How to access BIOS Interrupt without using "INT" instuction

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
User avatar
osdevkid
Member
Member
Posts: 72
Joined: Sun Nov 21, 2010 11:15 am
Location: India, Chennai

How to access BIOS Interrupt without using "INT" instuction

Post by osdevkid »

Dear All,

I wonder the below code access BIOS interrupt 0x41 and loads the FDPT address (Address pointer: FDPT = Fixed Disk Parameter Table (1st hard drive)) in to SI register and transfer the 16 bytes in to address 0x90080.

Code: Select all

  ; Get hd0 parameter table info pointed at by BIOS int 0x41
	mov	ax,#0x0000
	mov	ds,ax
	lds	si,[4*0x41]	; set DS:[SI] 
	mov	ax,#0x9000
	mov	es,ax
	mov	di,#0x0080	; ES:[DI] = 0x90080
	mov	cx,#0x10		; repeat 16 times
	rep						
	movsb			; copy byte at DS:[SI] to ES:[DI] & update SI and DI.
I know, each BIOS interrupt vector is 4 bytes long, but I want to know, how this calculation [4 * 0x41] works ?

First I have assumed as, it is a simple index calculation method, however the BIOS interrupts are start from 00h to 1Fh and 41h, 46h, 4Ah, etc., so the list is not in constant incremental order, so I got confused.

Dear experts please clarify me,
1) how it is working ([4 * 0x41])?
2) In this case, is it possible to access all BIOS interrupts in the same manner without calling "INT" instruction?
User avatar
bluemoon
Member
Member
Posts: 1761
Joined: Wed Dec 01, 2010 3:41 am
Location: Hong Kong

Re: How to access BIOS Interrupt without using "INT" instuct

Post by bluemoon »

The IVT is layout such that the first 1024 byte of memory corresponding to the address of 256 vectors, each 4 bytes in size.

So, the address of 0x41-th vector will be (0x41 * 4).
It's worth noticing that lds si, [0x41*4] actually load data from DS:[0x41*4], that's why it is needed to be cleared to zero.

For the second question, yes, you can access(read/write) them using similar manner, you may also simulate INT instruction to execute them with push/jumps, which is fairly common technique to hook/replace an interrupt vector.
User avatar
osdevkid
Member
Member
Posts: 72
Joined: Sun Nov 21, 2010 11:15 am
Location: India, Chennai

Re: How to access BIOS Interrupt without using "INT" instuct

Post by osdevkid »

bluemoon wrote:So, the address of 0x41-th vector will be (0x41 * 4).
It's worth noticing that lds si, [0x41*4] actually load data from DS:[0x41*4], that's why it is needed to be cleared to zero.
Hai bluemoon,

Thanks for your reply, what you would like to explain to me is, BIOS interrupts list is in incremental order like below:

Code: Select all

00h to 1Fh 
20h to 40h => reserved
41h
42h to 45h => reserved
46h
etc.,
So we can acces like an array, am I right ? please confirm.
jal
Member
Member
Posts: 1385
Joined: Wed Oct 31, 2007 9:09 am

Re: How to access BIOS Interrupt without using "INT" instuct

Post by jal »

osdevkid wrote:So we can acces like an array, am I right ? please confirm.
You should Google the term "IVT" and it will explain all. It seems that you don't have the required knowledge.


JAL
Tosi
Member
Member
Posts: 255
Joined: Tue Jun 15, 2010 9:27 am
Location: Flyover State, United States
Contact:

Re: How to access BIOS Interrupt without using "INT" instuct

Post by Tosi »

Also look in the intel manuals for where it explains the operation of real mode interrupts. It's somewhere in the second volume.
User avatar
trinopoty
Member
Member
Posts: 87
Joined: Wed Feb 09, 2011 2:21 am
Location: Raipur, India

Re: How to access BIOS Interrupt without using "INT" instuct

Post by trinopoty »

Each entry in the IVT is 4 bytes structured as follows:

Code: Select all

struct IVT_Entry
{
    unsigned short offset;
    unsigned short segment;
};
So if you want ot call BIOS interrupts without the INT instruction; do as follows:

Code: Select all

mov ax, 0x0000
mov ds, ax
mov ax, 0x41 ; interrupt no
mov cx, 0x04
xor dx, dx
mul cx
mov bx, ax
les ax ds:[bx] ; ES = interrupt segment; AX = interrupt offset
push 0x0000 ; replace 0x0000 with the segment where the interrupt will return
push 0x0000 ; replace 0x0000 with the offset where the interrupt will return
push es
push ax
retf ; calls the interupt
But its a lot faster to use the INT instruction.
User avatar
turdus
Member
Member
Posts: 496
Joined: Tue Feb 08, 2011 1:58 pm

Re: How to access BIOS Interrupt without using "INT" instuct

Post by turdus »

trinopoty wrote: So if you want ot call BIOS interrupts without the INT instruction; do as follows:

Code: Select all

mov ax, 0x0000
mov ds, ax
mov ax, 0x41 ; interrupt no
mov cx, 0x04
xor dx, dx
mul cx
mov bx, ax
les ax ds:[bx] ; ES = interrupt segment; AX = interrupt offset
push 0x0000 ; replace 0x0000 with the segment where the interrupt will return
push 0x0000 ; replace 0x0000 with the offset where the interrupt will return
push es
push ax
retf ; calls the interupt
But its a lot faster to use the INT instruction.
Your code is messy. You can do the same with less code:

Code: Select all

xor ax, ax
mov es, ax
mov bl, 0x41    ;interrupt number
shl bx, 2
les ax, ds:[bx]
pushf
call far es:ax
But, this is not the case here. The point is that the specified ISR address does not hold an executable code, so you can't call it, instead it's a data area that has to be read (using "mov" instead of "call"/"int").
Last edited by turdus on Wed Mar 23, 2011 7:52 am, edited 1 time in total.
User avatar
qw
Member
Member
Posts: 792
Joined: Mon Jan 26, 2009 2:48 am

Re: How to access BIOS Interrupt without using "INT" instuct

Post by qw »

I edited this reply so many times it became a bit messy. And in the mean time, Turdus already replied. So I deleted the whole thing.

Last note: "call far es:ax" is illegal. Make it "call far [es:bx]".
Last edited by qw on Wed Mar 23, 2011 7:57 am, edited 5 times in total.
User avatar
turdus
Member
Member
Posts: 496
Joined: Tue Feb 08, 2011 1:58 pm

Re: How to access BIOS Interrupt without using "INT" instuct

Post by turdus »

Hobbes wrote:There is no [AX].
The routine will return with an IRET so you have to push the flags too.
Right! My mistake.
ym
Posts: 8
Joined: Thu Mar 24, 2011 2:05 am

Re: How to access BIOS Interrupt without using "INT" instuct

Post by ym »

turdus wrote:
trinopoty wrote: So if you want ot call BIOS interrupts without the INT instruction; do as follows:

Code: Select all

mov ax, 0x0000
mov ds, ax
mov ax, 0x41 ; interrupt no
mov cx, 0x04
xor dx, dx
mul cx
mov bx, ax
les ax ds:[bx] ; ES = interrupt segment; AX = interrupt offset
push 0x0000 ; replace 0x0000 with the segment where the interrupt will return
push 0x0000 ; replace 0x0000 with the offset where the interrupt will return
push es
push ax
retf ; calls the interupt
But its a lot faster to use the INT instruction.
Your code is messy. You can do the same with less code:

Code: Select all

xor ax, ax
mov es, ax
mov bl, 0x41    ;interrupt number
shl bx, 2
les ax, ds:[bx]
pushf
call far es:ax
But, this is not the case here. The point is that the specified ISR address does not hold an executable code, so you can't call it, instead it's a data area that has to be read (using "mov" instead of "call"/"int").

should these code work under protected mode ?
eddyb
Member
Member
Posts: 248
Joined: Fri Aug 01, 2008 7:52 am

Re: How to access BIOS Interrupt without using "INT" instuct

Post by eddyb »

ym wrote:
turdus wrote:
trinopoty wrote: So if you want ot call BIOS interrupts without the INT instruction; do as follows:

Code: Select all

mov ax, 0x0000
mov ds, ax
mov ax, 0x41 ; interrupt no
mov cx, 0x04
xor dx, dx
mul cx
mov bx, ax
les ax ds:[bx] ; ES = interrupt segment; AX = interrupt offset
push 0x0000 ; replace 0x0000 with the segment where the interrupt will return
push 0x0000 ; replace 0x0000 with the offset where the interrupt will return
push es
push ax
retf ; calls the interupt
But its a lot faster to use the INT instruction.
Your code is messy. You can do the same with less code:

Code: Select all

xor ax, ax
mov es, ax
mov bl, 0x41    ;interrupt number
shl bx, 2
les ax, ds:[bx]
pushf
call far es:ax
But, this is not the case here. The point is that the specified ISR address does not hold an executable code, so you can't call it, instead it's a data area that has to be read (using "mov" instead of "call"/"int").

should these code work under protected mode ?
You would need some kind of unreal mode for that.
Or if you don't want that, use an emulator to execute the real-mode code of the BIOS while remaining in protected mode.
User avatar
turdus
Member
Member
Posts: 496
Joined: Tue Feb 08, 2011 1:58 pm

Re: How to access BIOS Interrupt without using "INT" instuct

Post by turdus »

ym wrote: should these code work under protected mode ?
That depends. Reading the pointed memory can be done without problem, but if you mean executing the pointed real mode ISR code the answer is no.
mxandmx
Posts: 3
Joined: Thu Apr 28, 2011 11:14 am

Re: How to access BIOS Interrupt without using "INT" instuct

Post by mxandmx »

Turdus:

If you had everything running in ring 0 wouldn't you be able to execute the ISR? IS it due to the fact you'd be dealing with 32 bit registers? What about 16-bit protected mode then?

Cheers
User avatar
Combuster
Member
Member
Posts: 9301
Joined: Wed Oct 18, 2006 3:45 am
Libera.chat IRC: [com]buster
Location: On the balcony, where I can actually keep 1½m distance
Contact:

Re: How to access BIOS Interrupt without using "INT" instuct

Post by Combuster »

You can not execute real mode code in protected mode for the sole reason that the address translation scheme is incompatible.
"Certainly avoid yourself. He is a newbie and might not realize it. You'll hate his code deeply a few years down the road." - Sortie
[ My OS ] [ VDisk/SFS ]
jal
Member
Member
Posts: 1385
Joined: Wed Oct 31, 2007 9:09 am

Re: How to access BIOS Interrupt without using "INT" instuct

Post by jal »

Combuster wrote:You can not execute real mode code in protected mode for the sole reason that the address translation scheme is incompatible.
You cannot execute random real mode code in protected mode, that's for sure, but specially crafted code can run fine. I recall a story about the history of QNX, where the first x86 versions ran in real mode, each program/process limited to a 64KB page, and they had very little compatability problems when they introduced the 286 protected mode version, most programs running fine in PM as well.


JAL
Locked