From: ams AT ludd DOT luth DOT se (Martin Str|mberg) Newsgroups: comp.os.msdos.djgpp Subject: The endless int31 hooking debugging continued Date: 4 Jan 2000 10:36:30 GMT Organization: University of Lulea, Sweden Lines: 152 Message-ID: <84sife$ral$1@news.luth.se> NNTP-Posting-Host: queeg.ludd.luth.se X-Trace: news.luth.se 946982190 27989 130.240.16.109 (4 Jan 2000 10:36:30 GMT) X-Complaints-To: abuse AT luth DOT se NNTP-Posting-Date: 4 Jan 2000 10:36:30 GMT X-Newsreader: TIN [UNIX 1.3 950824BETA PL0] To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Reply-To: djgpp AT delorie DOT com I must be doing something wrong but I can't figure out what. When I run the program last in this mail in plain DOZE I get this crash dump (yes, it's all of it, only three lines): F:\HACKERY\DPMI_SEL>simple6 got interrupt vector General Protection Fault at eip=2407; flags=3016 eax=0000000d ebx=000000af ecx=0001465e edx=00014418 esi=00002548 edi=00002540 ebp=0000000d esp=0001ae14 cs=a7 ds=af es=af fs=8f gs=bf ss=af error=0000 When run in WINDOZE 4.1 (98) I get the "This program has performed and illegal op..." blurb saying "Fault Location: 0028:C0001FE7 Faulting component: VMM(01) + 00000FE7 Interrupts in service: None" Other similar versions of this program has managed to reboot the PC when run in WINDOZE - you have been warned. When I disassemble the code around EIP 2407 (with "objdump -D simple6.exe") I find this: 000023cb : 23cb: 66 8e c0 movw %ax,%es 23ce: 89 de movl %ebx,%esi 23d0: 8b 7d 1c movl 0x1c(%ebp),%edi 23d3: 83 ef 5c subl $0x5c,%edi 23d6: 89 7d 1c movl %edi,0x1c(%ebp) 23d9: 89 3d e8 24 00 movl %edi,0x24e8 23de: 00 23df: b9 10 00 00 00 movl $0x10,%ecx 23e4: fc cld 23e5: f3 a5 repz movsl %ds:(%esi),%es:(%edi) 23e7: 8b 43 00 movl 0x0(%ebx),%eax 23ea: 8b 73 10 movl 0x10(%ebx),%esi 23ed: 8b 7b 14 movl 0x14(%ebx),%edi 23f0: 8b 4b 08 movl 0x8(%ebx),%ecx 23f3: 66 8e 43 2c movw 0x2c(%ebx),%es 23f7: 5d popl %ebp 23f8: ff 73 04 pushl 0x4(%ebx) 23fb: ff 73 2a pushl 0x2a(%ebx) 23fe: c6 05 be 24 00 movb $0x0,0x24be 2403: 00 00 2405: 1f popl %ds 2406: 5b popl %ebx 2407: cb lret 00002408 : 2408: 50 pushl %eax 2409: 51 pushl %ecx 240a: 52 pushl %edx 240b: 2e 8b 1d ca 24 movl %cs:0x24ca,%ebx gcc version 2.81 and a recent (~1 week) cvs snapshot of djdev. Any ideas how to proceed? Right, MartinS ------ Start of simple6.c. ----- #include #include #include #include #include #include int _crt0_startup_flags = _CRT0_FLAG_LOCK_MEMORY; __dpmi_paddr old_addr, new_addr; void handler (void); void handler_end (void); char chain_str[] = "Chaining.\n\r"; __asm__ (".globl _handler _handler: /* Jump to previous handler. */ chain: pushl %eax pushl %ecx pushl %edx pushl $_chain_str call _cputs addl $4, %esp popl %edx popl %ecx popl %eax ljmp _old_addr .globl _handler_end _handler_end: nop"); int main (void) { int selector; __dpmi_paddr tmp_addr; if (__dpmi_get_protected_mode_interrupt_vector (0x31, &old_addr)) { fprintf (stderr, "can not get interrupt\n"); exit (EXIT_FAILURE); } printf ("got interrupt vector\n"); new_addr.selector = _my_cs (); new_addr.offset32 = (unsigned long) handler; if (__dpmi_set_protected_mode_interrupt_vector (0x31, &new_addr)) { fprintf (stderr, "can not set interrupt\n"); exit (EXIT_FAILURE); } printf ("set interrupt vector\n"); selector = __dpmi_allocate_ldt_descriptors (1); if (selector == -1) fprintf (stderr, "can not allocate selector\n"); else __dpmi_free_ldt_descriptor (selector); printf ("allocated LDT descriptor?\n"); while (__dpmi_get_protected_mode_interrupt_vector (0x31, &tmp_addr) || (tmp_addr.selector != new_addr.selector) || (tmp_addr.offset32 != new_addr.offset32) || __dpmi_set_protected_mode_interrupt_vector (0x31, &old_addr)) { fprintf (stderr, "can not restore interrupt\n"); system (""); } printf ("restored interrupt vector\n"); return EXIT_SUCCESS; } /* Local Variables: compile-command: "gcc -g -O2 -Wall -o simple6 simple6.c" End: */ ------ End of simple6.c. -----