June 28th, 2003, 06:39 PM
Anyone knows here how to Call DOS/BIOS interrupts from protected mode Windows. While writing assembly code for windows, I wrote the "int 21h" instruction and my computer hung. Anyone can provide a solution?
June 28th, 2003, 06:51 PM
As far as I'm aware:
Windows 3.0, 3.1, 3.11, Win95, Win98, possibly WinME:
DOS int21 calls can be used inside a 16-bit Windows module or program (which under Windows 95/ 98/ ME can be called from a 32-bit program)
You should not call int21 in protected mode.
Under a DOS box, (in v86 mode), you can make int21 calls and they will be redirected. Again, in DOS you can't call them in protected mode (however most dos extenders' libraries switch to real mode for it)
In Windows NT, 2000, XP
- You should never call any dos interrupt at all, except in a DOS box.
- In a dos box it might work because the ntvdm will intercept it and do the appropriate windows calls.
So you want to call it from protected mode? Why?
All int21 does is provide an interface into filesystem operations that you can do anyway. You have two options:
- Make a call into the C library DLL to call things like fopen()
- Make a call into kernel32.dll to call things like CreateFile()
June 28th, 2003, 06:52 PM
I came in to the world with nothing. I still have most of it.
June 29th, 2003, 08:51 AM
Actually, I gave the int 21H as just an example. I want to issue any interrupt that I can like all the BIOS interrupts, keyboard interrupts, video interrupts etc. I know interrupts are not allowed in Windows Applications, but I thought, maybe, someone must have found some methord.
June 29th, 2003, 10:51 AM
You are not allowed to call any interrupts:
- Video bios interrupts - would screw up the screen by conflicting with the video driver
- Bios interrupts - some of them could do things that would be undesirable, for example, block IO, which would conflict with Windows cache
- Dos interrupts - most should be harmless enough, but some do things that would break windows, like Terminate and Stay Resident, exit program etc
You just aren't allowed to do it. There are other ways of doing all those things.
June 29th, 2003, 07:57 PM
Yes, that is what I want to know. The Undocumented techniques or in your langage "the other ways of doing stuff". I also want to know how to have direct memory access. For example, we know that the keyboard status is stored at address 0x417. I want to write to that address directly but Windows just wont allow it because my program runs at ring 3(least privileged). I want to know how to transfer my program to ring 0.
I know these stuff is quiet advanced, but I want to have these inside knowledge.
June 29th, 2003, 10:51 PM
I have to agree wholeheartedly with slarty on this, the whole point of the protected sub-systems is to prevent this sort of shenanigans, If you are however determined to follow the dark path there are ways. I suggest you begin my studying the NT kernel: the NT executive and the HAL in particular. There are a few ways to go about it, one being to use the HAL functions,the other is to bypass the HAL completely doing this however will most likely render your code totally un-portable. Since you want to be able to execute your code from windows you are going to need a Kernel mode device driver which will allow you to skip the LPC, which is used as RPC for user-mode api's, and implement the HAL functions. You will need the Windows DDK(Driver Devolpement Kit) for all this. The other and even more suicidal method you could use to destroy your computer with, would be to create a DMA kernel mode driver which will basically allow you to overwrite your kernel if you feel like it(and dont blame me if you do! this will not use IRQ's just pure memory acces so you better know where you're going) There is also the interesting method of abusing undocumented kernel entry points with drivers,so I have provided some links for you but you will most likely find the best information on this from Hoglund at http://www.rootkit.com. He's a great guy and IMHO the undisputed champion of mucking about in the seedy underworld of the Windows kernel. Now that I have sufficiently attempted to disuade you, if you do have a go at the daunting task ahead have fun and let me know if you find something interesting.
Edit: You can of course do all the interrupt access you like in a 16-bit environment due to the fact NT creates a VDM(virtual dos machine) in memory and just pretends for your sake to make you happy, but if you're attempting something you shouldnt Windows will catch you(still protected process aka user-mode)
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier