Chaining Interrupts

Short contents

What does chaining interrupts mean? TSR programs Chaining an interrupt example program Reentrancy problems with DOS Reentrancy problems with BIOS The multiplex interrupt (INT 2Fh) Installing and removing a TSR Debugging TSRs Difficulties in chaining interrupts in Windows

What does chaining interrupts mean?

MS-DOS places at memory address 0000:0000 the interrupt vector table (holds FAR address of each handler/ISR – Interrupt Service Routine)

Purpose of chaining interrupts: implementing missing functionalities from the OS, optimizing BIOS or DOS routines, altering OS behavior

Steps in chaining interrupts:1) Writing the new ISR (the new handler);2) Saving old handler’s (the original one) address;3) Modifying handler’s address in the interrupt vector table;4) Calling the new ISR;5) Eventually, calling the old ISR;6) Restoring the original handler;

Saving old handler’s address Accessing the interrupt

vector table directly:oldint77 dd ? ; space for storing old handler’s

addr.

……mov es, 0cli ; deactivate interrupts

mov ax, word ptr es:[4*77h]mov word ptr cs:oldint77, axmov ax, word ptr es:[4*77h+2]mov word ptr cs:[oldint77+2], axsti ; reactivate interrupts

Using DOS function no. 35h:

oldint77 dd ? ; for storing old handler’s address

…

…mov ax, 3577h ; ES:BX –address of current

handler

int 21h

mov word ptr cs:oldint77, bx

mov word ptr cs:[oldint77+2], es

Modifying handler’s address in the interrupt vector table

Accessing the interrupt vector table directly :

mov es, 0

cli

mov word ptr es:[4*77h],offset Newhandler

mov word ptr es:[4*77h+2],seg Newhandler

sti

Using DOS function no. 25h:

push ds

mov ax, 2577h

mov dx, seg Newhandler

mov ds, dx

mov dx, offset Newhandler

int 21h

pop ds

Calling the original handler and returning from the ISR

Calling the old handler, then return in the new handler:

pushf ; pushing flags on to the stack

call dword ptr cs:oldint77

…

iret ; popf + retf

Calling the old handler, then return in the application:

jmp dword ptr cs:oldint77

Writing the new ISR

We can not count on (know) the value of any register except CS and IP

If we modify registers inside the ISR their values must be saved previously and then restored prior of returning from the ISR

TSR Programs (Terminate and Stay Resident)

MS-DOS programs are: transient : free memory when they terminate execution resident : does not return all memory back to DOS

TSRs are used for introducing multitasking functionality into a monotasking OS

Staying resident is done using DOS function no. 31h

TSRs have a transient section (executed once in the beginning) and a resident one (stays in memory after completion)

Active TSRs (activated by system generated hardware interrupts)

TSR-uri pasive (activated by an explicit call)

DOS memory map and TSRs (1)

DOS memory map, no active application

DOS memory map, one active application

DOS memory map and TSRs (2)

DOS memory map, one resident application

DOS memory map with one resident application and one transient application

Chaining an interrupt example program(1)

assume cs:codcod segment org 100hstart: jmp install ;resident part message db “Parameters initialized for

COM1 ! $" minstalled db “Handler already installed $" Oldip dw ? Oldcs dw ? signature db “exemplu rutina"

handler: ;****New handler**** cmp ah,00h jnz CallOldHandler push ax push ds push dx mov ah,9h push cs pop ds lea dx,message int 21h ;uninstall new handler ;mov ax,2514h ;mov dx,word ptr Oldip ;mov ds,word ptr Oldcs pop dx pop ds pop ax iret

CallOldHandler : jmp dword ptr Oldip

Chaining an interrupt example program(2)

install: ;check whether new ISR has already been

installed mov ah,35h mov al,14h int 21h ;in es:bx we have the address of 14h ISR mov word ptr Oldip,bx mov word ptr Oldcs,es ;compare the addresses of old and new handler cmp bx,offset handler jne notinstalled ;compare signatures push cs pop ds lea si,signature

; ds:si contains address of signature; es:si contains address of signature from the old handler mov di,si cld mov cx,handler-signature repe cmpsb jne notinstalled mov ah,9h lea dx,minstalled int 21h ;ending program mov ax,4c01h int 21h

Chaining an interrupt example program(3)notinstalled: mov ah,25h mov al,14h push cs pop ds lea dx,handler int 21h mov ah,31h mov al,00h lea dx,install add dx,15 mov cl,4 shr dx,cl int 21hcod endsend start

Reentrancy problems with DOS Happens when the current application calls a DOS function

and during the execution of this DOS function an asynchronous event (e.g. timer interrupt, pressing a key) occurs which activates a TSR that at his turn calls DOS.

DOS is not reentrant: it does not allow several DOS calls to be active in the same time

May lead to system hang In general, the problem does not occur for passive TSRs InDOS flag on 1 byte(=0 if no DOS call is active, !=0 if a DOS

call is in progress) + DOS function34h (GetInDosFlagAddress) CritError flag– set when a DOS calls issues a critical error;

error’s details are saved at a fix memory address which gets overwritten each time

Reentrancy problems with BIOS

Some BIOS interrupts are not reentrant, others are reentrant

BIOS doesn’t provide an InBIOS flag For not reentrant BIOS interrupts one can

implement a wrapper ISR to simulate the InBIOS flag:int17 proc far

inc CS:InBIOSpushfcall dword ptr CS:OldInt17dec CS:InBIOSiret

int17 endp

The multiplex interrupt(INT 2Fh)

When we install a passive TSR we have to choose an interrupt vector (number) to patch into: We can randomly choose an interrupt vector from the

interrupt vector table We can choose an interrupt which implements specific

functionality We can choose the multiplex interrupt, 2Fh

The multiplex interrupt, 2Fh: reserved for providing a general mechanism for installing, testing the presence and communicating with a TSR

Installing and removing a TSR

To check at install time: The handler is not already installed (using a signature) The interrupt vector is free (reserved)

To do at uninstall time: Stop all pending actions of this TSR Restore all interrupt vectors to their former values Return all reserved memory back to DOS

[Last two tasks difficult to accomplish]

Exemplifying the aforementioned issues: “TSR Monitor Tastatura” example, section 6.8, pag. 229, the blue book

Debugging a TSR (1) Compile and linkedit the TSR (possible with debug

information included). Load the TSR into TD and execute the transient part

naturally. When this part is executed, the resident part would be installed into the RAM memory.

Set a breakpoint in the resident part (preferably in the beginning) with the F2 key (or from the Breakpoints menu).

Select option File | Resident from the menu in order to make TD resident. This is done in order to get the DOS prompter again.

Once we are back to DOS the resident part gets active. When the program execution gets to the breakpoint, TD

comes back showing the TSR in the respective point. Thus, debugging this code is then possible. (Coming back to TD from DOS is done by pressing CTRL-Break twice)

Debugging a TSR (2)

Debugging a TSR (3)

Debugging a TSR (4)

Debugging a TSR (5)

Debugging a TSR (6)

Debugging a TSR (7)

Difficulties in chaining interrupts in Windows

There are no systems running native MS-DOS any more

Windows OS emulates a virtual hardware architecture in which DOS is run

We can not chain interrupts that work with hardware equipment because this is virtual (e.g. int 13h for working with the disk, int 10h for working in graphical mode etc)