Mail Archives: djgpp/2003/10/14/13:30:47

X-Authentication-Warning: mail set sender to djgpp-bounces using -f
From: "PetroffHeroj" <forged AT address DOT net>
Newsgroups: comp.os.msdos.djgpp
Subject: Fw: Please, receive a report for a bug in DOS4GW 1.97.
Date: Tue, 14 Oct 2003 17:21:24 +0000 (UTC)
Organization: Webplus NEWS server
Lines: 148
Distribution: world
Message-ID: <bmhbah$10it$>
Mime-Version: 1.0
X-Trace: 1066152084 33373 (14 Oct 2003 17:21:24 GMT)
X-Complaints-To: usenet AT news DOT wplus DOT net
NNTP-Posting-Date: Tue, 14 Oct 2003 17:21:24 +0000 (UTC)
X-Mailer: dMail [Demos Mail for DOS v2.7.9]
Status: RO
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Reply-To: djgpp AT delorie DOT com

Newsgroups: comp.lang.asm.x86 alt.msdos
Newsgroups: alt.msdos.programmer alt.os.free_dos
Newsgroups: alt.os.free_dos.hacking comp.os.msdos.programmer
Newsgroups: comp.os.msdos.apps comp.os.msdos.djgpp comp.os.msdos.misc
Newsgroups: relcom.msdos


This message has been cross-posted to a significant amount of conferences,
so, first of all, apologies if this is an off-topic _here_! I deliberately
allowed myself to do that, since getting info on DOS or getting help from DOS
fellas has become a hard task nowadays, and I wanted as much response as
possible. If you think the letter is an off-topic here, don't kill me :), but
instead suggest some conferences (missing in the list), that you think are
more proper. Thank you for understanding.

Following is the message I have sent to Tenberry (ex-Rational Systems).
However, I decided to post to Usenet because I didn't get any replies from
Tenberry for about a week, and since they suggested to post to Usenet, well,
I am now Tenberry-blessed, right? :)

The message is self-explanatory, so I won't prepend it with much foreword.
I'd be very thankful to get any _worth_ and _qualified_ opinions from you on
the problem, with some practical experience, and it's my dream if some of you
conducted the experiment described below, to reproduce the bug, and responded
about results. It _would_ be heaven if someone could tell me the reason of
the problem, but that's too daring :)

Thank you and good bye!

P.S. The source address is not present since I'd like the discussion to stay
in public. If you want to mail directly for some reason, request the address

From: "PetroffHeroj"
To: 4gsupport AT tenberry DOT com,4gwhelp AT tenberry DOT com
Date: 2003-10-02


This is a report for a bug in DOS4GW.

First of all, the bug is in v1.97, and as I don't have any later versions,
the descriptions of changes made in v2.01 of DOS4G and DOS4GW have been
examined prior to sending this report, and the bug doesn't seem to be fixed
yet. So I suppose the information is still valuable.

The bug was found by accident, it was reproduced on several machines, it was
proven that the bug is in DOS4GW interrupt handling code, because it doesn't
happen with other extenders (tested with Tran's PMODE/W). Sorry, no
disassembly was made to find out the cause of the bug itself, so you'll
probably have to track it down yourself, unless it has been fixed already.

The description of the situation that causes the bug follows:

An int is hooked in the PM chain, then shelling to DOS; if an int occurs
while SP=0 (not a frequent condition, but _completely legal_), DOS4GW
crashes. It wasn't tested with _software generated_ ints, although results
are supposed to be the same. It also wasn't tested _without shelling_ to DOS
(by switching to RM and issuing/catching and int), but it's also supposed to
be the same. Was tested under pure RM and under VCPI service of EMM386. Was
_not_ tested under DPMI in either plain DOS or any DOS emulators. Hence it
might be that the bug can be reproducible in RM or under VCPI only.

The following code will help you to reproduce the bug. The first is the PM
program linked with DOS4GW, compile it under Watcom with:

wcc386 -i=<...>\h bug_pm
wlink f bug_pm libp <...>\lib386;<...>\lib386\dos form os2 le
      op stub=wstub.exe

Or to link with PMODE/W for testing purposes:
wlink f bug_pm libp <...>\lib386;<...>\lib386\dos form os2 le
      op stub=pmodew.exe

-- bug_pm.c --------------------------------------------------------------

#include <stdio.h>
#include <process.h>
#include <dos.h>

__interrupt __far (*old_vect)();

void __far __interrupt suka() {
__asm   in      al,61h
__asm   xor     al,2
__asm   out     61h,al

void main() {
 printf("Errorlevel: %xh\n",system("c:\"));


The proggie hooks int 09 in the PM chain and just clicks the PC squeaker,
then calling the old code. Hope you have PC squeaker :^)

The following is a 16-bit asm program that causes the bug to show up when
ran under the former one. It's converted for TASM syntax, can easily be
converted to anything else.

-- cause_rm.asm ----------------------------------------------------------
model   tiny

        org     100h

        xor     sp,sp                   ;that is the key!

        mov     ax,0E01h
        int     10h

        xor     cx,cx
        in      al,0EBh
        loop    delay

        in      al,60h
        cm      al,81h
        jne     again

        int     20h                     ;sorry, retn-fellows...

end     entry

Its main purpose is to have SP=0 most of the time and periodically show it's
alive. Since it's almost certain that you have much faster machines than my
486, you can replace  "xor cx,cx" and "loop delay"  with  "mov ecx,<...>" and
"loopd delay"  (or prefix "loop" with 67h manually). Basically, it's not a
problem to write a similar program any way you like it.

That's all. It would be very nice if you analysed the bug and responded
whether it was reproducible for you or not, since you could have it fixed

Thank you for your attention.


- Raw text -

  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019