** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� /* This work is registered directly with the copyright offices of the */ /* United States and of the United Kingdom, and indirectly in many other */ /* nations via the conventions the above are signatory to. */ /* Generous licensing terms are available on inquiry. */ I N T R O D U C T I O N This book is a technical reference. It is NOT a tutorial. Hopefully, this book is what you'll reach for when you want find out what Peter Norton or the "official" references glossed over. This manual is intended to replace the various (expensive) references needed to program for the DOS environment, that stack of magazines threatening to take over your work area, and those odd tables and charts you can never find when you need them. The various Microsoft and IBM publications and references don't always have the same information. This has caused some consternation about the "undocumented" features to be found in DOS. In general, if a call doesn't appear in the IBM DOS Technical Reference it is considered "undocumented" although it may be documented by other OEMs or by later Microsoft tech bulletins. The information here is valid for DOS 2.x through 5.x. Where there are differences between the two versions there are notes in the text. No great effort was expended on DOS 1.x. When I started writing this book, it was originally for my own personal use. Then I began expanding it with the idea of getting it published, since at that time there was *nothing* in print like it. (late 1987) If I had managed to send it off to the publishers early enough, I would have had it made. As it was I lost six months having a nice steel rod put in my leg after being run over by a drug addict in an uninsured car, and half a dozen similar books were published by then, and nobody was interested in mine. Six months is a long time in the PC world. That's why I'm uploading this file as "user-supported." It gives me a chance to recoup a few bucks for the time I've been working on this thing, and it gives some advantages that a printed book can't - first, you can load it on your hard disk and use Vern Buerg's LIST or SideKick to scan through text. You can grab a piece of something and paste it into a document, etc. If you help support the Reference you will always have the latest version available; you can't "upgrade" books. A project this size takes a LOT of time and effort. I've tried to verify as much of the information I've received as I could, but there's just too much for absolute certainty. The TechRef has been in the hands of some heavy-duty code jockeys for a couple of years now with very few bug reports, though. If you find any typos, incorrect information, or want to see something else, let me know. If you have any more detailed information on something, PLEASE let me know! Dave Williams D I S C L A I M E RAs is common these days, I have to make a "Notice of Disclaimer". I take no responsibility for anything, and if anything you do with this book ruins you for life or makes your dog bite you, or anything else, that's just tough. I hope you find much use for this reference. It was a trip to write, too. Dave Williams (C) Copyright 1987, 1992 /* note: the above disclaimer is being used as an example in the University */ /* of Texas' School of Law. Whether good or bad, my respondent didn't */ /* say... */ ______________________________________________________________________________ Copyrights and trademarks: (3COM Corporation) 3COM, Etherlink (Allied Telephone and Telegraph) UNIX, AT&T (Artisoft) LANtastic (AST Corporation) AST, RAMpage! (Atari Computer) Atari, ST, TOS (Borland) Borland, Turbo C, Turbo Pascal, Turbo Lightning, Turbo Assembler, SideKick (Commodore Business Machines) Amiga 2000, Bridge Board (Compaq Computer Corp.) Compaq, Deskpro (Cordata Computer) Corona, Cordata (Cove Software) CED, PCED (Digital Equipment Company) DEC, Rainbow, DECMate, DOS (uh... yeah. DEC owns the trademark to 'DOS') (Fox Research, Inc.) 10-Net (Graphic Software Systems) GSS, DGIS (Hayes) Smartmodem (Hercules Computer Technology) Hercules, HGC, Hercules Graphics Card Plus, InColor Card (IBM Corp.) IBM, PC, PCjr, PC/XT, PC/AT, XT/286, PS/2, TopView, Micro Channel, 3270 PC, RT PC, Token Ring, OS/2 (Intel Corp.) Intel, iAPX286, iAPX386, LIM EMS, Communicating Applications Standard (CAS) (Logitech, Inc) Logitech, Logimouse (Microsoft Corp.) Microsoft, MS, MS DOS, OS/2, Xenix, Windows, Windows/286, Windows/386, Microsoft Networks, LIM EMS, XMA, DPMI (Mouse Systems Corp.) Mouse Systems, PCMouse (Novell Development Corp.) Novell, NetWare (Phar Lap) VCPI, Virtual Control Program Interface (Qalitas) 386-To-The-Max, 386MAX (Quarterdeck Office Systems) DesQview, QEMM (SEAware, Inc) ARC (Softlogic) DoubleDOS (Sunny Hill Software) TaskView, OmniView (Tandy Corp.) Tandy, Radio Shack, DeskMate (Texas Instruments) TI, TI Professional, Business Professional, TIGA (TI Graphics Interface) (Zenith Radio Corporation) Zenith, Z-100, Z-248 (ZSoft Corporation) ShowPartner, Paintbrush "LIM 4.0" and "Expanded Memory Specification" are copyright Lotus Development Corp, Intel Corp, and Microsoft Corp. "EEMS", "AQA 3.1" and "Enhanced Expanded Memory Specification" are copyright by Ashton-Tate, Quadram, and AST "DPMI" and "DOS Protected Mode Interface" are copyright Lotus Development Corp, Intel Corp, Microsoft Corp, and AST Various other names are trademarks of their respective companies. ����������������������������������������������������������������������������ͻ � Programmer's Technical Reference for MSDOS and the IBM PC SWv2.2a � ����������������������������������������������������������������������������ͼ This is a user-supported technical reference. If you find this information to be of use, please mail your check or money order for US $20 + $1.75 S&H to: ������������������������������� � Dave Williams, DOSREF � � PO Box 181 � � Jacksonville, AR 72076-0181 � � USA � ������������������������������� Shipping is US Postal Service Air Mail. For non-Australian foreign orders, see the file 'PAYMENT'. Site licensing and product licensing terms are available. If you wish to make payment in Australian dollars, please mail your check or money order for AUS $29 or credit card information to to: ������������������������������� � Spearwood Shareware Service � � PO Box 121 � � Hamilton Hill, WA 6163 � � Australia � ������������������������������� Spearwood Shareware Service is our authorized Australian dealer. They will forward your order to the USA and you will receive the absolute latest version of DOSREF by airmail straight from the author. This means there will be about a three week delay before your order arrives. We appreciate your business! Spearwood is our dealer only; for support write or E-mail the author, Dave Williams, at the above address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Why support DOSREF instead of relying on one of those public domain "interrupt lists"? Sheer size, for one. Even in LHarc format DOSREF bulks out to over a megabyte, making it too large for most sysops to consider keeping online. Registered users also get support via: The Courts of Chaos BBS (TechRef support board) RIME/RelayNet BIX CompuServe airmail You get the very latest edition of this manual on disk, with no worries about corrupted or tampered text. DOSREF is a quality product, in use by the US Navy, CalTech, Borland, NEC, Wang, General Motors, Citicorp, Rockwell, Honeywell, Digital Research, Central Point Software, 20th Century Fox, Associated Press, hospitals, universities, and government agencies around the world. The Registered User reference consists of over a megabyte of the compressed technical reference, appendices, and sample source code. That's about three megabytes of raw data when uncompressed, or several times larger than the shareware version. The Registered User version contains information on device drivers, mouse programming, Virtual Control Program Interface, Microsoft Windows 2.x, hard drives, hardware information, virus and Trojan programs, EMS 3.2, LIM 4.0, EEMS 3.2, CD-ROM, network programming, DOS 5.0, and more. Registered users will be advised by mail of updates. Several people who have downloaded copies over three years old have written to see if I was still supporting the Reference. The answer is yes. Not only that, but my book contract calls for keeping the information current. If you're concerned, just drop a postcard. ***************************************************************************** Foreign langauge versions are available! Klaus Overhage of Stuttgart, West Germany has licensed DOSref for redistribution and is now able to provide versions in German. Klaus' version is a separate product from this one and must be purchased separately. Klaus is providing full support for German users. If you'd like a copy in German, please contact: Klaus Overhage Rosenstrasse 15 A 7000 Stuttgart 50 Germany I hope to have other languages available soon. If you are interested in purchase or translation, please contact me for details. ***************************************************************************** For payment in British pounds, Canadian dollars or EuroCheques, see INVOICE.TRF and PAYMENT. I fully support foreign users! If you're having trouble arranging payment, write (or leave EMail) and I'll try to work something out. Do you live outside the US? If so, you're probably familiar with the hassles of keeping up with the latest information - the three to five month lead time for US publication, plus time for local book dealers to catalog new releases, plus problems in trying to order... plus the delays while your book comes in on special order, goes through Customs, the inevitable price hikes through all the middlemen, taxes... not only is DOSREF priced well below the price of good printed computer books in the US, it's probably far cheaper than you could expect to pay for US books locally. Plus your order will show up in your very own mailbox by air mail. ***************************************************************************** Printed copies of the Tech Ref are available for �16.95 or US$35.10 from Sigma Press, marketed by John Wiley & Sons UK. Address orders to: Programmer's Technical Reference by Dave Williams ISBN 185058-199-1 John Wiley & Sons Baffins Lane Chichester West Sussex PO19 1UD England They accept checks, most credit cards, or purchase orders. ***************************************************************************** The latest shareware version is always available on BIX the ibm.dos/listings area, the GEnie IBM file area, or: The Courts of Chaos, (501)985-0059, (support BBS) CompuCom 9600 The Cat House, (501)376-6909, (sysop: Joe Felix) CompuCom 9600 RelayNet node ->CHAOS send mail in COMMON or MULTITSK (I'm the Conference Host for Multitask) MetroNet node ->CHAOS send mail in METRONET The DRAKE BBS, (0522) 824379, (sysop: Paolo Masetti) Langhirano, Italy FIDOnet 2:332/502 GroupMed, (206) 581-9088 (sysop: Ismail Arslangiray) Tacoma WA, USA FIDOnet 1:138/120 2400bps, 1:138/116 9600bps USR HST instant access, latest DOSREF is FREQable ***************************************************************************** Shareware is try-before-you buy software. If you find this package to be of use you should consider registering. Registered users get the complete version, support, and updates. If you received this copy of DOSREF from a shareware vendor the money you paid was only for the diskette, not the software. Dave Williams is a member of the User Supported Software Association (ussa). ussa wants to make sure that the user supported software principle works for you. If you are unable to resolve a software-related problem with a ussa member by contacting the member directly, ussa may be able to help. The ussa Mediator can help you resolve a dispute or problem with a ussa member, but does not provide technical support for members' products. Please write to the ussa Mediator at Box 1000, London SE17 2UA, England. ������Ŀ �������� ������Ŀ ������Ĵ Approved �� �ڿ� Author ����ٳ�� �������� User - �� �ڿ� Supported ����ٳ�� Software ������ô Association ��Ŀ� �� ������ٳ �������� ussa How to use DOSREF This reference changes so often that any attempt to format it for pagination would be a tremendous waste of time. Simply printing the thing out and letting the pagebreaks fall where they may is how most people do it. The neatest solution is Vern Buerg's LIST.COM or SideKick's file view function. If your editor has multiple-window support, you can open a small window into the Reference and cut and paste into your source. An efficient method of using the Reference is to concatenate all the chapters together with the COPY command, ie COPY CONTENTS + CHAPTER.001 + CHAPTER.002 + ..... + CHAPTER.017 REF. (REF being the new file name for the concatenated files.) With LIST.COM, the backslash (\) or F9 key will search for strings. You can then dump pieces of text to a disk file or your printer. If you work better with a printout than scanning with a file viewer, try setting your printer to 132 columns. This allows a nice margin for writing notes and eliminates the problem some printers have when printing 80 character wide text. Some of the text and charts in the reference are a full 80 columns wide; unfortunately some printers wrap automatically at 79 columns. Some printers don't handle a combination of compressed print and graphics characters very well either. You may have to use the PRTRFIX.COM program provided on Disk 1 to squelch the graphics for printing. I strongly recommend using a viewer instead of printing. If you *must* print the Reference out, do it in stages so your printer does not overheat. Some inexpensive printers will self-destruct after a couple of hours. ** Programmer's Technical Reference for MSDOS and the IBM PC ** Copyright (c) 1987, 1992 Dave Williams This is a listing of some of the new stuff added to the Reference. I didn't keep a version list until 2.0; lots of stuff gets added between version numbers. 09/87 first shareware release of the reference 11/87 LIM 3.2 functions 01/88 LIM 4.0 spec 05/88 AST EEMS 3.2 spec 06/88 DesQview and TopView calls, NetBIOS calls 07/88 Intel CAS 1.0 spec 12/88 Microsoft XMA 2.0 standard 03/89 Microsoft Windows 1.03 API 04/89 porting between operating systems 04/89 video programming 04/89 more networking 04/89 mouse programming 04/89 table of contents at beginning of each chapter 06/89 major bugfixes and verification of data 09/89 Microsoft TSR Programming Guidelines 1.0 (provisional) 10/89 PharLap VCPI 1.0 10/89 LANtastic network API 10/89 PC-MOS/386 4.00 partial API 10/89 partial DesQview and TopView 10/89 further updates to MS Windows API 12/89 PCjr cartridge support in DOS 12/89 more info on European multitasking DOS 4.0 12/89 added some paint program formats 12/89 info on computer viruses and Trojan Horses 06/90 expanded sysid ID codes in Chapter 2 07/90 add Connor Peripheral drives to Appendix 6 07/90 add Imprimis drives to Appendix 6 08/90 Weitek x167 math coprocessor interfaces 10/90 info on Pelican/Kodak 5.5mb 5-1/4 floppy drives 10/90 added info in IBM PC LAN and Token Ring API 11/90 int 10h functions for EGALOAD font loader, LANtastic AI-LANBIOS 2Fh calls, CopyIIPC board ports, UMB definition in Chap2, updated Appendix 11 (glossary), added new Appendix 21 (hotkey definitions), completely reworked partition tables in Chapter 8 12/90 added more network functions from IBM PC LAN reference Version 2.0 released! 01/91 EISA access ports, more Carbon Copy int 10h calls, more history of DOS, changes to partition table info in Chapter 8, more info on IRQ7/int17, more info on eDOS 4.0, Pelican I/O ports, CopyII board I/O ports, added network info to int 21h calls, added DOS 1.x info to int 21h calls, added ARJ archive format to Appendix 15 02/91 added DHELP.BAT to DOSCMDS. Lots of new ravings in MISCSTUF. STB VGA modes added to chap16, ADT SmartFAX function calls, 8250 UART coverage, 8237 DMA Controller coverage, NEC 765 floppy controller chip coverage, more coverage on AT int 70h timer, more Novell calls, GriD ID bytes and specific BIOS functions, Leading Edge Model M undocumented BIOS 1Ah functions, Versa-Spool interrupts, ZIPKEY int 0B3h calls 04/91 extensive additions of network card port addresses to Chapter 2 extensive additions to hard drive listings 05/91 added Appendix 22, Sound Blaster API added Appendix 23, French-Canadian accented character chart moved XMS spec from Chapter 5 to Chapter 10, since many people missed it buried in the 2Fh calls. added more Desqview programming information 06/91 removed obsolete TIFF information; Aldus will give the latest spec to anyone who asks. Put TIFF hotline number in Appendix 20. added CIS GIF file format, by permission of H&R Block and CIS. added PCX file format, by permission of ZSoft. added DOS 5 mods and new information to ASSIGN in Chapter 5. 07/91 received permission from VESA to redistribute VESA documents. documented SWITCHAR no longer works in 5.0 int 2Fh/fn 4Ah DOS 5 HMA services (partial) int 21h/fn 33h DOS 5 "real" DOS version call more information on 21h/60h (TRUENAME) and networks, Win3 added 8250 info back to Chapter 15 moved CIS GIF file format to Appendix 24 hex chart Version 2.1 released 08/91 added more DV info to int 10h/0FEh added int 21h and int 2Fh calls for DOS 5.0 from MS 5.0 Tech Ref moved DoubleDOS functions from Chapter 4 to Chapter 17 added how to detect VDISK, some DV info to chap3, 15h/87h more info on chap3, 15h/83h and 86h, AT int70 timer functions more into on Create Temporary File changes under MS and DR 5.0 more model ID bytes in chapter 2 noted potential problems with MSC int86() and ints 25h, 26h added CheckIt parallel loopback tester pinout greatly enhanced bibliography (50 new entries!) more info on the history of the PCjr included Raintree's nice information file on DOS4 and SHARE IBM-to-Mac serial cable adapter pinouts more on 2Fh/16h, DOS give-up-time (used by OS/2 2.0 and Win3 too) port addresses on Logitech ScanMan board Microsoft TSR Specification 1.0 as Appendix 26 AT&T 6300 BIOS Data Area problem, Chapter 2 more info on int 15h,fn 4Fh (OS Hook) ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� The rest of the chapters aren't included in this shareware demonstration package. Since the complete manual takes about 1000k even compressed in LHarc format, something had to give somewhere. Here's a sample of what you're missing: DOS 5 information (mainly in registered chapters 4, and 5) (Chapters 1, 2, and 3 are the same as the registered version, less additions since this demo was released) TABLE OF CONTENTS INTRO Introduction, credits, copyrights CHAPTER 1 DOS and the PC Some History .......................................................... 1**1 What is DOS? .......................................................... 1**2 Other Operating Systems ............................................... 1**3 Specific Versions of MS/PC-DOS ........................................ 1**4 The Operating System Heirarchy ........................................ 1**5 DOS Structure ......................................................... 1**6 DOS Initialization .................................................... 1**7 CHAPTER 2 Low Memory and Absolute Addresses Introduction .......................................................... 2**1 System Memory Map ..................................................... 2**2 A Brief Guide to Current Memory Terminology ........................... 2**3 PC Port Assignment .................................................... 2**4 Reserved Memory Locations ............................................. 2**5 Absolute Addresses .................................................... 2**6 The IBM PC System Interrupts (Overview) ............................... 2**7 Quick Chart of Interrupts 00h-0FFh .................................... 2**8 The IBM-PC System Interrupts 00h-0Fh (in detail) ...................... 2**9 CHAPTER 3 The IBM ROM BIOS Calling the ROM BIOS .................................................. 3**1 Interrupt 10h Video Services ......................................... 3**2 Interrupt 11h Equipment Check ........................................ 3**3 Interrupt 12h Memory Size ............................................ 3**4 Interrupt 13h Disk Functions ......................................... 3**5 Interrupt 14h Initialize and Access Serial Port ...................... 3**6 FOSSIL Drivers ......................................... 3**7 Interrupt 15h Cassette I/O ........................................... 3**8 Interrupt 16h Keyboard I/O ........................................... 3**9 Interrupt 17h Printer ................................................ 3**10 Interrupt 18h ROM BASIC .............................................. 3**11 Interrupt 19h Bootstrap Loader ....................................... 3**12 Interrupt 1Ah Time of Day ............................................ 3**13 Interrupt 1Bh Control-Break .......................................... 3**14 Interrupt 1Ch Timer Tick ............................................. 3**15 Interrupt 1Dh Vector of Video Initialization Parameters .............. 3**16 Interrupt 1Eh Vector of Diskette Controller Parameters ............... 3**17 Interrupt 1Fh Ptr to Graphics Character Extensions (Graphics Set 2) .. 3**18 CHAPTER 4 DOS Function Requests General Programming Guides ............................................ 4**1 DOS Registers ......................................................... 4**2 DOS Stacks ............................................................ 4**3 DOS Interrupts ........................................................ 4**4 Interrupt 20h (Terminate) ............................................. 4**5 DOS Services (quick list) ............................................. 4**6 Calling the DOS Services .............................................. 4**7 Version Specific Information .......................................... 4**8 Compatibility Problems With DOS 4.0+ .................................. 4**9 PCjr Cartridge Support ................................................ 4**10 eDOS 4.0 .............................................................. 4**11 DOS Services in Detail ................................................ 4**12 CHAPTER 5 Interrupts 22h through 0FFh Interrupt 22h Terminate Address ..................................... 5**1 Interrupt 23h Ctrl-Break Exit Address ............................... 5**2 Interrupt 24h Critical Error Handler ................................ 5**3 Interrupt 25h Absolute Disk Read .................................... 5**4 Interrupt 26h Absolute Disk Write ................................... 5**5 Interrupt 27h Terminate And Stay Resident ........................... 5**6 Interrupt 28h (not documented by Microsoft) ......................... 5**7 Interrupt 29h (not documented by Microsoft) ......................... 5**8 Interrupt 2Ah Microsoft Networks - Session Layer Interrupt .......... 5**9 Interrupt 2Bh Unknown ............................................... 5**10 Interrupt 2Ch Unknown ............................................... 5**11 Interrupt 2Dh Unknown ............................................... 5**12 Interrupt 2Eh Alternate EXEC (DOS 2.0+) ............................. 5**13 Interrupt 2Fh Multiplex Interrupt ................................... 5**14 Interrupt 30h FAR jump instruction for CP/M-style calls ............. 5**15 Interrupt 31h Unknown ............................................... 5**16 Interrupt 32h Unknown ............................................... 5**17 Interrupt 33h Used by Microsoft Mouse Driver Function Calls ......... 5**18 Interrupt 34h Turbo C/Microsoft languages - Floating Point emulation 5**19 Interrupt 35h Turbo C/Microsoft languages - Floating Point emulation 5**20 Interrupt 36h Turbo C/Microsoft languages - Floating Point emulation 5**21 Interrupt 37h Turbo C/Microsoft languages - Floating Point emulation 5**22 Interrupt 38h Turbo C/Microsoft languages - Floating Point emulation 5**23 Interrupt 39h Turbo C/Microsoft languages - Floating Point emulation 5**24 Interrupt 3Ah Turbo C/Microsoft languages - Floating Point emulation 5**25 Interrupt 3Bh Turbo C/Microsoft languages - Floating Point emulation 5**26 Interrupt 3Ch Turbo C/Microsoft languages - Floating Point emulation 5**27 Interrupt 3Dh Turbo C/Microsoft languages - Floating Point emulation 5**28 Interrupt 3Eh Turbo C/Microsoft languages - Floating Point emulation 5**29 Interrupt 3Fh Overlay Manager Interrupt (Microsoft LINK.EXE) ........ 5**30 Interrupt 40h Hard Disk BIOS ........................................ 5**31 Interrupt 41h Hard Disk Parameters .................................. 5**32 Interrupt 42h Pointer to screen BIOS entry .......................... 5**33 Interrupt 43h Pointer to EGA Graphics Character Table ............... 5**34 Interrupt 44h Pointer to graphics character table ................... 5**35 Interrupt 45h Reserved by IBM (not initialized) .................... 5**36 Interrupt 46h Pointer to second hard disk parameter block ........... 5**37 Interrupt 47h Reserved by IBM (not initialized) .................... 5**38 Interrupt 48h Cordless Keyboard Translation ......................... 5**39 Interrupt 49h Non-keyboard Scan Code Translation Table Address (PCjr) 5**40 Interrupt 4Ah Real-Time Clock Alarm (Convertible, PS/2) ............. 5**41 Interrupt 4Bh Reserved by IBM (not initialized) .................... 5**42 Interrupt 4Ch Reserved by IBM (not initialized) .................... 5**43 Interrupt 4Dh Reserved by IBM (not initialized) .................... 5**44 Interrupt 4Eh Reserved by IBM (not initialized) .................... 5**45 Interrupt 4Fh Reserved by IBM (not initialized) .................... 5**46 Interrupt 50-57 IRQ0-IRQ7 Relocation .................................. 5**47 Interrupt 58h Reserved by IBM (not initialized) .................... 5**48 Interrupt 59h Reserved by IBM (not initialized) .................... 5**49 Interrupt 5Ah Reserved by IBM (not initialized) ................... 5**50 Interrupt 5Bh Reserved by IBM (not initialized) .................... 5**51 Interrupt 5Ah Cluster Adapter BIOS entry address .................... 5**52 Interrupt 5Bh Reserved by IBM (not initialized) .................... 5**53 Interrupt 5Ch NETBIOS interface entry port, TOPS .................... 5**54 Interrupt 5Dh Reserved by IBM (not initialized) .................... 5**55 Interrupt 5Eh Reserved by IBM (not initialized) .................... 5**56 Interrupt 5Fh Reserved by IBM (not initialized) .................... 5**57 Interrupt 60h-67h User Program Interrupts ............................ 5**58 Interrupt 60h Network OS Interface .................................. 5**59 Interrupt 67h Expanded Memory Board Driver Interrupt ................ 5**60 Interrupt 68h Not Used (not initialized) ........................... 5**61 Interrupt 69h Not Used (not initialized) ........................... 5**62 Interrupt 6Ah Not Used (not initialized) ........................... 5**63 Interrupt 6Bh Not Used (not initialized) ........................... 5**64 Interrupt 6Ch System Resume Vector (Convertible) .................... 5**65 Interrupt 6Dh Not Used (not initialized) ........................... 5**66 Interrupt 6Eh Not Used (not initialized) ........................... 5**67 Interrupt 6Fh 10-Net API............................................. 5**68 Interrupt 70h IRQ 8, Real Time Clock Interrupt (AT, XT/286, PS/2) ... 5**69 Interrupt 71h IRQ 9, Redirected to IRQ 8 (AT, XT/286, PS/2) ......... 5**70 Interrupt 72h IRQ 10 (AT, XT/286, PS/2) Reserved .................. 5**71 Interrupt 73h IRQ 11 (AT, XT/286, PS/2) Reserved .................. 5**72 Interrupt 74h IRQ 12 Mouse Interrupt (PS/2) ........................ 5**73 Interrupt 75h IRQ 13, Coprocessor Error (AT) ........................ 5**74 Interrupt 76h IRQ 14, Hard Disk Controller (AT, XT/286, PS/2) ....... 5**75 Interrupt 77h IRQ 15 (AT, XT/286, PS/2) Reserved ................... 5**76 Interrupt 78h Not Used .............................................. 5**77 Interrupt 79h Not Used .............................................. 5**78 Interrupt 7Ah Reserved .............................................. 5**79 Interrupt 7Bh-7Eh Not Used by IBM .................................... 5**80 Interrupt 7Ch REXX-PC API ........................................... 5**81 Interrupt 7Fh IBM 8514/A Graphics Adapter API ....................... 5**82 Interrupt 80h-85h Reserved by BASIC .................................. 5**83 Interrupt 86h Int 18 when relocated by NETBIOS ...................... 5**84 Interrupt 86h-0F0h Used by BASIC when BASIC interpreter is running ... 5**85 Interrupt 0A4h Right Hand Man API .................................... 5**86 Interrupt 0D4h PC-MOS/386 API ........................................ 5**87 Interrupt 0E0h Digital Research CP/M-86 function calls ............... 5**88 Interrupt 0E1h PC Cluster Disk Server Information .................... 5**89 Interrupt 0E2h PC Cluster Program .................................... 5**90 Interrupt 0E4h Logitech Modula-2 v2.0 Monitor Entry ................ 5**91 Interrupt 0E5h Not Used .............................................. 5**92 Interrupt 0E6h Not Used .............................................. 5**93 Interrupt 0E7h Not Used .............................................. 5**94 Interrupt 0E8h Not Used .............................................. 5**95 Interrupt 0E9h Not Used .............................................. 5**96 Interrupt 0EAh Not Used .............................................. 5**97 Interrupt 0EBh Not Used .............................................. 5**98 Interrupt 0ECh Not Used .............................................. 5**99 Interrupt 0EDh Not Used ............................................. 5**100 Interrupt 0EEh Not Used ............................................. 5**101 Interrupt 0EFh GEM interface (Digital Research) ..................... 5**102 Interrupt 0F0h unknown .............................................. 5**103 Interrupts 0F1h-0FFh (absolute addresses 3C4h-3FFh) ................. 5**104 Interrupt 0F4h Not Used ............ ................................ 5**105 Interrupt 0F5h Not Used ............ ................................ 5**106 Interrupt 0F8h Set Shell Interrupt (OEM) ............................ 5**107 Interrupt 0F9h Reserved ............................................. 5**108 Interrupt 0FAh USART ready (RS-232C) ................................ 5**109 Interrupt 0FBh USART RS ready (keyboard) ............................ 5**110 Interrupt 0FCh Unknown ...............................................5**111 Interrupt 0FDh reserved for user interrupt .......................... 5**112 Interrupt 0FEh reserved by IBM ...................................... 5**113 Interrupt 0FFh reserved by IBM ...................................... 5**114 CHAPTER 6 DOS Control Blocks and Work Areas DOS Address Space ..................................................... 6**1 Storage Blocks ........................................................ 6**2 Disk Transfer Area (DTA) .............................................. 6**3 Program Segment Prefix ................................................ 6**4 Memory Control Blocks ................................................. 6**5 DOS Program Segment ................................................... 6**6 CHAPTER 7 DOS File Information File Management Functions ............................................. 7**1 FCB Function Calls .................................................... 7**2 Handle Function Calls ................................................. 7**3 Special File Handles .................................................. 7**4 Raw and Cooked File I/O ............................................... 7**5 Number of Open Files Allowed ......................................... 7**6 Restrictions on FCB Usage ............................................. 7**7 Restrictions on Handle usage .......................................... 7**8 Allocating Space to a File ............................................ 7**9 MSDOS / PCDOS Differences ............................................. 7**10 .COM File Structure ................................................... 7**11 .EXE File Structure ................................................... 7**12 The Relocation Table .................................................. 7**13 "NEW" .EXE Format (Microsoft Windows and OS/2) ........................ 7**14 Standard File Control Block ........................................... 7**15 Extended File Control Block ........................................... 7**16 Disk Transfer Area .................................................... 7**17 CHAPTER 8 DOS Disk Information The DOS Area .......................................................... 8**1 The Boot Record ....................................................... 8**2 DOS File Allocation Table (FAT) ....................................... 8**3 Media Descriptor Byte ......................................... 8**4 12 Bit FATs ................................................... 8**5 16 Bit FATs ................................................... 8**6 32 Bit FATs ................................................... 8**7 DOS Disk Directory .................................................... 8**8 The Data Area ......................................................... 8**9 Floppy Disk Types ..................................................... 8**10 Hard Disk Layout ...................................................... 8**11 System Initialization ................................................. 8**12 Boot Record/Partition Table ........................................... 8**13 Hard Disk Technical Information ....................................... 8**14 Determining Hard Disk File Allocation ................................. 8**15 BIOS Disk Functions ................................................... 8**16 CHAPTER 9 Device Drivers CHAPTER 10 Lotus/Intel/Microsoft Expanded Memory Specification History ............................................................... 10**1 Uses of Expanded Memory ............................................... 10**2 DOS and Expanded Memory ............................................... 10**3 Different Memory Types ................................................ 10**4 AST/Quadram/Ashton-Tate Enhanced EMM .................................. 10**5 EMS Address Space Map ................................................. 10**6 Writing Programs That Use Expanded Memory ............................. 10**7 Page Frames ........................................................... 10**8 Calling the Manager ................................................... 10**9 Detecting EMS ......................................................... 10**10 Terminate and Stay Resident (TSR) Program Cooperation ................. 10**11 Expanded Memory Services Quick List ................................... 10**12 Expanded Memory Services .............................................. 10**13 LIM 3.2 Specification ......................................... 10**14 LIM 4.0 Specification ......................................... 10**15 AQA EEMS 3.2 Specification .................................... 10**16 VCPI API 1.0 .................................................. 10**17 Expanded Memory Manager Error Codes ................................... 10**18 Microsoft Extended Memory Specification 2.0 ........................... 10**19 CHAPTER 11 Conversion Between Operating Systems Overview .............................................................. 11**1 Special Considerations ................................................ 11**2 Example Operating Systems ............................................. 11**3 Atari ST .............................................................. 11**4 CP/M .................................................................. 11**5 MacOS ................................................................. 11**6 AmigaDOS .............................................................. 11**7 OS/2 .................................................................. 11**8 UNIX .................................................................. 11**9 CHAPTER 12 Microsoft Windows API Overview .............................................................. 12**1 Programming Windows ................................................... 12**2 Versions .............................................................. 12**3 Functions ............................................................. 12**4 Error Codes ........................................................... 12**5 CHAPTER 13 Network APIs FTP Driver - PC/TCP Packet Driver Specification ....................... 13**1 10-Net Network ........................................................ 13**2 LANtastic LANOS API ................................................... 13**3 Novell NetWare 2.11 API ............................................... 13**4 APPC/PC ............................................................... 13**5 CHAPTER 14 Mouse Programming General Information ................................................... 14**1 Register Usage ........................................................ 14**2 Interrupt 33h Function Requests ....................................... 14**3 Interrupt 10h Function Requests ....................................... 14**4 CHAPTER 15 Register-Level Programming 8555 Peripheral Interface ............................................. 15**1 8259 Interrupt Controller ............................................. 15**2 AT CMOS RAM Configuration ............................................. 15**3 CHAPTER 16 Video Programming Quick List of BIOS Interrupt 10h Functions ............................ 16**1 BIOS Interrupt 10h Functions in Detail ................................ 16**2 CHAPTER 17 Multitasking Shells Introduction .......................................................... 17**1 Programming Practices ................................................. 17**2 TopView/DESQview API (interrupt 15h, "System Services" interface) ..... 17**3 TopView/DESQview API (interrupt 16h, "BIOS Video" interface) .......... 17**4 CHAPTER 18 Viruses and Trojan Horses CHAPTER 19 Tips and Tricks MISCSTUF Miscellaneous Stuff AFTERWRD Afterword CREDITS Credits and Bibliography A P P E N D I C E S APPENDIX 1 Keyboard scan code chart APPENDIX 2 ASCII character chart APPENDIX 3 IBM PC character set APPENDIX 4 IBM PC error code listing APPENDIX 5 Addresses of various manufacturers APPENDIX 6 Hard disk information APPENDIX 7 Floppy and Tape Devices APPENDIX 8 Pinouts of various connectors on the IBM PC APPENDIX 9 Sizes of various drivers installed in CONFIG.SYS APPENDIX 10 Common modem instruction sets APPENDIX 11 Glossary of computer terminology APPENDIX 12 Various busses used in MSDOS machines APPENDIX 13 Common filename extensions APPENDIX 14 Clock speeds of various expansion cards APPENDIX 15 Header formats used by various archive utilities APPENDIX 16 Miscellaneous Hardware Information APPENDIX 17 HP LaserJet Setup Codes APPENDIX 18 ANSI.SYS Escape Sequences APPENDIX 19 DEC VT100 Escape Sequences APPENDIX 20 Various Paint Program Formats APPENDIX 21 Some Commonly Used Hot-Keys APPENDIX 22 Sound Blaster API APPENDIX 23 French-Canadian accented character chart APPENDIX 24 Compuserve Graphic Image Format '89a APPENDIX 25 Hex Chart APPENDIX 26 Microsoft TSR Specification 1.0 ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R O N E DOS AND THE IBM PC C O N T E N T S Some History .......................................................... 1**1 What is DOS? .......................................................... 1**2 Other Operating Systems ............................................... 1**3 Specific Versions of MS/PC-DOS ........................................ 1**4 The Operating System Heirarchy ........................................ 1**5 DOS Structure ......................................................... 1**6 DOS Initialization .................................................... 1**7 SOME HISTORY����������������������������������������������������������� 1**1 Development of MSDOS/PCDOS began in October 1980, when IBM began searching the market for an operating system for the yet-to-be-introduced IBM PC. Microsoft had no 8086 real operating system to sell, but quickly made a deal to license Seattle Computer Products' 86-DOS operating system, which had been written by Tim Paterson earlier in 1980 for use on that company's line of 8086, S100 bus micros. 86-DOS (also called QDOS, for Quick and Dirty Operating System) had been written as more or less a 16-bit version of CP/M, since Digital Research was showing no hurry in introducing CP/M-86. This code was quickly polished up and presented to IBM for evaluation. IBM had originally intended to use Digital Research's CP/M operating system, which was the industry standard at the time. Folklore reports various stories about the rift between DRI and IBM. The most popular story claims Gary Kildall or DRI snubbed the IBM executives by flying his airplane when the meeting was scheduled. Another story claims Kildall didn't want to release the source for CP/M to IBM, which would be odd, since they released it to other companies. One noted industry pundit claims Kildall's wife killed the deal by insisting on various contract changes. I suspect the deal was killed by the good ol'boy network. It's hard to imagine a couple of junior IBM executives giving up when ordered to a task as simple as licensing an operating system from a vendor. Wouldn't look good on their performance reports. It would be interesting to hear IBM's story... IBM found itself left with Microsoft's offering of "Microsoft Disk Operating System 1.0". An agreement was reached between the two, and IBM agreed to accept 86-DOS as the main operating system for thir new PC. Microsoft purchased all rights to 86-DOS in July 1981, and "IBM Personal Computer DOS 1.0" was ready for the introduction of the IBM PC in October 1981. IBM subjected the operating system to an extensive quality-assurance program, reportedly found well over 300 bugs, and decided to rewrite the programs. This is why PC-DOS is copyrighted by both IBM and Microsoft. Some early OEM versions of DOS had different names, such as Compaq-DOS, Z-DOS, Software Bus 86, etc. By version 2 Microsoft managed to persuade everyone but IBM to refer to the product as "MS-DOS." It is sometimes amusing to reflect on the fact that the IBM PC was not originally intended to run MSDOS. The target operating system at the end of the development was for a (not yet in existence) 8086 version of CP/M. On the other hand, when DOS was originally written the IBM PC did not yet exist! Although PC-DOS was bundled with the computer, Digital Research's CP/M-86 would probably have been the main operating system for the PC except for two things - Digital Research wanted $495 for CP/M-86 (considering PC-DOS was essentially free) and many software developers found it easier to port existing CP/M software to DOS than to the new version of CP/M. The upgrade from DOS 3.3 to 4.0 was done in-house by IBM. DOS 4.0 was a completely IBM product, later licensed back to Microsoft. In early 1990 IBM announced that it was ceasing development of DOS and all further work would be done solely by Microsoft. Microsoft Press' "MSDOS Encyclopedia" shows a reproduction of a late DOS 1.25 OEM brochure. Microsoft was touting future enhancements to 1.25 including Xenix-compatible pipes, process forks, and multitasking, as well as "graphics and cursor positioning, kanji support, multi-user and hard disk support, and networking." Microsoft certainly thought big, but, alas, the forks, multitasking, and multiuser support never came about, at least in US versions of DOS. Oddly, the flyer claims that "MS-DOS has no practical limit on disk size. MS-DOS uses 4-byte XENIX OS compatible pointers for file and disk capacity up to 4 gigabytes." Umm... yeah. One sort of gets the idea nobody at Microsoft had a hard disk larger than 32 megabytes... For the record they actually delivered: Xenix-compatible pipes DOS 2.0 ("|" operator) process forks, and multitasking eDOS 4.0 (not delivered in the US) multi-user never delivered graphics and cursor positioning DOS 2.0 (ANSI.SYS, more than likely) kanji support DOS 2.01, 2.25 (double-byte char set) hard disk support DOS 2.0 (subdirectories) networking DOS 3.1 (file locking, MS Networks) Early Microsoft ads pumped DOS' Xenix-like features and promised Xenix functionality in future releases. We'll probably never know what the real story was behind eDOS/DOS 4/ DOS 5/286DOS/OS2. Microsoft had announced their intent to build a multitasking, multiuser version of MSDOS as early as 1982. They shipped betas of "DOS 4.0" in '86 and early '87, before 3.3 was even announced. Microsoft UK announced they had licensed 4.0 to Apricot Computer, and the French Postal Service was supposed to be running it. I've never been able to find out if Apricot ever shipped any 4.0 to end users. Despite Gordon Letwin's acid comments about problems with the 80286 processor, I doubt the '286 was the barrier between users and a multitasking MSDOS. I also doubt there was any shortage of programming talent at Microsoft - Digital Research's Concurrent DOS and Software Link's PC-MOS were developed without undue trouble. MSDOS and PC-DOS have been run on more than just the IBM-PC and clones. Some of the following have been done: Hardware PC Emulation: Apple II -> TransPC 8088 board Apple MacIntosh -> AST 80286 board Atari 400/800 -> Co-Power 88 board Atari ST -> PC-Ditto II cartridge Commodore Amiga 2000 -> 8088 or A2286D 80286 Bridge Board IBM PC/RT -> 80286 AT adapter Kaypro 2 -> Co-Power Plus board Software PC Emulation: Apple MacIntosh -> SoftPC Atari ST -> PC-Ditto I IBM RS/6000 -> DOS emulation DOS Emulation: AIX (IBM RS/6000) -> DOS emulation with "PCSIMulator" OS/2 -> DOS emulation in "Compatibility Box" QNX -> DOS window SunOS -> DOS window Xenix -> DOS emulation with DOSMerge WHAT IS DOS?����������������������������������������������������������� 1**2 DOS exists as a high-level interface between an application program and the computer. DOS stands for "Disk Operating System", which reflects the fact that its main original purpose was to provide an interface between the computer and its disk drives. DOS now lets your programs do simple memory management, I/O from the system console, and assorted system tasks (time and date, etc) as well as managing disk operations. Versions 3.1 and up also incorporate basic networking functions. With the introduction of installable device drivers and TSR (terminate but stay resident) programs in DOS 2.0, the basic DOS functions may be expanded to cover virtually any scale of operations required. OTHER OPERATING SYSTEMS������������������������������������������������ 1**3 There are a number of compatible replacements for Microsoft's MSDOS. Some are: Alloy 386 Multiware (multitasking control prog, licensed DOS) Consortium Technologies MultiDOS (multitasking, multiuser) Digital Research Concurrent DOS (multitasking) Digital Research Concurrent DOS 386 (for 80386 computers) Digital Research Concurrent DOS XM (multitasking, multiuser) Digital Research DR-DOS 3.31 and 5.0 (PC-DOS clones) Digital Research Multiuser DOS (multitasking, multiuser) PC-MOS/386 (multitasking, multiuser) Wendin-DOS (multitasking, multiuser) VM/386 (multitasking) Various other operating systems are available for the IBM PC. These include: Digital Research CP/M-86 Digital Research Concurrent CP/M-86 (multitasking) Minix (multitasking UNIX workalike) Pick (database-operating system) QNX (multitasking, multiuser) UNIX (various systems from IBM itself, Microsoft-SCO, Bell, and various UNIX clones, single and multi user) (AIX, Xenix, AT&T System V, etc.) "Shell" programs exist which use DOS only for disk management while they more or less comprise a new operating system. These include: DesQview Windows OmniView GEM TopView TaskView GeoWorks Systems using the NEC V-series CPUs can execute Intel 8080/8085 8-bit instructions as well as the 16-bit 8088-up instructions. They can run standard Digital Research 8-bit CP/M and MP/M directly, as well as other operating systems developed for that processor. SPECIFIC VERSIONS OF MS/PC-DOS����������������������������������������� 1**4 DOS 1.x is essentially 86-DOS. DOS 2.x kept the multiple file layout (the two hidden files and COMMAND.COM) but for all practical purposes is an entirely different operating system with backwards compatibility with 1.x. I seriously doubt there has been much code from 1.x retained in 2.x. DOS 3.x is merely an enhancement of 2.x; there seems little justification for jumping a whole version number. The disk handling routines were considerably extended in 3.1, allowing disk access in a "virtual" fashion, independent of whether the drive was a local or network device. DOS 4.0, originating as it did from outside Microsoft, can justify a version jump. Unfortunately, 4.0 seemed to have very little reason to justify its existence - virtually all of its core features could be found in one version or another of DOS 3.x. According to Microsoft's Gordon Letwin, DOS 5.0 was a complete rewrite with the kernel done in hand optimized assembly language. DOS version nomenclature: major.minor.minor. The digit to the left of the decimal point indicates a major DOS version change. 1.0 was the first version. 2.0 added support for subdirectories, 3.0 added support for networking, 4.0 added some minimal support for Lotus-Intel-Microsoft EMS. The first minor version indicates customization for a major application. For example, 2.1 for the PCjr, 3.3 for the PS/2s. The second minor version does not seem to have any particular meaning. The main versions of DOS are: 86-DOS February 1981 Paterson's Quick'n'Dirty DOS first runs on PC PC-DOS 1.0 August 1981 original IBM release PC-DOS 1.05 -------- ---- fixes to BASIC interpreter PC-DOS 1.1 June 1982 bugfix, double sided drive support MS-DOS 1.25 July 1982 for early compatibles. This is the first non-IBM OEM version PC-DOS 2.0 March 1983 for PC/XT, Unix-type subdirectory support, installable device drivers, I/O redirection, subdirectories, hard disk support, handle calls PC-DOS 1.85 April 1983 internal IBM - extended 1.1 - not released MS-DOS 2.01 -------- 1983 first support for individual country formats, Kanji PC-DOS 2.1 October 1983 for IBM PCjr, bugfixes for 2.0. No country support MS-DOS 2.11 October 1983 basically a cross of PC-DOS 2.1 and MS-DOS 2.01 MS-DOS 2.12 -------- ---- special version for TI Professional PC-DOS 3.0 August 1984 1.2 meg drive for PC/AT, some new system calls, new external programs, 16-bit FAT, specific support for IBM network MS-DOS 3.05 -------- 1984 first OEM version of 3.x PC-DOS 3.1 November 1984 bugfix for 3.0, implemented generic network support MS-DOS 2.25 October 1985 extended foreign language support PC-DOS 3.2 January 1986 720k 3.5 inch drive support, special support for laptops (IBM PC Convertible), XCOPY MS-DOS 4.0 April 1986 multitasking (Europe only) - withdrawn from market PC-DOS 3.3 April 1987 for PS/2 series, 1.44 meg support, multiple DOS partition support, code page switching, improved foreign language support, some new function calls, support for the AT's CMOS clock. MS-DOS 3.31 November 1987 over-32 meg DOS partitions. Different versions from different OEMs (not Microsoft). Compaq and Wyse are most common. PC-DOS 3.4 -------- ---- internal IBM - not released (4.0 development) MS-DOS 2.11R -------- 1988 bootable ROM DOS for Tandy machines PC-DOS 4.0 August 1988 32mb limit officially broken, minor EMS support, more new function calls, enhanced network support for external commands MS-DOS 4.01 January? 1989 Microsoft version with some bugfixes MS-DOS 3.21R September1989 DOS in ROM, Flash File System for laptops MS-DOS 3.3R -------- 1990 DOS in ROM, introduced for TI laptops MS-DOS 5.0 June 1991 new high memory support, uses up to 8 hard disks, command line editor and aliasing, 2.88 floppies IBM's PC-DOS was long considered to be the "standard" version of DOS. Now that MS 5.0 is a commercial product most developers will probably write to it. Microsoft's policy has been to sell DOS only to OEMs. Despite this, they sold small quantities of DOS 3.2, 3.3, and 4.0 without insurmountable difficulties. DOS 5.0 was conceived from the beginning as an over-the-counter retail product. Incidentally, IBM refers to its DOS as "The IBM Personal Computer DOS." The term "PCDOS" is a trademark of IBM's rival DEC. Some versions of MS-DOS varied from PC-DOS in the available external commands. Some OEMs only licensed the basic operating system code (the xxxDOS and xxxBIO programs, and COMMAND.COM) from Microsoft, and either wrote the rest themselves or contracted them from outside software houses like Phoenix. Most of the external programs for DOS 3.x and 4.x are written in "C" while the 1.x and 2.x utilities were written in assembly language. Other OEMs required customized versions of DOS for their specific hardware configurations, such as Sanyo 55x and early Tandy computers, which were unable to exchange their DOS with the IBM version. PC-DOS 3.0 was extremely buggy on release. It did not handle the DOS environment correctly and there were numerous documented problems with the batch file parser. The network support code was also nonfunctional in that DOS version. It is recommended that users upgrade to at least version 3.1. DEC MSDOS versions 2.11 for the Rainbow had the ANSI.SYS device driver built into the main code. The Rainbow also used a unique quad density, single-sided floppy drive and its DOS had special support for it. IBM had a version 1.85 of PC-DOS in April 1983, after the introduction of DOS 2.0. It was evidently for internal use only, supported multiple drive file searches (a primitive form of PATH), builtin MODE sommands for screen support, a /P parameter for TYPE for paused screens, an editable command stack like the public domain DOSEDIT.COM utility, and could be set up to remain completely resident in RAM instead of a resident/transient part like normal DOS. It is a pity some of the neat enhancements didn't make it into DOS 2.0. IBM also had an "internal use only" version 3.4, evidently used while developing DOS 4.0. Digital Research's DR-DOS is the first widely available DOS clone. Version 3.4, released in June 1988, was the one first available to the American public. It was somewhat buggy and its use is not recommended. DR 3.41 is extremely compatible and its use should pose no problems on any machine. DR-DOS 5.0 (released May, 1990) is functionally equivalent to MS-DOS 5.0. For all practical purposes, MS 5.0 is a clone of DR 5.0, since DR beat MS to market by over a year. According to Greg Ewald, DRI's DR-DOS product manager, DR-DOS was developed from Concurrent DOS 386 with the multiuser and multitasking code stripped out. Some versions of DOS used in compatibles do not maintain the 1.x, 2.x, ... numbering system. Columbia Data Products computers labeled DOS 1.25 as DOS 2.0. Early Compaqs labeled DOS 2.0 as DOS 1.x. Other versions incorporated special features - Compaq DOS 3.31 and Wyse DOS 3.21 both support >32mb disk partitions in the same fashion as DOS 4.x. AT&T DOS 3.1 differs from generic MSDOS 3.10 in its use of cluster-size and file allocation table structures. AT&T DOS appears to use rules not from version 3, but rather those from version 2. Epson Equity III and ComputerLand 3.10 DOS's appear to use cluster techniques that are a cross between versions 2 and 3. On type DOS partitions, these DOS's use 3.x rules if the partition is larger than 32,680 sectors in total size. This implies 16 bit FAT entries as well. On partitions below this size, they will use 2.x rules, including the 12 bit FAT entries. Zenith DOS 3.x and Wyse DOS 3.2 have a builtin internal device driver to handle up to 4 32Mb DOS partitions on a single hard disk. Wyse DOS 3.31 will handle single partitions up to 512Mb with a 32-bit FAT. According to PC Week Magazine, July 4, 1988, Arabic versions of MSDOS are shipping with a hardware copy-protection system from Rainbow Technologies. This is similar to the short-lived system used by AutoCAD 2.52 and a very few other MSDOS programs, where an adapter block is plugged into the parallel port and software makes use of coded bytes within the block. This type of copy protection has been common on Commodore products for several years, where it is called a "dongle." The AutoCAD dongle was defeated by a small program written within weeks of version 2.52's debut. Version 2.62 was released 3 months later, without the dongle. The DOS dongle will, however, prevent the system from booting at all unless it is found. This makes the Arabic version of MSDOS the first copy-protected operating system, a dubious distinction at best. The modifications to the operating system to support the dongle are not known at this time. Frankly, it would seem that burning the operating system into ROMs would be cheaper and simpler. Versions of DOS sold in Great Britain are either newer than those sold in the US or use a different numbering system. DOS 3.4, 4.0, 4.1, 4.2, and 4.3 had been released there between the US releases of 3.3 and 4.0. MSDOS 4.0 (eDOS) was introduced in mid-1987 in Europe (at SICOB in Paris and sometime earlier by Apricot Computer in the UK). It offered multitasking provided applications were specially written for it. David Fraser (Microsoft UK Managing Director) is on record saying that "DOS 4.0 is unlikely to set the world alight and is of interest only to specific OEMs who want its features for networking and communications." Standard DOS applications will run under DOS 4.x as a foreground task according to uncertain information. It differs from earlier versions only in allowing background tasks to run. For further information, see Chapter 4. Microsoft changed their OEM licensing agreements between DOS versions 2.x and 3.x. OEM versions of DOS 3.x must maintain certain data areas and undocumented functions in order to provide compatibility with the networking features of the operating system. For this reason, TSR programs will be much more reliable when operating under DOS 3.x. Several versions of DOS have been modified to be run out of ROM. The Sharp PC5000 had MSDOS 1.25 in ROM, and the Toshiba 1000 and some Tandy 1000 models have MSDOS 2.11 in ROM. In mid September 1989 Microsoft introduced 3.21R ROMs for laptops, and in early '90 Texas Instruments laptops were the first to get the 3.3R ROMs. Digital Research has also announced its DR-DOS 3.41 and 5.0 is available in a ROM version and Award Software is marketing DOS cards to OEMs as a plug-in to ISA-bus machines. IBM's release of DOS 4.0 (and the immediate subsequent release of a bugfix) was a dubious step "forward." DOS 4.0 was the first version of DOS to come with a warranty; the catch is that IBM warranted it only for a very slim list of IBM-packaged software. 4.0 had some minor EMS support, support for large hard disks, and not much else. With its voracious RAM requirements and lack of compatibility with previous versions of DOS (many major software packages crashed under DOS 4.0), plus the increase in price to a cool $150, there was no great rush to go to that version of DOS. Microsoft undertook development of MSDOS 5.0 in early 1990, soliciting input from Usenet, BIX, and Compuserve among others. 5.0 is a functional clone of Digital Research's DR-DOS 5.0. 5.0's compatibility was assured by what has been claimed as the largest beta-test program in history - in his address to the Boston Computer Society, Bill Gates announced over 7,500 testers were involved. THE OPERATING SYSTEM HIERARCHY����������������������������������������� 1**5 The Disk Operating System (DOS) and the ROM BIOS serve as an insulating layer between the application program and the machine, and as a source of services to the application program. As the term 'system' might imply, DOS is not one program but a collection of programs designed to work together to allow the user access to programs and data. Thus, DOS consists of several layers of "control"programs and a set of "utility" programs. The system hierarchy may be thought of as a tree, with the lowest level being the actual hardware. The 8088 or V20 processor sees the computer's address space as a ladder one byte wide and one million bytes long. Parts of this ladder are in ROM, parts in RAM, and parts are not assigned. There are also 65,536 "ports" that the processor can use to control devices. The hardware is normally addressed by the ROM BIOS, which will always know where everything is in its particular system. The chips may usually also be written to directly, by telling the processor to write to a specific address or port. This sometimes does not work as the chips may not always be at the same addresses or have the same functions from machine to machine. DOS STRUCTURE���������������������������������������������������������� 1**6 DOS consists of four components: * The boot record * The ROM BIOS interface (IBMBIO.COM, DRBIOS.SYS, or IO.SYS) * The DOS program file (IBMDOS.COM, DRBDOS.SYS, or MSDOS.SYS) * The command processor (COMMAND.COM or aftermarket replacement) * The Boot Record The boot record begins on track 0, sector 1, side 0 of every diskette prepared by the DOS FORMAT command. The boot record is placed on diskettes to produce an error message if you try to start up the system with a nonsystem diskette in drive A. For hard disks, the boot record resides on the first sector of the DOS partition. All media supported by DOS use one sector for the boot record. * Read Only Memory (ROM) BIOS Interface and Extensions The file IBMBIO.COM or IO.SYS is the interface module to the ROM BIOS. This file provides a low-level interface to the ROM BIOS device routines and may contain extensions or changes to the system board ROMs. Some compatibles do not have a ROM BIOS to extend, and load the entire BIOS from disk. (Sanyo 55x, Viasyn machines). Some versions of MSDOS, such as those from Compaq's MS-DOS and Digital Research's DRDOS 5.0, are named IBMBIO.COM but are not IBM files. These low-level interface routines include the instructions for performing operations such as displaying information on the screen, reading the keyboard, sending data out to the printer, operating the disk drives, and so on. It is the operating system's means of controlling the hardware. IBMBIO.COM contains any modifications or updates to the ROM BIOS that are needed to correct any bugs or add support for other types of hardware such as new disk drives. By using IBMBIO.COM to update the ROM BIOS on the fly when the user turns on their computer, IBM does not need to replace the ROM BIOS chip itself, but makes any corrections through the cheaper and easier method of modifying the IBMBIO.COM file instead. IBMBIO.COM also keeps track of hardware operations on an internal stack or "scratch pad" area for the operating system to save information such as addresses it will need, etc. An example of the use for this stack can be seen when running a program such as a word processor. If you have told the word processor to save your letter, it will write the data to your disk. During this time, if you start typing some more information, the keyboard generates a hardware interrupt. Since you don't want the process of writing the information to the disk to be interrupted, DOS allocates a slot in the stack for the keyboard's hardware interrupt and when it gets a chance, (probably after the data has been written to the disk), it can process that interrupt and pick up the characters you may have been typing. The STACKS= command in DOS 3.2+'s CONFIG.SYS file controls the number of stack frames available for this purpose. IBMBIO.COM also reads your CONFIG.SYS file and installs any device drivers (i.e. DEVICE=ANSI.SYS) or configuration commands it may find there. * The DOS Program The actual DOS program is the file IBMDOS.COM or MSDOS.SYS. It provides a high- level interface for user (application) programs. This program consists of file management routines, data blocking/deblocking for the disk routines, and a variety of built-in functions easily accessible by user programs. When a user program calls these function routines, they accept high-level information by way of register and control block contents. When a user program calls DOS to perform an operation, these functions translate the requirement into one or more calls to IBMBIO.COM, MSDOS.SYS or system hardware to complete the request. This section is often referred to as the "kernel" by systems programmers. * The Command Interpreter The command interpreter, COMMAND.COM, is the part you interact with on the command line. COMMAND.COM has three parts. IBM calls them the "resident portion", the "initialization portion" and the "transient portion". IBM's original documentation spoke of installing alternate command interpreters (programs other than COMMAND.COM) with the SHELL= statement in CONFIG.SYS. Unfortunately, IBM chose not to document much of the interaction between IBMDOS.COM and IBMBIO.COM. By the time much of the interaction was widely understood, many commercial software programs had been written to use peculiarities of COMMAND.COM itself. Several programs exist that perform as actual "shells" by completely replacing COMMAND.COM and substituting their own command interpreter to use with the hidden DOS files. Examples are Command Plus, a commercial package, and the shareware 4DOS and FlexShell packages. Both supply greatly enhanced batch language and editing capabilities. NOTE: DOS 3.3+ checks for the presence of a hard disk, and will default to COMSPEC=C:\. Previous versions default to COMSPEC=A:\. Under some DOS versions, if COMMAND.COM is not immediately available for reloading (i.e., swapping to a floppy with COMMAND.COM on it) DOS may crash. Resident Portion: The resident portion resides in memory immediately following IBMDOS.COM and its data area. This portion contains routines to process interrupts 22h (Terminate Address), 23h (Ctrl-Break Handler), and 24h (Critical Error Handler), as well as a routine to reload the transient portion if needed. For DOS 3.x, this portion also contains a routine to load and execute external commands, such as files with exensions of COM or EXE. When a program terminates, a checksum is used to determine if the application program overlaid the transient portion of COMMAND.COM. If so, the resident portion will reload the transient portion from the area designated by COMSPEC= in the DOS environment. If COMMAND.COM cannot be found, the system will halt. All standard DOS error handling is done within the resident portion of COMMAND.COM. This includes displaying error messages and interpreting the replies to the "Abort, Retry, Ignore, Fail?" message. Since the transient portion of COMMAND.COM is so large (containing the internal commands and all those error messages), and it is not needed when the user is running an application it can be overlaid that program if that application needs the room. When the application is through, the resident portion of COMMAND.COM brings the transient portion back into memory to show the prompt. This is why you will sometimes see the message "Insert disk with COMMAND.COM". It needs to get the transient portion off the disk since it was overlaid with the application program. The initialization portion of COMMAND.COM follows the resident portion and is given control during the bootup procedure. This section actually processes the AUTOEXEC.BAT file. It also decides where to load the user's programs when they are executed. Since this code is only needed during startup, it is overlaid by the first program which COMMAND.COM loads. The transient portion is loaded at the high end of memory and it is the command processor itself. It interprets whatever the user types in at the keyboard, hence messages such as "Bad command or file name" for when the user misspells a command. This portion contains all the internal commands (i.e. COPY, DIR, RENAME, ERASE), the batch file processor (to run .BAT files) and a routine to load and execute external commands which are either .COM or .EXE files. The transient portion of COMMAND.COM produces the system prompt, (C>), and reads what the user types in from the keyboard and tries to do something with it. For any .COM or .EXE files, it builds a command line and issues an EXEC function call to load the program and transfer control to it. DOS INITIALIZATION����������������������������������������������������� 1**7 The system is initialized by a software reset (Ctrl-Alt-Del), a hardware reset (reset button), or by turning the computer on. The Intel 80x8x series processors always look for their first instruction at the end of their address space (0FFFF0h) when powered up or reset. This address contains a jump to the first instruction for the ROM BIOS. Built-in ROM programs (Power-On Self-Test, or POST, in the IBM) check machine status and run inspection programs of various sorts. Some machines set up a reserved RAM area with bytes indicating installed equipment (AT and PCjr). When the ROM BIOS finds a ROM on an adapter card, it lets that ROM take control of the system so that it may perform any set up necessary to use the hardware or software controlled by that ROM. The ROM BIOS searches absolute addresses C8000h through E0000h in 2K increments in search of a valid ROM. A valid ROM is determined by the first few bytes in the ROM. The ROM will have the bytes 55h, AAh, a length indicator and then the assembly language instruction to CALL FAR (to bring in a "FAR" routine). A checksum is done on the ROM to verify its integrity, then the BIOS performs the CALL FAR to bring in the executible code. The adapter's ROM then performs its initialization tasks and hopefully returns control of the computer back to the ROM BIOS so it can continue with the booting process. The ROM BIOS routines then look for a disk drive at A: or an option ROM (usually a hard disk) at absolute address C:800h. If no floppy drive or option ROM is found, the BIOS calls int 19h (ROM BASIC if it is an IBM) or displays an error message. If a bootable disk is found, the ROM BIOS loads the first sector of information from the disk and then jumps into the RAM location holding that code. This code normally is a routine to load the rest of the code off the disk, or to "boot" the system. The following actions occur after a system initialization: 1. The boot record is read into memory and given control. 2. The boot record then checks the root directory to assure that the first two files are IBMBIO.COM and IBMDOS.COM or their OEM equivalents. These must be the first two files, and they must be in that order (IBMBIO.COM first, with its sectors in contiguous order). NOTE: IBMDOS.COM need not be contiguous in version 3.x+. 3. The boot record loads IBMBIO.COM into memory. 4. The initialization code in IBMBIO.COM loads IBMDOS.COM, determines equipment status, resets the disk system, initializes the attached devices, sets the system parameters and loads any installable device drivers according to the CONFIG.SYS file in the root directory (if present), sets the low-numbered interrupt vectors, relocates IBMDOS.COM downward, and calls the first byte of DOS. NOTE: CONFIG.SYS may be a hidden file. 5. DOS initializes its internal working tables, initializes the interrupt vectors for interrupts 20h through 27h, and builds a Program Segment Prefix for COMMAND.COM at the lowest available segment. For DOS versions 3.10 up, DOS also initializes the vectors for interrupts 0Fh through 3Fh. An initialization routine is included in the resident portion and assumes control during startup. This routine contains the AUTOEXEC.BAT file handler and determines the segment address where user application programs may be loaded. The initialization routine is then no longer needed and is overlaid by the first program COMMAND.COM loads. NOTE: AUTOEXEC.BAT may be a hidden file. 6. IBMDOS.COM uses the EXEC function call to load and start the top-level command processor. The default command processor is COMMAND.COM in the root directory of the boot drive. If COMMAND.COM is in a subdirectory or another command processor is to be used, it must be specified by a SHELL= statement in the CONFIG.SYS file. A transient portion is loaded at the high end of memory. This is the command processor itself, containing all of the internal command processors and the batch file processor. For DOS 2.x, this portion also contains a routine to load and execute external commands, such as files with extensions of COM or EXE. This portion of COMMAND.COM also produces the DOS prompt (such as "A>"), reads the command from the standard input device (usually the keyboard or a batch file), and executes the command. For external commands, it builds a command line and issues an EXEC function call to load and transfer control to the program. note 1) COMMAND.COM may be a hidden file. 2) For IBM DOS 2.x, the transient portion of the command processor contains the EXEC routine that loads and executes external commands. For MSDOS 2.x+ and IBM DOS 3.x+, the resident portion of the command processor contains the EXEC routine. 3) IBMDOS only checks for a file named "COMMAND.COM". It will load any file of that name if no SHELL= command is used. That pretty much covers the bootup process. After the command processor is loaded, it runs the AUTOEXEC.BAT file and then the user gets their prompt to begin working. ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R T W O CPU Port Assignments, System Memory Map, BIOS Data Area, Interrupts 00h to 09h C O N T E N T S Introduction .......................................................... 2**1 System Memory Map ..................................................... 2**2 A Brief Guide to Current Memory Terminology ........................... 2**3 PC Port Assignment .................................................... 2**4 Reserved Memory Locations ............................................. 2**5 Absolute Addresses .................................................... 2**6 The IBM PC System Interrupts (Overview) ............................... 2**7 Quick Chart of Interrupts 00h-0FFh .................................... 2**8 The IBM-PC System Interrupts 00h-0Fh (in detail) ...................... 2**9 Introduction .......................................................... 2**1 For consistency in this reference, all locations and offsets are in hexadecimal unless otherwise specified. All hex numbers are prefaced with a leading zero if they begin with an alphabetic character, and are terminated with a lowercase H (h). The formats vary according to common usage. System Memory Map ..................................................... 2**2 The IBM PC handles its address space in 64k segments, divided into 16k fractions and then further as necessary. �����������������������������������������������������������������������������Ŀ �start �start�end � � �addr. �addr.�addr.� usage � �(dec) � (hex) � � �����������������������������������������������������������������������������Ĵ � *640k RAM Area* � �����������������������������������������������������������������������������Ĵ � 0k � � start of RAM, first K is interrupt vector table � � 16k �00000-03FFF� PC-0 system board RAM ends � � 32k �04000-07FFF� � � 48k �08000-0BFFF� � �����������������������������������������������������������������������������Ĵ � 64k �10000-13FFF� PC-1 system board RAM ends � � 80k �14000-17FFF� � � 96k �18000-1BFFF� � � 112k �1C000-1FFFF� � �����������������������������������������������������������������������������Ĵ � 128k �20000-23FFF� � � 144k �24000-27FFF� � � 160k �28000-2BFFF� � � 176k �2C000-2FFFF� � �����������������������������������������������������������������������������Ĵ � 192k �30000-33FFF� � � 208k �34000-37FFF� � � 224k �38000-3BFFF� � � 240k �3C000-3FFFF� � �����������������������������������������������������������������������������Ĵ � 256k �40000-43FFF� PC-2 system board RAM ends � � 272k �44000-47FFF� � � 288k �48000-4BFFF� � � 304k �4C000-4FFFF� � �����������������������������������������������������������������������������Ĵ � 320k �50000-53FFF� � � 336k �54000-57FFF� � � 352k �58000-5BFFF� � � 368k �5C000-5FFFF� � �����������������������������������������������������������������������������Ĵ � 384k �60000-63FFF� � � 400k �64000-67FFF� � � 416k �68000-6BFFF� � � 432k �6C000-6FFFF� � �����������������������������������������������������������������������������Ĵ � 448k �70000-73FFF� � � 464k �74000-77FFF� � � 480k �78000-7BFFF� � � 496k �7C000-7FFFF� � �����������������������������������������������������������������������������Ĵ � 512k �80000-83FFF� � � 528k �84000-87FFF� � � 544k �88000-8BFFF� the original IBM PC-1 BIOS limited memory to 544k � � 560k �8C000-8FFFF� � �����������������������������������������������������������������������������Ĵ � 576k �90000-93FFF� � � 592k �94000-97FFF� � � 609k �98000-9BFFF� � � 624k �9C000-9FFFF� to 640k (top of RAM address space) � �����������������������������������������������������������������������������Ĵ �A0000 ***** 64k ***** EGA/VGA starting address � �A0000 ***** 64k ***** Toshiba 1000 DOS ROM (MS-DOS 2.11V) � �����������������������������������������������������������������������������Ĵ � 640k �A0000-A95B0� MCGA 320x200 256 color video buffer � � � -AF8C0� MCGA 640x480 2 color video buffer � � � -A3FFF� � � 656k �A4000-A7FFF� � � 672k �A8000-ABFFF� this 64k segment may be used for contiguous DOS � � 688k �AC000-AFFFF� RAM with appropriate hardware and software � �����������������������������������������������������������������������������Ĵ �B0000 ***** 64k ***** mono and CGA address � �����������������������������������������������������������������������������Ĵ � 704k �B0000-B3FFF� 4k monochrome display | The PCjr and early Tandy 1000� � 720k �B4000-B7FFF� | BIOS revector direct write to� � 736k �B8000-BBFFF� 16k CGA uses | the B8 area to the Video Gate� � 756k �BC000-BFFFF� | Array and reserved system RAM� �����������������������������������������������������������������������������Ĵ �C0000 ***** 64k *************** expansion ROM � �����������������������������������������������������������������������������Ĵ � 768k �C0000-C3FFF� 16k EGA BIOS C000:001E EGA BIOS signature (letters IBM � � 784k �C4000-C5FFF� � � �C6000-C63FF� 256 bytes Professional Graphics Display comm. area � � �C6400-C7FFF� � � 800k �C8000-CBFFF� 16k hard disk controller BIOS, drive 0 default � � �CA000 � some 2nd floppy (high density) controller BIOS � � 816k �CC000-CDFFF� 8k IBM PC Network NETBIOS � � �CE000-CFFFF� � �����������������������������������������������������������������������������Ĵ �D0000 ***** 64k ***** expansion ROM � �����������������������������������������������������������������������������Ĵ � 832k �D0000-D7FFF� 32k IBM Cluster Adapter | PCjr first ROM cartridge � � � DA000� voice communications | address area. � � 848k �D4000-D7FFF� | Common expanded memory board � � 864k �D8000-DBFFF� | paging area. � � 880k �DC000-DFFFF� | � � �DE000 � TI Pro default video buffer, 4k in length � �����������������������������������������������������������������������������Ĵ �E0000 ***** 64k ***** expansion ROM � �����������������������������������������������������������������������������Ĵ � 896k �E0000-E3FFF� | PCjr second ROM cartridge � � 912k �E4000-E7FFF� | address area � � 928k �E8000-EBFFF� | � � 944k �EC000-EFFFF� | spare ROM sockets on AT � �����������������������������������������������������������������������������Ĵ �F0000 ***** 64k ***** system � �����������������������������������������������������������������������������Ĵ � 960k �F0000-F3FFF� reserved by IBM | cartridge address � � 976k �F4000- � | area (PCjr cartridge � � �F6000 � ROM BASIC Begins | BASIC) � � 992k �F8000-FB000� | � � 1008k�FC000-FFFFF� ROM BASIC and original | � � � � BIOS (Compatibility BIOS | � � � � in PS/2) | � � 1024k� FFFFF� end of memory (1024k) for 8088 machines � �����������������������������������������������������������������������������Ĵ � 384k �100000-15FFFF� 80286/AT extended memory area, 1Mb motherboard � � 15Mb �100000-FFFFFF� 80286/AT extended memory address space � � 15Mb �160000-FDFFFF� Micro Channel RAM expansion (15Mb extended memory) � � 128k �FE0000-FFFFFF� system board ROM (PS/2 Advanced BIOS) � �����������������������������������������������������������������������������Ĵ � 64k �C0000000-C000FFFF� Weitek "Abacus" math coprocessor memory-mapped I/O � ������������������������������������������������������������������������������� Note that the ROM BIOS has a duplicated address space which causes it to "appear" both at the end of the 1 megabyte real mode space and at the end of the 16 megabyte protected mode space. The addresses from 0E0000 to 0FFFFF are equal to 0FE0000 to 0FFFFFF. This is necessary due to differences in the memory addressing between Real and Protected Modes. A Brief Guide to Current Memory Terminology ........................... 2**3 LOW MEMORY - 0000h to around 0:5(something), comprising the 80x8x interrupt vector table, the BIOS Data Area, DOS Data Area, etc. CONVENTIONAL MEMORY - from the end of low memory to the beginning of the "reserved by IBM" A000 segment (640k). HIGH MEMORY - originally noncontiguous RAM stuffed into the "reserved for ROM expansion" areas, typically segments D000 and E000. DOS normally can't access this memory without a driver of some sort, but it's easy to put RAMdisks and stuff in there. CONVENTIONAL MEMORY - extra RAM stuck at A000, assuming the machine already has 640k, appears as conventional memory accessible to DOS and applications. IBM clones can typically add 64k before bumping into a mono card or 96k before hitting a color card. This address is part of the EGA/VGA video RAM area and most EGA cards don't like system memory at A000. EXPANDED MEMORY - LIM 3.2, LIM 4.0, or EEMS 3.2 bank switched memory. A RAM "window" allows an app to save a block of RAM to an expansion board. The window size and location varies according to the EMS standard being used. EXTENDED MEMORY - this is the "native mode" address space of the 80286 and later chips. The "real mode", or 8088 addressing scheme, sees RAM as a collection of segments and offsets with a limit on segment size. "Protected mode" addressing uses a flat linear addressing scheme. 8088 and 80188 chips do not have extended memory. HIGH MEMORY - by fiddling a bit with the segment/offset stuff, you can get an extra block of addressable 8088-mode memory just over the 1 meg address space. Microsoft issued their "HMA" (High Memory Area) standard to try to standardize use of this block. Though it really is "high" memory, "high" had for many years referred to memory between 640k and 1mb. This creates more confusion for new programmers. EMS - this is expanded memory as described above XMS - Microsoft is pushing an "Extended Memory Standard" which defines a page-switching scheme much like EMS. The only real difference is that XMS uses protected-mode RAM instead of a special paged RAM board. XMS - some severely brain-damaged jerk at IBM issued documentation for some IBM *EMS* boards referring to the boards as *XMS*. This was a classic blunder, and now some IBM-followers are picking up the aberrant terminology. This is guaranteed to confuse some people. To make it simple, if it needs an expansion board, it is EMS no matter what the vendor calls it. PC Port Assignment .................................................... 2**4 These are functions common across the IBM range. The PCjr, PC-AT, PC Convertible and PS/2 (both buses) have enhancements. In some cases, the AT and PS/2 series ignore, duplicate, or reassign ports arbitrarily. If your code incorporates specific port addresses for video or system board control it would be wise to have your application determine the machine type and video adapter and address the ports as required. hex address Function Models PCjr|PC|XT|AT|CVT|M30|PS2 0000-000F 8237 DMA controller PC 0010-001F 8237 DMA controller AT PS2 0020-0027 8259A interrupt controller 0020-002F IOSGA interrupt function PS2 0020-003F 8259A interrupt controller (AT) 0020-0021 interrupt controller 1, 8259A PC AT PS2 0040-0043 programmable timer 8253 PC 0040-0047 programmable timers PS2 0040-005F 8253-5 programmable timers AT note 1) 0041 was memory refresh in PCs. Not used in PS/2. 2) A few early 80386 machines used static RAM and did not use refresh at all. The PCjr refreshes by the video vertical retrace signal. 0060-0063 keyboard controller 8255A PC 0060-006F 8042 keyboard controller AT 0060 IOSGA keyboard input port PS2 0061 speaker PCjr PC XT AT CVT 0061 IOSGA speaker control M30 PS2 0061 On some clones, setting or clearing bit 2 controls Turbo mode 0061 Toshiba 1000 - system command 0062 IOSGA configuration control M30 PS2 0062 Toshiba 1000 - System Status, port C 0063 SSGA, undocumented PS2 0063 Toshiba 1000 - mode set 0064 keyboard auxiliary device PS2 0065-006A SSGA, undocumented PS2 006B SSGA, RAM enable/remap PS2 006C-006F SSGA, undocumented PS2 0070 AT CMOS write internal register 0071 AT CMOS read internal register 0070-0071 CMOS real-time clock, NMI mask PS2 0070-007F CMOS real-time clock, NMI mask AT 0074-0076 reserved PS2 0800-008F SSGA DMA page registers PS2 0080-009F DMA page registers, 74LS612 AT 0090 central arbitration control port (Micro Channel) 0091 card selected feedback (Micro Channel) 0092 system control port A (Micro Channel) 0093 reserved (Micro Channel) 0094 system board setup (Micro Channel) 0096 POS "CD SETUP" selector (Micro Channel) 00A0-00A1 Interrupt controller 2, 8259A AT PS2 00A0-00AF IOSGA NMI mask register PS2 00B0-00BF realtime clock/calendar, (undocumented) PS2 00C0-00DF reserved PCjr PC XT AT CVT M30 00C0-00CF DOS ROM register, Toshiba 1000 00D0-00EF "special" register, Toshiba 1000 00C0 0C1 key register, Toshiba 1000 00C1 keyboard transfer register, Toshiba 1000 00C2 keyboard receive register, Toshiba 1000 00C3 keyboard status register, Toshiba 1000 00C8 DOS ROM page register, Toshiba 1000 00E0 CPU speed control, Toshiba 1000 00E1 keyboard status/0E2 key register, Toshiba 1000 00E2 work register, Toshiba 1000 00E3 0E4 key register, Toshiba 1000 00E4 system control register 0, Toshiba 1000 00E4 Weitek ABACUS NDP - bit 0=1, ABACUS is present 00E5 0E6 key register, Toshiba 1000 00E6 system control register 1, Toshiba 1000 00EE EMS unit index, Toshiba 1000 00EF EMS unit data, Toshiba 1000 00C0-00DF DMA controller 2, 8237A-5 AT PS2 00E0-00EF realtime clock/calendar (undocumented) M30 PS2 00F0-00FF PS/2 math coprocessor I/O (Model 50+) (diskette IO on PCjr) 0100-0101 PS/2 POS adapter ID response (Micro Channel) 0102-0107 PS/2 POS adapter configuration response (Micro Channel) 01F0-01F8 hard disk AT PS2 0200-0201 game-control adapter (joystick) 0200-020F game controller PC AT 0208-0209 Chips & Technology CS8221 chipset default EMS ports alternate addresses: 218h, 258h, 268h, 2A8h, 2B8h, 2E8h 0208-020F Toshiba 1000 - EMS unit I/O #1 020C-020D reserved by IBM 0210-0217 expansion box (PC, XT) 0218-021F Toshiba 1000 - EMS unit I/O #2 021F reserved by IBM 0258-025F Toshiba 1000 - EMS unit I/O #3 0258-0259 LIM EMS 3.1 (not defined in 3.2+) 0268-026F Toshiba 1000 - EMS unit I/O #4 0278-027F parallel printer port 2 AT 0278-027B parallel printer port 3 PS2 02A2 clock chip in early Sperry PCs 02A8-02AF Toshiba 1000 - EMS unit I/O #5 02B8-02BF Toshiba 1000 - EMS unit I/O #6 02B0-02DF EGA (alternate) PC AT 02C0-02DF Toshiba 1000 - realtime clock 02E1 GPIB (adapter 0) AT 02E2-02E3 data acquisition (adapter 0) AT 02E8 "industry standard" COM4 02E8-02EF Toshiba 1000 - EMS unit I/O #7 02F8-02FF serial communications (COM2) PC AT PS2 0300-031F prototype card PC AT 0300-031F Leading Edge Model D clock ------------------- 0320-032F hard disk controller PC 0320 Perstor HD controller, primary ------------------- 0324 Perstor HD controller, secondary ------------------- 0340 Sony CD-ROM ------------------- 0348-0357 DCA 3278 0360-0367 PC Network (low address) 0368-036F PC Network (high address) AT 0370 Colorado Memory external tape backup control port ------- some "second controller" floppy cards ------------------- 0378-037F parallel printer port PC AT 0378-037B parallel printer port PS2 0380-038F Eicon Technology Network Adapter (X.25) board (default) 0380-038F SDLC, bi-synchronous 2 PC AT 0380-0389 BSC communications (alternate) PC 0390-039F Eicon Technology Network Adapter (X.25) board (alternate) 0390-0393 cluster (adapter 0) PC AT 03A0-03A9 BSC communications (primary) PC AT 03B0-03BF monochrome/parallel printer adapter PC AT 03B4-03B5 video subsystem PS2 03BA video subsystem PS2 03BC-03BF parallel printer port 1 PS2 03C0-03CF Enhanced Graphics Adapter 03C0-03DA video subsystem and DAC PS2 03DA video status register AT&T 6300, Olivetti PC 03D0-03DF CGA, MCGA, VGA adapter control 03DE video mode selector register AT&T 6300, Olivetti PC 03E8h "industry standard" COM3 03F0-03F7 floppy disk controller PC AT PS2 03F0 Colorado Memory internal tape backup control port ------- 03F2 DTK high-density XT floppy controller (output only) 03F5 DTK high-density XT floppy controller 03F8-03FF serial communications (COM1) PC AT PS2 06E2-06E3 data acquisition (adapter 1) AT 0790-0793 cluster (adapter 1) PC AT 0878 Compaq 386SX VGA BIOS relocation AT 0AE2-0AE3 data acquisition (adapter 2) AT 0B90-0B93 cluster (adapter 2) PC AT 0EE2-0EE3 data acquisition (adapter 3) AT 1390-1393 cluster (adapter 3) PC AT 22E1 GPIB (adapter 1) 2390-2393 cluster (adapter 4) PC AT 4258 LIM EMS 3.1 (not defined in 3.2+) ------------------- 42E1 GPIB (adapter 2) AT 62E1 GPIB (adapter 3) AT 8258 LIM EMS 3.1 (not defined in 3.2+) ------------------- 82E1 GPIB (adapter 4) AT A2E1 GPIB (adapter 5) AT C258 LIM EMS 3.1 (not defined in 3.2+) ------------------- C2E1 GPIB (adapter 6) AT E2E1 GPIB (adapter 7) AT note 1) IOSGA = I/O Support Gate Array SSGA = System Support Gate Array 2) I/O Addresses, hex 000 to 0FF, are reserved for the system board I/O. Hex 100 to 3FF are available on the I/O channel. 3) These are the addresses decoded by the current set of adapter cards. IBM may use any of the unlisted addresses for future use. 4) SDLC Communication and Secondary Binary Synchronous Communications cannot be used together because their port addresses overlap. Reserved Memory Locations ............................................. 2**5 ������������������������������������������������������������������������������� � 000-3FF - 1k DOS interrupt vector table, 4 byte vectors for ints 00h-0FFh. � 30:00 - used as a stack area during POST and bootstrap routines. This �to 3F:FF stack area may be revectored by an application program. ������������������������������������������������������������������������������� � ** The BIOS Data Area ** addresses from 400h to 4FFh ������������������������������������������������������������������������������� �addr.� size � description ������������������������������������������������������������������������������� �40:00� word � COM1 port address | These addresses are zeroed out in the �40:02� word � COM2 port address | OS/2 DOS Compatibility Box if any of �40:04� word � COM3 port address | the OS/2 COMxx.SYS drivers are loaded. �40:06� word � COM4 port address | �40:08� word � LPT1 port address �40:0A� word � LPT2 port address �40:0C� word � LPT3 port address �40:0E� word � LPT4 port address (not valid in PS/2 machines) �40:0E� word � PS/2 pointer to 1k extended BIOS Data Area at top of RAM �40:10� word � equipment flag (see int 11h) �������������Ĵ bits: � 0 0 no floppy drive present � 1 if floppy drive present (see bits 6&7) � 1 0 no math coprocessor installed � 1 if 80x87 installed (not valid in PCjr) � 2,3 system board RAM (not used on AT or PS/2) � 0,0 16k 0,1 32k � 1,0 48k 1,1 64k � 4,5 initial video mode � 0,0 no video adapter � 0,1 40 column color (PCjr default) � 1,0 80 column color � 1,1 MDA � 6,7 number of diskette drives � 0,0 1 drive 0,1 2 drives � 1,0 3 drives 1,1 4 drives � 8 0 DMA present � 1 DMA not present (PCjr, Tandy 1400, Sanyo 55x) � 9,A,B number of RS232 serial ports � C game adapter (joystick) � 0 no game adapter � 1 if game adapter � D serial printer (PCjr only) � 0 no printer � 1 serial printer present �������� E,F number of parallel printers installed �note 1) The IBM PC and AT store the settings of the system board ���Ŀ switches or CMOS RAM setup information (as obtained by the BIOS � in the Power-On Self Test (POST)) at addresses 40:10h and � 40:13h. 00000001b indicates "on", 00000000b is "off". �������������Ŀ �40:12� byte � reserved (PC, AT) �������������Ĵ number of errors detected by infrared keyboard link (PCjr) �������������Ĵ POST status (Convertible) �40:13� word � availible memory size in Kbytes (less display RAM in PCjr) �������������Ĵ this is the value returned by int 12h �40:15� word � reserved �40:17� byte � keyboard flag byte 0 (see int 9h) �������������Ĵ bit 7 insert mode on 3 alt pressed � 6 capslock on 2 ctrl pressed � 5 numlock on 1 left shift pressed �������������Ĵ 4 scrollock on 0 right shift pressed �40:18� byte � keyboard flag byte 1 (see int 9h) �������������Ĵ bit 7 insert pressed 3 ctrl-numlock (pause) toggled � 6 capslock pressed 2 PCjr keyboard click active � 5 numlock pressed 1 PCjr ctrl-alt-capslock held �������������Ĵ 4 scrollock pressed 0 �40:19� byte � storage for alternate keypad entry (not normally used) �40:1A� word � pointer to keyboard buffer head character �40:1C� word � pointer to keyboard buffer tail character �40:1E�32bytes� 16 2-byte entries for keyboard circular buffer, read by int 16h �40:3E� byte � drive seek status - if bit=0, next seek will recalibrate by �������������Ĵ repositioning to Track 0. � bit 3 drive D bit 2 drive C �������������Ĵ 1 drive B 0 drive A �40:3F� byte � diskette motor status (bit set to indicate condition) �������������Ĵ bit 7 write in progress 3 motor on (floppy 3) � 6 2 motor on (floppy 2) � 5 1 B: motor on (floppy 1) �������������Ĵ 4 0 A: motor on (floppy 0) �40:40� byte � motor off counter � � � starts at 37 and is decremented 1 by each system clock tick. � � � motor is shut off when count = 0. �40:41� byte � status of last diskette operation where: �������������Ĵ bit 7 timeout failure 3 DMA overrun � 6 seek failure 2 sector not found � 5 controller failure 1 address not found �������������Ĵ 4 CRC failure 0 bad command �40:42�7 bytes� NEC floppy controller chip status �40:49� byte � Video Control Data Area 1 from 0040:0049 through 0040:0066 �������������Ĵ current CRT mode (hex value) � 00h 40x25 BW (CGA) 01h 40x25 color (CGA) � 02h 80x25 BW (CGA) 03h 80x25 color (CGA) � 04h 320x200 color (CGA) 05h 320x200 BW (CGA) � 06h 640x200 BW (CGA) 07h monochrome (MDA) �extended video modes (EGA/MCGA/VGA or other) � 08h lores,16 color 09h med res,16 color � 0Ah hires,4 color 0Bh n/a � 0Ch med res,16 color 0Dh hires,16 color �������������Ĵ 0Eh hires,4 color 0Fh hires,64 color �40:4A� word � number of columns on screen, coded as hex number of columns �������������Ĵ 20 col = 14h (video mode 8, low res 160x200 CGA graphics) � 40 col = 28h �������������Ĵ 80 col = 46h �40:4C� word � screen buffer length in bytes �������������Ĵ(number of bytes used per screen page, varies with video mode) �40:4E� word � current screen buffer starting offset (active page) �40:50�8 words� cursor position pages 1-8 �������������Ĵ the first byte of each word gives the column (0-19, 39, or 79) �������������Ĵ the second byte gives the row (0-24) �40:60� byte � end line for cursor (normally 1) �40:61� byte � start line for cursor (normally 0) �40:62� byte � current video page being displayed (0-7) �40:63� word � base port address of 6845 CRT controller or equivalent �������������Ĵ for active display 3B4h=mono, 3D4h=color �40:65� byte � current setting of the CRT mode register �40:66� byte � current palette mask setting (CGA) �40:67�5 bytes� temporary storage for SS:SP during shutdown (cassette interface) �40:6C� word � timer counter low word �40:6E� word � timer counter high word �40:69� byte � HD_INSTALL (Columbia PCs) (not valid on most clone computers) �������������Ĵ bit 0 0 8 inch external floppy drives � 1 5-1/4 external floppy drives � 1,2 highest drive address which int 13 will accept � (since the floppy drives are assigned 0-3,subtract � 3 to obtain the number of hard disks installed) � 4,5 # of hard disks connected to expansion controller � 6,7 # of hard disks on motherboard controller � (if bit 6 or 7 = 1, no A: floppy is present and �������������Ĵ the maximum number of floppies from int 11 is 3) �40:70� byte � 24 hour timer overflow 1 if timer went past midnight �������������Ĵ it is reset to 0 each time it is read by int 1Ah �40:71� byte � BIOS break flag (bit 7 = 1 means break key hit) �40:72� word � reset flag �������������Ĵ PCjr keeps 1234h here for softboot when a cartridge is installed � bits 1234h = soft reset, memory check will be bypassed � 4321h = preserve memory (PS/2 only) � 5678h = system suspended (Convertible) � 9ABCh = manufacturing test mode (Convertible) �������������Ĵ ABCDh = system POST loop mode (Convertible) �40:74� byte � status of last hard disk operation ; PCjr special disk control �40:75� byte � # of hard disks attached (0-2) ; PCjr special disk control �40:76� byte � HD control byte; temp holding area for 6th param table entry �40:77� byte � port offset to current hd adapter ; PCjr special disk control �40:78�4 bytes� timeout value for LPT1,LPT2,LPT3,LPT4 �40:7C�4 bytes� timeout value for COM1,COM2,COM3,COM4 (0-0FFh secs, default 1) �40:80� word � pointer to start of circular keyboard buffer, default 03:1E �40:82� word � pointer to end of circular keyboard buffer, default 03:3E �������������Ĵ note: early Zenith Z183 BIOS set these pointers to zero and �������������Ĵ ignored them. �40:84� .... � Video Control Data Area 2, 0040:0084 through 0040:008A �40:84� byte � rows on the screen minus 1 (EGA only) �40:84� byte � PCjr interrupt flag; timer channel 0 (used by POST) �40:85� word � bytes per character (EGA only) �40:85�2 bytes� (PCjr only) typamatic character to repeat �40:86�2 bytes� (PCjr only) typamatic initial delay �40:87� byte � mode options (EGA only) �������������Ĵ bit 0 0 cursor emulation in effect � 1 no cursor emulation � 1 0 EGA is connected to a color display � 1 EGA is connected to monochrome TTL display � 2 0 wait for vertical retrace (CGA active) � 1 don't wait for vertical retrace (EGA or MDA active) � 3 0 EGA is the active display, � 1 "other" display is active. � 4 reserved � 5,6 EGA memory size � 0,0 64k � 0,1 128k � 1,0 192k � 1,1 256k � 7 0 don't clear screen on mode changes � 1 if the last "set mode" specified not to clear the � video buffer � mode combinations: � bit3 bit1 Meaning � 0 0 EGA is active display and is color � 0 1 EGA is active display and is monochrome � 1 0 EGA is not active, a mono card is active �������������Ĵ 1 1 EGA is not active, a CGA is active �40:87� byte � (PCjr only) current Fn key code �������������Ĵ 80h bit indicates make/break key code? �40:88� byte � feature bits and switches (EGA only) 0=on, 1=off �������������Ĵ bit 0 switch 1 � 1 switch 2 � 2 switch 3 � 3 switch 4 �������������Ĵ 4-7 feature bits �40:88� byte � (PCjr only) special keyboard status byte �������������Ĵ bit 7 function flag 3 typamatic (0=enable,1=disable) � 6 Fn-B break 2 typamatic speed (0=slow,1=fast) � 5 Fn pressed 1 extra delay bef.typamatic (0=enable) �������������Ĵ 4 Fn lock 0 write char, typamatic delay elapsed �40:89� byte � (PCjr) current value of 6845 reg 2 (horizontal synch) used by �������������Ĵ ctrl-alt-cursor screen positioning routine in ROM � (VGA) � bit 0 reserved � 1 video summing enabled � 2 0 for color monitor attached � 1 for mono monitor � 3 0 for default palette loading enabled � 4 0 for 8x8 text font � 1 for 8x16 text font �������������Ĵ 5-7 reserved �40:8A� byte � (PCjr) CRT/CPU Page Register Image, default 3Fh �������������Ĵ (VGA) Display Combination Code Index. This is the value � set/returned by function 1Ah of the Video BIOS. This byte � contains an index into the ROM BIOS Display Combination Code � table, which is a list of byte pairs that specify valid � combinations of one or two video subsystems. Video subsystems � are designated by the following values: � 00h no display � 01h MDA with monochrome display � 02h CGA with color display � 03h reserved � 04h EGA with color display � 05h EGA with monochrome display � 06h Professional Graphics Adapter � 07h VGA with analog monochrome display � 08h VGA with analog color display � 09h reserved � 0Ah MCGA with digital color display � 0Bh MCGA with analog monochrome display � 0Ch MCGA with analog color display �������������Ĵ 0FFh unrecognized video subsystem �40:8B� byte � last diskette data rate selected �������������Ĵ bit 7,6 starting data transfer rate to use � 0,0 500 kb/sec � 0,1 300 kb/sec � 1,0 250 kb/sec � 1,1 reserved � 5,4 last step rate selected � 3 ending data transfer rate to use � 2 reserved � 1 reserved � 0 1 combination floppy/fixed disk controller detected � 0 XT floppy only controller (for 360kb drive) detected � Data Transfer Rates � Kbits/sec Media Drive Sectors/Track � 250 360k 360k 9 � 300 360k 1.2M 9 � 500 1.2M 1.2M 15 � 250 720k 720k 9 � 250 720k 1.4M 9 �������������Ĵ 500 1.4M 1.4M 18 �40:8C� byte � hard disk status returned by controller �40:8D� byte � hard disk error returned by controller �40:8E� byte � hard disk interrupt (bit 7=working interrupt) �40:8F� byte � combo_card - status of drives 0 and 1 �������������Ĵ bit 7 reserved � 6 drive type determined for drive 1 � 5 drive multiple data rate capability for drive 1 � 0 no multiple data rate � 1 multiple data rate � 4 1 then drive 1 has 80 tracks � 0 then drive 1 has 40 tracks � 3 reserved � 2 drive type determined for drive 0 � 1 drive multiple data rate capability for drive 0 � 0 no multiple data rate � 1 multiple data rate � 0 1 the drive 0 has 80 tracks �������������Ĵ 0 the drive 0 has 40 tracks �40:90�4 bytes� media state drive 0, 1, 2, 3 �������������Ĵ floppy_media_state � bit 7,6 Data transfer rate � 00 - 500 K/sec � 01 - 300 K/sec � 10 - 250 K/sec � 11 - reserved � 5 double stepping required � 4 media/drive determined � 3 reserved � 2-0 present state � 000 360k in 360k unestablished � 001 360k in 1.2M unestablished � 010 1.2M in 1.2M unestablished � 011 360k in 360k established � 100 360k in 1.2M established � 101 1.2M in 1.2M established � 110 reserved �������������Ĵ 111 none of the above �40:94�2 bytes� track currently seeked to drive 0, 1 �40:96� byte � keyboard flag byte 3 (see int 9h) �40:97� byte � keyboard flag byte 2 (see int 9h) �40:98� dword � segment:offset pointer to users wait flag �40:9C� dword � users timeout value in microseconds �40:A0� byte � real time clock wait function in use �������������Ĵ bits 7 wait time elapsed and posted flag � 6-1 reserved �������������Ĵ 0 int 15h, function 86h (WAIT) has occurred �40:A1� byte � LAN A DMA channel flags �40:A2�2 bytes� status LAN A 0,1 �40:A4� dword � saved hard disk interrupt vector �40:A8� dword � SAVE_PTR: EGA pointer to table of 7 parameters in segment: �������������Ĵ offset format. Format of table: � D_1 dword pointer to 1472 byte table of 64 video parameters � D_2 dword reserved � D_3 dword reserved � D_4 dword reserved � D_5 dword reserved for future use � D_6 dword reserved for future use �������������Ĵ D_7 dword reserved for future use �40:B0�2 words� international support (Tandy 1000 TX) �40:B4� byte � keyboard NMI control flags (Convertible) �40:B4� byte � monochrome monitor hookup detect (Tandy 1000 TX) � � � 00h not present 0FFh present �40:B5� dword � keyboard break pending flags (Convertible) �40:B5� byte � extended equipment detect (5 bits) (Tandy 1000 TX) �������������Ĵ bit 0 = 0 drive A is 5� � 1 drive A is 3� � 1 = 0 drive A is 5� � 1 drive A is 3� � 2 = 0 Tandy 1000 keyboard layout � 1 IBM keyboard layout � 3 = 0 CPU slow mode � 1 CPU fast mode � 4 = 0 internal color video support enabled � 1 internal color video support disabled, external � video enabled (chg from mb'd to expansion card) � 5 = 0 no external monochrome video installed �������������Ĵ 1 external monochrome video installed �40:B6� byte � extended equipment detect (1 bit) (Tandy 1000 TX) �������������Ĵ bit 0 = 0 drive C is 5� �������������Ĵ 1 drive C is 3� �40:B9� byte � port 60 single byte queue (Convertible) �40:BA� byte � scan code of last key (Convertible) �40:BB� byte � pointer to NMI buffer head (Convertible) �40:BC� byte � pointer to NMI buffer tail (Convertible) �40:BD�16bytes� NMI scan code buffer (Convertible) �40:CE� word � day counter (Convertible and after) � to � -04:8F� end of BIOS Data Area ������������������������������������������������������������������������������� � ** End of BIOS Data Area ** ������������������������������������������������������������������������������� �40:90�-40:EF � reserved by IBM �40:F0�16bytes� Inter-Application Communications Area (for use by applications �40:FF� � to transfer data or parameters to each other) �������������Ĵ 1) Used by Turbo Power's FMARK (mark memory for TSRs). � 2) Used by Norton Utilities' TimeMark to store the time. � 3) Used by BRIEF editor. �������������Ĵ �50:00� byte � DOS print screen status flag �������������Ĵ 00h not active or successful completion � 01h print screen in progress �������������Ĵ 0FFh error during print screen operation �50:01� � Used by BASIC �50:02-03 � PCjr POST and diagnostics work area �50:04� byte � Single drive mode status byte - not used by AT&T DOS 2.11! �������������Ĵ 00 logical drive A was last active �������������Ĵ 01 logical drive B was last active �50:05-0E � PCjr POST and diagnostics work area �50:0F� � BASIC: SHELL flag (set to 02h if there is a current SHELL) �50:10� word � BASIC: segment address storage (set with DEF SEG) �50:12�4 bytes� BASIC: int 1Ch clock interrupt vector segment:offset storage �50:16�4 bytes� BASIC: int 23h ctrl-break interrupt segment:offset storage �50:1A�4 bytes� BASIC: int 24h disk error int vector segment:offset storage �50:1B-1F � Used by BASIC for dynamic storage �50:20-21 � Used by DOS for dynamic storage �50:22-2C � Used by DOS for diskette parameter table. See int 1Eh for values �������������Ĵ In DOS 1.0 this is located in the ROM BIOS, but in DOS 1.1 and � subsequent it is a part of DOS located at 05:22. The first byte � (out of eleven) of the Disk Parameter contains the hexadecimal � value CF in DOS 1.0 and DF in DOS 1.1 and later. � DOS 1.0 24ms �������������Ĵ DOS 1.1 26ms �50:30-33 � Used by MODE command �50:81� � number of floppies installed in the system? �50:82� � first hard disk drive? �50:83� � last hard disk drive? �50:34-FF � Unknown - Reserved for DOS �������������������������������������������������������������������������������� Absolute Addresses .................................................... 2**6 0008:0047 IO.SYS or IBMBIO.COM IRET instruction. This is the dummy routine that interrupts 01h, 03h, and 0Fh are initialized to during POST. C000:001E EGA BIOS signature (the letters IBM) F000:FA6E table of characters 00h-7Fh used by int 10h video BIOS The first 128 characters are stored here and each occupies 8 bytes. The high bit ones are somewhere on the video adapter card. F000:FFF5 BIOS release date F000:FFFE PC model identification ���������������������������������������������������������������������Ŀ � ROM BIOS � model byte � � copyright � � submodel byte machine � � date � � � revision � ���������������������������������������������������������������������Ĵ � � 00 � 00 � 00 � AT&T 6300, Olivetti PC � � 09/02/86 � FA � 00 � 00 � PS/2 Model 30 � � 01/10/86 � FB � 00 � 00 � XT-2 (early) � � 01/10/86 � FB � 00 � 01 � XT Model 089 � � 05/09/86 � FB � 01 � 02 � XT-2 (revised) � � 01/10/84 � FC � -- � -- � AT Model 099 (original) � � 06/10/85 � FC � 00 � 01 � AT Model 239 6mHz (6.6 max governor) � � 11/15/85 � FC � 01 � 00 � AT Model 339, 339 8mHz (8.6 max governor) � � � FC � 01 � 00 � Compaq 386/16 � � � FC � 01 � 03 � some Phoenix 386 BIOS � � � FC � 01 � 81 � some Phoenix 386 BIOS � � 04/21/86 � FC � 02 � 00 � XT/286 � � 02/13/87 � FC � 04 � 00 � PS/2 Model 50 � � 02/13/87 � FC � 05 � 00 � PS/2 Model 60 � � � FC � 00 � � 7531/2 Industrial AT � � � FC � 06 � � 7552 "Gearbox" � � 04/18/88 � FC � 04 � 03 � PS/2 50Z � � 01/24/90 � FC � 01 � 00 � Compaq Deskpro 80386/25e � � 10/02/89 � FC � 02 � 00 � Compaq Deskpro 386s, 386SX, 16mHz � � 06/01/83 � FD � -- � -- � PCjr � � 11/08/82 � FE � -- � -- � XT, Portable PC, XT/370, 3270PC � � 04/24/81 � FF � -- � -- � PC-0 (16k motherboard) � � 10/19/81 � FF � -- � -- � PC-1 (64k motherboard) � � 08/16/82 � FF � -- � -- � PC, XT, XT/370 (256k motherboard) � � 10/27/82 � FF � -- � -- � PC, XT, XT/370 (256k motherboard) � � ? 1987 � F8 � 00 � 00 � PS/2 Model 80 � � 3/30/87 � F8 � 00 � 00 � PS/2 Model 80-041 16mHz � � 08/28/87 � F8 � ?? � ?? � PS/2 Model 80-071 16mHz � � ? 1987 � F8 � 01 � 00 � PS/2 Model 80 20mHz � � 09/17/87 � F8 � 01 � 01 � PS/2 Model 80-111 20mHz � � ? � F8 � 04 � ? � PS/2 Model 70-121 � � 01/18/89 � F8 � 0B � 00 � PS/2 Model 70 Portable � � 04/11/88 � F8 � 09 � 02 � PS/2 Model 70 desktop � � 02/20/89 � F8 � 0D � � PS/2 Model 70-A21 � � 09/13/85 � F9 � 00 � 00 � Convertible � � � 2D � -- � -- � Compaq PC (4.77mHz original) � � � 9A � -- � -- � Compaq Plus (XT compatible) � ����������������������������������������������������������������������� The IBM PC System Interrupts (Overview) ............................... 2**7 The interrupt table is stored in the very lowest location in memory, starting at 0000:0000h. The locations are offset from segment 0, i.e. location 0000h has the address for int 0, etc. The table is 1024 bytes in length and contains 256 four byte vectors from 00h to 0FFh. Each address' location in memory can be found by multiplying the interrupt number by 4. For example, int 7 could be found by (7x4=28) or 1Bh (0000:001Bh). These interrupt vectors normally point to ROM tables or are taken over by DOS when an application is run. Some applications revector these interrupts to their own code to change the way the system responds to the user. DOS provides int 21h function 25h to change interrupts from a high level; altering the interrupt vector table directly is not recommended, nor would it really get you anywhere. Quick Chart of Interrupts 00h-0FFh .................................... 2**8 ������������������������������������������������������������������������������Ŀ � Interrupt Address � � ����������������������� Function � � Number� (Hex) � Type � ������������������������������������������������������������������������������Ĵ � 0 � 00-03 � CPU � Divide by Zero � ������������������������������������������������������������������������������Ĵ � 1 � 04-07 � CPU � Single Step � ������������������������������������������������������������������������������Ĵ � 2 � 08-0B � CPU � Nonmaskable � ������������������������������������������������������������������������������Ĵ � 3 � 0C-0F � CPU � Breakpoint � ������������������������������������������������������������������������������Ĵ � 4 � 10-13 � CPU � Overflow � ������������������������������������������������������������������������������Ĵ � 5 � 14-17 � BIOS� Print Screen � ������������������������������������������������������������������������������Ĵ � 6 � 18-1B � hdw � Reserved � ������������������������������������������������������������������������������Ĵ � 7 � 1C-1F � hdw � Reserved � ������������������������������������������������������������������������������Ĵ � 8 � 20-23 � hdw � Time of Day � ������������������������������������������������������������������������������Ĵ � 9 � 24-27 � hdw � Keyboard � ������������������������������������������������������������������������������Ĵ � A � 28-2B � hdw � Reserved � ������������������������������������������������������������������������������Ĵ � B � 2C-2F � hdw � Communications (8259) � ������������������������������������������������������������������������������Ĵ � C � 30-33 � hdw � Communications � ������������������������������������������������������������������������������Ĵ � D � 34-37 � hdw � Disk � ������������������������������������������������������������������������������Ĵ � E � 38-3B � hdw � Diskette � ������������������������������������������������������������������������������Ĵ � F � 3C-3F � hdw � Printer � ������������������������������������������������������������������������������Ĵ � 10 � 40-43 � BIOS� Video � ������������������������������������������������������������������������������Ĵ � 11 � 44-47 � BIOS� Equipment Check � ������������������������������������������������������������������������������Ĵ � 12 � 48-4B � BIOS� Memory � ������������������������������������������������������������������������������Ĵ � 13 � 4C-4F � BIOS� Diskette/Disk � ������������������������������������������������������������������������������Ĵ � 14 � 50-53 � BIOS� Serial Communications � ������������������������������������������������������������������������������Ĵ � 15 � 54-57 � BIOS� Cassette, System Services � ������������������������������������������������������������������������������Ĵ � 16 � 58-5B � BIOS� Keyboard � ������������������������������������������������������������������������������Ĵ � 17 � 5C-5F � BIOS� Parallel Printer � ������������������������������������������������������������������������������Ĵ � 18 � 60-63 � BIOS� ROM BASIC Loader � ������������������������������������������������������������������������������Ĵ � 19 � 64-67 � BIOS� Bootstrap Loader � ������������������������������������������������������������������������������Ĵ � 1A � 68-6B � BIOS� Time of Day � ������������������������������������������������������������������������������Ĵ � 1B � 6C-6F � BIOS� Keyboard Break � ������������������������������������������������������������������������������Ĵ � 1C � 70-73 � BIOS� Timer Tick � ������������������������������������������������������������������������������Ĵ � 1D � 74-77 � BIOS� Video Initialization � ������������������������������������������������������������������������������Ĵ � 1E � 78-7B � BIOS� Diskette Parameters � ������������������������������������������������������������������������������Ĵ � 1F � 7C-7F � BIOS� Video Graphics Characters, second set � ������������������������������������������������������������������������������Ĵ � 20 � 80-83 � DOS � General Program Termination � ������������������������������������������������������������������������������Ĵ � 21 � 84-87 � DOS � DOS Services Function Request � ������������������������������������������������������������������������������Ĵ � 22 � 88-8B � DOS � Called Program Termination Address � ������������������������������������������������������������������������������Ĵ � 23 � 8C-8F � DOS � Control Break Termination Address � ������������������������������������������������������������������������������Ĵ � 24 � 90-93 � DOS � Critical Error Handler � ������������������������������������������������������������������������������Ĵ � 25 � 94-97 � DOS � Absolute Disk Read � ������������������������������������������������������������������������������Ĵ � 26 � 98-9B � DOS � Absolute Disk Write � ������������������������������������������������������������������������������Ĵ � 27 � 9C-9F � DOS � Terminate and Stay Resident � ������������������������������������������������������������������������������Ĵ � 28-3F � A0-FF � DOS � Reserved for DOS � ������������������������������������������������������������������������������Ĵ � *29h Fast Screen Write � � *2Ah Microsoft Networks - Session Layer Interrupt � � 2Fh Multiplex Interrupt � � *30h Far jump instruction for CP/M-style calls � � 33h Used by Microsoft Mouse Driver � ������������������������������������������������������������������������������Ĵ � 40-43 �100-115� BIOS� Reserved for BIOS � ������������������������������������������������������������������������������Ĵ � 40h Hard Disk BIOS � � 41h Hard Disk Parameters (except PC1) � � 42h Pointer to screen BIOS entry (EGA, VGA, PS/2) � � 43h Pointer to EGA initialization parameter table � ������������������������������������������������������������������������������Ĵ � 44 �116-119� BIOS� First 128 Graphics Characters � ������������������������������������������������������������������������������Ĵ � 45-47 �120-131� BIOS� Reserved for BIOS � ������������������������������������������������������������������������������Ĵ � 45h Reserved by IBM (not initialized) � � 46h Pointer to hard disk 2 params (AT, PS/2) � � 47h Reserved by IBM (not initialized) � ������������������������������������������������������������������������������Ĵ � 48 �132-135� BIOS� PCjr Cordless Keyboard Translation � ������������������������������������������������������������������������������Ĵ � 49 �136-139� BIOS� PCjr Non-Keyboard Scancode Translation Table � ������������������������������������������������������������������������������Ĵ � 4Ah Real-Time Clock Alarm (Convertible, PS/2) � ������������������������������������������������������������������������������Ĵ � 50-5F �140-17F� BIOS� Reserved for BIOS � ������������������������������������������������������������������������������Ĵ � 5Ah Cluster Adapter BIOS entry address � � *5Bh IBM (cluster adapter?) � � 5Ch NETBIOS interface entry port � ������������������������������������������������������������������������������Ĵ � 60-67 �180-19F� User Program Interrupts (availible for general use) � ������������������������������������������������������������������������������Ĵ � 60h 10-Net Network � � 67h Used by LIM & AQA EMS, EEMS � ������������������������������������������������������������������������������Ĵ � 68-7F �1A0-1FF� Reserved by IBM � ������������������������������������������������������������������������������Ĵ � 6Ch System Resume Vector (Convertible) � � 6Fh some Novell and 10-Net API functions � � 70h IRQ 8, Real Time Clock Interrupt (AT, PS/2) � � 71h IRQ 9, LAN Adapter 1 � � 72h IRQ 10 (AT, XT/286, PS/2) Reserved � � 73h IRQ 11 (AT, XT/286, PS/2) Reserved � � 74h IRQ 12 Mouse Interrupt (PS/2) � � 75h IRQ 13, Coprocessor Error � � 76h IRQ 14, Hard Disk Controller (AT, PS/2) � � 77h IRQ 15 (AT, XT/286, PS/2) Reserved � � 7Ch IBM REXX88PC command language � ������������������������������������������������������������������������������Ĵ � 80-85 �200-217� ROM BASIC � ������������������������������������������������������������������������������Ĵ � 86-F0 �218-3C3� Used by BASIC Interpreter When BASIC is running � ������������������������������������������������������������������������������Ĵ � F1-FF �3C4-3FF� Reserved by IBM � ������������������������������������������������������������������������������Ĵ � *0F8h Set Shell Interrupt (OEM) � � *0F9h OEM SHELL service codes � ��������������������������������������������������������� The IBM-PC System Interrupts (in detail) .............................. 2**9 �����������������������������������������������������������������������������Ŀ �Interrupt 00h Divide by Zero � ������������������������������������������������������������������������������� (0:0000h) (processor error). Automatically called at end of DIV or IDIV operation that results in error. Normally set by DOS to display an error message and abort the program. note On an 8086/8088, the return address points to the following instruction On an 80286/80386, the return address points to the divide instruction �����������������������������������������������������������������������������Ŀ �Interrupt 01h Single step � ������������������������������������������������������������������������������� (0:0004h) Taken after every instruction when CPU Trap Flag indicates single-step mode (bit 8 of FLAGS is 1). This is what makes the "T" command of DEBUG work for single stepping. Is not generated after MOV to segment register or POP of segment register. (unless you have a very early 8088 with the microcode bug). �����������������������������������������������������������������������������Ŀ �Interrupt 02h Non-maskable interrupt � ������������������������������������������������������������������������������� (0:0008h) Vector not disabled via CLI. Generated by NMI signal in hardware. This function is called in the event of a memory parity error or may occur in the event of other hardware problems or failures depending on the specific manufacturer's hardware. Displays the appropriate error message and halts the processor. Some AT chip sets apparently use int 02h to signal I/O errors as well as parity errors. This signal has various uses: POST parity error: all except PCjr and Convertible 80x87 coprocessor interrupt: all except PCjr and Convertible Keyboard interrupt: PCjr, Convertible I/O channel check: Convertible, PS/2 50+ Disk controller power-on request: Convertible System suspend: Convertible Realtime clock: Convertible System watchdog timer: PS/2 50+ Timeout interrupt: PS/2 50+ DMA timer time-out interrupt: PS/2 50+ Infrared keyboard link: PCjr �����������������������������������������������������������������������������Ŀ �Interrupt 03h Breakpoint � ������������������������������������������������������������������������������� (0:000Ch) Taken when CPU executes the 1-byte int 3 (0CCh). Similar to 8080's (internal) RST instruction. Generally used to set breakpoints for DEBUG. note 1) Also used by Turbo Pascal versions 1,2,3 when {$U+} specified. 2) Int 3s are sometimes inserted by the Microsoft Linker in response to an unresolved symbol. �����������������������������������������������������������������������������Ŀ �Interrupt 04h Divide overflow � ������������������������������������������������������������������������������� (0:0010h) Generated by INTO instruction if OF flag is set. If flag is not set, (internal) INTO is effectively a NOP. Used to trap any arithmetic errors when program is ready to handle them rather than immediately when they occur. �����������������������������������������������������������������������������Ŀ �Interrupt 05h Print Screen � ������������������������������������������������������������������������������� (0:0014h) Service dumps the screen to the printer. Invoked by int 9 for shifted key 55 (PrtSc). Automatically called by keyboard scan when PrtSc key is pressed. Normally executes a routine to print the screen, but may call any routine that can safely be executed from inside the keyboard handler. Status and result byte are at address 0050:0000. (internal) BOUND Check Failed (80286+) Generated by BOUND instruction when the value to be tested is less than the indicated lower bound or greater than the indicated upper bound. entry AH 05h return absolute address 50:0 00h print screen has not been called, or upon return from a call there were no errors 01h print screen is already in progress 0FFh error encountered during printing note 1) Uses BIOS services to read the screen. 2) Output is directed to LPT1. 3) Revectored into GRAPHICS.COM if GRAPHICS.COM is loaded. 4) On the Tandy 1000TX this interrupt can be enabled or disabled across the expansion slots via a DIP switch. �����������������������������������������������������������������������������Ŀ �Interrupt 06h Reserved by IBM � ������������������������������������������������������������������������������� (0:0018h) On the Tandy 1000TX this interrupt can be enabled or disabled across the expansion slots via a DIP switch. (internal) Undefined Opcode (80286+) �����������������������������������������������������������������������������Ŀ �Interrupt 07h Reserved by IBM � ������������������������������������������������������������������������������� (0:00C0h) On the Tandy 1000TX this interrupt can be enabled or disabled across the expansion slots via a DIP switch. (internal) No Math Unit Available (80286+) note The 80286 and later can be programmed to generate an int 7 whenever an ESC instruction is encountered. This could be used to emulate an 80x87 series coprocessor in software and be transparent to the application software. It could also be used to make a non-Intel floating point processor emulate an 80x87. �����������������������������������������������������������������������������Ŀ �Interrupt 08h Timer � ������������������������������������������������������������������������������� (0:0020h) 55ms timer "tick" issued 18.2 times per second. (IRQ0) 8259-1 Interrupt Controller Updates the system time at [0040:006C] (low word) and [0040:006E] (high word) and issues an int 1Ch (timer). (int 1Ch points to an IRET instruction unless changed by a resident program). The timer interrupt is given the highest maskable interrupt priority upon power up. (internal) Double Fault (80286+ protected mode) Called when multiple exceptions occur on one instruction, or an exception occurs in an exception handler. If an exception occurs in the double fault handler, the CPU goes into SHUTDOWN mode (which circuitry in the PC/AT converts to a reset). entry AH 08h return absolute addresses: 40:6C number of interrupts since power on (4 bytes) 40:70 number of days since power on (1 byte) 40:67 day counter on all products after AT 40:40 motor control count - gets decremented and shuts off diskette motor if zero �����������������������������������������������������������������������������Ŀ �Interrupt 09h Keyboard � ������������������������������������������������������������������������������� (0:0024h) Taken whenever a key is pressed or released. This is normally a scan (IRQ1) code, but may also be an ACK or NAK of a command on AT-type keyboards. The hardware provides the key pressed in a non-ASCII scan code format read at I/O port 60h. The servicer acknowledges receipt of the key by toggling bit 7 of port 61h. (Port 61h should be read first, then bit 7 ORed on, output to port 61h, then ANDed off, and resent to port 61h). The read key is decoded to yield an ASCII character, special function key (such as F1) or a control function like Left Shift Key. The converted ASCII character is placed into the next available position in the circular queue keyboard. It is put in the position indicated by queue tail when it will not cause the loss of earlier entered data. The queue head points to the oldest key pressed in the buffer which has not been removed from the queue (the normal process uses int 16h to remove keys from the queue and return the key value to the int 16h caller). The 16 word queue holds up to 16 keys. If the queue head equals the queue tail, the queue is empty. Valid keys in the queue comprise the upper byte scan code and the lower byte ASCII character. If the key pressed has no ASCII equivalent (i.e F1 to F12), the lower byte is zero. Toggle and shift keys are not placed in the buffer, but appear in the two status bytes at absolute addr. [0040:0017,18]. Special key combinations will cause other events to occur: a) Ctrl-Alt_Del - Reset computer by jumping to power_on_reset b) Print screen - Call int_5_prn_scrn to print the current screen c) Ctrl-Break - Call int_1Bh control break key processor (DOS) d) Pause - Wait until an ASCII key is pressed, without placing the key in the queue (internal) Math Unit Protection Fault (80286+ protected mode) entry AH 09h return at absolute memory addresses: 40:17 bit 0 right shift key depressed 1 left shift key depressed 2 control key depressed 3 alt key depressed 4 ScrollLock state has been toggled 5 NumLock state has been toggled 6 CapsLock state has been toggled 7 insert state is active 40:18 bit 0 left control key depressed 1 left alt key depressed 2 SysReq key depressed 3 Pause key has been toggled 4 ScrollLock key is depressed 5 NumLock key is depressed 6 CapsLock key is depressed 7 Insert key is depressed 40:96 bit 0 last code was the E1h hidden code 1 last code was the E0h hidden code 2 right control key down 3 right alt key down 4 101 key Enhanced keyboard installed 5 force NumLock if rd ID & kbx 6 last character was first ID character 7 doing a read ID (must be bit 0) 40:97 bit 0 ScrollLock indicator 1 NumLock indicator 2 CapsLock indicator 3 circus system indicator 4 ACK received 5 resend received flag 6 mode indicator update 7 keyboard transmit error flag 40:1E keyboard buffer (20h bytes) 40:1C buffer tail pointer 40:72 1234h if ctrl-alt-del pressed on keyboard AL scan code note 1) Int 05h invoked if PrtSc key pressed. 2) Int 1Bh invoked if Ctrl-Break key sequence pressed. 3) Int 15h, AH=85h invoked on AT and after if SysReq key is pressed. 4) Int 15h, AH=4Fh invoked on machines after AT. 5) Int 16h, BIOS keyboard functions, uses this interrupt. �����������������������������������������������������������������������������Ŀ �Interrupt 0Ah EGA Vertical Retrace � ������������������������������������������������������������������������������� (0:0028h) used by EGA vertical retrace (IRQ2) 8259-1 Interrupt Controller note 1) The TOPS and PCnet adapters use this IRQ line by default. 2) On systems equipped with 2 interrupt controller chips (8259), IRQ 2 is used to support the second interrupt controller. In this case, int 71h (IRQ 9) is used to replace IRQ 2. Hardware calls to int 71h are redirected to this interrupt to maintain compatibility. 3) Many VGA boards to not use this interrupt. (internal) Invalid Task State Segment (80286+ protected mode) �����������������������������������������������������������������������������Ŀ �Interrupt 0Bh Communications Controller (serial port) hdw. entry � ������������������������������������������������������������������������������� (0:002Ch) Serial Port 2 (COM2) 8259-1 (IRQ3) note 1) IRQ 3 may be used by SDLC (synchronous data-link control) or bisynchronous communications cards instead of a serial port. 2) The TOPS and PCnet adapters use this interrupt request line as an alternate. 3) On PS/2s, COM2 through COM8 share this IRQ. 4) For most serial boards, COM4 shares this IRQ. 5) On the Commodore Amiga 2000 with the PC Bridge Board, this interrupt is used for communication between the Amiga system board and the Bridge Board. This was probably the lowest IRQ level they felt safe using, but limits the A2000's use of network cards, etc. 6) This interrupt is used by part of the stack-switching code added to DOS 3.2 for use with Local Area Network adapters. 7) The PS/2 puts COM3 through COM8 at port addresses above 3FFh (not properly decoded by older PCs) and has all of them sharing IRQ3. (internal) Not Present (80286+ protected mode) Generated when loading a segment register if the segment descriptor indicates that the segment is not currently in memory. May be used to implement virtual memory. �����������������������������������������������������������������������������Ŀ �Interrupt 0Ch Communications Controller (serial port) Hardware Entry � ������������������������������������������������������������������������������� (0:0030h) Serial Port 1 (COM1) or internal modem in PCjr or Convertible (IRQ4) 8259-1 note 1) IRQ 4 may be used by SDLC (synchronous data-link control) or bisynchronous communications cards instead of a serial port. 2) On some PCs, this interrupt is shared by COM3. 3) Tandy computers use IRQ4 instead of IRQ5 for the hard disk interrupt. 4) Best performance of mice sometimes happens when they are configured for IRQ4 instead of IRQ3, since some mouse drivers may lock system interrupts for long periods. (internal) Stack Fault (80286+ protected mode) Generated on stack overflow/underflow. Note that the 80286 will shut down in real mode if SP=1 before a push. �����������������������������������������������������������������������������Ŀ �Interrupt 0Dh Hard Disk � ������������������������������������������������������������������������������� (0:0034h) Miscelleneous uses (IRQ5) 8259-1 note 1) Various Tandy 1000 models may use this line for the 60Hhz RAM refresh or as "optional bus interrupt." 2) Used by hard disk on IBM XT and most compatibles. 3) LPT2 on AT, XT/286, and PS/2 4) Dummy CRT vertical retrace on PCjr (internal) General Protection Violation (80286+) Called in real mode when an instruction attempts to access a word operand located at offset 0FFFFh or a PUSH MEM or POP MEM instruction contains an invalid bit code in the second byte, or when an instruction exceeds the maximum length allowed (10 bytes for 80286, 15 bytes for 80386) �����������������������������������������������������������������������������Ŀ �Interrupt 0Eh Diskette Interrupt � ������������������������������������������������������������������������������� (0:0038h) Generated by floppy controller on completion of an operation (IRQ6) (sets bit 8 of 40:3E) (internal) Page Fault (80386+ native mode) �����������������������������������������������������������������������������Ŀ �Interrupt 0Fh Reserved by IBM � ������������������������������������������������������������������������������� (0:003Ch) IRQ7 used by 8259 PPI interrupt (LPT1, LPT2) (IRQ7) note 1) Generated by the LPT1 printer adapter when printer becomes ready. Many printer adapters do not reliably generate this interrupt. 2) This interrupt is normally avoided. If a bad interrupt occurs, it will vector to this spot (when caused by a misprogrammed 8259 PIC) ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R T H R E E THE PC ROM BIOS C O N T E N T S Calling the ROM BIOS .................................................. 3**1 Interrupt 10h Video Services ......................................... 3**2 Interrupt 11h Equipment Check ........................................ 3**3 Interrupt 12h Memory Size ............................................ 3**4 Interrupt 13h Disk Functions ......................................... 3**5 Interrupt 14h Initialize and Access Serial Port ...................... 3**6 FOSSIL Drivers ......................................... 3**7 Interrupt 15h Cassette I/O ........................................... 3**8 Interrupt 16h Keyboard I/O ........................................... 3**9 Interrupt 17h Printer ................................................ 3**10 Interrupt 18h ROM BASIC .............................................. 3**11 Interrupt 19h Bootstrap Loader ....................................... 3**12 Interrupt 1Ah Time of Day ............................................ 3**13 Interrupt 1Bh Control-Break .......................................... 3**14 Interrupt 1Ch Timer Tick ............................................. 3**15 Interrupt 1Dh Vector of Video Initialization Parameters .............. 3**16 Interrupt 1Eh Vector of Diskette Controller Parameters ............... 3**17 Interrupt 1Fh Ptr to Graphics Character Extensions (Graphics Set 2) .. 3**18 The ROM BIOS is the lowest level of software access. It contains the following routines: (all) power-on self-test (POST) boostrap loader clock floppy disk I/O video I/O keyboard serial ports parallel ports print screen equipment check report memory size (AT) hard disk I/O report memory size (extended memory) extended memory block moves enhanced video and keyboard I/O high resolution timer alarm Machines such as the PC Convertible, PCjr, and non-IBM machines add additional functions. Calling the ROM BIOS .................................................. 3**1 The BIOS services are invoked by placing the number of the desired function in register AH, subfunction in AL, setting the other registers to any specific requirements of the function, and invoking any of ints 10h through int 1Fh. The original IBM PC Technical Reference gave the absolute addresses of the ROM routines. Some early software jumped directly to these addresses, with mixed results on non-IBM BIOSes. This practice was common on machines predating the PC, but there is no practical use for it now. The OS/2 Compatibility Box also does not support jumping directly into the ROM. When the interrupt is called, all register and flag values are pushed into the stack. The interrupt address contains a pointer into an absolute address in the ROM BIOS chip address space. This location may be further vectored into the IBMBIO.COM (or equivalent) file or user file. The address vector points to a particular BIOS command handler. The handler pops the register values, compares them to its list of functions, and executes the function if valid. When the function is complete, it may pass values back to the command handler. The handler will push the values into the stack and then return control to the calling program. Most functions will return an error code; some return more information. Details are contained in the listings for the individual functions. Register settings listed are the ones used by the BIOS. Some functions will return with garbage values in unused registers. Do not test for values in unspecified registers; your program may exhibit odd behavior. Three sets of BIOS routines are available: PC BIOS, AT BIOS (also called CBIOS or "Old compatibility BIOS", and the PS/2 ABIOS "Advanced BIOS". The Advanced BIOS is contained in PS/2 ROMs. It is primarily intended for OS use rather than application use. OS/2 can take advantage of ABIOS routines to reduce RAM use on PS/2 systems. The ABIOS can be replaced by disk and RAM based ABIOS code if desired. There is a new BIOS Data Area defined in high memory that occupies one K of RAM. In OS/2 systems, parts of the ABIOS are replaced by OS/2 drivers. While the CBIOS must be addressed via pointers, the routines in the ABIOS are fixed in absolute locations so they can be referenced directly by OS/2. The ABIOS can run in protected mode, and is fully reentrant. It supports three types of function requests - single staged, discrete multistaged, or continuous multistaged. A single-staged request does its job immediately and returns control to the caller. A discrete multistaged request may happen in two or more stages with pauses between the stages. The caller may regain control during the pauses. A continuous multistaged request starts a staged operation that never ends. (sometimes called a daemon). Unlike the CBIOS which is called with software interrupts, ABIOS is accessed with FAR calls. ABIOS calls are completely reentrant in both real and protected modes. To call an ABIOS function, the calling program must pass pointers to two data structures - a request block and a common data area. The request block specifies the desired function number and the common data area is a table that contains pointers to all the ABIOS' other tables and data areas. The common data area's internal structure contains the function transfer tables which have the addresses of the BIOS routines. ABIOS stack frame and calling conventions: bytes stack contents 2 common data area pointer (segment/selector only) required 4 request block pointer - required 4 function transfer table pointer - furnished by ABIOS or caller 4 device block pointer - furnished by ABIOS or caller 4 return address In ABIOS Transfer Convention, only the first two items are required. ABIOS assigns the second two. In Operating System Transfer Convention, the caller provides the second two. Since the parameters are not removed from the stack on return to the caller, the operating system may save the function transfer table and device addresses after they have been furnished by the ABIOS by a call. ABIOS does no interrupt arbitration. It assumes all interrupts are handled by the caller or the OS and it is called only for service. If more than one device is sharing a hardware interrupt, the OS must determine which interrupt is valid for the ABIOS. OS/2 may use the ABIOS if found, but otherwise duplicates the BIOS calls for the DOS Compatibility Box by vectoring BIOS calls into its own device drivers. This makes it rather difficult for DOS drivers for mass storage, high resolution video boards, multitasking APIs using int 15h, etc. If your software needs to manipulate hardware directly you might want to check if your code is running under OS/2. The simplest method is to check for DOS version 10 or higher. note Some references list an "XT/2" machine, which was reputedly an 8mHz 8088 with 640k and a clock on the motherboard. IBM doesn't list such a machine, and I have a late '86 XT, one of the last made. It is pretty much like the older ones. �����������������������������������������������������������������������������Ŀ �Interrupt 10h Video Services 3**2 � ������������������������������������������������������������������������������� (0:0040h) The BIOS Video Services may be found in Chapter 16. (internal) Coprocessor Error (80286+) Generated by the CPU when the -ERROR pin is asserted by the coprocessor (usually 80x87, but may be any multimaster CPU or alternate NDP such as Weitek, etc.). ATs and clones usually wire the coprocessor to use IRQ13, but not all get it right. �����������������������������������������������������������������������������Ŀ �Interrupt 11h Equipment Check 3**3 � ������������������������������������������������������������������������������� (0:0044h) Reads the BIOS Data Area and returns two bytes of setup info. entry no parameters are required return AX Equipment listing word. Bits are: 0 number of floppy drives 0 no drives 1 bootable (IPL) diskette drive installed 1 math chip 0 no math coprocessor (80x87) present 1 math coprocessor (80x87) present (PS/2) 2 0 mouse not installed 1 mouse installed (PC) 2,3 system board RAM 0,0 16k (PC-0, PC-1) 0,1 32k 1,0 48k 1,1 64k (PC-2, XT) note 1) not commonly used. Set both bits to 1 2) both bits always 1 in AT 4,5 initial video mode 0,0 no video installed (use with dumb terminal) 0,1 40x25 color (CGA) 1,0 80x25 color (CGA, EGA, PGA, MCGA, VGA) 1,1 80x25 monochrome (MDA or Hercules, most super- hires mono systems) 6,7 number of diskette drives (only if bit 0 is 1) 0,0 1 drives 0,1 2 drives 1,0 3 drives 1,1 4 drives 8 0 DMA present 1 no DMA (PCjr, some Tandy 1000s, 1400LT) 9,A,B number of RS232 serial ports (0-3) 0,0,0 none 0,0,1 1 0,1,0 2 0,1,1 3 1,0,0 4 C 0 no game I/O attached 1 game I/O attached (default for PCjr) D serial accessory installation 0 no serial accessories installed 1 Convertible - internal modem installed or PCjr - serial printer attached E,F number of parallel printers 0,0 none 0,1 one (LPT1, PRN) 1,0 two (LPT2) 1,1 three (LPT3) note Models before PS/2 would allow a fourth parallel printer. Remapping of the BIOS in the PS/2s does not allow the use of LPT4. (386 extended AX) 23d 0 Weitek ABACUS - virtual '86 EMS page tables not correctly initialized 1 Weitek ABACUS - virtual '86 EMS page tables OK 24d 0 Weitek ABACUS NDP not present 1 Weitek ABACUS NDP present �����������������������������������������������������������������������������Ŀ �Interrupt 12h Memory Size 3**4 � ������������������������������������������������������������������������������� (0:0048h) get system memory entry no parameters required return AX number of contiguous 1K RAM blocks available for DOS note 1) This is the same value stored in absolute address 04:13h. 2) For some early PC models, the amount of memory returned by this call is determined by the settings of the dip switches on the motherboard and may not reflect all the memory that is physically present. 3) For the PC/AT, the value returned is the amount of functional memory found during the power-on self-test, regardless of the memory size configuration information stored in CMOS RAM. 4) The value returned does not reflect any extended memory (above the 1 Mb boundary) that may be present on 80286 or 80386 machines. �����������������������������������������������������������������������������Ŀ �Interrupt 13h Disk Functions 3**5 � ������������������������������������������������������������������������������� (0:0049h) The service calls for BIOS disk functions are located in Chapter 8. �����������������������������������������������������������������������������Ŀ �Interrupt 14h Initialize and Access Serial Port For Int 14 3**6 � ������������������������������������������������������������������������������� Note: Some IBM PS/2 Model 50Z machines were delivered with serial ports that did not meet specification. Some cheap clone serial ports may also be troublesome. (0:0050h) the following status is defined: serial status byte: bits 0 delta clear to send 1 delta data set ready 2 trailing edge ring detector 3 delta receive line signal detect 4 clear to send 5 data set ready 6 ring indicator 7 receive line signal detect line status byte: bits 0 data ready 1 overrun error 2 parity error 3 framing error 4 break detect 5 transmit holding register empty 6 transmit shift register empty 7 time out note: if bit 7 set then other bits are invalid Though present on the IBM PS/2s, COM3 and COM4 are not widely standardized across the industry. The most common definitions are: port addr. IRQ interrupt COM1 3F8 IRQ4 int 0Ch COM2 2F8 IRQ3 int 0Bh COM3 3E8 IRQ4 int 0Ch COM4 2E8 IRQ3 int 0Bh As you can see, COM1/COM3 and COM2/COM4 are siamesed. Since the ISA bus does not support shared interrupts, simultaneous access of two of a pair may cause conflict. For example, a mouse and a modem would not coexist well on paired ports. All routines have AH=function number and DX=RS232 card number (0 based). AL=character to send or received character on exit, unless otherwise noted. entry AH 00h Initialize And Access Serial Communications Port bit pattern: BBBPPSLL BBB = baud rate: 110,150,300,600,1200,2400,4800,9600 PP = parity: 01 = odd, 11 = even S = stop bits: 0 = 1, 1 = 2 LL = word length: 10 = 7-bits, 11 = 8-bits AL parms for initialization: bit pattern: 0 word length 1 word length 2 stop bits 3 parity 4 parity 5 baud rate 6 baud rate 7 baud rate word length 10 7 bits 11 8 bits stop bits 0 1 stop bit 1 2 stop bits parity 00 none 01 odd 11 even baud rate 000 110 baud 001 150 baud 010 300 baud 011 600 baud 100 1200 baud 101 2400 baud 110 4800 baud 111 9600 baud (4800 on PCjr) DX port number (0=COM1, 1=COM2, etc.) return AH line status AL modem status note To initialize the serial port to > 9600 baud on PS/2 machines, see fns 04h and 05h. Function 01h Send Character in AL to Comm Port entry AH 01h AL character DX port number (0 - 3) return AH RS232 status code bit 0 data ready 1 overrun error 2 parity error 3 framing error 4 break detected 5 transmission buffer register empty 6 transmission shift register empty 7 timeout AL modem status bit 0 delta clear-to-send 1 delta data-set-ready 2 trailing edge ring detected 3 change, receive line signal detected 4 clear-to-send 5 data-set-ready 6 ring received 7 receive line signal detected Function 02h Wait For A Character From Comm Port DX entry AH 02h DX port number (0-3) return AL character received AH error code (see above)(00h for no error) Function 03h Fetch the Status of Comm Port DX (0 or 1) entry AH 03h DX port (0-3) return AH set bits (01h) indicate comm-line status bit 7 timeout bit 6 empty transmit shift register bit 5 empty transmit holding register bit 4 break detected ("long-space") bit 3 framing error bit 2 parity error bit 1 overrun error bit 0 data ready AL set bits indicate modem status bit 7 received line signal detect bit 6 ring indicator bit 5 data set ready bit 4 clear to send bit 3 delta receive line signal detect bit 2 trailing edge ring detector bit 1 delta data set ready bit 0 delta clear to send Function 04h Extended Initialize (Convertible, PS/2) entry AH 04h AL break status 01h if break 00h if no break BH parity 00h no parity 01h odd parity 02h even parity 03h stick parity odd 04h stick parity even BL number of stop bits 00h one stop bit 01h 2 stop bits (1� if 5 bit word length) CH word length 00h 5 bits 01h 6 bits 02h 7 bits 03h 8 bits CL baud rate 00h 110 01h 150 02h 300 03h 600 04h 1200 05h 2400 06h 4800 07h 9600 08h 19200 DX comm port (0-3) return AH line control status AL modem status note Provides a superset of fn 00h capabilities for PS/2 machines. Function 05h Extended Communication Port Control (Convertible, PS/2) entry AH 05h AL 00h read modem control register 01h write modem control register BL modem control register bits 0 DTR data terminal ready 1 RTS request to send 2 out1 3 out2 4 loop 5,6,7 reserved DX port number (0=COM1, 1=COM2, etc.) return AH port status (see 00h above) AL modem status (see 00h above) BL modem control register (see 01h above) FOSSIL Drivers ........................................................ 3**7 Interrupt 14h FOSSIL (Fido/Opus/Seadog Standard Interface Level) drivers A FOSSIL is a device driver for handling the IBM PC serial com?232 status code (see AH=00h above) AL ASCII value of character received from serial port note Will timeout if DSR is not asserted, even if function 03h returns data ready. entry AH 03h FOSSIL: Request status DX port number (NOP if DX=00FFh) return AX status bit mask AH bit 0 set RDA input data is available in buffer 1 set OVRN input buffer overrun 2 N/A 3 N/A 4 N/A 5 set THRE room is available in output buffer 6 set TSRE output buffer is empty 7 N/A AL bit 0 N/A 1 N/A 2 N/A 3 set this bit is always set 4 N/A 5 N/A 6 N/A 7 set DCD carrier detect note Bit 3 of AL is always returned set to enable programs to use it as a carrier detect bit on hardwired (null modem) links. entry AH 04h Initialize FOSSIL driver BX 4F50h (optional) DX port number (DX=00FFh special) ES:CX pointer to ^C flag address (optional) return AX 1954h if successful BL maximum function number supported (excluding 7Eh-0BFh) BH revision of FOSSIL supported note 1) DTR is raised when FOSSIL inits. 2) Existing baudrate is preserved. 3) If BX contains 4F50h, the address specified in ES:CX is that of a ^C flag byte in the application program, to be incremented when ^C is detected in the keyboard service routines. This is an optional service and only need be supported on machines where the keyboard service can't (or won't) perform an int 1Bh or int 23h when a control-C is entered. entry AH 05h Deinitialize FOSSIL driver DX port number (DX=00FFh special) return none note 1) DTR is not affected. 2) Disengages driver from comm port. Should be done when operations on the port are complete. 3) If DX=00FFh, the initialization that was performed when FOSSIL function 04h with DX=00FFh should be undone. entry AH 06h FOSSIL: Raise/lower DTR AL DTR state to be set 00h lower DTR 01h raise DTR DX comm port (NOP if DX=00FFh) return none entry AH 07h FOSSIL: Return timer tick parameters return AH ticks per second on interrupt number shown in AL AL timer tick interrupt number (not vector!) DX milliseconds per tick (approximate) entry AH 08h FOSSIL: Flush output buffer DX port number (NOP if DX=00FFh) return none note Waits until all output is done. entry AH 09h FOSSIL: Purge output buffer DX port number (NOP if DX=00FFh) return none note Returns to caller immediately. entry AH 0Ah FOSSIL: Purge input buffer DX port number (NOP if DX=00FFh) return none note 1) If any flow control restraint has been employed (dropping RTS or transmitting XOFF) the port will be "released" by doing the reverse, raising RTS or sending XON. 2) Returns to caller immediately. entry AH 0Bh FOSSIL: Transmit no wait AL ASCII character value to be sent DX port number (NOP if DX=00FFh) return AX 0000h character not accepted 0001h character accepted note This is exactly the same as the "regular" transmit call except that if there is no space available in the output buffer a value of zero is returned in AX, if room is available a value 1 (one) is returned. entry AH 0Ch FOSSIL: Nondestructive Read no Wait DX port number (NOP if DX=00FFh) return AH character 0FFFFh character not available note 1) Reads async buffer. 2) Does not remove keycode from buffer. entry AH 0Dh FOSSIL: Keyboard read no wait return AX IBM keyboard scan code or 0FFFFh if no keyboard character available note 1) Use IBM-style function key mapping in the high order byte. 2) Scan codes for non function keys are not specifically required but may be included. 3) Does not remove keycode from buffer. entry AH 0Eh FOSSIL: Keyboard input with wait return AX IBM keyboard scan code note Returns the next character from the keyboard or waits if no character is available. entry AH 0Fh Enable or Disable flow control AL bit mask describing requested flow control bits 0 XON/XOFF on transmit (watch for XOFF while sending) 1 CTS/RTS (CTS on transmit/RTS on receive) 2 reserved 3 XON/XOFF on receive (send XOFF when buffer near full) 4-7 not used, FOSSIL spec calls for setting to 1 DX port number (NOP if DX=00FFh) return none note 1) Bit 2 is reserved for DSR/DTR, but is not currently supported in any implementation. 2) TRANSMIT flow control allows the other end to restrain the transmitter when you are overrunning it. RECEIVE flow control tells the FOSSIL to attempt to do just that if it is being overwhelmed. 3) Enabling transmit Xon/Xoff will cause the FOSSIL to stop transmitting upon receiving an Xoff. The FOSSIL will resume transmitting when an Xon is received. 4) Enabling CTS/RTS will cause the FOSSIL to cease transmitting when CTS is lowered. Transmission will resume when CTS is raised. The FOSSIL will drop RTS when the receive buffer reaches a predetermined percentage full. The FOSSIL will raise RTS when the receive buffer empties below the predetermined percentage full. The point(s) at which this occurs is left to the individual FOSSIL implementor. 5) Enabling receive Xon/Xoff will cause the FOSSIL to send a Xoff when the receive buffer reaches a pre-determined percentage full. An Xon will be sent when the receive buffer empties below the predetermined percentage full. The point(s) at which this occurs is left to the individual FOSSIL implementor. 6) Applications using this function should set all bits ON in the high nibble of AL as well. There is a compatible (but not identical) FOSSIL driver implementation that uses the high nibble as a control mask. If your application sets the high nibble to all ones, it will always work, regardless of the method used by any given driver. entry AH 10h Extended Ctrl-C/Ctrl-K checking and transmit on/off AL flags bit mask byte (bit set if activated) bits 0 enable/disable Ctrl-C/Ctrl-K checking 1 disable/enable the transmitter 2-7 not used DX port number (NOP if DX=00FFh) return AX status byte 0000h control-C/K has not been received 0001h control-C/K has been received note This is used primarily for programs that can't trust XON/XOFF at FOSSIL level (such as BBS software). entry AH 11h FOSSIL: Set current cursor location. DH row (line) 0-24 DL column 0-79 return none note 1) This function looks exactly like the int 10h, fn 02h on the IBM PC. The cursor location is passed in DX: row in DH and column in DL. This function treats the screen as a coordinate system whose origin (0,0) is the upper left hand corner of the screen. 2) Row and column start at 0. entry AH 12h FOSSIL: Read current cursor location. return DH row (line) DL column note 1) Looks exactly like int 10h/fn 03h in the IBM PC BIOS. The current cursor location (same coordinate system as function 16h) is passed back in DX. 2) Row and column start at 0. entry AH 13h FOSSIL: Single character ANSI write to screen. AL value of character to display return none note This call might not be reentrant since ANSI processing may be through DOS. entry AH 14h FOSSIL: Enable or disable watchdog processing AL 00h to disable watchdog 01h to enable watchdog DX port number (NOP if DX=00FFh) return none note 1) This call will cause the FOSSIL to reboot the system if Carrier Detect for the specified port drops while watchdog is turned on. 2) The port need not be active for this function to work. entry AH 15h Write character to screen using BIOS support routines AL ASCII code of character to display return none note 1) This function is reentrant. 2) ANSI processing may not be assumed. entry AH 16h Insert or Delete a function from the timer tick chain AL 00h to delete a function 01h to add a function ES:DX address of function return AX 0000h successful 0FFFFh unsuccessful entry AH 17h FOSSIL: Reboot system AL boot type 00h cold boot 01h warm boot return none entry AH 18h FOSSIL: Read block CX maximum number of characters to transfer DX port number (NOP if DX=00FFh) ES:DI pointer to user buffer return AX number of characters transferred note 1) This function does not wait for more characters to become available if the value in CX exceeds the number of characters currently stored. 2) ES:DI are left unchanged by the call; the count of bytes actually transferred will be returned in AX. entry AH 19h FOSSIL: Write block CX maximum number of characters to transfer DX port number (NOP if DX=00FFh) ES:DI pointer to user buffer return AX number of characters transfered note ES and DI are not modified by this call. entry AH 1Ah FOSSIL: Break signal begin or end AL 00h stop sending 'break' 01h start sending 'break' DX port number (NOP if DX=00FFh) return none note 1) Resets all transmit flow control restraints such as an XOFF received from remote. 2) Init (fn 04h) or UnInit (fn 05h) will stop an in-progress break. 3) The application must determine the "length" of the break. entry AH 1Bh FOSSIL: Return information about the driver CX size of user buffer in bytes DX port number (if DX=00FFh, port data will not be valid) ES:DI pointer to user buffer return AX number of characters transferred ES:DI user buffer structure: 00h word size of structure in bytes 02h byte FOSSIL driver version 03h byte revision level of this specific driver 04h dword FAR pointer to ASCII ID string 08h word size of the input buffer in bytes 0Ah word number of bytes in input buffer 0Ch word size of the output buffer in bytes 0Eh word number of bytes in output buffer 10h byte width of screen in characters 11h byte screen height in characters 12h byte actual baud rate, computer to modem (see mask in function 00h note 1) The baud rate byte contains the bits that fn 00h would use to set the port to that speed. 2) The fields related to a particular port (buffer size, space left in the buffer, baud rate) will be undefined if port=0FFh or an invalid port is contained in DX. 3) Additional information will always be passed after these, so that the fields will never change with FOSSIL revision changes. entry AH 7Eh FOSSIL: Install an external application function AL code assigned to external application ES:DX pointer to entry point return AX 1954h FOSSIL driver present not 1954h FOSSIL driver not present BH 00h failed 01h successful BL code assigned to application (same as input AL) note 1) Application codes 80h-0BFh are supported. Codes 80h-83h are reserved. 2) An error code of BH=00h with AX=1954h should mean that another external application has already been installed with the code specified in AL. 3) Applications are entered via a FAR call and should make a FAR return. entry AH 7Fh FOSSIL: Remove an external application function AL code assigned to external application ES:DX pointer to entry point return AX 1954h BH 00h failed 01h successful BL code assigned to application (same as input AL) �����������������������������������������������������������������������������Ŀ �Interrupt 15h Cassette I/O 3**8 � ������������������������������������������������������������������������������� (0:0054h) 1) Renamed "System Services" on PS/2 line. 2) Issuing int 15h on an XT may cause a system crash. On AT and after, interrupts are disabled with CLI when the interrupt service routine is called, but most ROM versions do not restore interrupts with STI. 3) For the original IBM PC, int 15h returns AH=80h and CF set for all calls with AH not 0,1, or 2. 4) For the PC/XT int 15h returns AH=86h, CF set if called at all. (the PC/XT ROM BIOS does not support int 15h) 5) For the AT/339, int 15h returns AH=86h, CF set if called with an invalid function code. Function 00h Turn Cassette Motor On (PC, PCjr only) entry AH 00h return CF set on error AH error code 00h no errors 01h CRC error 02h bad tape signals no data transitions (PCjr) 03h no data found on tape not used (PCjr) 04h no data no leader (PCjr) 80h invalid command 86h no cassette present not valid in PCjr note NOP for systems where cassette not supported. Function 01h Turn Cassette Motor Off (PC, PCjr only) entry AH 01h return CF set on error AH error code (86h) note NOP for systems where cassette not supported. Function 02h Read Blocks From Cassette (PC, PCjr only) entry AH 02h CX number of bytes to read ES:BX segment:offset + 1 of last byte read return CF set on error AH error code (01h, 02h, 04h, 80h, 86h) DX count of bytes actually read ES:BX pointer past last byte written note 1) NOP for systems where cassette not supported. 2) Cassette operations normally read 256 byte blocks. Function 03h Write Data Blocks to Cassette (PC, PCjr only) entry AH 03h CX count of bytes to write ES:BX pointer to data buffer return CF set on error AH error code (80h, 86h) CX 00h ES:BX pointer to last byte written+1 note 1) NOP for systems where cassette not supported. 2) The last block is padded to 256 bytes with zeroes if needed. 3) No errors are returned by this service. Function 0Fh ESDI Format Unit Periodic Interrupt (PS/2 50+) entry AH 0Fh AL phase code 00h reserved 01h surface analysis 02h formatting return CF clear if formatting should continue set if it should terminate note 1) Called the BIOS on the ESDI Fixed Disk Drive Adapter/A during a format or surface analysis operation after each cylinder is completed. 2) This function call can be captured by a program so that it will be notified as each cylinder is formatted or analyzed. The program can count interrupts for each phase to determine the current cylinder number. 3) The BIOS default handler for this function returns with CF set. Function 10h TopView API Function Calls (TopView) see Chapter 17 Function 20h PRINT.COM (DOS 3.1+ internal) (AT, XT/286, PS/2 50+) entry AH 20h AL subfunction 00h disable critical region flag 01h set critical region flag ES:BX pointer to flag byte set while inside DOS calls 10h set up SysReq routine 11h completion of SysReq routine (software only) Function 21h Read Power-On Self Test (POST) Error Log (PS/2 50+) entry AH 21h AL 00h read POST log 01h write POST log BH device ID BL device error code return CF set on error AH status 00h successful read BX number of POST error codes stored ES:DI pointer to error log 01h list full 80h invalid command 86h function unsupported note The log is a series of words, the first byte of which identifies the error code and the second is the device ID. Function 40h Read/Modify Profiles (Convertible) entry AH 40h AL 00h read system profile in CX,BX 01h write system profile from CX, BX 02h read internal modem profile in BX 03h write internal modem profile from BX BX profile info return BX internal modem profile (from 02h) CX,BX system profile (from 00h) Function 41h Wait On External Event (Convertible) entry AH 41h AL condition type bits 0-2 condition to wait for 0,0,0 any external event 0,0,1 compare and return if equal 0,1,0 compare and return if not equal 0,1,1 test and return if not zero 1,0,0 test and return if zero 3 reserved 4 0 user byte 1 port address 5-7 reserved BH condition compare or mask value condition codes: 00h any external event 01h compare and return if equal 02h compare and return if not equal 03h test and return if not zero 04h test and return if zero BL timeout value times 55 milliseconds 00h if no time limit DX I/O port address (if AL bit 4=1) ES:DI pointer to user byte (if AL bit 4=0) Function 42h Request System Power Off (Convertible) entry AH 42h AL 00h to use system profile 01h to force suspend regardless of profile return unknown Function 43h Read System Status (Convertible) entry AH 43h return AL status byte bit 0 LCD detached 1 reserved 2 RS232/parallel powered on 3 internal modem powered on 4 power activated by alarm 5 bad time 6 external power in use 7 battery low Function 44h (De)activate Internal Modem Power (Convertible) entry AH 44h AL 00h to power off 01h to power on return unknown Function 4Fh OS Hook - Keyboard Intercept (except PC, PCjr, and XT) entry AH 4Fh AL scan code, CF set return AL scan code CF set processing desired clear scan code should not be used note 1) Called by int 9 handler for each keystroke to translate scan codes. 2) An OS or a TSR can capture this function to filter the raw keyboard data stream. The new handler can substitute a new scan code, return the same scan code, or return the carry flag clear causing the keystroke to be discarded. The BIOS default routine simply returns the scan code unchanged. 3) A program can call int 15h/fn0C0h to determine whether the host machine's BIOS supports keyboard intercept. 4) Used internally by PC-MOS/386 v4.00+ for keyboard input. 5) Some BIOSes do not properly support this call. However, some versions of KEYB.COM provide additional 4Fh support. Function 52h MicroSoft RAM-Resident Software Specification 1.0 This standard was proposed by MicroSoft in 1986 as a common interface for TSR programs. It appears to have been largely unknown or disregarded. Function 0: Get Program Information by Name entry DS:BX The Program ID of the memory-resident program to look for return AL 0FFh if the program we are looking for is installed 00h if it is not installed CX The number of this program. The first program installed is number 0, with the second program being number 1, etc. By using a dynamic numbering system, we avoid conflicts between programs that might otherwise choose the same ID. We also provide a good way to scan all the resident programs using function 1. ES:DX pointer to the Program ID Record (PIDR) note This function tests to see if a program is memory resident and returns a pointer to its program information if it is resident. To use this function, set DS:BX to point to the program ID. Each installed program will check to see if this program ID agrees with its own internal program ID. Function 1: Get Program Information by Number entry CX Number of the program we want the information for return AL 0FFh if the program we are looking for is installed 00h if it is not installed ES:DX pointer to the Program ID Record (PIDR) note This function returns exactly the same information as function 0. The only difference is how we identify the program we want, which is determined by its position in the interrupt chain; program 0 is the last program in the chain, and the first program in the chain (usually the most recently installed) has the highest number. Function 2: Activate Program entry CX The number of the program we want to activate DS:BX Activation Record. This record will give program information on how and what it should activate within the program return none note This function activates one of the installed programs. It is useful if you want to control many desk accessories with a single control panel like the one used in SideKick. You can also use it with a program like ProKey to run a named macro under program control, or with SideKick to bring up one of the desk accessories from within a program or batch file. Function 3: Deactivate Program entry CX The number of the program we want to deactivate DS:BX Deactivation Record. This record will give program information on how and what it should deactivate within the program return none note This function is the opposite of function 2 (activate program). Function 4: Enable Program entry CX The number of the program we want to enable DS:BX Enable mask record. This mask describes what features we want to enable. A null record enables all the features. return none note This function is the opposite of function 5 (disable program). Function 5: Disable Program entry CX The number of the program we want to disable DS:BX Disable mask record. This mask describes what features we want to disable. A null record disables all the features. return none note Sometimes it becomes necessary to disable a program to prevent it from conflicting with another program, this function is designed to do that. This function is the opposite of function 4 (Enable Program). Function 70h EEROM handler (Tandy 1000HX) entry AH 00h read from EEROM BL 00h 01h write to EEROM BL word number to write (0-15) DX word value to write return DX (AH=00h) word value CF set on error (system is not a Tandy 1000 HX) Function 80h OS Hook - Device Open (AT, XT/286, PS/2) entry AH 80h BX device ID CX process ID return CF set on error AH status note 1) Acquires ownership of a logical device for a process. 2) This call, along with fns 81h and 82h, defines a simple protocol that can be used to arbitrate usage of devices by multiple processes. A multitasking program manager would be expected to capture int 15h and provide the appropriate service. 3) The default BIOS routine for this function simply returns with CF clear and AH=00h. Function 81h Device Close (AT, XT/286, PS/2) entry AH 81h BX device ID CX process ID return CF set on error AH status note 1) Releases ownership of a logical device for a process. 2) A multitasking program manager would be expected to capture int 15h and provide the appropriate service. 3) The BIOS default routine for this function simply returns with the CF clear and AH=00h. Function 82h Program Termination (AT, XT/286, PS/2) AH 82h BX device ID return CF set on error AH status note 1) Closes all logical devices opened with function 80h. 2) A multitasking program manager would be expected to capture int 15h and provide the appropriate service. 3) The BIOS default routine for this function simply returns with CF clear and AH=00h. Function 83h Event Wait (AT, XT/286, Convertible, PS/2 50+) entry AH 83h AL 00h to set interval 01h to cancel CX:DX number of microseconds to wait (granularity is 976 microseconds) ES:BX pointer to semaphore flag (bit 7 is set when interval expires) (pointer is to caller's memory) (some sources list bit 15 set) return CF clear OK set function already busy note 1) Requests setting of a semaphore after a specified interval or cancels a previous request. 2) The calling program is responsible for clearing the semaphore before requesting this function. 3) The actual duration of an event wait is always an integral multiple of 976 microseconds. The CMOS date/clock chip interrupts are used to implement this function. 4) Use of this function allows programmed, hardware-independent delays at a finer resolution than can be obtained through use of the MS-DOS Get Time function (int 21h/fn 2Ch) which returns time in hundredths of a second. 5) CX:DX is a four-byte integer. 7) This function is called by int 70h and is not the normal Int 08h/1Ch clock tick. It is generated by the MC146818A Real Time Clock chip. This is the battery backed up CMOS clock chip. Function 84h Read Joystick Input Settings (AT, XT/286, PS/2) entry AH 84h DX 00h to read the current switch settings (return in AL) 01h to read the resistive inputs return CF set on error (fn 00h) AL switch settings (bits 7-4) (fn 01h) AX stick A (X) value BX stick A (Y) value CX stick B (X) value DX stick B (Y) value note 1) An error is returned if DX does not contain a valid subfunction number. 2) If no game adapter is installed, all returned values are 00h. 3) Using a 250K Ohm joystick, the potentiometer values usually lie within the range 0-416 (0000h-01A0h). Function 85h System Request (SysReq) Key Pressed (except PC, PCjr, XT) entry AH 85h AL 00h key pressed 01h key released return CF set on error AH error code note 1) Called by BIOS keyboard decode routine when the SysReq key is detected. 2) The BIOS handler for this call is a dummy routine that always returns a success status unless called with an invalid subfunction number in AL. 3) A multitasking program manager would be expected to capture int 15h so that it can be notified when the user strikes the SysReq key. Function 86h Delay (except PC, PCjr, XT) AH 86h CX:DX 4-byte integer, number of microseconds to wait CX high word, DX low word return CF clear after wait elapses CF set immediately due to error note 1) Suspends the calling program for a specified interval in microseconds. 2) The actual duration of the wait is always an integral multiple of 976 microseconds. 3) Use of this function allows programmed, hardware-independent delays at a finer resolution than can be obtained through use of the MS-DOS Get Time function (int 21h fn 2Ch) which returns time in hundredths of a second). 4) This function calls int 70h and is not the normal Int 08h/1Ch clock tick. It is generated by the MC146818A Real Time Clock chip. This is the battery backed up CMOS clock chip. Function 87h Memory Block Move (2-3-486 machines only) AH 87h CX number of words to move ES:SI pointer to Global Descriptor Table (GDT) offset 00h-0Fh reserved, set to zero 00h null descriptor 08h uninitialized, will be made into GDT descriptor 10h-11h source segment length in bytes (2*CX-1 or greater) 12h-14h 24-bit linear source address 15h access rights byte (always 93h) 16h-17h reserved, set to zero 18h-19h destination segment length in bytes (2*CX-1 or greater) 1Ah-1Ch 24-bit linear destination address 1Dh access rights byte (always 93h) 1Eh-1Fh reserved, set to zero 20h *uninitialized, used by BIOS 28h *uninitialized, will be made into SS descriptor (*) some sources say initialized to zero return CF set on error AH status 00h success - source copied into destination 01h RAM parity error 02h exception interrupt error 03h address line 20 gating failed note 1) The GDT table is composed of six 8-byte descriptors to be used by the CPU in protected mode. The four descriptors in offsets 00h-0Fh and 20h-2Fh are filled in by the BIOS before the CPU mode switch. 2) The addresses used in the descriptor table are linear (physical) 24-bit addresses in the range 000000h-0FFFFFFh - not segments and offsets - with the least significant byte at the lowest address and the most significant byte at the highest address. 3) Interrupts are disabled during this call; use may interfere with the operation of comm programs, network drivers, or other software that relies on prompt servicing of hardware interrupts. 4) This call is not valid in the OS/2 Compatibility Box. 5) This call will move a memory block from any real or protected mode address to any other real or protected mode address. 6) DESQview does not intercept function 87, but QEXT and QEMM do, thereby allowing function 87 to work correctly inside DV. VDISK, which uses function 87, works inside DV. If VDISK is sitting at the 1 MB mark, then the int 19h vector will have a VDISK signature in it. The normal way to check for VDISK presence is by checking for the string "VDISK" at offset 12h of the segment of the int 19h vector. If the string matches, then you can determine how much extended memory is reserved for VDISK by looking at offset 2Ch is the 3-byte address of the lowest extended memory address NOT in use by VDISK (i.e. if you see at 2Ch "00 00 14" then that means that VDISK is using memory up to 1 MB + 256K). Function 88h Get Extended Memory Size (AT, XT/286, PS/2) entry AH 88h return AX number of contiguous 1K blocks of extended memory starting at address 1024k note 1) This call will not work in the OS/2 Compatibility Box. 2) Some BIOSes and software manipulate the Carry Flag when this function is called. When tested on a vanilla 386 with AMI BIOS the machine returned with the carry flag set. When 386-to-the-Max was loaded, the flag was not set. 3) Used by IBM VDISK 4.0. Function 89h Switch Processor to Protected Mode (AT, XT/286, PS/2) entry AH 89h BH interrupt number for IRQ0, written to ICW2 of 8259 PIC #1 (must be evenly divisible by 8, determines IRQ0-IRQ7) BL interrupt number for IRQ8, written to ICW2 of 8259 PIC #2 (must be evenly divisible by 8, determines IRQ8-IRQ15) ES:SI pointer to 8-entry Global Descriptor Table for protected mode: offset 00h null descriptor, initialized to zero 08h GDT descriptor 10h IDT (Interrupt Descriptor Table) descriptor 18h DS, user's data segment 20h ES, user's extra segment 28h SS, user's stack segment 30h CS, user's code segment 38h uninitialized, used to build descriptor for BIOS code segment return CF set on error AH 0FFh error enabling address line 20 CF clear function successful (CPU is in protected mode) AH 00h CS user-defined selector DS user-defined selector ES user-defined selector SS user-defined selector note 1) The user must initialize the first seven descriptors; the eighth is filled in by the BIOS to provide addressability for its own execution. The calling program may modify and use the eighth descriptor for any purpose after return from this function call. 2) Intercepted by Microsoft's HIMEM.SYS and Quarterdeck's QEMM.SYS. Function 90h Device Busy Loop (except PC, PCjr, XT) entry AH 90h AL predefined device type code: 00h disk (may timeout) 01h diskette (may timeout) 02h keyboard (no timeout) 03h PS/2 pointing device (may timeout) 80h network (no timeout) 0FCh hard disk reset (PS/2) (may timeout) 0FDh diskette motor start (may timeout) 0FEh printer (may timeout) ES:BX pointer to request block for type codes 80h through 0FFh (for network adapters ES:BX is a pointer to network control block) return CF set if wait time satisfied clear if driver must perform wait note 1) Used by NETBIOS, TOPS Network, Tom Wagner's CTASK multitasker. 2) Generic type codes are allocated as follows: 00h-7Fh non-reentrant devices; OS must arbitrate access serially reusable devices 80h-0BFh reentrant devices; ES:BX points to a unique control block 0C0h-0FFh wait-only calls, no complementary POST int 15/fn 91h call 3) Invoked by the BIOS disk, printer, network, and keyboard handlers prior to performing a programmed wait for I/O completion. 4) A multitasking program manager would be expected to capture int 15h/ fn 90h so that it can dispatch other tasks while I/O is in progress. 5) The default BIOS routine for this function simply returns with the CF clear and AH=00h. Function 91h Interrupt Completed (AT, XT/286, PS/2 50+) entry AH 91h AL type code (see AH=90h above) 00h-7Fh serially reusable devices 80h-0BFh reentrant devices ES:BX pointer to request block for type codes 80h through 0BFh return AH 00h note 1) Used by NETBIOS and TOPS network, Tom Wagner's CTASK multitasker. 2) Invoked by the BIOS disk network, and keyboard handlers to signal that I/O is complete and/or the device is ready. 3) Predefined device types that may use Device POST are: 00H disk (may timeout) 01H floppy disk (may timeout) 02H keyboard (no timeout) 03H PS/2 pointing device (may timeout) 80H network (no timeout) 4) The BIOS printer routine does not invoke this function because printer output is not interrupt driven. 5) A multitasking program manager would be expected to capture int 15h/ fn 91h so that it can be notified when I/O is completed and awaken the requesting task. 6) The default BIOS routine for this function simply returns with the CF flag clear and AH=00h. Function 0C0h Get System Configuration (XT after 1/10/86, PC Convertible, XT/286, AT, PS/2) entry AH 0C0h return CF set if BIOS doesn't support call ES:BX pointer to ROM system descriptor table bytes 00h-01h number of bytes in the following table (norm. 16 bytes) 02h system ID byte; see Chapter 2 for interpretation 03h secondary ID distingushes between AT and XT/286, etc. 04h BIOS revision level, 0 for 1st release, 1 for 2nd, etc. 05h feature information byte bits 0 reserved 1 Micro Channel bus (instead of ISA or EISA) 2 extended BIOS area allocated at 640k 3 wait for external event supported (int 15fn41) used on Convertible; reserved on PS/2 systems 4 kbd intrcpt:int 15h, fn 04h called upon int 09h 5 realtime clock installed 6 second 8259 installed (cascaded IRQ2) 7 DMA channel 3 - used by hard disk BIOS 06h unknown (set to 0) (reserved by IBM) 07h unknown (set to 0) (reserved by IBM) 08h unknown (set to 0) 09h unknown (set to 0) (Award BIOS copyright here) note 1) Int 15h is also used for the Multitask Hook on PS/2 machines. No register settings available yet. 2) The 1/10/86 XT BIOS returns an incorrect value for the feature byte. 3) Novell documents some versions of Netware prior to 2.2 as having problems on PS/2 machines due to a bug which did not return from the interrupt correctly. 4) Some AMI BIOSes do not support this function. (early Dell machines) Function 0C1h Return Extended BIOS Data Area Segment Address (PS/2) entry AH 0C1h return CF set on error ES segment of XBIOS data area note 1) The XBIOS Data Area is allocated at the high end of conventional memory during the POST (Power-On-Self-Test) sequence. 2) The word at 0040:0013h (memory size) is updated to reflect the reduced amount of memory available for DOS and application programs. 3) The 1st byte in the XBIOS Data Area is initialized to its length in K. 4) A program can determine whether the XBIOS Data Area exists by using int 15h/fn 0C0h. Function 0C2h Pointing Device BIOS Interface (DesQview 2.x) (PS/2) entry AH 0C2h AL 00h Enable/Disable Pointing Device BH 00h disable 01h enable 01h Reset Pointing Device Resets the system's mouse or other pointing device, sets the sample rate, resolution, and other characteristics to their default values. return BH device ID (0=first) note 1) After a reset operation, the state of the pointing device is as follows: disabled; sample rate at 100 reports per second; resolution at 4 counts per millimeter; scaling at 1 to 1. 2) The data package size is unchanged by this fn. 3) Apps can use the fn 0C2h subfunctions to initialize the pointing device to other parms, then enable the device with fn 00h. 4) BL is altered on return. 02h Set Sampling Rate BH 00h 10/second 01h 20/second 02h 40/second 03h 60/second 04h 80/second 05h 100/second (default) 06h 200/second 03h Set Pointing Device Resolution BH 00h one count per mm 01h two counts per mm 02h four counts per mm (default) 03h eight counts per mm 04h Get Pointing Device Type return BH ID code for the mouse or other pointing device 05h Initialize Pointing Device Interface Sets the data package size for the system's mouse or other pointing device, and initializes the resolution, sampling rate, and scaling to their default values. BH data package size (1 - 8 bytes) note After this operation, the state of the pointing device is as follows: a) disabled; b) sample rate at 100 reports per second; c) resolution at 4 counts per millimeter; d) scaling set at 1 to 1. 06h Get Status or Set Scaling Factor Returns the current status of the system's mouse or other pointing device or sets the device's scaling factor. BH 00h return device status return BL status byte bits 0 set if right button pressed 1 reserved 2 set if left button pressed 3 reserved 4 0 1:1 scaling 1 2:1 scaling 5 0 device disabled 1 device enabled 6 0 stream mode 1 remote mode 7 reserved CL resolution 00h 1 count per millimeter 01h 2 counts per millimeter 02h 4 counts per millimeter 03h 8 counts per millimeter DL sample rate (hex count) 0Ah 10 reports per second 14h 20 reports per second 28h 40 reports per second 3Ch 60 reports per second 50h 80 reports per second 64h 100 reports per second 0C8h 200 reports per second 01h set scaling to 1:1 02h set scaling to 2:1 07h Set Pointing Device Handler Address Notifies BIOS pointing device driver of the address for a routine to be called each time pointing device data is available. ES:BX address of user device handler return AL 00h return CF set on error AH status 00h successful 01h invalid function 02h invalid input 03h interface error 04h need to resend 05h no device handler installed note 1) The values in BH for those functions that take it as input are stored in different locations for each subfunction. 2) The user's handler for pointing device data is entered via a far call with four parameters on the stack: SS:SP+0Ah status SS:SP+08h x coordinate SS:SP+06h y coordinate SS:SP+04h z coordinate (always 0) The handler must exit via a far return without removing the parameters from the stack. 3) The status parameter word passed to the user's handler is interpreted as follows: bits 0 left button pressed 1 right button pressed 2-3 reserved 4 sign of x data is negative 5 sign of y data is negative 6 x data has overflowed 7 y data has overflowed 8-0Fh reserved Function 0C3h Enable/Disable Watchdog Timeout (PS/2 50+) entry AH 0C3h AL 00h disable watchdog 01h enable watchdog BX timer counter return CF set on error note 1) The watchdog timer generates an NMI. 2) This would be subject to protection with a real OS so temporary masters would not be able to seize the bus forever. Function 0C4h Programmable Option Select (PS/2 50+) entry AH 0C4h AL 00h return base POS register address 01h enable slot BL slot number 02h enable adapter return CF set on error DX base POS register address (if function 00h) note 1) Fn 00h returns the base Programmable Option Select register address, enables a slot for setup, or enables an adapter. 2) Valid on machines with Micro Channel Architecture (MCA) bus only. 3) After a slot is enabled with fn 01h, specific information can be obtained for the adapter in that slot by performing port input operations: Port Function 100h MCA ID (low byte) 101h MCA ID (high byte) 102h Option Select Byte 1 bit 0 0 if disabled 1 if enabled 103h Option Select Byte 2 104h Option Select Byte 3 105h Option Select Byte 4 bits 6-7 are channel check indicators 106h Subaddress Extension (low byte) 107h Subaddress Extension (high byte) Function 0C5h Used by PS/2 Model 50+ and Olivetti MCA machines Used by Desqview 2.2 Used by Lotus 123 Release 2.2 Used by Microsoft Word 5.0 note Functions unknown. Reported by InfoWorld Nov 13 1989's Micro Channel 386 test as a conflict between the above software packages. InfoWorld said that Quarterdeck (Desqview) was working on a fix for their product. No other information. Function 0DEh DesQview Services (DesQview) �����������������������������������������������������������������������������Ŀ �Interrupt 16h Keyboard I/O 3**9 � ������������������������������������������������������������������������������� (0:0058h) Access the keyboard. Scancodes are found in Appendix 1. ASCII codes are found in Appendix 2. IBM's original keyboard layout is referred to as the 84-key or "old style". It has the function keys on the left and an embedded cursor/numeric keypad on the right. The 101-key "new style" or "enhanced" keyboard (such as used on the PS/2s) adds several keys. The early BIOS will not detect the new scancodes and the new BIOS for some reason added new function calls for this purpose instead of enhancing the old ones. This causes some hassle when writing programs which need to support both keyboards fully. Most programs limit themselves to the 84-key functions in the interest of backward compatibility. The SWITCHES CONFIG.SYS command forces DOS 4.0 to use the standard int 16h requests for keyboard I/O rather than the extended int 16h requests. The DOS KEYB command does not hook into the BIOS. It is a total replacement for the BIOS int9 driver. The only good thing about this is that you can use 101-key keyboards on old ATs without support for enhanced keyboards. KEYB is very peculiar in its handling of the keyboard, causing some programs to break. It also tends to disable interrupts for a long time while process- ing each scan code. There are machines such as the Toshiba 5200 which have 84-key layouts but "simulate" being 101-key, at least as far as int 16 goes. (always good for confusing your software...) Function 00h Get Keyboard Input - read the next character in keyboard buffer, if no key ready, wait for one. entry AH 00h return AH scan code AL ASCII character note 1) Removes keystroke from buffer (destructive read). 2) Does not work with the extra keys on the 101-key "enhanced" keyboard. Function 01h Check Keystroke Buffer - Do Not Clear entry AH 01h return ZF 0 (clear) if character in buffer 1 (set) if no character in buffer AH scan code of character (if ZF=0) AL ASCII character if applicable note 1) Keystroke is not removed from buffer. The same character and scan code will be returned by the next call to Int 16h/fn 00h. 2) This call flushes the 101-key codes from the buffer if they precede an 84-key code. Function 02h Shift Status - fetch bit flags indicating shift status entry AH 02h return AL status byte (same as [0040:0017]) bits 7 Insert on 6 CapsLock on 5 NumLock on 4 ScrollLock on 3 Alt key down 2 Control key down 1 Left shift (left caps-shift key) down 0 Right shift (right caps-shift key) down note The Keyboard Flags Byte is stored in the BIOS Data Area at 0000:0417h. Function 03h Keyboard - Set Repeat Rate (PCjr, AT, XT/286, PS/2) entry AH 03h AL 00h reset typematic defaults (PCjr) 01h increase initial delay (PCjr) 02h decrease repeat rate by 1/2 (PCjr) 03h increase both delays by 1/2 (PCjr) 04h turn off typematic (PCjr) 05h set typematic rate (AT, PS/2) BH 00h-03h for delays of 250ms, 500ms, 750ms, or 1 second 0,0 250ms 0,1 500ms 1,0 750ms 1,1 1 second BL 00h-1Fh for typematic rates of 30cps down to 2cps 00000 30 01011 10.9 10101 4.5 00001 26.7 01100 10 10110 4.3 00010 24 01101 9.2 10111 4 00011 21.8 01110 8.6 11000 3.7 00100 20 01111 8 11001 3.3 00101 18.5 10000 7.5 11010 3 00110 17.1 10001 6.7 11011 2.7 00111 16 10010 6 11100 2.5 01000 15 10011 5.5 11101 2.3 01001 13.3 10011 5.5 11110 2.1 01010 12 10100 5 11111 2 return nothing note 1) Subfunction 05h is available on ATs with ROM BIOS dated 11/15/85 and later, the XT/286, and the PS/2. 2) Subfunction 0 (Return to Default Keyboard State) restores the keyboard to its original state. The original state at power-on is typematic on, normal initial delay and normal typematic rate. 3) Subfunction 1 (Increase Initial Delay) increases the delay between the first character typed and the burst of typematic characters. 4) For Subfunctions 0 through 4, each time the typematic rate is changed, all previous states are removed. 5) Some clone keyboards (Northgate Omnikey and Focus) have much higher repeat rates for the same bit values. Function 04h Keyboard Click Toggle (PCjr and Convertible) entry AH 04h AL 00h for click off 01h for click on return nothing Function 05h Load Keyboard Buffer (AT or PS/2 with enhanced kbd) entry AH 05h CH scan code CL ASCII character return CF set on error AL 00h success 01h if buffer full note Places a character and scan code at the end of the keyboard type-ahead buffer. Function 06h Keyboard Buffer Write (Fansi-Console to 2.00) entry AH 06h BX extended key value to place in typeahead buffer return unknown note This call may be dropped since it now duplicates function 05h. Function 07h Change Shift Key Status (Fansi-Console to 2.00) entry AH 07h AL shift key status value return unknown note Status byte is same as function 02h. Function 10h Get Enhanced Keystroke And Read (F11, F12 Enhanced Keyb'd) (XT/286, PS/2, AT with "Enhanced" keyboard) entry AH 10h return AH scan code AL ASCII character if applicable note 1) Reads a character and scan code from the keyboard type-ahead buffer. 2) Use this function for the enhanced keyboard instead of int 16h fn 00h. It allows applications to obtain the scan codes for the additional F11, F12, and cursor control keys. 3) This is the enhanced version of function 00h. Function 11h Check Enhanced Keystroke (F11-F12 on enhanced keyboard) (XT/286, PS/2, AT with "Enhanced" keyboard) entry AH 11h return ZF 0 (clear) if key pressed AH scan code AL ASCII character if applicable 1 if buffer is empty note 1) Keystroke is not removed from buffer. The same char and scan code will be returned by the next call to Int 16h/fn 10h. 2) Use this function for the enhanced keyboard instead of int 16h/fn 00h. It allows applications to test for the additional F11, F12, and cursor control keys. Function 12h Extended Get Shift Status (F11, F12 Enhanced keyboard) entry AH 12h return AX status word AL bit 0 right Shift key depressed 1 left Shift key depressed 2 Control key depressed 3 Alt key depressed 4 ScrollLock state active 5 NumLock state active 6 CapsLock state active 7 insert state is active AH bit 0 left Control key pressed 1 left Alt key depressed 2 right Control key pressed 3 right Alt key depressed 4 Scroll Lock key depressed 5 NumLock key depressed 6 CapsLock key depressed 7 SysReq key depressed note Use this function for the enhanced keyboard instead of int 16h/fn 02h. Function 70h, 71h, 72h Internal Functions (SEAware's FAKEY.COM) note FAKEY.COM is a TSR keyboard utility distributed to registered users of SEAware products. Function 75h Set Tick Count for Scanning (pcAnywhere 2.00) entry AH 75h AL tick count return none note 1) Sets count of 55ms timer ticks between checks for new screen changes. 2) pcAnywhere is a program that allows operation of a remote machine over a serial link. Function 76h Set Error Checking Mode (pcAnywhere 2.00) entry AH 76h AL error checking type 00h none 01h fast 02h slow return none Function 77h reserved (pcAnywhere 2.00) pcAnywhere API - reserved Function 78h Log Off (pcAnywhere 2.00) entry AL 00h wait for another call 01h exit but remain TSR 02h automatic mode - watches DTR 0FFh leave in current operating mode (pcAnywhere 2.1) return none Function 79h Installation Check (pcAnywhere 2.00) entry AH 79h AL 00h installation check return AX 0FFFFh resident and active 0FFFEh resident but not active 0FFFDh resident TSR 0FFFCh automatic mode any other value - not resident Function 7Ah Cancel pcAnywhere Session (pcAnywhere 2.00) entry AH 7Ah return none note Leaves pcAnywhere resident but unable to answer another call. Function 7Bh Enable/Disable Operation (pcAnywhere 2.00) entry AH 7Bh AL state 00h disabled 01h enabled return none note Remote screen is automatically refreshed when session is enabled. Function 7Ch Get Port Configuration (pcAnywhere 2.00) entry AH 7Ch return AH port number in binary (0-15) AL baud rate 00h 50 01h 75 02h 110 03h 134.5 04h 150 05h 300 06h 600 07h 1200 08h 1800 09h 2000 0Ah 2400 0Bh 4800 0Ch 7200 0Dh 9600 0Fh 19,200 Function 7Dh Get/Set Terminal Parameters (pcAnywhere 2.00) entry AH 7Dh AL 00h set parameters 01h get parameters 02h get configuration header and terminal parameters CX:DS address of Terminal Parameter Block return AL 00h nothing 01h current Terminal Parameter Block in CX:DS 02h configuration header and Terminal Parameter Block in CX:DS note Terminal Parameter Block format: (1152 bytes) (decimal) 384 bytes CRT Control Information bytes function 1-8 cursor up 9-16 cursor down 17-24 cursor left 25-32 cursor right 33-40 cursor home 41-48 clear screen 49-56 clear to end of line 57-64 clear to end of page 65-72 insert line 73-80 delete line 81-88 insert character 89-96 delete character 97-104 cursor position lead in 105-112 between row and column 113-120 after cursor position 121-128 CRT initialization 256 bytes Character Translation Table translates ASCII characters from host. Normally changes IBM graphics characters to other displayable symbols 512 bytes keyboard sequences 641-644 cursor up 645-648 cursor down 649-652 cursor left 653-656 cursor right 657-660 home 661-664 end 665-668 PgUp 669-672 PgDn 673-676 insert 677-680 delete 681-684 control-home 685-688 control-end 689-692 control-PgUp 693-696 control-PgDn 697-700 escape 701-740 F1...F10 741-780 sF1...sF10 781-820 ^F1...^F10 821-860 aF1...aF10 861-964 alt A-Z 965-1004 alt 0-9 1005-1008 alt = 1009-1012 alt - 1013-1016 print screen 1017-1020 ctrl-left arrow 1021-1024 ctrl-right arrow 1025-1120 reserved 1121-1124 begin conv. mode 1125-1128 remote printing off 1129-1132 remote printing on 1133-1136 backspace 1137-1140 refresh screen 1141-1144 send next code 1145-1148 display top 24 lines 1149-1152 display bottom 24 lines Function 7Eh Serial I/O Through pcAnywhere Port (pcAnywhere 2.00) entry AH 7Eh AL I/O function 01h get port input status 02h get port input character 03h output character 04h hang up phone CX ASCII character to output (fn 03h) return (if AL=01h) AX 00h no character ready 01h character is available (if AL=02h) AL ASCII code received Function 7Fh Set Keyboard/Screen Mode (pcAnywhere 2.00) entry AH 7Fh AL parameters 00h enable remote keyboard only | 01h enable host keyboard only | keyboard group 02h enable both keyboards | 08h display top 24 lines | screen group 09h display bottom 24 lines | 10h Hayes modem | 11h other modems | modem group 12h direct connect | Function 0EDh Borland Turbo Lightning API (partial) entry AH 0EDh BH 0EDh BL function 00h installation check 02h pointer to Lightning internal data structure lobyte 03h pointer to Lightning internal data structure hibyte 04h load auxiliary dictionary 06h autoproof mode 0Fh get number of substitutions (segment) DS:DI pointer to string to be processed return AX error code (unknown) note I've made several attempts to get a copy of the Turbo Lightning API, which was originally supposed to be available for developers in 1985. In 1988 Borland sent me a letter saying they were still working on it. In late 1989 the Borland rep on BIX told me basically that there were no plans for releasing the API any more. The information here was dredged from Chris Dunford's LSPELL.PAS interface into Lighting. Function 0F0h Set CPU speed (Compaq 386) entry AH 0F0h set speed AL speed 00h equivalent to 6 mHz 80286 (COMMON) 01h equivalent to 8 mHz 80286 (FAST) 02h full 16 mHz (HIGH) 03h toggles between 8 mHz-equivalent and speed set by system board switch (AUTO or HIGH) 04h-07h unknown 08h full 16 mHz except 8 mHz-equivalent during floppy disk access 09h specify speed directly CX speed value, 1 (slowest) to 50 (full), 3 ~=8088 return none? note 1) Used by Compaq DOS MODE command. Function 0F1h Read Current CPU Speed (Compaq 386) entry AH 0F1h return AL speed code (see function 0F0h above) if AL=09h, CX=speed code Function 0F2h Determine Attached Keyboard Type (Compaq 386) entry AH 0F2h return AL type 00h if 11-bit AT keyboard is in use 01h if 9-bit PC keyboard is in use Function 0FFh PC-Tools API entry AH 0FFh other parameters unknown note PC-Tools is a Swiss-army-knife software package with an editor, DOS shell, cache, disk optimizer, and several other functions from Central Point Software. Function 0FFh 2-The-Max VGA-16 Board entry AH 0FFh query zoom interrupt return AL zoom interrupt number AL+1 old BIOS keyboard handler interrupt number BX hot key Function 0FFh Programmer Interface to Carbon Copy Plus (5.0) entry AH 0FFh AL 00h check connection between CC and CCHELP return BL 00h Carbon Copy not connected to CCHELP 01h Carbon Copy is connected to CCHELP entry AL 01h disconnects and resets the line if the Host or CC side is connected to CCHELP entry AL 02h return a pointer to the last phone number dialed by CC return ES:DI dword pointer to ASCIIZ phone number string �����������������������������������������������������������������������������Ŀ �Interrupt 17h Printer 3**10 � ������������������������������������������������������������������������������� (0:005Ch) access the parallel printer(s) AH is changed. All other registers left alone. Printer ports vary widely in compatibility, since the original IBM MDA's parallel port did not match its own spec. Many parallel ports do not use IRQ7 at all. The parallel port on a monochrome adapter is at 3BCh. The port on a parallel printer adapter is at 378h or 278h. At boot time, the BIOS looks at them in the order 3BCh, 378h, 278h, and assigns the first port it finds to LPT1, the second to LPT2, etc. If you have a monochrome adapter, LPT1 is probably 3BCh; otherwise, it is probably 378h. Function 00h Print Character/send AL to printer DX (0, 1, or 2) entry AH 00h AL ASCII character code DX printer to be used 00h PRN or LPT1 01h LPT2 02h LPT3 return AH status byte bits 0 time out 1 unused 2 unused 3 I/O error 4 printer selected 5 out of paper 6 acknowledge 7 not busy Function 01h Initialize Printer - set init line low, send 0Ch to printer DX entry AH 01h DX printer port to be initialized (0,1,2) return status as below Function 02h Printer Status - read status of printer DX into AH entry AH 02h DX printer port to be used (0,1,2) return AH status byte bits 7 0 busy/paused: the printer cannot immediately take more data because it is in the middle of accepting a character, printing a line, is offline, or it is in error status. 1 ready 6 ACKnowledge line toggled: reflects the state of the ACK line on the printer port at the moment the status was read. ACK is a strobe: it goes low for a very short time (12 microseconds on an Epson) when the printer is ready for another character. As far as printer status is concerned, this is useless; it's only useful for something like an interrupt-driven interface. Most of the time, you'll see ACK high (bit 6 on), but occasionally, if you check status just after sending a character, you might see it low. ACK is low when the printer is powered off. 5 out-of-paper line toggled 4 printer selected: printer is selected/ready/online. There is usually a button on the printer to control this. 3 I/O error: offline, out of paper or other error condition such as out of ribbon. 2 unused 1 unused 0 timeout error: printer failed to send ACK and drop busy after being sent a character. note 1) You can expect to see these states in a properly functioning printer: Normal Offline Power off ====== ======= ========= not busy/paused busy/paused busy/paused not out of paper not out of paper not out of paper selected/online not selected/online not selected/online not I/O error I/O error (usually) I/O error not timeout error not timeout error not timeout error 2) Not all printers return the status codes properly. That's OK, not all clone BIOS do it right either. If your program depends on the return codes, you might want to make the code easily patched or configured for nonstandard hardware. Function 03h Versa-Spool print spooler entry AH 03h Versa-Spool AL 00h Return Signature 01h Toggle Pause 02h Clear Buffer 03h Request Pause Condition 04h Request Free Buffer Space 05h Request Total Buffer Size 06h Redirect Output to LPT1 07h Redirect Output to LPT2 08h Redirect Output to LPT3 09h Request Output Device 0Ah Request Output Speed 0Bh Request Device Spooled Status return (AH=00h) AX 1234h if Versa-Spool is installed undefined if not installed (AH=01h) AX 0001h if paused 0000h if resumed (AH=02h) AX 0302h not cleared 0000h cleared (AH=03h) AX 0001h if paused 0000h if resumed (AH=04h) AX remaining buffer space (in Kbytes) (AH=05h) AX total buffer space (in Kbytes) (AH=06h) AX nothing (AH=07h) AX nothing (AH=08h) AX nothing (AH=09h) AX printer output (0..2) (AH=0Ah) AX output speed in CPS (AH=0Bh) AX 0001h is spooled 0000h otherwise Function 0C0h PC Magazine PCSPOOL - get printer status entry AH 0C0h DX printer port to be used (0,1,2) return ES:BX address of printer control block note PC Magazine, January 15, 1991. (Vol 10, Number 1) Function 0C1h PC Magazine PCSPOOL - add pause to spool queue entry AH 0C1h DX printer port to be used (0,1,2) DS:SI pointer to ASCIIZ string to display return AH printer status Function 0C2h PC Magazine PCSPOOL - flush queue record entry AH 0C2h DX printer port to be used (0,1,2) return AH printer status Function 0C3h PC Magazine PCSPOOL - cancel printer queue entry AH 0C3h DX printer port to be used (0,1,2) return AH printer status Function 0C4h PC Magazine PCSPOOL - determine of spooler is active entry AH 0C4h return DI 0B0BFh if PCSPOOL is loaded SI segment of the PSP of the active PCSPOOL �����������������������������������������������������������������������������Ŀ �Interrupt 18h ROM BASIC 3**11 � ������������������������������������������������������������������������������� (0:0060h) Execute ROM BASIC at address 0F600h:0000h entry no parameters used return jumps into ROM BASIC on IBM systems note 1) Often reboots a compatible. 2) Used by Turbo C 1.5. 2.0 and later do not use it. 3) On IBM systems, this interrupt is called if disk boot failure occurs. 4) Video interrupt on DEC Rainbow. 5) Digital Research's ROM-based implementation of DR-DOS uses int 18h as the initial entry vector into the operating system code. Note that some clone BIOSes may not properly implement int 18h in the ROM and use of DR-DOS ROMs may not always work. 6) Maxon 286/HD laptop: called by BIOS power management routines to communicate with applications. �����������������������������������������������������������������������������Ŀ �Interrupt 19h Bootstrap Loader / Extended Memory VDISK ID 3**12 � ������������������������������������������������������������������������������� (0:0064h) entry no parameters used return none note 1) Reads track 0, sector 1 into address 0000h:7C00h, then transfers control to that address. If no diskette drive available, looks at absolute address C:800 for a valid hard disk or other ROM. If none, transfers to ROM-BASIC via int 18h or displays loader error message. 2) Causes reboot of disk system if invoked while running. (no memory test performed). 3) If location 0000:0472h does not contain the value 1234h, a memory test (POST) will be performed before reading the boot sector. 4) VDISK from DOS 3.0+ traps this vector to determine when the CPU has shifted from protected mode to real mode. A detailed discussion can be found by Ray Duncan in PC Magazine, May 30, 1989. 5) Reportedly, some versions of DOS 2.x and all versions of DOS 3.x+ intercept int 19h in order to restore some interrupt vectors DOS takes over, in order to put the machine back to a cleaner state for the reboot, since the POST will not be run on the int 19h. These vectors are reported to be: 02h, 08h, 09h, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh, 70h, 72h, 73h, 74h, 75h, 76h, and 77h. After restoring these, it restores the original int 19h vector and calls int 19h. 6) The system checks for installed ROMs by searching memory from 0C000h to the beginning of the BIOS, in 2k chunks. ROM memory is identified if it starts with the word 0AA55h. It is followed a one byte field length of the ROM (divided by 512). If ROM is found, the BIOS will call the ROM at an offset of 3 from the beginning. This feature was not supported in the earliest PC machines. The last task turns control over to the bootstrap loader (assuming the floppy controller is operational). 7) 8255 port 60h bit 0 = 1 if booting from diskette. �����������������������������������������������������������������������������Ŀ �Interrupt 1Ah Time of Day 3**13 � ������������������������������������������������������������������������������� (0:0068h) 1) Accesses the PC internal clock. 2) This interrupt is not supported on some machines, such as the HP150 PC. 3) Some "turbo" BIOSes run the clock slower than normal in order to throw off benchmark software, which usually uses int 1Ah for timekeeping. 4) Counts occur at the rate of 1193180/65536 counts/sec (about 18.2 per second). Function 00h Read System Timer Tick Counter (except PC) entry AH 00h return AL 00h if clock was read or written (via AH=0,1) within the current 24-hour period. <>0 midnight was passed since last read CX:DX 32-bit tick count (high 16 bits in CX) note 1) The returned value is the cumulative number of clock ticks since midnight. There are 18.2 clock ticks per second, or one every 54.92ms. When the counter reaches 1,573,040, it is cleared to zero, and the rollover flag is set. 2) The rollover flag is cleared by this function call, so the flag will only be returned nonzero once per day. 3) Int 1Ah/fn 01h can be used to set the counter to an arbitrary 32 bit value. 4) This function does not return seconds/100 in DL. The best you can do is set it to zero (or any value <=99). This means that your DOS clock could be up to 1 second off from the BIOS clock, however the effect is not cumulative. Function 01h Set Clock Tick Counter Value (except PC) entry AH 01h CX:DX 32-bit high word/low word count of timer ticks return none note 1) The clock ticks are incremented by timer interrupt at 18.2065 times per second or 54.9254 milliseconds/count. Therefore: counts per second 18 (12h) counts per minute 1092 (444h) counts per hour 65543 (10011h) counts per day 1573040 (1800B0h) 2) The counter is zeroed when system is rebooted. 3) Stores a 32-bit value in the clock tick counter. 4) The rollover flag is cleared by this call. Function 02h Read Real Time Clock Time (AT and after) entry AH 02h return CH hours in BCD CL minutes in BCD DH seconds in BCD DL 00h standard time 01h daylight savings time CF 0 if clock running 1 if clock not operating note 1) Reads the current time from the CMOS time/date chip. 2) Also for Leading Edge Model M. 3) According to Phoenix this call will fail if the BIOS is "updating" its clock value. You should check the carry flag and retry if it is set following the call. Function 03h Set Real Time Clock Time (AT and after) entry AH 03h CH hours in BCD CL minutes in BCD DH seconds in BCD DL 0 (clear) if standard time 1 (set) if daylight savings time option return none note 1) Sets the time in the CMOS time/date chip. 2) Also for Leading Edge Model M. Function 04h Read Real Time Clock Date (AT and after) entry AH 04h return CH century in BCD (19 or 20) CL year in BCD DH month in BCD DL day in BCD CF 0 (clear) if clock is running 1 (set) if clock is not operating note 1) Reads the current date from the CMOS time/date chip. 2) Also for Leading Edge Model M. Function 05h Set Real Time Clock Date (AT and after) entry AH 05h CH century in BCD (19 or 20) CL year in BCD DH month in BCD DL day in BCD return none note 1) Sets the date in the CMOS time/date chip. 2) Also for Leading Edge Model M. Function 06h Set Real Time Clock Alarm (AT and after) entry AH 06h CH hours in BCD CL minutes in BCD DH seconds in BCD return CF set if alarm already set or clock inoperable note 1) Sets alarm in the CMOS date/time chip. Int 4Ah occurs at specified alarm time every 24hrs until reset with Int 1Ah/fn 07h. 2) A side effect of this function is that the clock chip's interrupt level (IRQ8) is enabled. 3) Only one alarm may be active at any given time. 4) The program using this function must place the address of its interrupt handler for the alarm in the vector for Int 4Ah. Function 07h Reset Real Time Clock Alarm (AT and after) entry AH 07h return none note 1) Cancels any pending alarm request on the CMOS date/time chip. 2) This function does not disable the clock chip's interrupt level (IRQ8). Function 08h Set Real Time Clock Activated Power On Mode (Convertible) entry AH 08h CH hours in BCD CL minutes in BCD DH seconds in BCD Function 09h Read Real Time Clock Alarm Time and Status (Convertible and PS/2 Model 30) entry AH 09h return CH hours in BCD CL minutes in BCD DH seconds in BCD DL alarm status: 00h if alarm not enabled 01h if alarm enabled but will not power up system 02h if alarm will power up system Function 0Ah Read System-Timer Day Counter (PS/2) entry AH 0Ah return CF set on error CX count of days since Jan 1,1980 note Returns the contents of the system's day counter. Function 0Bh Set System-Timer Day Counter (PS/2) entry AH 0Bh CX count of days since Jan 1,1980 return CF set on error note Stores an arbitrary value in the system's day counter. Function 80h Set Up Sound Multiplexor (PCjr) (Tandy 1000?) entry AH 80h AL sound source 00h source is 8253 timer chip, channel 2 01h source is cassette input 02h source is I/O channel "audio in" line 03h source is TI sound generator chip return none note Sets up the source for tones that will appear on the PCjr's Audio Out bus line or RF modulator. Function 1Ah Read Time and Date (AT&T 6300) entry AH 0FEh return BX days count (1=Jan 1, 1984) CH hours CL minutes DH seconds DL hundredths note Day count in BX is unique to AT&T/Olivetti computers. �����������������������������������������������������������������������������Ŀ �Interrupt 1Bh Control-Break 3**14 � ������������������������������������������������������������������������������� (0:006Ch) This interrupt is called when the keyboard handler of the IBM machines detects Ctrl and Break pressed at the same time. DOS normally point this interrupt at its own Ctrl-Break handler. note 1) If the break occurred while processing an interrupt, one or more end of interrupt commands must be send to the 8259 Programmable Interrupt Controller. 2) All I/O devices should be reset in case an operation was underway at the time. 3) It is normally pointed to an IRET during system initialization so that it does nothing, but some programs change it to return a Ctrl-C scan code and thus invoke int 23h. �����������������������������������������������������������������������������Ŀ �Interrupt 1Ch Timer Tick 3**15 � ������������������������������������������������������������������������������� (0:0070h) note 1) Taken 18.2065 times per second by the int 08h interrupt. 2) Normally vectors to dummy IRET unless PRINT.COM has been installed. 3) If an application moves the interrupt pointer, it is the responsibility of that application to save and restore all registers that may be modified. 4) returns values at absolute address 40:6x (BIOS Data Area); number of ticks since midnight 40:6C word timer counter high word 40:6E word timer counter low word 5) Ventura Publisher 2.0 grabs this interrupt and does not pass subsequent vector reassignments along. This causes problems with some TSRs and network software. 6) When installing a user interrupt for int 1Ch, the external interrupts must be disabled before the vector is altered. If a timer interrupt occurs between the setting of the offset and segment, an incorrect address will result. �����������������������������������������������������������������������������Ŀ �Interrupt 1Dh Vector of Video Initialization Parameters 3**16 � ������������������������������������������������������������������������������� (0:0074h) This doubleword address points to 3 sets of 16-bytes containing data to initialize for video modes for video modes 0 & 1 (40 column), 2 & 3 (80 column), and 4, 5 & 6 (graphics) on the Motorola 6845 CRT controller chip. 6845 registers: R0 horizontal total (horizontal sync in characters) R1 horizontal displayed (characters per line) R2 horizontal sync position (move display left or right) R3 sync width (vertical and horizontal pulse: 4-bits each) R4 vertical total (total character lines) R5 vertical adjust (adjust for 50 or 60 Hz refresh) R6 vertical displayed (lines of chars displayed) R7 vertical sync position (lines shifted up or down) R8 interlace (bits 4 and 5) and skew (bits 6 and 7) R9 max scan line addr (scan lines per character row) R10 cursor start (starting scan line of cursor) R11 cursor stop (ending scan line of cursor) R12 video memory start address high byte (6 bits) R13 video memory start address low byte (8 bits) R14 cursor address high byte (6 bits) R15 cursor address low byte (8 bits) 6845 Video Init Tables: table for modes 0 and 1 \ table for modes 2 and 3 \ each table is 16 bytes long and table for modes 4,5, and 6 / contains values for 6845 registers table for mode 7 / 4 words size of video RAM for modes 0/1, 2/3, 4/5, and 6/7 8 bytes number of columns in each mode 8 bytes video controller mode byte for each mode note 1) There are 4 separate tables, and all 4 must be initialized if all video modes will be used. 2) The power-on initialization code of the computer points this vector to the ROM BIOS video routines. 3) IBM recommends that if this table needs to be modified, it should be copied into RAM and only the necessary changes made. �����������������������������������������������������������������������������Ŀ �Interrupt 1Eh Vector of Diskette Controller Parameters 3**17 � ������������������������������������������������������������������������������� (0:0078h) Dword address points to data base table that is used by BIOS. Default location is at 0F000:0EFC7h. 11-byte table format: bytes: 00h 4-bit step rate, 4-bit head unload time 01h 7-bit head load time, 1-bit DMA flag 02h 54.9254 ms ticks - delay til motor off (36-38 typical) 03h sector size: 00h 128 bytes 01h 256 bytes 02h 512 bytes 03h 1024 bytes 04h last sector on track (8 or 9 typical) 05h inter-sector gap on read/write (42 typical) 06h data length for DMA transfers (0FFh typical) 07h gap length between sectors for format (80 typical) 08h sector fill byte for format (0F6h typical) 09h head settle time (in milliseconds) (15 to 25 typical) DOS 1.0 0 DOS 1.10 0 DOS 2.10 15 DOS 3.1 1 0Ah motor start time (in 1/8 sec intervals) (2-4 typical) DOS 2.10 2 note 1) This vector is pointed to the ROM BIOS diskette tables on system initialization 2) IBM recommends that if this table needs to be modified, it should be copied into RAM and only the necessary changes made. 3) Some versions of DOS 3.2 may contain a bug. DOS 3.2 assumes that the dword at 0070:0F37 contains the address of the diskette parameter block and changes values in that block. The location does contain a copy of the value at 0:78 (int 1Eh, DISK_POINTER) if DOS is booted from diskette, but when booted from the hard disk, the location contains 0:0. This leads to strange things, especially when running under a debugger since DOS overwrites parts of the interrupt vectors for interrupts 1 to 3. The solution to the problem is to either upgrade to DOS 3.3 or to copy the disk parameter vector to 70:0F37 before running or at the start of your program. �����������������������������������������������������������������������������Ŀ �Interrupt 1Fh Ptr to Graphics Character Extensions (Graphics Set 2) 3**18 � ������������������������������������������������������������������������������� (0:007Ch) This is the pointer to data used by the ROM video routines to display characters above ASCII 127 while in CGA medium and high res graphics modes. note 1) Doubleword address points to 1K table composed of 28 8-byte character definition bit-patterns. First byte of each entry is top row, last byte is bottom row. 2) The first 128 character patterns are located in system ROM. 3) This vector is set to 000:0 at system initialization. 4) Used by DOS' external GRAFTABL command. ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R F O U R DOS INTERRUPTS AND FUNCTION CALLS note: The registered version of this chapter is twice this size. DOS REGISTERS������������������������������������������������������������������ DOS uses the following registers, pointers, and flags when it executes interrupts and function calls: ������������������������������������������������������������������������������Ŀ �GENERAL REGISTERS � register � definition � � ����������������������������������������������������������Ĵ � � AX � accumulator (16 bit) � � � AH � accumulator high-order byte (8 bit) � � � AL � accumulator low order byte (8 bit) � � � BX � base (16 bit) � � � BH � base high-order byte (8 bit) � � � BL � base low-order byte (8 bit) � � � CX � count (16 bit) � � � CH � count high order byte (8 bit) � � � CL � count low order byte (8 bit) � � � DX � data (16 bit) � � � DH � date high order byte (8 bit) � � � DL � data low order byte (8 bit) � ������������������������������������������������������������������������������Ĵ �SEGMENT REGISTERS � register � definition � � ����������������������������������������������������������Ĵ � � CS � code segment (16 bit) � � � DS � data segment (16 bit) � � � SS � stack segment (16 bit) � � � ES � extra segment (16 bit) � ������������������������������������������������������������������������������Ĵ �INDEX REGISTERS � register � definition � � ����������������������������������������������������������Ĵ � � DI � destination index (16 bit) � � � SI � stack index (16 bit) � ������������������������������������������������������������������������������Ĵ �SEGMENT REGISTERS � register � definition � � ����������������������������������������������������������Ĵ � � CS � code segment (16 bit) � � � DS � data segment (16 bit) � � � SS � stack segment (16 bit) � � � ES � extra segment (16 bit) � ������������������������������������������������������������������������������Ĵ �INDEX REGISTERS � register � definition � � ����������������������������������������������������������Ĵ � � DI � destination index (16 bit) � � � SI � stack index (16 bit) � ������������������������������������������������������������������������������Ĵ �POINTERS � register � definition � � ����������������������������������������������������������Ĵ � � SP � stack pointer (16 bit) � � � BP � base pointer (16 bit) � � � IP � instruction pointer (16 bit) � ������������������������������������������������������������������������������Ĵ �FLAGS AF, CF, DF, IF, OF, PF, SF, TF, ZF � �������������������������������������������������������������������������������� These registers, pointers, and flags are "lowest common denominator" 8088-8086 CPU oriented. DOS makes no attempt to use any of the special or enhanced instructions availible on the later CPUs which will execute 8088 code, such as the 80186, 80286, 80386, or NEV V20, V30, V40, or V50. When DOS takes control after a function call, it switches to an internal stack. Registers which are not used to return information (other than AX) are preserved. The calling program's stack must be large enough to accomodate the interrupt system - at least 128 bytes in addition to other interrupts. DOS actually maintains three stacks - stack 1: 384 bytes (in DOS 3.1) for functions 00h and for 0Dh and up, and for ints 25h and 26h. stack 2: 384 bytes (in DOS 3.1) for function calls 01h through 0Ch. stack 3: 48 bytes (in DOS 3.1) for functions 0Dh and above. This stack is the initial stack used by the int 21h handler before it decides which of the other two to use. It is also used by function 59h (get extended error), and 01h to 0Ch if they are called during an int 24h (critical error) handler. Functions 33h (get/set break flag), 50h (set process ID), 51h (get process ID) and 62h (get PSP address) do not use any DOS stack under DOS 3.x (under 2.x, 50h and 51h use stack number 2). IBM and Microsoft made a change back in DOS 3.0 or 3.1 to reduce the size of DOS. They reduced the space allocated for scratch areas when interrupts are being processed. The default seems to vary with the DOS version and the machine, but 8 stack frames seems to ring a bell. That means that if you get more than 8 interrupts at the same time, clock, disk, printer spooler, keyboard, com port, etc., the system will crash. It seems to happen usually on a network. STACKS=16,256 means allow 16 interrupts to interrupt each other and allow 256 bytes for each for scratch area. Eight is marginal. DOS 3.2 does some different stack switching than previous versions. The interrupts which are switched are 02h, 08h, 09h, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh, 70h, 72h, 73h, 74h, 75h, 76h, and 77h. DOS 3.2 has a special check in the initialization code for a PCjr and don't enable stack switching on that machine. INTERRUPTS��������������������������������������������������������������������� Microsoft recommends that a program wishing to examine or set the contents of any interrupt vector use the DOS function calls 35h and 25h provided for those purposes and avoid referencing the interrupt vector locations directly. DOS reserves interrupt numbers 20h to 3Fh for its own use. This means absolute memory locations 80h to 0FFh are reserved by DOS. The defined interrupts are as follows with all values in hexadecimal. �����������������������������������������������������������������������������Ŀ �Interrupt 21h Function Call Request � ������������������������������������������������������������������������������� (0:0084h) DOS provides a wide variety of function calls for character device I/O, file management, memory management, date and time functions,execution of other programs, and more. They are grouped as follows: call description 00h program terminate 01h-0Ch character device I/O, CP/M compatibility format 0Dh-24h file management, CP/M compatibility format 25h-26h nondevice functions, CP/M compatibility format 27h-29h file management, CP/M compatibility format 2Ah-2Eh nondevice functions, CP/M compatibility format 2Fh-38h extended functions 39h-3Bh directory group 3Ch-46h extended file management 47h directory group 48h-4Bh extended memory management 54h-57h extended functions 5Eh-5Fh networking 60h-62h extended functions 63h-66h enhanced foreign language support List of DOS services: * = undocumented 00h terminate program 01h get keyboard input 02h display character to STDIO 03h get character from STDAUX 04h output character to STDAUX 05h output character to STDPRN 06h direct console I/O - keyboard to screen 07h get char from std I/O without echo 08h get char from std I/O without echo, checks for ^C 09h display a string to STDOUT 0Ah buffered keyboard input 0Bh check STDIN status 0Ch clear keyboard buffer and invoke keyboard function 0Dh flush all disk buffers 0Eh select disk 0Fh open file with File Control Block 10h close file opened with File Control Block 11h search for first matching file entry 12h search for next matching file entry 13h delete file specified by File Control Block 14h sequential read from file specified by File Control Block 15h sequential write to file specified by File Control Block 16h find or create firectory entry for file 17h rename file specified by file control block 18h* unknown 19h return current disk drive 1Ah set disk transfer area (DTA) 1Bh get current disk drive FAT 1Ch get disk FAT for any drive 1Dh* unknown 1Eh* unknown 1Fh* read DOS disk block, default drive 20h* unknown 21h random read from file specified by FCB 22h random write to file specified by FCB 23h return number of records in file specified by FCB 24h set relative file record size field for file specified by FCB 25h set interrupt vector 26h create new Program Segment Prefix (PSP) 27h random file block read from file specified by FCB 28h random file block write to file specified by FCB 29h parse the command line for file name 2Ah get the system date 2Bh set the system date 2Ch get the system time 2Dh set the system time 2Eh set/clear disk write VERIFY 2Fh get the Disk Transfer Address (DTA) 30h get DOS version number 31h TSR, files opened remain open 32h* read DOS Disk Block 33h get or set Ctrl-Break 34h* INDOS Critical Section Flag 35h get segment and offset address for an interrupt 36h get free disk space 37h* get/set option marking character (SWITCHAR) 38h return country-dependent information 39h create subdirectory 3Ah remove subdirectory 3Bh change current directory 3Ch create and return file handle 3Dh open file and return file handle 3Eh close file referenced by file handle 3Fh read from file referenced by file handle 40h write to file referenced by file handle 41h delete file 42h move file pointer (move read-write pointer for file) 43h set/return file attributes 44h device IOCTL (I/O control) info 45h duplicate file handle 46h force a duplicate file handle 47h get current directory 48h allocate memory 49h release allocated memory 4Ah modify allocated memory 4Bh load or execute a program 4Ch terminate prog and return to DOS 4Dh get return code of subprocess created by 4Bh 4Eh find first matching file 4Fh find next matching file 50h* set new current Program Segment Prefix (PSP) 51h* puts current PSP into BX 52h* pointer to the DOS list of lists 53h* translates BPB (Bios Parameter Block, see below) 54h get disk verification status (VERIFY) 55h* create PSP: similar to function 26h 56h rename a file 57h get/set file date and time 58h get/set allocation strategy (DOS 3.x) 59h get extended error information 5Ah create a unique filename 5Bh create a DOS file 5Ch lock/unlock file contents 5Dh* network 5Eh* network printer 5Fh* network redirection 60h* parse pathname 61h* unknown 62h get program segment prefix (PSP) 63h* get lead byte table (DOS 2.25) 64h* unknown 65h get extended country information (DOS 3.3) 66h get/set global code page table (DOS 3.3) 67h set handle count (DOS 3.3) 68h commit file (DOS 3.3) 69h disk serial number (DOS 4.0) 6Ah unknown 6Bh unknown 6Ch extended open/create (DOS 4.0) CALLING THE DOS SERVICES������������������������������������������������������� The DOS services are invoked by placing the number of the desired function in register AH, subfunction in AL, setting the other registers to any specific requirements of the function, and invoking int 21h. On return, the requested service will be performed if possible. Most codes will return an error; some return more information. Details are contained in the listings for the individual functions. Extended error return may be obtained by calling function 59h (see 59h). Register settings listed are the ones used by DOS. Some functions will return with garbage values in unused registers. Do not test for values in unspecified registers; your program may exhibit odd behavior. DS:DX pointers are the data segment register (DS) indexed to the DH and DL registers (DX). DX always contains the offset address, DS contains the segment address. The File Control Block services (FCB services) were part of DOS 1.0. Since the release of DOS 2.0, Microsoft has recommended that these services not be used. A set of considerably more enhanced services (handle services) were introduced with DOS 2.0. The handle services provide support for wildcards and subdirectories, and enhanced error detection via function 59h. The data for the following calls was compiled from various Intel, Microsoft, IBM, and other publications. There are many subtle differences between MSDOS and PCDOS and between the individual versions. Differences between the versions are noted as they occur. There are various ways of calling the DOS functions. For all methods, the function number is loaded into register AH, subfunctions and/or parameters are loaded into AL or other registers, and call int 21 by one of the following methods: A) call interrupt 21h directly (the recommended procedure) B) perform a long call to offset 50h in the program's PSP. 1) This method will not work under DOS 1.x 2) Though recommended by Microsoft for DOS 2.0, this method takes more time and is no longer recommended. C) place the function number in CL and perform an intrasegment call to location 05h in the current code segment. This location contains a long call to the DOS function dispatcher. 1) IBM recommends this method be used only when using existing programs written for different calling conventions. (such as converting CP/M programs). This method should be avoided unless you have some specific use for it. 2) AX is always destroyed by this method. 3) This method is valid only for functions 00h-24h. There are also various ways of exiting from a program. (assuming it is not intended to be a TSR). All methods except call 4Ch must ensure that the segment register contains the segment address of the PSP. A) Interrupt 21h, function 4Ch (Terminate with Result Code). This is the "official" recommended method of returning to DOS. B) Interrupt 21h, function 00h (Exit Program). This is the early style int 21 function call. It simply calls int 20h. C) Interrupt 20h (Exit). D) A JMP instruction to offset 00h (int 20h vector) in the Program Segment Prefix. This is just a roundabout method to call int 20h. This method was set up in DOS 1.0 for ease of conversion for CP/M programs. It is no longer recommended for use. E) A JMP instruction to offset 05h (int 21 vector) in the Program Segment Prefix, with AH set to 00h or 4Ch. This is another CP/M type function. INT 21H DOS services Function (hex) * Indicates Functions not documented in the IBM DOS Technical Reference. Note some functions have been documented in other Microsoft or licensed OEM documentation. Function 00h Terminate Program Ends program, updates, FAT, flushes buffers, restores registers entry AH 00h CS segment address of PSP return none note 1) Program must place the segment address of the PSP control block in CS before calling this function. 2) The terminate, ctrl-break,and critical error exit addresses (0Ah, 0Eh, 12h) are restored to the values they had on entry to the terminating program, from the values saved in the program segment prefix at locations PSP:000Ah, PSP:000Eh, and PSP:0012h. 3) All file buffers are flushed and the handles opened by the process are closed. 4) Any files that have changed in length and are not closed are not recorded properly in the directory. 5) Control transfers to the terminate address. 6) This call performs exactly the same function as int 20h. 7) All memory used by the program is returned to DOS. Function 01h Get Keyboard Input Waits for char at STDIN (if nescessary), echoes to STDOUT entry AH 01h return AL ASCII character from STDIN (8 bits) note 1) Checks char for Ctrl-C, if char is Ctrl-C, executes int 23h. 2) For function call 06h, extended ASCII codes require two function calls. The first call returns 00h as an indicator that the next call will be an extended ASCII code. 3) Input and output are redirectable. If redirected, there is no way to detect EOF. Function 02h Display Output Outputs char in DL to STDOUT entry AH 02h DL 8 bit data (usually ASCII character) return none note 1) If char is 08 (backspace) the cursor is moved 1 char to the left (nondestructive backspace). 2) If Ctrl-C is detected after input, int 23h is executed. 3) Input and output are redirectable. If redirected, there is no way to detect disk full. Function 03h Auxiliary Input Get (or wait until) character from STDAUX entry AH 03h return AL char from auxiliary device note 1) AUX, COM1, COM2 is unbuffered and not interrupt driven 2) This function call does not return status or error codes. For greater control it is recommended that you use ROM BIOS routine (int 14h) or write an AUX device driver and use IOCTL. 3) At startup, PC-DOS initializes the first auxiliary port (COM1) to 2400 baud, no parity, one stop bit, and an 8-bit word. MSDOS may differ. 4) If Ctrl-C is has been entered from STDIN, int 23h is executed. Function 04h Auxiliary Output Write character to STDAUX entry AH 04h DL char to send to AUX return none note 1) This function call does not return status or error codes. For greater control it is recommended that you use ROM BIOS routine (int 14h) or write an AUX device driver and use IOCTL. 2) If Ctrl-C is has been entered from STDIN, int 23h is executed. 3) Default is COM1 unless redirected by DOS. 4) If the device is busy, this function will wait until it is ready. Function 05h Printer Output Write character to STDPRN entry AL 05h DL character to send return none note 1) If Ctrl-C is has been entered from STDIN, int 23h is executed. 2) Default is PRN or LPT1 unless redirected with the MODE command. 3) If the printer is busy, this function will wait until it is ready. Function 06h Direct Console I/O Get character from STDIN; echo character to STDOUT entry AH 06h DL 0FFh for console input, or 00h-0FEh for console output return ZF set (1) = no character clear (0) = character recieved AL character note 1) Extended ASCII codes require two function calls. The first call returns 00h to indicate the next call will return an extended code. 2) If DL is not 0FFh, DL is assumed to have a valid character that is output to STDOUT. 3) This function does not check for Ctrl-C or Ctrl-PrtSc. 4) Does not echo input to screen 5) If I/O is redirected, EOF or disk full cannot be detected. Function 07h Direct Console Input Without Echo (does not check BREAK) Get or wait for char at STDIN, returns char in AL entry AH 07h return AL character from standard input device note 1) Extended ASCII codes require two function calls. The first call returns 00h to indicate the next call will return an extended code. 2) No checking for Ctrl-C or Ctrl-PrtSc is done. 3) Input is redirectable. Function 08h Console Input Without Echo (checks BREAK) Get or Wait for char at STDIN, return char in AL entry AH 08h return AL char from standard input device note 1) Char is checked for ctrl-C. If ctrl-C is detected, executes int 23h. 2) For function call 08h, extended ASCII characters require two function calls. The first call returns 00h to signify an extended ASCII code. The next call returns the actual code. 3) Input is redirectable. If redirected, there is no way to check EOF. Function 09h Print String Outputs Characters in the Print String to the STDOUT entry AH 09h DS:DX pointer to the Character String to be displayed return none note 1) The character string in memory must be terminated by a $ (24h) The $ is not displayed. 2) Output to STDOUT is the same as function call 02h. Function 0Ah Buffered Keyboard Input Reads characters from STDIN and places them in the buffer beginning at the third byte. entry AH 0Ah DS:DX pointer to an input buffer return none note 1) Min buffer size = 1, max = 255 2) Char is checked for ctrl-C. If ctrl-C is detected, executes int 23h. 3) Format of buffer DX: byte contents 1 Maximum number of chars the buffer will take, including CR. Reading STDIN and filling the buffer continues until a carriage return ( or 0Dh) is read. If the buffer fills to one less than the maximum number the buffer can hold, each additional number read is ignored and ASCII 7 (BEL) is output to the display until a carriage return is read. (you must set this value) 2 Actual number of characters received, excluding the carriage return, which is always the last character. (the function sets this value) 3-n Characters received are placed into the buffer starting here. Buffer must be at least as long as the number in byte 1. 4) Input is redirectable. If redirected, there is no way to check EOF. 5) The string may be edited with the standard DOS editing commands as it is being entered. 6) Extended ASCII characters are stored as 2 bytes, the first byte being zero. Function 0Bh Check Standard Input (STDIN) status Checks for character availible at STDIN entry AH 0Bh return AL 0FFh if a character is availible from STDIN 00h if no character is availible from STDIN note 1) Checks for Ctrl-C. If Ctrl-C is detected, int 23h is executed 2) Input can be redirected. 3) Checks for character only, it is not read into the application 4) IBM reports that this call does not work properly under the DOSSHELL program in DOS 4.00 and 4.01. DOSSHELL will return all zeroes. This function works correctly from the command line or application. Function 0Ch Clear Keyboard Buffer & Invoke a Keyboard Function (FCB) Dumps buffer, executes function in AL (01h,06h,07h,08h,0Ah only) entry AH 0Ch AL function number (must be 01h, 06h, 07h, 08h, or 0Ah) return AL 00h buffer was flushed, no other processing performed other any other value has no meaning note 1) Forces system to wait until a character is typed. 2) Flushes all typeahead input, then executes function specified by AL (by moving it to AH and repeating the int 21 call). 3) If AL contains a value not in the list above, the keyboard buffer is flushed and no other action is taken. Function 0Dh Disk Reset Flushes all currently open file buffers to disk entry AH 0Dh return none note 1) Does not close files. Does not update directory entries; files changed in size but not closed are not properly recorded in the directory 2) Sets DTA address to DS:0080h 3) Should be used before a disk change, Ctrl-C handlers, and to flush the buffers to disk. Function 0Eh Select Disk Sets the drive specified in DL (if valid) as the default drive entry AL 0Eh DL new default drive number (0=A:,1=B:,2=C:,etc.) return AL total number of logical drives (not nescessarily physical) note 1) For DOS 1.x and 2.x, the minimum value for AL is 2. 2) For DOS 3.x and 4.x, the minimum value for AL is 5. 3) The drive number returned is not nescessarily a valid drive. 4) For DOS 1.x: 16 logical drives are availible, A-P. For DOS 2.x: 63 logical drives are availible. (Letters are only used for the first 26 drives. If more than 26 logical drives are used, further drive letters will be other ASCII characters ie {,], etc. For DOS 3.x: 26 logical drives are availible, A-Z. For DOS 4.x: 26 logical drives are availible, A-Z. Function 0Fh Open Disk File (FCB) Searches current directory for specified filename and opens it entry AH 0Fh DS:DX pointer to an unopened FCB return AL 00h if file found 0FFh if file not not found note 1) If the drive code was 0 (default drive) it is changed to the actual drive used (1=A:,2=B:,3=C:, etc). This allows changing the default drive without interfering with subsequent operations on this file. 2) The current block field (FCB bytes C-D, offset 0Ch) is set to zero. 3) The size of the record to be worked with (FCB bytes E-F, offset 0Eh) is set to the system default of 80h. The size of the file (offset 10h) and the date (offset 14h) are set from information obtained in the root directory. You can change the default value for the record size (FCB bytes E-F) or set the random record size and/or current record field. Perform these actions after the open but before any disk operations. 4) The file is opened in compatibility mode. 5) Microsoft recommends handle function call 3Dh be used instead. 6) This call is also used by the APPEND command in DOS 3.2+ 7) Before performing a sequential disk operation on the file, you must set the Current Record field (offset 20h). Before performing a random disk operation on the file, you must set the Relative Record field (offset 21h). If the default record size of 128 bytes is incorrect, set it to the correct value. Function 10h Close File (FCB) Closes a File After a File Write entry AH 10h DS:DX pointer to an opened FCB return AL 00h if the file is found and closed 0FFh if the file is not found in the current directory note 1) This function call must be done on open files that are no longer needed, and after file writes to insure all directory information is updated. 2) If the file is not found in its correct position in the current directory, it is assumed that the diskette was changed and AL returns 0FFh. This error return is reportedly not completely reliable with DOS version 2.x. 3) If found, the directory is updated to reflect the status in the FCB, the buffers to that file are flushed, and AL returns 00h. Function 11h Search For First Matching Entry (FCB) Searches current disk & directory for first matching filename entry AH 11h DS:DX pointer to address of FCB return AL 00h successful match 0FFh no matching filename found note 1) The FCB may contain the wildcard character ? under Dos 2.x, and ? or * under 3.x and 4.x. 2) The original FCB at DS:DX contains information to continue the search with function 12h, and should not be modified. 3) If a matching filename is found, AL returns 00h and the locations at the Disk Transfer Address are set as follows: a) If the FCB provided for searching was an extended FCB, then the first byte at the disk transfer address is set to 0FFh followed by 5 bytes of zeroes, then the attribute byte from the search FCB, then the drive number used (1=A, 2=B, etc) then the 32 bytes of the directory entry. Thus, the disk transfer address contains a valid unopened FCB with the same search attributes as the search FCB. b) If the FCB provided for searching was a standard FCB, then the first byte is set to the drive number used (1=A,2=b,etc), and the next 32 bytes contain the matching directory entry. Thus, the disk transfer address contains a valid unopened normal FCB. 4) If an extended FCB is used, the following search pattern is used: a) If the FCB attribute byte is zero, only normal file entries are found. Entries for volume label, subdirectories, hidden or system files, are not returned. b) If the attribute byte is set for hidden or system files, or subdirectory entries, it is to be considered as an inclusive search. All normal file entries plus all entries matching the specified attributes are returned. To look at all directory entries except the volume label, the attribute byte may be set to hidden + system + directory (all 3 bits on). c) If the attribute field is set for the volume label, it is considered an exclusive search, and ONLY the volume label entry is returned. 5) This call is also used by the APPEND command in DOS 3.2+ Function 12h Search For Next Entry Using FCB (FCB) Search for next matching filename entry AH 12h DS:DX pointer to the unopened FCB specified from the previous Search First (11h) or Search Next (12h) return AL 00h if matching filename found 0FFh if matching filename was not found note 1) After a matching filename has been found using function call 11h, function 12h may be called to find the next match to an ambiguous request. For DOS 2.x, ?'s are allowed in the filename. For DOS 3.x and 4.x, global (*) filename characters are allowed. 2) The DTA contains info from the previous Search First or Search Next. 3) All of the FCB except for the name/extension field is used to keep information nescessary for continuing the search, so no disk operations may be performed with this FCB between a previous function 11h or 12h call and this one. 4) If the file is found, an FCB is created at the DTA address and set up to open or delete it. Function 13h Delete File Via FCB (FCB) Deletes file specified in FCB from current directory entry AH 13h DS:DX pointer to address of FCB return AL 00h file deleted 0FFh if file not found or was read-only note 1) All matching current directory entries are deleted. The global filename character "?" is allowed in the filename. 2) Will not delete files with read-only attribute set 3) Close open files before deleting them. 4) Requires Network Access Rights Function 14h Sequential Disk File Read (FCB) Reads record sequentially from disk via FCB entry AH 14h DS:DX pointer to an opened FCB return AL 00h successful read 01h end of file (no data read) 02h Data Transfer Area too small for record size specified or segment overflow 03h partial record read, EOF found note 1) The record size is set to the value at offset 0Eh in the FCB. 2) The record pointed to by the Current Block (offset 0Ch) and the Current Record (offset 20h) fields is loaded at the DTA, then the Current Block and Current Record fields are incremented. 3) The record is read into memory at the current DTA address as specified by the most recent call to function 1Ah. If the size of the record and location of the DTA are such that a segment overflow or wraparound would occur, the error return is set to AL=02h 4) If a partial record is read at the end of the file, it is passed to the requested size with zeroes and the error return is set to AL=03h. Function 15h Sequential Disk Write (FCB) Writes record specified by FCB sequentially to disk entry AH 15h DS:DX pointer to address of FCB return AL 00h successful write 01h diskette full, write canceled 02h disk transfer area (DTA) too small or segment wrap note 1) The data to write is obtained from the disk transfer area 2) The record size is set to the value at offset 0Eh in the FCB. 3) This service cannot write to files set as read-only 4) The record pointed to by the Current Block (offset 0Ch) and the Current Record (offset 20h) fields is loaded at the DTA, then the Current Block and Current Record fields are incremented. 5) If the record size is less than a sector, the data in the DTA is written to a buffer; the buffer is written to disk when it contains a full sector of data, the file is closed, or a Reset Disk (function 0Dh) is issued. 6) The record is written to disk at the current DTA address as specified by the most recent call to function 1Ah. If the size of the record and location of the DTA are such that a segment overflow or wraparound would occur, the error return is set to AL=02h Function 16h Create A Disk File (FCB) Search and open or create directory entry for file entry AH 16h DS:DX pointer to an FCB return AL 00h successful creation 0FFh no room in directory note 1) If a matching directory entry is found, the file is truncated to zero bytes. 2) If there is no matching filename, a filename is created. 3) This function calls function 0Fh (Open File) after creating or truncating a file. 4) A hidden file can be created by using an extended FCB with the attribute byte (offset FCB-1) set to 2. Function 17h Rename File Specified by File Control Block (FCB) Renames file in current directory entry AH 17h DS:DX pointer to an FCB (see note 4) return AL 00h successfully renamed 0FFh file not found or filename already exists note 1) This service cannot rename read-only files 2) The "?" wildcard may be used. 3) If the "?" wildcard is used in the second filename, the corresponding letters in the filename of the directory entry are not changed. 4) The FCB must have a drive number, filename, and extension in the usual position, and a second filename starting 6 bytes after the first, at offset 11h. 5) The two filenames cannot have the same name. 6) FCB contains new name starting at byte 17h. Function 18h Internal to DOS * Unknown entry AH 18h return AL 0 Function 19h Get Current Disk Drive Return designation of current default disk drive entry AH 19h return AL current default drive (0=A, 1=B,etc.) note Some other DOS functions use 0 for default, 1=A, 2=B, etc. Function 1Ah Set Disk Transfer Area Address (DTA) Sets DTA address to the address specified in DS:DX entry AH 1Ah DS:DX pointer to buffer return none note 1) The default DTA is 128 bytes at offset 80h in the PSP. DOS uses the DTA for all file I/O. 2) Registers are unchanged. 3) No error codes are returned. 2) Disk transfers cannot wrap around from the end of the segment to the beginning or overflow into another segment. Function 1Bh Get Current Drive File Allocation Table Information Returns information from the FAT on the current drive entry AH 1Bh exit AL number of sectors per allocation unit (cluster) DS:BX address of the current drive's media descriptor byte CX number of bytes per sector DX number of allocation units (clusters) for default drive note 1) Save DS before calling this function. 2) This call returned a pointer to the FAT in DOS 1.x. Beginning with DOS 2.00, it returns a pointer only to the table's ID byte. 3) IBM recommends programmers avoid this call and use int 25h instead. Function 1Ch Get File Allocation Table Information for Specific Device Returns information on specified drive entry AH 1Ch DL drive number (1=A, 2=B, 3=C, etc) return AL number of sectors per allocation unit (cluster) DS:BX address of media descriptor byte for drive in DL CX sector size in bytes DX number of allocation units (clusters) note 1) DL = 0 for default. 2) Save DS before calling this function. 3) Format of media-descriptor byte: bits: 0 0 (clear) not double sided 1 (set) double sided 1 0 (clear) not 8 sector 1 (set) 8 sector 2 0 (clear) nonremovable device 1 (set) removable device 3-7 always set (1) 4) This call returned a pointer to the FAT in DOS 1.x. Beginning with DOS 2.00, it returns a pointer only to the table's ID byte. 5) IBM recommends programmers avoid this call and use int 25h instead. Function 1Dh Not Documented by Microsoft * Unknown entry AH 1Dh return AL 0 Function 1Eh Not Documented by Microsoft * Unknown entry AH 1Eh return AL 0 note Apparently does nothing Function 1Fh Get Default Drive Parameter Block * Same as function call 32h (below), except that the table is accessed from the default drive entry AH 1Fh other registers unknown return AL 00h no error 0FFh error DS:BX points to DOS Disk Parameter Block for default drive. note 1) Unknown vector returned in ES:BX. 2) For DOS 2.x and 3.x, this just invokes function 32h (undocumented, Read DOS Disk Block) with DL=0 Function 20h Unknown * Internal - does nothing? entry AH 20h return AL 0 Function 21h Random Read from File Specified by File Control Block (FCB) Reads one record as specified in the FCB into the current DTA. entry AH 21h DS:DX address of the opened FCB return AL 00h successful read operation 01h end of file (EOF), no data read 02h DTA too small for the record size specified 03h end of file (EOF), partial data read note 1) The current block and current record fields are set to agree with the random record field. Then the record addressed by these fields is read into memory at the current Disk Transfer Address. 2) The current file pointers are NOT incremented this function. 3) If the DTA is larger than the file, the file is padded to the requested length with zeroes. Function 22h Random Write to File Specified by FCB (FCB) Writes one record as specified in the FCB to the current DTA entry AH 22h DS:DX address of the opened FCB return AL 00h successful write operation 01h disk full; no data written (write was canceled) 02h DTA too small for the record size specified (write was canceled) note 1) This service cannot write to read-only files. 2) The record pointed to by the Current Block (offset 0Ch) and the Current Record (offset 20h) fields is loaded at the DTA, then the Current Block and Current Record fields are incremented. 3) If the record size is less than a sector, the data in the DTA is written to a buffer; the buffer is written to disk when it contains a full sector of data, the file is closed, or a Reset Disk (function 0Dh) is issued. 4) The current file pointers are NOT incremented this function. 5) The record is written to disk at the current DTA address as specified by the most recent call to function 1Ah. If the size of the record and location of the DTA are such that a segment overflow or wraparound would occur, the error return is set to AL=02h Function 23h Get File Size (FCB) Searches current subdirectory for matching file, returns size in FCB entry AH 23h DS:DX address of an unopened FCB return AL 00h file found 0FFh file not found note 1) Record size field (offset 0Eh) must be set before invoking this function 2) The disk directory is searched for the matching entry. If a matching entry is found, the random record field is set to the number of records in the file. If the value of the Record Size field is not an even divisor of the file size, the value set in the relative record field is rounded up. This gives a returned value larger than the actual file size 3) This call is used by the APPEND command in DOS 3.2+ Function 24h Set Relative Record Field (FCB) Set random record field specified by an FCB entry AH 24h DS:DX address of an opened FCB return Random Record Field of FCB is set to be same as Current Block and Current Record. note 1) You must invoke this function before performing random file access. 2) The relative record field of FCB (offset 21h) is set to be same as the Current Block (offset 0Ch) and Current Record (offset 20h). 3) No error codes are returned. 4) The FCB must already be opened. Function 25h Set Interrupt Vector Sets the address of the code DOS is to perform each time the specified interrupt is invoked. entry AH 25h AL int number to reassign the handler to DS:DX address of new interrupt vector return none note 1) Registers are unchanged. 2) No error codes are returned. 3) The interrupt vector table for the interrupt number specified in AL is set to the address contained in DS:DX. Use function 35h (Get Vector) to get the contents of the interrupt vector and save it for later use. 4) When you use function 25 to set an interrupt vector, DOS 3.2 doesn't point the actual interrupt vector to what you requested. Instead, it sets the interrupt vector to point to a routine inside DOS, which does this: 1. Save old stack pointer 2. Switch to new stack pointer allocated from DOS's stack pool 3. Call your routine 4. Restore old stack pointer The purpose for this was to avoid possible stack overflows when there are a large number of active interrupts. IBM was concerned (this was an IBM change, not Microsoft) that on a Token Ring network there would be a lot of interrupts going on, and applications that hadn't allocated very much stack space would get clobbered. Function 26h Create New Program Segment Prefix (PSP) This service copies the current program-segment prefix to a new memory location for the creation of a new program or overlay. Once the new PSP is in place, a DOS program can read a DOS COM or overlay file into the memory location immediately following the new PSP and pass control to it. entry AH 26h DX segment number for the new PSP return none note 1) Microsoft recommends you use the newer DOS service 4Bh (EXEC) instead. 2) The entire 100h area at location 0 in the current PSP is copied into location 0 of the new PSP. The memory size information at location 6 in the new segment is updated and the current termination, ctrl-break, and critical error addresses from interrupt vector table entries for ints 22h, 23h, and 24 are saved in the new program segment starting at 0Ah. They are restored from this area when the program terminates. 3) Current PSP is copied to specified segment Function 27h Random Block Read From File Specified by FCB Similar to 21h (Random Read) except allows multiple files to be read. entry AH 27h CX number of records to be read DS:DX address of an opened FCB return AL 00h successful read 01h end of file, no data read 02h DTA too small for record size specified (read canceled) 03h end of file CX actual number of records read (includes partial if AL=03h) note 1) The record size is specified in the FCB. The service updates the Current Block (offset 0Ch) and Current Record (offset 20h) fields to the next record not read. 2) If CX contained 0 on entry, this is a NOP. 3) If the DTA is larger than the file, the file is padded to the requested length with zeroes. 4) This function assumes that the FCB record size field (0Eh) is correctly set. If not set by the user, the default is 128 bytes. 5) The record is written to disk at the current DTA address as specified by the most recent call to function 1Ah. If the size of the record and location of the DTA are such that a segment overflow or wraparound would occur, the error return is set to AL=02h Function 28h Random Block Write to File Specified in FCB Similar to 27h (Random Write) except allows multiple files to be read. entry AH 28h CX number of records to write DS:DX address of an opened FCB return AL 00h successful write 01h disk full, no data written 02h DTA too small for record size specified (write canceled) CX number of records written note 1) The record size is specified in the FCB. 2) This service allocates disk clusters as required. 3) This function assumes that the FCB Record Size field (offset 0Eh) is correctly set. If not set by the user, the default is 128 bytes. 4) The record size is specified in the FCB. The service updates the Current Block (offset 0Ch) and Current Record (offset 20h) fields to the next record not read. 5) The record is written to disk at the current DTA address as specified by the most recent call to function 1Ah. If the size of the record and location of the DTA are such that a segment overflow or wraparound would occur, the error return is set to AL=02h 6) If called with CX=0, no records are written, but the FCB's File Size entry (offset 1Ch) is set to the size specified by the FCB's Relative Record field (offset 21h). Function 29h Parse the Command Line for Filename Parses a text string into the fields of a File Control Block entry AH 29h DS:SI pointer to string to parse ES:DI pointer to memory buffer to fill with unopened FCB AL bit mask to control parsing bit 0 = 0: parsing stops if file seperator found 1: causes service to scan past leading chars such as blanks. Otherwise assumes the filename begins in the first byte 1 = 0: drive number in FCB set to default (0) if string contains no drive number 1: drive number in FCB not changed 2 = 0: filename in FCB set to 8 blanks if no filename in string 1: filename in FCB not changed if string does not contain a filename 3 = 0: extension in FCB set to 3 blanks if no extension in string 1: extension left unchanged 4-7 must be zero return AL 00h no wildcards in name or extension 01h wildcards appeared in name or extension 0FFh invalid drive specifier DS:SI pointer to the first byte after the parsed string ES:DI pointer to a buffer filled with the unopened FCB note 1) If the * wildcard characters are found in the command line, this service will replace all subsequent chars in the FCB with question marks. 2) This service uses the characters as filename separators DOS 1 : ; . , + / [ ] = " TAB SPACE DOS 2,3 : ; . , + = TAB SPACE 3) This service uses the characters : ; . , + < > | / \ [ ] = " TAB SPACE or any control characters as valid filename separators 4) A filename cannot contain a filename terminator. If one is encountered, all processing stops. The handle functions will allow use of some of these characters. 5) If no valid filename was found on the command line, ES:DI +1 points to a blank (ASCII 32). 6) This function cannot be used with filespecs which include a path 7) Parsing is in the form D:FILENAME.EXT. If one is found, a corresponding unopened FCB is built at ES:DI Function 2Ah Get Date Returns day of the week, year, month, and date entry AH 2Ah return CX year (1980-2099) DH month (1-12) DL day (1-31) AL weekday 00h Sunday 01h Monday 02h Tuesday 03h Wednesday 04h Thursday 05h Friday 06h Saturday note 1) Date is adjusted automatically if clock rolls over to the next day, and takes leap years and number of days in each month into account. 2) Although DOS cannot set an invalid date, it can read one, such as 1/32/80, etc. 3) DesQview also accepts CX = 4445h and DX = 5351h, i.e. 'DESQ' as valid 4) DOS will accept CH=0 (midnight) as a valid time, but if a file's time is set to exactly midnight the time will not be displayed by the DIR command. Function 2Bh Set Date set current system date entry AH 2Bh CX year (1980-2099) DH month (1-12) DL day (1-31) return AL 00h no error (valid date) 0FFh invalid date specified note 1) On entry, CX:DX must have a valid date in the same format as returned by function call 2Ah 2) DOS 3.3 also sets CMOS clock Function 2Ch Get Time Get current system time from CLOCK$ driver entry AH 2Ch return CH hours (0-23) CL minutes (0-59) DH seconds (0-59) DL hundredths of a second (0-99) note 1) Time is updated every 5/100 second. 2) The date and time are in binary format Function 2Dh Set Time Sets current system time entry AH 2Dh CH hours (0-23) CL minutes (0-59) DH seconds (0-59) DL hundredths of seconds (0-99) return AL 00h if no error 0FFh if bad value sent to routine note 1) DOS 3.3 also sets CMOS clock 2) CX and DX must contain a valid time in binary Function 2Eh Set/Reset Verify Switch Set verify flag entry AH 2Eh AL 00 to turn verify off (default) 01 to turn verify on return none note 1) This is the call invoked by the DOS VERIFY command 2) Setting of the verify switch can be obtained by calling call 54h 3) This call is not supported on network drives 4) DOS checks this flag each time it accesses a disk Function 2Fh Get Disk Transfer Address (DTA) Returns current disk transfer address used by all DOS read/write operations entry AH 2Fh return ES:BX address of DTA note 1) The DTA is set by function call 1Ah 2) Default DTA address is a 128 byte buffer at offset 80h in that program's Program Segment Prefix Function 30h Get DOS Version Number Return DOS version and/or user number entry AH 30h return AH minor version number (i.e., DOS 2.10 returns AX = 0A02h) AL major version number BH OEM ID number 00h IBM 16h DEC (others not known) BL:CX 24-bit user serial number note 1) If AL returns a major version number of zero, the DOS version is below 1.28 for MSDOS and below 2.00 for PCDOS. 2) IBM PC-DOS always returns 0000h in BX and CX. 3) OS/2 v1.0 Compatibility Box returns a value of 10 for major version. 4) Due to the OS/2 return and the fact that some European versions of DOS carry higher version numbers than IBM's DOS, utilities which check for a DOS version should not abort if a higher version than required is found unless some specific problems are known. Function 31h Terminate Process and Stay Resident KEEP, or TSR entry AH 31h AL exit code DX program memory requirement in 16 byte paragraphs return AX return code (retrieveable by function 4Dh) note 1) Files opened by the application are not closed when this call is made 2) Memory can be used more efficiently if the block containing the copy of the DOS environment is deallocated before terminating. This can be done by loading ES with the segment contained in 2Ch of the PSP and issuing function call 49h (Free Allocated Memory). 3) Unlike int 27h, more than 64k may be made resident with this call Function 32h Read DOS Disk Block * Retrieve the pointer to the drive parameter block for a drive entry AH 32h DL drive (0=default, 1=A:, etc.). return AL 00h if drive is valid 0FFh if drive is not valid DS:BX pointer to DOS Drive Parameter Table. Format of block: Bytes Type Value 00h byte Drive: 0=A:, 1=B:, etc. 01h byte Unit within drive (0, 1, 2, etc.) 02h-03h word Bytes per sector 04h byte Sectors per cluster - 1 05h byte Cluster to sector shift (i.e., how far to shift- left the bytes/sector to get bytes/cluster) 06h-07h word Number of reserved (boot) sectors 08h byte Number of FATs 09h-0Ah word Number of root directory entries 0Bh-0Ch word Sector # of 1st data. Should be same as # of sectors/track. 0Dh-0Eh word # of clusters + 1 (=last cluster #) 0Fh byte Sectors for FAT 10h-11h word First sector of root directory 12h-15h dword Address of device driver header for this drive 16h byte Media Descriptor Byte for this drive 17h byte 0FFh indicates block must be rebuilt (DOS 3.x) 00h indicates block device has been accessed 18h-1Bh dword address of next DOS Disk Block (0FFFFh means last in chain) 22h byte Current Working Directory (2.0 only) (64 bytes) note 1) Use [BX+0D] to find no. of clusters (>1000H, 16-bit FAT; if not, 12-bit (exact dividing line is probably a little below 1000h to allow for bad sectors, EOF markers, etc.) 2) Short article by C.Petzold, PC Magazine Vol.5,no.8, and the article "Finding Disk Parameters" in the May 1986 issue of PC Tech Journal. 3) This call is mostly supported in OS/2 1.0's DOS Compatibility Box. The dword at 12h will not return the address of the next device driver when in the Compatibility Box. 4) used by CHKDSK Function 33h Control-Break Check Get or set control-break checking at CON entry AH 33h AL 00h to test for break checking 01h to set break checking DL 00h to disable break checking 01h to enable break checking 02h internal, called by PRINT.COM (DOS 3.1) 03h unknown 04h unknown 05h boot drive (DOS 4.0+) return DL 00h if break=off 01h if break=on (if AL=05h) boot drive, A=1, B=2, etc) AL 0FFh error Function 34h Return INDOS Flag * Returns ES:BX pointing to Critical Section Flag, byte indicating whether it is safe to interrupt DOS. entry AH 34h return ES:BX points to DOS "critical section flag" note 1) If byte is 0, it is safe to interrupt DOS. This was mentioned in some documentation by Microsoft on a TSR standard, and PC Magazine reports it functions reliably under DOS versions 2.0 through 3.3. Chris Dunford (of CED fame) and a number of anonymous messages on the BBSs indicate it may not be totally reliable. 2) The byte at ES:BX+1 is used by the Print program for this same purpose, so it's probably safer to check the WORD at ES:BX. 3) Reportedly, examination of DOS 2.10 code in this area indicates that the byte immediately following this "critical section flag" must be 00h to permit the PRINT.COM interrupt to be called. For DOS 3.0 and 3.1 (except Compaq DOS 3.0), the byte before the "critical section flag" must be zero; for Compaq DOS 3.0, the byte 01AAh before it must be zero. 4) In DOS 3.10 this reportedly changed to word value, with preceding byte. 5) This call is supported in OS/2 1.0's DOS Compatibility Box 6) Gordon Letwin of Microsoft discussed this call on ARPAnet in 1984. He stated: a) this is not supported under any version of the DOS b) it usually works under DOS 2, but there may be circumstances when it doesn't (general disclaimer, don't know of a specific circumstance) c) it will usually not work under DOS 3 and DOS 3.1; the DOS is considerably restructured and this flag takes on additional meanings and uses d) it will fail catastrophically under DOS 4.0 and forward. Obviously this information is incorrect since the call works fine through DOS 3.3. Microsoft glasnost? Function 35h Get Vector Get interrupt vector entry AH 35h AL interrupt number (hexadecimal) return ES:BX address of interrupt vector note Use function call 25h to set the interrupt vectors Function 36h Get Disk Free Space get information on specified drive entry AH 36h DL drive number (0=default, 1=A:, 2=B:, etc) return AX number of sectors per cluster 0FFFFh means drive specified in DL is invalid BX number of availible clusters CX bytes per sector DX clusters per drive note 1) Mult AX * CX * BX for free space on disk 2) Mult AX * CX * DX for total disk space 3) Function 36h returns an incorrect value after an ASSIGN command. Prior to ASSIGN, the DX register contains 0943h on return, which is the free space in clusters on the HC diskette. After ASSIGN, even with no parameters, 0901h is returned in the DX register; this is an incorrect value. Similar results occur with DD diskettes on a PC-XT or a PC-AT. This occurs only when the disk is not the default drive. Results are as expected when the drive is the default drive. Therefore, the circumvention is to make the desired drive the default drive prior to issuing this function call. 4) Int 21h, function call 36h returns an incorrect value after an ASSIGN command. Prior to ASSIGN, the DX register contains 0943h on return, which is the free space in clusters on the HC diskette. After ASSIGN, even with no parameters, 0901h is returned in the DX register; this is an incorrect value. Similar results occur with DD diskettes on a PC-XT or a PC-AT. This occurs only when the disk is not the default drive. Results are as expected when the drive is the default drive. Therefore, the circumvention is to make the desired drive the default drive prior to issuing this function call. 5) This function supercedes functions 1Bh and 1Ch. Function 37h SWITCHAR / AVAILDEV * Get/set option marking character (is usually "/"), and device type entry AH 37h AL 00h read switch character (returns current character in DL) 01h set character in DL as new switch character (DOS 2.x) 02h read device availability (as set by function AL=3) into DL. A 0 means devices that devices must be accessed in file I/O calls by /dev/device. A non-zero value means that devices are accessible at every level of the directory tree (e.g., PRN is the printer and not a file PRN). AL=2 to return flag in DL, AL=3 to set from DL (0 = set, 1 = not set). (DOS 2.x) 03h get device availability, where: DL 00h means /dev/ must precede device names 01h means /dev/ need not precede device names return DL switch character (if AL=0 or 1) device availability flag (if AL=2 or 3) AL 0FFh the value in AL was not in the range 0-3. note 1) Functions 2 & 3 appear not to be implemented for DOS 3.x. 2) It is documented on page 4.324 of the MS-DOS (version 2) Programmer's Utility Pack (Microsoft - published by Zenith). 3) Works on all versions of IBM PC-DOS from 2.0 through 3.3.1. 4) The SWITCHAR is the character used for "switches" in DOS command arguments (defaults to '/', as in "DIR/P"). '-' is popular to make a system look more like UNIX; if the SWITCHAR is anything other than '/', then '/' may be used instead of '\' for pathnames 5) Ignored by XCOPY, PKARC, LIST 6) SWITCHAR may not be set to any character used in a filename 7) In DOS 3.x you can still read the "AVAILDEV" byte with subfunction 02h but it always returns 0FFh even if you try to change it to 0 with subfunction 03h. 8) AVAILDEV=0 means that devices must be referenced in an imaginary subdirectory "\dev" (similar to UNIX's /dev/*); a filename "PRN.DAT" can be created on disk and manipulated like any other. If AVAILDEV != 0 then device names are recognized anywhere (this is the default): "PRN.DAT" is synonymous with "PRN:". 9) These functions reportedly are not supported in the same fashion in various implementations of DOS. 10) used by DOS 3.3 CHKDSK, BASIC, DEBUG Function 38h Return Country Dependent Information (PCDOS 2.0, 2.1, MSDOS 2.00 only) entry AH 38h AL function code (must be 0 in DOS 2.x) DS:DX pointer to 32 byte memory buffer for returned information return CF set on error AX error code (02h) BX country code DS:DX pointer to buffer filled with country information: bytes 0,1 date/time format 0 USA standard H:M:S M/D/Y 1 European standard H:M:S D/M/Y 2 Japanese standard H:M:S D:M:Y byte2 ASCIIZ string currency symbol byte3 zeroes byte4 ASCIIZ string thousands separator byte5 zeroes byte6 ASCIIZ string decimal separator byte7 zeroes bytes 8,1Fh 24 bytes reserved Function 38h Get Country Dependent Information (PCDOS 3.x+, MSDOS 2.01+) entry AH 38h AL function code 00h to get current country information 01h-0FEh country code to get information for, for countries with codes less than 255 0FFh to get country information for countries with a code greater than 255 BX 16 bit country code if AL=0FFh DS:DX pointer to the memory buffer where the data will be returned DX 0FFFFh if setting country code rather than getting info return CF 0 (clear) function completed 1 (set) error AX error code 02h invalid country code (no table for it) (if DX <> 0FFFFh) BX country code (usually international telephone code) DS:DX pointer to country data buffer bytes 0,1 date/time format 0 USA standard H:M:S M/D/Y 1 European standard H:M:S D/M/Y 2 Japanese standard H:M:S D:M:Y bytes 2-6 currency symbol null terminated byte 07h thousands separator null terminated byte 08h zeroes byte 09h decimal separator null terminated byte 0Ah zeroes byte 0Bh date separator null terminated byte 0Ch zeroes byte 0Dh time separator null terminated byte 0Eh zeroes byte 0Fh bit field currency format bit 0 = 0 if currency symbol precedes the value 1 if currency symbol is after the value bit 1 = 0 no spaces between value and currency symbol 1 one space between value and currency symbol bit 2 = 1 set if currency symbol replaces decimal pt bits 3-7 not defined by Microsoft byte 10h number of significant decimal digits in currency (number of places to right of decimal point) byte 11h time format bit 0 = 0 12 hour clock 1 24 hour clock bits 1-7 unknown, probably not used bytes 12h-15h address of case map routine (FAR CALL, AL = char) entry AL ASCII code of character to be converted to uppercase return AL ASCII code of the uppercase input character byte 16h data-list separator character byte 17h zeroes bytes 18h-21h 5 words reserved note 1) When an alternate keyboard handler is invoked, the keyboard routine is loaded into user memory starting at the lowest portion of availible user memory. The BIOS interrupt vector that services the keyboard is redirected to the memory area where the new routine resides. Each new routine takes up about 1.6K of memory and has lookup tables that return values unique to each language. (KEYBxx in the DOS book) Once the keyboard interrupt vector is changed by the DOS keyboard routine, the new routine services all calls unless the system is returned to the US format by the ctrl-alt-F1 keystroke combination. This does not change the interrupt vector back to the BIOS location; it merely passes the table lookup to the ROM locations. 2) Ctrl-Alt-F1 will only change systems with US ROMS to the US layout. Some systems are delivered with non-US keyboard handler routines in ROM 3) Case mapping call: the segment/offset of a FAR procedure that performs country-specific lower-to-upper case mapping on ASCII characters 80h to 0FFh. It is called with the character to be mapped in AL. If there is an uppercase code for the letter, it is returned in AL, if there is no code or the function was called with a value of less than 80h AL is returned unchanged. 4) This call is fully implemented in MS-DOS version 2.01 and higher. It is in version 2.00 but not fully implemented (according to Microsoft) Function 38h Set Country Dependent Information entry AH 38h AL code country code to set information for, for countries with codes less than 255 0FFh to set country information for countries with a code greater than 255 BX 16 bit country code if AL=0FFh DX 0FFFFh return CF clear successful set if error AX error code (02h) Function 39h Create Subdirectory (MKDIR) Makes a subdirectory along the indicated path entry AH 39h DS:DX address of ASCIIZ pathname string return flag CF 0 successful 1 error AX error code if any (3, 5) note 1) The ASCIIZ string may contain drive and subdirectory. 2) Drive may be any valid drive (not nescessarily current drive) 3) The pathname cannot exceed 64 characters Function 3Ah Remove Subdirectory (RMDIR) entry AH 3Ah DS:DX address of ASCIIZ pathname string return CF clear successful set AX error code if any (3, 5, 16) note 1) The ASCIIZ string may contain drive and subdirectory. 2) Drive may be any valid drive (not nescessarily current drive) 3) The pathname cannot exceed 64 characters Function 3Bh Change Current Directory (CHDIR) entry AH 3Bh DS:DX address of ASCIIZ string return flag CF 0 successful 1 error AX error code if any (3) note 1) The pathname cannot exceed 64 characters 2) The ASCIIZ string may contain drive and subdirectory. 3) Drive may be any valid drive (not nescessarily current drive) Function 3Ch Create A File (CREAT) Create a file with handle entry AH 3Ch CX attributes for file 00h normal 01h read only 02h hidden 03h system DS:DX address of ASCIIZ filename string return flag CF 0 successful creation 1 error AX 16 bit file handle or error code (3, 4, 5) note 1) The ASCIIZ string may contain drive and subdirectory. 2) Drive may be any valid drive (not nescessarily current drive) 3) If the volume label or subdirectory bits are set in CX, they are ignored 4) The file is opened in read/write mode 5) If the file does not exist, it is created. If one of the same name exists, it is truncated to a length of 0. 6) Good practice is to attempt to open a file with fn 3Dh and jump to an error routine if successful, create file if 3Dh fails. That way an existing file will not be truncated and overwritten. Function 3Dh Open A File Open disk file with handle entry AH 3Dh AL access code byte (DOS 2.x) bits 0-2 file attribute 000 read only 001 write only 010 read/write bits 3-7 should be set to zero (DOS 3.x) bits 0-2 file attribute 000 read only 001 write only 010 read/write bit 3 reserved 0 should be set to zero bits 4-6 sharing mode (network) 000 compatibility mode (the way FCBs open files) 001 read/write access denied (exclusive) 010 write access denied 011 read access denied 100 full access permitted bit 7 inheritance flag 0 file inherited by child process 1 file private to child process DS:DX address of ASCIIZ pathname string return flag CF set on error AX error code 1 error AX 16 bit file handle or error code (1, 2, 4, 5, 0Ch) note 1) Opens any normal, system, or hidden file 2) Files that end in a colon are not opened 3) The rear/write pointer is set at the first byte of the file and the record size of the file is 1 byte (the read/write pointer can be changed through function call 42h). The returned file handle must be used for all subsequent input and output to the file. 4) If the file handle was inherited from a parent process or was duplicated by DUP or FORCEDUP, all sharing and access restrictions are also inherited. 5) A file sharing error (error 1) causes an int 24h to execute with an error code of 2 Function 3Eh Close A File Handle Close a file and release handle for reuse entry AH 3Eh BX file handle return flag CF 0 successful close 1 error AX error code if error (6) note 1) When executed, the file is closed, the directory is updated, and all buffers for that file are flushed. If the file was changed, the time and date stamps are changed to current 2) If called with the handle 00000, it will close STDIN (normally the keyboard). Function 3Fh Read From A File Or Device Read from file with handle entry AH 3Fh BX file handle CX number of bytes to read DS:DX address of buffer return flag CF 0 successful read 1 error AX 0 pointer was already at end of file or number of bytes read or error code (5, 6) note 1) This function attempts to transfer the number of bytes specified in CX to a buffer location. It is not guaranteed that all bytes will be read. If AX < CX a partial record was read. 2) If performed from STDIN (file handle 0000), the input can be redirected 3) If used to read the keyboard, it will only read to the first CR 4) The file pointer is incremented to the last byte read. Function 40h Write To A File Or Device Write to file with handle entry AH 40h BX file handle CX number of bytes to write DS:DX address of buffer return flag CF 0 successful write 1 error AX number of bytes written or error code (5, 6) note 1) This call attempts to transfer the number of bytes indicated in CX from a buffer to a file. If CX and AX do not match after the write, an error has taken place; however no error code will be returned for this problem. This is usually caused by a full disk. 2) If the write is performed to STDOUT (handle 0001), it may be redirected 3) To truncate the file at the current position of the file pointer, set the number of bytes in CX to zero before calling int 21h. The pointer can be moved to any desired position with function 42h. 4) This function will not write to a file or device marked read-only. 5) May also be used to display strings to CON instead of fn 09h. This function will write CX bytes and stop; fn 09h will continue to write until a $ character is found. 6) This is the call that DOS actually uses to write to the screen in DOS 2.x and above. Function 41h Delete A File From A Specified Subdirectory (UNLINK) entry AH 41h DS:DX pointer to ASCIIZ filespec to delete return CF 0 successful 1 error AX error code if any (2, 5) note 1) This function will not work on a file marked read-only 2) Wildcards are not accepted Function 42h Move a File Read/Write Pointer (LSEEK) entry AH 42h AL method code 00h offset from beginning of file 01h offset from present location 02h offset from end of file BX file handle CX most significant half of offset DX least significant half of offset return AX low offset of new file pointer DX high offset of new file pointer CF 0 successful move 1 error AX error code (1, 6) note 1) If pointer is at end of file, reflects file size in bytes. 2) The value in DX:AX is the absolute 32 bit byte offset from the beginning of the file Function 43h Get/Set file attributes (CHMOD) entry AH 43h AL 00h get file attributes 01h set file attributes CX file attributes to set bit 0 read only 1 hidden file 2 system file 3 volume label 4 subdirectory 5 written since backup DS:DX pointer to full ASCIIZ file name return CF set if error AX error code (1, 2, 3, 5) CX file attributes on get attributes: 01h read only 02h hidden 04h system 0FFh archive note 1) This call will not change the volume label or directory bits Function 44h I/O Control for Devices (IOCTL) Get or Set Device Information entry AH 44h AL 00h Get Device Information (from DX) BX file or device handle return DX device info If bit 7 set: (character device) bit 0: console input device 1: console output device 2: NUL device 3: CLOCK$ device 4: device is special 5: binary (raw) mode 6: not EOF 12: network device (DOS 3.x) 14: can process IOCTL control strings (func 2-5) If bit 7 clear: (file) bits 0-5: block device number 6: file has not been written 12: Network device (DOS 3.x) 15: file is remote (DOS 3.x) 01h Set Device Information (DH must be zero for this call) DX bits: 0 1 console input device 1 1 console output device 2 1 null device 3 1 clock device 4 1 reserved 5 0 binary mode - don't check for control chars 1 cooked mode - check for control chars 6 0 EOF - End Of File on input 7 device is character device if set, if not, EOF is 0 if channel has been written, bits 0-5 are block device number 12 network device 14 1 can process control strings (AL 2-5, can only be read, cannot be set) 15 n reserved 02h Read CX bytes to device in DS:DX from BX control chan 03h Write Device Control String BX device handle CX number of bytes to write DS:DX pointer to buffer return AX number of bytes written 04h Read From Block Device (drive number in BL) BL drive number (0=default) CX number of bytes to read DS:DX pointer to buffer return AX number of bytes read 05h Write to Block Device (drive number in BL) AX number of bytes transfered 06h Get Input Handle Status BX file or device handle return AL 0FFh device ready 00h device not ready 07h Get Output Handle Status return AL 00h not ready 0FFh ready note: for DOS 2.x, files are always ready for output 08h Removable Media Bit (DOS 3.x+) return AX 00h device is removable 01h device is nonremovable 0Fh invalid drive specification 09h Test whether Local or Network Device in BL (DOS 3.x+) BL drive number (0=default) return DX attribute word, bit 12 set if device is remote 0Ah Is Handle in BX Local or Remote? (DOS 3.x+) BX file handle return DX (attribute word) bit 15 set if file is remote 0Bh Change Sharing Retry Count to DX (default=3), (DOS 3.x+) CX delay (default=1) DX retry count (default=3) 0Ch General IOCTL (DOS 3.3 [3.2?]) allows a device driver to prepare, select, refresh, and query Code Pages 0Dh Block Device Request (DOS 3.3+) BL drive number (0=default) CH major subfunction CL minor subfunction 40h set device parameters 41h write logical device track 42h format and verify logical device track 60h get device parameters 61h read logical device track 62h verify logical device track DS:DX pointer to parameter block 0Eh Get Logical Device (DOS 3.3+) BL drive number (0=default) return AL=0 block device has only one logical drive assigned 1..n the last letter used to reference the device (1=A:,etc) 0Fh Set Logical Device (DOS 3.3+) BL drive number: 0=default, 1=A:, 2=B:, etc. BX file handle CX number of bytes to read or write DS:DX data or buffer DX data return AX number of bytes transferred or error code (call function 59h for extended error codes) or status 00h not ready 0FFh ready CF set if error Function 45h Duplicate a File Handle (DUP) entry AH 45h BX file handle to duplicate return CF clear AX duplicate handle set AX error code (4, 6) note 1) If you move the pointed of one handle, the pointer of the other will also be moved. 2) The handle in BX must be open Function 46h Force Duplicate of a Handle (FORCEDUP or CDUP) Forces handle in CX to refer to the same file at the same position as BX entry AH 46h BX existing file handle CX new file handle return CF clear both handles now refer to existing file set error AX error code (4, 6) note 1) If CX was an open file, it is closed first 2) If you move the read/write pointer of either file, both will move 3) The handle in BX must be open Function 47h Get Current Directory Places full pathname of current directory/drive into a buffer entry AH 47h DL drive (0=default, 1=A:, etc.) DS:SI points to 64-byte buffer area return CF clear DS:DI pointer to ASCIIZ pathname of current directory set AX error code (0Fh) note String does not begin with a drive identifier or a backslash Function 48h Allocate Memory Allocates requested number of 16-byte paragraphs of memory entry AH 48h BX number of 16-byte paragraphs desired return CF clear AX segment address of allocated space BX maximum number paragraphs available set AX error code (7, 8) note BX indicates maximum memory availible only if allocation fails Function 49h Free Allocated Memory Frees specified memory blocks entry AH 49h ES segment address of area to be freed return CF clear successful set AX error code (7, 9) note 1) This call is only valid when freeing memory obtained by function 48h. 2) A program should not try to release memory not belonging to it. Function 4Ah Modify Allocated Memory Blocks (SETBLOCK) Expand or shrink memory for a program entry AH 4AH BX new size in 16 byte paragraphs ES segment address of block to change return CF clear nothing set AX error code (7, 8, 9) or BX max number paragraphs available note 1) Max number paragraphs availible is returned only if the call fails 2) Memory can be expanded only if there is memory availible Function 4Bh Load or Execute a Program (EXEC) entry AH 4Bh AL 00h load and execute program. A PSP is built for the program the ctrl-break and terminate addresses are set to the new PSP. *01h load but don't execute (note 1) *01h load but don't execute (internal, DOS 3.x & DESQview) *02h load but do not execute (internal, DOS 2.x only) 03h load overlay (do not create PSP, do not begin execution) DS:DX points to the ASCIIZ string with the drive, path, and filename to be loaded ES:BX points to a parameter block for the load (AL=00h) word segment address of environment string to be passed dword pointer to the command line to be placed at PSP+80h dword pointer to default FCB to be passed at PSP+5Ch dword pointer to default FCB to be passed at PSP+6Ch (*AL=01h) word segment of environment (0 = use current) dword pointer to command line dword pointer to FCB 1 dword pointer to FCB 2 dword will hold SS:SP on return dword will hold program entry point (CS:IP) on return (*AL=02h) word segment of environment (0 = use current) dword pointer to command line dword pointer to FCB 1 dword pointer to FCB 2 (AL=03h) word segment address where file will be loaded word relocation factor to be applied to the image return CF set error AX error code (1, 2, 8, 0Ah, 0Bh) note 1) If you make this call with AL=1 the program will be loaded as if you made the call with AL=0 except that the program will not be executed. Additionally, with AL=1 the stack segment and pointer along with the program's CS:IP entry point are returned to the program which made the 4B01h call. These values are put in the four words at ES:BX+0Eh. On entry to the call ES:BX points to the environment address, the command line and the two default FCBs. This form of EXEC is used by DEBUG.COM. 2) Application programs may invoke a secondary copy of the command processor (normally COMMAND.COM) by using the EXEC function. Your program may pass a DOS command as a parameter that the secondary command processor will execute as though it had been entered from the standard input device. The procedure is: A. Assure that adequate free memory (17k for 2.x and 3.0, 23k for 3.1 up) exists to contain the second copy of the command processor and the command it is to execute. This is accomplished by executing function call 4Ah to shrink memory allocated to that of your current requirements. Next, execute function call 48h with BX=0FFFFh. This returns the amount of memory availible. B. Build a parameter string for the secondary command processor in the form: 1 byte length of parameter string xx bytes parameter string 1 byte 0Dh (carriage return) For example, the assembly language statement below would build the string to cause execution of the command FOO.EXE: DB 19,"/C C:FOO",13 C. Use the EXEC function call (4Bh), function value 0 to cause execution of the secondary copy of the command processor. (The drive, directory, and name of the command processor can be gotten from the COMSPEC variable in the DOS environment passed to you at PSP+2Ch.) D. Remember to set offset 2 of the EXEC control block to point to the string built above. 3) All open files of a process are duplicated in the newly created process after an EXEC, except for files originally opened with the inheritance bit set to 1. 4) The environment is a copy of the original command processor's environment. Changes to the EXECed environment are not passed back to the original. The environment is followed by a copy of the DS:DX filename passed to the child process. A zero value will cause the child process to inherit the environment of the calling process. The segment address of the environment is placed at offset 2Ch of the PSP of the program being invoked. 5) This function uses the same resident part of COMMAND.COM, but makes a duplicate of the transient part. 6) How EXEC knows where to return to: Basically the vector for int 22h holds the terminate address for the current process. When a process gets started, the previous contents of int 22h get tucked away in the PSP for that process, then int 22h gets modified. So if Process A EXECs process B, while Process B is running, the vector for int 22h holds the address to return to in Process A, while the save location in Process B's PSP holds the address that process A will return to when *it* terminates. When Process B terminates by one of the usual legal means, the contents of int 22h are (surmising) shoved onto the stack, the old terminate vector contents are copied back to int 22h vector from Process B's PSP, then a RETF or equivalent is executed to return control to process A. 7) To load an overlay file with 4B: first, don't de-allocate the memory that the overlay will load into. With the other 4Bh functions, the opposite is true--you have to free the memory first, with function 4Ah. Second, the "segment address where the file will be loaded" (first item in the parameter block for sub-function 03) should be a paragraph boundary within your currently-allocated memory. Third, if the procedures within the overlay are FAR procs (while they execute, CS will be equal to the segment address of the overlay area), the relocation factor should be set to zero. On the other hand, if the CS register will be different from the overlay area's segment address, the relocation factor should be set to represent the difference. You determine where in memory the overlay file will load by using the segment address mentioned above. Overlay files are .EXEs (containing header, relocation table, and memory image). 8) When function 00h returns, all registers are changed, including the stack. You must resore SS, SP, and any other required registers. Function 4Ch Terminate a Process (EXIT) Quit with ERRORLEVEL exit code entry AH 4Ch AL exit code in AL when called, if any, is passed to next process return none note 1) Control passes to DOS or calling program 2) return code from AL can be retrieved by ERRORLEVEL or function 4Dh 3) all files opened by this process are closed, buffers are flushed, and the disk directory is updated 4) Restores Terminate vector from PSP:000Ah Ctrl-C vector from PSP:000Eh Critical Error vector from PSP:0012h Function 4Dh Get Return Code of a Subprocess (WAIT) Gets return code from functions 31h and 4Dh (ERRORLEVEL) entry AH 4Dh return AL exit code of subprogram (functions 31h or 4Ch) AH circumstance which caused termination 00h normal termination 01h control-break 02h critical device error 03h terminate and stay resident (function 31h) note The exit code is only returned once Function 4Eh Find First Matching File (FIND FIRST) entry AH 4Eh CX search attributes DS:DX pointer to ASCIIZ filename (with attributes) return CF set AX error code (2, 12h) clear data block written at current DTA format of block is: (info from BIX) documented by Micro- |00h 1 byte attribute byte of search soft as "reserved for |01h 1 byte drive letter for search DOS' use on subsquent |02h 11 bytes the search name used Find Next calls" |0Ch 2 bytes word value of last entry function 4Fh |0Fh 4 bytes dword pointer to this DTA |13h 2 bytes word directory start | PC-DOS 3.10 (from INTERRUP.ARC) |00h 1 byte drive letter |01h-0Bh bytes search template |0Ch 1 byte search attributes | DOS 2.x (and DOS 3.x except 3.1?) (from INTERRUP.ARC) |00h 1 byte search attributes |01h 1 byte drive letter |02h-0Ch bytes search template |0Dh-0Eh 2 bytes entry count within directory |0Fh-12h bytes reserved |13h-14h 2 bytes cluster number of parent directory 15h 1 byte file attribute 16h 2 bytes file time 18h 2 bytes file date 1Ah 2 bytes low word of file size 1Ch 2 bytes high word of file size 1Eh 13 bytes name and extension of file found, plus 1 byte of 0s. All blanks are removed from the name and extension, and if an extension is present it is preceded by a period. note 1) Will not find volume label 2) This function does not support network operations 3) Wildcards are allowed in the filespec 4) If the attribute is zero, only ordinary files are found. If the volume label bit is set, only volume labels will be found. Any other attribute will return that attribute and all normal files together. 5) To look for everything except the volume label, set the hidden, system, and subdirectory bits all to 1 Function 4Fh Find Next Matching File (FIND NEXT) Find next ASCIIZ file entry AH 4Fh return CF clear data block written at current DTA set AX error code (2, 12h) note 1) If file found, DTA is formatted as in call 4Eh 2) Volume label searches using 4Eh/4Fh reportedly aren't 100% reliable under DOS 2.x. The calls sometime report there's a volume label and point to a garbage DTA, and if the volume label is the only item they often won't find it 3) This function does not support network operations 4) Use of this call assumes that the original filespec contained wildcards Function 50h "Used Internally by DOS" - Set PSP * Set new Program Segment Prefix (current Process ID) entry AH 50h BX segment address of new PSP return none - swaps PSP's regarded as current by DOS note 1) By putting the PSP segment value into BX and issuing call 50h DOS stores that value into a variable and uses that value whenever a file call is made. 2) Note that in the PSP (or PDB) is a table of 20 (decimal) open file handles. The table starts at offset 18h into the PSP. If there is an 0FFh in a byte then that handle is not in use. A number in one of the bytes is an index into an internal FB table for that handle. For instance the byte at offset 18h is for handle 0, at offset 19h handle 1, etc. up to 13h. If the high bit is set then the file associated by the handle is not shared by child processes EXEC'd with call 4Bh. 3) Function 50h is dangerous in background operations prior to DOS 3.x as it uses the wrong stack for saving registers. (same as functions 0..0Ch in DOS 2.x) 4) Under DOS 2.x, this function cannot be invoked inside an int 28h handler without setting the Critical Error flag 5) Open File information, etc. is stored in the PSP DOS views as current. If a program (eg. a resident program) creates a need for a second PSP, then the second PSP should be set as current to make sure DOS closes that as opposed to the first when the second application finishes. 6) See PC Mag Vol.5, No 9, p.314 for discussion. 7) Used by DOS 3.3 PRINT & DEBUG, DesQview 2.01, Windows 1.03, SYMDEB from MASM 4.0 Function 51h "Used Internally by DOS" - Get Program Segment Prefix * Returns the PSP address of currently executing program entry AH 51h return BX address of currently executing program offset 00h program exit point 02h memory size in paragraphs 04h unused (0) 05h CP/M style entry point (far call to DOS) 0Ah terminate address (old int 22h) 0Ch terminate segment 0Eh break address (old int 23h) 10h break segment 12h error address (old int 24h) 14h error segment 16h parent PSP segment 18h DOS 2.0+ open files, 0FFh = unused 2Ch DOS 2.0+ environment segment 2Eh far ptr to process's SS:SP 32h DOS 3.x max open files 34h DOS 3.x openfile table address 36h DOS 3.x openfile table segment 38h unused by DOS versions <= 3.3 50h DOS function dispatcher (FAR routine) 53h unused 55h FCB #1 extension 5Ch FCB #1 6Ch FCB #2 80h command tail / default DTA buffer note 1) Used in DOS 2.x, 3.x uses 62h 2) Function 51h is dangerous in background operations prior to DOS 3.x as it uses the wrong stack for saving registers. (same as functions 0..0Ch in DOS 2.x) 3) 50h and 51h might be used if you have more than one process in a PC. For instance if you have a resident program that needs to open a file you could first call 51h to save the current id and then call 50h to set the ID to your PSP. 4) Under DOS 2.x, this function cannot be invoked inside an int 28h handler without setting the Critical Error flag 5) Used by DOS 3.3 PRINT, DEBUG Function 52h "Used Internally by DOS" - IN-VARS * Returns a pointer to a set of DOS data variables MCB chain, pointer to first device driver and a pointer to disk parameter blocks (first one) entry AH 52h return ES:BX pointer to the DOS list of lists, for disk information. Does not access the disk, so information in tables might be incorrect if disk has been changed. Returns a pointer to the following array of longword pointers: Bytes Value -2h,-1h segment of first memory control block 00h-03h pointer to first DOS disk block (see function 36h) 04h-07h Pointer to list of DOS file tables dword pointer to next file table word number of files in this table 35h bytes per file 00h-01h number of file handles referring to this file 02h-06h unknown 07h-0Ah pointer to device driver header if character device; pointer to DOS Device Control Block if block device (see fn 32h for format) 0Bh-1Fh unknown 20h-2Ah filename in FCB format (no path, no period, blank-padded) 2Bh-2Ch PSP segment of file's owner 2Dh-30h unknown - 0 always 31h-32h unknown 33h-34h unknown 8h-0Bh pointer to CLOCK$ device driver, whether installable or resident 0Ch-0Fh pointer to actual CON: device driver, whether installable or resident (DOS 2.x) 10 number of logical drives in system 11-12 maximum bytes/block of any block device 13-16 unknown 17 beginning (not a pointer. The real beginning!) of NUL device driver. This is the first device on DOS's linked list of device drivers. (DOS 3.x) 10h-11h maximum bytes/block of any block device (0200h) 12h-15h pointer to first disk buffer 16h-19h partially undefined: Pointer to array of drive info: 51h bytes per drive, starting with A: ... 00h-3Fh current path as ASCIIZ, starting with 'x:\' 40h-43h unknown zeros always 44h unknown flags? Usually 40h, except for entry after last valid entry = 00h 45h-48h pointer to DOS disk block for this drive 49h-4Ah unknown. Current track or block? -1 if never accessed 4Bh-4Eh unknown -1 always 4Fh-52h unknown 2 always 1Ah-1Dh pointer to FCB table (if CONFIG.SYS contains FCBS=) 1Eh-1Fh size of FCB table 20h number of block devices 21h value of LASTDRIVE command in CONFIG.SYS (default 5) 22h beginning (not a pointer. The real beginning!) of NUL device driver. This is the first device on DOS's linked list of device drivers. note 1) This call is not supported in OS/2 1.0's DOS Compatibility Box 2) Used by DOS 4.0 MEM.EXE, DOS 3.3 ASSIGN.COM, PRINT.COM, SUBST.EXE 3) IMPORTANT: The structure of this list changes with EVERY version of DOS. It is only partially supported by DR-DOS, and isn't supported under PC-MOS, OS/2's DOS box, or Wendin-DOS. Since the information changes so much, I feel it should be put in the "interesting, but not real useful" category. If you depend on this stuff in production code, you're going to regret it. Function 53h "Used Internally by DOS" - Translate BPB * Translates BPB (BIOS Parameter Block, see below) into a DOS Disk Block (see function call 32h). entry AH 53h DS:SI pointer to BPB ES:BP pointer to area for DOS Disk Block. Layout of Disk Block: bytes value 00h-01h bytes per sector, get from DDB bytes 02h-03h. 02h sectors per cluster, get from (DDB byte 4) + 1 03h-04h reserved sectors, get from DDB bytes 06h-07h 05h number of FATs, get from DDB byte 08h 06h-07h number of root dir entries, get from DDB bytes 09h-0Ah 08h-09h total number of sectors, get from: ((DDB bytes 0Dh-0Eh) - 1) * (sectors per cluster (BPB byte 2)) + (DDB bytes 0Bh-0Ch) 0Ah media descriptor byte, get from DDB byte 16h 0Bh-0Ch number of sectors per FAT, get from DDB byte 0Fh return unknown Function 54h Get Verify Setting Get verify flag status entry AH 54h return AL 00h if flag off 01h if flag on note Flag can be set with function 2Eh Function 55h "Used Internally by DOS" - Create "Child" PSP * Create PSP: similar to function 26h (which creates a new Program Segment Prefix at segment in DX) except creates a "child" PSP rather than copying the existing one. entry AH 55h DX segment number at which to create new PSP. return unknown note 1) This call is similar to call 26h which creates a PSP except that unlike call 26h the segment address of the parent process is obtained from the current process ID rather than from the CS value on the stack (from the INT 21h call). DX has the new PSP value and SI contains the value to be placed into PSP:2 (top of memory). 2) Function 55 is merely a substitute for function 26h. It will copy the current PSP to the segment address DX with the addition that SI is assumed to hold the new memory top segment. This means that function 26h sets SI to the segment found in the current PSP and then calls function 55h. Function 56h Rename a File entry AH 56h DS:DX pointer to ASCIIZ old pathname ES:DI pointer to ASCIIZ new pathname return CF clear successful rename set AX error code (2, 3, 5, 11h) note 1) Works with files in same drive only 2) Global characters not allowed in filename 3) The name of a file is its full pathname. The file's full pathname can be changed, while leaving the actual FILENAME.EXT unchanged. Changing the pathname allows the file to be "moved" from subdirectory to subdirectory on a logical drive without actually copying the file. 4) DOS 3.x allows renaming of directories ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R F I V E Interrupts 22h Through 86h note: the registered version of this chapter is more than twice this size. Interrupt 22h Terminate Address (0:0088h) This interrupt transfers control to the far (dword) address at this interrupt location when an application program terminates. The default address for this interrupt is 0:0088h through 0:008Bh. This address is copied into the program's Program Segment Prefix at bytes 0Ah through 0Dh at the time the segment is created and is restored from the PSP when the program terminates. The calling program is normally COMMAND.COM or an application. Do not issue this interrupt directly, as the EXEC function call does this for you. If an application spawns a child process, it must set the Terminate Address prior to issuing the EXEC function call, otherwise when the second program terminated it would return to the calling program's Terminate Address rather than its own. This address may be set with int 21, function 25h. Interrupt 23h Ctrl-Break Exit Address (0:008Ch) If the user enters a Ctrl-Break during STDIN, STDOUT, STDPRN, or STDAUX, int 23h is executed. If BREAK is on, int 23h is checked on MOST function calls (notably 06h). If the user written Ctrl-Break routine saves all registers, it may end with a return-from-interrupt instruction (IRET) to continue program execution. If the user-written interrupt program returns with a long return, the carry flag is used to determine whether the program will be aborted. If the carry flag is set, the program is aborted, otherwise execution continues (as with a return by IRET). If the user-written Ctrl-Break interrupt uses function calls 09h or 0Ah, (Display String or Buffered Keyboard Input) then a three-byte string of 03h-0Dh-0Ah (ETX/CR/LF) is sent to STDOUT. If execution is continued with an IRET, I/O continues from the start of the line. When the interrupt occurs, all registers are set to the value they had when the original function call to DOS was made. There are no restrictions on what the Ctrl-Break handler is allowed to do, including DOS function calls, as long as the registers are unchanged if an IRET is used. If the program creates a new segment and loads a second program which itself changes the Ctrl-Break address, the termination of the second program and return to the first causes the Ctrl-Break address to be restored from the PSP to the value it had before execution of the second program. Interrupt 24h Critical Error Handler (0:0090h) When a critical error occurs within DOS, control is transferred to an error handler with an int 24h. This may be the standard DOS error handler (ABORT, RETRY, IGNORE) or a user-written routine. On entry to the error handler, AH will have its bit 7=0 (high order bit) if the error was a disk error (probably the most common error), bit 7=1 if not. BP:SI contains the address of a Device Header Control Block from which additional information can be retrieved (see below). The register is set up for a retry operation and an error code is in the lower half of the DI register with the upper half undefined. These are the error codes: The user stack is in effect and contains the following from top to bottom: IP DOS registers from issuing int 24h CS int 24h flags AX user registers at time of signal BX int 21h request CX DX SI DI BP DS ES IP from original int 21h CS flags To reroute the critical error handler to a user-writen critical error handler, the following should be done: Before an int 24h occurs: 1) The user application initialization code should save the int 24h vector and replace the vector with one pointing to the user error routine. When the int 24h occurs: 2) When the user error routine received control it should push the flag registers onto the stack and execute a far call to the original int 24h vector saved in step 1. 3) DOS gives the appropriate prompt, and waits for user input (Abort, Retry, Ignore, Fail). After the user input, DOS returns control to the user error routine instruction following the far call. 4) The user error routine can now do any tasks nescessary. To return to the original application at the point the error occurred, the error routine needs to execute an IRET instruction. Otherwise, the user error routine should remove the IP, CS, and flag registers from the stack. Control can then be passed to the desired point. Int 24h provides the following values in registers on entry to the interrupt handler: entry AH status byte (bits) 7 0 disk I/O hard error 1 other error - if block device, bad FAT - if char device, code in DI 6 unused 5 0 if IGNORE is not allowed 1 if IGNORE is allowed 4 0 if RETRY is not allowed 1 if RETRY is allowed 3 0 if FAIL is not allowed 1 if FAIL is allowed 2 \ disk area of error 00 = DOS area 01 = FAT 1 / 10 = root dir 11 = data area 0 0 if read operation 1 if write operation AL drive number if AH bit 7 = 1, otherwise undefined If it is as hard error on disk (AH bit 7=0), register AL contains the failing drive number (0=A:, 1=B:, etc.). BP:SI address of a Device Header Control Block for which error occurred block device if high bit of BP:SI+4 = 1 low byte of DI: error code (note: high byte is undefined) error code description 00h attempt to write on write-protected diskette 01h unknown unit 02h drive not ready 03h unknown command 04h data error (bad CRC) 05h bad request structure length 06h seek error 07h unknown media type 08h sector not found 09h printer out of paper 0Ah write fault 0Bh read fault 0Ch general failure 0Fh invalid disk change (DOS 3.x+) 10h (DOS 3.x) FCB unavailable 11h (DOS 3.x) sharing buffer overflow The handler must return this information: The registers are set such that if an IRET is executed, DOS responds according to (AL) as follows: AL 00h ignore the error 01h retry the operation 02h terminate via int 22h 03h fail the system call that is in progress (DOS 3.x+) note 1) Be careful when choosing to ignore a response because this causes DOS to beleive that an operation has completed successfully when it may not have. 2) If the error was a character device, the contents of AL are invalid. OTHER ERRORS If AH bit 7=1, the error occurred on a character device, or was the result of a bad memory image of the FAT. The device header passed in BP:SI can be examined to determine which case exists. If the attribute byte high-order bit indicates a block device, then the error was a bad FAT. Otherwise, the error is on a character device. If a character device is involved, the contents of AL are unpredictable, the error code is in DI as above. Notes: 1. Before giving this routine control for disk errors, DOS performs several retries. The number of retries varies according to the DOS version. 2. For disk errors, this exit is taken only for errors occurring during an int 21h function call. It is not used for errors during an int 25h or 26h. 3. This routine is entered in a disabled state. 4. All registers must be preserved. 5. This interrupt handler should refrain from using DOS function calls. If necessary, it may use calls 01h through 12h. Use of any other call destroys the DOS stack and leaves DOS in an unpredictable state. 6. The interrupt handler must not change the contents of the device header. 7. If the interrupt handler handles errors itself rather than returning to DOS, it should restore the application program's registers from the stack, remove all but the last three words on the stack, then issue an IRET. This will return to the program immediately after the int 21h that experienced the error. Note that if this is done DOS will be in an unstable state until a function call higher than 12h is issued, therefore not recommended. 8. For DOS 3.x, IGNORE requests (AL=0) are converted to FAIL for critical errors that occur on FAT or DIR sectors. 9. For DOS 3.10 up, IGNORE requests (AL=0) are converted to FAIL requests for network critical errors (50-79). The device header pointed to by BP:SI is as follows: DWORD Pointer to next device (0FFFFh if last device) WORD Attributes: Bit 15 1 if character device. If bit 15 is 1: Bit 0 = 1 if current standard input Bit 1 = 1 if current standard output Bit 2 = 1 if current NULL device Bit 3 = 1 if current CLOCK device 0 if block device Bit 14 is the IOCTL bit WORD pointer to device driver strategy entry point WORD pointer to device driver interrupt entry point 8-BYTE character device named field for block devices. The first byte is the number of units. To tell if the error occurred on a block or character device, look at bit 15 in the attribute field (WORD at BP:SI+4). If the name of the character device is desired, look at the eight bytes starting at BP:SI+10. HANDLING OF INVALID RESPONSES (DOS 3.x) A) If IGNORE (AL=0) is specified by the user and IGNORE is not allowed (bit 5=0), make the response FAIL (AL=3). B) If RETRY (AL=1) is specified by the user and RETRY is not allowed (bit 4=0), make the response FAIL (AL=3). C) If FAIL (AL=3) is specified by the user and FAIL is not allowed (bit 3=0), make the response ABORT. (AL=2) Interrupt 25h Absolute Disk Read Interrupt 26h Absolute Disk Write (0:0094h, 0:0098h) These transfer control directly to the device driver. On return, the original flags are still on the stack (put there by the INT instruction). This is necessary because return information is passed back in the current flags. The number of sectors specified is transferred between the given drive and the transfer address. Logical sector numbers are obtained by numbering each sector sequentially starting from track 0, head 0, sector 1 (logical sector 0) and continuing along the same head, then to the next head until the last sector on the last head of the track is counted. Thus, logical sector 1 is track 0, head 0, sector 2; logical sector 2 is track 0, head 0, sector 3; and so on. Numbering then continues wih sector 1 on head 0 of the next track. Note that although the sectors are sequentially numbered (for example, sectors 2 and 3 on track 0 in the example above), they may not be physically adjacent on disk, due to interleaving. Note that the mapping is different from that used by DOS 1.10 for dual-sided diskettes. The request is as follows: int 25 for Absolute Disk Read, int 26 for Absolute Disk Write entry AL drive number (0=A:, 1=B:, etc) CX number of sectors to read DS:BX disk transfer address (buffer) DX first relative sector to read - beginning logical sector number return CF set if error AL error code issued to int 24h in low half of DI AH 01h bad command 02h bad address mark 03h write-protected disk 04h requested sector not found 08h DMA failure 10h data error (bad CRC) 20h controller failed 40h seek operation failed 80h attachment failed to respond note 1) Original flags on stack! Be sure to pop the stack to prevent uncontrolled growth 2) Ints 25 and 26 will try rereading a disk if they get an error the first time. 3) All registers except the segment registers are destroyed by these calls Interrupt 25h ABSOLUTE DISK READ (except DOS 4.0/Compaq DOS 3.31 >32M partition) entry AL drive number (0=A, 1=B, etc) DS:BX pointer to Disk Transfer Address (buffer) CX number of sectors to read DX first relative sector to read return CF 1 if error AL error code issued to int 24h in low half of DI AH 80h attachment failed to respond 40h seek operation failed 20h controller failed 10h data error (bad CRC) 08h DMA failure 04h requested sector not found 03h write-protected disk 02h bad address mark 01h bad command note Original flags on stack! Interrupt 25h DOS 4.0/Compaq DOS 3.31 - ABSOLUTE DISK READ (>32M hard-disk partition) entry AL drive number (0=A, 1=B, etc) CX 0FFFFh DS:BX Packet address DWORD sector number WORD number of sectors to read DWORD transfer address return same as above? note Partition is potentially >32Mb (and requires this form of the call) if bit 1 of device attribute word in device driver is set Interrupt 26h ABSOLUTE DISK WRITE (except DOS 4.0/Compaq DOS 3.31 >32M partition) entry AL drive number (0=A, 1=B, etc) DS:BX pointer to Disk Transfer Address (buffer) CX number of sectors to write DX first relative sector to write return CF 1 if error AL error code issued to int 24h in low half of DI AH same error codes as for int 25h note Original flags on stack! Interrupt 26h DOS 4.0/Compaq DOS 3.31 - ABSOLUTE DISK WRITE (>32M hard disk partitions) entry AL drive number (0=A, 1=B, etc) CX 0FFFFh DS:BX Packet address DWORD sector number WORD number of sectors to write DWORD transfer address return same as above? note Partition is potentially >32M (and requires this form of the call) if bit 1 of device attribute word in device driver is set Interrupt 27h Terminate And Stay Resident (0:009Ch) (obsolete) This vector is used by programs that are to remain resident when COMMAND.COM regains control. After initializing itself, the program must set DX to its last address plus one relative to the program's initial DS or ES value (the offset at which other programs can be loaded), then execute interrupt 27h. DOS then considers the program as an extension of itself, so the program is not overlaid when other programs are executed. This is useful for loading programs such as utilities and interrupt handlers that must remain resident. entry CS current program segment DX last program byte + 1 return none note 1) This interrupt must not be used by .EXE programs that are loaded into the high end of memory. 2) This interrupt restores the interrupt 22h, 23h, and 24h vectors in the same manner as interrupt 20h. Therefore, it cannot be used to install permanently resident Ctrl-Break or critical error handler routines. 3) The maximum size of memory that can be made resident by this method is 64K. 4) Memory can be more efficiently used if the block containing a copy of the environment is deallocated before terminating. This can be done by loading ES with the segment contained in 2Ch of the PSP, and issuing function call 49h (Free Allocated Memory). 5) DOS function call 4Ch allows a program to pass a completion code to DOS, which can be interpreted with processing (see function call 31h). 6) Terminate and stay resident programs do not close files. 7) Int 21, function 31h is the preferred method to cause a program to remain resident because this allows return information to be passed and allows a program larger than 64K to remain resident. Interrupt 28h (not documented by Microsoft) * DOS Idle Interrupt Int 28h has been provided by DOS since release 2.0. The int 28h process is similar to the "Timer Tick" process provided by BIOS via int 1Ch in that it is an "outbound" (from DOS) call which an application can "hook onto" to get service at a particular entry point. DOS normally only issues int 28h when it recieves a function call (int 21h) from a foreground application with an argument in the range of 0 thru 12 (0Ch) in the AH register, or when it is idling waiting for keyboard input. In effect, when DOS issues int 28h, it is saying to the background task "I'm not doing anything hot right now, if you can use the time, go ahead." This means that a foreground application which doesn't do many low-number DOS functions can preempt CPU time easily. It is possible, if you are careful, to enhance the background priority by providing more int 28h calls than DOS normally would issue. When int 28h is being issued it is usually safe to do DOS calls. You won't get int 28hs if a program is running that doesn't do its keyboard input through DOS. You should rely on the timer interrupt for these. It is used primarily by the PRINT.COM routines, but any number of other routines can be chained to it by saving the original vector and calling it with a FAR call (or just JMPing to it) at the end of the new routine. Int 28h is not called at all when any non-trivial foreground task is running. As soon as a foreground program has a file open, int 28h no longer gets called. Could make a good driver for for a background program that works as long as there is nothing else going on in the machine. DOS uses 3 separate internal stacks: one for calls 01h through 0Ch; another for calls 0Dh and above; and a third for calls 01h through 0Ch when a Critical Error is in progress. When int 28h is called, any calls above 0Ch can be executed without destroying the internal stack used by DOS at the time. The byte which is pushed on the stack before an int 28h just indicates which stack area is being used by the current int 21h call. In DOS 3.1, the code sequence that calls int 28h looks like this: PUSH SS:[0304] INT 28 POP SS:[0304] The low-order byte of the word pushed contains 1 if the int 21h call currently in progress is for services 1 through 0Ch, and 0 for service 0 and for 0Dh and up. Assuming that the last DOS call was not a reentrant one, this tells you which set of DOS services should be safe to call. If the InDOS flag is zero on int 28h, then it was called by someone other than DOS, and the word on the stack should NOT be examined. entry no parameters availible return none note 1) The int 28h handler may invoke any int 21h function except functions 00h through 0Ch (and 50h/51h under DOS 2.x unless DOS CritErr flag is set). 2) Apparently int 28h is also called during screen writes 3) Until some program installs its own routine, this interrupt vector simply points to an IRET opcode. 4) Supported in OS/2 1.0's DOS Compatibility Box Interrupt 29h (not documented by Microsoft) * Internal - Quick Screen Output This method is extremely fast (much faster than DOS 21h subfunctions 2 and 9, for example), and it is portable, even to "non-compatible" MS-DOS computers. entry AL character to output to screen return unknown note 1) Documented by Digital Research's DOS Reference as provided with the DEC Rainbow 2) If ANSI.SYS is installed, character output is filtered through it. 3) Works on the IBM PC and compatibles, Wang PC, HP-150 and Vectra, DEC Rainbow, NEC APC, Texas Instruments PC and others 4) This interrupt is called from the DOS's output routines if output is going to a device rather than a file, and the device driver's attribute word has bit 3 (04h) set to "1". 5) This call has been tested with MSDOS 2.11, PCDOS 2.1, PCDOS 3.1, PCDOS 3.2, and PCDOS 3.3. 6) Used in IBMBIO.COM as a vector to int 10, function 0Eh (write TTY) followed by an IRET. Interrupt 2Ah Microsoft Networks - Session Layer Interrupt * (not documented by Microsoft) entry AH 00h check to see if network BIOS installed return AH <> 0 if installed 01h execute NETBIOS request 02h set net printer mode 03h get shared-device status (check direct I/O) AL 00h DS:SI pointer to ASCIIZ disk device name return CF 0 if allowed 04h execute NETBIOS AL 0 for error retry 1 for no retry ES:BX pointer to network control block return AX 0 for no error AH 1 if error AL error code 05h get network resource information AL 00h return AX reserved BX number of network names CX number of commands DX number of sessions 06h Network Print-stream Control note NETBIOS 1.10 20h unknown note AL=01h intercepted by DESQview 2.0 80h Begin DOS Critical Section AL 1 to 6 81h End DOS Critical Section AL 1 to 6 82h Server Hook return unknown note called by the int 21h function dispatcher in DOS 3.10+ for function 0 and functions greater than 0Ch except 59h 84h keyboard busy loop note similar to DOS's int 28h Interrupt 2Bh (not documented by Microsoft) * Unknown - Internal Routine for DOS (IRET) Interrupt 2Ch (not documented by Microsoft) * Unknown - Internal Routine for DOS (IRET) Interrupt 2Dh (not documented by Microsoft) * Unknown - Internal Routine for DOS (IRET) Interrupt 2Eh (undocumented by Microsoft) (DOS 2.0+) * Internal Routine for DOS (Alternate EXEC) This interrupt passes a command line addressed by DS:SI to COMMAND.COM. The command line must be formatted just like the unformatted parameter area of a Program Segment Prefix. That is, the first byte must be a count of characters, and the second and subsequent bytes must be a command line with parameters, terminated by a carriage return character. When executed, int 2Eh will reload the transient part of the command interpreter if it is not currently in memory. If called from a program that was called from a batch file, it will abort the batch file. If executed from a program which has been spawned by the EXEC function, it will abort the whole chain and probably lock up the computer. Int 2Eh also destroys all registers including the stack pointer. Int 2Eh is called from the transient portion of the program to reset the DOS PSP pointers using the above Functions #81 & #80, and then reenters the resident program. When called with a valid command line, the command will be carried out by COMMAND.COM just as though you had typed it in at the DOS prompt. Note that the count does not include the carriage return. This is an elegant way to perform a SET from an application program against the master environment block for example. entry DS:SI pointer to an ASCIIZ command line in the form: count byte ASCII string carriage return null byte note 1) Destroys all registers including stack pointer 2) Seems to work OK in both DOS 2.x and 3.x 3) It is reportedly not used by DOS. 4) As far as known, int 2Eh is not used by DOS 3.1, although it was called by COMMAND.COM of PCDOS 3.0, so it appears to be in 3.1 only for the sake of compatibility. Interrupt 2Fh Multiplex Interrupt Interrupt 2Fh is the multiplex interrupt. A general interface is defined between two processes. It is up to the specific application using interrupt 2Fh to define specific functions and parameters. This interrupt is becoming more commonly used as the availible interrupt 21 functions are getting to be in short supply. Int 2Fh doesn't require any support from DOS itself for it to be used in application programs. It's not handled by DOS, but by the programs themselves. Every multiplex interrupt handler is assigned a specific multiplex number. The multiplex number is specified in the AH register; the AH value tells which program your request is directed toward. The specific function that the handler is to perform is placed in the AL register. Other parameters are places in the other registers as needed. The handlers are chained into the 2Fh interrupt vector and the multiplex number is checked to see if any other application is using the same multiplex number. There is no predefined method for assigning a multiplex number to a handler. You must just pick one. To avoid a conflict if two applications choose the same multiplex number, the multiplex numbers used by an application should be patchable. In order to check for a previous installation of the current application, you can search memory for a unique string included in your program. If the value you wanted in AH is taken but you don't find the string, then another application has grabbed that location. Int 2Fh was not documented under DOS 2.x. There is no reason not to use int 2Fh as the multiplex interrupt in DOS 2.x. The only problem is that DOS 2.x does not initialize the int 2Fh vector, so when you try to chain to it like you are supposed to, it will crash. If your program checks the vector for being zero and initializes it itself or doesn't chain in that case, it will work for you n 2.x just the same as 3.x. Function 01h PRINT.COM Register AH identifies which program is to handle the interrupt. Values 00h-7Fh are reserved for DOS, not that anyone cares much. Values 0C0h-0FFh are reserved for applications. Register AL contains the function code if used entry AH 01h AL 00h PRINT Get Installed State This call must be defined by all int 2Fh handlers. It is used by the caller of the handler to determine if the handler is present. On entry, AL=0. On return, AL contains the installed state as follows: return AL 0FFh installed 01h not installed, not OK to install 00h not installed, OK to install 01h PRINT Submit File DS:DX pointer to submit packet format byte level dword pointer to ASCIIZ filename return CF set if error AX error code note 1) A submit packet contains the level (BYTE) and a pointer to the ASCIIZ string (DWORD in offset:segment form). The ASCIIZ string must contain the drive, path, and filename of the file you want to print. The filename cannot contain global filename characters. return CF set if error AX error code 02h PRINT Cancel File On entry, AL=2 and DS:DX points to the ASCIIZ string for the print file you want to cancel. Global filename characters are allowed in the filename. DS:DX pointer to ASCIIZ file name to cancel (wildcards OK) return CF set if error AX error code 03h PRINT remove all files return CF set if error AX error code 04h PRINT hold queue/get status This call holds the jobs in the print queue so that you can scan the queue. Issuing any other code releases the jobs. On entry, AL=4. On return, DX contains the error count. DS:SI points to the print queue. The print queue consists of a series of filename entries. Each entry is 64 bytes long. The first entry in the queue is the file currently being printed. The end of the queue is marked by the entry having a null as the first character. return DX error count DS:SI pointer to print queue (null-string terminated list of 64-byte ASCIIZ filenames) CF set if error AX error code 01h function invalid 02h file not found 03h path not found 04h too many open files 05h access denied 08h queue full 09h spooler busy 0Ch name too long 0Fh drive invalid 05h PRINT restart queue return CF set if error AX error code Function 05h DOS 3.x critical error handler entry AH 05h AL 00h installation check return AL 00h not installed, OK to install 01h not installed, can't install 0FFh installed note This set of functions allows a user program to partially or completely override the default critical error handler in COMMAND.COM AL 01h handle error - nonzero error code in AL return CF clear ES:DI pointer to ASCIIZ error message CF set use default error handler AL (?) Function 06h ASSIGN entry AH 06h 00h installation check return AH <> 0 if installed 01h get memory segment return ES segment of ASSIGN work area Function 10h SHARE entry AH 10h AL 00h installation check return AL 00h not installed, OK to install 01h not installed, not OK to install 0FFh installed Function 11h Multiplex - network redirection entry AH 11h AL 00h installation check return AL 00h not installed, OK to install 01h not installed, not OK to install 0FFh installed 01h-05h unknown 06h close remote file 07h-09h unknown 0Ah unknown stack word (?) return CF set on error 0Bh unknown stack word (?) return CF set on error(?) 0Ch unknown 0Dh unknown 0Eh unknown stack word (?) return (?) 0Fh-16h unknown 17h unknown stack word (?) return (?) 18h unknown stack word (?) return (?) 19h-1Dh unknown 1Eh do redirection stack word function to execute return CF set on error 1Fh printer setup stack word function(?) return CF set on error(?) 20h-25h unknown stack word (?) 26h unknown Function 12h multiplex, DOS 3.x internal services entry AH 12h AL 00h installation check return AL 0FFh for compatibility with other int 2Fh functions 01h close file (?) stack word value - unknown return BX unknown CX unknown ES:DI pointer to unknown value note Can be called only from within DOS 02h get interrupt address stack word vector number return ES:BX pointer to interrupt vector stack unchanged 03h get DOS data segment return DS segment of IBMDOS.COM file 04h normalize path separator stack word character to normalize return AL normalized character (forward slash turned to backslash) stack unchanged 05h output character stack word character to output return stack unchanged note Can be called only from within DOS 06h invoke critical error return AL 0-3 for Abort, Retry, Ignore, Fail note Can be called only from within DOS 07h move disk buffer (?) DS:DI pointer to disk buffer return buffer moved to end of buffer list note Can be called only from within DOS 08h decrement word ES:DI pointer to word to decrement return AX new value of word note Word pointed to by ES:DI decremented, skipping zero 09h unknown DS:DI pointer to disk buffer(?) return (?) note Can be called only from within DOS 0Ah unknown note Can be called only from within DOS 0Bh unknown ES:DI pointer to system file table entry(?) return AX (?) note Can be called only from within DOS 0Ch unknown note Can be called only from within DOS 0Dh get date and time return AX current date in packed format DX current time in packed format note Can be called only from within DOS 0Eh do something to all disk buffers (?) return DS:DI pointer to first disk buffer note can be called only from within DOS 0Fh unknown DS:DI pointer to (?) return DS:DI pointer to (?) note 1) Can be called only from within DOS 2) Calls on function 1207h 10h find dirty/clean(?) buffer DS:DI pointer to first disk buffer return DS:DI pointer to first disk buffer which has (?) flag clear ZF clear if found set if not found 11h normalize ASCIIZ filename DS:SI pointer to ASCIIZ filename to normalize ES:DI pointer to buffer for normalized filename return destination buffer filled with uppercase filename, with slashes turned to backslashes 12h get length of ASCIIZ string ES:DI pointer to ASCIIZ string return CX length of string 13h uppercase character stack word character to convert to uppercase return AL uppercase character stack unchanged 14h compare far pointers DS:SI first pointer ES:DI second pointer return ZF set if pointers are equal ZF clear if not equal 15h unknown DS:DI pointer to disk buffer stack word (?) return stack unchanged note Can be called only from within DOS 16h get address of system FCB BX system file table entry number return ES:DI pointer to system file table entry 17h set default drive (?) stack word drive (0=A:, 1=B:, etc) return DS:SI pointer to drive data block for specified drive stack unchanged note Can be called only from within DOS 18h get something (?) return DS:SI pointer to (?) 19h unknown stack word drive (0=default, 1=A:, etc) return (?) stack unchanged note 1) Can be called only from within DOS 2) Calls function 1217h 1Ah get file's drive DS:SI pointer to filename return AL drive (0=default, 1=A:, etc, 0FFh=invalid) 1Bh set something (?) CL unknown return AL (?) note Can be called only from within DOS 1Ch checksum memory DS:SI pointer to start of memory to checksum CX number of bytes DX initial checksum return DX checksum note Can be called only from within DOS 1Dh unknown DS:SI pointer to (?) CX (?) DX (?) return AX (?) CX (?) DX (?) 1Eh compare filenames DS:SI pointer to first ASCIIZ filename ES:DI pointer to second ASCIIZ filename return ZF set if filenames equivalent clear if not 1Fh build drive info block stack word drive letter return ES:DI pointer to drive info block (will be overwritten by next call) stack unchanged note Can be called only from within DOS 20h get system file table number BX file handle return CF set on error, error code in AL AL 06h (invalid file handle) CF clear if successful byte ES:[DI] = system file table entry number for file handle 21h unknown DS:SI pointer to (?) return (?) note Can be called only from within DOS 22h unknown SS:SI pointer to (?) return nothing(?) note Can be called only from within DOS 23h check if character device (?) return DS:SI pointer to device driver with same name as (?) note Can be called only from within DOS 24h delay return after delay of (?) ms note Can be called only from within DOS 25h get length of ASCIIZ string DS:SI pointer to ASCIIZ string return CX length of string Function 43h Microsoft Extended Memory Specification (XMS) Function 5453h TesSeRact Standard for Ram-Resident Program Communication Function 64h SCRNSAV2.COM entry AH 64h AL 00h installation check return AL 00h not installed 0FFh installed note SCRNSAV2.COM is a screen saver for PS/2's with VGA by Alan Ballard Function 7Ah Novell NetWare entry AH 7Ah AL 00h installation check note 1) Returns address of entry point for IPX and SPX 2) Parameters are listed under int 21 Function 087h APPEND entry AH 087h AL 00h APPEND installation check return AH <> 0 if installed 01h APPEND - unknown 02h APPEND - version check Function 088h Microsoft Networks entry AH 088h AL 00h network program installation check return AH <> 0 if installed BX installed component flags (test in this order!) bit 6 server bit 2 messenger bit 7 receiver bit 3 redirector 01h unknown 02h unknown 03h get current POST address return ES:BX POST address 04h set new POST address ES:BX new POST address 09h network version check Function 0AAh VIDCLOCK.COM entry AH 0AAh AL 00h installation check return AL 00h not installed 0FFh installed note VIDCLOCK.COM is a memory-resident clock by Thomas G. Hanlin III Function 0BBh Network Functions entry AH 0BBh AL 00h net command installation check 01h, 02h unknown 03h get server POST address 04h get server POST address Function 0F7h AUTOPARK.COM (PD TSR hard disk parking utility) entry AH 0F7h AL 00h installation check return AL 00h not installed 0FFh installed note AUTOPARK is a TSR HD parker by Alan D. Jones 01h set parking delay BX:CX 32 bit count of 55ms timer ticks MSDOS 2Fh functions 01h (PRINT), 02h (ASSIGN), 10h (SHARE): return AX Error Codes Description 01h invalid function number 02h file not found 03h path not found 04h too many open files 05h access denied 06h invalid handle 08h queue full 09h busy 0Ch name too long 0Fh invalid drive was specified CF clear (0) if OK set (1) if error - error returned in AX note 1) The multiplex numbers AH=0h through AH=7Fh are reserved for DOS. Applications should use multiplex numbers 80h through 0FFh. 2) When in the chain for int 2Fh, if your code calls DOS or if you execute with interrupts enabled, your code must be reentrant/recursive. 3) Important! In versions of DOS prior to 3.0, the int 2Fh vector was initialized to zero rather than being pointed into the DOS service area. You must initialize this vector manually under DOS 2.x. �����������������������������������������������������������������������������Ŀ � Miscellaneous Interrupts - in numerical order � ������������������������������������������������������������������������������� Interrupt 30h (not a vector!) far jump instruction for CP/M-style calls Interrupt 31h Unknown note The CALL 5 entry point does a FAR jump to here Interrupt 32h Unknown Interrupt 33h Used by Microsoft Mouse Driver Function Calls Function Requests 00h Reset Driver and Read Status entry AH 00h return AH status 0 hardware/driver not installed -1 hardware/driver installed BX number of buttons -1 two buttons 0 other than two 3 Mouse Systems mouse 01h Show Mouse Cursor entry AH 01h return unknown 02h Hide Mouse Cursor entry AH 02h return unknown note multiple calls to hide the cursor will require multiple calls to function 01h to unhide it. 03h Return Position and Button Status entry AH 03h return BX button status bit 0 left button pressed if 1 bit 1 right button pressed if 1 bit 2 middle button pressed if 1 (Mouse Systems mouse) CX column DX row 04h Position Mouse Cursor entry AH 04h CX column DX row return unknown 05h Return Button Press Data entry AH 05h BX button 0 left 1 right 2 middle (Mouse Systems mouse) return AH button states bit 0 left button pressed if 1 bit 1 right button pressed if 1 bit 2 middle button pressed if 1 (Mouse Systems mouse) BX no. of times specified button pressed since last call CX column at time specified button was last pressed DX row at time specified button was last pressed 06h Return Button Release Data entry AH 06h BX button 0 left 1 right 2 middle (Mouse Systems mouse) return AH button states bit 0 left button pressed if 1 bit 1 right button pressed if 1 bit 2 middle button pressed if 1 (Mouse Systems mouse) BX no. of times specified button released since last call CX column at time specified button was last released DX row at time specified button was last released 07h Define Horizontal Cursor Range entry AH 0007h CX minimum column DX maximum column return unknown 08h Define Vertical Cursor Range entry AH 08h CX minimum row DX maximum row return unknown 09h Define Graphics Cursor entry AH 09h BX column of cursor hot spot in bitmap (-16 to 16) CX row of cursor hot spot (-16 to 16) ES:DX pointer to bitmap 16 words screen mask 16 words cursor mask return unknown note Each word defines the sixteen pixels of a row, low bit rightmost 0Ah Define Text Cursor entry AH 0Ah BX hardware/software text cursor 00h software CX screen mask DX cursor mask 01h hardware CX start scan line DX end scan line return unknown note When the software cursor is selected, the char/attribute data at the current screen position is ANDed with the screen mask and the with the cursor mask 0Bh Read Motion Counters entry AH 0Bh return CX number of mickeys mouse moved horiz. since last call DX number of mickeys mouse moved vertically note 1) A mickey is the smallest increment the mouse can sense. Positive values indicate up/right 0Ch Define Interrupt Subroutine Parameters entry AH 0Ch CX call mask bit bit 0 call if mouse moves bit 1 call if left button pressed bit 2 call if left button released bit 3 call if right button pressed bit 4 call if right button released bit 5 call if middle button pressed (Mouse Systems) bit 6 call if middle button released (Mouse Systems) ES:DX address of FAR routine return unknown note when the subroutine is called, it is passed these values: AH condition mask (same bit assignments as call mask) BX button state CX cursor column DX cursor row DI horizontal mickey count SI vertical mickey count 0Dh Light Pen Emulation On entry AH 0Dh return unknown 0Eh Light Pen Emulation Off entry AH 0Eh return unknown 0Fh Define Mickey/Pixel Ratio entry AH 0Fh CX number of mickeys per 8 pixels horizontally DX number of mickeys per 8 pixels vertically return unknown 10h Define Screen Region for Updating entry AH 10h CX,DX X,Y coordinates of upper left corner SI,DI X,Y coordinates of lower right corner return unknown note Mouse cursor is hidden during updating, and needs to be explicitly turned on again 11h not documented by Microsoft 12h Set Large Graphics Cursor Block AH 12h BH cursor width in words CH rows in cursor BL horizontal hot spot (-16 to 16) CL vertical hot spot (-16 to 16) ES:DX pointer to bit map of screen and cursor maps return AH -1 if successful note PC Mouse. Not documented by Microsoft 13h Define Double-Speed Threshold entry AH 13h DX threshold speed in mickeys/second, 0 = default of 64/second return unknown note If speed exceeds threshold, the cursor's on-screen motion is doubled 14h Exchange Interrupt Subroutines entry AH 14h return unknown 15h Return Drive Storage Requirements entry AH 15h return BX size of buffer needed to store driver state 16h Save Driver State entry AH 16h ES:DX pointer to buffer return unknown 17h Restore Driver State entry AH 17h ES:DX pointer to buffer containing saved state return unknown 18h-1Ch not documented by Microsoft; unknown 1Dh Define Display Page Number entry AH 1Dh 1Eh Return Display Page Number entry AH 1Eh return unknown 42h PCMouse - Get MSmouse Storage Requirements AH 42h return AX 0FFFFh successful BX buffer size in bytes for functions 50h and 52h 00h MSmouse not installed 42h functions 42h, 50h, and 52h not supported 52h PCMouse - Save MSmouse State entry AH 50h BX buffer size ES:DX pointer to buffer return AX 0FFFFh if successful 52h PCMouse - restore MSmouse state entry AH 52h BX buffer size ES:DX pointer to buffer return AX 0FFFFh if successful Int 33: In addition, the following functions are appended to BIOS int 10h and implemented as the EGA Register Interface Library: 0F0h read one register 0F1h write one register 0F2h read consecutive register range 0F3h write consecutive register range 0F4h read non-consecutive register set 0F5h write non-consecutive register set 0F6h revert to default register values 0F7h define default register values 0FAh get driver status Interrupt 34h Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0D8h Interrupt 35h Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0D9h Interrupt 36h Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0DAh Interrupt 37h Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0DBh Interrupt 38h Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0DCh Interrupt 39h Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0DDh Interrupt 3Ah Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0DEh Interrupt 3Bh Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates opcode 0DFh Interrupt 3Ch Turbo C/Microsoft languages - Floating Point emulation This int emulates instructions with an ES segment override Interrupt 3Dh Turbo C/Microsoft languages - Floating Point emulation This interrupt emulates a standalone FWAIT instruction Interrupt 3Eh Turbo C/Microsoft languages - Floating Point emulation Interrupt 3Fh Overlay manager interrupt (Microsoft LINK.EXE) Default overlay interrupt; may be changed with LINK switch Interrupt 40h Hard Disk BIOS Pointer to disk BIOS entry when a hard disk controller is installed. The BIOS routines use int 30h to revector the diskette handler (original int 13h) here so int 40 may be used for hard disk control Interrupt 41h Hard Disk Parameters (XT,AT,XT2,XT286,PS except ESDI disks) Pointer to first Hard Disk Parameter Block, normally located in the controller card's ROM. This table may be copied to RAM and changed, and this pointer revectored to the new table. note 1) format of parameter table is: dw cylinders db heads dw starting reduced write current cylinder (XT only, 0 for others) db maximum ECC burst length db control byte bits 0-2 drive option (XT only, 0 for others) bit 3 set if more than 8 heads bit 4 always 0 bit 5 set if manufacturer's defect map on max cylinder+1 bit 6 disable ECC retries bit 7 disable access retries db standard timeout (XT only, 0 for others) db formatting timeout (XT only, 0 for others) db timeout for checking drive (XT only, 0 for others) dw landing zone (AT, PS/2) db sectors/track (AT, PS/2) db 0 2) normally vectored to ROM table when system is initialized. Interrupt 42h Pointer to screen BIOS entry (EGA, VGA, PS/2) Relocated (by EGA, etc.) video handler (original int 10h). Revectors int 10 calls to EGA BIOS. Interrupt 43h Pointer to EGA graphics character table. The POST initializes this vector pointing to the default table located in the EGA ROM BIOS. (PC-2 and up). Not initialized if EGA not present. This vector was referred to (mistakenly) as the Video Parameters table in the original EGA BIOS listings. Interrupt 44h Pointer to graphics character table. This table contains the (0:0110h) dot patterns for the first 128 characters in video modes 4,5, and 6, and all 256 characters in all additional graphics modes. Not initialized if EGA not present. 2) EGA/VGA/CONV/PS - EGA/PCjr fonts, characters 00h to 7Fh 3) Novell NetWare - High-Level Language API 4) This interrupt is not used by some EGA cards. Interrupt 45h Reserved by IBM (not initialized) Interrupt 46h Pointer to second hard disk, parameter block (AT, XT/286, PS/2) (see int 41h) (except ESDI hard disks) (not initialized unless specific user software calls for it) Interrupt 47h Reserved by IBM (not initialized) Interrupt 48h Cordless Keyboard Translation (PCjr, XT [never delivered]) (0:0120h) This vector points to code to translate the cordless keyboard scancodes into normal 83-key values. The translated scancodes are then passed to int 9. (not initialized on PC or AT) Interrupt 49h Non-keyboard Scan Code Translation Table Address (PCjr) (0:0124h) This interrupt is used for operation of non-keyboard devices on the PCjr, such as the Keystronic Numeric Keypad. This interrupt has the address of a table used to translate non-keyboard scancodes (greater than 85 excepting 255). This interrupt can be revectored by a user application. IBM recommends that the default table be stored at the beginning of an application that required revectoring this interrupt, and that the default table be restored when the application terminates. (not initialized on PC or AT) The PCjr BIOS can interpret scancodes other than those generated by the keyboard to allow for expansion. The keyboard generates scancodes from 01h to 055h, including 0FFh. Any scancodes above 55h (56h through 7Eh for make codes and 0D6h through 0FEh for break codes) are processed in the following manner: 1) if the incoming make code falls within the range of the translate table whose address is pointed to by int 49h, it is translated into the corresponding scancode. Any incoming break codes above 0D5h are ignored. 2) if the new translated scancode ius less and 56h, it is processed by the BIOS as a keyboard scancode and the same data is placed in the BIOS keyboard buffer. 3) if the translated scancode is higher than 55h or the incoming scancode is outside the range of the translate table, 40h is added creating a new extended scancode. The extended scancode is placed in the BIOS keyboard buffer with the character code of 00h (NUL). This utilitizes the range of 96h through 0BEh for scancodes 56h through 7Eh. The default translate-table maps scancodes 56h through 6Ah to existing keyboard values. Codes 6Bh theough 0BEh are mapped (by adding 40h) to extended codes 0ABh through 0FEh since they are outside the range of the default translate table. The format of the translate table is: 0 length - the number of nonkeyboard scancodes that are mapped within the table (from 1 to n) 1 to n word high byte 00h (NUL) byte scancode with low order byte representing the scancode mapped values relative to their input values within the range of 56h through 7Eh With this layout, all keyboard scancodes can be intercepted through int 9h and and nonkeyboard scancodes can be intercepted through int 48h. Interrupt 4Ah Real-Time Clock Alarm (Convertible, PS/2) (not initialized on PC or AT) Invoked by BIOS when real-time clock alarm occurs Interrupt 4Bh Reserved by IBM (not initialized) Interrupt 4Ch Reserved by IBM (not initialized) Interrupt 4Dh Reserved by IBM (not initialized) Interrupt 4Eh Reserved by IBM (not initialized) Used instead of int 13h for disk I/O on TI Professional PC Interrupt 4Fh Reserved by IBM (not initialized) Interrupt 50-57 IRQ0-IRQ7 relocated by DesQview (normally not initialized) Interrupt 58h Reserved by IBM (not initialized) Interrupt 59h Reserved by IBM (not initialized) GSS Computer Graphics Interface (GSS*CGI) DS:DX Pointer to block of 5 array pointers return CF 0 AX return code CF 1 AX error code note 1) Int 59 is the means by which GSS*CGI language bindings communicate with GSS*CGI device drivers and the GSS*CGI device driver controller. 2) Also used by the IBM Graphic Development Toolkit Interrupt 5Ah Reserved by IBM (not initialized) Interrupt 5Bh Reserved by IBM (not initialized) Interrupt 5Ah Cluster Adapter BIOS entry address (normally not initialized) Interrupt 5Bh Reserved by IBM (not initialized) (cluster adapter?) Interrupt 5Ch NETBIOS interface entry port ES:BX pointer to network control block return AL error code (0 if none) note 1) When the NETBIOS is installed, interrupts 13 and 17 are interrupted by the NETBIOS; interrupt 18 is moved to int 86 and one of int 2 or 3 is used by NETBIOS. Also, NETBIOS extends the int 15 function 90 and 91h functions (scheduler functions) 2) Normally not initialized. 3) TOPS network card uses DMA 1, 3 or none. Interrupt 5Dh Reserved by IBM (not initialized) Interrupt 5Eh Reserved by IBM (not initialized) Interrupt 5Fh Reserved by IBM (not initialized) Interrupt 60h-67h User Program Interrupts (availible for general use) Various major programs make standardized use of this group of interrupts. Details of common use follows Interrupt 60h 10-Net Network entry AH 11h Lock and Wait AL drive number or 0 DX number of seconds to wait ES:SI Ethernet address or 0 DS:BX pointer to 31-byte ASCIIZ semaphore name return AL status 0 successful 1 timeout 2 server not responding 3 invalid semaphore name 4 semaphore list is full 5 invalid drive ID 6 invalid Ethernet address 7 not logged in 8 write to network failed 9 semaphore already logged for this CPU entry AH 12h Lock AL drive number or 0 for default ES:SI Ethernet address or 0 DS:BX pointer to 31-byte ASCIIZ semaphore name return AL status (see function 11h) 1 semaphore currently logged note Unlike function 11h, this function returns immediately entry AH 13h Unlock AL drive number or 0 ES:SI Ethernet address or 0 DS:BX pointer to 31-byte ASCIIZ semaphore name return AL status (see function 11h) 1 semaphore not logged Interrupt 67h Used by Lotus-Intel-Microsoft Expanded Memory Specification user and Ashton-Tate/Quadram/AST Enhanced Expanded Memory specification (See Chapter 10) Interrupt 68h Not Used (not initialized) Interrupt 69h Not Used (not initialized) Interrupt 6Ah Not Used (not initialized) Interrupt 6Bh Not Used (not initialized) Interrupt 6Ch System Resume Vector (Convertible) (not initialized on PC) DOS 3.2 Realtime Clock update Interrupt 6Dh Not Used (not initialized) Interrupt 6Eh Not Used (not initialized) Interrupt 6Fh Novell NetWare - PCOX API (3270 PC terminal interface) Interrupt 6Fh 10-Net Network API entry AH 00h Login DS:DX login record 8 bytes user name 8 bytes password 12 bytes name of super-station return CL security level AX status 0000h good login 0FF01h no response from superstation 0FF02h network error 0FF03h invalid password 0FF04h no local buffer 0FF05h superstation not available 0FF06h node already logged in 0FF07h login not valid from this node 0FF08h node ID already in use 01h Logoff return CX number of files closed AX status 0000h successful 0FF08h superstation ID not already logged in 02h Status of node DS:DX pointer to 512-byte record 8 bytes user name (0 if none) byte station type 0 workstation 1 superstation 4 logged into multiple superstations 24 bytes list of superstations logged into more than one superstation 12 bytes node ID word message count for this station (send for user node, receive for superstations) for superstations only: word drives allocated (bit 0=A:, bit 1=B:,...) byte user service flag bit 4: SUBMIT is on 3: mail waiting for node 2: calendar waiting for you 1: news waiting for you 0: mail waiting for you byte printers allocated (bit 0=LPT1,...) byte number of unprinted spool files byte number of opened files byte number of logged on files byte primary drive (1=A:) byte reserved n bytes list of logged on node IDs (each 12 bytes, max 38 IDs) return CF set on error AX error code 0FF01h no response from node 0FF02h network error 0FF04h no local buffer 0FF16h invalid node ID 03h Get Address of Configuration Table return ES:BX pointer to record (actually starts at [BX-25]) word count of dropped Send6F word buffer start address word comm driver base address word send/receive retry count byte number of 550ms loops word UFH address word CDIR address word LTAB address word SFH address word FTAB address word RLTAB address word SMI address word NTAB address ES:BX pointer to word address of first CT_DRV byte number of DRV entries 8 bytes login name 12 bytes node ID 6 bytes node address byte flag byte CT_CFLG bit 1: sound bell bit 0: CHAT permit byte CT_PSFLG bit 5: PRINT permit bit 4: KB initiated bit 3: CHAT called FOXPTRM bit 2: SUBMIT active bit 1: SUBMIT received bit 0: SUBMIT permit byte reserved word receive message count word send message count word retry count word failed count word driver errors word dropped responses/CHATs 9 bytes list ID/NTAB address (3 entries-LPT1-3?) 6 bytes AUX ID/NTAB address (2 entries-COM1-2?) byte active CB channel byte received 6F messages on queue 9 bytes activity counters for channels 1-9 04h Send DS:BX pointer to record 12 bytes receiving node's ID word length of data at DX DS:DX pointer to data (max 1024 bytes) return CF set on error AX error code 0FF01h timeout 0FF02h network error 0FF04h no local buffer 0FF16h invalid parameter (bad length) 05h Receive CX number of seconds before timeout DS:DX pointer to receive buffer 12 bytes sending node's ID word length of message n bytes message (maximum 1024 bytes) return CF set on error AX error code 0FF01h timeout 0FF18h sent message has been dropped 06h Unknown 07h Lock Handle BX file handle CX:DX starting offset in file SI record length return CF set on error AX error code 0FF01h timeout 02h file not found 0FF17h record locked by another user 08h Unlock Handle BX file handle AL mode 0 unlock all 1 unlock record at CX:DX return CF set on error AX error code 02h file not found 0Bh Lock Semaphore, Return Immediately AL drive number or 0 ES:SI Ethernet address or 0 DS:BX pointer to 31-byte ASCIIZ semaphore name return AL status 0 successful 1 semaphore currently locked 2 server not responding 3 invalid semaphore name 4 semaphore list is full 5 invalid drive ID 6 invalid Ethernet address 7 not logged in 8 write to network failed 9 semaphore already logged in this CPU 0Ch unlock semaphore AL drive number or 0 ES:SI Ethernet address or 0 DS:BX pointer to 31-byte ASCIIZ semaphore name return AL status (see AH=0Bh) 1 semaphore not locked 0Dh Who CX length of data DS:DX pointer to array of records to be filled 12 bytes node ID byte flag (1=workstation, 2=superstation) return CL number of records returned (responding stations) 0Eh spool/print DS:DX pointer to record word 0 initiate spool 1 abort print 2 close spool 3 delete spool 4 print 5 get report info 11 bytes file name byte notification bit 6: do ID page bit 5: no form feed bit 3: notify at print completion bit 2: notify at print start and reply? bit 1: notify at print start bit 0: no notification byte days to keep (0FFh=forever) byte device (1=LPT1) word length of following data area n bytes $SCNT records returned if code in first word is 05h return CF set on error AX error code 0FF16h invalid parameter 0FF17h device not mounted 0FF18h already spooling to named device 11h Lock FCB AL mode 0 sequential 1 random 2 random block DS:DX pointer to FCB return CF set on error AX 02h file not found 0FF01h timeout 0FF17h record locked by another user 12h Unlock FCB AL mode 0 sequential 1 random 2 random block DS:DX pointer to FCB return CF set on error AX 02h file not found Interrupt 70h IRQ 8, Real Time Clock Interrupt (AT, XT/286, PS/2) Interrupt 71h IRQ 9, Redirected to IRQ 8 (AT, XT/286, PS/2) LAN Adapter 1 (rerouted to int 0Ah [IRQ2] by BIOS) Interrupt 72h IRQ 10 (AT, XT/286, PS/2) Reserved Interrupt 73h IRQ 11 (AT, XT/286, PS/2) Reserved Interrupt 74h IRQ 12 Mouse Interrupt (PS/2) Interrupt 75h IRQ 13, Coprocessor Error, BIOS Redirect to int 2 (NMI) (AT) Interrupt 76h IRQ 14, Hard Disk Controller (AT, XT/286, PS/2) Interrupt 77h IRQ 15 (AT, XT/286, PS/2) Reserved Interrupt 78h Not Used Interrupt 79h Not Used Interrupt 7Ah Novell NetWare - LOW-LEVEL API Interrupt 7Bh-7Eh Not Used Interrupt 7Fh unknown Used by second copy of COMMAND set with SHELL= Not used by COMMAND /C at DOS prompt Interrupt 80h-85h Reserved by BASIC note interrupts 80h through ECh are apparently unused and not initialized. Interrupt 86h Relocated by NETBIOS int 18 Interrupt 86h-0F0h Used by BASIC when BASIC interpreter is running Intrerrupt 0E0h CP/M-86 function calls Interrupt 0E4h Logitech Modula-2 v2.0 MONITOR entry AX 05h monitor entry 06h monitor exit BX priority Interrupt 0F0h unknown Used by secondary copy of COMMAND when SHELL= set Not used by COMMAND /C at DOS prompt Interrupts 0F1h-0FFh (absolute addresses 3C4-3FF) Location of Interprocess Communications Area Interrupt 0F8h Set Shell Interrupt (OEM) Set OEM handler for int 21h calls from 0F9h through 0FFh entry AH 0F8h DS:DX pointer to handler for Functions 0F9h thru 0FFh note 1) To reset these calls, pass DS and DX with 0FFFFh. DOS is set up to allow ONE handler for all 7 of these calls. Any call to these handlers will result in the carry bit being set and AX will contain 1 if they are not initialized. The handling routine is passed all registers just as the user set them. The OEM handler routine should be exited through an IRET. 2) 10 ms interval timer (Tandy?) Interrupt 0F9h First of 8 SHELL service codes, reserved for OEM shell (WINDOW); use like HP Vectra user interface? Interrupt 0FAh USART ready (RS-232C) Interrupt 0FBh USART RS ready (keyboard) Interrupt 0FCh Unknown Interrupt 0FDh reserved for user interrupt Interrupt 0FEh AT/XT286/PS50+ - destroyed by return from protected mode Interrupt 0FFh AT/XT286/PS50+ - destroyed by return from protected mode ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R S I X DOS CONTROL BLOCKS AND WORK AREAS Contrary to popular belief, DOS is not limited to 640k of work space. This constraint is enforced by the mapping of ROM and video RAM into the default 1 megabyte CPU address space. Some MSDOS compatible machines, such as the Sanyo 55x series, can have as much as 768k of contiguous DOS workspace with the appropriate option boards. Since DOS has no real memory management, it cannot deal with a fragmented workspace. Fragmented RAM (such as RAM mapped into the option ROM address space) can be dealt with as a RAMdisk or other storage area by using a device driver or other software. The 80386 CPU and appropriate control software can create a DOS workspace of more than one megabyte. Certain add-on boards can also add more than a megabyte of workspace, but only for specially written software. Since these are all proprietary schemes, little information is availible at present. When DOS loads a program, it first sets aside a section of memory for the program called the program segment, or code segment. Then it constructs a control block called the program segment prefix, or PSP, in the first 256 (100h) bytes. Usually, the program is loaded directly after the PSP at 100h. The PSP contains various information used by DOS to help run the program. The PSP is always located at offset 0 within the code segment. When a program recieves control certain registers are set to point to the PSP. For a COM file, all registers are set to point to the beginning of the PSP and the program begins at 100h. For the more complex EXE file structures, only DS and ES registers are set to point to the PSP. The linker passes the settings for the DS, IP, SS, and SP registers and may set the starting location in CS:IP to a location other than 100h. IBMBIO provides an IRET instruction at absolute address 847h for use as a dummy routine for interrupts that are not used by DOS. This lets the interrupts do nothing until their vectors are rerouted to their appropriate handlers. A storage block is used by DOS to record the amount and location of allocated memory within the machine's address space. A storage block, a Program Segment Prefix, and an environment area are built by DOS for each program currently resident in the address space. The storage block is used by DOS to record the address range of memory allocated to a program. It is used by DOS to find the next availible area to load a program and to determine if there is enough memory to run that porogram. When a memory area is in use, it is said to be allocated. Then the program ends, or releases memory, it is said to be deallocated. A storage block contains a pointer to the Program Segment Prefix associated with each program. This control block is constructed by IBMDOS for the purpose of providing standardized areas for DOS/program communication. Within the PSP are areas which are used to save interrupt vectors, pass parameters to the program, record disk directory information, and to buffer disk reads and writes. This control block is 100h bytes in length and is followed by the program module loaded by DOS. The PSP contains a pointer to the environment area for that program. This area contains a copy of the current DOS SET, PROMPT, COMSPEC, and PATH values as well as any user-set variables. The program may examine and modify this information as desired. Each storage block is 10h bytes long, although only 5 bytes are currently used by DOS. The first byte contains 4Dh (a capital M) to indicate that it contains a pointer to the next storage block. A 5Ah (a capital Z) in the first byte of a storage block indicatres there are no more storage blocks following this one (it is the end of the chain). The identifier byte is followed by a 2 byte segment number for the associated PSP for that program. The next 2 bytes contain the number of segments what are allocated to the program. If this is not the last storage block, then another storage block follows the allocated memory area. When the storage block contains zero for the number of allocated segments, then no storage is allocated to this block and the next storage block immediately follows this one. This can happen when memory is allocated and then deallocated repeatedly. IBMDOS constructs a storage block and PSP before loading the command interpreter (default is COMMAND.COM). If the copy of COMMAND.COM is a secondary copy, it will lack an environment address at PSP+2Ch. THE DISK TRANSFER AREA (DTA)��������������������������������������������������� DOS uses an area in memory to contain the data for all file reads and writes that are performed with FCB function calls. This are is known as the disk transfer area. This disk transfer area (DTA) is sometimes called a buffer. It can be located anywhere in the data area of your application program and should be set by your program. Only one DTA can be in effect at a time, so your program must tell DOS what memory location to use before using any disk read or write functions. Use function call 1Ah (Set Disk Transfer Address) to set the disk transfer address. Use function call 2Fh (Get Disk Transfer Address) to get the disk transfer address. Once set, DOS continues to use that area for all disk operations until another function call 1Ah is issued to define a new DTA. When a program is given control by COMMAND.COM, a default DTA large enough to hold 128 bytes is established at 80h into the program's Program Segment Prefix. For file reads and writes that are performed with the extended function calls, there is no need to set a DTA address. Instead, specify a buffer address when you issue the read or write call. DOS PROGRAM SEGMENT������������������������������������������������������������ When you enter an external command or call a program through the EXEC function call, DOS determines the lowest availible address space to use as the start of available memory for the program being started. This area is called the Program Segment. At offset 0 within the program segment, DOS builds the Program Segment Prefix control block. EXEC loads the program after the Program Segment Prefix (at offset 100h) and gives it control. The program returns from EXEC by a jump to offset 0 in the Program Segment Prefix, by issuing an int 20h, or by issuing an int 21h with register AH=00h or 4Ch, or by calling location 50h in the PSP with AH=00h or 4Ch. It is the responsibility of all programs to ensure that the CS register contains the segment address of the Program Segment Prefix when terminating by any of these methods except call 4Ch. All of these methods result in returning to the program that issued the EXEC. During this returning process, interrupt vectors 22h, 23h, and 24h (Terminate, Ctrl-Break, and Critical Error Exit addresses) are restored from the values saved in the PSP of the terminating program. Control is then given to the terminate address. When a program receives control, the following conditions are in effect: For all programs: 1) The segment address of the passed environment is contained at offset 2Ch in the Program Segment Prefix. 2) The environment is a series of ASCII strings totalling less than 32k bytes in the form: NAME=value The default environment is 160 bytes. Each string is a maximum of 127 bytes terminated by a byte of zeroes for a total of 128 bytes, and the entire set of strings is terminated by another byte of zeroes. Following the byte of zeroes that terminates the set of environment string is a set of initial arguments passed to a program that contains a word count followed by an ASCIIZ string. The ASCIIZ string contains the drive, path, and filename.ext of the executable program. Programs may use this area to determine where the program was loaded from. The environment built by the command processor (and passed to all programs it invokes) contains a COMSPEC=string at a minimum (the parameter on COMSPEC is the path used by DOS to locate COMMAND.COM on disk). The last PATH and PROMPT commands issued will also be in the environment, along with any environment strings entered through the SET command. The environment that you are passed is actually a copy of the invoking process's environment. If your application terminates and stays resident through int 27h, you should be aware that the copy of the environment passed to you is static. That is, it will not change even if subsequent PATH, PROMPT, or SET commands are issued. The size of the environment may be changed from its default of 160 bytes by using the SHELL= command in the config.sys from in DOS version 3.1 up, or COMMAND.COM may be patched in earlier versions. The environment can be used to transfer information between processes or to store strings for later use by application programs. The environment is always located on a paragraph boundary. This is its format: byte ASCIIZ string 1 byte ASCIIZ string 2 .... byte ASCIIZ string n byte of zeros (0) Typically the environment strings have the form: NAME = VALUE The length of NAME or VALUE can be anything desired as long as it still fits into the 123 byte space (4 bytes are used by "SET "). Following the byte of zeros in the environment, a WORD indicates the number of other strings following. If the environment is part of an EXECed command interpreter, it is followed by a copy of the DS:DX filename passed to the child process. A zero value causes the newly created process to inherit the parent's environment. 3) Offset 80h in the PSP contains code to invoke the DOS function dispatcher. Thus, by placing the desired function number in AH, a program can issue a long call to PSP+50h to invoke a DOS function rather than issuing an int 21h. 4) The disk transfer address (DTA) is set to 80h (default DTA in PSP). 5) File Control Blocks 5Ch and 6Ch are formatted from the first two parameters entered when the command was invoked. Note that if either parameter contained a path name, then the corresponding FCB will contain only a valid drive number. The filename field will not be valid. 6) An unformatted parameter area at 81h contains all the characters entered after the command name (including leading and imbedded delimiters), with 80h set to the number of characters. If the <, >, or | parameters were entered on the command line, they (and the filenames associated with them) will not appear in this area, because redirection of standard input and output is transparent to applications. (For EXE files only) 7) DS and ES registers are set to point to the PSP. 8) CS, IP, SS, and SP registers are set to the values passed by the linker. (For COM files only) 9) For COM files, offset 6 (one word) contains the number of bytes availible in the segment. 10) Register AX reflects the validity of drive specifiers entered with the first two parameters as follows: AL=0FFh is the first parameter contained an invalid drive specifier, otherwise AL=00h. AL=0FFh if the second parameter contained an invalid drive specifier, otherwise AL=00h. 11) All four segment registers contain the segment address of the inital allocation block, that starts within the PSP control block. All of user memory is allocated to the program. If the program needs to invoke another program through the EXEC function call (4Bh), it must first free some memory through the SETBLOCK function call to provide space for the program being invoked. 12) The Instruction Pointer (IP) is set to 100h. 13) The SP register is set to the end of the program's segment. The segment size at offset 6 is rounded down to the paragraph size. 14) A word of zeroes is placed on top of the stack. The PSP (with offsets in hexadecimal) is formatted as follows: (* = undocumented) ������������������������������������������������������������������������������Ŀ � P R O G R A M S E G M E N T P R E F I X � ������������������������������������������������������������������������������Ĵ � offset� size � C O N T E N T S � ������������������������������������������������������������������������������Ĵ � 0000h � 2 bytes � int 20h � ������������������������������������������������������������������������������Ĵ � 0002h � 2 bytes � segment address, end of allocation block � ������������������������������������������������������������������������������Ĵ � 0004h � 1 byte � reserved, normally 0 � ������������������������������������������������������������������������������Ĵ � 0005h � 5 bytes � FAR call to MSDOS function dispatcher (int 21h) � ������������������������������������������������������������������������������Ĵ � 000Ah � 4 bytes � previous termination handler interrupt vector (int 22h) � ������������������������������������������������������������������������������Ĵ � 000Eh � 4 bytes � previous contents of ctrl-C interrupt vector (int 23h) � ������������������������������������������������������������������������������Ĵ � 0012h � 4 bytes � prev. critical error handler interrupt vector (int 24h) � ������������������������������������������������������������������������������Ĵ � 0016h � 22 bytes � reserved for DOS � ������������������������������������������������������������������������������Ĵ * � 2 bytes � (16) parent process' PSP � * � 20 bytes � (18) "handle table" used for redirection of files � ������������������������������������������������������������������������������Ĵ � 002Ch � 2 bytes � segment address of the program's environment block � ������������������������������������������������������������������������������Ĵ � 002Eh � 34 bytes � reserved, DOS work area � ������������������������������������������������������������������������������Ĵ * � 4 bytes � (2E) stores the calling process's stack pointer when � � � switching to DOS's internal stack. � * � � (32) DOS 3.x max open files � * � 2 bytes � (3A) size of handle table |these functions are in here � * � 4 bytes � (3C) handle table address |but reported addresses vary � ������������������������������������������������������������������������������Ĵ � 0050h � 3 bytes � int 21h, RETF instruction � ������������������������������������������������������������������������������Ĵ � 0053h � 2 bytes � reserved - unused? � ������������������������������������������������������������������������������Ĵ � 0055h � 7 bytes � reserved, or FCB#1 extension � ������������������������������������������������������������������������������Ĵ � 005Ch � 16 bytes � default unopened File Control Block #1 � ������������������������������������������������������������������������������Ĵ � 006Ch � 16 bytes � default unopened FCB #2 (overlaid if FCB #1 opened) � ������������������������������������������������������������������������������Ĵ � 0080h � 1 byte � parameter length (number of chars entered after filename) � ������������������������������������������������������������������������������Ĵ � 0081h � ... � parameters � ������������������������������������������������������������������������������Ĵ � 00FFh � 128 bytes� command tail and default Disk Transfer Area (DTA) � �������������������������������������������������������������������������������� 1. The first segment of availible memory is in segment (paragraph) form. For example, 1000h would respresent 64k. 2. Offset 2Ch contains the segment address of the environment. 3. Programs must not alter any part of the PSP below offset 5Ch. PSP (comments): offset 00h contains hex bytes CD 20, the int 20h opcode. A program can end by making a jump to this location when the CS points to the PSP. For normal cases, int 21, function 4Ch should be used. offset 02h contains the segment-paragraph address of the end of memory as reported by DOS. (which may not be the same as the real end of RAM). Multiply this number by 10h or 16 to get the amount of memory availible. ex. 1000h would be 64k. offset 04h "reserved or used by DOS" according to Microsoft offset 05h contains a long call to the DOS function dispatcher. Programs may jump to this address instead of calling int 21 if they wish. Used by Basic and other CPM object-code translated programs. It is slower than standard int 21h. offset 0Ah, 0Eh, 12h vectors (IP, CS) offset 16h PSP:16h is the segment address of the invoking program's PSP, which * will most often be COMMAND.COM but perhaps may be a secondary non-permanent COMMAND or a multitasking shell, etc. At any rate, the resident shell version of COMMAND.COM has PSP:16H = PSP, which indicates "don't look any lower in memory" for the command interpreter. To find the beginning of the allocation chain, look backwards through the PSP link addresses until the link address is equal to the PSP segment address that it resides in. This should be COMMAND.COM. To find COMMAND.COM's environment, look at the word stored at offset 0BD3h (PC-DOS 3.1 only). This is a segment address, so look there at offset 0. 18h handle alias table (networking). Also you can make PRN go to CON, * CON go to PRN, ERR go to PRN, etc. 0FFh = availible. offset 2Ch is the segment:offset address of the environment for the program using this particular PSP. This pointer does not point to COMMAND.COM's environment unless it is a second copy of COMMAND. offset 2Eh the DWORD at PSP+2Eh is used by DOS to store the calling process's * stack pointer when switching to DOS's own private stack - at the end of a DOS function call, SS:SP is restored from this address. 32h, 34h * table of number of file handles (to 64k of handles!) offset 40h 2 byte field points to the segment address of COMMAND.COM's PSP in * "weird" EXE files produced by Digital Research RASMPC/LINKPC. EXE files created with these tools can cause all sorts of problems with standard MSDOS debugging tools. offset 50h contains a long call to the DOS int 21 function dispatcher. offset 5Ch, 65h, 6Ch contain FCB information for use with FCB function calls. The first FCB may overlay the second if it is an extended call; your program should revector these areas to a safe place if you intend to use them. offset 5Ch 16 bytes first command-line argument (formatted as uppercase 11 character filename) offset 6Ch 16 bytes second command-line argument (formatted as uppercase 11 character filename) offset 7Ch-7Fh "reserved or used by DOS" offset 80h 1 byte number of bytes in command line argument offset 80h, 81h contain the length and value of parameters passed on the command line. offset 81h 97 bytes unformatted command line and/or default DTA offset 0FFh contains the DTA The PSP is created by DOS for all programs and contains most of the information you need to know about a program running. You can change the environment for the current process, however, but for the parent process, DOS in this case, you need to literally backtrack to DOS or COMMAND.COM's PSP. In order to get there you must look at the current PSP. At offset 16h of the current PSP segment, there a 2 byte segment address to the parent or previous process PSP. From there you can manipulate the enviroment by looking at offset 2Ch. As you know, at offset 2Ch, there is 2 byte segment address to the environment block. Try this under debug and explore the addresses located at these offsets; offset length description ------------------------------------------------------------ 16h 2 segment address of parent process PSP 2Ch 2 segment address of environment block. Remember under debug you will have to backtrack two times. Programs Parent -------------------------- command.com none debug.com command.com program debug.com MEMORY CONTROL BLOCKS���������������������������������������������������������� DOS keeps track of allocated and availible memory blocks, and provides four function calls for application programs to communicate their memory needs to DOS. These calls are: 48h --- allocate memory (MALLOC) 49h --- free allocated memory 4Ah --- modify allocated memory blocks (SETBLOCK) 4Bh --- load or execute program (EXEC) DOS manages memory as follows: DOS build a control block for each block of memory, whether free or allocated. For example, if a program issues an "allocate" (48h), DOS locates a block of free memory that satisfies the request, and then "carves" the requested memory out of that block. The requesting program is passed the location of the first byte of the block that was allocated for it - a memory management control block, describing the allocated block, has been built for the allocated block and a second memory management control block describes the amount of space left in the original free block of memory. When you do a SETBLOCK to shrink an allocated block, DOS builds a memory management control block for the area being freed and adds it to the chain of control blocks. Thus, any program that changed memory that is not allocated to it stands a chance of destroying a DOS memory management control block. This causes unpredictable results that don't show up until an activity is performed where DOS uses its chain of control blocks. The normal result is a memory allocation error, which means a system reset will be required. When a program (command or application program) is to be loaded, DOS uses the EXEC function call 4Bh to perform the loading. This is the same function call that is availible to applications programs for loading other programs. This function call has two options: Function 00h, to load and execute a program (this is what the command processor uses to load and execute external commands) Function 03h, to load an overlay (program) without executing it. Although both functions perform their loading in the same way (relocation is performed for EXE files) their handling of memory management is different. FUNCTION 0: For function 0 to load and execute a program, EXEC first allocates the largest availible block of memory (the new program's PSP will be at offset 0 in that block). Then EXEC loads the program. Thus, in most cases, the new program owns all the memory from its PSP to the end of memory, including memory occupied by the transient parent of COMMAND.COM. If the program were to issue its own EXEC function call to load and execute another program, the request would fail because no availible memory exists to load the new program into. NOTE: For EXE programs, the amount of memory allocated is the size of the program's memory image plus the value in the MAX_ALLOC field of the file's header (offset 0Ch, if that much memory is availible. If not, EXEC allocates the size of the program's memory image plus the value in the MIN_ALLOC field in the header (offset 0Ah). These fields are set by the Linker). A well-behaved program uses the SETBLOCK function call when it receives control, to shrink its allocated memory block down to the size it really needs. A COM program should remember to set up its own stack before doing the SETBLOCK, since it is likely that the default stack supplied by DOS lies in the area of memory being used. This frees unneeded memory, which can be used for loading other programs. If the program requires additional memory during processing, it can obtain the memory using the allocate function call and later free it using the free memory function call. When a program is loaded using EXEC function call 00h exits, its initial allocation block (the block beginning with its PSP) is automatically freed before the calling program regains control. It is the responsibility of all programs to free any memory they allocate before exiting to the calling program. FUNCTION 3: For function 3, to load an overlay, no PSP is built and EXEC assumes the calling program has already allocated memory to load the new program into - it will NOT allocate memory for it. Thus the calling program should either allow for the loading of overlays when it determines the amount of memory to keep when issuing the SETBLOCK call, or should initially free as much memory as possible. The calling program should then allocate a block (based on the size of the program to be loaded) to hold the program that will be loaded using the "load overlay" call. Note that "load overlay" does not check to see if the calling program actually owns the memory block it has been instructed to load into - it assumes the calling program has followed the rules. If the calling program does not own the memory into which the overlay is being loaded, there is a chance the program being loaded will overlay one of the control blocks that DOS uses to keep track of memory blocks. Programs loaded using function 3 should not issue any SETBLOCK calls since they don't own the memory they are operating in. (This memory is owned by the calling program) Because programs loaded using function 3 are given control directly by (and return contrrol directly to) the calling program, no memory is automatically freed when the called program exits. It is up to the calling program to determine the disposition of the memory that had been occupied by the exiting program. Note that if the exiting program had itself allocated any memory, it is responsible for freeing that memory before exiting. Memory control blocks, sometimes called "arena headers" after their UNIX counterpart, are 16 bytes long. Only the first 5 bytes are used. 16 bytes are used for the memory control block, which always starts at a paragraph boundary. When DOS call 48h is made to allocate "x" many paragraphs of memory, the amount used up is actually one more than the figure in the BX register to provide space for the associated memory control block. The location of the memory control block is at the paragraph immediately before the segment value returned in AX by the DOS function 48h call i.e. ((AX-1):0). ������������������������������������������������������������������������������Ŀ � M E M O R Y C O N T R O L B L O C K � ������������������������������������������������������������������������������Ĵ � Bytes � Function � ������������������������������������������������������������������������������Ĵ � 0 � ASCII M or Z � ������������������������������������������������������������������������������Ĵ � 1-2 � PSP segment address of the program that owns this block of memory � ������������������������������������������������������������������������������Ĵ � 3-4 � Size of next MCB in 16-byte paragraphs � ������������������������������������������������������������������������������Ĵ � 5-F � unused � �������������������������������������������������������������������������������� byte 1 will always have the value of 4Dh or 5Ah. The value 5Ah (Z) indicates the block is the last in a chain, all memory above it is unused. 4Dh (M) means that the block is intermediate in a chain, the memory above it belongs to the next program or to DOS. byte 2,3 hold the PSP segment address of the program that owns the corresponding block of memory. A value of 0 means the block is free to be claimed, any other value represents a segment address. byte 3, 4 indicate the size in paragraphs of the memory block. If you know the address of the first block, you can find the next block by adding the length of the memory block plus 1 to the segment address of the control block. Finding the first block can be difficult, as this varies according to the DOS version and the configuration. The remaining 11 bytes are not currently used by DOS, and may contain "trash" characters left in memory from previous applications. If DOS determines that the allocation chain of memory control blocks has been corrupted, it will halt the system and display the message "Memory Allocation Error", and the system will halt, requiring a reboot. Each memory block consists of a signature byte (4Dh or 5Ah) then a word which is the PSP value of the owner of the block (which allocated it), followed by a word which is the size in paragraphs of the block. The last block has a signature of 5Ah. All others have 4Dh. If the owner is 0000 then the block is free. Once a memory control block has been created it should only be manipulated with the appropriate DOS function calls. Accidentally writing over any of the first 5 bytes of a memory control block can cause a memory allocation error and cause the system to lock up. If the first byte is overwritten with something other than an 'M' or a 'Z' then DOS will complain with an error return code of 7 signifying "Memory Control Blocks destroyed". However, should you change the ownership or block size bytes, you've had it. When a .COM program is first loaded by DOS and given control, the memory control block immediately preceding the Program Segment Prefix contains the following data: ID = 'Z' Owner = segment address of PSP (= CS register of .COM program) Size = number of available paragraphs in DOS memory pool An .EXE file will have the following data in the memory control block for the program (just prior to the PSP): ID = 'M' Owner = segment address of PSP (= DS register of program) Size = the number of paragraphs allocated to the program according to the information in the .EXE program header In the case of an .EXE program file the amount of memory allocated depends on the contents of the program header which informs the DOS loader how much to allocate for each of the segments in the program. With an .EXE program file there will always be a 'Z' memory control block created in memory immediately after the end of the space allocated to the program itself. One important fact to remember about DOS memory allocation is that blocks of RAM allocated by different calls to DOS function 48H will NOT be contiguous. At the very best, they will be separated by the 16 bytes of the memory control block, and at worst they could be anywhere in RAM that DOS manages to find a existing memory control block of sufficient size to accomodate the memory request. DOS treats the memory control blocks as a kind of linked list (term used loosely). It uses the earlier MCBs to find the later ones by calculating the location of the next one from the size of the prior one. As such, erasing any of the MCB data in the chain of MCBs will upset DOS severely, as each call for a new memory allocation causes DOS to scan the whole chain of MCBs looking for a free one that is large enough to fulfill the request. A separate MCB is created for the DOS environment strings at each program load, so there will be many copies of the environment strewn through memory when you have a lot of memory resident programs loaded. The memory control blocks for the DOS environment strings are not returned to the DOS memory pool if the program goes resident, as DOS will need to copy this enviroment for the next program loaded. ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R S E V E N DOS FILE STRUCTURE FILE MANAGEMENT FUNCTIONS������������������������������������������������������ Use DOS function calls to create, open, close, read, write, rename, find, and erase files. There are two sets of function calls that DOS provides for support of file management. They are: * File Control Block function calls (0Fh-24h) * Handle function calls (39h-69h) Handle function calls are easier to use and are more powerful than FCB calls. Microsoft recommends that the handle function calls be used when writing new programs. DOS 3.0 up have been curtailing use of FCB function calls; it is possible that future versions of DOS may not support FCB function calls. The following table compares the use of FCB calls to Handle function calls: ������������������������������������������������������������������������Ŀ � FCB Calls � Handle Calls � ������������������������������������������������������������������������Ĵ � Access files in current � Access files in ANY directory � � directory only. � � � � � � Requires the application � Does not require use of an FCB. � � program to maintain a file � Requires a string with the drive, � � control block to open, � path, and filename to open, create, � � create, rename or delete � rename, or delete a file. For file � � a file. For I/O requests, � I/O requests, the application program � � the application program � must maintain a 16 bit file handle � � also needs an FCB � that is supplied by DOS. � �������������������������������������������������������������������������� The only reason an application should use FCB function calls is to maintain the ability to run under DOS 1.x. To to this, the program may use only function calls 00h-2Eh. Though the FCB function calls are frowned upon, many of the introductory assembly language programming texts use the FCB calls as examples. FCB FUNCTION CALLS ������������������������������������������������������������ FCB function calls require the use of one File Control Block per open file, which is maintained by the application program and DOS. The application program supplies a pointer to the FCB and fills in ther appropriate fields required by the specific function call. An FCB function call can perform file management on any valid drive, but only in the current logged directory. By using the current block, current record, and record length fields of the FCB, you can perform sequential I/O by using the sequential read or write function calls. Random I/O can be performed by filling in the random record and record length fields. Several possible uses of FCB type calls are considered programming errors and should not be done under any circumstances to avoid problems with file sharing and compatibility with later versions of DOS. Some errors are: 1) If program uses the same FCB structure to access more than one open file. By opening a file using an FCB, doing I/O, and then replacing the filename field in the file control block with a new filename, a program can open a second file using the same FCB. This is invalid because DOS writes control info- rmation about the file into the reserved fields of the FCB. If the program then replaces the filename field with the original filename and then tries to perform I/O on this file, DOS may become confused because the control info- rmation has been changed. An FCB should never be used to open a second file without closing the one that is currently open. If more than one File Control Block is to be open concurrently, separate FCBs should be used. 2) A program should never try to use the reserved fields in the FCB, as the function of the fields changes with different versions of DOS. 3) A delete or a rename on a file that is currently open is considered an error and should not be attempted by an application program. It is also good programming practice to close all files when I/O is done. This avoids potential file sharing problems that require a limit on the number of files concurrently open using FCB function calls. HANDLE FUNCTION CALLS���������������������������������������������������������� The recommended method of file management is by using the extended "handle" set of function calls. These calls are not restricted to the current directory. Also, the handle calls allow the application program to define the type of access that other processes can have concurrently with the same file if the file is being shared. To create or open a file, the application supplies a pointer to an ASCIIZ string giving the name and location of the file. The ASCIIZ string contains an optional drive letter, optional path, mandatory file specification, and a terminal byte of 00h. The following is an example of an ASCIIZ string: format [drive][path] filename.ext,0 DB "A:\path\filename.ext",0 If the file is being created, the application program also supplies the attribute of the file. This is a set of values that defines the file read only, hidden, system, directory, or volume label. If the file is being opened, the program can define the sharing and access modes that the file is opened in. The access mode informs DOS what operations your program will perform on this file (read-only, write-only, or read/write) The sharing mode controls the type of operations other processes may perform concurrently on the file. A program can also control if a child process inherits the open files of the parent. The sharing mode has meaning only if file sharing is loaded when the file is opened. To rename or delete a file, the appplication program simply needs to provide a pointer to the ASCIIZ string containing the name and location of the file and another string with the new name if the file is being renamed. The open or create function calls return a 16-bit value referred to as the file handle. To do any I/O to a file, the program uses the handle to reference the file. Once a file is opened, a program no longer needs to maintain the ASCIIZ string pointing to the file, nor is there any need to stay in the same directory. DOS keeps track of the location of the file regardless of what directory is current. Sequential I/O can be performed using the handle read (3Fh) or write (40h) function calls. The offset in the file that IO is performed to is automatically moved to the end of what was just read or written. If random I/O is desired, the LSEEK (42h) function call can be used to set the offset into the file where I/O is to be performed. SPECIAL FILE HANDLES����������������������������������������������������������� DOS reserves five special file handles for use by itself and applications programs. They are: ������������������������������������������������������������������������������Ŀ � 0000h � STDIN � standard input device (input can be redirected) � � 0001h � STDOUT � standard output device (output can be redirected) � � 0002h � STDERR � standard error output device (output cannot be redirected) � � 0004h � STDAUX � standard auxiliary device � � 0005h � STDPRN � standard printer device � �������������������������������������������������������������������������������� These handles are predefined by DOS and can be used by an application program. They do not need to be opened by a program, although a program can close these handles. STDIN should be treated as a read-only file, and STDOUT and STDERR should be treated as write-only files. STDIN and STDOUT can be redirected. All handles inherited by a process can be redirected, but not at the command line. These handles are very useful for doing I/O to and from the console device. For example, you could read input from the keyboard using the read (3Fh) function call and file handle 0000h (STDIN), and write output to the console screen with the write function call (40h) and file handle 0001h (STDOUT). If you wanted an output that could not be redirected, you could output it using file handle 0002h (STDERR). This is very useful for error messages that must be seen by a user. File handles 0003h (STDAUX) and 0004h (STDPRN) can be both read from and written to. STDAUX is typically a serial device and STDPRN is usually a parallel device. ASCII and BINARY MODE���������������������������������������������������������� I/O to files is done in binary mode. This means that the data is read or written without modification. However, DOS can also read or write to devices in ASCII mode. In ASCII mode, DOS does some string processing and modification to the characters read and written. The predefined handles are in ASCII mode when initialized by DOS. All other file handles that don't refer to devices are in binary mode. A program, can use the IOCTL (44h) function call to set the mode that I/O is to a device. The predefined file handles are all devices, so the mode can be changed from ASCII to binary via IOCTL. Regular file handles that are not devices are always in binary mode and cannot be changed to ASCII mode. The ASCII/BINARY bit was called "raw" in DOS 2.x, but it is called ASCII/BINARY in DOS 3.x. The predefined file handles STDIN (0000h) and STDOUT (0001h) and STDERR (0002h) are all duplicate handles. If the IOCTL function call is used to change the mode of any of these three handles, the mode of all three handles is changed. For example, if IOCTL was used to change STDOUT to binary mode, then STDIN and STDERR would also be changed to binary mode. FILE I/O IN BINARY (RAW) MODE�������������������������������������������������� The following is true when a file is read in binary mode: 1) The characters ^S (scroll lock), ^P (print screen), ^C (control break) are not checked for during the read. Therefore, no printer echo occurs if ^S or ^P are read. 2) There is no echo to STDOUT (0001h). 3) Read the number of specified bytes and returns immediately when the last byte is received or the end of file reached. 4) Allows no editing of the ine input using the function keys if the input is from STDIN (0000h). The following is true when a file is written to in binary mode: 1) The characters ^S (scroll lock), ^P (print screen), ^C (control break) are not checked for during the write. Therefore, no printer echo occurs. 2) There is no echo to STDOUT (0001h). 3) The exact number of bytes specified are written. 4) Does not caret (^) control characters. For example, ctrl-D is sent out as byte 04h instead of the two bytes ^ and D. 5) Does not expand tabs into spaces. FILE I/O IN ASCII (COOKED) MODE������������������������������������������������ The following is true when a file is read in ASCII mode: 1) Checks for the characters ^C,^S, and ^P. 2) Returns as many characters as there are in the device input buffer, or the number of characters requested, whichever is less. If the number of characters requested was less than the number of characters in the device buffer, then the next read will address the remaining characters in the buffer. 3) If there are no more bytes remaining in the device input buffer, read a line (terminated by ^M) into the buffer. This line may be edited with the function keys. The characters returned terminated with a sequence of 0Dh, 0Ah (^M,^J) if the number of characters requested is sufficient to include them. For example, if 5 characters were requested, and only 3 were entered before the carriage return (0Dh or ^M) was presented to DOS from the console device, then the 3 characters entered and 0Dh and 0Ah would be returned. However, if 5 characters were requested and 7 were entered before the carriage return, only the first 5 characters would be returned. No 0Dh,0Ah sequence would be returned in this case. If less than the number of characters requested are entered when the carriage return is received, the characters received and 0Dh,0Ah would be returned. The reason the 0Ah (linefeed or ^J) is added to the returned characters is to make the devices look like text files. 4) If a 1Ah (^Z) is found, the input is terminated at that point. No 0Dh,0Ah (CR,LF) sequence is added to the string. 5) Echoing is performed. 6) Tabs are expanded. The following is true when a file is written to in ASCII mode: 1) The characters ^S,^P,and ^C are checked for during the write operation. 2) Expands tabs to 8-character boundaries and fills with spaces (20h). 3) Carets control characters, for example, ^D is written as two bytes, ^ and D. 4) Bytes are output until the number specified is output or a ^Z is encountered. The number actually output is returned to the user. NUMBER OF OPEN FILES ALLOWED��������������������������������������������������� The number of files that can be open concurrently is restricted by DOS. This number is determined by how the file is opened or created (FCB or handle function call) and the number specified by the FCBS and FILES commands in the CONFIG.SYS file. The number of files allowed open by FCB function calls and the number of files that can be opened by handle type calls are independent of one another. RESTRICTIONS ON FCB USAGE������������������������������������������������������ If file sharing is not loaded using the SHARE command, there are no restrictions on the nuumber of files concurrently open using FCB function calls. However, when file sharing is loaded, the maximum number of FCBs open is set by the the FCBS command in the CONFIG.SYS file. The FCBS command has two values you can specify, 'm' and 'n'. The value for 'm' specifies the number of files that can be opened by FCBs, and the value 'n' specifies the number of FCBs that are protected from being closed. When the maximum number of FCB opens is exceeded, DOS automatically closes the least recently used file. Any attempt to access this file results in an int 24h critical error message "FCB not availible". If this occurs while an application program is running, the value specified for 'm' in the FCBS command should be increased. When DOS determines the least recently used file to close, it does not include the first 'n' files opened, therefore the first 'n' files are protected from being closed. RESTRICTIONS ON HANDLE USAGE��������������������������������������������������� The number of files that can be open simultaneously by all processes is determined by the FILES command in the CONFIG.SYS file. The number of files a single process can open depends on the value specified for the FILES command. If FILES is greater than or equal to 20, a single process can open 20 files. If FILES is less than 20, the process can open less than 20 files. This value includes three predefined handles: STDIN, STDOUT, and STDERR. This means only 17 additional handles can be added. DOS 3.3 includes a function to use more than 20 files per application. ALLOCATING SPACE TO A FILE����������������������������������������������������� Files are not nescessarily written sequentially on a disk. Space is allocated as needed and the next location availible on the disk is allocated as space for the next file being written. Therefore, if considerable file generation has taken place, newly created files will not be written in sequential sectors. However, due to the mapping (chaining) of file space via the File Allocation Table (FAT) and the function calls availible, any file may be used in either a sequential or random manner. Space is allocated in increments called clusters. Cluster size varies according to the media type. An application program should not concern itself with the way that DOS allocates space to a file. The size of a cluster is only important in that it determines the smallest amount of space that can be allocated to a file. A disk is considered full when all clusters have been allocated to files. MSDOS / PCDOS DIFFERENCES������������������������������������������������������ There is a problem of compatibility between MS-DOS and IBM PC-DOS having to do with FCB Open and Create. The IBM 1.0, 1.1, and 2.0 documentation of OPEN (call 0Fh) contains the following statement: "The current block field (FCB bytes C-D) is set to zero [when an FCB is opened]." This statement is NOT true of MS-DOS 1.25 or MS-DOS 2.00. The difference is intentional, and the reason is CP/M 1.4 compatibility. Zeroing that field is not CP/M compatible. Some CP/M programs will not run when machine translated if that field is zeroed. The reason it is zeroed in the IBM versions is that IBM specifically requested that it be zeroed. This is the reason for the complaints from some vendors about the fact that IBM MultiPlan will not run under MS-DOS. It is probably the reason that some other IBM programs don't run under MS-DOS. NOTE: Do what all MS/PC-DOS systems programs do: Set every single FCB field you want to use regardless of what the documentation says is initialized. .COM FILE STRUCTURE������������������������������������������������������������ The COM file structure was designed for DOS 1.0 and maximum compatibility with programs ported from the CP/M operating system. COM files normally comprise one segment only. .EXE FILE STRUCTURE������������������������������������������������������������ The EXE file is the native mode for DOS. EXE files may make use of multiple segments for code, stack, and data. The design of the EXE file reflects the segmented design of the Intel 80x86 CPU architecture. EXE files may be as large as availible memory and may make references to specific segment addresses. The EXE files produced by the Linker program consist of two parts, control and relocation information and the load module itself. The control and relocation information, which is described below, is at the beginning of the file in an area known as the header. The load module immediately follows the header. The load module begins in the memory image of the module contructed by the Linker. When you are loading a file with the name *.EXE, DOS does NOT assume that it is an EXE format file. It looks at the first two bytes for a signature telling it that it is an EXE file. If it has the proper signature, then the load proceeds. Otherwise, it presumes the file to be a .COM format file. If the file has the EXE signature, then the internal consistency is checked. Pre-2.0 versions of MSDOS did not check the signature byte for EXE files. The .EXE format can support programs larger than 64K. It does this by allowing separate segments to be defined for code, data, and the stack, each of which can be up to 64K long. Programs in EXE format may contain explicit references to segment addresses. A header in the EXE file has information for DOS to resolve these references. The .EXE header is formatted as follows: �����������������������������������������������������������������������������Ŀ � Offset � C O N T E N T S � �����������������������������������������������������������������������������Ĵ � 00h � 4Dh � This is the Linker's signature to mark the file as a valid � ���������������Ĵ .EXE file (The ASCII letters M and Z, for Mark Zbikowski, � � 01h � 5Ah � one of the major designers of DOS at Microsoft) � �����������������������������������������������������������������������������Ĵ � 02h-03h � Length of the image mod 512 (remainder after dividing the load � � � module image size by 512) � �����������������������������������������������������������������������������Ĵ � 04h-05h � Size of the file in 512 byte pages including the header. � �����������������������������������������������������������������������������Ĵ � 06h-07h � Number of relocation table items following the header. � �����������������������������������������������������������������������������Ĵ � 08h-09h � Size of the header in 16 byte increments (paragraphs). This is � � � used to locate the beginning of the load module in the file. � �����������������������������������������������������������������������������Ĵ � 0Ah-0Bh � Minimum number of 16 byte paragraphs required above the end of � � � the loaded program. � �����������������������������������������������������������������������������Ĵ � 0Ch-0Dh � Maximum number of 16 byte paragraphs required above the end of � � � the loaded program. If the minimum and maximum number of � � � paragraphs are both zero, the program will be loaded as high in � � � memory as possible. � �����������������������������������������������������������������������������Ĵ � 0Eh-0Fh � Displacement in paragraphs of stack segment within load module. � � � This size must be adjusted by relocation. � �����������������������������������������������������������������������������Ĵ � 10h-11h � Offset to be in SP register when the module is given control. � �����������������������������������������������������������������������������Ĵ � 12h-13h � Word Checksum - negative sum of all the words in the file, � � � ignoring overflow. � �����������������������������������������������������������������������������Ĵ � 14h-15h � Offset to be in the IP register when the module is given control. � �����������������������������������������������������������������������������Ĵ � 16h-17h � Displacement in paragraphs of code segment within load module. � � � This size must be adjusted by relocation. � �����������������������������������������������������������������������������Ĵ � 18h-19h � Displacement in bytes of the first relocation item in the file. � �����������������������������������������������������������������������������Ĵ � 1Ah-1Bh � Overlay number (0 for the resident part of the program) � ������������������������������������������������������������������������������� THE RELOCATION TABLE����������������������������������������������������������� The word at 18h locates the first entry in the relocation table. The relocation table is made up of a variable number of relocation items. The number of items is contained at offset 06-07. The relocation item contains two fields - a 2 byte offset value, followed by a 2 byte segment value. These two fields represent the displacement into the load module before the module is given control. The process is called relocation and is accomplished as follows: 1. The formatted part of the header is read into memory. Its size is 1Bh. 2. A portion of memory is allocated depending on the size of the load module and the allocation numbers in offsets 0Ah-0Ch and 0Ch-0Dh. DOS always tries to allocate 0FFFFh paragraphs. Since this call will always fail, the function returns the amount of free memory. If this block is larger than the minimum specified at offset 0Ah and the loaded program size, DOS will allocate the size specified at offset 0Ch or the largest free memory space, whichever is less. 3. A Program Segment Prefix is built following the resident portion of the program that is performing the load operation. 4. The formatted part of the header is read into memory (its size is at offset 08h) 5. The load module size is determined by subtracting the header size from the file size. Offsets 04h and 08h can be used for this calculation. The actual size is downward adjusted based on the contents of offsets 02-03. Note that all files created by the Linker programs prior to version 1.10 always placed a value of 4 at this location, regardless of the actual program size. Therefore, Microsoft recommends that this field be ignored if it contains a value of 4. Based on the setting of the high/low loader switch, an appropriate segment is determined for loading the load module. This segment is called the start segment. 6. The load module is read into memory beginning at the start segment. The relocation table is an ordered list of relocation items. The first relocation item is the one that has the lowest offset in the file. 7. The relocation table items are read into a work area one or more at a time. 8. Each relocation table item segment value is added to the start segment value. The calculated segment, in conjunction with the relocation item offset value, points to a word in the load module to which is added the start segment value. The result is placed back into the word in the load module. 9. Once all the relocation items have been processed, the SS and SP registers are set from the values in the header and the start segment value is added to SS. The ES and DS registers are set to the segment address of the program segment prefix. The start segment value is added to the header CS register value. The result, along with the header IP value, is used to give the module control. "NEW" .EXE FORMAT (Microsoft Windows and OS/2)��������������������������������� The "old" EXE format is documented here. The "new" EXE format puts more information into the header section and is currently used in applications that run under Microsoft Windows. The linker that creates these files comes with the Microsoft Windows Software Development Kit and is called LINK4. If you try to run a Windows-linked program under DOS, you will get the error message "This program requires Microsoft Windows". PIF Files PIF stands for "Program Information File". The PIF format was developed by IBM for use with TopView, its multitasking manager. Microsoft also uses PIF files to pass information regarding the amount of memory and type of I/O a program running under Microsoft Windows requires. The actual internal format of the PIF files is documented in the IBM TopView Programmers' ToolKit. STANDRD FILE CONTROL BLOCK����������������������������������������������������� The standard file control block is defined as follows, with offsets in hex: ������������������������������������������������������������������������������Ŀ � F I L E C O N T R O L B L O C K � ������������������������������������������������������������������������������Ĵ � Bytes � Function � ������������������������������������������������������������������������������Ĵ � 0 � 1 byte Drive number. For example: � � � Before open: 00h = default drive � � � 01h = drive A: � � � 02h = drive B: etc. � � � After open: 00h = drive C: � � � 01h = drive A: � � � 02h = drive B: etc. � � � An 0 is replaced by the actual drive number during open. � ������������������������������������������������������������������������������Ĵ � 1-8 � 8 bytes Filename, left justified with blanks. If a reserved device � � � name is placed here (such as PRN) do not include the optional colon. � ������������������������������������������������������������������������������Ĵ � 9-B � 3 bytes Filename extension, left justified with trailing blanks. � ������������������������������������������������������������������������������Ĵ � C-D � 2 bytes Current block # relative to start of file, starting with 0 � � � (set to 0 by the open function call). A block consists of 128 � � � records, each of the size specified in the logical record size field.� � � The current block number is used with the current record field � � � (below) for sequential reads and writes. � ������������������������������������������������������������������������������Ĵ � E-F � 2 bytes Logical record size in bytes. Set to 80h by OPEN function � � � If this is not correct, you must set the value because DOS uses it � � � to determine the proper locations in the file for all disk reads and � � � writes. � ������������������������������������������������������������������������������Ĵ � 10-13 � 4 bytes File size in bytes. In this field, the first word is the � � � low-order part of the size. � ������������������������������������������������������������������������������Ĵ � 14-15 � 2 bytes Date file was created or last updated. mm/dd/yy are mapped � � � as follows: � � � 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 � � � y y y y y y y m m m m d d d d d � � � where: mm is 1-12 � � � dd is 1-31 � � � yy is 0-119 (1980-2099) � ������������������������������������������������������������������������������Ĵ � 16-17 � 2 bytes time file was created or last updated. � ������������������������������������������������������������������������������Ĵ � � These bytes contain the time when the file was created or last � � � updated. The time is mapped in the bits as follows: � � ���������������������������������������������������������������Ŀ � � � B Y T E 16h � B Y T E 17h � � � ���������������������������������������������������������������Ĵ � � � F E D C B A 9 8 � 7 6 5 4 3 2 1 0 � � � ���������������������������������������������������������������Ĵ � � � H H H H H � M M M M M M � D D D D D � � � ���������������������������������������������������������������Ĵ � � � binary # hrs 0-23 � binary # minutes 0-59 � bin. # 2-sec incr � � � ����������������������������������������������������������������� � � � note: The time is stored with the least significant byte first. � ������������������������������������������������������������������������������Ĵ � 18-19 � 2 bytes Reserved for DOS. � ������������������������������������������������������������������������������Ĵ � 20 �1 byte Current relative record number (0-127) within the current � � � block. This field and the Current Block field at offset 0Ch make up � � � the record pointer. This field is not initialized by the OPEN � � � function call. You must set this field before doing sequential read- � � � write operations to the diskette. � ������������������������������������������������������������������������������Ĵ � 21-25 � 4 bytes Relative Record. Points to the currently selected record, � � � counting from the beginning of the file starting with 0. This field � � � is not initialized by the OPEN system call. You must set this field � � � before doing a random read or write to the file. � � � If the record size is less than 64 bytes, both words are used. � � � Otherwise, only the first 3 bytes are used. Note that if you use the � � � File Control Block at 5Ch in the program segment, the last byte of � � � the FCB overlaps the first byte of the unformatted parameter area. � �������������������������������������������������������������������������������� note 1) An unopened FCB consists of the FCB prefix (if used), drive number, and filename.ext properly filled in. An open FCB is one in which the remaining fields have been filled in by the CREAT or OPEN function calls. 2) Bytes 0-5 and 32-36 must be set by the user program. Bytes 16-31 are set by DOS and must not be changed by user programs. 3) All word fields are stored with the least significant byte first. For example, a record length of 128 is stored as 80h at offset 14, and 00h at offset 15. EXTENDED FILE CONTROL BLOCK���������������������������������������������������� The extended file control block is used to create or search for files in the disk directory that have special attributes. It adds a 7 byte prefix to the FCB, formatted as follows: ������������������������������������������������������������������������������Ŀ � E X T E N D E D F I L E C O N T R O L B L O C K � ������������������������������������������������������������������������������Ĵ � Bytes � Function � ������������������������������������������������������������������������������Ĵ � 0 � Flag byte containing 0FFh to indicate an extended FCB. � ������������������������������������������������������������������������������Ĵ � 1-6 � Reserved � ������������������������������������������������������������������������������Ĵ � 6-7 � Attribute byte. Refer to function call 11h (search first) for � � � details on using the attribute bits during directory searches. This � � � function is present to allow applications to define their own files � � � as hidden (and thereby excluded from normal directory searches) and � � � to allow selective directory searches. � �������������������������������������������������������������������������������� Any reference in the DOS function calls to an FCB, whether opened or unopened, may use either a normal or extended FCB. If you are using an extended FCB, the appropriate register should be set to the first byte of the prefix, rather than the drive-number field. Common practice is to refer to the extended FCB as a negative offset from the first byte of a standard File Control Block. ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R E I G H T DOS DISK INFORMATION C O N T E N T S The DOS Area .......................................................... 8**1 The Boot Record ....................................................... 8**2 DOS File Allocation Table (FAT) ....................................... 8**3 Media Descriptor Byte ......................................... 8**4 12 Bit FATs ................................................... 8**5 16 Bit FATs ................................................... 8**6 DOS Disk Directory .................................................... 8**8 The Data Area ......................................................... 8**9 Floppy Disk Types ..................................................... 8**10 Hard Disk Layout ...................................................... 8**11 System Initialization ................................................. 8**12 Boot Record/Partition Table ........................................... 8**13 Hard Disk Technical Information ....................................... 8**14 Determining Hard Disk File Allocation ................................. 8**15 BIOS Disk Functions ................................................... 8**16 00h Reset 01h Get Status 02h Read Sectors 03h Write Sectors 04h Verify 05h Format Track (floppy disk) 06h Hard Disk - format track 07h Hard Disk - format drive 08h Read Drive Parameters 09h Initialize Two Fixed Disk Base Tables 0Ah Read Long (Hard disk) 0Bh Write Long (Hard disk) 0Ch Seek To Cylinder 0Dh Alternate Hard Disk Reset 0Eh Read Sector Buffer 0Fh Write sector buffer 10h Test For Drive Ready 11h Recalibrate Drive 12h Controller RAM Diagnostic 13h Controller Drive Diagnostic 14h Controller Internal Diagnostic 15h Get Disk Type 16h Get Disk Change Status (diskette) 17h Set Disk Type for Format (diskette) 18h Set Media Type For Format (diskette) 19h Park Hard Disk Heads 1Ah ESDI Hard Disk - Low Level Format 1Bh ESDI Hard Disk - Get Manufacturing Header 1Ch ESDI Hard Disk - Get Configuration THE DOS AREA����������������������������������������������������������� 8**1 All disks and diskettes formatted by DOS are created with a sector size of 512 bytes. The DOS area (entire area for a diskette, DOS partition for hard disks) is formatted as follows: ������������������������������������������������������������Ŀ � D O S A R E A � ������������������������������������������������������������Ĵ � partition table - variable size (hard disk only) � � boot record - 1 sector � � first copy of the FAT - variable size � � second copy of the FAT - same size as first copy � � root directory - variable size � � data area - variable depending on disk size � �������������������������������������������������������������� The following sections describe each of the allocated areas: THE BOOT RECORD�������������������������������������������������������� 8**2 The boot record resides on track 0, sector 1, side 0 of every diskette formatted by the DOS FORMAT program. For hard disks the boot record resides on the first sector of the DOS partition. It is put on all disks to provide an error message if you try to start up with a nonsystem disk in drive A:. If the disk is a system disk, the boot record contains a JMP instruction pointing to the first byte of the operating system. If the device is IBM compatible the first sector of the first FAT must be located at the same sector for all disk types. This is because the FAT sector is read before the disk type is actually determined. The information relating to the BPB for a particular media is kept in the disk's boot sector. The format of the boot sector is: ������������������������������������������������������������������������������Ŀ � D O S B O O T R E C O R D � ������������������������������������������������������������������������������Ĵ �00h�3 bytes� JMP to executable code. For DOS 2.x, 3 byte near jump (0E9h). � � � � For DOS 3.x, 2 byte near jump (0EBh) followed by a NOP (90h) � ������������������������������������������������������������������������������Ĵ �03h�8 bytes� optional OEM name and version (such as IBM 2.1) � ������������������������������������������������������������������������������Ĵ �0Bh�2 bytes� bytes per sector � ������������������������������������������������������������������������������Ĵ �0Dh� byte � � sectors per allocation unit (must be a power of 2) � �����������Ĵ ������������������������������������������������������������Ĵ �0Eh�2 bytes� B � reserved sectors (starting at logical sector 0) � � � � � 01 for 1.x-3.31, 02 for 4.0+ � �����������Ĵ ������������������������������������������������������������Ĵ �10h� byte � � number of FATs � �����������Ĵ ������������������������������������������������������������Ĵ �11h�2 bytes� � maximum number of root directory entries � �����������Ĵ P ������������������������������������������������������������Ĵ �13h�2 bytes� � number of sectors in logical image (total number of � � � � � sectors in media, including boot sector directories, etc.)� � � � � If logical disk size is geater than 32Mb, this value is 0 � � � � � and the actual size is reported at offset 26h (DOS 4.0+) � �����������Ĵ ������������������������������������������������������������Ĵ �15h� byte � B � media descriptor byte � �����������Ĵ ������������������������������������������������������������Ĵ �16h�2 bytes� � number of sectors occupied by a single FAT � ������������������������������������������������������������������������������Ĵ �18h�2 bytes� sectors per track � ������������������������������������������������������������������������������Ĵ �1Ah�2 bytes� number of heads � ������������������������������������������������������������������������������Ĵ �1Ch�2 bytes� # of hidden sectors (sectors before this volume) (1st part) � ������������������������������������������������������������������������������Ĵ � EXTENDED BOOT RECORD (DOS 4.0+) � ������������������������������������������������������������������������������Ĵ �1Eh�2 bytes� # of hidden sectors (sectors before this volume) (2nd part) � ������������������������������������������������������������������������������Ĵ �20h�4 bytes� # sectors in this disk (see offset 13h, if 0) � ������������������������������������������������������������������������������Ĵ �24h�2 bytes� physical drive number (max 2 for DOS 4, max 8 for DOS 5) � ������������������������������������������������������������������������������Ĵ �26h� byte � extended boot record signature (29h) � ������������������������������������������������������������������������������Ĵ �27h�4 bytes� volume serial number (assigned with a random function) � ������������������������������������������������������������������������������Ĵ �2Bh�11 byte� volume label � ������������������������������������������������������������������������������Ĵ �36h�7 bytes� file system ID (FAT12 ), (FAT16 ) etc. ("reserved") � �������������������������������������������������������������������������������� The three words at the end return information about the media. The number of heads is useful for supporting different multihead drives that have the same storage capacity but a different number of surfaces. The number of hidden sectors is useful for drive partitioning schemes. DOS 3.2 uses a table called the BIOS Parameter Block (BPB) to determine if a disk has a valid File Allocation Table. The BPB is located in the first sector of a floppy disk. Although the BPB is supposed to be on every formatted floppy disk, some earlier versions of DOS did not create a BPB and instead assumed that the FAT begins at the second sector of the disk and that the first FAT byte (Media Descriptor Byte) describes the disk format. DOS 3.2 reads in the whole of the BPB and tries to use it - although strangely enough, it seems as if DOS is prepared to cope with a BPB that is more or less totally blank (it seems to ignore the descriptor byte and treat it as a DSDD 9-sector disk). DOS 3.2 determines if a disk has a valid boot sector by examining the first byte of logical sector 0. If that byte it a jump instruction 0E9h, DOS 3.2 assumes the rest of the sector is a valid boot sector with a BPB. If the first byte is not 0E9h DOS 3.2 behaves like previous versions, assumes the boot sector is invalid and uses the first byte of the FAT to determine the media type. If the first byte on the disk happens to be 0E9h, but the disk does not have a BPB, DOS 3.2 will return a disk error message. The real problems occur if some of the BPB data is valid and some isn't. Apparently some OEMs have assumed that DOS would continue to ignore the formatting data on the disk, and have failed to write much there during FORMAT except the media descriptor byte (or, worse, have allowed random junk to be written there). While this error is understandable, and perhaps even forgiveable, it remains their problem, not IBM's, since the BPB area has always been documented as containing the format information that IBM DOS 3.2 now requires to be there. When the BPB problems first became evident with DOS 3.2 a number of reports circulated claiming DOS looked for the letters "IBM" in the OEM ID field. This was incorrect. IBM DOS 4.0 *did* check for the letters "IBM" and would refuse to recognize hard drives formatted under MSDOS 4.0. IBM corrected this with their 4.01 revision. THE DOS FILE ALLOCATION TABLE (FAT)������������������������������������ 8**3 The File Allocation Table, or FAT, has three main purposes: 1) to mark bad sectors on the media 2) to determine which sectors are free for use 3) to determine the physical location(s) of a file on the media. DOS uses one of two schemes for defining the File Allocation Table: 1) a 12-bit FAT, for DOS 1.x, 2.x, all floppies, and small hard disks 2) a 16-bit FAT, for DOS 3.x+ hard disks from 16.8 to 32Mb This section explains how DOS uses the FAT to convert the clusters of a file into logical sector numbers. It is recommended that system utilities use the DOS handle calls rather than interpreting the FAT, particularly since aftermarket disk partitioning or formatting software may have been used. The FAT is used by DOS to allocate disk space for files, one cluster at a time. In DOS 4.0, clusters are referred to as "allocation units." It means the same things; the smallest logical portion of a drive. The FAT consists of a 12 bit entry (1.5 bytes) for each cluster on the disk or a 16 bit (2 bytes) entry when a hard disk has more than 20740 sectors as is the case with fixed disks larger than 10Mb. The first two FAT entries map a portion of the directory; these FAT entries contain indicators of the size and format of the disk. The FAT can be in a 12 or 16 bit format. DOS determines whether a disk has a 12 or 16 bit FAT by looking at the total number of allocation units on a disk. For all diskettes and hard disks with DOS partitions less than 20,740 sectors, the FAT uses a 12 bit value to map a cluster. For larger partitions, DOS uses a 16 bit value. The second, third, and fourth bit applicable for 16 bit FAT bytes always contains 0FFFFh. The first byte is used as follows: Media Descriptor Byte ................................................. 8**4 ������������������������������������������������������������������������������Ŀ � M E D I A D E S C R I P T O R B Y T E � ������������������������������������������������������������������������������Ĵ �hex value � meaning � normally used � ������������������������������������������������������������������������������Ĵ � 00 � hard disk � 3.3+ extended DOS partition � ������������������������������������������������������������������������������Ĵ � ED � double sided 9 sector 80 track � Tandy 2000 720k (5�) � ������������������������������������������������������������������������������Ĵ � F0 � double sided 18 sector diskette � PS/2 1.44 meg DSHD � ������������������������������������������������������������������������������Ĵ � F8 � hard disk � bootable hard disk at C:800 � ������������������������������������������������������������������������������Ĵ � F8 � 720k floppy, 9 sector 80 track � Sanyo 55x, DS-DOS 2.11 (5�) � ������������������������������������������������������������������������������Ĵ � F9 � double sided 15 sector diskette � AT 1.2 meg DSHD � � � double sided 9 sector diskette � Convertible 720k DSQD � ������������������������������������������������������������������������������Ĵ � FA � IBM Displaywriter System disk � 287k � � � Kodak "4 meg" (Pelican) � 4.4 meg (5�) � ������������������������������������������������������������������������������Ĵ � FB � IBM Displaywriter System disk � 1 meg (5�) � � � Kodak "6 meg" (Pelican) � 5.5 meg (5�) � ������������������������������������������������������������������������������Ĵ � FC � single sided 9 sector diskette � DOS 2.0, 180k SSDD (5�) � ������������������������������������������������������������������������������Ĵ � FD � double sided 9 sector diskette � DOS 2.0, 360k DSDD (5�) � ������������������������������������������������������������������������������Ĵ � FF � double sided 36 sector diskette � Practidisk 2.88mb DSED (3�) � � � single sided 8 sector diskette � DOS 1.0, 160k SSDD (5�) � � � double sided 8 sector diskette � DOS 1.1, 320k SSDD (5�) � � � hard disk � Sanyo 55x with DS-DOS 2.11 � �������������������������������������������������������������������������������� �for 8 inch diskettes: � ������������������������������������������������������������������������������Ŀ � FD � double sided 26 sector diskette � IBM 3740 format DSSD � ������������������������������������������������������������������������������Ĵ � FE � single sided 26 sector diskette � IBM 3740 format SSSD � � �������������������������������������������������������������������Ĵ � � double sided 8 sector diskette � IBM 3740 format DSDD � �������������������������������������������������������������������������������� The third FAT entry begins mapping the data area (cluster 002). NOTE: These values are provided as a reference. Therefore, programs should not make use of these values. Each entry contains three hexadecimal characters for 12-bit FATs or four for 16-bit FATs. The possible entries are: 12-bit | 16-bit | 000h | 0000h if the cluster is unused and available 0FF7h | 0FFF7h bad cluster (if not part of the allocation chain) | 0FF0h-0FF7h | 0FFF0h-0FFF7h to indicate reserved clusters | 0FF8h-0FFFh | 0FFF8h-0FFFFh to indicate the last cluster of a file (EOF) | xxxH | xxxxH any other hexadecimal numbers are the cluster | number of the next cluster in the file. The | cluster number is the first cluster in the file | that is kept in the file's directory entry. The file allocation table always occupies the sector or sectors immediately following the boot record. If the FAT is larger than 1 sector, the sectors occupy consecutive sector numbers. Two copies of the FAT are written, one following the other, for integrity. The FAT is read into one of the DOS buffers whenever needed (open, allocate more space, etc). 12 Bit File Allocation Table .......................................... 8**5 Obtain the starting cluster of the file from the directory entry. Now, to locate each subsequent sector of the file: 1. Multiply the cluster number just used by 1.5 (each FAT entry is 1.5 bytes long). 2. The whole part of the product is offset into the FAT, pointing to the entry that maps the cluster just used. That entry contains the cluster number of the next cluster in the file. 3. Use a MOV instruction to move the word at the calculated FAT into a register. 4. If the last cluster used was an even number, keep the low order 12 bits of the register, otherwise, keep the high order 12 bits. 5. If the resultant 12 bits are (0FF8h-0FFFh) no more clusters are in the file. Otherwise, the next 12 bits contain the cluster number of the next cluster in the file. To convert the cluster to a logical sector number (relative sector, such as that used by int 25h and 26h and DEBUG): 1. Subtract 2 from the cluster number 2. Multiply the result by the number of sectors per cluster. 3. Add the logical sector number of the beginning of the data area. 12-bit FAT if DOS partition is smaller than 32,680 sectors (16.340 MB). 16 Bit File Allocation Table .......................................... 8**6 Obtain the starting cluster of the file from the directory entry. Now to locate each subsequent cluster of the file: 1. Multiply the cluster number used by 2 (each FAT entry is 2 bytes long). 2. Use the MOV word instruction to move the word at the calculated FAT offset into a register. 3. If the resultant 16 bits are (0FF8h-0FFFFh) no more clusters are in the file. Otherwise, the 16 bits contain the cluster number of the next cluster in the file. DOS Disk Directory .................................................... 8**8 The FORMAT command initially builds the root directory for all disks. Its location (logical sector number) and the maximum number of entries are available through the device driver interfaces. Since directories other than the root directory are actually files, there is no limit to the number of entries that they may contain. All directory entries are 32 bytes long, and are in the following format: ������������������������������������������������������������������������������� �offset � size � DISK DIRECTORY ENTRY ������������������������������������������������������������������������������� � 00h � 8 bytes � Filename � ����������������������������������������������������������������������� � � The first byte of the filename indicates the file status. � � The file status byte may contain the following values: � ����������������������������������������������������������������������� � � 00h � Directory entry has never been used. This is used to limit � � � the length of directory searches, for performance reasons. � � 05h � Indicates that the first character of the filename actually � � � has an 0EDh character. � � 0E5h � Filename has been used but the file has been erased. � � 2Eh � This entry is for a directory. If the second byte is also � � � 2Eh, the cluster field contains the cluster number of this � � � directory's parent directory. (0000h if the parent directory � � � is the root directory). Otherwise, bytes 00h-0Ah are all � � � spaces and the cluster field contains the cluster number of � � � the directory. � ����������������������������������������������������������������������� � � Any other character is the first character of a filename. Filenames � � are left-aligned and if necessary padded with blanks. ������������������������������������������������������������������������������� � 08h � 3 bytes � Filename extension if any � ����������������������������������������������������������������������� � � Three characters, left-aligned and padded with blanks if necessary. � � If there is no file extension, this field contains all blanks ������������������������������������������������������������������������������� � 0Bh � 1 byte � File attributes � ����������������������������������������������������������������������� � � The attribute byte is mapped as follows: � ����������������������������������������������������������������������� � � hex �bit� meaning � ����������������������������������������������������������������������� � � 00h � � (no bits set) normal; can be read or written without � � � � restriction � � 01h � 0 � file is marked read-only. An attempt to open the file for � � � � output using int 21h/fn 3Dh will fail and an error code � � � � will be returned. This value can be used with other values � � � � below. � � 02h � 1 � indicates a hidden file. The file is excluded from normal � � � � directory searches. � � 04h � 2 � indicates a system file. The file is excluded from normal � � � � directory searches. � � 08h � 3 � indicates that the entry contains the volume label in the � � � � first 11 bytes. The entry has no other usable information � � � � and may exist only in the root directory. � � 10h � 4 � indicates that the file is a subdirectory � � 20h � 5 � indicates an archive bit. This bit is set to on whenever � � � � the file is written to and closed. Used by BACKUP and � � � � RESTORE. � � � 6 � reserved, set to 0 � � � 7 � reserved, set to 0 � ����������������������������������������������������������������������� � � note 1) Bits 6 and 7 may be used in OS/2. � � note 2) Attributes 08h and 10h cannot be changed using int21/43h. � � note 3) The system files IBMBIO.COM and IBMDOS.COM (or customized � � equivalent) are marked as read-only, hidden, and system � � files. Files can be marked hidden when they are created. � � note 4) Read-only, hidden, system and archive attributes may be � � changed with int21h/fn43h. ������������������������������������������������������������������������������� � 0Ch � 10 bytes� Reserved by DOS; value unknown ������������������������������������������������������������������������������� � 16h � 2 bytes � File timestamp � ����������������������������������������������������������������������� � � These bytes contain the time when the file was created or last � � updated. The time is mapped in the bits as follows: � ���������������������������������������������������������������Ŀ � � B Y T E 16h � B Y T E 17h � � ���������������������������������������������������������������Ĵ � � F E D C B A 9 8 � 7 6 5 4 3 2 1 0 � � ���������������������������������������������������������������Ĵ � � H H H H H � M M M M M M � D D D D D � � ���������������������������������������������������������������Ĵ � � binary # hrs 0-23 � binary # minutes 0-59 � bin. # 2-sec incr � � ����������������������������������������������������������������� � � note: The time is stored with the least significant byte first. ������������������������������������������������������������������������������� � 18h � 2 bytes � File datestamp � ����������������������������������������������������������������������� � � This area contains the date when the file was created or last � � updated. The mm/dd/yy are mapped in the bits as follows: � ���������������������������������������������������������������Ŀ � � B Y T E 18h � B Y T E 19h � � ���������������������������������������������������������������Ĵ � � F E D C B A 9 8 � 7 6 5 4 3 2 1 0 � � ���������������������������������������������������������������Ĵ � � Y Y Y Y Y Y Y � M M M M � D D D D D � � ���������������������������������������������������������������Ĵ � � 0-119 (1980-2099) � 1-12 � 1-31 � � ����������������������������������������������������������������� � � note: The date is stored with the least significant byte first. ������������������������������������������������������������������������������� � 1Ah � 2 bytes � First file cluster number � ����������������������������������������������������������������������� � � * (reserved in DOS 2, documented in DOS 3+) � � This area contains the starting cluster number of the first cluster � � in the file. The first cluster for data space on all fixed disks and � � floppy disks is always cluster 002. The cluster number is stored � � with the least significant byte first. ������������������������������������������������������������������������������� � 1Ch � 4 bytes � File size � ����������������������������������������������������������������������� � � This area contains the file size in bytes. The first word contains � � the low order part of the size. Both words are stored with the least � � significant byte first. ������������������������������������������������������������������������������� The Data Area ......................................................... 8**9 Allocation of space for a file (in the data area) is done only when needed (it is not preallocated). The space is allocated one cluser (unit allocation) at a time. A cluster is always one or more consecutive sector numbers, and all of the clusters in a file are "chained" together in the FAT. The clusters are arranged on disk to minimize head movement for multisided media. All of the space on a track (or cylinder) is allocated before moving on to the next track. This is accomplished by using the sequential sector numbers on the lowest-numbered head, then all the sector numbers on the next head, and so on until all sectors of all heads of the track are used. Then the next sector used will be sector 1 of head 0 on the next track. An interesting innovation that was introduced in MS-DOS 3.0: disk space that is freed by erasing a file is not re-used immediately, unlike earlier versions of DOS. Instead, free space is obtained from the area not yet used during the current session, until all of it is used up. Only then will space that is freed during the current session be re-used. This feature minimizes fragmentation of files, since never-before-used space is always contiguous. However, once any space has been freed by deleting a file, that advantage vanishes at the next system boot. The feature also greatly simplifies un-erasing files, provided that the need to do an un-erase is found during the same session and also provided that the file occupies contiguous clusters. However, when one is using programs which make extensive use of temporary files, each of which may be created and erased many times during a session, the feature becomes a nuisance; it forces the permanent files to move farther and farther into the inner tracks of the disk, thus increasing rather than decreasing the amount of fragmentation which occurs. The feature is implemented in DOS by means of a single 16-bit "last cluster used" (LCU) pointer for each physical disk drive; this pointer is a part of the physical drive table maintained by DOS. At boot time, the LCU pointer is zeroed. Each time another cluster is obtained from the free-space pool (the FAT), its number is written into the LCU pointer. Each time a fresh cluster is required, the FAT is searched to locate a free one; in older versions of DOS this search always began at Cluster 0000, but in 3.x it begins at the cluster pointed to by the LCU pointer. For hard disks, the size of the file allocation table and directory are determined when FORMAT initializes it and are based on the size of the DOS partition. Floppy Disk Types ..................................................... 8**10 The following tables give the specifications for floppy disk formats: IBM PC-DOS disk formats: # of FAT size DIR total sides (sectors)(entries) sectors � sectors � DIR � sectors� � /track �sectors�/cluster� � � � � � � � ������������������������������������������������������������������������������� � 160k�5��DOS 1.0� 1 � 8 (40)� 1 � 4 � 64� 1 � 320�Original PC-0, 16k mbd � 320k�5��DOS 1.1� 2 � 8 (40)� 1 � 7 �112� 2 � 360�PC-1, 64k mbd � 180k�5��DOS 2.0� 1 � 9 (40)� 2 � 4 � 64� 1 � 640�PC-2, 256k mbd � 360k�5��DOS 2.0� 2 � 9 (40)� 2 � 7 �112� 2 � 720�PC/XT � 1.2M�5��DOS 3.0� 2 �15 (80)� 7 �14 �224� 1 �2400�PC/AT, PC/RT, XT/286 � 720k�3��DOS 3.2� 2 � 9 (80)� 3 � 7 �112� 2 �1440�Convertible, PS/2 25+ �1.44M�3��DOS 3.3� 2 �18 (80)� 9 �14 �224� 1 �2880�PS/2 50+ ������������������������������������������������������������������������������� various MS-DOS disk formats: ������������������������������������������������������������������������������� � 200k�5�� * � 1 �10 (40)� � � � � � � 400k�5�� * ** � 2 �10 (40)� � � � � � � 800k�5�� * � 2 �10 (80)� � � � � � � 720k�2 � � � � � � � � �Zenith SuperSport 2-inch � 720k�5��DOS2.11� 2 � 9 (80)� 3 � 7 �112� 2 �1440�Tandy 2000 (discontinued) �2.88M�3�� � 2 �36 (80)� � � � �5760�Practidisk 2.88mb floppy �2720k�5�� *** � 2 �17(192)� 8 � �272� 4 �5440�Pelican (Kodak 3.3Mb)(disc.) �5570k�5�� *** � 2 �17(384)� 8 � �272� 4 �10880Pelican (Kodak 6.6Mb)(disc.) ������������������������������������������������������������������������������� * Michtron DS-DOS 2.11 Plus and one version of MS-DOS 3.11 (vendor unknown) ** TallTree JFormat program *** Pelican driver source calls for 2 sectors/cluster, Norton Utils reports 4. ������������������������������������������������������������������������������� � 400k�5��DOS2.11� 1 �10 (80)� � � � � 800�DEC Rainbow SS/HD (disc.) � 720k�5��DOS2.11� 2 �variable number of sectors �Victor 9000 PC (discont'd) ��������������������Ĵper track, more sectors on ����������������������������� �outer tracks than inner � �tracks. Special DSDD drive. � ������������������������������ Some oddball DOS versions specify "zero" heads in their data area. HP's single-sided disk format (16 256-byte sectors/track, model unknown) uses a zero-based parameter for the number of heads. Without special device driver software to "fix" this, these disks are basically unusable by normal DOS. A couple of people have reported that the IBM "Gearbox" industrial PC uses an 800k 3.5 inch floppy with 10 sectors and 80 tracks. I've been unable to confirm this. Files in the data area are not necessarily written sequentially. The data area space is allocated one cluster at a time, skipping over clusters already allocated. The first free cluster found is the next cluster allocated, regardless of its physical location on the disk. This permits the most efficient utilization of disk space because clusters freed by erasing files can be allocated for new files. Refer back to the description of the DOS FAT in this chapter for more information. SSDD single sided, double density (160-180k) 5� DSDD double sided, double density (320-360k) 5� DSQD double sided, quad density (720k) 5�, 3�, 2 DSHD double sided, high density (1.2-1.44M) 5�, 3� DSED double sided, extra high density (2.88M) 3� Much of the trouble with AT 1.2 meg drives has been through the inadverdent use of quad density disks in the high density drives. The high density disks use a higher-coercivity media than the quads, and quads are not completely reliable as 1.2Mb. Make sure you have the correct disk for your application. ROTATION SPEEDS: 720k, 3�" (unknown) note: Zenith has discontinued 2" floppies 720k, 3�" 300 RPM 1.44Mb, 3�" 300 RPM 360k, 5�" 300 RPM 720k, 5�" 300 RPM 1.2mb, 5�" 360 RPM (even when reading 360k diskettes) all 8" 360 RPM The Victor 9000's 5�" floppies could vary their rotational speed as required. This allowed them to put 720k on a standard 360k floppy, using a constant density throughout. The Central Point CopyIIPC Option Board emulates the Macintosh GCR recording format by varying the data rate instead of the rotational speed. HARD DISK LAYOUT ...................................................... 8**11 The DOS hard disk routines perform the following services: 1) Allow multiple operating systems to be installed on the hard disk at the same time. 2) Allow a user-selected operating system to be started from the hard disk. I) In order to share the hard disk among operating systems, the disk may be logically divided into 1 to 4 partitions. The space within a given partition is contiguous, and can be dedicated to a specific operating system. Each operating system may "own" only one partition in DOS versions 2.0 through 3.2. DOS 3.3 introduced the "Extended DOS Partition" which allows multiple DOS partitions on the same hard disk. FDISK (or a similar program from other DOS vendors) utility allows the user to select the number, type, and size of each partition. The partition information is kept in a partition table that is embedded in the master hard disk boot record on the first sector of the disk. The format of this table varies from version to version of DOS. II) An operating system must consider its partition to be the entire disk, and must ensure that its functions and utilities do not access other partitions on the disk. III) Each partition may contain a boot record on its first sector, and any other programs or data that you choose, including a different operating system. For example, the DOS FORMAT command may be used to format and place a copy of DOS in the DOS partition in the same manner that a diskette is formatted. You can use FDISK to designate a partition as "active" (bootable). The master hard disk boot record causes that partition's boot record to receive control when the system is initialized. Additional disk partitions could be FORTH, UNIX, Pick, CP/M-86, OS/2 HPFS, Concurrent DOS, Xenix, or the UCSD p-System. SYSTEM INITIALIZATION ................................................. 8**12 The boot sequence is as follows: 1. System initialization first attempts to load an operating system from diskette drive A. If the drive is not ready or a read error occurs, it then attempts to read a master hard disk boot record on the first sector of the first hard disk in the system. If unsuccessful, or if no hard disk is present, it invokes ROM BASIC in an IBM PC or displays a disk error message on most compatibles. 2. If initialization is successful, the master hard disk boot record is given control and it examines the partition table embedded within it. If one of the entries indicates an active (bootable) partition, its boot record is read from the partition's first sector and given control. 3. If none of the partitions is bootable, ROM BASIC is invoked on an IBM PC or a disk error on most compatibles. 4. If any of the boot indicators are invalid, or if more than one indicator is marked as bootable, the message "INVALID PARTITION TABLE "is displayed and the system stops. 5. If the partition's boot record cannot be successfully read within five retries due to read errors, the message "ERROR LOADING OPERATING SYSTEM" appears and the system stops. 6. If the partition's boot record does not contain a valid "signature", the message "MISSING OPERATING SYSTEM" appears, and the system stops. NOTE: When changing the size or location of any partition, you must ensure that all existing data on the disk has been backed up. The partitioning program will destroy the data on the disk. System programmers designing a utility to initialize/manage a hard disk must provide the following functions at a minimum: 1. Write the master disk boot record/partition table to the disk's first sector to initialize it. 2. Perform partitioning of the disk - that is, create or update the partition table information (all fields for the partition) when the user wishes to create a partition. This may be limited to creating a partition for only one type of operating system, but must allow repartitoning the entire disk, or adding a partition without interfering with existing partitions (user's choice). 3. Provide a means for marking a user-specified partition as bootable and resetting the bootable indicator bytes for all other partitions at the same time. 4. Such utilities should not change or move any partition information that belongs to another operating system. BOOT RECORD/PARTITION TABLE ........................................... 8**13 A boot record must be written on the first sector of all hard disks, and must contain the following: 1. Code to load and give control to the boot record for one of four possible operating systems. 2. A partition table at the end of the boot record. Each table entry is 16 bytes long, and contains the starting and ending cylinder, sector, and head for each of four possible partitions, as well as the number of sectors preceding the partition and the number of sectors occupied by the partition. The "boot indicator" byte is used by the boot record to determine if one of the partitions contains a loadable operating system. FDISK initialization utilities mark a user-selected partition as "bootable" by placing a value of 80h in the corresponding partition's boot indicator (setting all other partitions' indicators to 0 at the same time). The presence of the 80h tells the standard boot routine to load the sector whose location is contained in the following three bytes. That sector is the actual boot record for the selected operating system, and it is responsible for the remainder of the system's loading process (as it is from the diskette). All boot records are loaded at absolute address 0:7C00. The partition table with its offsets into the boot record is: ������������������������������������������������������������������������������� � Offset � Offset � Offset � � �from Start�from Start�from Start� Size � Description � of Disk � of Entry � of Disk � � ������������������������������������������������������������������������������� � � 00h � 0BEh � 1 byte � boot indicator � � 01h � 0BFh � 1 byte � beginning head � 1BEh � 02h � 0C0h � 1 byte � beginning sector � (part 1) � 03h � 0C1h � 1 byte � beginning cylinder � 16 bytes � 04h � 0C2h � 1 byte � system indicator � � 05h � 0C3h � 1 byte � ending head � � 06h � 0C4h � 1 byte � ending sector � � 07h � 0C5h � 1 byte � ending cylinder � � 08h � 0C6h � 4 bytes� relative (starting) sector � � 0Ch � 0DAh � 4 bytes� number of sectors ������������������������������������������������������������������������������� � � 00h � 0DEh � 1 byte � boot indicator � � 01h � 0DFh � 1 byte � beginning head � 1CEh � 02h � 0E0h � 1 byte � beginning sector � (part 2) � 03h � 0E1h � 1 byte � beginning cylinder � 16 bytes � 04h � 0E2h � 1 byte � system indicator � � 05h � 0E3h � 1 byte � ending head � � 06h � 0E4h � 1 byte � ending sector � � 07h � 0E5h � 1 byte � ending cylinder � � 08h � 0E6h � 4 bytes� relative (starting) sector � � 0Ch � 0EAh � 4 bytes� number of sectors ������������������������������������������������������������������������������� � � 00h � 0FEh � 1 byte � boot indicator � � 01h � 0FFh � 1 byte � beginning head � 1DEh � 02h � 0100h � 1 byte � beginning sector � (part 3) � 03h � 0101h � 1 byte � beginning cylinder � 16 bytes � 04h � 0102h � 1 byte � system indicator � � 05h � 0103h � 1 byte � ending head � � 06h � 0104h � 1 byte � ending sector � � 07h � 0105h � 1 byte � ending cylinder � � 08h � 0106h � 4 bytes� relative (starting) sector � � 0Ch � 010Ah � 4 bytes� number of sectors ������������������������������������������������������������������������������� � � 00h � 010Eh � 1 byte � boot indicator � � 01h � 011Fh � 1 byte � beginning head � 1EEh � 02h � 0110h � 1 byte � beginning sector � (part 4) � 03h � 0111h � 1 byte � beginning cylinder � 16 bytes � 04h � 0112h � 1 byte � system indicator � � 05h � 0113h � 1 byte � ending head � � 06h � 0114h � 1 byte � ending sector � � 07h � 0115h � 1 byte � ending cylinder � � 08h � 0116h � 4 bytes� relative (starting) sector � � 0Ch � 011Ah � 4 bytes� number of sectors ������������������������������������������������������������������������������� � 1FEh � � 2 bytes� 055AAh signature ������������������������������������������������������������������������������� Boot indicator (boot ind): The boot indicator byte must contain 0 for a non- bootable partition or 80h for a bootable partition. Only one partition can be marked as bootable at a time. System Indicator (sys ind): The sys ind field contains an indicator of the operating system that "owns" the partition. IBM PC-DOS can only "own" one partition, though some versions of MSDOS allow all four partitions to be used by DOS. The system indicators are: �������������������������������������������������������������Ŀ � System Indicator (sys ind) � �������������������������������������������������������������Ĵ � 00h � unknown or no partition defined � �������������������������������������������������������������Ĵ � 01h � DOS 12 bit FAT (DOS 2.x all and 3.x+ under 16 Mb) � � � less than 4086 clusters � �������������������������������������������������������������Ĵ � 02h � Xenix � �������������������������������������������������������������Ĵ � 03h � Xenix � �������������������������������������������������������������Ĵ � 04h � DOS 16 bit FAT (DOS 3.0+. Not recognized by 2.x) � � � less than 65,536 sectors � �������������������������������������������������������������Ĵ � 05h � extended DOS partition, some 3.2 and all 3.3+ � � � (pointer to further partition table) � �������������������������������������������������������������Ĵ � 06h � Compaq DOS 3.31, DOS 4.0+ partitions over 32 megs � � � Digital Research DRDOS 3.4, 3.41 over 32 megs � �������������������������������������������������������������Ĵ � 06h � PC-MOS/386 partitions over 32 megs (NOT compatible � � � with the DR, Compaq, and MSDOS big partitions! � �������������������������������������������������������������Ĵ � 07h � OS/2 High Performance File System � �������������������������������������������������������������Ĵ � 051h � Ontrack Disk Manager "read/write" partitions � �������������������������������������������������������������Ĵ � 0DBh � DRI Concurrent DOS (>32mb partitions?)� � � DRI Concurrent CP/M? � �������������������������������������������������������������Ĵ � 0E4h � Speedstor, small partitions (?) (under 1024cyl?) � �������������������������������������������������������������Ĵ � 0F2h � 2nd DOS partition, some OEM customized DOS 3.2 � �������������������������������������������������������������Ĵ � 0F4h � Speedstor, large partitions (?) � �������������������������������������������������������������Ĵ � 0FEh � Speedstor, partitions >1024 cylinders � ��������������������������������������������������������������� There are ID bytes for proprietary formatting schemes. Some manufacturers (such as Zenith, Wyse, and Tandon) diddle with these system bytes to implement more than one DOS partition per disk. note 1) Xenix doesn't like extended DOS partitions a'la DOS 3.3, limiting you to a DOS partition of 32Mb. Xenix doesn't recognize DOS 4.0x at all, so to use it you need to boot from a floppy. Early versions of OS/2 also have this problem. 2) I have found one source listing Minix partitions as "40" and some Unix partitions as "63". I don't know if these are decimal or hexadecimal figures. Cylinder (CYL) and Sector (S): The 1 byte fields labelled CYL contain the low order 8 bits of the cylinder number - the high order 2 bits are in the high order 2 bits of the sector (S) field. This corresponds with the ROM BIOS interrupt 13h (disk I/O) requirements, to allow for a 10 bit cylinder number. The fields are ordered in such a manner that only two MOV instructions are required to properly set up the DX and CX registers for a ROM BIOS call to load the appropriate boot record (hard disk booting is only possible from the first hard disk in the system, where a BIOS drive number of 80h corresponds to the boot indicator byte). All partitions are allocated in cylinder multiples and begin on sector 1, head 0, with the exception that the partition that is allocated at the beginning of the disk starts at sector 2, to account for the hard disk's master boot record. Relative (starting) Sector: The number of sectors preceding each partition on the disk is kept in this 4 byte field. This value is determined by counting the sectors beginning with cylinder 0, sector 1, head 0 of the disk, and incrementing the sector, head, and then track values up to the beginning of the partition. This, if the disk has 17 sectors per track and 4 heads, and the second partition begins at cylinder 1, sector 1, head 0, then the partition's starting relative sector is 68 (decimal) - there were 17 sectors on each of 4 heads on 1 track allocated ahead of it. The field is stored with the least significant word first. Number of sectors (#sects): The number of sectors allocated to the partition is kept in the "# of sects" field. This is a 4 byte field stored least significant word first. Signature: The last 2 bytes of the boot record (55AAh) are used as a signature to identify a valid boot record. Both this record and the partition boot record are required to contain the signature at offset 1FEh. HARD DISK TECHNICAL INFORMATION ....................................... 8**14 Western Digital's hard disk installation manuals make the claim that MSDOS can support only 2 hard drives. This is entirely false, and their purpose for making the claim is unclear. DOS merely performs a function call pointed at the hard disk driver, which is normally in one of three locations; a ROM at absolute address C:800, the main BIOS ROM if the machine is an AT, or a device driver installed through the CONFIG.SYS file. Two hard disk controller cards can normally not reside in the same machine due to lack of interrupt arbitration. Perstor's ARLL controller and some cards marketed by Novell can coexist with other controllers. Perstor's technical department has had four controllers and eight hard disks in the same IBM XT functioning concurrently. A valid hard disk has a boot record arranged in the following manner: db drive ; 0 or 80h (80h marks a bootable, active partition) db head1 ; starting head dw trksec1 ; starting track/sector (CX value for INT 13) db system ; SYS IND ID from table above db head2 ; ending head dw trksec2 ; ending track/sector dd sector1 ; absolute # of starting sector dd sector2 ; absolute # of last sector The master disk boot record invokes ROM BASIC if no indicator byte reflects a bootable system. When a partition's boot record is given control, it is passed its partition table entry address in the DS:SI registers. DETERMINING HARD DISK ALLOCATION ...................................... 8**15 DOS determines disk allocation using the following formula: D * BPD TS - RS - ����������� BPS SPF = ������������������������������ BPS * SPC CF + �������������� BPC where: TS Total number of sectors on the disk RS The number of sectors at the beginning of the disk that are reserved for the boot record. DOS normally reserves 1 sector. D The number of directory entries in the root directory. BPD The number of bytes per directory entry. This is always 32. BPS The number of bytes per logical sector. Typically 512, but you can specify a different number with VDISK. CF The number of FATS per disk. Usually 2. VDISK is 1. SPF The number of sectors per FAT. Maximum 64. SPC The number of sectors per allocation unit (cluster). BPC The number of bytes per FAT entry. BPC is 1.5 for 12 bit FATs. 2 for 16 bit FATS. To calculate the minimum partition size that will force a 16-bit FAT: CYL = (max clusters * 8)/(HEADS * SPT) where: CYL number of cylinders on the disk max clusters 4092 (maximum number of clusters for a 12 bit FAT) HEADS number of heads on the hard disk SPT sectors per track (normally 17 on MFM) DOS 2.0 through 3.3 limit partition sizes to 32 megabytes. The limit arises from the fact that DOS does things by sector number, and each sector is stored as a word. So the largest sector number DOS can count to is 64k. As each sector is 512 bytes long, 64k * .5k = 32Mb. The easiest way for an aftermarket disk handler to break the 32Mb barrier is probably to increase the sector size - with 2k sectors, maximum partiton size increases to 128Mb. However, the BIOS boot routines and IBMBIO.COM are hardwired for 512 byte sectors, so you won't be able to boot from a drive with oversize sectors. That's why Disk Manager formats a small boot partition by default. DOS 2.x uses a "first fit" algorithm when allocating file space on the hard disk. Each time an application requests disk space, it will scan from the beginning of the FAT until it finds a contiguous peice of storage large enough for the file. DOS 3.x+ keeps a pointer into the disk space, and begins its search from the point it last left off. This pointer is lost when the system is rebooted. This is called the "next fit" algorithm. It is faster than the first fit and helps minimize fragmentation. In either case, if the FCB function calls are used instead of the handle function calls, the file will be broken into pieces starting with the first available space on the disk. BIOS Disk Routines .................................................... 8**16 �����������������������������������������������������������������������������Ŀ �Interrupt 13h Disk I/O - access the disk drives (floppy and hard disk) � ������������������������������������������������������������������������������� (0:004Ch) 1) These calls do not try rereading disk if an error is returned. 2) In the IBM OS/2 Tech Ref Volume 1, page 7-33, under "DOS Environment Software Interrupt Support", it lists: 13h disk/diskette for non-removable media only, these functions are supported: 01h read status 02h read sectors 0Ah read long 15h read DASD (disk) type 3) On hard disk systems these calls may be vectored through the int 40h hard disk BIOS. Function 00h Reset - reset the disk controller chip entry AH 00h DL drive (if bit 7 is set both hard disks and floppy disks reset) 00h-7Fh floppy disk 80h-0FFh hard disk return AH status (see 01h below) note 1) Forces controller chip to recalibrate read/write heads. 2) Some systems (Sanyo 55x, Columbia MPC) this resets all drives. 3) This function should be called after a failed floppy disk Read, Write, Verify, or Format request before retrying the operation. 4) If called with DL >= 80h (i.e., selecting a hard drive), the floppy controller and then the hard disk controller are reset. 5) Function 0Dh allows the hard disk controller to be reset without affecting the floppy controller. Function 01h Get Status of Disk System entry AH 01h DL drive (hard disk if bit 7 set) 00h-7Fh floppy disk 80h-0FFh hard disk return AH 00h AL status of most recent disk operation 00h successful completion, no errors 01h bad command 02h address mark not found 03h tried to write on write-protected disk (floppy only) 04h sector not found 05h reset failed (hard disk) 06h diskette removed or changed (floppy only) 07h bad parameter table (hard disk) 08h DMA overrun (floppy only) 09h attempt to DMA across 64K boundary 0Ah bad sector detected (hard disk) 0Bh bad track detected (hard disk) 0Ch unsupported track or media type not found (floppy disk) 0Dh invalid number of sectors on format (hard disk) 0Eh control data address mark detected (hard disk) 0Fh DMA arbitration level out of range (hard disk) 10h uncorrectable CRC/EEC on read 11h ECC corrected data error (hard disk) 20h controller failure 40h seek failed 80h timeout 0AAh drive not ready (hard disk) 0BBh undefined error (hard disk) 0CCh write fault (hard disk) 0E0h status error (hard disk) 0FFh sense operation failed (hard disk) note 1) For hard disks, error code 11h (ECC data error) indicates that a recoverable error was detected during a preceding int 13h fn 02h (Read Sector) call. Function 02h Read Sectors - read one or more sectors from diskette entry AH 02h AL number of sectors to read BX address of buffer (ES=segment) CH track (cylinder) number (0-39 or 0-79 for floppies) (for hard disk, bits 8,9 in high bits of CL) CL sector number (1 to 18, not value checked) DH head number (0 or 1) DL drive (0=A, 1=B, etc.) (bit 7=0) (drive 0-7) 00h-7Fh floppy disk 80h-FF0h hard disk ES:BX address to store/fetch data (buffer to fill) [0000:0078] dword pointer to diskette parameters return CF clear successful AL number of sectors transferred set error AH status (00h, 02h, 03h, 04h, 08h, 09h, 10h, 0Ah, 20h, 40h, 80h) note 1) Number of sectors begins with 1, not 0. 2) Trying to read zero sectors is considered a programming error; results are not defined. 3) For hard disks, the upper 2 bits of the 10-bit cylinder number are placed in the upper 2 bits of register CL. 4) For hard disks, error code 11h indicates that a read error occurred that was corrected by the ECC algorithm; in this case, AL contains the burst length. The data read is good within the limits of the ECC code. If a multisector transfer was requested, the operation was terminated after the sector containing the read error. 5) For floppy drives, an error may result from the drive motor being off at the time of the request. The BIOS does not automatically wait for the drive to come up to speed before attempting the read operation. The calling program should reset the floppy disk system with function 00h and retry the operation three times before assuming that the error results from some other cause. Function 03h Write Sectors - write from memory to disk entry AH 03h AL number of sectors to write (1-8) CH track number (for hard disk, bits 8,9 in high bits of CL) CL beginning sector number (if hard disk, high two bits are high bits of track #) DH head number (head 0=0) DL drive number (0-7) 00h-7Fh floppy disk 80h-FF0h hard disk ES:BX address of buffer for data return CF clear success AL number of sectors written set error AH status (see 01h above) note 1) Number of sectors begins with 1, not 0. 2) Trying to write zero sectors is considered a programming error; results are not defined. 3) For hard disks, the upper 2 bits of the 10-bit cylinder number are placed in the upper 2 bits of register CL. 4) For floppy drives, an error may result from the drive motor being off at the time of the request. The BIOS does not automatically wait for the drive to come up to speed before attempting the read operation. The calling program should reset the floppy disk system with function 00h and retry the operation three times before assuming that the error results from some other cause. Function 04h Verify - verify that a write operation was successful entry AH 04h AL number of sectors to verify (1-8) CH track number (for hard disk, bits 8,9 in high bits of CL) CL beginning sector number DH head number DL drive number (0-7) DL drive number (0-7) 00h-7Fh floppy disk 80h-FF0h hard disk ES:BX address of buffer for data return CF set on error AH status (see 01h above) AL number of sectors verified note 1) With IBM PC, XT, and AT with ROM BIOS earlier than 11/15/85, ES:BX should point to a valid buffer. 2) For hard disks, the upper 2 bits of the 10-bit cylinder number are placed in the upper 2 bits of register CL. 3) This function can be used to test whether a readable media is in a floppy drive. An error may result from the drive motor being off at the time of the request since the BIOS does not automatically wait for the drive to come up to speed before attempting the verify operation. The requesting program should reset the floppy disk system with function 00h and retry the operation three times before assuming that a readable disk is not present. Function 05h Format Track - write sector ID bytes for 1 track (floppy disk) entry AH 05h AL number of sectors to create on this track interleave (for XT hard disk only) CH track (or cylinder) number (bits 8,9 in high bits of CL) CL sector number DH head number (0, 1) DL drive number (0-3) 00h-7Fh floppy disk 80h-0FFh hard disk ES:BX pointer to 4-byte address field (C-H-R-N) (except XT hard disk) byte 1 = (C) cylinder or track byte 2 = (H) head byte 3 = (R) sector byte 4 = (N) bytes/sector (0 = 128, 1 = 256, 2 = 512, 3 = 1024) return CF set if error occurred AH status code (see 01h above) note 1) Not valid for ESDI hard disks on PS/2. 2) For floppy disks, the number of sectors per track is taken from the BIOS floppy disk parameter table whose address is stored in the vector for int 1Eh. 3) When this function is used for floppies on ATs or the PS/2, it should be preceded by a call to int 13h/fn 17h to select the type of media to format. 4) For hard disks, the upper 2 bits of the 10-bit cylinder number are placed in the upper 2 bits of CL. 5) On the XT/286, AT, and PS/2 hard disks, ES:BX points to a 512-byte buffer containing byte pairs for each physical disk sector as follows: Byte Contents 0 00h good sector 80h bad sector 1 sector number For example, to format a track with 17 sectors and an interleave of two, ES:BX would point to the following 34-byte array at the beginning of a 512-byte buffer: db 00h, 01h, 00h, 0Ah, 00h, 02h, 00h, 0Bh, 00h, 03h, 00h, 0Ch db 00h, 04h, 00h, 0Dh, 00h, 05h, 00h, 0Eh, 00h, 06h, 00h, 0Fh db 00h, 07h, 00h, 10h, 00h, 08h, 00h, 11h, 00h, 09h Function 06h Hard Disk - format track and set bad sector flags (PC2, PC-XT, and Portable) entry AH 06h AL interleave value (XT only) CH cylinder number (bits 8,9 in high bits of CL) CL sector number DH head DL drive (80h-0FFh for hard disk) ES:BX 512 byte format buffer the first 2*(sectors/track) bytes contain f,n for each sector f 00h good sector 80h bad sector n sector number return CF error AH status code (see 01h above) Function 07h Hard Disk - format the drive starting at the desired track (PC2, PC-XT and Portable) entry AH 07h AL interleave value (XT only) (01h-10h) CH cylinder number (bits 8,9 in high bits of CL) (00h-03FFh) CL sector number DH head number (0-7) DL drive number (80h-0FFh, 80h=C, 81h=D,...) ES:BX format buffer, size = 512 bytes the first 2*(sectors/track) bytes contain f,n for each sector f 00h good sector 80h bad sector n sector number return CF set on error AH status code (see 01h above) note Award AT BIOS routines are extended to handle more than 1024 cylinders. AL number of sectors CH cylinder numberm low 8 bits CL sector number bits 0-5, bits 6-7 are high 2 cylinder bits DH head number (bits 0-5) bits 6-7 are extended high cyls (>1024) DL drive number (0-1 for diskette, 80h-81h for hard disk) ES:BX transfer address Function 08h Read Drive Parameters (except PC, Jr) entry AH 08h DL drive number 00h-7Fh floppy disk 80h-0FFh hard disk return CF set on error AH status code (see above) BL drive type (AT/PS2 floppies only) 01h if 360 Kb, 40 track, 5�" 02h if 1.2 Mb, 80 track, 5�" 03h if 720 Kb, 80 track, 3�" 04h if 1.44 Mb, 80 track, 3�" CH low 8 bits of maximum useable value for cylinder number CL bits 6-7 high-order 2 bits of maximum cylinder number 0-5 maximum sector number DH maximum usable value for head number DL number of consecutive acknowledging drives (0-2) ES:DI pointer to drive parameter table note 1) On the PC and PC/XT, this function is supported on hard disks only. 2) The Columbia MPC supports functions 6-14 for its hard disk. It returns drive information, same as int 13 function 8, except that the BL and ES:DI values are omitted and AL <- burst length. Function 09h Initialize Two Fixed Disk Base Tables (XT, AT, XT/286, PS/2) (install nonstandard drive) entry AH 09h DL 80h-0FFh hard disk number return CF set on error AH status code (see 01h above) For PC, XT hard disks, the disk parameter block format is: 00h-01h maximum number of cylinders 02h maximum number of heads 03h-04h starting reduced write current cylinder 05h-06h starting write precompensation cylinder 07h maximum ECC burst length 08h drive options bits 7 1 disable disk access retries 6 1 disable ECC retries 3-5 set to 0 0-2 drive option 09h standard timeout value 0Ah timeout value for format drive 0Bh timeout value for check drive 0Ch-0Fh reserved For AT and PS/2 hard disks: 00h-01h maximum number of cylinders 02h maximum number of heads 03h-04h reserved 05h-06h starting write precompensation cylinder 07h maximum ECC burst length 08h drive options byte bits 6-7 nonzero (10, 01, or 11) if retries disabled 5 1 if manufacturer's defect map present at maximum cylinder + 1 4 not used 3 1 if more than 8 heads 0-2 not used 09h-0Bh reserved 0Ch-0Dh landing zone cylinder 0Eh sectors per track 0Fh reserved note 1) For the XT, int 41h must point to the Disk Parameter Block. 2) For the AT and PS/2, int 41h points to table for drive 0 and int 46h points to table for drive 1. 3) Initializes the hard disk controller for subsequent I/O operations using the values found in the BIOS disk parameter block(s). 4) This function is supported on hard disks only. Function 0Ah Read Long (Hard disk) (XT, AT, XT/286, PS/2) entry AH 0Ah CH cylinder number (bits 8,9 in high bits of CL) CL sector number (upper 2 bits of cyl # in upper 2 bits of CL) DH head number DL drive ID (80h-0FFh hard disk) ES:BX pointer to buffer to fill return CF set on error AH status code (see 01h above) AL number of sectors actually transferred note 1) A "long" sector includes a 4 byte EEC (Extended Error Correction) code. 2) Used for diagnostics only on PS/2 systems. 3) This function is supported on fixed disks only. 4) Unlike the normal Read Sector (02h) function, ECC errors are not automatically corrected. Multisector transfers are terminated after any sector with a read error. Function 0Bh Write Long (XT, AT, XT/286, PS/2) entry AH 0Bh AL number of sectors CH cylinder (bits 8,9 in high bits of CL) CL sector number DH head number DL drive ID (80h-0FFh hard disk) ES:BX pointer to buffer containing data return CF set on error AH status code (see 01h above) AL number of sectors actually transferred note 1) A "long" sector includes a 4 byte EEC (Extended Error Correction) code. 2) Used for diagnostics only on PS/2 systems. 3) Valid for hard disks only. Function 0Ch Seek To Cylinder (except PC, PCjr) entry AH 0Ch CH lower 8 bits of cylinder CL upper 2 bits of cylinder in bits 6-7 DH head number DL drive number (0 or 1) (80h-0FFh for hard disk) return CF set on error AH status code (see 01h above) note 1) Positions heads over a particular cylinder, but does not move any data. 2) This function is supported on hard disks only. 3) The upper 2 bits of the 10-bit cylinder number are placed in the upper 2 bits of CL. 4) The Read Sector, Read Sector Long, Write Sector, and Write Sector Long functions include an implied seek operation and need not be preceded by an explicit call to this function. Function 0Dh Alternate Hard Disk Reset (except PC, PCjr) entry AH 0Dh DL hard drive number (80h-0FFh hard disk) return CF set on error AH status code (see 01h above) note 1) Not for PS/2 ESDI hard disks. 2) Resets the hard disk controller, recalibrates attached drives (moves the read/write arm to cylinder 0), and prepares for subsequent disk I/O. 3) This function is for hard disks only. It differs from fn 00h by not resetting the floppy disk controller. Function 0Eh Read Sector Buffer (XT, Portable, PS/2) entry AH 0Eh ES:BX pointer to buffer return CF set on error AH status code (see 01h above) AL number of sectors actually transferred note 1) Transfers controller's sector buffer. No data is read from the drive. 2) Used for diagnostics only on PS/2 systems. 3) This fn is supported by the XT's hard disk adapter only. It is "not defined" for hard disk adapters on the AT or PS/2. Function 0Fh Write sector buffer (XT, Portable) entry AH 0Fh ES:BX pointer to buffer return CF set if error AH status code (see 01h above) AL number of sectors actually transferred note 1) Should be called before formatting to initialize the controller's sector buffer. 2) Used for diagnostics only on PS/2 systems. 3) Transfers data from system RAM to the hard disk adapter's internal sector buffer. 4) No data is written to the physical disk drive. 5) This fn is for the XT hard disk controller only. It is "not defined" for AT or PS/2 controllers. Function 10h Test For Drive Ready (XT, AT, XT/286, PS/2) entry AH 10h DL hard drive number 0 or 1 (80h-0FFh) return CF set on error AH status code (see 01h above) note 1) Tests whether the specified hard disk drive is operational and returns the drive's status. 2) This function is supported on hard disks only. 3) Perstor and Novell controllers allow more than one controller. Does not work for multiple Perstor controllers. (reports first two drives only). 4) Does not work with network drives. Function 11h Recalibrate Drive (XT, AT, XT/286, PS/2) entry AH 11h DL hard drive number (80h-0FFh hard disk) return CF set on error AH status code (see 01h above) note 1) Causes the HD controller to recalibrate itself for the specified drive, positioning the read/arm to cylinder 0, and returns the drive's status. 2) This function is for hard disks only. Function 12h Controller RAM Diagnostics (XT, Portable, PS/2) entry AH 12h return CF set on error AH status code (see fn 01h above) note 1) Used for diagnostics only on PS/2 systems. 2) Makes the hard disk controller carry out a built-in diagnostic test on its internal sector buffer. Function 13h Controller Drive Diagnostic (XT, Portable, PS/2) entry AH 13h return CF set on error AH status code (see 01h above) note 1) Used for diagnostics only on PS/2 systems. 2) Causes HD controller to run internal diagnostic tests of the attached drive, indicating whether the test was passed by the returned status. 3) This function is supported on XT HDs only. Function 14h Controller Internal Diagnostic (AT, XT/286) entry AH 14h return CF set on error AH status code (see 01h above) note 1) OEM is Western Digital 1003-WA2 hard/floppy combination controller in AT and XT/286. 2) Used for diagnostics only in PS/2 systems. 3) Causes HD controller to do a built-in diagnostic self-test, indicating whether the test was passed by the returned status. 4) This function is supported on hard disks only. Function 15h Get Disk Type (except PC and XT) entry AH 15h DL drive ID 00h-7Fh floppy disk 80h-0FFh fixed disk return CF set on error AH error code (see 01h above) AH disk type 00h no drive is present 01h diskette, no change detection present 02h diskette, change detection present 03h hard disk CX:DX number of 512-byte sectors note 1) Returns a code indicating the type of disk referenced by the specified drive code. 2) This function is not supported on the PC or XT. Function 16h Get Disk Change Status (diskette) (except PC, XT, & Jr) entry AH 16h DL drive to check return CF set on error AH disk change status 00h no disk change 01h disk changed DL drive that had disk change (00h-07Fh floppy disk) note Returns the status of the change line, indicating whether the disk in the drive may have been replaced since the last disk access. If this function returns with CF set, the disk has not necessarily been changed; the change line can be activated by simply unlocking and relocking the disk drive door without removing the floppy disk. Function 17h Set Disk Type for Format (diskette) (except PC and XT) entry AH 17h AL 00h not used 01h 160, 180, 320, or 360Kb diskette in 360kb drive 02h 360Kb diskette in 1.2Mb drive 03h 1.2Mb diskette in 1.2Mb drive 04h 720Kb diskette in 720Kb drive DL drive number (0-7) return CF set on error AH status of operation (see 01h above) note 1) This function is probably enhanced for the PS/2 series to detect 1.44 in 1.44 and 720k in 1.44. 2) This function is not supported for floppy disks on the PC or XT. 3) If the change line is active for the specified drive, it is reset. 4) The BIOS sets the data rate for the specified drive and media type. The rate is 250k/sec for double-density media and 500k/sec for high density media. The proper hardware is required. Function 18h Set Media Type For Format (diskette) (AT, XT2, XT/286, PS/2) entry AH 18h CH lower 8 bits of number of tracks CL high 2 bits of number of tracks (6,7) sectors per track (bits 0-5) DL drive number (0-7) return CF clear no errors AH 00h if requested combination supported 01h if function not available 0Ch if not suppported or drive type unknown 80h if there is no media in the drive ES:DI pointer to 11-byte disk parameter table for media type CF set error code (see 01h above) note 1) A floppy disk must be present in the drive. 2) This function should be called prior to formatting a disk with Int 13h Fn 05h so the BIOS can set the correct data rate for the media. 3) If the change line is active for the specified drive, it is reset. Function 19h Park Hard Disk Heads (PS/2) entry AH 19h DL drive number (80h-0FFh) return CF set on error AH error code (see fn 01h) note This function is defined for PS/2 fixed disks only. Function 1Ah ESDI Hard Disk - Low Level Format (PS/2) entry AH 1Ah AL Relative Block Address (RBA) defect table count 00h no errors on disk 01h+ number of disk errors CL format modifiers byte bits 0 ignore primary defect map 1 ignore secondary defect map 2 update secondary defect map 3 perform extended surface analysis 4 generate periodic interrupt after each cylinder format 5 reserved - must be 0 6 reserved - must be 0 7 reserved - must be 0 DL drive (80h-0FFh) ES:BX pointer to RBA defect table return CF set on error AH error code (see fn 01h above) note 1) Initializes disk sector and track address fields on a drive attached to the IBM "ESDI Fixed Disk Drive Adapter/A." 2) If periodic interrupt selected, int 15h/fn 0Fh is called after each cylinder is formatted 3) If bit 4 of CL is set, Int 15h, AH=0Fh, AL=phase code after each cylinder is formatted or analyzed. The phase code is defined as: 0 reserved 1 surface analysis 2 formatting 4) If bit 2 of CL is set, the drive's secondary defect map is updated to reflect errors found during surface analysis. If both bit 2 and bit 1 are set, the secondary defect map is replaced. 5) For an extended surface analysis, the disk should first be formatted by calling this function with bit 3 cleared and then analyzed by calling this function with bit 3 set. Function 1Bh ESDI Hard Disk - Get Manufacturing Header (PS/2) entry AH 1Bh AL number of record DL drive ES:BX pointer to buffer for manufacturing header (defect list) return CF set on error AH status note Manufacturing header format (Defect Map Record format) can be found in the "IBM 70Mb, 115Mb Fixed Disk Drives Technical Reference." Function 1Ch ESDI Hard Disk - Get Configuration (PS/2) entry AH 1Ch AL 0Ah Get Device Configuration DL drive ES:BX pointer to buffer for device configuration (drive physical parameter) 0Bh Get Adapter Configuration ES:BX pointer to buffer for adapter configuration 0Ch Get POS Information ES:BX pointer to POS information 0Dh unknown 0Eh Translate RBA to ABA CH low 8 bits of cylinder number CL sector number, high two bits of cylinder number in bits 6 and 7 DH head number DL drive number ES:BX pointer to ABA number return CF set on error AH status (see 01h) note 1) Device configuration format can be found in IBM ESDI Fixed Disk Drive Adapter/A Technical Reference. 2) ABA (absolute block address) format can be found in IBM ESDI Adapter Technical Reference by using its Device Configuration Status Block. Function 1Dh IBMCACHE.SYS (PS/2 50+) entry AH 1Dh other parameters unknown note IBMCACHE.SYS comes on the setup disk for MCA-bus PS/2 machines. Function 20h Western Digital HD SuperBIOS entry AH 20h other parameters unknown note SuperBIOS may be purchased separately from Western Digital and added to standard HD controllers. SuperBIOS contains additional setup tables and parameters. ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C H A P T E R N I N E INSTALLABLE DEVICE DRIVERS C O N T E N T S Device Driver Format .................................................... 9** Types of Devices ........................................................ 9** Character Devices ............................................... 9** Block Devices ................................................... 9** Device Header ........................................................... 9** Pointer to Next Device Header Field ............................. 9** Attribute Field ................................................. 9** Bits 0 and 1 ............................................ 9** Bit 2 ................................................... 9** Bit 3 ................................................... 9** Bit 13 .................................................. 9** Bit 14 .................................................. 9** Bit 15 .................................................. 9** Pointer to Strategy and Interrupt Routines ...................... 9** Name/Unit Field ................................................. 9** Creating a Device Driver ................................................ 9** Installing Device Drivers ............................................... 9** Installing Character Devices .................................... 9** Installing Block Devices ........................................ 9** Request Header .......................................................... 9** Unit Code Field ................................................. 9** Command Code Field .............................................. 9** Status Field .................................................... 9** Device Driver Functions ................................................. 9** INIT ............................................................ 9** MEDIA CHECK ..................................................... 9** Media Descriptor Byte ........................................... 9** BUILD BPB (BIOS Parameter Block) ................................ 9** INPUT OR OUTPUT ................................................. 9** NONDESTRUCTIVE INPUT NO WAIT .................................... 9** STATUS .......................................................... 9** FLUSH ........................................................... 9** OPEN or CLOSE (DOS 3.0+) ........................................ 9** REMOVEABLE MEDIA (DOS 3.0+) ..................................... 9** The CLOCK$ Device ....................................................... 9** DEVICE DRIVER FORMAT����������������������������������������������������������� A device driver is a handler for communication between the system software and hardware devices. The motherboard ROM and IBMBIO.COM or IO.SYS files contain the basic drivers for allowing DOS to talk to the console, disk drives, serial and parallel ports, clock, and other resources. DOS has five builtin drivers, STDIN, STDOUT, STERR, STDPRN, or STDAUX. An "installable" driver may be loaded in the CONFIG.SYS file, and either replace one of the builtin drivers or define a new resource, such as a mouse or expanded memory driver. The device driver is a COM (memory image) file that contains all of the code needed to control an add-in device. An EXE file should not be used since the EXE loader in some DOS 2.x versions is part of COMMAND.COM, which is not present when the device driver is being loaded by IBMBIO.COM or IO.SYS. EXE format drivers could be used in DOS 3.x+, but there is generally no reason to do so. The COM file must not load at the usual ORG 100h. Since the driver does not use the Program Segment Prefix, it is simply loaded without offset, therefore the driver file must have an origin of 0. Most references advise "ORG 0 or no ORG statement", however with the advent of many new assemblers on the market, some of which default to .COM files, specifically stating "ORG 0" may eliminate problems. Driver files should not have a declared stack segment. DOS can install the device driver anywhere in memory, so care must be taken in any FAR memory references. You should not expect that your driver will be loaded in the same place every time. TYPES OF DEVICES��������������������������������������������������������������� There are two types of devices: Character devices and Block devices. Their attributes are as follows: Character devices are designed to do serial I/O in a byte-by-byte manner. These devices have names like CON, AUX, or PRN, and you can open channels (handles or FCBs) to do I/O much like a disk file. I/O may be in either cooked or raw mode. (see Chapter 7 for discussion of cooked and raw modes). Because character devices have only one name, they can only support one device. Block devices are normally implemented as disk drives. They can do random I/O in pieces called blocks, which are usually the physical sector size of the disk. These devices are not named as character devices are, and cannot be opened directly. Instead they are accessed by using drive letters such as A, B, C, etc. Block devices can have units within them. In this way, a single block driver can be responsible for one or more disk drives. For example, the first block device driver can be responsible for drives A, B, C, and D. This means it has four units defined and therefore takes up four drive letters. The position of the driver in the chain of all drives determines the way in which the drive letters correspond, i.e, if a second block device driver defines three units, then those units are E, F, and G. DOS 1.x allows 16 block devices. DOS 2.x allows 63, and DOS 3.x allows 26. It is recommended that drivers limit themselves to 26 devices for compatibility with DOS 3.x and 4.x. When DOS 2.x passes the Z: drivespec, the drivespecs get a little wierd, such as ^, [, or #. DOS 3.x+ will return an error message. CREATING A DEVICE DRIVER������������������������������������������������������� To create a device driver that DOS can install, you must do the following: 1) Create a memory image (COM) file with a device header at the start of the file. 2) Originate the code (including the device header) at 0, instead of 100h. 3) Set the next device header field. Refer to "Pointer to Next Device Header Attribute Field" for more information. 4) Set the attribute field of the device header. Refer to "Attribute Field" for more information. 5) Set the entry points for the interrupt and strategy routines. 6) Fill in the name/unit field with the name of the character device or the unit number of the block device. DOS always processes installable character device drivers before handling the default devices. So to install a new CON device, simply name the device CON. Be sure to set the standard input device and standard output device bits in the attribute field of a new CON device. The scan of the device list stops on the first match so the installable device driver takes precedence. For instance, installing ANSI.SYS replaces the builtin CON driver. DOS doesn't care about the position of installed character devices versus block devices. STRUCTURE OF A DEVICE DRIVER��������������������������������������������������� A device driver consists of three major parts: a device header a strategy routine an interrupt routine DEVICE HEADER The driver has a special header to identify it as a device and to define the strategy and interrupt entry points and its various attributes. This header is located at the beginning of the file. It contains a pointer to the next driver in the chain, the attributes of the device, offsets into the strategy and interrupt routines, and the device ID. This is the format of the device header: ������������������������������������������������������������������������������Ŀ � D E V I C E H E A D E R � ������������������������������������������������������������������������������Ĵ �Offset � Length � Description � ������������������������������������������������������������������������������Ĵ � 00h � word � Pointer to next device header field, offset value � ������������������������������������������������������������������������������Ĵ � 02h � word � Pointer to next device header field, segment value � ������������������������������������������������������������������������������Ĵ � 04h � word � Attribute � ������������������������������������������������������������������������������Ĵ � 06h � word � Pointer to device strategy routine (offset only) � ������������������������������������������������������������������������������Ĵ � 08h � word � Pointer to device interrupt routine (offset only) � ������������������������������������������������������������������������������Ĵ � 0Ah �8 bytes � Name/Unit field � �������������������������������������������������������������������������������� POINTER TO NEXT DEVICE HEADER FIELD The device header field is a pointer to the device header of the next device driver. It is a doubleword field that is set by DOS at the time the device driver is loaded. The first word is the offset and the second word is the segment. If you are loading only one device driver, set the device header field to -1 before loading the device. If you are loading more than one device driver, set the first word of the device driver header to the offset of the next device driver's header. Set the device driver header field of the last device driver to -1. ATTRIBUTE FIELD The attribute field is a word field used to identify the type of device this driver is responsible for. This field distinguishes between block and character devices and determines is selected devices are given special treatment. The attributes are: ������������������������������������������������������������������������������Ŀ � A T T R I B U T E F I E L D � ������������������������������������������������������������������������������Ĵ � word � attr. � � ������������������Ĵ description � � bits � set � � ������������������������������������������������������������������������������Ĵ � 0 � 0 � not current standard input device � � � 1 � current standard input device � ������������������������������������������������������������������������������Ĵ � 1 � 0 � not current standard output device � � � 1 � current standard output device � ������������������������������������������������������������������������������Ĵ � 2 � 0 � not current NUL device � � � 1 � current NUL device � ������������������������������������������������������������������������������Ĵ � 3 � 0 � not current CLOCK device � � � 1 � current CLOCK device � ������������������������������������������������������������������������������Ĵ � 4 � 0 � standard CON I/O routines should be used � � � 1 � fast screen I/O (int 29h) should be used � ������������������������������������������������������������������������������Ĵ � 5 - 10 � "reserved for DOS" - unknown - should be set to 0 � ������������������������������������������������������������������������������Ĵ � 11 � 0 � doesn't support removeable media (default for DOS 2.x) � � � 1 � supports removeable media (DOS 3.0+ only) � ������������������������������������������������������������������������������Ĵ � 12 � "reserved for DOS" - unknown - should be set to 0 � ������������������������������������������������������������������������������Ĵ � 13 � 0 � IBM format (block devices) � � � 1 � non-IBM format (block devices) � � � 1 � output till busy (character devices) � ������������������������������������������������������������������������������Ĵ � 14 � 0 � doesn't support IOCTL � � � 1 � supports IOCTL � ������������������������������������������������������������������������������Ĵ � 15 � 0 � block device � � � 1 � character device � �������������������������������������������������������������������������������� note 1) If a bit in the attribute word is defined only for one type of device, a driver for the other type of device must set that bit to 0. 2) For DOS 2.0 bits 4-12 must be off. BIT 1 is the standard input and output bit. It is used for character devices only. Use this bit to tell DOS if your character device driver is the new standard input device or standard output device. BIT 2 is the NUL attribute bit. It is used for character devices only. Use it to tell DOS if your character device driver is a NUL device. Although there is a NUL device attribute bit, you cannot reassign the NUL device or replace it with your own routine. This attribute exists for DOS so that DOS can tell if the NUL device is being used. BIT 3 is the clock device bit. It is used for character devices only. Default is 0. You can use it to tell DOS if your character device driver is the new CLOCK device. BIT 4 is the "fast video output" bit. The default is 0, which uses the BIOS for writing to the screen. When set, this bit uses int 29h for much faster screen updates. BITS 5-10 reserved for DOS, unknown. Should be set to 0. BIT 11 is the open/close removeable media bit. Use it to tell DOS if the device driver can handle removeable media. This bit is valid for DOS 3.0+ only. This bit was reserved in DOS 2.x. Since DOS 2.x does not look at this bit, its use is backward compatible. BIT 12 reserved for DOS, unknown. Should be set to 0. BIT 13 is the non-IBM format bit. When used for block devices it affects the operation of the BUILD BPB (BIOS parameter block) device call. For character devices it indicates that the devices implements the OUTPUT UNTIL BUSY device call. BIT 14 is the IOCTL bit. It is used for both character and block devices. Use it to tell DOS whether the device driver can handle control strings through the IOCTL function call 44h. If a device driver cannot process control strings, it should set bit 14 to 0. This way DOS can return an error if an attempt is made through the IOCTL function call to send or receive control strings to the device. If a device can process control strings, it should set bit 14 to 1. This way, DOS makes calls to the IOCTL input and output device function to send and receive IOCTL strings. The IOCTL functions allow data to be sent to and from the device without actually doing a normal read or write. In this way, the device driver can use the data for its own use, (for example, setting a baud rate or stop bits, changing form lengths, etc.) It is up to the device to interpret the information that is passed to it, but the information must not be treated as a normal I/O request. BIT 15 is the device type bit. Use it to tell the system the that driver is a block or character device. POINTER TO STRATEGY ROUTINE This field contains a pointer to "device strategy" function in the driver. This function is called whenever a request is made to the driver, and must store the location of the request header from DOS. This pointer is a word value, and so must be in the same segment as the device header. POINTER TO INTERRUPT ROUTINE This field contains a pointer to the function which activates driver routines to perform the command in the current request header. This is called by DOS after the call to the strategy function, and should reset to the request header address stored by "strategy", to allow for the possibility of interrupts between the two calls. This pointer is a word value, and so must be in the same segment as the device header. NAME/UNIT FIELD This is an 8-byte field that contains the name of a character device or the number of units in a block device. For the character names, the name is left-justified and the space is filled to 8 bytes. For block devices, the number of units can be placed in the first byte. This is optional because DOS fills in this location with the value returned by the driver's INIT code. The other 7 bytes of the block device ID are reserved and should not be used. INSTALLING DEVICE DRIVERS������������������������������������������������������ DOS installs new device drivers dynamically at boot time by reading and processing the DEVICE command in the CONFIG.SYS file. For example, if you have written a device driver called RAMDISK, to install it put this command in the CONFIG.SYS file: DEVICE=[drive][path] RAMDISK [parameters] DOS makes a FAR call to the device driver at its strategy entry point first, using the request header to pass information describing what DOS wants the device driver to do. This strategy routine does not perform the request but rather queues the request or saves a pointer to the request header. The second entry point is the interrupt routine and is called by DOS immediately after the strategy routine returns. The interrupt routine is called with no parameters. Its function is to perform the operation based on the queued request and set up any return infromation. DOS passes the pointer to the request header in ES:BX. This structure consists of a fixed length header (Request Header) followed by data pertinent to the operation to be performed. NOTE: It is the responsibility of the device driver to preserve the machine state. For example, save all registers on entry and restore them on exit. The stack used by DOS has enough room on it to save all the registers. If more stack space is needed, it is the device driver's responsibility to allocate and maintain another stack. All calls to execute device drivers are FAR calls. FAR returns should be executed to return to DOS. INSTALLING CHARACTER DEVICES One of the functions defined for each device is INIT. This routine is called only once when the device is installed and never again. The INIT routine returns the following: A) A location to the first free byte of memory after the device driver, like a TSR that is stored in the terminating address field. This way, the initialization code can be used once and then thrown away to save space. B) After setting the address field, a character device driver can set the status word and return. INSTALLING BLOCK DEVICES Block devices are installed in the same way as character devices. The difference is that block devices return additional information. Block devices must also return: A) The number of units in the block device. This number determines the logical names the devices will have. For example, if the current logical device letter is F at the time of the install call, and the block device driver INIT routine returns three logical units, the letters G, H, and I are assigned to the units. The mapping is determined by the position of the driver in the device list and the number of units in the device. The number of units returned by INIT overrides the value in the name/unit field of the device header. B) A pointer to a BPB (BIOS Parameter Block) pointer array. This is a pointer to an array of "N" word pointers there "N" is the number of units defined. These word pointers point to BPBs. This way, if all of the units are the same, the entire array can point to the same BPB to save space. The BPB contains information pertinent to the devices such as the sector size, number of sectors per allocation unit, and so forth. The sector size of the BPB cannot be greater than the maximum allotted size set at DOS initialization time. This array must be protected below the free pointer set by the return. C) The media descriptor byte. This byte is passed to devices so that they know what parameters DOS is currently using for a particular drive unit. Block devices can take several approaches. They can be "dumb" or "smart". A dumb device would define a unit (and therefore a BPB) for each possible media drive combination. Unit 0=drive 0;single side, unit 1=drive 0;double side, etc. For this approach, the media descriptor bytes would mean nothing. A smart device would allow multiple media per unit. In this case, the BPB table returned at INIT must define space large enough to acommodate the largest possible medias supported (sector size in BPB must be as large as maximum sector size DOS is currently using). Smart drivers will use the media descriptor byte to pass information about what media is currently in a unit. REQUEST HEADER����������������������������������������������������������������� The request header passes the information describing what DOS wants the device driver to do. When a valid device driver command code or function is called by your application program, DOS develops a data structure called the "Request Header" in ES:BX and passes it to the strategy entry point. This structure consists of a 13-byte defined header which may be followed by other data bytes depending on the function requested. It is the device driver's responsibility to preserve the machine state, for example, saving all registers including flags on entry and restoring them on exit. There is enough room on the stack when strategy or interrupt is called to do about 20 pushes. If more stack is needed, the driver should set aside its own stack space. The fixed ("static") part of the request header is as follows: ����������������������������������������������������������������������������Ŀ � R E Q U E S T H E A D E R � ����������������������������������������������������������������������������Ĵ �Offset �Length � F i e l d � ����������������������������������������������������������������������������Ĵ � 00h � byte � Length in bytes of the request header plus any data at end � ����������������������������������������������������������������������������Ĵ � 01h � byte � Unit code. Determines subunit to use in block devices � � � � (minor device) Has no meaning for character devices � ����������������������������������������������������������������������������Ĵ � 02h � byte � Command code � ����������������������������������������������������������������������������Ĵ � 03h � word � Status � ����������������������������������������������������������������������������Ĵ � 05h �8 bytes� Reserved for DOS � ����������������������������������������������������������������������������Ĵ � 0Ch �varies � Data appropriate for the operation � ������������������������������������������������������������������������������ REQUEST HEADER LENGTH FIELD The length in bytes of the total request header (0-255) plus any data at the end of the header. UNIT CODE FIELD The unit code field identifies which unit in a block device driver the request is for. For example, if a block device driver has three units defined, then the possible values of the unit code field would be 0, 1, and 2. This field is not valid for character devices. COMMAND CODE FIELD The command code invokes a specific device driver function. Functions 0 through 12 are supported in all device drivers. Functions 13-15 are available only in DOS 3.0 or higher. Some functions are relevant for either character or block devices but not both; nonetheless all functions must have an executable routine present even if it does nothing but set the done flag in the return status word in the request header. The command code field in the request header can have the following values: ������������������������������������������������������������������������������Ŀ � code � name � function � ������������������������������������������������������������������������������Ĵ � 0 � INIT � initialize driver for later use (used once only) � � 1 � MEDIA CHECK � block devices only, NOP for character devices � � 2 � BUILD BPB � block devices only, NOP for character devices � � 3 � IOCTL input � called only if device has IOCTL bit set � � 4 � INPUT � read data � � 5 � NONDESTRUCTIVE INPUT NO WAIT character devices only � � 6 � INPUT STATUS � character devices only � � 7 � INPUT FLUSH � character devices only � � 8 � OUTPUT � write data � � 9 � OUTPUT � write data with verify � � 10 � OUTPUT STATUS � character devices only � � 11 � OUTPUT FLUSH � character devices only � � 12 � IOCTL OUTPUT � called only if device has IOCTL bit is set � � 13 � DEVICE OPEN � called only if OPEN/CLOSE/RM bit is set � � 14 � DEVICE CLOSE � called only if OPEN/CLOSE/RM bit is set � � 15 � REMOVEABLE MEDIA � only if OPEN/CLOSE/RM bit set & device is block � � 16 � OUTPUT UNTIL BUSY� only called if bit 13 is set & device is character � �������������������������������������������������������������������������������� The individual command codes are described later in this chapter. STATUS FIELD The status word field is zero on entry and is set by the driver interrupt routine on return. The status field in the request header contains: �����������������������������������������������������������������������������Ŀ � D E V I C E D R I V E R S T A T U S F I E L D � �����������������������������������������������������������������������������Ĵ � size �bit� definition � �����������������������������������������������������������������������������Ĵ � byte � 0 � � � � 1 � � � � 2 � � � � 3 � Error message return code � � � 4 � (with bit 15=1) � � � 5 � � � � 6 � � � � 7 � � �����������������������������������������������������������������������������Ĵ � byte � 8 � DONE � � ���������������������������������������������������������������������Ĵ � � 9 � BUSY � � ���������������������������������������������������������������������Ĵ � � A � Reserved by DOS, unknown � � � B � � � � C � � � � D � � � � E � � � ���������������������������������������������������������������������Ĵ � � F � Error � ������������������������������������������������������������������������������� The low 8 bits of the status word define an error message if bit 15 is set. These errors are: 00h write protect violation 01h unknown unit 02h device not ready 03h unknown command 04h CRC error 05h bad drive request structure length 06h seek error 07h unknown media 08h sector not found 09h printer out of paper 0Ah write fault 0Bh read fault 0Ch general failure 0Dh reserved 0Eh reserved 0Fh invalid disk change BIT 8 is the done bit. If it is set, it means the operation is complete. The driver sets the bit to 1 when it exits. BIT 9 is the busy bit. It is only set by status calls and the removable media call. BITS 10-14 are reserved. BIT 15 is the error bit. If this bit is set, the low 8 bits of the status word (7-0) indicate the error code. RESERVED FOR DOS Official sources label this area as "reserved for DOS". Another source indicates that this consists of two double-word (4-byte) pointers to be used to maintain a linked list of request headers for this device and a list of all current device requests being processed by DOS. This was apparently to be used for the undelivered multitasking version of DOS. DEVICE DRIVER FUNCTIONS�������������������������������������������������������� All strategy routines are called with ES:BX pointing to the request header. The interrupt routines get the pointers to the request header from the queue the strategy routines stores them in. The command code in the request header tells the driver which function to perform. NOTE: All DWORD pointers are stored offset first, then segment. ############################ INIT Command code = 0 (all devices) Performs all initialization required at DOS boot time to install the driver and set local driver variables. This function is called only once, when the driver is loaded. ES:BX pointer to 26-byte request header and data structure Format of structure: offset length field 00h 13 bytes request header 0Dh byte number of units (not set by character devices) 11h dword ending address of the driver's resident code 15h dword pointer to BPB array (not set by character devices) /pointer to remainder of arguments 19h byte drive number (DOS 3.0+ only) When INIT is called, the driver must do the following: A) set the number of units (block devices only) B) set up the pointer to the BPB array (block devices only) C) perform any initialization code (to modems, printers, etc) D) set the ending address of the resident program code E) set the status word in the request header To obtain information obtained from CONFIG.SYS to a device driver at INIT time, the BPB pointer field points to a buffer containing the information passed from CONFIG.SYS following the =. The buffer that DOS passes to the driver at INIT after the file specification contains an ASCII string for the file OPEN. The ASCII string (ending in 0h) is terminated by a carriage return (0Dh) and linefeed (0Ah). If there is no parameter information after the file specification, the file specification is immediately followed by a linefeed (0Ah). NOTE: This information is read-only and only system calls 01h-0Ch and 30h can be issued by the INIT code of the driver. The last byte parameter contains the drive letter for the first unit of a block driver. For example, 0=A, 1=B etc. If an INIT routine determines that it cannot set up the device and wants to abort without using any memory, follow this procedure: A) set the number of units to 0 B) set the ending offset address at 0 C) set the ending offsret segment address to the code segment (CS) NOTE: If there are multiple device drivers in a single memory image file, the ending address returned by the last INIT called is the one DOS uses. It is recommended that all device drivers in a single memory image file return the same ending address. ############################ MEDIA CHECK command code = 1 (block devices only) Checks to see if disk had been changed since last access. ES:BX pointer to 19-byte request header and data structure Format of structure: offset length field 00h 13 bytes request header 0Dh byte media descriptor from BPB 0Eh byte returned 0Fh dword returns a pointer to the previous volume ID (if bit 11=1 and disk change is returned) (DOS 3.0+) When the command code field is 1, DOS calls MEDIA CHECK for a drive unit and passes its current media descriptor byte. See "Media Descriptor Byte" later in this chapter for more information about the byte. MEDIA CHECK returns one of the following: A) media not changed C) not sure B) media changed D) error code The driver must perform the following: A) set the status word in the request header B) set the return byte 00h don't know if media has been changed 01h media has not been changed -1 media has been changed DOS 3.0+: If the driver has set the removable media bit 11 of the device header attribute word to 1 and the driver returns -1 (media changed), the driver must set the DWORD pointer to the previous volume identification field. If DOS determines that the media changed is an error, DOS generates an error 0Fh (invalid disk change) on behalf of the device. If the driver does not implement volume identification support, but has bit 11 set to 1, the driver should set a pointer to the string "NO NAME",0. MEDIA DESCRIPTOR Currently the media descriptor byte has been defined for a few media types. This byte should be identical to the media byte if the device has the non-IBM format bit off. These predetermined values are: media descriptor byte => 1 1 1 1 1 0 0 0 (numeric order) 7 6 5 4 3 2 1 0 BIT MEANING 0 0 not double sided 1 double sided 1 0 not 8 sector 1 8 sector 2 0 nonremoveable 1 removeable 3-7 must be set to 1 ############################ BUILD BPB (BIOS Parameter Block) command code = 2 (block devices only) ES:BX pointer to 22-byte request header and data structure Format of structure: offset length field 00h 13 bytes request header 0Dh byte media descriptor from DOS 0Eh dword transfer address (buffer address) 12h dword pointer to BPB table DOS calls BUILD BPB under the following two conditions: A) If "media changed" is returned. B) If "not sure" is returned. If so, there are no used buffers. Used buffers are buffers with changed data that have not yet been written to the disk. The driver must do the following: A) set the pointer to the BPB. B) set the status word in the request header. The driver must determine the correct media type currently in the unit to return the pointer to the BPB table. The way the buffer is used (pointer passed by DOS) is determined by the non-IBM format bit in the attribute field of the device header. If bit 13=0 (device is IBM compatible), the buffer contains the first sector of the FAT (most importantly the FAT ID byte). The driver must not alter this buffer in this case. If bit 13=1 the buffer is a one sector scratch area which can be used for anything. For drivers that support volume identification and disk change, the call should cause a new volume identification to be read off the disk. This call indicates that the disk has been legally changed. If the device is IBM compatible, it must be true that the first sector of the first FAT is located at the same sector for all possible media. This is because the FAT sector is read before the media is actually determined. The information relating to the BPB for a particular media is kept in the boot sector for the media. In particular, the format of the boot sector is: ������������������������������������������������������������������������������Ŀ � For DOS 2.x, 3 byte near jump (0E9h) For DOS 3.x+, 2 byte near jump (0EBh) � � followed by a NOP (90h) � ������������������������������������������������������������������������������Ĵ � 8 bytes � OEM name and version � ������������������������������������������������������������������������������Ĵ � BYTE � � sectors per allocation unit (must be a power of 2) � ����������Ĵ �������������������������������������������������������������Ĵ � WORD � B � reserved sectors (strarting at logical sector 0) � ����������Ĵ �������������������������������������������������������������Ĵ � BYTE � � number of FATs � ����������Ĵ �������������������������������������������������������������Ĵ � WORD � P � max number of root directory entries � ����������Ĵ �������������������������������������������������������������Ĵ � WORD � � number of sectors in logical image (total number of � � � � sectors in media, including boot sector directories, etc.) � ����������Ĵ B �������������������������������������������������������������Ĵ � BYTE � � media descriptor � ����������Ĵ �������������������������������������������������������������Ĵ � WORD � � number of sectors occupied by a single FAT � ������������������������������������������������������������������������������Ĵ � WORD � sectors per track � ������������������������������������������������������������������������������Ĵ � WORD � number of heads � ������������������������������������������������������������������������������Ĵ � WORD � number of hidden sectors � �������������������������������������������������������������������������������� The three words at the end return information about the media. The number of heads is useful for supporting different multihead drives that have the same storage capacity but a different number of surfaces. The number of hidden sectors is useful for drive partitioning schemes. ############################ INPUT / OUTPUT (IOCTL) command code = 3 IOCTL Read 4 Read (block or character devices) 8 Write (block or character devices) 9 Write With Verify 12 IOCTL Write 16 Output Until Busy (character devices only) ES:BX pointer to 24-byte request header and data structure Format of structure: offset length field 00h 13 bytes request header 0Dh byte media descriptor byte from BPB 0Eh dword transfer address (buffer address) 12h word byte/sector count 14h word starting sector number (block devices) [no meaning on character devices] 16h dword (DOS 3.0+) pointer to the volume ID if error code 0Fh is returned The driver must perform the following: A) set the status word in the request header B) perform the requested function C) set the actual number of sectors or bytes tranferred No error checking is performed on an IOCTL I/O call. However, the driver must set the return sector or byte count to the actual number of bytes transferred. Under certain circumstances a block device driver may be asked to do a write operation of 64k bytes that seems to be a "wrap around" of the transfer address in the BIOS I/O packet. This arises due to an optimization added to write code in DOS. It will only happen in writes that are within a sector size of 64k on files that are being extended past the current end of file. It is allowable for the device driver to ignore the balance of the write that wraps around, if it so chooses. For example, a write of 10000h bytes worth of sectors with a transfer address of XXX:1 ignores the last two bytes. A user program can never request an I/O of more than 0FFFFh bytes and cannot wrap around (even to 0) in the transfer segment, so in that case the last two bytes can be ignored. A program that uses DOS function calls can never request an input or output function of more than 0FFFFh bytes, therefore, a wrap around in the transfer (buffer) segment can never occur. It is for this reason you can ignore bytes that would have wrapped around in the tranfer segment. If the driver returns an error code of 0Fh (invalid disk change) it must put a DWORD pointer to an ASCIIZ string which is the correct volume ID to ask the user to reinsert the disk. DOS 3.0+: The reference count of open files on the field (maintained by the OPEN and CLOSE calls) allows the driver to determine when to return error 0Fh. If there are no open files (reference count=0) and the disk has been changed, the I/O is all right, and error 0Fh is not returned. If there are open files (reference count > 0) and the disk has been changed, an error 0Fh condition may exist. ############################ NONDESTRUCTIVE INPUT NO WAIT command code = 5 (character devices only) Reads a character from input stream but does not remove it from the buffer ES:BX pointer to 14-byte request header and data structure Format of structure: offset length field 00h 13 bytes request header 0Dh byte read from device The driver must do the following: A) return a byte from the device B) set the status word in the request header. If the character device returns busy bit=0 (characters in the buffer), then the next character that would be read is returned. This character is not removed form the buffer (hence the term nondestructive input). This call allows DOS to look ahead one character. ############################ STATUS command codes = 6 Input Status (character devices only) 10 Output Status (character devices only) Check for characters waiting in input buffer ES:BX pointer to 13-byte request header This driver must perform the following: A) perform the requested function B) set the busy bit C) set the status word in the request header. The busy bit is set as follows: For input on unbuffered character devices: if the busy bit (bit 9) is 1 on return, a write request would wait for completion of a current request. If the busy bit is 0, there is no current request. Therefore, a write request would start immediately. For input on buffered character devices: if the busy bit is 1 on return, a read request does to the physical device. If the busy bit is 0, there are characters in the device buffer and a read returns quickly. It also indicates that a user has typed something. DOS assumes all character devices have a type- ahead input buffer. Devices that do not have this buffer should always return busy=0 so that DOS does not hang waiting for information to be put in a buffer that does not exist. ############################ FLUSH INPUT BUFFERS command code = 7 (character devices only) Forces all data in buffers to specified device. ES:BX pointer to 13-byte request header This call tells the driver to flush (terminate) all pending requests that it has knowledge of. Its primary use is to flush the input queue on character devices. The driver must set the status word in the request header upon return. ############################ FLUSH OUTPUT BUFFERS command code 11 (character devices only) Forces all data in buffers to specified device. ES:BX pointer to 13-byte request header This call tells the driver to flush all output buffers and discards any pending requests. Its primary use is to flush the output queue on character devices. The driver must set the status word in the request header upon return. ############################ OPEN or CLOSE (DOS 3.0+) command code = 13 Open (block or character devices) 14 Close (block or character devices) ES:BX pointer to 13-byte static request header These calls are designed to give the device information about the current file activity on the device if bit 11 of the attribute word is set. On block devices, these calls can be used to manage local buffering. The device can keep a reference count. Every OPEN causes the device to increment the reference count. Every CLOSE causes the device to decrement the reference count. When the reference count is 0, if means there are no open files in the device. Therefore, the device should flush buffers inside the device it has written to because now the user can change the media on a removeable media drive. If the media had been changed, it is advisable to reset the reference count to 0 without flushing the buffers. This can be thought of as "last close causes flush". These calls are more useful on character devices. The OPEN call can be used to send a device initialization string. On a printer, this could cause a string to be sent to set the font, page size, etc. so that the printer would always be in a known state in the I/O stream. Similarly, a CLOSE call can be used to send a post string (like a form feed) at the end of an I/O stream. Using IOCTL to set these pre and post strings provides a flexible mechanism of serial I/O device stream control. Since all processes have access to STDIN, STDOUT, STDERR, STDAUX, and STDPRN (handles 0, 1, 2, 3, and 4) the CON, AUX, and PRN devices are always open. ############################ REMOVABLE MEDIA (DOS 3.0+) command code = 15 (block devices only) This call identifies the media type as removable or nonremovable. ES:BX pointer to 13-byte static request header To use this call, set bit 11 (removable media) of the attribute field to 1. Block devices can only use this call through a subfunction of the IOCTL function call (int 21h fn44h). This call is useful because it allows a utility to know whether it is dealing with a nonremovable media drive or with a removable media drive. For example, the FORMAT utility needs to know whether a drive is removable or nonremovable because it prints different versions of some prompts. note No error checking is performed. It is assumed that this call always succeeds. THE CLOCK$ DEVICE�������������������������������������������������������������� To allow a clock board to be integrated into the system for TIME and DATE, the CLOCK$ device is used. This device defines and performs functions like any other character device (most functions will be reset done bit, reset error bit, and return). When a read or write to this device occurs, 6 bytes are transferred. The first 2 bytes are a word, which is the count of days since 01-01-80. The third byte is minutes, the fourth is hours, the fifth is hundredths of a second, and the sixth is seconds. Reading the CLOCK$ device gets the date and time, writing to it sets the date and time. CLOCK$ is normally called only when the system is initializing or if the system time and date are set (DOS 3.3+). DOS carries the system time and date internally after receiving it from the CLOCK$ driver. ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� C R E D I T S The information presented here was gathered from megabytes of files found on BBS systems, conversations on a dozen different BBS systems, correspondence, and every reference book I could get my hands on. On occasion, a number of prestigious references didn't agree with each other. Where this has happened, I have used the latest references. There is too much information here for me to verify every fact personally. I have used my own judgement as to the reliability of the sources. I've been selling copies of the Reference since October 1987. The original basis for the Reference came from Peter Norton's "Programmer's Guide to the IBM PC" and the original Janet Jack interrupt list circa sometime 1986, as updated by Ross Greenberg. Anyway, I've prepared a list of the sources I've used for the Reference to clear up any ambiguities. Tools used in preparing this book: Microsoft SymDeb, the final gasp of venerable DEBUG.COM and a fine program. Microsoft CodeView, huge and awkward though it may be. V Communications Sourcer, the only effective disassembler I've found. References used in preparing this book: AST EEMS Technical Reference Manual v3.2 documents 020022-001B and 000408-001B provided by AST Corporation, 1987 AT&T 6300 Plus Hardware Reference Manual p/n 999-300-194IS from AT&T Corp, 1985 (before the Death Star logo, yet...) Creative Labs Sound Blaster User Reference Manual copr. 1989 Data General Programmer's Reference for MS-DOS, Rev.3 Data General Corporation (covers through DOS 3.0) p/n 069-100157 rev 00 May 1986 Digital Research DR-DOS System and Programmer's Guide v3.32 Digital Research Corporation 1988 comment: This manual does not cover the extended disk partition access, file password protection, or any of the other goodies provided in DR-DOS. In fact, it not only doesn't cover the extended features, it doesn't completely cover DOS calls documented by IBM. It does have an extensive section on customizing DR-DOS for use from ROM. Digital Research DR-DOS User's Guide v3.32 Digital Research Corporation 1988 Digital Research DR-DOS Reference Guide v3.32 Digital Research Corporation 1988 Digital Research DR-DOS Users and Reference Guide v3.40 Digital Research Corporation, January 1989 Digital Research DR Multiuser DOS Users and Reference Guide v5.0 Digital Research Corporation, 1991 Digital Research DR-DOS Users and Reference Guide v5.0 Digital Research Corporation, 1991 DPMI 0.9 Specification Intel Corp, 1990 DPMI 1.0 Specification Intel Corp, 1991 An Introduction to the DOS Protected Mode Interface Software Focus Group Intel Corp, March 1991 order # 240787-002 IBM DOS Operations Manual Version 2.00 IBM Corp, 1983 IBM DOS Operations Manual Version 2.10 IBM Corp, 1983 IBM DOS Operations Manual Version 3.1 IBM Corp, November 1984 IBM DOS Operations Manual Version 3.3 IBM Corp, April 1987 IBM DOS Technical Reference, Version 4.0 IBM Corp, 1988 IBM DOS Command Reference, Version 4.0 p/n 6280254 IBM Corp, 1988 IBM PC Local Area Network Program Version 1.20 IBM Corp, April 1987 IBM Technical Reference Options and Adapters - Enhanced Graphics Adapter p/n 6280131 IBM Publications Aug 1984 IBM Technical Reference Personal Computer p/n 6322507 IBM Publications IBM Technical Reference Personal Computer - PCjr p/n 1502293 IBM Publications LANtastic Programmer's Information Package, 2/21/89 Logitech Mouse Programmer's Toolkit Logitech Corp. 1986 Lotus-Intel-Microsoft Expanded Memory Specification Version 3.20 part number 300275-003 provided by Intel Corp. September, 1985 Lotus-Intel-Microsoft Expanded Memory Specification 4.0 document 300275-005 provided by Intel Corp. October 1987 Lotus-Intel-Microsoft Expanded Memory Specification 4.0 EMS Toolkit for C Developers document 302243-001 provided by Intel Corp, February 1990 Microsoft - various documents provided to MS 5.0 beta testers Microsoft Extended Memory Specification v2.00 provided by Microsoft Corporation, 1988 Microsoft Mouse Technical Reference Microsoft Press, 1989 Mouse Systems Programmer's Toolkit p/n 302449-001 Rev A, 1989 p/n 302375-100, 1989 p/n 302446-100, 1989 MS-DOS Programmer's Reference (covers through DOS 2.00) by Microsoft p/n 135555-001 Intel Corp. 1984 MS-DOS 5.0 Programmer's Reference (covers DOS 5.0 only) by Microsoft Microsoft Press 1991, ISBN 1-55615-329-5 Phar Lap Virtual Control Program Interface (VCPI) Specification v1.0 Phar Lap Software 1989 Tandy 1000 TX Technical Reference Manual Tandy Corp. p/n 25-1514 Tandy Corp 1987 The Software Link PC-MOS 4.1 Programmer's Reference Toshiba 1000 Technical Reference Manual Toshiba Corp. of America 1987 Tseng Labs EVA Chipset Programming Guide Tseng Labs, 1986 X3.4-1977: American National Standard Code for Information Interchange by American National Standards Institute (ANSI) New York, NY 1977 Weitek ABACUS Software Designer's Guide, Doc 8967 September 1989 Wendin, Inc Wendin-DOS Programmer's Reference ********************** ATI EGA Wonder Operation Manual ATI Technologies, 1987 Everex EV-650 EGA Reference Guide, Version 1.00 Everex Computer, 1986 FastCard IV User Manual Peripheral Marketing Inc. p/n 0527 Jan 1987 Hercules Graphics Card User's Manual Hercules Computer Technology 1983 Hercules Graphics Card Plus Owner's Manual Hercules Computer Technology Model GB112 1987 JDR B-3101 FLoppy Disk Drive Card User's Guide 470.03002 version 1.00 1988 LANtastic 2.46 Installation Guide Artisoft, 1988 LANtastic 3.01 Installation Guide Artisoft, 1990 LANtastic 4.0 beta Installation Guide Artisoft, 1991 LapLink Release 2 User's Manual Traveling Software, 1987 LapLink Release 3 User's Manual Traveling Software, 1989 Logitech EGA Reference Manual, EGA+Mouse Board Mirage Super VGA TVGA-8900 User's Manual MPC Operations Guide, Manual #1023 Columbia Data Products, Inc. CDP 1983 Microcomputer Products - 1987 Data Book NEC Electronics, Inc. p/n 500105 Aug 1987 NEC uPD70108/70116 Microprocessor User's Manual p/n 500350 October 1986 provided by NEC Electronics, Inc. Novell Advanced Netware System Manager's Reference pcAnywhere User's Guide v2.00 Dynamic Microprocessor Associates, Inc 1986 S-286 User Manual, version 2 Link Computer, 1988 STB VGA Extra/EM EM-16 BIOS Features STB Corp. TesSeRact v1.0 documentation TCXL 5.1 documentation Toshiba ND352/356 3.5" Diskette Drive Installation Notes document number 87019 March 1988 Toshiba America Corporation Tseng Labs EVA, EVA/480 BIOS Guide November 10, 1988 VESA Toolkit v2.0 summer 1991 VideoTrax Installation Guide Alpha Micro, 1987 ****************** Advanced MSDOS Ray Duncan Microsoft Press 1986 Assembly Language Programming for the IBM Personal Computer David J. Bradley Prentice-Hall 1984 Assembly Language Subroutines for MSDOS Computers Leo J. Scanlon TAB Books 1986 Atari ST Internals Gerits, English, & Bruckmann Abacus Software 1985 Compute!'s Guide to Assembly Language Programming on the IBM PC COMPUTE! Publications Compute!'s Mapping the IBM PC and PCjr Russ Davis COMPUTE! Publications DOS Power Tools Paul Somerson Bantam Books 1988 DOS: The Complete Reference Kris Jamsa Osborne/McGraw-Hill 1987 Exploring the IBM PCjr Peter Norton Microsoft Press 1984 Discovering the IBM PCjr Peter Norton Microsoft Press 1984 IBM Video Subsystems Richard Wilton Microsoft Press 1988 Inside the IBM PC Peter Norton Mapping the IBM PC Russ Davies/Compute! Magazine Compute! Books 1986 Memory Resident Utilities, Interrupts, and Disk Management With MS & PC DOS Michael Hyman MIS Press 1987 Microcomputer Interfacing Bruce A. Artwick Prentice Hall 1980 Microsoft Systems Journal - March 1987 "Expanded Memory: Writing Programs that Break the 640k Barrier" Marion Hansen, Bill Krueger, Nick Stuecklen MS-DOS Encyclopedia Ray Duncan Microsoft Press 1988 (first edition) Network Programming in C Barry Nance (barryn on BIX) Que, 1990 Operating Systems Design and Implementation Arthur S. Tanenbaum Prentice Hall 1987 Programmer's Guide to the IBM PC Peter Norton Microsoft Press 1985 Programmer's Problem Solver for the IBM PC, XT, & AT Robert Jourdain Prentice Hall 1986 Running MS-DOS Van Wolverton Microsoft Press Supercharging MS-DOS Van Volverton Microsoft Press 1986 The 8080a Bugbook Tony-Larsen-Titus Howard W. Sams 1977 The 8086 Book Russell Rector and George Alexy Osborne/McGraw-Hill 1980 The IBM Personal Computer from the Inside Out Murray Sargent III and Richard L. Shoemaker Addison-Wesley 1984 The IBM ROM BIOS Ray Duncan Microsoft Press 1988 The Serious Assembler Charles A. Crayne and Dian Gerard Baen Books 1985 Tricks of the MS-DOS Masters Waite Group Howard W. Sams 1987 Turbo Pascal Express Robert Jourdain Brady Books, 1987 Writing DOS Device Drivers in C Adams/Tondo Prentice Hall, 1990 *********************** Microsoft Macro Assembler 4.0, 5.1 documentation Microsoft C 4.0 documentation Borland Turbo Pascal 3.02a and 5.0 documentation, Turbo C 2.0 documentation Novell SFT System Administrator's Reference *************************** Western Digital, Rodime, Miniscribe, Microscience, Adaptec, Storage Technologies, and Connor Peripherals were kind enough to send spec sheets on most of their products which helped to expand and verify the hard drive information in Appendix 6. *************************** A large amount of miscellaneous information came from various computer magazines. Documenting what came from where would be an experience all its own. A great deal of information came from articles by Michael Mefford and Charles Petzold of PC Magazine, and Neil Rubenking, Jeff Duntemann, and Ray Duncan, who get around a lot. Byte ( Byte's kinda weird. They have some really neat, well-researched stuff interspersed with mindless drivel. Still, they print some stuff you absolutely, positively won't find anywhere else. ) C'T (Computer Technik) ( If you read German, this one is sorta like PC Magazine was in its heyday. ) Computer Language ( I never decided if I liked CL or not. Maybe I'm not the sort of programmer they're writing for... ) Computer Shopper ( Though primarily advertising, some information sneaks in from time to time. ) Dr. Dobb's Journal ( I always thought the old title, "Doctor Dobbs' Journal of Computer Calisthenics and Orthodontia - Running Light Without Overbyte" was a killer name, but nobody asked me. ) InfoWorld ( I never really figured out how a weekly magazine could so often be both late *and* wrong with their stories, but IW tries hard. Still, you often hear about rumblings you'd never find out about in the slicks. The National Enquirer of the computer world? ) Micro Cornucopia ( R.I.P - it was great while it lasted. ) Microsoft Systems Journal ( Hideously expensive and mostly oriented to Windows and OS/2, the early issues had some really good stuff ) Midnight Engineering ( This one's hard to classify. It's hardcore computer with a dash of entrepreneurship, bizarre as the combination may sound. I like it when I can find it. ) PC Magazine ( Despite their new "management format" in mid '89, PC Mag still has some good techie stuff from time to time. I guess the bean counters thought managers were more important than programmers. ) PC Resource ( There was rarely anything of interest in PC Resource, but every now and then I found something. Now defunct. ) PC Tech Journal ( "Tell 'em what you're going to say, tell 'em what you're saying, tell 'em what you just said." - and don't send us no steenking submissions unless they're in WordPerfect format! Despite their fascist policies, every now and then they printed something useful. The Little Rock Wild Bunch refered to it as "PC Tech Urinal," an apt monicker. Now defunct. ) PC Techniques ( This is the magazine PC Tech Journal tried to advertise itself as. Pure programming, written by programmers for programmers, without too many "journalists" pissing in the text. Try it! ) Programmer's Journal ( This is a nice magazine, though expensive. ) Tech Specialist ( One of the few really good magazines for bit-twiddlers. Haven't seen a GUI phone-dialer shootout yet! ) **************************** various computer bulletin board systems, including Byte Information Exchange (BIX) (check out ibm.dos/old.secrets.2 and ibm.dos/secrets.3) Effusive thanks to the gang in the ibm.exchange - these guys are *sharp*. In alphabetic order: barryn, billn, daiken, dgh, dmick, dnanian, dondumitru, drifkind, geary, glass, gmussar, greenber, hfishman, j_vanderbilt, jdunlap, jlussmeyer, johnf, jsloman, jsprowl, jswitzer, jrichards, mike123, rbabcock, rbrukardt, rduncan, roedy, sjgrant, skluger, terjem, twagner, wardc, wcowley, and all the guys whose names forgot... Compuserve IBM SIG FIDOnet international network (various technical echos) GEnie IBM RT and Borland RT PCanada BBS system (Toronto, Canada) RIME PCRelay international network (IBM, Technical, Programming echos) TelePath ********************************* The following text files were of use. Bear in mind that some of them may be seen under several different names. The author's name is given as it appears in the documentation (if any). 10H-BUG ASM 4680 29/01/87 bug in 2.x int 21h/fn10h Ray Duncan 1PT4MB INF 5120 3/10/87 1.44Mb drives Clyde Washburn 70305,1211 2EH ASM 2969 3/03/87 info on undoc'd int 2Eh David Gwillim 386BUG ARC 9216 15/10/87 bug in early 80386 chips Compaq Corp. 8086 3 10572 5/12/88 dump of Fidonet?? 8086 conf?? 8259 ARC 2826 15/03/88 info on 8259 chip APICALLS ARC 11481 8/01/88 OS/2 API function call list Bill Earle ASM-ADRS ARC 6144 20/12/87 low memory vectors Malcolm McCorquodale ATCMDS ARC 3072 20/03/88 Hayes 1200 baud command set BACKDOOR UPL 26115 11/12/89 "back door" through PSP John Switzer BIOSDOC ARC 34816 3/11/87 very good function list David E. Powell BIXDOS1 ARC 155648 14/12/87 BIX "MSDOS Secrets" #1 BUG40DOS ARC 3200 18/08/88 bugs in DOS 4.0 "Doug" CAS ARC 33792 27/10/88 Communicating Applications Standard 1.0A DCA, Intel Corp CCPM86 ARC 68238 14/10/89 list of Concurrent CP/M calls CDOS ARC 35584 18/07/89 list of Concurrent DOS calls Guy Scharf CDOS2_ ARC 227200 18/07/89 list of Concurrent DOS calls J. F. Jankura CDOSCALL ARC 19968 18/07/89 list of Concurrent DOS calls J. F. Jankura CUFEXT ARC 13228 13/03/90 common file extensions J.W. Rider DEBUGTUT ARC 15655 23/04/88 DEBUG tutorial possibly David Whitman? DIAGNOSE ARC 14336 1/01/86 memory errcodes Jerry Schneider, Arnold Kischi DISK144 ARC 23086 16/10/88 info on 1.44Mb diskettes DISKTYPE ARC 5073 14/04/88 IBM floppy formats DOOM ARC 9216 29/09/88 hard drive information DOS-SIZE ARC 787 27/03/88 size of DOS files 1.1-3.1 DOS3TXT ARX 9168 31/07/85 list of DOS/BIOS ints, data areas Dan Rollins DOS32 ARC 17408 31/05/88 command list for DOS 3.2 DOS3BUGS ARC 5639 15/10/87 acknowledged bugs in DOS 3.0-3.2 IBM Corp. DOS40 ARC 15625 22/07/88 IBM announcement of DOS 4.0 IBM Corp. DOS401 ARC 18178 19/10/88 errors in DOS 4.0 IBM Corp. DOS40B ARC 27008 26/08/88 Compuserve thread on DOS 4.0 DOS40FAT ARC 1510 11/09/88 DOS 4.0 File Allocation Table Mike Austin DOS40FUN ZOO 3410 31/12/99 DOS 4.0 int 24, 25, etc Pat Myrto DOS40HLP ARC 53376 28/08/88 DOS 4.0 command set DOS40TXT ARC 46169 16/10/88 DOS 4.0 problems & info DOS4TIPS ARC 1735 19/09/88 problems with DOS 4.0 IBM Corp. DOSBUG TXT 1024 15/10/87 info on 2.0 volume label DOSGUIDE ARC 21344 21/02/88 DOS tutorial Carrington B. Dixon DOSINT ARC 4201 15/03/88 list of DOS 2.0 function calls John Chapman DOSNOTES ARC 5052 15/03/88 info on DOS undoc fns. DOSREF ARC 9216 21/01/87 partial list of PC BIOS calls DOSREF ARC 62052 23/08/86 device driver info "Cracker" DOSTIPS ARC 28926 15/03/88 info on DOS John Chapman DOSTIPS1 ARC 159657 25/11/85 various DOS info Dean R. Wood DOSTIPS3 ARC 59264 25/01/88 various DOS tips (different) Dean R. Wood DOSUNDOC ARC 3840 03/05/86 one of the very first interrupt lists Spyros Sakellariadis DRIVPARM ARC 11264 7/01/88 info on DRIVPARM parameters Joan Friendman EGATEK ARC 8704 15/03/88 IBM EGA registers Bill Frantz EMS40BIX ARC 3802 21/09/87 BIX announcement of EMS 4.0 BIX ENVIRONM ARC 4255 18/09/88 info on DOS environment Jan Fagerholm ESC_CODE ARC 3072 3/10/88 Laserjet setup codes S. Noh FILEIO ARC 8192 24/07/88 TSRs and INDOS flag FLOPPIES ARC 9216 2/11/87 info on floppy media Ted Jensen FOSSIL ARC 9031 15/07/87 list of FOSSIL functions Vincent Periello FXN4BH ASM 4503 1/01/80 odd 4Bh behavior Ray Duncan HAYESET2 ARC 6479 4/09/86 modem commands Ruth Lubow, Fowler Brown HD-DATA ARC 4096 19/07/87 list of hard drives & specs I've seen many similar files. I believe the original may have been a file or bulletin on Sparta BBS HDINFO ARC 11264 19/11/87 updated version of above, evidently by someone else HDNOISE ARC 4159 11/11/87 hard disk information Clancy Malloy HDTIPS ARC 9660 11/10/87 hard disk information Barry Gordon IBMTAB ARC 7882 15/03/88 general IBM PC tech info John S. Lou IBMTECH ARC 136064 4/11/88 error codes, other info IBM Corp. INT-MDOS ARC 20682 31/07/85 one of the original INT lists Ross Greenberg INTER189 LZH 156368 25/06/89 interrupt list Ralf Brown INTERRUP ARC 157440 19/09/88 interrupt vector list Ralf Brown INTERRPT ARC 42632 4/04/88 interrupt vector list Marshall Presnell this is a very nice list and some programming information. If I'd come across it way back then it would have saved a ton of typing JARGON ARC 49274 16/07/88 dictionary of computer terms LE_MCLCK.ASM 3489 3/27/86 undoc'd Leading Edge BIOS fns Bob Plouffe LIM-40 ARC 21504 15/10/87 info on LIM 4.0 Stephen Satchell LISTINTS ARC 6144 3/12/87 small interrupt list MCB ARC 5120 24/07/88 info on DOS Memory Control Blocks David Gwillim MNP-TEXT ARC 6144 30/09/88 MNP modem info Mike Focke MOUSENG ARC 10240 13/08/88 Norton Guide file for mouse programming, with C examples MSLOOKUP ARC 58368 25/12/87 interrupt and function listing Frank Bonita MS-OS2 ARC 25600 15/10/87 MS press release on OS/2 Microsoft Corp. MSINT125 ARC 48128 12/01/88 interrupt vector listing Ralf Brown NETBIOS ARC 17280 29/10/88 NetBIOS tutorial & summary Tom Thompson NOVELINT ARC 4531 18/10/88 NetBIOS calls Marc Guyot OCOM_520 ARC 53632 19/08/88 FOSSIL tutorial and functions Rick Moore ODDITY ARC 3072 24/07/88 int 2Eh description Daniel Briggs PINS ARC 3072 18/01/88 pinouts of various connectors QUES40 ARC 9081 1/09/88 info on DOS 4.0 IBM Corp. RAW_COOK ARC 2048 15/10/87 info on DOS raw and cooked modes RESETSWT TXT 3584 23/01/86 add a reset switch to a PC Don Jenkins RLLHINTS ARC 12288 17/10/87 RLL controller info Steve Sneed RLLMISC ARC 5120 17/10/87 info on RLL controllers Richard Driggers RLLSTORY ARC 9718 31/07/88 good info on RLL coding Pete Holzmann SEAGATE ARC 2048 3/03/88 specs for many Seagate drives Jim McKown SECRETS2 ARC 179625 17/04/88 BIX "MS-DOS Secrets" #2 SERCBL2 ARC 4372 16/10/88 serial cable pinouts Lee Zeis SM2400 ARC 2296 9/08/86 Hayes 2400 baud command set SPOOL DOC 29704 03/28/89 Versa-Spool API Jeff Newbro SSTEP ARC 2300 11/07/89 explanation of CPU single-step Ed Burnette ST225 ARC 11264 7/10/87 optimizing ST225 and WD cont. Neil Erbe TANDON ARC 3612 21/02/88 info on Tandon drives David Welcher TECH ARC 27827 8/05/88 misc tech info - Fidonet? TOOLS C 14032 8/10/89 Grid laptop special functions Fredrick Coffman TOS 938 24/03/88 TOS function calls Mike Crawford TRYST ARC 29312 29/10/88 DOS and hard disk info Amy Goebel UNDOCINT 21H 7168 14/04/87 undocumented DOS calls Peter Holzmann VESA TXT 41269 01/17/90 VESA standard VESA VGAKIT DOC 7634 05/04/90 VGA programming kit John Bridges VGAPIN ARC 1252 24/10/88 VGA pinout "Mike" WD-27X ARC 6144 10/10/87 WD 27X HD controller setup Steve Shelton WDCONFIG ARC 5504 11/10/87 WD-1002 WXS setup Richard Driggers WDCONT ARC 11264 25/12/87 info on WD hard disk controllers Peter Fales XEB1210 ARC 7947 18/07/87 Xebec HD controller setup Richard Driggers XEBEC ARC 1036 30/04/88 setup for Xebec HD controller Richard Driggers XEBECTEC ARC 1834 30/04/88 setup for Xebec 1210 XGADEMO LZH 23552 01/27/91 IBM XGA programming info v.50 Bert Tyler XMS ARC 75776 1/08/88 Microsoft Extended Memory Specification 1.0 Microsoft Corporation XTCHARTS ARC 12416 4/11/88 ports, charts ********************************** NBRCV.C Paul McGinnis NetBIOS API calls DESQ10.ASM James H. LeMay DesqView API calls NETTUT.DOC Charles L. Hedrick TCP/IP network CED10D Chris Dunford CED interrupt calls LANTSTIC.DOC LANtastic adware peer-to-peer LAN calls GLOSSARY.ARC no author name computer terms 4DOS.DOC Tom Rawson 4DOS int 2Eh, 2Fh calls, SHELL= bug DOSREF isn't a tutorial, and sometimes you need a tutorial. Microsoft has finally written a half-decent one - The MS-DOS Programmer's Reference, Microsoft Press, 1991, ISBN 1-55615-329-5. This is the DOS 5.0 Tech Ref. It covers data structures and DOS programming concepts clearly. However, it has no information on other DOS versions, nor does it (of course) cover undocumented calls. ------------------------------------ Nothing gets written in a vacuum, and I'd like to express my thanks to all the people who have been good enough to furnish information and support: (in alphabetical order) Tommy Apple, Mike Crawford, Herman Diagostino, Joe Felix, Ron Melson, Denis Murphy, & Ben Sansing, who all loaned me documentation and reference material for so long that some of them have forgotten to ask for their stuff back And those users who were kind enough to help out: Mike Blaszczak, MA: (blaszczak on BIX) who went rampaging through work and client's sites to find and document various model ID bytes, plus plenty of information on MS OBJ file formats Carl Bretteville, Drammen Norway: who sent me a complete Concurrent DOS Programmer's Reference, considerably enriching the Norwegian postal service thereby Herman Diagostino, Manassas VA: who worked up the TECHMENU menu file and provided a copy of the rare IBM DOS 4.0 Technical Reference and a copy of the original MSDOS Encyclopedia from Microsoft, info on the Pelican 5.5mb floppy drive, IBM DOS 4.0 command reference, many hard drive specs James Drenter, Davenport IA: additional info on int 1Ch David Dorling, Buderim, Australia: found one embarrassing error in the device driver info and provided many expansions and clarifications Chris Dunford, Columbia MD: (CIS 76703,2002) who sent me a copy of the PCED 2.0 API Steve Grant, Jersey City NJ: (sjgrant on BIX) who granted permission to include his excellent SYSID program with my distribution disks, furnished several model IDs Roedy Green, Vancouver BC Canada: (roedy on BIX) many names and addresses for Appendix 5, serial and parallel port details and cabling, granted permission to include some of his very educational essays with my distribution disks, plus many details on DOS disk I/O Michael Koepke, Wood Dale IL: pinouts on EGA feature connector, PS/2 keyboard connector, DR-DOS programming information, much info on Digital's DR-DOS Curt Lankford, Little Rock, AR: loaned his copy of the AT&T 6300 Plus Hardware Technical Reference Alan R. Levinstone, Garland TX: 80286 LOADALL instruction BIOS Data Area floppy control parameters 40:8B, 40:8F, 40:90 Brian Long, Twyford UK: provided a copy of the then-nearly-unavailable DPMI 0.9 specification, plus port and address info Keith Meade, Rochester MN: (keithm on BIX) who provided a Microsoft Windows 2.11 SDK, copy of IBM TopView Feico Nater, Hengelo, Netherlands: additions to FCB calls, several pages of expansions and clarifications Bruce Nevins, Tucson AZ: (bnevins on BIX) Irwin low-level tape drive info, DEC PC info Patrick O'Riva, San Jose CA: info on what happens to the interleave when the BIOS is finished, and for his interesting online assembly-language magazine Klaus Overhage, Stuttgart W.Germany: FANSI-CONSOLE system calls, and translating the TechRef into German John Richards, England: (jrichards on BIX) European DOS 4.0 information Ben Sansing, Little Rock AR: ANSI.SYS information, documentation for the NEC V20/30 chips, reported error in register chart in Chapter 4, loaned his copy of PC-MOS/386 for testing Hans Schleichert, Marburg West Germany: information on int 2Fh, fn OAEh (internal DOS commands). Good thing I took some German in high school... John Switzer, CA: (jswitzer on BIX) who allowed me to include his discoveries on alternate DOS entries and file mysteries. (see BACKDOOR.ZIP on BIX, or Oct 1990 Dr. Dobbs') Fred Thompson, Rapid City SD: loaned his Sound Blaster manual, provided much info on graphics programming Matt Trask: (matt.trask on BIX) who donated a complete copy of the TopView Programmer's Reference Richard Vogh, Marietta GA: found several embarrassing errors in the boot sector chart in Chapter 8. The shame! The shame! Jim Wenzel, North Little Rock AR: more PC model ID codes, loaned his copy of the Windows 3.0 SDK The Software Link, Atlanta GA: provided a review copy of PC/MOS-386 and the programming guide Digital Research, Monterrey CA: provided review copies of DR-DOS 5.0 and DRMDOS Microsoft Corporation, Redmond WA: for beta-test versions of DOS 5.0, Windows 3.1, other products, information on DOS 5 and the DOSSHELL API Special thanks to Chris Dunford, who donated his "CED" program to the public domain. If it wasn't for CED, I would likely have abandoned MSDOS machines entirely and bought a Macin...uh... something else; and to Haruyasu Yoshizaki for allowing unrestricted use of his LHarc program used to compress the files on these diskettes. Dave Williams -------------------- Jacksonville, AR ** Programmer's Technical Reference for MSDOS and the IBM PC ** USA copyright TXG 392-616 ALL RIGHTS RESERVED ������������������������������Ĵ DOSREF (tm) ��������������������������������� ISBN 1-878830-02-3 (disk-based text) Copyright (c) 1987, 1992 Dave Williams �����������������������������Ŀ � Shareware Version, 01/12/92 � � Please Register Your Copy � ������������������������������� Additional Readings... I don't have and haven't seen most of this stuff, but I've come across mentions of it. This list is purely FYI... IBM's literature guide lists the following manuals: Hardware Technical References: PS/2 Model 25 $31.50 75X1055 PS/2 Model 30 $82.50 68X2201 PS/2 Model 30/286 $26.75 01F0237 PC $33.00 6322507 (the original) PC/AT $115.00 6280070 supplement for AT/339 $54.50 6280099 (enhanced 8mHz) XT/286 $55.00 68X2210 XT and Portable $54.50 6280089 Convertible $82.50 6280648 PCjr $38.50 1502293 (availability varies) PS/2 Hardware Interface $137.00 68X2330 (Micro Channel docs) PS/2 BIOS Interface $137.00 68X2341 (no source code listing) Advanced BIOS Interface $50 68X2288 DOS 3.3 Technical Ref. $93.00 6280059 (no reference for 4.0) DOS 4.0 Command Ref. $31.50 6280253 (commands only) 8514/A Developer's Guide $26.75 68X2279 There is supposed to be a DOS 4.0 Technical Reference, but there's no name or part number listed in the official IBM literature. You might check with your local IBM retailer. (hah!) DOS 4.0 Technical Ref. $--.-- 6280254 (not listed in catalog) IBM NetBIOS Application Development Guide (API) $49.25 68X2270 (not listed in catalog) address: IBM Technical Directory 800-426-7282 PO Box 2009 414-633-8108 Racine WI 53404-3336 BC, Canada 112-800-465-1234 Canada 800-465-1234 catalogs are free Zenith Data Systems' "MS-DOS version 2 Programmer's Utility" comes with MASM, a version of the MS-DOS Programmer's Reference from Microsoft, the assembly language source for Zenith's ANSI.SYS driver, an editor, an assortment of filters and utilities, and the source listing for the "device dependent" portion of MS-DOS for the Z-151. "Document Content Architecture: Revisable - Form - Text Reference" IBM Document SC23-0758-1 IGES (International Graphics Exchange Specification) 3.0 documentation, Global Engineering Documents (800) 854-7179. Part number NBSIR 86-3359, NBS. ISBN 0-672-22027-X "Interfacing To the IBM Personal Computer" by Lewis C. Eggebrecht, Howard W Sams & Co., Indianapolis, IN. Intel Application Note AP-133, "Getting Started with the Numeric Data Processor," by Bill Rash. February 1981. Intel iAPX 286 Programmer's Reference Manual, including the iAPX 286 Numeric Supplement, Intel part no. 210498-003. Has some reasonably useful example codes in section 4, including ASCII to binary and vice versa on pages 4-7 to 4-14 and trig functions on 4-18 to 4-23. The programming style in these examples is rather bizarre but they are better than nothing. Intel 80387 Programmer's Reference Manual, Intel part no. 231917-001. Various example listings on pages 7-7 to 7-17, including ASCII to binary and binary to ASCII conversions and raising a number to a power. No trig routines in this manual because the 80387 has built-in FSIN, FCOS, and FSINCOS instructions and generalized FPTAN and FPATAN instructions that make subroutines unnecessary. Hercules sells a graphics library for the Herc board called GRAPHX for $50. DoD Trusted Computer System Evaluation Criteria (popularly known as "The Orange Book) GPO Stock No 008-000-00461-7 Cost $6.00 Information Interchange Standards: ANSI X 3.15-1976 (FIPS 16-1) Bit Sequencing In Serial-By-Bit Data Transmission. ANSI X3.16-1976 (FIPS 17-1) Character Structure and Parity-Sense, Serial-By-Bit. ANSI X3.25-1976 (FIPS 18-1) Character Structure and Parity-Sense, Parallel-By-Bit. ANSI X3.4-1977 (FIPS 1-1) Code for Information Interchange ANSI X3.41-1974 (FIPS 35) Code Extension Techniques for Use With 7-Bit Coded Characters. ANSI X3.64-1979 (FIPS 86) Additional Controls for Use With... ANSI X3.32-1973 (FIPS 1) Graphic Representation of the Control Characters. ANSI X3.78-1981 Representation of Vertical Carriage positoning Characters. ANSI X3.42-1975 Representation of numeric values in Character Strings. ANSI X3.98-1983 Page Image Format (PIF), Text, for Information Systems. ANSI X3.28-1976 Procedure for the Use of Communications Control Characters. ANSI X3.66-1979 (FIPS 71) Advanced Data Communications Control Procedures (ADCCP) Data Encryption Standards: ANSI-X3.92-1981 Data Encryption Algorithm ANSI-X3.105-1983 Data Link Encryption ANSI-X3.106-1983 Modes of Operation of Data Encryption Algorithm Serial Interface Standards: RS-232-C Aug 1969 (June 1981) Interface Between Data Terminal Equipment (DTE) and Data Communications Equipment (DCE) Bulletin #9 May 1971 (Application Notes) ...reviews methods of operation...service and trans- mission facility characteristics... Bulletin #12 Nov 1977 (Application Notes) Interconnection Between RS-449 and RS-232-C ... Bulletin #14 Mar 1982 (Application Notes) Loop Test Circuits Not Defined in RS-232-C RS-336-A Mar 1979 Interface Between DTE and Automatic Calling Equipment RS-449 Nov 1977 RS-449-1 Addendum 1 Feb 1980 General Purpose 37- and 9-Position Interface for DTE and Data Circuit-Terminating Equipment (DCE)... Standards Groups: AFIP (Federal Information Processing Standards) Office of Technical Information and Publications National Bureau of Standards Washington, D.C. 20234 ANSI American National Standards Institute, Inc. 1430 Broadway New York, New York 10018 BELL ?? EIA Electronic Industries Association 2001 Eye Street Washington, D.C. 20006 CCITT ?? ISO International Standards Organization (available through ANSI) Coding and Information Theory by Richard W. Hamming (Prentice-Hall, 1980) Error Correcting Codes by W. Wesley Peterson (MIT Press and Wiley, 1961) Handbook of Software & Hardware Interfacing for IBM PCs Jefferey P. Royer 1987 by Prentice-Hall, Inc. (Osborne-McGraw-Hill) Englewood Cliffs, NJ 07632 ISBN 0-13-381831-4 hardware and expansion card design and interfacing The C Programmer's Guide to NetBios, W. David Schwaderer, Howard W Sams & Company, ISBN 0-672-22638-3 $24.95. Computer Networks - Andrew S. Tanenbaum,Prentice Hall, ISBN 0-13-162959-X Local Area Networks - Thomas W.Madron - Wiley, ISBN 0-471-85989-3 Netware APIs: There are many API packages available from Novell. Some of them: Value-Added Process API $10.00 part number 420-10361-001 Netware Enhancements Package (security APIs, Queue Management, Accounting Services) $15.00 part number 420-010316-110 Peer to Peer Comm. $15.00 part # 421-10070-001 Message Handling Service Interface $15.00 part # 420-10360-001 Novell API Reference Manual vols 1 & 2 $25.00 each part #s 452-760041-001 and 452-760042-001 C language Novell API Reference $250.00 part # 452-760043-001 Programmer's Guide $49.00 part # 420-000089-001 NetWare Technical Journal, 650 South Clark, Chicago, IL 60605-9960, pub. four times a year for $50.00/yr. SCSI specification: $25 from the American National Standards Institute, 1430 Broadway, New York, NY 10018, (212) 642-4900. SCSI-2 X3T9.2 committee working documents, CAM committee documents, and the most current draft of the SCSI-2 specification are available for downloading from the SCSI BBS at (316) 636-8700 (300, 1200, or 2400 bps; 24 hours). A paper copy of the SCSI-2 draft specification is available for $60 from Global Engineering Documents 2805 McGaw Ave., Irvine, CA 92714, (800) 854-7179 or (714) 261-1455. SMB protocol (used by Microsoft in MS-Net and Lan Manager) "IBM Personal Computer Seminar Proceedings", Volume 2, Number 8-1, G320-9310-00. Security (DES, etc): NCSC's VENDOR'S GUIDE (dark green book [part of the Rainbow series of books]). Write to: National Security Agency, ATTN: S613, Ft. George Meade, MD 20755-6000, or call (301) 688-6581. Programmer's Guide to PC & PS/2 Video Systems Richard Wilton Microsoft Press 1987 ISBN 1-55615-103-9 Logitech Mouse Tech. Ref. and Programmer's Guide v2.0, $25 (415)795-0801 ============================== I N V O I C E =================SWv2.2a======= mail invoice to: SHIP TO: Dave Williams +---------------------------------------- DOSREF | PO Box 181 | Jacksonville, AR | 72076-0181 USA | | Order #: | Date : | PO # : | +---------------------------------------- =============================================================================== item | description |unit pr| qty |total price =============================================================================== Programmer's Technical Reference _______ _____ _____ _____ USA: $20 Canada: $25 CDN (checks) $20 US (postal money orders) United Kingdom: �15 check one: EuroCheques: �15 UK | | (1) 1.44m disk Cash, checks, or money orders are acceptable. | | (1) 1.2mb disk =============================================================================== Orders from other countries, please make payment DOSREF _$20.00__ in one of the currencies listed above. packing and postage _$1.75___ $1.25 extra charge for 3 x 360K [ ] or 2 x 720K [ ] diskettes _________ $10 surcharge for approved corporate or government purchase orders _________ total _________ or charge your American Express card: account #:__________________________ expiration date: ____________________ signature: _______________________________ today's date: __________________ Where did you hear about DOSREF? __________________________________________ Would you like a copy of the latest shareware version to upload or pass out to friends or associates? YES___ NO___ THANK YOU! -------------------- QUICK MAILER ---------------------- Please support quality shareware by your registration. Thank you for your support! DOSREF 2.2a Registration Form make check or money order to: Dave Williams PO Box 181 (DOSREF) see INVOICE.TRF for foreign orders Jacksonville AR 72076-0181 USA unit price Programmer's Technical Reference ................. $20 surcharge for gov't or corporate POs ............. $10 shipping and handling ............................ $1.75 Total $___________________ ------------fold------------ INSTANT REGISTRATION ---------here------------ check disk type | | (1) 5-1/4 inch, 1.2mb | | (1) 3-1/2 inch, 1.44mb Where did you hear about DOSREF? __________________________________________ __________________________________________ Use Address on envelope ( ) check ( ) or: Name ___________________________________________________________________ Address ___________________________________________________________________ ___________________________________________________________________ ___________________________________________________________________ Copy this file to the printer. After the first page prints, you will have to turn it over and print the back side for the address. Fold at the page break below with the printing facing out. Then fold letter style, putting this side in and the address side out. If necessary, staple the check to the mailer, then staple or tape the sides and top. Check here if you would like a copy of the latest shareware version to pass around or upload to a local BBS: _____ THANK YOU! --------- _________________________________ | | | | _________________________________ | Stamp | | | _________________________________ | | --------- Dave Williams PO Box 181 (DOSREF 2.2) Jacksonville, AR 72076-0181 USA DOSREF SWv2.2a