Mail Archives: djgpp-workers/1997/11/20/13:18:17

delorie.com/archives/browse.cgi

search

Mail Archives: djgpp-workers/1997/11/20/13:18:17

From: Andrew Crabtree <andrewc AT typhoon DOT rose DOT hp DOT com>

Message-Id: <199711201816.AA167799817@typhoon.rose.hp.com>

Subject: Re: LFN on NT

To: eliz AT is DOT elta DOT co DOT il (Eli Zaretskii)

Date: Thu, 20 Nov 1997 10:16:57 PST

Cc: djgpp-workers AT delorie DOT com

In-Reply-To: <Pine.SUN.3.91.971120191752.13311A-100000@is>; from "Eli Zaretskii" at Nov 20, 97 7:21 pm

Reply-To: andrewc AT rosemail DOT rose DOT hp DOT com

> Your DLL will have to use a software interrupt anyway, right?
No.  At least I don't think so.

>  Or are you 
> thinking about another way of calling it?
The whole NT Virtual Dos Drivers manual describes two ways of handling 
things.  The first is by relying on the protection method to 
generate exceptions when certain IO addresses or Memory addresses 
are written to.  It also has a way of hooking interrupts, but I'm
not sure if Int 21 gets up that far.  The second way is described
as Application Intercepts or BOPping.  Here, the application just
'calls' directly into the dll.  I haven't decoded the opcodes used
yet, so I am not sure if call is appropriate.  It may be that
an exception is generated which then calls the dll dispatch routine.
This way  requires changes to the 16 bit app, so in many cases 
is not an option (say providing sound support for old games under NT). 

To register a DLL a 16 bit app does a 

0xc4C45800

Then, to call into the dll a 16 bit app does a 

0xc4c45802
 
The catch being that register AX is used to tell it which dll to call
into, so is unavailable to the API to use.

> If it will be a software interrupt, then which one is easier to hook than 
> 21h?
Just about any should be.  My concern is that the VDM doesn't pass this
interrupt on.  There are plenty of unused interrupt on the x86.  It doesn't
necessarily have to be a standard dos one.  

> I'm afraid all of the rest (2Fh, for example) that could be used 
> for this goal are also hooked, probably by the same Virtual DOS Manager, 
> because many DOS programs use functions of 2Fh.
Sure but there are are tons of little used interrupts from 0x80-FF, as
well as seldom used ones from 0x21-80.  I will try hooking int 21, but 
I suspect that if possible, it could only be done from 
a kernel mode driver, which presents greater debugging challenges 
than the VDD.

Andy

--
_______       ___________________________________________________________
           /                       	                  Andrew Crabtree 
          /                          	      Workgroup Networks Division 
         ____       ___  /                                Hewlett-Packard 
        /     /    /    /   		                    Roseville, CA 
     __/   __/    _____/                                     916/785-1675
                 /                           andrewc AT rosemail DOT rose DOT hp DOT com
___________   __/   _____________________________________________________

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

From:	Andrew Crabtree <andrewc AT typhoon DOT rose DOT hp DOT com>
Message-Id:	<199711201816.AA167799817@typhoon.rose.hp.com>
Subject:	Re: LFN on NT
To:	eliz AT is DOT elta DOT co DOT il (Eli Zaretskii)
Date:	Thu, 20 Nov 1997 10:16:57 PST
Cc:	djgpp-workers AT delorie DOT com
In-Reply-To:	<Pine.SUN.3.91.971120191752.13311A-100000@is>; from "Eli Zaretskii" at Nov 20, 97 7:21 pm
Reply-To:	andrewc AT rosemail DOT rose DOT hp DOT com