Hubbry Logo
IRQL (Windows)IRQL (Windows)Main
Open search
IRQL (Windows)
Community hub
IRQL (Windows)
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
IRQL (Windows)
IRQL (Windows)
IRQL (Windows)
View on Wikipedia
from Wikipedia

An Interrupt Request Level (IRQL) is a hardware-independent means with which Windows prioritizes interrupts that come from the system's processors. On processor architectures on which Windows runs, hardware generates signals that are sent to an interrupt controller. The interrupt controller sends an interrupt request (or IRQ) to the CPU with a certain priority level, and the CPU sets a mask that causes any other interrupts with a lower priority to be put into a pending state, until the CPU releases control back to the interrupt controller. If a signal comes in at a higher priority, then the current interrupt will be put into a pending state; the CPU sets the interrupt mask to the priority and places any interrupts with a lower priority into a pending state until the CPU finishes handling the new, higher priority interrupt.[1]

Windows maps not only hardware interrupt levels to its internal interrupt table but also maps software interrupts. The mappings in this table are called Interrupt Request Levels, or IRQLs, and a separate IRQL is kept for each processor in a multiprocessor system. The IRQL values are specific to the x86, IA64 and AMD64 processor architectures that Windows can run on, though theoretically they can support other CPUs that use a similar interrupt scheme (such as the DEC Alpha and MIPS, which were supported briefly on early versions of Windows). This means that APCs (asynchronous procedure calls), user threads and kernel mode operations can be interrupted, and the system must run them at an IRQL lower than the thread scheduler (or "dispatcher").[2]

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

IRQL (Windows)

View on Grokipedia
from Grokipedia
In the Windows operating system, IRQL (Interrupt Request Level) refers to a numerical priority mechanism in the kernel that governs the execution context of driver routines and handlers, ensuring that higher-priority hardware can lower ones while maintaining system stability. IRQL values range from 0 to 31, with higher numbers indicating greater priority and the ability to mask at lower levels. The primary purpose of IRQL is to manage hardware priorities by controlling which kernel-mode support routines a driver can invoke at a given level, preventing interference from lower-priority interrupts during critical operations. Key predefined levels include PASSIVE_LEVEL (0), which represents normal thread execution without interrupts; APC_LEVEL (1), where APCs are masked but higher-priority hardware interrupts can still preempt the current routine; and DISPATCH_LEVEL (2), used for scheduler and dispatch routines where lower-level interrupts are masked. Levels above DISPATCH_LEVEL, known as Device IRQLs (DIRQLs), are reserved for device-specific interrupt handling and further restrict accessible operations, such as prohibiting access to paged memory to avoid potential system crashes. Drivers adjust IRQL using functions like KeRaiseIrql and KeLowerIrql, but must adhere strictly to entry and exit level requirements to prevent violations that could trigger fatal errors. IRQL plays a crucial role in Windows driver development, where routines like DriverEntry execute at PASSIVE_LEVEL and interrupt service routines (ISRs) run at DIRQL, enforcing rules that limit pageable code execution and memory access at elevated levels. Violations, such as attempting to access paged memory at an IRQL greater than APC_LEVEL (such as DISPATCH_LEVEL or higher) or invalid addresses while interrupts are masked, often result in the bug check IRQL_NOT_LESS_OR_EQUAL (0xA), a blue screen error indicating an attempt to access unauthorized memory while interrupts are masked. To aid development, provides IRQL annotations in headers like Wdm.h, such as IRQL_requires_max and IRQL_raises, which static analysis tools use to verify compliance and catch potential issues early. Overall, proper IRQL management is essential for reliable kernel-mode operations, as it balances performance, responsiveness, and safety in handling hardware events.

Overview

Definition and Core Concept

In the Windows NT kernel, the Interrupt Request Level (IRQL) is an integer value that represents the hardware priority at which a processor operates at any given time, serving as a fundamental mechanism for managing interrupt processing and synchronization. This value ranges from 0 (the lowest priority) to 31 on x86 architectures or to 15 on x64 architectures, allowing the kernel to control the execution context of driver code and ensure orderly handling of hardware events. IRQL functions as an over underlying hardware mechanisms, enabling portable handling across diverse processor types without requiring drivers to directly interface with architecture-specific details. By mapping hardware priorities to these standardized levels, the kernel facilitates consistent behavior in multiprocessor environments and supports the development of device drivers that operate reliably on both x86 and x64 systems. This is integral to the kernel's design, decoupling software logic from low-level hardware variations. A core operational rule of IRQL is preemption based on priority: executing at a higher IRQL can at a lower IRQL, while interrupts at or below the current IRQL are masked to prevent interference and maintain system stability. This ensures that high-priority hardware events, such as critical device interrupts, are handled promptly without disruption from lower-priority activities. IRQL originated in the kernel with version 3.1, released on July 27, 1993, where it was established as a key kernel-mode primitive to coordinate access to shared resources in a preemptive, multitasking environment.

Purpose in the Windows Kernel

In the Windows kernel, IRQL plays a critical role in preventing race conditions by serializing access to shared resources through elevated priority levels. When the IRQL is raised, interrupts at or below that level are masked, ensuring that only the current code path executes without interference from lower-priority interrupts or threads. This mechanism is particularly vital in kernel-mode environments where multiple drivers and system components compete for resources, as it enforces without relying solely on software locks. For instance, primitives like spin locks leverage IRQL elevation to protect critical sections, guaranteeing that shared data structures remain consistent during concurrent access. IRQL integrates closely with the kernel scheduler to maintain atomicity in operations that must complete without interruption or preemption. At elevated IRQLs such as DISPATCH_LEVEL or higher, the scheduler is effectively blocked from dispatching threads or servicing lower-priority interrupts, allowing short, non-blocking code sequences to execute atomically on the processor. This prevents partial updates to kernel structures that could otherwise lead to inconsistencies, especially in interrupt-driven scenarios where timing is unpredictable. By temporarily suspending normal scheduling, IRQL ensures that high-priority kernel tasks, like handling hardware events, proceed without yielding control, thereby upholding the integrity of system operations. IRQL contributes significantly to overall system stability by imposing strict rules on memory access and driver routine execution within the kernel. At IRQLs greater than APC_LEVEL, access to pageable memory is prohibited because page faults are disabled, avoiding potential deadlocks or crashes that could occur if the kernel attempted to swap in pages during non-preemptible code. Driver routines operating at raised IRQLs must adhere to these constraints, limiting their scope to non-pageable code and avoiding blocking calls, which the kernel enforces through bug checks like IRQL_NOT_LESS_OR_EQUAL if violated. This layered enforcement model promotes robust driver development and minimizes the risk of kernel panics in a multi-threaded, interrupt-heavy environment. Since , the core IRQL framework has seen no major architectural changes, maintaining its foundational role in kernel operations across subsequent versions including Windows 11. However, has enhanced verification tools to improve compliance, with Static Driver Verifier incorporating advanced rules like IrqlDispatch and IrqlPsPassive to statically analyze driver code for IRQL violations during development. These tools help detect potential stability issues early, ensuring that drivers conform to IRQL requirements without altering the underlying mechanism.

IRQL Levels

Software-Defined Levels

In the Windows kernel, software-defined Interrupt Request Levels (IRQLs) represent predefined priority levels primarily used for scheduling and in kernel-mode operations, distinct from hardware-mapped levels associated with device interrupts. These levels range from 0 to 2 and control aspects such as preemption, paging, and Asynchronous Procedure Call (APC) delivery, ensuring predictable execution in multiprocessor environments. The lowest software IRQL is PASSIVE_LEVEL, defined as 0 in kernel headers such as ntddk.h. This level serves as the default for most kernel-mode code, including entry points, dispatch routines, and worker threads. At PASSIVE_LEVEL, threads are fully preemptible, paging operations are permitted, and APCs can be delivered, allowing the kernel to suspend execution for higher-priority tasks or asynchronous events without masking any interrupts. The intermediate level, APC_LEVEL (1), is specifically associated with the execution of special kernel-mode APCs. It blocks delivery of normal APCs—both user- and kernel-mode—while permitting special kernel APCs, which preempt lower-priority code but maintain thread context. Paging remains allowed, and memory allocations from the paged pool are permitted. Interrupts at APC_LEVEL or below are masked to prevent interference during these asynchronous operations. This level acts as a bridge between fully preemptible execution and higher-priority non-preemptible code. At DISPATCH_LEVEL (2), the kernel executes Deferred Procedure Calls (DPCs) and thread in a non-preemptible manner, masking interrupts at DISPATCH_LEVEL and APC_LEVEL to ensure atomicity. Paging and waiting on dispatcher objects are prohibited, and most APCs are blocked, limiting available kernel support routines to those designed for non-paged execution. This level is critical for time-sensitive kernel scheduling, where device, clock, or power-failure interrupts may still occur but higher software operations are deferred.
IRQL LevelNumeric ValuePrimary AssociationsKey Permissions/Blocks
PASSIVE_LEVEL0Default kernel code, dispatch routines, worker threadsAllows preemption, paging, APC delivery; blocks none
APC_LEVEL1Special kernel APCsAllows paging; blocks normal APCs
DISPATCH_LEVEL2DPCs, thread dispatchingBlocks paging, waiting, most APCs; non-preemptible
These levels are defined as symbolic constants in Windows kernel headers (e.g., #define PASSIVE_LEVEL [0](/page/0)), enabling developers to reference them directly in . The KeGetCurrentIrql routine returns the current IRQL as an integer value (type KIRQL), allowing drivers to query and adapt to the execution context without hardcoding numerics.

Hardware Interrupt Levels

Hardware interrupt levels, also known as Device IRQLs (DIRQLs), are assigned to physical hardware devices in the Windows kernel to prioritize interrupt processing based on device criticality. These levels range from 3 to 15 on x64 architectures, constrained by the 16 total IRQLs available (0 through 15) and modern hardware limitations such as APIC vector handling. On legacy x86 systems, DIRQLs can extend up to 31, utilizing the full 32 IRQLs (0 through 31) supported by the architecture. The mapping of hardware Interrupt Requests (IRQs) to specific DIRQLs is managed by the , which abstracts platform-specific details and ensures consistent behavior across systems. Bus drivers report interrupt resources to the manager during device enumeration, and the HAL assigns DIRQLs via functions like HalpGetSystemInterruptVector, often influenced by tables or device priority configurations stored in the registry for certain legacy setups. Higher-priority devices, such as system clock timers, are typically assigned elevated DIRQLs like 12 to 15 to guarantee low-latency handling, while lower-priority peripherals use levels closer to 3. When the processor operates at a specific DIRQL, all interrupts at that level or lower are masked on the current core, preventing preemption until the IRQL is lowered, which ensures atomic execution for time-sensitive operations. Only higher-DIRQL interrupts, such as those from critical hardware like power failure signals, can interrupt the current . Architectural differences in DIRQL handling stem from efficiency optimizations in x64, where the consolidated 16-level scheme reduces overhead in vector management compared to the expansive 32 levels on x86, a design that has remained stable since to support scalable multiprocessing. On x64, DIRQL computation often involves dividing the vector by 16, simplifying mapping while maintaining priority distinctions.

Managing IRQL

Raising and Lowering Mechanisms

In the Windows kernel, the Interrupt Request Level (IRQL) can only be raised or lowered by the executing thread on the current processor, enforcing a strict stack discipline where nested raises accumulate and must be reversed in last-in-first-out order to restore the original level. Raising IRQL to a value lower than or equal to the current level triggers a fatal system error, while lowering must precisely match the previously raised value; any deviation, such as lowering to an incorrect level, results in a bug check. Raising the IRQL disables all interrupts at or below the new level on the current processor, preventing preemption by lower-priority interrupts and ensuring atomic execution of critical sections, though higher-level hardware interrupts remain enabled. Additionally, at IRQL of DISPATCH_LEVEL (2) or higher, access to pageable is blocked, as are not permitted at these elevated levels; any attempt to access paged pool or generate a results in a bug check, such as 0xA (IRQL_NOT_LESS_OR_EQUAL) or 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL). The lowering process occurs either explicitly through kernel mechanisms or automatically upon exit from routines that raised the IRQL, restoring the prior level and re-enabling masked interrupts. Improper lowering, including attempts by a different thread or to an unintended level, invokes bug checks to prevent system instability. Due to IRQL being a per-processor attribute, changes affect only the executing CPU, which in multiprocessor systems can lead to serialized access and performance implications when coordinating across processors.

Associated Kernel APIs

The primary kernel-mode APIs for managing Interrupt Request Levels (IRQLs) in the Windows operating system enable drivers to query the current IRQL and adjust it to synchronize access to shared resources while adhering to preemption rules that prevent lower-priority code from interrupting critical sections. These functions are defined in the (WDK) headers such as wdm.h and are available starting from Windows 2000. The KeRaiseIrql routine raises the processor's IRQL to a specified value, thereby masking interrupts at or below that level on the current processor to ensure uninterrupted execution. Its syntax is:

VOID KeRaiseIrql( [in] KIRQL NewIrql, [out] PKIRQL OldIrql );

VOID KeRaiseIrql( [in] KIRQL NewIrql, [out] PKIRQL OldIrql );

The NewIrql parameter specifies the target IRQL (a KIRQL type, which is an unsigned 8-bit integer representing levels from 0 to 31), while OldIrql is an output pointer that stores the previous IRQL value for later restoration. The routine returns VOID and can be called from any IRQL, but the new level must not be lower than the current one to avoid a bug check. Complementing this, the KeLowerIrql routine restores the processor's IRQL to a previously saved value, unmasking interrupts as appropriate. Its syntax is:

VOID KeLowerIrql( [in] KIRQL NewIrql );

VOID KeLowerIrql( [in] KIRQL NewIrql );

Here, NewIrql must match the value obtained from a prior KeRaiseIrql call on the same processor; otherwise, it triggers a fatal error. Like KeRaiseIrql, it returns VOID and can be invoked from any IRQL, provided the target is not higher than the current one. To query the current IRQL without modification, drivers use the KeGetCurrentIrql routine, which simply returns the active level on the current processor. Its syntax is:

KIRQL KeGetCurrentIrql(VOID);

KIRQL KeGetCurrentIrql(VOID);

This function takes no parameters and returns a KIRQL value, allowing drivers to check the IRQL before performing operations that require specific priority levels. It can be called from any IRQL. Related to IRQL management, certain spinlock acquisition routines implicitly handle IRQL by assuming the caller is already at an elevated level, avoiding unnecessary raises or lowers for performance. For instance, the KeAcquireSpinLockAtDpcLevel macro acquires an executive spin lock without altering the IRQL, requiring the caller to be at or above DISPATCH_LEVEL (IRQL 2). Its syntax is:

VOID KeAcquireSpinLockAtDpcLevel( [in, out] PKSPIN_LOCK SpinLock );

VOID KeAcquireSpinLockAtDpcLevel( [in, out] PKSPIN_LOCK SpinLock );

The SpinLock parameter points to an initialized KSPIN_LOCK structure allocated from non-paged pool. It returns VOID and must be paired with KeReleaseSpinLockFromDpcLevel, which releases the lock without changing the IRQL. These routines are used at DISPATCH_LEVEL or higher to synchronize multiprocessor access efficiently.

Applications in Drivers

Interrupt Service Routines

In Windows kernel-mode device drivers, an Interrupt Service Routine (ISR) is invoked automatically by the hardware interrupt controller when a device generates an signal. The ISR executes at the device-assigned Device IRQL (DIRQL), a hardware-specific interrupt priority level that masks all interrupts at or below that IRQL to prevent reentrancy from lower-priority sources. This DIRQL is determined during resource allocation and ensures that only higher-priority interrupts or system-critical events can the ISR. For instance, DIRQL values typically range from 3 to 15, with the exact level assigned based on the device's hardware vector. Due to the high-priority, non-preemptible nature of the DIRQL context, ISRs face strict constraints to maintain system responsiveness. They must execute as briefly as possible, typically in a few microseconds, and are limited to non-paged memory to avoid paging operations at elevated IRQL. ISRs cannot perform blocking calls, allocate paged pool memory, or invoke routines that might sleep, as these actions are disallowed above PASSIVE_LEVEL. Instead, the ISR's primary responsibilities are to acknowledge and clear the hardware interrupt to prevent it from firing repeatedly, verify that the interrupt originated from the driver's device (discarding spurious ones by returning FALSE), save minimal volatile device context if needed, and queue a Deferred Procedure Call (DPC) for subsequent processing at DISPATCH_LEVEL. These constraints prioritize rapid interrupt acknowledgment over complex operations, thereby minimizing latency for other interrupts. To enable an ISR, a driver registers it during device initialization by calling IoConnectInterruptEx, which connects the ISR to one or more hardware vectors. This requires a PIO_CONNECT_INTERRUPT_PARAMETERS structure specifying the ISR , IRQL (set to the device's DIRQL), and other details like vector affinity and message-signaled support. The call must occur at PASSIVE_LEVEL and succeeds only if the resources are available; upon success, the kernel handles the connection, including acquiring a at DIRQL before invoking the ISR on future s. Legacy drivers may use the deprecated IoConnectInterrupt, but IoConnectInterruptEx is recommended for and later to support advanced features like multiple ISRs per vector. Upon completing its tasks, the ISR returns a value (TRUE if the was handled) to the kernel, which then releases the associated and implicitly lowers the IRQL back to its prior level. This exit mechanism promptly re-enables lower-priority interrupts and allows the queued DPC to execute deferred work in a more permissive context, ensuring the ISR's high-IRQL constraints do not bottleneck overall system performance.

Deferred Procedure Calls and Synchronization

Deferred procedure calls (DPCs) enable kernel-mode drivers to defer non-time-critical processing from high levels (IRQLs) to DISPATCH_LEVEL (IRQL=2), allowing service routines (ISRs) to return quickly while offloading tasks like I/O completion or data handling to a lower-priority context. DPCs are particularly useful in device drivers for handling work that cannot be completed atomically at higher IRQLs, such as device-specific operations that require accessing pageable memory or calling certain kernel routines. Drivers queue DPCs using kernel APIs such as KeInsertQueueDpc, which inserts a DPC object into the processor's DPC queue for execution on the current or a specified processor, or IoRequestDpc, which is specifically designed for queuing DPC routines to complete interrupt-driven I/O operations and internally invokes KeInsertQueueDpc. These routines can be called from an ISR at a device IRQL (DIRQL), ensuring the DPC is processed only after the system raises the IRQL to DISPATCH_LEVEL on the target processor, typically when no higher-priority interrupts are pending. If multiple DPCs are queued for the same routine before it executes, the routine runs only once, preventing redundant processing. For synchronization at DISPATCH_LEVEL, drivers commonly use executive spin locks to protect shared data structures from concurrent access by interrupts or other DPCs, as these locks can be acquired without lowering the IRQL and block higher-priority interrupts on multiprocessor systems. Routines like KeAcquireSpinLockAtDpcLevel allow acquisition of a spin lock when already at or above DISPATCH_LEVEL, ensuring atomicity for critical sections involving shared resources such as driver queues or device state. This mechanism prevents race conditions but requires careful management to avoid deadlocks, as code holding a spin lock cannot block or . Asynchronous procedure calls (APCs) provide another deferral mechanism, executing at APC_LEVEL (IRQL=1) for kernel-mode work in drivers, distinct from user-mode APCs that deliver notifications to application threads. Kernel APCs, including special kernel APCs that preempt normal kernel code at APC_LEVEL, allow drivers to schedule deferred operations like thread notifications or resource cleanup without the restrictions of DISPATCH_LEVEL, though they are queued via routines such as KeInsertQueueApc and execute only when the target thread is in a suitable state. Unlike DPCs, APCs are thread-specific and do not run in interrupt context, making them suitable for work requiring thread context or lower IRQL access.

Issues and Best Practices

Common Bug Checks

One of the most prevalent IRQL-related kernel bug checks in Windows is 0xD1, known as DRIVER_IRQL_NOT_LESS_OR_EQUAL, which occurs when a kernel-mode driver attempts to access pageable at an IRQL greater than PASSIVE_LEVEL. This violation typically arises during driver execution of pageable code or data references while the processor is at an elevated IRQL, such as DISPATCH_LEVEL or higher, leading to a system crash to prevent further instability. The bug check parameters provide diagnostic details: the first indicates the virtual address referenced, the second the IRQL at the time of the reference, the third the type of operation (0 for read, 1 for write, 2 for execute), and the fourth the address of the instruction that referenced the . A closely related bug check is 0xA, or IRQL_NOT_LESS_OR_EQUAL, which signals that the Windows kernel or a kernel-mode driver has accessed paged at an invalid while operating at a raised IRQL other than PASSIVE_LEVEL. Unlike 0xD1, which focuses on pageable memory access in drivers, 0xA more broadly captures invalid references at elevated IRQLs, often stemming from similar root causes like improper handling in contexts. Its parameters are: the first specifying the invalid , the second the IRQL during the access, the third a describing the operation (read, write, or execute), and the fourth the instruction pointer at the time of the fault. Symptoms in crash dumps include references to kernel modules like ntkrnlmp.exe or specific drivers, manifesting as blue screen errors during high-load operations. IRQL violations can also contribute to Bug Check 0x50, PAGE_FAULT_IN_NONPAGED_AREA, where the kernel detects a when attempting to access memory that should be in the nonpaged pool but references invalid or pageable regions, often due to dereferencing pointers to paged data while at DISPATCH_LEVEL or higher. This check highlights failures exacerbated by IRQL mismatches, resulting in faults that the kernel interprets as corruption in the nonpaged area. In crash dumps, it may appear alongside IRQL traces, pointing to drivers that fail to adhere to memory access rules at elevated levels. Debugging these bug checks in Windows crash dumps commonly involves the debugger's !irql extension command, which displays the processor's IRQL immediately before the crash, aiding in verifying if the fault occurred at an elevated level. This command outputs the current IRQL alongside stack traces, helping isolate whether the violation involved accessing pageable memory above PASSIVE_LEVEL. Such IRQL-related bug checks have been frequent in faulty network and storage drivers since the Windows XP era, often implicated in crash analyses due to their handling of interrupts and deferred operations at varying IRQLs.

Development Guidelines

A fundamental rule in Windows driver development is to never access pageable code or data at interrupt request levels (IRQLs) above PASSIVE_LEVEL, as such accesses can trigger page faults that lead to fatal system errors or bug checks. Pageable code and data, which can be swapped out of physical memory, must be restricted to PASSIVE_LEVEL operations; for routines executing at DISPATCH_LEVEL or higher, developers must ensure all code sections are non-pageable or explicitly locked into memory using MmLockPagableSectionByHandle. To allocate memory accessible at elevated IRQLs, use non-paged pools via ExAllocatePoolWithTag or similar APIs, which guarantee residency in physical memory and prevent paging issues. Testing for IRQL compliance is essential and can be achieved through Driver Verifier, particularly by enabling the Force IRQL Checking option, which applies memory pressure by trimming pageable pools, code, and data whenever a verified driver acquires a spin lock, calls KeSynchronizeExecution, or raises IRQL to DISPATCH_LEVEL or above. This forces detection of invalid accesses, triggering bug checks like IRQL_NOT_LESS_OR_EQUAL if pageable memory is touched inappropriately; it also monitors IRQL transitions and detects misuse of synchronization objects like FAST_MUTEX at high levels since . To simulate multiprocessor scenarios, run tests on multi-core systems with Driver Verifier enabled, as it inherently stresses concurrent execution across processors, revealing race conditions or improper IRQL handling in parallel environments. Best practices emphasize minimizing the time spent at elevated IRQLs to avoid blocking lower-priority interrupts and degrading responsiveness; for instance, interrupt service routines (ISRs) and deferred procedure calls (DPCs) should perform only essential, quick operations before lowering IRQL. Select mechanisms appropriate to the IRQL, such as fast mutexes (via ExAcquireFastMutex) which are safe only at PASSIVE_LEVEL or APC_LEVEL, while spin locks (e.g., KeAcquireSpinLock) are used at DISPATCH_LEVEL or higher but must not be held longer than necessary to prevent deadlocks on multiprocessor systems. Additionally, avoid marking code as pageable if it raises IRQL to DISPATCH_LEVEL or is invoked at raised levels, opting instead for locked or non-pageable sections to maintain reliability. For compatibility, developers must account for architectural differences, such as the reduced IRQL range on x64 systems (0 to 15) compared to x86 (0 to 31), which affects how interrupt priorities are mapped and requires portable drivers to avoid assuming higher levels are available. When targeting newer Windows versions, update drivers to adhere to enhanced verification in tools like Driver Verifier and Static Driver Verifier, ensuring robust handling of IRQL rules amid evolving kernel behaviors.

References

  1. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/managing-hardware-priorities
  2. https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/irql-annotations-for-drivers
  3. https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0xa--irql-not-less-or-equal
  4. https://betawiki.net/wiki/Windows_NT_3.1
  5. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-spin-locks
  6. https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/static-driver-verifier
  7. https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/wdm-irqldispatch
  8. https://community.osr.com/t/how-new-hardware-devices-irql-is-defined/56391
  9. https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ke/dpcobj/index.htm
  10. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/types-of-apcs
  11. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-exallocatepoolwithtag
  12. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-keraiseirqltodpclevel
  13. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-kegetcurrentirql
  14. https://empyreal96.github.io/nt-info-depot/Windows-Internals-PDFs/WindowsInternals-4e.pdf
  15. https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0xd1--driver-irql-not-less-or-equal
  16. https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/-irql
  17. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-keraiseirql
  18. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-kelowerirql
  19. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-keacquirespinlockatdpclevel
  20. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-kereleasespinlockfromdpclevel
  21. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/writing-an-isr
  22. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-ioconnectinterruptex
  23. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-dpc-objects
  24. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-iorequestdpc
  25. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/organization-of-dpc-queues
  26. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/handling-overlapped-i-o-operations
  27. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/preventing-errors-and-deadlocks-while-using-spin-locks
  28. https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x50--page-fault-in-nonpaged-area
  29. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/when-should-code-and-data-be-pageable-
  30. https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/force-irql-checking
  31. https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/automatic-checks
  32. https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/surface-team-driver-development-best-practices
  33. https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/irql-rule-set--wdm-
Add your contribution
Related Hubs
User Avatar
No comments yet.