notifications to the CPU that tells it that some event happened on the system. Classic examples of interrupts are hardware interrupts such as mouse button or keyboard key presses, network packet activity and hardware generated exceptions such as a division by zero or a breakpoint - interrupts 0x00 and 0x03 respectivelyIDTR register for each physical processor or in other words, each processor has its own IDTR register pointing to its own Interrupt Descriptor TableIDTR:!idt allows us to dump the Interrupt Descriptor Table contents and it also confirms that the IDT is located at fffff803`536dda00 as shown below:!idta0 is located at fffff8008f37f700i8042prt!I8042KeyboardInterruptService (inside the actual keyboard driver) is hit once the code at fffff8008f37f700 is finishedi8042prt!I8042KeyboardInterruptServicei8042prt!I8042KeyboardInterruptService indeed handles keyboard interrupts0xa0 occurs0x0a is looked up (IDT address + 0xa0 * 0x10) and the ISR Entry Point is resolved and code jumps to iti8042prt!I8042KeyboardInterruptService_KIDTENTRY64 which is a kernel memory structure and is defined like so:OffsetLow, OffsetMiddle and OffsetHigh at offsets 0x000, 0x006 and 0x008 make up the virtual address in the kernel and it's where the code execution will be transferred to by the CPU once that particular interrupt takes place - in other words - this is the Interrupt Service Routine's (ISR) entry point.a0 in the IDT table as discovered earlier:fffff803536dd000:a0 IDT entry by adding 0xa0*0x10 (interrupt index a0 times 0x10 since a descriptor entry is 16 bytes in size) to the IDT table address fffff803536dd000, which gives us fffff803`536dda00:a0 interrupt descriptor entry with _KIDTENTRY64 and inspect a0 IDT entry's content:a0 interrupt is triggered by the keyboard:fffff803`5156e700 (ISR entry point) to be executed by the CPU once interrupt a0 is triggered:fffff803`5156ea40 will happeni8042prt!I8042KeyboardInterruptService will be hit and below confirms it - firstly, the breakpoint is hit for fffff803`5156e700 and i8042prt!I8042KeyboardInterruptService is hit immediately after:_KINTERRUPT is a kernel memory structure that holds information about an interrupt. The key member of this structure for this lab is the member located at offset 0x18 - it's a pointer to the ServiceRoutine - the routine (inside the associated driver) that is responsible for actually handling the interrupt:ffffd4816353ea00, therefore we can inspect the _KINTERRUPT structure of that our interrupt by overlaying it with memory contents at ffffd4816353ea00:ServiceRoutine is again pointing correctly to i8042prt!I8042KeyboardInterruptService inside the keyboard driver: _KINTERRUPT for a given interrupt, we need to leverage the following memory locations and structures._KPCR memory structure in kernel) stores information about a given processor:_KPCR location can be found like this:_KPCR, at offset 0x180 there is a member that points to a Process Control Block memory structure _KPRCB which contains information about the state of a processor._KINTERRUPT memory location for a given interrupt is InterruptObject as it contains a list of pointers to a list of _KINTERRUPT objects. InterrupObject is located at offset 0x2e80 as shown below:_KINTERRUPT location for the keyboard interrupt a0:_KINTERRUPT for the interrupt a0 we found manually matches that given by the !idt command: