Chaining Interrupts
Short contents What does chaining interrupts mean? TSR programs Chaining an interrupt example program Reentrancy problems with DOS Reentrancy problems with BIOS The multiplex interrupt (INT 2Fh) Installing and removing a TSR Debugging TSRs Difficulties in chaining interrupts in Windows
What does chaining interrupts mean? MS-DOS places at memory address 0000:0000 the interrupt vector table (holds FAR address of each handler/ISR – Interrupt Service Routine) Purpose of chaining interrupts: implementing missing functionalities from the OS, optimizing BIOS or DOS routines, altering OS behavior Steps in chaining interrupts: 1)Writing the new ISR (the new handler); 2)Saving old handler’s (the original one) address; 3)Modifying handler’s address in the interrupt vector table; 4)Calling the new ISR; 5)Eventually, calling the old ISR; 6)Restoring the original handler;
Saving old handler’s address Accessing the interrupt vector table directly: oldint77 dd ? ; space for storing old handler’s addr. … mov es, 0 cli ; deactivate interrupts mov ax, word ptr es:[4*77h] mov word ptr cs:oldint77, ax mov ax, word ptr es:[4*77h+2] mov word ptr cs:[oldint77+2], ax sti ; reactivate interrupts Using DOS function no. 35h: oldint77 dd ? ; for storing old handler’s address … mov ax, 3577h ; ES:BX –address of current handler int 21h mov word ptr cs:oldint77, bx mov word ptr cs:[oldint77+2], es
Modifying handler’s address in the interrupt vector table Accessing the interrupt vector table directly : mov es, 0 cli mov word ptr es:[4*77h],offset Newhandler mov word ptr es:[4*77h+2],seg Newhandler sti Using DOS function no. 25h: push ds mov ax, 2577h mov dx, seg Newhandler mov ds, dx mov dx, offset Newhandler int 21h pop ds
Calling the original handler and returning from the ISR Calling the old handler, then return in the new handler: pushf; pushing flags on to the stack call dword ptr cs:oldint77 … iret ; popf + retf Calling the old handler, then return in the application: jmp dword ptr cs:oldint77
Writing the new ISR We can not count on (know) the value of any register except CS and IP If we modify registers inside the ISR their values must be saved previously and then restored prior of returning from the ISR
TSR Programs (Terminate and Stay Resident) MS-DOS programs are: transient : free memory when they terminate execution resident : does not return all memory back to DOS TSRs are used for introducing multitasking functionality into a monotasking OS Staying resident is done using DOS function no. 31h TSRs have a transient section (executed once in the beginning) and a resident one (stays in memory after completion) Active TSRs (activated by system generated hardware interrupts) TSR-uri pasive (activated by an explicit call)
DOS memory map and TSRs (1) DOS memory map, no active application DOS memory map, one active application
DOS memory map and TSRs (2) DOS memory map, one resident application DOS memory map with one resident application and one transient application
Chaining an interrupt example program(1) assume cs:cod cod segment org 100h start: jmp install ;resident part message db “Parameters initialized for COM1 ! $" minstalled db “Handler already installed $" Oldip dw ? Oldcs dw ? signature db “exemplu rutina" handler: ;****New handler**** cmp ah,00h jnz CallOldHandler push ax push ds push dx mov ah,9h push cs pop ds lea dx,message int 21h ;uninstall new handler ;mov ax,2514h ;mov dx,word ptr Oldip ;mov ds,word ptr Oldcs pop dx pop ds pop ax iret CallOldHandler : jmp dword ptr Oldip
Chaining an interrupt example program(2) install: ;check whether new ISR has already been installed mov ah,35h mov al,14h int 21h ;in es:bx we have the address of 14h ISR mov word ptr Oldip,bx mov word ptr Oldcs,es ;compare the addresses of old and new handler cmp bx,offset handler jne notinstalled ;compare signatures push cs pop ds lea si,signature ; ds:si contains address of signature ; es:si contains address of signature from the old handler mov di,si cld mov cx,handler-signature repe cmpsb jne notinstalled mov ah,9h lea dx,minstalled int 21h ;ending program mov ax,4c01h int 21h
Chaining an interrupt example program(3) notinstalled: mov ah,25h mov al,14h push cs pop ds lea dx,handler int 21h mov ah,31h mov al,00h lea dx,install add dx,15 mov cl,4 shr dx,cl int 21h cod ends end start
Reentrancy problems with DOS Happens when the current application calls a DOS function and during the execution of this DOS function an asynchronous event (e.g. timer interrupt, pressing a key) occurs which activates a TSR that at his turn calls DOS. DOS is not reentrant: it does not allow several DOS calls to be active in the same time May lead to system hang In general, the problem does not occur for passive TSRs InDOS flag on 1 byte(=0 if no DOS call is active, !=0 if a DOS call is in progress) + DOS function34h (GetInDosFlagAddress) CritError flag– set when a DOS calls issues a critical error; error’s details are saved at a fix memory address which gets overwritten each time
Reentrancy problems with BIOS Some BIOS interrupts are not reentrant, others are reentrant BIOS doesn’t provide an InBIOS flag For not reentrant BIOS interrupts one can implement a wrapper ISR to simulate the InBIOS flag: int17 proc far inc CS:InBIOS pushf call dword ptr CS:OldInt17 dec CS:InBIOS iret int17 endp
The multiplex interrupt(INT 2Fh) When we install a passive TSR we have to choose an interrupt vector (number) to patch into: We can randomly choose an interrupt vector from the interrupt vector table We can choose an interrupt which implements specific functionality We can choose the multiplex interrupt, 2Fh The multiplex interrupt, 2Fh: reserved for providing a general mechanism for installing, testing the presence and communicating with a TSR
Installing and removing a TSR To check at install time: The handler is not already installed (using a signature) The interrupt vector is free (reserved) To do at uninstall time: Stop all pending actions of this TSR Restore all interrupt vectors to their former values Return all reserved memory back to DOS [Last two tasks difficult to accomplish] Exemplifying the aforementioned issues: “TSR Monitor Tastatura” example, section 6.8, pag. 229, the blue book
Debugging a TSR (1) Compile and linkedit the TSR (possible with debug information included). Load the TSR into TD and execute the transient part naturally. When this part is executed, the resident part would be installed into the RAM memory. Set a breakpoint in the resident part (preferably in the beginning) with the F2 key (or from the Breakpoints menu). Select option File | Resident from the menu in order to make TD resident. This is done in order to get the DOS prompter again. Once we are back to DOS the resident part gets active. When the program execution gets to the breakpoint, TD comes back showing the TSR in the respective point. Thus, debugging this code is then possible. (Coming back to TD from DOS is done by pressing CTRL-Break twice)
Debugging a TSR (2)
Debugging a TSR (3)
Debugging a TSR (4)
Debugging a TSR (5)
Debugging a TSR (6)
Debugging a TSR (7)
Difficulties in chaining interrupts in Windows There are no systems running native MS-DOS any more Windows OS emulates a virtual hardware architecture in which DOS is run We can not chain interrupts that work with hardware equipment because this is virtual (e.g. int 13h for working with the disk, int 10h for working in graphical mode etc)