
| 0x60 (6.2 to 1607); 0x64 (1703 to 1809); 0x68 (1903); 0x6C |
0xC0 (6.2 to 1607); 0xC8 (1703 to 1809); 0xD0 (1903); 0xD8 |
KNOWN_CONTROLLER_TYPE KnownType; |
6.2 and higher |
| 0x64 (6.2 to 1607); 0x68 (1703 to 1809); 0x6C (1903); 0x70 |
0xC4 (6.2 to 1607); 0xCC (1703 to 1809); 0xD4 (1903); 0xDC |
ULONG Capabilities; |
6.2 and higher |
| 0x68 (6.2 to 1607); 0x6C (1703 to 1809); 0x70 (1903); 0x74 |
0xC8 (6.2 to 1607); 0xD0 (1703 to 1809); 0xD8 (1903); 0xE0 |
ULONG Flags; |
6.2 and higher |
| 0x6C (6.2 to 1607); 0x70 (1703 to 1809); 0x74 (1903); 0x78 |
0xCC (6.2 to 1607); 0xD4 (1703 to 1809); 0xDC (1903); 0xE4 |
ULONG MaxPriority; |
6.2 and higher |
| 0x70 (6.2 to 1607); 0x74 (1703 to 1809); 0x78 (1903); 0x7C |
0xD0 (6.2 to 1607); 0xD8 (1703 to 1809); 0xE0 (1903); 0xE8 |
ULONG UnitId; |
6.2 and higher |
| 0x74 (6.2 to 1607); 0x78 (1703 to 1809); 0x7C (1903); 0x80 |
0xD8 (6.2 to 1607); 0xE0 (1703 to 1809); 0xE8 (1903); 0xF0 |
LIST_ENTRY LinesHead; |
6.2 and higher |
| 0x7C (6.2 to 1607); 0x80 (1703 to 1809); 0x84 (1903); 0x88 |
0xE8 (6.2 to 1607); 0xF0 (1703 to 1809); 0xF8 (1903); 0x0100 |
LIST_ENTRY OutputLinesHead; |
6.2 and higher |
| 0x84 (6.2 to 1607); 0x88 (1703 to 1809); 0x8C (1903); 0x90 |
0xF8 (6.2 to 1607); 0x0100 (1703 to 1809); 0x0108 (1903); 0x0110 |
LONG MinLine; |
6.2 and higher |
| 0x88 (6.2 to 1607); 0x8C (1703 to 1809); 0x90 (1903); 0x94 |
0xFC (6.2 to 1607); 0x0104 (1703 to 1809); 0x010C (1903); 0x0114 |
LONG MaxLine; |
6.2 and higher |
| 0x8C (6.2 to 1607); 0x90 (1703 to 1809); 0x94 (1903); 0x98 |
0x0100 (6.2 to 1607); 0x0108 (1703 to 1809); 0x0110 (1903); 0x0118 |
ULONG MaxClusterSize; |
6.2 and higher |
| 0x90 (6.2 to 1607); 0x94 (1703 to 1809); 0x98 (1903); 0x9C |
0x0104 (6.2 to 1607); 0x010C (1703 to 1809); 0x0114 (1903); 0x011C |
ULONG MaxClusters; |
6.2 and higher |
| 0x94 (6.2 to 1607); 0x98 (1703 to 1809); 0x9C (1903); 0xA0 |
0x0108 (6.2 to 1607); 0x0110 (1703 to 1809); 0x0118 (1903); 0x0120 |
ULONG InterruptReplayDataSize; |
6.2 and higher |
| 0x98 (6.2 to 1607); 0x9C (1703 to 1809); 0xA0 (1903); 0xA4 |
0x010C (6.2 to 1607); 0x0114 (1703 to 1809); 0x011C (1903); 0x0124 |
INTERRUPT_PROBLEM Problem; |
6.2 and higher |
| 0x9C (6.2 to 1607); 0xA0 (1703 to 1809); 0xA4 (1903); 0xA8 |
0x0110 (6.2 to 1607); 0x0118 (1703 to 1809); 0x0120 (1903); 0x0128 |
NTSTATUS ProblemStatus; |
6.2 and higher |
| 0xA0 (6.2 to 1607); 0xA4 (1703 to 1809); 0xA8 (1903); 0xAC |
0x0118 (6.2 to 1607); 0x0120 (1703 to 1809); 0x0128 (1903); 0x0130 |
PCSTR ProblemSourceFile; |
6.2 and higher |
| 0xA4 (6.2 to 1607); 0xA8 (1703 to 1809); 0xAC (1903); 0xB0 |
0x0120 (6.2 to 1607); 0x0128 (1703 to 1809); 0x0130 (1903); 0x0138 |
ULONG ProblemSourceLine; |
6.2 and higher |
| 0xA8 (6.2 to 1607); 0xAC (1703 to 1809); 0xB0 (1903); 0xB4 |
0x0124 (6.2 to 1607); 0x012C (1703 to 1809); 0x0134 (1903); 0x013C |
ULONG CustomProblem; |
6.2 and higher |
| 0xAC (6.2 to 1607); 0xB0 (1703 to 1809); 0xB4 (1903); 0xB8 |
0x0128 (6.2 to 1607); 0x0130 (1703 to 1809); 0x0138 (1903); 0x0140 |
NTSTATUS CustomProblemStatus; |
6.2 and higher |
| 0xB0 (6.2 to 1607); 0xB4 (1703 to 1809); 0xB8 (1903); 0xBC |
0x0130 (6.2 to 1607); 0x0138 (1703 to 1809); 0x0140 (1903); 0x0148 |
UNICODE_STRING ResourceId; |
6.2 and higher |
| 0xB8 (6.2 to 1607); 0xBC (1703 to 1809); 0xC0 (1903); 0xC4 |
0x0140 (6.2 to 1607); 0x0148 (1703 to 1809); 0x0150 (1903); 0x0158 |
POHANDLE PowerHandle; |
6.2 and higher |