A.01 PC’s main data structures
Both BIOS and DOS store their important data in especially devoted areas of computer’s memory. Data placement inside these areas is not fixed for ever and may depend on version of BIOS and DOS. Therefore data in system structures should not be addressed directly, but rather should be accessed via special functions, described in chapter 8 of this book. One more reason is that data can’t be updated properly unless the corresponding service function is called for.
Nevertheless direct access to system data structures may be necessary. It enables to get more information than you are allowed to know via service functions. For debugging purposes you may need to see data “as they were”, without being updated. You may need to intervene, to change certain settings in order to provoke desirable consequences. Of course, each such action is done exclusively at your own risk, but it may give you a chance, which otherwise would be lost.
A.01-1. BIOS data area
Just when computer is switched on its BIOS system begins to gather data and arrange its data area. In AT-compatible computers the BIOS data area occupies 100h bytes at 0040:0000h–0040:00FFh. The table below gives general disposition of selected data items with references to separate data tables for floppy drives (A.08-1), video system (A.10-6), keyboard (A.02-3) and other hardware (A.11-1).
|00h||2||Port COM-1 base I/O address|
|02h||2||Port COM-2 base I/O address|
|08h||2||Port LPT-1 base I/O address|
|0Eh||2||Auxiliary BIOS data segment (0000h if absent)|
|10h||2||Installed hardware word (A.11-1)|
|12h||1||Status of POST self-test|
|13h||2||Base memory size in kilobytes|
|17h||39||Keyboard’s buffer and flags (A.02-3)|
|3Eh||7||Floppy drive status registers (A.08-1)|
|49h||22||Current video mode data (A.10-6)|
|67h||4||Restart address after CPU reset [Note 4 to A.12-1]|
|6Ch||4||Timer ticks, counted since midnight|
|70h||1||Count of days, reset after INT 1AAH=00h call|
|71h||1||Bit 7 set after Ctrl-Break keystroke|
|72h||2||Prescribed action of POST test [Note 1]|
|74h||1||HDD’s last operation error code (A.06-01)|
|75h||1||Number of hard disk drives|
|77h||1||Hard disk drive I/O port address|
|78h||1||Port LPT-1 timeout counter|
|7Ch||1||Port COM-1 timeout counter|
|7Dh||1||Port COM 2 timeout counter|
|80h||4||Keyboard buffer’s start and end offsets (A.02-3)|
|84h||8||Video control registers (A.10-6)|
|8Ch||3||HDD controller’s status registers|
|8Fh||7||Floppy drive controller’s information (A.08-1)|
|96h||2||Keyboard’s status bytes (A.02-3)|
|98h||4||Pointer to wait-complete flag (INT 15AX=8300h)|
|9Ch||4||Timer’s wait count in microseconds|
|A0h||1||System timer’s flags: |
|CEh||2||Count of days since last boot|
|F0h||16||Intra-application communication area|
- ^ a b After a reboot, initiated by a jump far to F000:FFF0h address,[Note 4 to A.12-1] POST test performance depends on contents, preserved in 0040:0072h memory cell :
- 0000h – “cold” boot (full POST with memory test)
- 1234h – “warm” boot (bypass memory test)
- Since data disposition in BIOS data area may depend on BIOS version, it is for you to decide, whether the data item at any particular offset is indeed the one you expect to find there.
A.01-2 Selected entries in DOS’ list-of-lists
List-of-lists is the basic data structure, created by IO.SYS loader at start of DOS loading procedure. A pointer to first byte of DOS’s list-of-lists is returned by INT 21AH=52h function (8.02-59). Fig.10 (in appendix A.03-3) illustrates process of access to list-of-lists. Selected information about data items in DOS’s list-of-lists is given in the following table.
|– 02h||2||Segment address of the first MSB (A.12-7)|
|00h||4||Pointer to the first DPB block [Note 1]|
|04h||4||Pointer to SFT (System File Table, A.01-4)|
|0Ch||4||Pointer to active CON (Console) device driver|
|10h||2||Maximum bytes per sector on any drive|
|16h||4||Pointer to first record in CDS structure (A.03-3)|
|20h||1||Number of registered drives (block devices)|
|21h||1||Number of records in CDS structure (A.03-3)|
|22h||18||Actual NUL device driver header [Note 2]|
|34h||1||Number of virtual drives created by JOIN.EXE|
|37h||4||Pointer to SETVER’s table (0000:0000h if none)|
|3Dh||2||PSP segment of the last executed program|
|43h||1||Boot drive (01h = A:, 03h = C:, and so on)|
|45h||2||Extended memory size (in kilobytes).|
- ^ DPB blocks (Drive Parameter Blocks, A.03-1) are arranged in a chain, so that a pointer to the next DPB is at offset 19h in the previous DPB.
- ^ NUL device driver header at offset 22h is the first in a chain of driver headers. First dword in each header is a pointer to the next header. Another way to obtain a pointer to the second driver header is via INT 2FAX=122Ch. Last header in the chain begins with word FFFFh.
A.01-3. Selected items in DOS’s swappable data area
Current address and size of DOS’s swappable data area (SDA) are returned by INT 21AX=5D06h function (8.02-70). SDA stores continuously updated data, including main DOS’s system stacks. These data reflect ever changing DOS’s status at each current moment. Total size of swappable area may be as large as several kilobytes, it depends on size of the stacks.
The SDA area is named “swappable”, because its swapping is the main mechanism of obtaining DOS’s re-enterability, i.e. opportunity to call DOS’s functions by TSRs and handlers, which themselves may be called while execution of previous DOS’s function hasn’t been finished. If interrupt handler reveals that either critical error flag (at offset 00h in SDA) or InDOS flag (at offset 01h in SDA) have a non-zero value, hence a call for this handler has interrupted execution of a DOS’s function, and then the next call for any DOS’s function can change data in SDA area so that a return back to proper resumption of the interrupted program will become impossible. Though sometimes resumption of interrupted program is possible (8.02-28, 8.02-87), nevertheless the most radical solution is to save contents of SDA before any DOS’s function is called, and to restore SDA state afterwards on basis of the saved data. It also should be taken into account that INT 21AX=5D06h function itself (8.02-70) is non-reentrant; therefore a call for SDA’s address should be performed beforehand, during handler’s initialization, so that at the moment of interrupt the handler may read a prepared SDA address without a new call for INT 21AX=5D06h.
The table below shows selected data items inside swappable data area
|00h||1||Critical error flag (“ErrorMode”)|
|01h||1||InDOS flag (INT 21AH=34h, 8.02-28)|
|02h||1||Drive, caused critical error, or FFh if no error|
|03h||1||Locus of the last error (A.06-4)|
|04h||2||Extended code of the last error (A.06-1)|
|06h||1||Suggested action after the last error (A.06-3)|
|07h||1||Class of the last error (A.06-2)|
|08h||4||ES:DI pointer at the moment of last error|
|0Ch||4||Current address of DTA (8.02-16)|
|10h||2||Current program’s PSP segment (process identifier)|
|14h||2||Errorlevel value from last program’s termination|
|16h||1||Current logical disk number|
|17h||1||The BREAK flag (3.01, 4.02, 8.02-25)|
|2Ah||1||Flag of FAIL response to INT 24 (8.02-84) call|
|2Bh||1||Allowable INT 24 actions (8.02-84)|
|30h||1||Day of month|
|32h||2||Year, counted from 1980|
|34h||2||Number of days since 01-01-1980|
|36h||1||Day of week (0 = Sunday)|
A.01-4 System File Table structure
Associations between access handles and the corresponding “opened” objects are stored by DOS in a chain-like queue of tables, named SFT (System File Tables). This name is not quite correct, because “opened” objects may be not files only, but also allotted XMS areas, driver’s access channels and other objects, known as “character devices”.
A pointer to the first SFT is at offset 04h in the list-of-lists (A.01-2). Each SFT begins at offset 00h with a dword pointer to the next SFT, except the last one, which is marked with word FFFFh at offset 00h. Such structure can easily be traced through from the first SFT to the last. A word at offset 04h in each SFT declares number of entries in this particular SFT. Each entry corresponds to one “opened” object. Total number of SFT entries is limited by FILES specification in CONFIG.SYS file (4.12).
Numbers of SFT entries, which are “opened” to a given program, are stored in JFT at offset 18h inside PSP (A.07-1), belonging to this program. The corresponding “opened” objects are addressed to with handles (INT 21AH=3Dh, 8.02-33), which identify SFT entries according to disposition order of their numbers in JFT. The number of SFT entry, corresponding to a given handle, can be found also with INT 2FAX=1220h (8.03-11). Then INT 2FAX=1216h function (8.03-09), being given the SFT entry number, returns a pointer to this entry. Some information about active SFT entries and corresponding objects can be obtained via INT 21AX=4400h function (8.02-40).
The first three SFT entry numbers have fixed default associations: 00h – AUX channel (COM1 port), 01h – the CON device (console), 02h – the PRN device (LPT1 port). These 3 SFT entry numbers are automatically written into JFT table of each program. Order of their disposition in JFT (01h, 01h, 01h, 00h, 02h) defines associated handles: 0000h – for STDIN channel, 0001h – for STDOUT channel, 0002h – for STDERR channel, 0003h – for COM1 port, 0004h – for LPT1 port. SFT entries for handles 0005h and on are created on requests by INT 21AH=3Dh (8.02-33) and by INT 21AX=6C00h (8.02-78) functions.
The first entry in each SFT table starts at offset 06h. As far as each entry has fixed length 3Bh, start points of the following entries can be easily calculated. The table below specifies selected data items inside each entry with offsets counted from start point of that entry. The first column “CDE” of the table corresponds to “character device” entries, the second column “OFE” – to entries, associated with ordinary files.
|00h||00h||2||Number of handles to the object (FFFFh if none)|
|02h||02h||1||Access and sharing conditions (A.09-4)|
|03h||1||Flags [Note 1]|
|04h||1||File’s attributes (A.09-2)|
|05h||05h||2||Object’s info word (A.04-2 for files, A.05-2 for others)|
|07h||07h||4||Pointer to DPB (A.03-1) for files or pointer to driver’s header (A.05-1) for other objects|
|0Bh||2||Starting cluster number (for local files only)|
|0Dh||2||File’s packed time (INT 21AX=5700h, 8.02-63)|
|0Fh||2||File’s packed date (INT 21AX=5700h, 8.02-63)|
|15h||4||File’s pointer position (INT 21AH=42h, 8.02-38)|
|19h||2||Relative number of the last cluster accessed|
|19h||4||Pointer to IFS redirector records|
|1Bh||4||Number of directory sector containing file’s entry|
|1Fh||1||Number of file’s entry in directory sector|
|20h||20h||11||Name in FCB-format (A.09-5) of file or other object|
|31h||2||Identifier (PSP segment) of file’s owner process|
|35h||2||Absolute number of the last accessed cluster|
|37h||4||Pointer to IFS-driver or 0000:0000h for ordinary files|
- ^ Flags byte at 03h includes all BH register settings, specified for INT 21AX=6C00h function (8.02-78). Besides this, set state of bit 7 in flags byte marks files opened by means of FCB.
A.02 Keyboard codes and national adaptation
A.02-1 Key codes
User’s control over PC via keyboard must be enabled always, even when operating system isn’t loaded yet. Therefore motherboard’s hardware and BIOS system are responsible for compatibility with different types of keyboards. Just when PC is switched on, its BIOS system loads INT 09 and INT 16 handlers, providing various keyboard functions.
Keyboard signals are received and transformed by keyboard controller. It responds to each change of key’s state (press or release) with preparing code for port 60h and sending a request via IRQ 01 interrupt request line. Request invokes the INT 09 handler. Some keys induce keyboard controller to send a succession of codes, so that INT 09 handler is invoked several times. The code, read by INT 09 handler from port 60h, is most often the scan code of some key, but it may be a service code. Codes from E0h to FFh, and also 00h and AAh are interpreted as service codes. Service codes, charged with a special keystroke identification mission, are known as prefixes :
- E0h – prefix for discrimination between those keys, which for the sake of compatibility with obsolete 84-key keyboards have been given identical scan codes.
- E1h – prefix for keys having a two byte scan code. In ordinary keyboards there is only one such key: Pause/Break.[Note 6]
Reading of a prefix from port 60h makes INT 09 handler prepared to a specific interpretation of that scan code, which will be received by the next call for INT 09. In the second column (INT 09) of the table below hexadecimal scan codes of keystrokes are shown, read by INT 09 handler from port 60h. Key release codes are not shown in the table, because release codes can be easily derived from keystroke codes by making its 7th bit set. For example, key “A” sends keystroke (press) code 1Eh, hence its release code is 9Eh. But those scan codes, which are sent preceded by a prefix either E0h or E1h, are shown in the second table’s column together with this prefix. Naturally, release codes of the same keys are preceded by the same prefix.
“Raw” scan code, read from port 60h, is translated by INT 09 and INT 16 handlers into a new pair — a unified scan code and ASCII value, corresponding to the pressed (or released) key. Just this data pair will be presented to program, sending a request for keyboard input via INT 16. Unified scan-code most often is equal to press scan code, but may be altered, if at the same time a “functional” key is kept pressed: SHIFT, CTRL, or ALT. Each “functional” key has its own scan code (in second column of the table below). Scan codes of “functional” keys are taken into account by INT 09 handler, but are not stored in keyboard buffer. States of “functional” keys are expressed otherwise: via a status word, returned by INT 16AH=12 function (8.01-85).The following table represents keys of the most widely used 104-key “enhanced” keyboard. The word “num” before a key name in the first table’s column denotes keys of a numeric keypad at the right side of keyboard. The shown codes for such keys correspond to turned OFF state of NUMLOCK switch.[Note 6] Data order is defined by key’s scan codes values in the second table’s column.
Hexadecimal numbers in columns 3–6 of the table below represent the data, returned in AX register by INT 16AH=10h function (8.01-83). Left two digits in each number define unified scan-code, returned in AH register, and the right two digits — ASCII code of corresponding character, returned in AL register. Data in the 3rd column (AX) correspond to keystrokes, not accompanied by keeping pressed any “functional” key. Data in the 4th column (SHIFT) correspond to the case when SHIFT key is kept pressed, data in the 5th column (CTRL) — to the case of keeping pressed the CTRL key, data in the 6th column (ALT) — to the case of keeping pressed the ALT key. Blank space in place of any particular value means that corresponding key or key combination is sensed by BIOS, but isn’t reported via INT 16 handler.
- ^ The INT16AH=00h function doesn’t respond to this keystroke when “functional” key ALT is kept pressed.
- ^ The INT16AH=00h function doesn’t respond to this keystroke when “functional” key CTRL is kept pressed.
- ^ The INT16AH=00h function returns 00h instead of ASCII code E0h, except for two keystrokes : after “num /” it returns ASCII code 35h, after “num Enter” keystroke it returns ASCII code 1Ch.
- ^ Code of this key is not written into keyboard buffer, but it does affect translation of other key’s codes by INT 09 handler.
- ^ Keyboard controller responds to SysRq keystroke with “E0 2A E0 37” codes succession, and to SysRq key release — with inverse succession “E0 B7 E0 AA”. Some INT 16 handlers may return other response to CTRL-SysRq key combination.
- ^ a b c d Release of Pause/Break key is not registered separately. After each Pause/Break keystroke its press code is immediately followed by release code, forming a succession “E1 1D 45 E1 9D C5”. Having received such succession of codes, the INT 09 handler resets keyboard buffer and calls for INT 1B (8.01-95).
- ^ The shown codes for this key correspond to turned OFF state of Numlock switch. When NumLock switch is turned ON, codes shown in 3rd and in 4th columns of the table get exchanged.
- ^ The INT 16AH=00h function gives no response to these keys.
- Several models of keyboards have three auxiliary keys for power control : “Power”, “Sleep” and “Wake Up”. Corresponding scan codes for these keys are E0 5E, E0 5F, E0 63.
A.02-2 Keyboard layouts and national codepages
The following table comprises data for MS-DOS 7 national adaptation by those means, which are supplied in Microsoft’s Windows 95/98 release. These means include data file COUNTRY.SYS, three files with keyboard layouts (KEYBOARD.SYS, KEYBRD2.SYS and KEYBRD3.SYS), and four files with fonts for different codepages (EGA.CPI, EGA2.CPI, EGA3.CPI and ISO.CPI).
The first column (Abbr) in this table contains literal country codes, the third column (ID) – keyboard layout identifiers. Both these items are needed for KEYB.COM driver’s (5.02-04) command line composition. Layout identifier is necessary for those countries only, where more than one keyboard’s layout is used, for other countries it may be omitted.
The 4th column (Keyb) of the table specifies which file with keyboard layout should be loaded : digit 1 corresponds to KEYBOARD.SYS, digit 2 – to KEYBRD2.SYS, digit 3 – to KEYBRD3.SYS, word “Any” – to either of these three files.
The 5th column (Code) of the table shows numeric country code, used for loading COUNTRY.SYS data file (5.02-01) with COUNTRY command (4.05).
Last 7th column of the table shows codepages used in various countries. Number of a codepage is needed for MORE.COM utility (6.18), which has to select one font from a group of fonts in each *.CPI file (example in 9.01-02). The ISO.CPI file supplies fonts, recommended by International Standards Organization. Proprietary Microsoft’s fonts are in EGA*.CPI files, about 5 fonts in each. Therefore 6th table’s column (Ega*) specifies which one of EGA*.CPI files should be loaded: digit 1 corresponds to file EGA.SYS, digit 2 – to EGA2.CPI, digit 3 – to EGA3.CPI, word “Any” – to either of these files.
|UK||Britain + Ireland||166, 168||Any||044||Any||CP850|
|US||USA + Australia||Any||001||1,3||CP437|
Note 1: KEYBOARD.SYS is the only file, which supports typewriter mode of keyboard layout.
Note 2: Microsoft’s files for national adaptation are not compatible with KEYRUS.COM driver (5.02-05). The latter uses internal code tables and keyboard layouts.
Note 3: fonts for some other countries (China, Israel, Japan, etc.) are supplied exclusively with special national versions of Microsoft’s operating systems.
A.02-3 Keyboard data fields in BIOS data area
The following table shows disposition of keyboard data in BIOS data area. All offsets are given relative to segment address 0040h, where BIOS data area starts.
|17h||2||Flags, returned in AX by INT 16AH=12h (8.01-85)|
|19h||1||Character input via ALT followed by ASCII code|
|1Ah||2||Pointer to the next character in keyboard buffer|
|1Ch||2||Pointer to the first free cell in keyboard buffer|
|1Eh||32||Keyboard’s circular buffer|
|71h||1||Flag:||bit 7 set if Ctrl-Break has been pressed|
|80h||2||Keyboard buffer’s start offset (normally 1Eh)|
|82h||2||Keyboard buffer’s END+1 offset (normally 3Eh)|
|96h||1||Flags:||bit 0 set: last code read was E1h prefix|
|bit 1 set: last code read was E0h prefix|
|bit 2 set: right CTRL key has been pressed|
|bit 3 set: right ALT key has been pressed|
|bit 4 set: “enhanced” keyboard is installed|
|bit 6 set: 1st byte is received of 2-byte scan-code|
|97h||1||Status:||bit 0 set: the Scroll Lock LED is switched ON|
|bit 1 set: the Num Lock LED is switched ON|
|bit 2 set: the Caps Lock LED is switched ON|
|bit 7 set: keyboard has sent error flag|
Note 1: presented data disposition may depend on BIOS version (A.01-1).
A.02-4 National adaptation parameters block
Data block with currently active national adaptation parameters is returned by INT 21AX=6501h function (8.02-74). Data block of the same structure is accepted by INT 21AX=7002h function (note 3 to 8.02-74), defining national adaptation for MS-DOS 7.
|00h||1||= 01h on return [Note 1]|
|01h||2||Table size on return [Note 1]|
|03h||2||Country code in hexadecimal form (A.02-2)|
|05h||2||Hexadecimal codepage number (A.02-2)|
|07h||2||Date format: |
|09h||5||ASCII currency name, ending with 00h byte|
|0Eh||2||Thousands separator for numbers|
|10h||2||Integer and fractional parts separator|
|12h||2||ASCII date separator character|
|14h||2||ASCII time separator character|
|16h||1||bit 0 set: currency symbol follows value (else precedes)|
|bit 1 set: space between value and currency symbol|
|bit 2 set: currency symbol replaces decimal point|
|17h||1||Number of digits after decimal point in currency|
|18h||1||bit 1 set: 24-hour clock, else 12-hour clock|
|19h||4||Entrance address of case map routine [Note 2]|
|2Dh||2||ASCII data-list separator character|
- ^ When data block is sent to INT 21AX=7002h function, then this item is ignored.
- ^ Case map routine translates national characters (with ASCII codes larger than 80h) into upper case and back. The case map routine should be called for with CALL FAR command (7.03-08). AL register is used for both sending ASCII code of the character to be translated and for returning the result back.
A.02-5 Country-dependent restrictions for filenames
A pointer to this table is returned by INT 21AX=6505h function (note 1 to 8.02-74).
|00h||2||Table’s size (this word shouldn’t be counted)|
|03h||1||Lowest permissible character value for filenames|
|04h||1||Highest permissible character value for filenames|
|06h||1||First character’s value of prohibited range|
|07h||1||Last character’s value of prohibited range|
|09h||1||Number (“N”) of filenames terminating codes|
|0Ah||N||ASCII codes used to terminate filenames|
A.02-6 Information about available code pages
The following table shows structure of DISPLAY.SYS (5.02-02) driver’s data block ; a pointer to this block is returned by INT 2FAX=AD03h function (8.03-27).
|00h||2||number M of codepages, specified by configuration|
|04h||2||number N of codepages, loaded by default|
|06h||2N||identifiers of codepages, loaded by default|
|06h+2N||2M||identifiers of codepages, specified by configuration (or = FFFFh if configuration isn’t prepared yet)|
A.02-7 Definition of “hot” keys in AMIS specification
Common practice for TSR programs is assignment of functions to predetermined “hot” keys irrespective to which keys have been charged yet with other missions by previously loaded TSR programs. The least harmful outcome of this practice is a loss of opportunities to invoke functions of previously loaded TSR programs and drivers. A real chance to prevent interception of “hot” key functions is suggested by AMIS specification (A.07-6). According to AMIS specification, resident modules must respond to calls for multiplex interrupt INT 2D with operation code AL = 05h, returning in DX:BX registers a pointer to a list of their active “hot” keys. Any program, which intends to arrange its own “hot” keys, should be given access to data about previous “hot” key assignments.
The first byte, at offset 00h from the start of “hot” keys list, informs about “hot” calls interception method.[Note 1] The second byte at offset 01h is a number of “hot” keys, kept active by responding resident module. This number also defines total length of the returned list, because after the second byte, starting at offset 02h, a group of “hot” key descriptors follows, each 6 bytes long. Structure of these descriptors is shown in table below. Offsets in the table are counted from start of each descriptor.
|00h||1||Scan-code of the “hot” key||[Note 2]|
|01h||2||Required shift states||[Note 3]|
|03h||2||Disallowed shift states||[Note 4]|
|05h||1||Auxiliary key’s flags||[Note 5]|
- ^ Byte at offset 00h in “hot” keys list informs about “hot” calls interception method. Bit 7 in this byte must be cleared; other bits have the following meaning :
- bit 0 set : interception before INT 09 handler
- bit 1 set : interception after INT 09 handler
- bit 2 set : interception before INT 15AH=4Fh
- bit 3 set : interception after INT 15AH=4Fh
- bit 4 set : interception of INT 16AH=00h,01h,02h calls
- bit 5 set : interception of INT 16AH=10h,11h,12h calls
- bit 6 set : interception of INT 16AH=20h,21h,22h calls.
- ^ If the most significant bit of scan-code is clear, hence actuation is registered when the key is pressed; if the most significant bit of scan code is set, hence actuation is registered when the key is released. If actuation is caused exclusively by a specific states combination of “functional” keys, then 00h or 80h values should be specified instead of scan code.
- ^ A word of required shift states is almost identical to the word of keyboard flags, returned by INT 16AH=12h function (8.01-85). The only difference is the meaning of bit 7: in a word of required shift states it corresponds to keeping pressed either (left or right) SHIFT key. Set state of any bit in a word of required shift states specifies a necessary condition for “hot” key actuation.
- ^ Bits in a word of disallowed shift states have the same meaning, as in a word of required shift states,[Note 3] but their set state expresses the opposite condition : prevention of “hot” key actuation. Combination of required and disallowed conditions helps to decrease probability of false actuations.
- ^ The last byte in each “hot” key descriptor is a byte of auxiliary flags. Bits 6 and 7 in this byte must be cleared; states of other bits have the following meaning :
- bit 0 set: – actuation before module’s execution
- bit 1 set: – actuation after module’s execution
- bit 2 set: – monitoring interception is allowed
- bit 3 set: – actuation is blocked by other keys
- bit 4 set: – role of this “hot” key is redefined
- bit 5 set: – actuation depends on execution conditions.
A.02-8. ASCII service marks and commands
Positions 0–31 in American Standard Code for Information Interchange (ASCII) are devoted to service marks and commands. All DOS’s codepages have inherited these 32 service codes. Under MS-DOS 7 most part of these service codes is ignored, but some are executed as commands.
Some service codes can be entered by key combinations, described in article 1.05. Another way to input service codes is by their decimal ASCII number (0–31) with keys in numeric keypad while the ALT key is kept pressed.
First response to entered service code may be got from input module of the CON (console) device driver. Further response may be given by command interpreter. When a service code is sent to output, BIOS system enables to execute it as a command (8.01-21, 8.01-33) or to avoid its execution (8.01-17) as well. By default the output module of the CON (console) device driver doesn’t attempt to avoid execution of some service codes. Such behavior may be altered by sending a parameters string (8.02-41) to the CON device driver, but there is no reason to do this because DOS programs are allowed to output data directly via desirable BIOS function(s).
Sometimes ASCII service codes may be useful, but it must be known beforehand, where and how each particular service code will be interpreted. Therefore the following table shows a list of those service codes, which are active under MS-DOS 7, with description of actions, associated with these codes.
|00h||0||End marker of interpreted lines, including lines with names and with environmental variable’s values.|
|03h||3||“End of Text” marker, terminates execution of command files (example in article 3.21).|
|07h||7||“Beep” code. Being sent to output, it causes a short sound signal.|
|08h||8||Shifts cursor one character cell leftwards. Being sent via CON device driver, erases the last character.|
|09h||9||Horizontal tabulation code. Being sent to display, it is automatically expanded into 8 spaces.|
|0Ah||10||“Line feed” code, causes transition to the next line without cursor’s return to start of line.[Note 1]|
|0Ch||12||Command “Eject Sheet” for printers. Both BIOS and CON device driver ignore this command.|
|0Dh||13||“Carriage Return” code, returns cursor to start of a line. Also marks end of line in DTA region (8.02-16).|
|1Ah||26||Optional end mark for textual files; at this mark copying of a file may be disrupted (3.06).|
|1Bh||27||“Escape” code is used as marker for commands, addressed to ANSI.SYS driver (if installed).|
- ^ Service codes 0Dh 0Ah together are used as end-of-line marker in all textual files typed under DOS.
- There is a non-zero probability to encounter resident modules, responding to some service codes, which are not shown here and normally are ignored under DOS.
A.03 Disks access databases
A.03-1. Structure of Drive Parameters Blocks (DPB)
DOS stores disk access parameters in DPB blocks – one per each available logical disk of any kind, and in one more copy of such block for default (current) drive. The INT 21AX=7302h function (8.02-79) enables to copy any DPB block into a prepared buffer. Pointers to DPB blocks are returned by INT 21AH=1Fh and by INT 21AH=32h functions (8.02-24), documented in previous versions of DOS. In fig.8 below the whole access path to disk’s C: DPB block is shown, including a call for INT 21AH=32h function, reading block’s address 00C9:13C0h from DS:BX registers and display of DPB block’s dump. In the displayed dump at offset 19h there is address 00C9:13FDh of the next DPB block, related to next logical disk D:. A dump of DPB block for disk D: is also shown in fig.8.
The mentioned legal functions of access to DPB blocks automatically attempt to read the requested disk in order to update data in DPB block. This makes program’s execution slower and sometimes can’t be applied to removable media, which may be absent in the drive at that moment. Alternative is to read DPB block’s address from a cell at offset 45h in CDS entry (A.03-3) of the same disk.
All DPB blocks have the same structure as that shown below. Bytes up to offset 20h are the same as in previous DOS versions, but bytes beyond offset 20h are specific for extended DPB blocks in MS-DOS 7.
|00h||1||Logical disk number (00h = A:, 02h = C:, and so on)|
|01h||1||Disk’s number in driver’s list of disks|
|02h||2||Sector size (in bytes)|
|04h||1||Highest sector number in a cluster|
|05h||1||Shift count to convert clusters into sectors|
|06h||2||Number of reserved sectors (preceding FAT)|
|08h||1||Number of FAT tables|
|09h||2||Maximum number of root directory entries|
|0Bh||2||Number of first sector containing user data|
|0Dh||2||Highest cluster number (number of clusters + 1)|
|0Fh||2||Number of sectors per FAT table|
|11h||2||Sector number of root directory first sector|
|13h||4||Pointer to disk’s driver header (A.05-1)|
|17h||1||Media ID byte (INT 21AH=1Ch, 8.02-17)|
|18h||1||Flags (= 00h if disk was accessed, or = FFh if not)|
|19h||4||Pointer to DPB block for the next disk|
|1Dh||2||Cluster at which to start search for free space|
|1Fh||2||Number of free clusters on disk (FFFFh if unknown)|
|21h||2||Most significant word of free cluster count|
|23h||2||– bits||0–3||: zero-based FAT number of active FAT|
|– bit||7||: don’t copy active FAT to inactive FATs|
|25h||2||Number of FAT information sector [Note 2]|
|27h||2||Sector number of backup boot-sector|
|29h||4||First sector number of the first disk’s cluster|
|2Dh||4||Number of the last disk’s cluster|
|31h||4||Number of sectors occupied by FAT|
|35h||4||Cluster number where root directory starts|
- Data in DPB block are translated from BPB block (A.03-4) of the same disk by means of INT 21AH=53h function.
- ^ a b A word FFFFh at offset 25h means that there is no FAT information sector on a requested disk. If FAT information sector is present, it contains at offset 00h a fixed double-word signature 61417272h, the second double word at offset 04h is number of free clusters (or FFFFFFFFh if unknown), the third double word at offset 08h is a number of the most recently allocated cluster.
A.03-2 Disk data tables (DDT)
DDT tables represent a special database for block device drivers, integrated into DOS’s core. DDT tables correspond to local disks, which are properly detected and supported by BIOS, including those emulated by BIOS from disk’s images on bootable CD/DVD-ROMs. There are no DDT tables for IFS drives, dummy disks, RAM-disks and all other disks, opened for access by drivers, specified in configuration files.
DDT tables are arranged as a chain-like queue of tables, each 96h bytes long. A pointer to the first table is returned by INT 2FAX=0803h function (8.03-04). This is enough to trace the whole queue, since the first double word in each table is a pointer to DDT table for the next logical disk. The table having the first word FFFFh is the last one in the chain.
Fig.9 illustrates access to DDT tables for disks
C:, including a call for INT 2FAX=0803h function, reading the returned address (0B52:0000h) of the first DDT table from DS:DI registers, display of a partial dump of DDT table for disk A:, reading from the first 4 bytes of that dump the address (0B52:0096h) of DDT table for the next disk B:, display of a partial dump of DDT table for disk B:, and repetition of the last two operations relative to DDT table for disk C:.
The table below shows data structure in one DDT table. The same data structure is accepted by INT 2FAX=0801 function (8.03-02), appending a chain of DDT tables with a one more table for a new logical disk.
|00h||4||Pointer to next DDT table (or FFFFh if the last table)|
|04h||1||Corresponding physical drive number :
|05h||1||Logical disk number in a list of disks, accessed by DOS’s core drivers. If disk’s letter-names were not reassigned, then 00h = A:, 02h = C:, and so on.|
|06h||25||Current disk’s BPB block (up to offset 19h, A.03-4)|
|3Bh||1||– bit 6 : file system FAT-16,|
|– bit 7 : disk must return “Not Ready” to all appeals|
|3Ch||2||Counter of opened files belonging to this disk|
|3Eh||1||Device type (as byte at offset 01h in table A.04-3)|
|3Fh||2||– bit 0 : fixed hard disk|
|– bit 1 : door lock (“changeline”) supported|
|– bit 2 : changes of current BPB are not allowed|
|– bit 3 : all sectors in a track have the same size|
|– bit 4 : LUN number must be specified [Note 1]|
|– bit 5 : several logical disks on that physical drive|
|– bit 6 : disk change detected|
|– bit 7 : disk’s parameters were changed [Note 2]|
|– bit 8 : disk reformatted, media’s BPB was changed|
|– bit 9 : access ban flag [Note 3]|
|43h||25||Default disk’s BPB (A.03-4) block [Note 4]|
|7Dh||12||11-byte long volume label, terminated with 00h|
|89h||4||Disk’s serial number|
|8Dh||9||File system type name, terminated with 00h.|
- ^ a b c d LUN (Logical Unit Number) is used for discrimination between devices, sharing the same number on a bus. In particular, this is necessary for optical DVD-RAM drives, which present themselves with different LUN numbers either as removable HDD or as CD/DVD-ROM disk. Flash card adapters also represent flash cards in different slots as disks with different LUN numbers.
- ^ If disk’s parameters were changed, data in DDT table must be reset by INT 21AX=440DhCX=4840h function (8.02-46).
- ^ Access ban flag disables both reads and writes. It is applied to HDDs only, in particular, to other primary partitions beyond the first primary partition. Inverse state of access ban flag is reported by INT 21AX=440DhCX=4867h function and may be set anew by INT 21AX=440DhCX=4847h function (8.02-46).
- ^ The BPB data block (A.03-4) at offset 43h corresponds not to the current media, but to default type of removable media for this drive. Normally default media is the highest capacity media.
A.03-3 Current Directory Structure (CDS)
CDS table is an array of data blocks (entries). Each CDS entry corresponds to one logical disk and specifies several parameters of that disk, including a path to the current (default) directory.
A pointer to the first CDS entry is stored at offset 16h in DOS’s list of lists (A.01-2). Just there a byte at offset 21h stores total number of entries in CDS table, defined by LASTDRIVE specification in CONFIG.SYS file (4.17). Each CDS entry is 58h bytes long.
Access to CDS table is illustrated by fig.10. The first step is a call for INT 21AH=52h function (8.02-59), returning address of DOS’s list-of-lists (00C9:0026h) in registers ES:BX. The next step is display of memory contents dump, starting at returned address. Length of the displayed dump is chosen so that the last 4 bytes at offsets 16h–19h show the address of CDS table (D203:0000h). Memory contents dump, starting at that address, presents CDS entry for disk A:. 58h bytes behind each previous CDS entry a next CDS entry follows, representing data for the next logical disk.
Among CDS table entries there are dummy entries, having no corresponding logical disks. Dummy entries reserve letter-names for those logical disks, which may be created or become accessible later: RAM-disks, IFS disks, network disks, etc. CDS table is created by IO.SYS loader during commands interpretation in CONFIG.SYS file. Later CDS table can’t be appended with new entries. Therefore a sufficient number of dummy entries must be ordered beforehand by means of LASTDRIVE command (4.17).
Data structure of one CDS entry is shown in the table below.
|00h||67||Path to the current directory.[Note 1][Note 2]|
|43h||2||Attribute word of this logical disk :|
|bit 7||: hide disk’s letter-name from assign-list|
|bit 12||: virtual disk created by SUBST.EXE [Note 2]|
|bit 13||: virtual disk created by JOIN.EXE [Note 2]|
|bit 14||: disk is on a physical drive [Note 3][Note 4]|
|bit 15||: disk is accessed via network redirector [Note 4]|
|45h||4||Pointer to DPB block for this disk (A.03-1)|
|49h||2||Starting cluster of current directory [Note 5]|
|4Fh||2||Number of characters to hide [Note 6]|
|52h||4||pointer to redirector or to IFS driver (or zero if none)|
- ^ For local disks a path to the current directory includes disk’s letter-name, colon, backslash, and the rest part of path. End of path must be marked with byte 00h.
- ^ If either bit 12 or bit 13 in attribute word is set, then the path at offset 00h isn’t a real path.
- ^ A zero value of both attribute bits 14 and 15 means that this entry is a dummy or is disabled. Such disks are kept hidden.
- ^ If both bits 14 and 15 in attribute word are set, hence this disk represents an IFS file system.
- ^ This cluster number is counted from the start of logical disk. Therefore for the root directory cluster number is 0000h. If disk hasn’t been accessed yet, cluster field is filled with FFFFh.
- ^ DOS may report only the final part of the path to current directory, if a word at offset 4Fh defines a non-zero number of characters, which are to be hidden.
- In early DOS versions CDS entry was 51h byte long; bytes 51h–57h have been added since MS-DOS 4 for IFS and network drivers.
A.03-4 BIOS Parameter Block (BPB) for a disk
BPB is a part of boot sector on disk media. When DOS starts, BPB data are used to fill internal DOS’s tables: DPB (A.03-1) and DDT (A.03-2). This procedure is repeated each time a media change is detected, so that data are always kept updated.
In disk’s partitions with FAT-16 file system the BPB is 39h bytes long; its structure is shown in the first column (“F16”) of the table below. BPB data inside DDT table have a slightly different “standard” structure, shown in third column (“STD”). Standard BPB blocks are accepted by INT 21AX=440DhCX=0840h function and are returned by INT 21AX=440DhCX=0060h function (8.02-46). Both these functions can be applied to disks with FAT-12 or FAT-16 file systems only.
In disk’s partitions with FAT-32 file system the BPB is 5Ah bytes long; its structure is shown in the second column (“F32”) of the table below. The same data inside DDT table are arranged according to new “extended” structure, shown in the fourth column (“EXT”) of the table. For these data structures MS-DOS 7 provides other functions (8.02-46), which were not available in previous DOS versions: INT 21AX=440DhCX=4840h to refresh BPB data in DDT and INT 21AX=440DhCX=4860h to read BPB data in DDT. Both these new functions should be applied to disks formatted with FAT-32 file system.
|00h||00h||3||Jump command||EBh 3Ch 90h for FAT-16|
|or||EBh 5Ah 90h for FAT-32|
|03h||03h||8||ID of program, which formed BPB block|
|0Bh||0Bh||00h||00h||2||Sector’s size (in bytes)|
|0Dh||0Dh||02h||02h||1||Sectors per cluster (FFh if unknown)|
|0Eh||0Eh||03h||03h||2||Reserved sectors preceding first FAT|
|10h||10h||05h||05h||1||Number of FATs (normally 2)|
|11h||11h||06h||06h||2||Number of entries in the root directory|
|13h||08h||08h||2||= 0000h [Note 1]|
|15h||15h||0Ah||0Ah||1||Media ID byte [Note 2]|
|16h||16h||0Bh||0Bh||2||Number of sectors per FAT [Note 3]|
|18h||18h||0Dh||0Dh||2||Number of sectors per track|
|1Ah||1Ah||0Fh||0Fh||2||Number of heads|
|1Ch||1Ch||11h||11h||4||Starting sector number [Note 4]|
|20h||20h||15h||15h||4||Total number of sectors [Note 1]|
|24h||19h||4||Number of sectors per FAT [Note 3]|
|28h||1Dh||2||Same as word 23h in DPB (A.03-1)|
|1Fh||2||Number of cylinders [Note 5]|
|2Ah||1Fh||2||Version of file system|
|21h||1||Device type (as byte 01h in A.04-3)|
|2Ch||21h||4||Root directory’s first cluster number|
|22h||2||Attributes (as word 02h in A.04-3)|
|24h||40h||1||Physical drive number|
|25h||2||Information sector [Note 2 to A.03-1]|
|26h||42h||1||Extended boot-sector signature (= 29h)|
|27h||43h||27h||4||Disk’s serial number (in binary form)|
|2Bh||47h||2Bh||11||Volume’s label (or “NO NAME “)|
|36h||52h||36h||8||File system type name|
- ^ For partitions smaller than 32 Mb a double word at offset 15h must be zero, the number of sectors in such partitions must be specified in a word at offset 08h.
- ^ Media ID byte corresponds to specification of INT 21AH=1Ch function (8.02-17). If type of removable media is not identified, then the 00h value is assigned to media ID byte.
- ^ In “extended” BPB blocks a cell at offset 0Bh has 0000h value, and number of sectors, occupied by FAT table, is expressed by a double word value in a cell at offset 19h.
- ^ In BPBs of HDD’s partitions the starting sector number is the same as that specified in corresponding partition’s descriptor (A.13-5) at offset 08h.
- ^ A word at 1Fh and following bytes 21h, 22h of the standard BPB block are not included in extended BPB block and in BPB blocks inside DDT table (A.03-2).
A.04 I/O control data tables
A.04-1 Data block for IOCTL serial number functions
This data block is returned by functions INT 21AX=440DhCX=4866h (8.02-46) and INT 21AX=6900h (8.02-77), reading serial number from storage media. Data block of the same structure is accepted by functions INT 21AX=440DhCX=4846h (8.02-46) and INT 21AX=6901h (8.02-77) in order to assign new serial number to a disk.
|02h||4||Disk’s serial number (in binary form)|
|06h||11||Disk’s volume label (or “
|11h||8||On return only : filesystem type name [Note 1]|
- ^ Name “
CDROM” corresponds to High-Sierra CD-ROM file system, name “
CD001” corresponds to ISO 9660 CD-ROM file system.
A.04-2 File handle’s information word
Handle’s information word, read at offset 05h in SFT entry (A.01-4), is returned by INT 21AX=4400h function (8.02-40). If specified handle refers to SFT entry, related to a non-file object, then returned information word should be interpreted according to table A.05-2. If specified handle refers to SFT entry, related to an opened file, then returned information word should be interpreted according to the table below. Distinctive feature of file handle’s information word is clear state of its 7th bit.
|15||File is not local, it is accessed via a redirector (network)|
|14||Don’t set file date/time when file is closed|
|11||File is stored on a fixed (non-removable) media|
|7||Clear state of bit 7 is a distinctive feature of file’s handle|
|6||Writing operation has not been performed yet|
|5-0||disk number (000000b = A:, 000001b = B:, 000010b = C:, and so on)|
A.04-3 Data block for disk parameters specification
A pointer to this data block should be prepared in DS:DX registers before subfunction INT 21AX=440DhCX=4840h (8.02-46) is called for in order to update BPB data in tables DPB (A.03-1) and DDT (A.03-2). Data block of the same structure is returned by INT 21AX=440DhCX=4860h subfunction (8.02-46). Buffer’s address for the returned data block should be prepared in advance in DS:DX registers. A byte of flags at offset 00h is not returned, it defines request conditions and should be specified before the call.
|00h||1||Flags (bits 3–7 must be zero) :
|01h||1||Device type :
|02h||2||Storage device attributes (bits 2–15 must be zero) :
|04h||2||Number of cylinders (or number of tracks)|
|06h||1||Media flags :
|07h||31||BPB data block [Note 3]|
- ^ If bit 0 in flag’s byte is set, then updating or copying of BPB block (A.03-4) causes an attempt of access to physical storage media. But when bit 0 in flag’s byte is clear, then access to physical storage media wouldn’t be attempted: subject of operation will be a copy of BPB block inside DDT table (A.03-2) at offset 43h, which specifies the default type of storage media for this particular device.
- ^ Bits 1 and 2 in flag’s byte specify interpretation of optional sub-table, defining sector allocation in a track. This sub-table up to 256 bytes long may start at offset 26h for subfunction CX=0840h and at offset 5Ch for subfunction CX=4840h. Media with non-equal sector sizes are not considered in this book, though. For subfunction CX=4860h bit 1 in flag’s byte must be clear.
- ^ For subfunction CX=0840h the BPB table at offset 07h must have standard BPB structure (A.03-4). Final 6 bytes of BPB block are accepted by subfunction CX=0840h if flag’s byte at offset 00h has its bit 0 set, otherwise bytes after offset 1Eh are ignored. For subfunction CX=4840h the BPB table at offset 07h must be 53 bytes long according to extended BPB structure (A.03-4).
A.04-4 Structure of data block for read/write functions
A pointer to this data block is accepted by INT 21AX=440DhCX=4861h reading function and by INT 21AX=440DhCX=4841h writing function (8.02-46). These functions can’t be executed inside “DOS box” under WINDOWS OS unless the addressed logical disk is locked in advance (8.01-58).
|01h||2||Requested number of drive’s head|
|03h||2||Requested number of drive’s cylinder|
|05h||2||Number of the sector to start reading or writing|
|07h||2||Number of sectors to be read or written|
|09h||4||Pointer to a buffer with data or for data|
A.04-5 Structure of data block for format/verify functions
A pointer to this data block is accepted by INT 21AX=440DhCX=4842h function for formatting and by INT 21AX=440DhCX=4862h verifying function (8.02-46). These functions can’t be executed inside “DOS box” under Windows OS unless the addressed logical disk is locked in advance (8.01-58).
|00h||1||bit 0 : query for status code, don’t actually format|
|bit 1 : format multiple tracks (for HDDs only)|
|01h||2||Drive’s head to be activated|
|03h||2||The cylinder where the heads should be driven|
|05h||2||Number of tracks to be formatted or verified|
Note 1: for format function a word at 05h is ignored, if byte at offset 00h has its bit 1 clear: only one track would be formatted in this case.
Note 2: for verification function a number of tracks in word 05h should correspond to no more than 255 sectors, bit 0 set in byte at offset 00h specifies verification of multiple tracks, bit 1 must be zero.
Note 3: on return the byte at offset 00h is replaced with status code :
- 00h – this function is supported by BIOS,
- 01h – this function is not supported by BIOS,
- 02h – given specifications don’t suit for this logical disk,
- 03h – there is no media in the drive.
Returned status code 00h doesn’t confirm successful outcome : success should be confirmed by returned clear state of CF flag.
A.05 Driver’s data structures
The table below shows data offsets for 3 types of DOS driver’s headers :
- column “B” – for “block” devices, i.e. disk and tape storage drives ;
- column “C” – for ‘character” devices, i.e. communication channels ;
- column “D” – for CD-ROM drivers, cooperating with MSCDEX.EXE.
A pointer to disk driver header is given in a double word at offset 13h in Drive Parameter Block for the corresponding disk (A.03-1). “Character” device drivers may be identified by a signature at offset 0Ah in their header while tracing a chain of header’s addresses. Tracing start address may be got at offset 22h in DOS’s List-of-Lists (A.01-2), or else may be obtained by means of INT 2FAX=122Ch function (8.03-12).
|00h||00h||00h||4||Next driver’s address field [Note 1]|
|04h||04h||04h||2||Driver’s attributes (A.05-2)|
|06h||06h||06h||2||Offset of strategy routine entry point|
|08h||08h||08h||2||Offset of interrupt routine entry point|
|0Ah||0Ah||8||Driver’s signature field|
|14h||1||First disk, controlled by the driver [Note 2]|
|0Ah||15h||1||Number of disks, controlled by driver|
- ^ The next driver’s address field must be initialized as FFFF:FFFFh; later DOS will fill this field with address of the next driver. If no next driver would be loaded, then remaining FFFFh value at start of current driver’s header will signify the end of driver’s addresses reference chain.
- ^ Byte at offset 14h must be initialized with 00h value. Later MSCDEX.EXE program (5.08-03) or SHSUCDX.EXE program (5.08-04) will replace initial zero value with number (note 1 to 8.02-17) of the first disk, controlled by this driver.
A.05-2 Driver’s attributes
Driver’s attribute word is at offset 04h in driver’s header (A.05-1). But meaning of most bits in attribute word is different for “character” device drivers (in second column of the table below) and for “block” devices drivers (in the third column). CD/DVD-ROM device drivers, cooperating with programs MSCDEX.EXE (5.08-03) or SHSUCDX.EXE (5.08-04), and also drivers of virtual disks, created by SUBST.EXE program (6.23), formally belong to “character” device drivers, as far as bit 15 in their attribute word is set.
Character device driver’s attribute word is used as a basis of channel handle’s information word, which is stored at offset 05h in corresponding SFT entry (A.01-4) and is returned by INT 21AX=4400h function (8.02-40) in response to channel handle requests (about file’s handle requests in A.04-2). Differences between “character” device driver’s attribute word and channel’s handle information word evince themselves in bits 4–7 in the second column of the table below: these bits in “character” device driver’s attribute word normally are clear. In channel handle’s information words bit 7 is set: it is their main distinctive feature from file handle’s information words.
|Bit||“Character” devices (channels)||“Block” devices (disks, tapes)|
|0||STDIN channel [Note 1]||= 0 (reserved)|
|1||STDOUT channel [Note 1]||32-bit addresses support|
|2||NUL channel [Note 1]||= 0 (reserved)|
|3||CLOCK channel [Note 1]||= 0 (reserved)|
|4||Output via INT 29 supported||= 0 (reserved)|
|5||Raw output [Note 2]||= 0 (reserved)|
|6||Channel adds EOF on input||IOCTL support [Note 3]|
|7||= 1 (as a non-file handle)||IOCTL support [Note 4]|
|9||= 0 (reserved)||No direct I/O [Note 5]|
|11||Lock support [Note 6]||Lock support [Note 6]|
|12||= 0 (reserved)||CD-ROM or remote device|
|13||Output until busy supported||Non-IBM’s format|
|14||IOCTL support [Note 7]||IOCTL support [Note 7]|
|15||= 1 – “character” device symptom||= 0 – “block” device symptom|
- ^ Among attribute bits 0–3 for character device drivers one bit only may be set (or none).
- ^ Raw (binary) output means that neither of output characters is interpreted by driver as a command (as it is shown in A.02-8).
- ^ Set state of bit 6 signifies support for functions INT 21AX=440Ch, 440Dh, 440Eh, 440Fh.
- ^ Set state of bit 7 signifies support for functions INT 21AX=4410h, 4411h.
- ^ Set state of bit 9 means that disks, controlled by this driver, are inaccessible to functions of BIOS’s INT 13 handler. Set state of bit 9 is typical for drivers, providing access to remote disks, to IFS disks and to disks with parameters, substituted by DRIVPARM command (4.09).
- ^ Set state of bit 11 means that driver is able to transfer slot lid lock signals for removable disk drives.
- ^ a bSet state of bit 14 means that driver is able to cope with control parameters, sent via INT 21AX=4403h and INT 21AX=4405h functions (8.02-41).
- Driver’s attribute bits, not mentioned in this table, are considered reserved and normally must be clear.
A.05-3 Selected requests to device drivers
Interaction between DOS and any device driver is performed by sending an address of request data block in ES:BX registers with a CALL FAR command to driver’s strategy routine. The driver receives code of operation and initiates its execution. After some time DOS sends another call for driver’s interrupt routine, which fills the same request data block with requested results of performed operation. DOS accepts the result, if successful termination of operation is confirmed by status byte in returned data block (A.05-4).
The same forms of request data blocks are accepted by INT 2FAX=0802h function (8.03-03), which implicitly sends requests to block device drivers, integrated into DOS’s core. These drivers control logical disks, having parameters registered in corresponding DDT tables (A.03-2). Only these logical disks can be addressed by INT 2FAX=0802h function.
The first column of the table below specifies size of request data block, the second column – code of the requested operation, the fourth column shows which driver type this operation can be applied to. The fifth column shows whether the operation can be requested via INT 2FAX=0802h function.
|0Fh||01h||Media change check||“block” type||Y||[Note 2]|
|14h||03h||Store IOCTL string||[Note 1]||N||A.05-7|
|1Eh||04h||Read data||both types||Y||A.05-6|
|0Eh||05h||Nondestructive read||character type||N||[Note 3]|
|0Dh||06h||Input status request||character type||N||A.05-4|
|0Dh||07h||Flush input buffer||character type||N||A.05-4|
|1Eh||08h||Write (send) data||both types||Y||A.05-6|
|1Eh||09h||Write to disk & verify||“block” type||Y||A.05-6|
|0Dh||0Ah||Output status request||character type||N||A.05-4|
|0Dh||0Bh||Flush output buffer||character type||N||A.05-4|
|14h||0Ch||Receive IOCTL string||[Note 1]||N||A.05-7|
|0Dh||0Dh||Device open||both types||N||A.05-4|
|0Dh||0Eh||Device close||both types||N||A.05-4|
|0Dh||0Fh||Detect removable disk||“block” type||Y||A.05-4|
|14h||10h||Send data until busy||character type||N||A.05-7|
|0Dh||17h||Get disk’s number||“block” type||Y||A.05-4|
- ^ Requests for sending or receiving IOCTL string can be addressed to those drives only (of either type), which have bit 14 set in their attribute word (A.05-2).
- ^ Command 01h (media check) accepts media identifier at offset 0Dh in request data block and returns in the same data block a status byte at offset 0Eh. Value of status byte should be interpreted as follows :
- FFh – media has not been changed;
- 01h – media has been changed;
- 00h – media change state can’t be determined.
- ^ Command 05h (nondestructive read) returns one data byte at offset 0Dh in request data block, if BUSY bit in status byte at offset 04h (A.05-4) isn’t set on return.
Presented header format is used in request data blocks, sent to drivers either with CALL FAR command (A.05-3) or via a call for INT 2FAX=0802h function (8.03-03). In both cases a pointer to request data block must be in ES:BX registers. The header occupies bytes at offsets 00h–0Ch in request data block. For a number of operations (06h, 07h, 0Ah, 0Bh, 0Dh, 0Eh, 0Fh, 17h) the request data block is nothing else but a header. Structure of a header, common for all requests to drivers, is shown in the table below.
|00h||1||Length of request block (table A.05-3, column 1)|
|01h||1||Addressed logical disk’s number [Note 2]|
|02h||1||Code of operation (table A.05-3, column 2)|
|03h||1||Error code [Note 3][Note 4]|
|04h||1||Returned status byte:
- If operation 0Fh (detect removable drive) returns status 02h (busy), this means the addressed drive is a fixed drive.
- ^ Here a logical disk is defined by its number in a list of disks, controlled by the addressed driver. When a request is sent via INT 2FAX=0802h function (8.03-03), then these logical disk numbers are identical to absolute logical disk numbers: 00h = A:, 02h = C:, and so on, but for those logical disks only, which have their parameters specified in DDT tables (A.03-2).
- ^ Error code is returned only when status byte at offset 04h has the 80h value, i.e. confirms erroneous outcome. Then error code should be interpreted according to records for INT 2F in table A.06-1.
- ^ In case of success the 17h operation (Get disk number) returns absolute number of the requested logical disk at offset 03h. If requested number is beyond the list of logical disks, controlled by the addressed driver, then the 00h value is returned. In any case disk’s type and media presence are not checked.
A.05-5 Initialization request data block
Only once, just when driver is installed by IO.SYS loader, DOS sends to this driver a request for initialization procedure. Request is sent by CALL FAR command with a pointer to request data block in registers ES:BX. Code 00h of initialization procedure is specified in a header of request data block (A.05-03). Having accepted initialization request, the driver explores the available hardware it is responsible for. Some initial data as well as data, returned by the driver, are transferred in the rest part of request data block, beyond its header. Data disposition in this part of request data block (offsets 0Dh–18h) is shown in the table below.
|0Dh||1||On return:||number of logical disks controlled by this driver.|
|0Eh||4||On call :||pointer to byte past the end of that memory space which may be occupied by this driver.|
|On return:||pointer to the first free byte past the memory space actually occupied by TSR part of this driver.|
|12h||4||On call :||pointer to command line parameters.|
|On return for “block’ device drivers only : pointer to BPB data array (A.03-4).|
|16h||1||On call :||zero based number of the first logical disk controlled by this driver (i.e. A: = 00h, C: = 02h and so on).|
|17h||2||On return:||error message flag [Note 2]|
- “character” device drivers must return zero in a double word at offset 12h.
- ^ Error message flag value 0000h at offset 17h doesn’t cause error message display. But if driver returns error message flag value 0001h, then DOS displays message: “There is an error in your CONFIG.SYS file in line…”
A.05-6 Structure of I/O request data block
I/O request data block is used for driver’s data transfer operations called either directly with CALL FAR command (A.05-3) or via INT 2FAX=0802h function (8.03-03). Address of request data block is presented in ES:BX registers, and header of this request data block specifies code of the requested operation: 04h, 08h or 09h. Data reading operation (code 04h) transfers data from a media into a prepared buffer in memory. Data writing operations (codes 08h and 09h) send data from buffer to disk or to output channel. All mentioned data transfer operations use request data block of the same structure, including a header (A.05-4) and the rest part with access parameters. Disposition of these parameters beyond the header is shown in the table below.
|0Dh||1||Media identifier (for block devices only)|
|0Eh||4||Address of buffer with data or for data|
|12h||2||Length of data packet [Note 1]|
|14h||2||Starting sector number [Note 2]|
|16h||4||Pointer to volume identifier [Note 3]|
|1Ah||4||32-bit starting sector number [Note 2]|
- ^ Length of data packet for channel drivers is counted in bytes. Length of data packet for disks (“block” device) drivers is expressed in number of sectors.
- ^ Some other DOS versions use another data format with a 4-byte starting sector number at offset 14h; a distinctive feature of this data format is length 18h of request data block, specified in the first byte of header (A.05-4). MS-DOS 7 sends a 4-byte starting sector number to those drivers only, which declare their support for 32-bit addressing by setting bit 1 in driver’s attribute word (A.05-2). Starting sector number for these drivers is specified at offset 1Ah, and then a cell at offset 14h is filled with FFFFh.
- ^ A pointer to volume identifier is returned by driver when error 0Fh occurs (improper change of media).
A.05-7 Request data block for string operations
This data block is used for driver’s byte string transfer operations called by CALL FAR command (A.05-3). Address of data block is specified in ES:BX registers, and header (A.05-4) of that data block specifies code of the requested operation: 03h, 0Ch or 10h. Operation with code 10h sends data string to a channel. Requests with operation codes 03h, 0Ch can be addressed to those drivers only, which declare IOCTL support by having bit 14 set in their attribute word.[Note 7 to A.05-2] Request with operation code 03h suggests to take into account new values of control parameters, sent via INT 21AX=4403h or INT 21AX=4405h function (8.02-41). Operation 0Ch is an offer to the driver to report its actual control parameters, requested either via INT 21AX=4402h or via INT 21AX=4404h function (8.02-41).
Request data block for the mentioned operations must have the same structure, including a header (A.05-4) and the rest part; data disposition in this rest part of request data block is shown in the table below.
|0Dh||1||Media identifier (for “block” device drivers only)|
|0Eh||4||Address of buffer area (with data or for data)|
|12h||2||On call :||number of bytes to read or to write|
|On return :||actual number of bytes read or written|
A.06 Error codes
A.06-1 Summary table of error codes
After any fault both BIOS and DOS functions return error code. Functions of MS-DOS 7 usually leave error code in AL. After BIOS’s operations error code may be returned in AH. Interpretation of many error codes depends on which handler has left this error code. For convenience reasons the presented summary table comprises almost all error code interpretations, which may be encountered under MS-DOS 7. Being given the whole variety of alternatives, you’ll easily choose the appropriate one according to the handler, which has returned the error code.
|00h||INT 24-2F||write-protection violation attempt|
|other||no error, successful completion of operation|
|01h||INT 13||invalid parameter or requested disk doesn’t exist|
|INT 15||parity error|
|INT 16||keyboard buffer is full yet|
|INT 24-2F||disk number unknown to the driver|
|other||invalid function number or operation number|
|02h||INT 13||address mark not found|
|INT 15||interrupt error|
|INT 24-2F||drive is not ready|
|other||file not found|
|03h||INT 13||disk is write-protected|
|INT 15||address line A20 gating failed|
|INT 24-2F||command is unknown to the driver|
|other||path error or path not found|
|04h||INT 13||sector not found or read error|
|INT 24-2F||data error (bad CRC)|
|other||too many opened files (no place for more handles)|
|05h||INT 13||reset failed|
|INT 24-2F||bad length of request data block|
|06h||INT 13||no media in the drive or media has been changed|
|INT 24-2F||seek error|
|07h||INT 13||drive parameter activity failed|
|INT 24-2F||unknown media type|
|other||memory control block (MCB) destroyed|
|08h||INT 13||DMA overrun|
|INT 24-2F||sector not found|
|09h||INT 13||DMA attempt across 64K or more than 80h sectors|
|INT 15||invalid identifier of APM device|
|INT 24, 2F||printer is out of paper|
|other||invalid memory block address|
|0Ah||INT 13||bad sector flag detected|
|INT 24-2F||write attempt failure|
|0Bh||INT 13||bad track detected|
|INT 15||specified device is not under APM control|
|INT 24-2F||read fault|
|0Ch||INT 13||unsupported track format or invalid media|
|INT 24-2F||general failure|
|other||invalid access mode|
|0Dh||INT 13||invalid number of sectors on format|
|INT 24-26||sharing violation|
|0Eh||INT 13||control data address mark detected|
|INT 24-2F||lock violation or media unavailable|
|0Fh||INT 13||DMA arbitration level out of range|
|INT 24-2F||invalid disk change|
|10h||INT 13||uncorrectable CRC or ECC error on read|
|INT 24||FCB is unavailable|
|other||attempt to remove the current directory|
|11h||INT 13||data have been ECC-corrected|
|INT 24-26||sharing buffer overflow|
|other||it is not the same device|
|12h||INT 24||code page mismatch|
|other||no more files, file index is out of range|
|13h||INT 24-26||out of input|
|other||disk is write-protected|
|14h||INT 24, 26||insufficient disk space|
|15h||drive not ready|
|17h||data CRC error|
|18h||bad length of request data block|
|1Ah||unknown media type (non-DOS disk)|
|1Bh||sector not found|
|1Ch||printer is out of paper|
|20h||INT 13||controller failure|
|22h||disk change invalid [Note 2]|
|23h||FCB (File Control Block) unavailable|
|24h||sharing buffer overflow|
|25h||code page mismatch|
|26h||cannot complete file operation (out of input)|
|27h||insufficient disk space|
|30h||INT 13||drive has no media sensor|
|31h||INT 13||no media in the drive|
|32h||INT 13||non-default media|
|other||network request not supported|
|33h||remote computer not listening|
|34h||duplicate name on network|
|35h||network name not found|
|36h||network is busy|
|37h||network device no longer exists|
|38h||network BIOS command limit exceeded|
|39h||network adapter hardware error|
|3Ah||incorrect response from network|
|3Bh||unexpected network error|
|3Ch||incompatible remote adapter|
|3Dh||print queue full|
|3Eh||queue not full|
|3Fh||not enough space to print file|
|40h||INT 13||seek failed|
|other||network name was deleted|
|41h||access to network is denied|
|42h||network device type incorrect|
|43h||network name not found|
|44h||network name limit exceeded|
|45h||network BIOS session limit exceeded|
|47h||network request not accepted|
|48h||network print/disk redirection paused|
|52h||cannot make directory|
|53h||fail on INT 24h|
|54h||too many redirections|
|58h||network write fault|
|59h||this function is not supported on network|
|5Ah||required system component not installed|
|60h||INT 15||requested APM mode is unavailable (blocked)|
|66h||Mscdex.exe||EMS memory no longer valid|
|67h||Mscdex.exe||not High Sierra or ISO-9660 format|
|68h||Mscdex.exe||slot door is opened|
|80h||INT 13||timeout, no response (drive may be not present)|
|INT 67||internal error|
|other||invalid command or function not implemented|
|81h||INT 67||hardware malfunction|
|Himem.sys||VDISK driver was detected|
|82h||Himem.sys||an A20 line error has occurred|
|83h||INT 67||invalid handle|
|84h||INT 67||undefined function requested by application|
|85h||INT 67||no more handles available|
|86h||INT 67||error in save or restore of mapping context|
|other||requested function is not supported|
|87h||INT 67||insufficient number of memory pages is present|
|88h||INT 67||insufficient number of memory pages is available|
|89h||INT 67||zero number of pages requested|
|8Ah||INT 67||invalid logical page number encountered|
|8Bh||INT 67||invalid physical page number encountered|
|8Ch||INT 67||page-mapping hardware state save area is full|
|8Dh||INT 67||save of mapping context failed|
|8Eh||INT 67||restore of mapping context failed|
|Himem.sys||a general XMS driver error|
|8Fh||INT 67||undefined subfunction|
|Himem.sys||an unrecoverable XMS driver error|
|90h||INT 67||undefined attribute type|
|Himem.sys||HMA does not exist or is not managed by XMS provider|
|91h||INT 67||this feature is not supported|
|Himem.sys||HMA is already in use|
|92h||INT 67||success, but a portion of source region is overwritten|
|Himem.sys||DX is less than the /HMAMIN parameter (5.04-01)|
|93h||INT 67||length of data exceeds space allocated to the handle|
|Himem.sys||HMA is not allocated|
|94h||INT 67||conventional and expanded memory regions overlap|
|Himem.sys||A20 line is still enabled|
|95h||INT 67||offset within logical page exceeds size of logical page|
|96h||INT 67||region length exceeds 1 Mb|
|97h||INT 67||source and destination have same handle and overlap|
|98h||INT 67||memory source or destination type undefined|
|9Ah||INT 67||specified map register or DMA register set not supported|
|9Bh||INT 67||all map register or DMA register sets are allocated|
|9Ch||INT 67||map register or DMA register sets not supported|
|9Dh||INT 67||undefined or unallocated map or DMA register sets|
|9Eh||INT 67||dedicated DMA channels not supported|
|9Fh||INT 67||specified dedicated DMA channel not supported|
|A0h||INT 67||no such handle name|
|Himem.sys||all extended memory is allocated|
|A1h||INT 67||a handle found had no name, or duplicate handle name|
|Himem.sys||all available extended memory handles are allocated|
|A2h||INT 67||attempt to wrap around 1 M conventional address space|
|A3h||INT 67||source array corrupted|
|Himem.sys||source handle is invalid|
|A4h||INT 67||operating system denied access|
|Himem.sys||source offset is invalid|
|A5h||Himem.sys||destination handle is invalid|
|A6h||Himem.sys||destination offset is invalid|
|A7h||Himem.sys||length is invalid|
|A8h||Himem.sys||copy operation has an invalid overlap|
|A9h||Himem.sys||parity error occurred|
|AAh||INT 13||drive not ready|
|Himem.sys||block is not locked|
|ABh||Himem.sys||block is locked|
|ACh||Himem.sys||block lock count overflowed|
|B0h||Himem.sys||only a smaller UMB is available|
|INT 13||volume is not locked in drive|
|B1h||Himem.sys||no UMBs are available|
|INT 13||volume is locked in drive|
|B2h||Himem.sys||UMB segment number is invalid|
|INT 13||volume is not removable|
|B3h||INT 13||volume is in use, write cache isn’t empty|
|B4h||INT 13||lock count has been exceeded|
|B5h||INT 13||a valid eject request failed|
|B6h||media is write-protected|
|BBh||INT 13||undefined hard disk error|
|CCh||INT 13||write fault on hard disk|
|E0h||INT 13||status register error on hard disk|
|FFh||INT 13||sense operation failed on hard disk|
|INT 15||error enabling address line A20|
|other||matching file not found, or no more files, or bad FCB.|
- If error code is returned in AX register, its most significant byte (in AH register) is zero.
- ^ Together with error code 22h, a pointer to media identifier is returned in ES:DI registers. This media identifier includes :
- at offset 00h – 12 bytes : disk’s volume label, ending with 00h ;
- at offset 0Ch – 1 double word : disk’s serial number (in binary form).
- The HIMEM.SYS driver (5.04-01) returns error codes in BL register.
- Error code, returned by the latest executed DOS’s function, is stored in DOS’s swappable data area SDA (A.01-3) at offset 04h. BIOS’ functions write their error code into BIOS data area (A.01-1), most probably in cell 0040:0074h.
A.06-2 Error class codes
Error class code, returned in BH register by INT 21AH=59h function (8.02-65), is stored at offset 07h in DOS’s swappable area SDA (A.01-3). Interpretation of error class codes is shown in the table below.
|01h||out of resource (storage space or I/O channels)|
|02h||temporary situation (file or record lock)|
|03h||authorization (denied access)|
|04h||internal (system software bug)|
|06h||system failure (configuration file missing or incorrect)|
|07h||application program error|
|08h||object not found|
|0Ah||object is locked|
|0Ch||object already exists|
|0Dh||unknown error class|
A.06-3 Codes of suggested action
Code of suggested action is returned in BL register by INT 21AH=59h function (8.02-5) and is stored at offset 06h in DOS’s swappable area SDA (A.01-3).
|02h||retry after some time|
|03h||prompt user to reenter input|
|04h||close opened files, delete temporary files and abort|
|06h||ignore this error|
|07h||retry after user intervention|
A.06-4 Error locus codes
Error locus code is returned in CH register by INT 21AH=59h function (8.02-65) and is stored at offset 03h in DOS’s swappable area SDA (A.01-3).
|Code||Probable locus of the error|
|01h||unknown or not appropriate|
|02h||block device (disk error)|
|04h||device connected to serial port (channel timeout)|
A.06-5 I/O error status codes
Error status code is returned in AH register by INT 25 and INT 26 handlers (8.02-85).
|02h||invalid address mark|
|03h||disk is write-protected (for INT 26 only)|
|04h||requested sector not found|
|10h||data error (bad CRC)|
|40h||seek operation failure|
|80h||device failed to respond (timeout)|
A.07 Execution service structures
A.07-1 Program Segment Prefix
When a program is loaded for execution into an allotted memory segment, executable code of the program is placed at offset 100h and on. Preceding part of the segment (offsets 00h–FFh) is known as PSP, i.e. Program Segment Prefix. It is filled with important service data, which are used by DOS functions and may be used by the program itself.
By means of DEBUG.EXE that PSP can be peeped most easily, which is formed by COMMAND.COM interpreter for DEBUG.EXE itself. A procedure of displaying a part of that PSP is shown in fig.11. The rest part of that PSP is filled with zeros.
The program under test in fig.11 is file CJPEG.EXE. Parameters “-baseline” and “VC01.BMP” are transferred to program under test in order to present an example of filling the first and the second FCB blocks, starting at offsets 5Ch and 6Ch correspondingly. Contents of these and some other PSP data fields are explained in the table below.
|00h||2||INT 20 command (for CP/M compatibility)|
|02h||2||First segment beyond memory allotted to the program|
|06h||2||Size of executable code (for *.COM files)|
|0Ah||4||Stored INT 22 termination address|
|0Eh||4||Stored INT 23 Control-Break handler address|
|12h||4||Stored INT 24 critical error handler address|
|16h||2||Segment of parent’s PSP [Note 1][Note 2]|
|18h||20||Job File Table (JFT)[Note 3]|
|2Ch||2||Segment of environment for the current process|
|2Eh||4||Caller’s SS:SP on entry to last INT 21 call|
|32h||2||Number of entries in JFT (default is 20)|
|34h||4||Pointer to JFT (default is PSP:0018h)|
|3Ch||1||= 00h (= 01h for hieroglyphical keyboards)|
|40h||2||DOS version to be reported by INT 21/AH=30h|
|50h||2||A call for the INT 21 functions dispatcher|
|5Ch||16||First FCB area [Note 4]|
|6Ch||16||Second FCB area [Note 4]|
|80h||1||Length of command line tail [Note 5][Note 6]|
|81h||127||Command line tail or DTA area [Note 5][Note 6]|
- ^ If segment address of the parent’s PSP at offset 16h points at current PSP, then program is regarded as having no parent or, in other terms, as being its own parent. This is a distinctive feature of permanently loaded program, for example, of command interpreter. Permanently loaded programs can’t be terminated by a call for INT 20 or for INT 21AH=4Ch function.
- ^ In protected mode some PSP fields, including the “parent” segment field at offset 16h, may be overwritten. Therefore tracing a chain of PSP references may get confused, unless each candidate “parent” PSP segment confirms presence of typical signatures, for example, code CD20h (INT 20) at offset 00h or code CD21h at offset 50h.
- ^ a b c When current program starts, its JFT (Job File Table, offset 18h) contains SFT (A.01-4) entry numbers — one byte each — for “opened” objects, which are inherited from the parent process. Free spaces in JFT are filled with FFh byte. Values 80h–FEh in JFT correspond to remote files, opened by network redirectors. Default size of JFT — 20 bytes — imposes a restriction on number of opened objects. The INT 21AH=67h function (8.02-76) enables to overcome this restriction: it arranges a larger JFT outside PSP, replaces a pointer to JFT in PSP at offset 34h and a count of JFT entries at offset 32h. However, child processes in any case can’t inherit from their parent process more than 20 “opened” objects.
- ^ a b Areas at offsets 5Ch and 6Ch are filled as unopened FCBs (A.09-5) with parsed data from first and second command line parameters. Parameters are parsed with INT 21AX=2901h function (8.02-19). Count of parameters includes those that can’t be parsed.
- ^ a b The “command tail” area 81h–FFh is filled with a copy of command line with all parameters, which follow command name. The filled part of command tail area is terminated by byte 0Dh. Length of the filled part is written at offset 80h. If the length is set to 7Fh, and byte at offset FFh is 0Dh, hence real length of command tail exceeds 126 bytes, and its non-truncated version should be found in value of CMDLINE environmental variable.
- ^ “command tail” area 80h–FFh is used as default DTA (data transfer area) by “find file” functions INT 21AH=11h,12h,4Eh,4Fh. You may prevent overwriting of “command tail” by changing DTA address with INT 21AH=1Ah function (8.02-16).
A.07-2 Data block for loading a program
The table below shows structure of a data block, used by INT 21AX=4B00h and INT 21AX=4B01h functions (8.02-53) in order to load a program into memory for its further execution.
|00h||2||Environment segment for child process [Note 1]|
|02h||4||Pointer to command line [Note 2]|
|06h||4||Pointer to data for FCB at offset 5Ch [Note 3]|
|0Ah||4||Pointer to data for FCB at offset 6Ch [Note 3]|
|0Eh||4||On return: stack top SS:SP for loaded program [Note 4]|
|12h||4||On return: loaded program entrance point CS:IP [Note 4]|
- ^ Whole environment of the parent process will be copied into this segment. If child process should be given access not to a copy, but to parent’s environment itself, then the 0000h value should be assigned to a word at offset 00h in this data block.
- ^ Command line must include all what is to be written into PSP of the child process starting at offset 80h.[Note 5 to A.07-1] Command line string must begin with a byte, specifying its length, and must end with byte 0Dh.
- ^ This data string will be copied into corresponding FCB block[Note 4 to A.07-1] inside PSP for the child process. Required structure of this data string is shown in the “N” column of table A.09-5. First 12 bytes should be filled, then 4 bytes 00h must follow. If FCB should be left empty, then its first byte must be 00h, and then 11 bytes 20h must follow.
- ^ Double words at offsets 0Eh and 12h are returned by INT 21AX=4B01h function only. This function loads a program, but doesn’t initiate its execution. Returned stack top and entrance point enable to start execution of the loaded program later.
A.07-3 Execution state descriptor
The table below shows data structure in execution state descriptor, used by INT 21AX=4B05h function (8.02-54).
|00h||2||= 0000h (reserved)|
|02h||2||Flags :||bit 0 set : program is of *.EXE format|
|bit 1 set : loaded code is an overlay|
|04h||4||Pointer to program’s name, ending with 00h byte|
|08h||2||PSP segment address of the loaded program|
|0Ah||4||Entrance point CS:IP of the loaded program|
|0Eh||4||Size of the loaded program (including PSP)|
A.07-4 Data block for server function
As far as server function INT 21AX=5D00h (8.02-68) enables to execute any INT 21 function as a separate process, this data block defines the states of all registers as required for execution of the selected function. Before this selected function is called for, all specified states will be copied from data block into registers automatically.
|00h||2||Required contents of AX register|
|02h||2||Required contents of BX register|
|04h||2||Required contents of CX register|
|06h||2||Required contents of DX register|
|08h||2||Required contents of SI register|
|0Ah||2||Required contents of DI register|
|0Ch||2||Required contents of DS register|
|0Eh||2||Required contents of ES register|
|10h||2||= 0000h (reserved)|
|12h||2||Virtual machine identifier [Note 1]|
|14h||2||Process identifier (i.e. PSP segment address)|
- ^ If selected function is to be executed under current MS-DOS 7, then the 0000h value should be specified as virtual machine identifier.
- ^ When this data block is used in order to close a process by means of INT 21AX=5D01h function (8.02-69), then words at offsets 12h and 14h only are taken into account, all other words are ignored.
A.07-5 Interrupt sharing protocol
Many drivers and TSR programs load their interrupt handlers and have to write address of this handler into a certain cell of interrupt table. However, this certain cell may be occupied yet by an address of another handler, which has been loaded beforehand. If new handler has to replace the former one, then a problem arises how to release memory, occupied by the former handler. If new handler complements functions of the former one, then a problem arises how to arrange their interaction. In both cases a solution is that each resident module must provide data, necessary for other resident modules, which may be loaded later.
The first step in arranging resident modules interaction was IBM’s Interrupt Sharing Protocol (ISP), stipulating presence of 16-byte data block with fixed placement relative to call address for corresponding resident module. The ISP protocol enables to form a traceable chain of references to all the modules, sharing a common interrupt number. ISP protocol gives an opportunity to alter the order of references in the chain and to remove certain references from the chain. The latter is a necessary condition for unloading resident modules.
According to ISP protocol the call address, written into interrupt table, must point at a command of a short jump 16 bytes ahead, where executable code of resident module starts. The jumped over 16 bytes is just a place for data block. Structure of this data block is shown in the table below. All offsets in the table are counted from resident module’s call address.
|00h||2||Short jump command (EBh 10h) to executable code|
|02h||4||Address of previous handler in handler’s chain|
|06h||2||Signature 4Bh 42h (= “KB”)|
|08h||1||= 00h – this handler is not the first|
|= 80h – this handler is the first in the chain|
|09h||2||Pointer to module unloading subroutine with RETF command at the end|
|0Bh||7||Reserved (must be zeros)|
Note 1: many resident modules don’t conform to ISP protocol. It may be intentionally ignored in order to prevent references chain tracing or resident module unloading.
A.07-6 Alternative Multiplex Interrupt Specification (AMIS)
Multiplex interrupt INT 2F, described in part 8.03, has a serious drawback: coincident identifiers sometimes are appointed to different TSR modules due to inconsistent decisions of their developers. In order to avoid such conflicts an idea has been suggested to assign identifiers not beforehand by the will of module’s developers, but automatically just in course of module’s loading. Authorship of this idea is known to belong to Ralf Brown. Idea has been institutionalized by Alternative Multiplex Interrupt Specification (AMIS) and has been implemented by multiplex interrupt INT 2D. Contents of this article are based on version 3.6 of AMIS specification. Besides that, each resident module using multiplex interrupt INT 2D must conform to IBM’s Interrupt sharing protocol ISP (A.07-5).
According to AMIS specification an identifier for resident module should be searched in a cycle of calls for multiplex interrupt INT 2D with operation code AL = 00h and with successive incrementation of candidate identifiers in AH register, starting from AH = 00h. If anyone of loaded resident modules considers a particular candidate identifier in AH register as its own, it must set AL = FFh, must return in CH:CL registers its version number and must return in DX:DI registers a pointer to a signature up to 80 bytes long, ending with byte 00h. Search cycle should terminate on condition of returned zero value in AL register: it means that neither loaded resident module has appropriated the last specified candidate identifier. Hence, the latter is free, and current resident module can assign this identifier to itself.
A similar cycle, but with other termination condition, should be arranged in order to find out whether a particular resident module is loaded or not. For this purpose the main role belongs to signature, pointed at by address returned in DX:DI registers. 16 bytes of this signature must be sufficient for identification of resident module. First 8 bytes must specify company or developer’s name, the following 8 bytes — a name of program or a driver, which has loaded the responding resident module. Abridged names are allowed. If a name is shorter than 8 bytes, it should be appended with spaces (bytes 20h). The rest part of signature beyond 16 bytes is optional, but it may specify version and other useful data. Signature check enables to prevent repetitive loading of the same resident modules. Search cycle for a signature check also reveals identifier, assigned to the requested resident module. When the identifier is known, then other functions of this resident module can be called for.
As far as calls for multiplex interrupt imply a search through a chain of references and are performed slowly, hence repetitive calls for module’s specific functions via INT 2D are not expedient (though are allowed with operation codes above 10h). Direct addressing to module’s functions with a CALL FAR command (7.03-08) is preferable. In order to obtain direct address, the INT 2D interrupt should be called once with operation code AL = 01h and with particular module’s identifier in AH register. Address for direct calls, returned in DX:BX registers, should be saved, and then later more calls for multiplex interrupt wouldn’t be needed.
Beside the mentioned operations with operation codes AL = 00h and AL = 01h, AMIS specification stipulates several other operations, listed in the table below. Unified codes of these operations, shown in the first column of the table, enable to apply identical services for all resident modules. Some operations are optional. If addressed resident module returns in AL register the status code value 00h, hence it doesn’t support the requested operation. On the contrary, returned status code value FFh confirms that the requested operation is supported and is done successfully. Several operations may return other status code values, informing about specific features of resident module. These and some other peculiarities of AMIS operation execution are explained in notes after the following table.
|01h||Request for direct address||[Note 1]|
|02h||Uninstall resident module||[Note 2]|
|03h||Request for TSR program activation||[Note 3]|
|04h||Report about chained interrupts||[Note 4]|
|05h||Request for a list of “hot” keys||[Note 5]|
|06h||Request for device driver information||[Note 6]|
- ^ Returned status value AL = 00h means that requested resident module can’t be addressed with CALL FAR command. Validity of the address returned in DX:BX registers must be confirmed by returned status code value AL = FFh.
- ^ A request to uninstall resident module must supply in DX:BX registers an address for return after completion of uninstall operation, though resident module may ignore this address. Returned in AL register status code values (except 00h and FFh) have the following meaning :
- 01 – uninstall attempt failure ;
- 02 – uninstall operation will be completed later ;
- 03 – module has no uninstaller and stays active ;
- 04 – the same, as 03, but module is deactivated ;
- 05 – uninstall attempt should be repeated later ;
- 06 – module is deactivated, but can’t be uninstalled ;
- 07 – the same, as 03, plus driver unloading required.
Return of status code values 03, 04 or 07 means a necessity to launch a special uninstaller program. For this program the addressed resident module must return in BX register that segment address, where its executable code is loaded.
- ^ Returned in AL register status code values (except 00h and FFh) have the following meaning :
- 01 – activation attempt should be repeated later ;
- 02 – program will be activated later ;
- 03 – program is active yet ;
- 04 – activation attempt has failed.
After successful activation, confirmed by status code FFh, some programs may report extra information in BX register. After a failure, confirmed by status code 04h, extra information may be returned in BX and CX registers. If the cause of failure remains unknown, BX and CX registers should return zeros.
- ^ Requests for operation 04h must specify in BL register a number of that interrupt (except INT 2D), which is to be checked. Returned in AL register status code values (except 00h) have the following meaning :
- 01 – check result can’t be determined ;
- 02 – specified interrupt has been intercepted ;
- 03 – the same as 02 plus handler’s address – in DX:BX ;
- 04 – in DX:BX – pointer to a list of interceptions ;
- FF – specified interrupt is not intercepted.
Status code value 04 means that interrupt number, specified in BL register, is ignored. Returned list is composed of 3-byte groups per each interrupt: the first byte, the interrupt number ; the following 2 bytes, the offset (inside DX segment) of that interrupt handler’s entrance address. End of list is marked with code 2Dh in a place for interrupt number.
- ^ After successful outcome, confirmed by status code FFh, in DX:BX registers a pointer to a list of “hot” keys is returned. Structure of this list is described in appendix A.02-7.
- ^ Operation 06h returns in AL register number of drivers, installed by addressed resident module, and in DX:BX registers – a pointer to header of the first of these installed drivers (A.05-1). In AH register a byte of flags is returned; bits 3–7 in this byte are reserved and must be clear. Set state of the rest flags should be interpreted as follows:
- bit 0 – drivers can’t be unloaded from memory;
- bit 1 – drivers are not included in DOS’s drivers chain;
- bit 2 – installed drivers are not reenterable.
If addressed TSR program didn’t install drivers, it has to return AL = 00h value. On return the contents of AH, BX and DX registers may be arbitrary altered.
A.08 Floppy drive’s data structures
A.08-1 Floppy drive’s data in BIOS data area
The table presents that information in BIOS data area, which relates to floppy drive(s). All offsets are counted from segment address 0040h, i.e. from the start of BIOS data area.
|10h||2||Flags :||bit||0||: floppy is able to boot the PC|
|bits||6–7||: number of floppy drives minus one|
|3Eh||1||Bit 7 set by IRQ6 handler marks completion of FDD’s job|
|3Fh||1||Motor’s status in floppy drive(s)|
|40h||1||Floppy motor OFF timeout count|
|41h||1||Status :||bits||0–4||: last operation error [Note 2]|
|bit||5||: general controller failure|
|bit||6||: seek error|
|bit||7||: drive isn’t ready|
|42h||3||Registers of floppy drive controller|
|8Bh||1||Floppy drive data rate control|
|8Fh||1||Floppy drive registration :|
|bit||0||: drive 0 supports 80 tracks|
|bit||2||: presence of drive 0 is confirmed|
|bit||4||: drive 1 supports 80 tracks|
|bit||6||: presence of drive 1 is confirmed|
|90h||1||Floppy drive 0 media status :|
|bits||0–2||=111b for 3.5″ disks|
|bit||3||: diskette 2.88 Mb|
|bit||4||: media type has been determined|
|bits||6–7||: current data transfer rate|
|91h||1||Floppy drive 1 media status (just as for drive 0)|
|94h||1||Floppy drive 0 current track number|
|95h||1||Floppy drive 1 current track number|
- Data placement in BIOS data area may depend on BIOS version (A.01-1).
- ^ Particular values of last error byte at offset 41h should be interpreted as it is shown in table A.06-1 for INT 13.
A.08-2 Access and formatting parameters
Computer’s BIOS system stores access and formatting parameters for each floppy disk drive in separate 11-byte tables. A pointer to such table for any particular floppy drive can be obtained with INT 13AH=00h function (8.01-49). Besides that, one more similar 11-byte table is created for the default (“current”) floppy drive; a pointer to the latter table is stored in a cell 0000:0078h (also known as INT 1E) inside interrupt table.
Access and formatting parameters can be changed by INT 13AH=18h function (8.01-54), but the changes wouldn’t come into effect until floppy controller is reset by a call for INT 13AH=00h (8.01-44).
|00h||1||Parameters, first byte :|
|bits||7–4||: step rate of head shift|
|bits||3–0||: head unload time (0Fh = 0.24 s)|
|01h||1||Parameters, second byte :|
|bits||7–1||: head load time (01h = 0.004 s)|
|bit||0||: set state means data transfer via DMA|
|02h||1||Delay until motor turned off (in clock ticks 1/18 s)|
|03h||1||Bytes per sector :|
|04h||1||Number of sectors per track|
|05h||1||Gap length between sectors :|
|=2Ah||–||for diskettes 5.25″,|
|=1Bh||–||for diskettes 3.5″.|
|07h||1||Gap length between sectors for formatting :|
|=50h||–||for diskettes 5.25″,|
|=6Ch||–||for diskettes 3.5″.|
|08h||1||Format filler byte (default is F6h)|
|09h||1||Head settle time in milliseconds|
|0Ah||1||Motor start time in ticks (1 tick = 1/18 second)|
A.08-3 Floppy drive types registered by BIOS
BIOS Setup program stores data about registered floppy drives in a cell 10h of CMOS memory. In order to read these data the cell address 10h has to be sent with OUT command (7.03-66) into port 70h, and after that the required data byte can be read by IN command (7.03-26) from port 71h (more about that in note 1 to A.14-1). The required data byte occurs in AL register; bits 4–7 in that byte specify features of the first floppy drive, bits 0–3 specify features of the second floppy drive, if it exists. Hexadecimal values, expressed by each of these 4-bit groups, should be interpreted independently according to the table below.
|Value||Type of floppy disk drive|
|0||Floppy disk drive isn’t present|
|1||Drive for 360 kb 5.25″ diskettes|
|2||Drive for 1.2 Mb 5.25″ diskettes|
|3||Drive for 720 kb 3.5″ diskettes|
|4||Drive for 1.44 Mb 3.5″ diskettes|
|5||Drive for 2.88 Mb 3.5″ diskettes|
A.09 Directories and file’s data tables
A.09-1 Directory records and file’s data
Data concerning files, volume labels and subdirectories are stored in corresponding directory records. Data structure in ordinary 32-byte directory record for an object with a “short” name is shown in the first column “D” of the table below. DOS’s “find file” functions INT 21AH=4E00h (8.02-57) and INT 21AH=4Fh (8.02-58) read directory records and return the found data in DTA area (8.02-16); format of data, returned by these functions, is shown in second column “F4E” of the table below. Other “find file” functions INT 21AH=11h (8.02-11) and INT 21AH=12h (8.02-12) also return found data in DTA area, but in other formats. Third column “F1N” of the table below shows format of data, returned after a search request with normal FCB block (column “N” in appendix A.09-5). But when search request is presented in a form of extended FCB block (column “E” in appendix A.09-5), then the same functions return other data structure, which is shown in the fourth column “F1E” of the table below.
|00h||1||= FFh – signature of extended FCB|
|06h||1||Attributes for a search (A.09-2)|
|00h||00h||07h||1||Disk : 01h = A:, 03h = C:, …[Note 1]|
|00h||01h||01h||08h||8||Name, appended with spaces to 8 bytes|
|08h||09h||09h||10h||3||Suffix, appended with spaces to 3 bytes|
|0Ch||1||Attributes for a search (A.09-2)|
|0Dh||2||Ordinal number of directory record|
|0Fh||2||Number of the first directory cluster|
|0Bh||15h||0Ch||13h||1||Actual attributes (A.09-2) of the object|
|0Ch||1||Auxiliary attribute byte [Note 2][Note 3]|
|0Dh||0Eh||15h||1||Time in 0.01-second units [Note 2]|
|0Eh||0Fh||16h||2||Object creation time [Note 2]|
|10h||11h||18h||2||Object creation date [Note 2]|
|12h||13h||1Ah||2||Date of the last access|
|14h||15h||1Ch||2||Starting cluster number [Note 4]|
|16h||16h||17h||1Eh||2||Time of the last update|
|18h||18h||19h||20h||2||Date of the last update|
|1Ah||1Bh||22h||2||Starting cluster number [Note 4]|
|1Ch||1Ah||1Dh||24h||4||Object’s size in bytes (binary form)|
|1Eh||13||Object’s name and suffix [Note 5]|
- ^ Search functions INT 21AX=4E00h (8.02-57) and INT 21AH=4Fh (8.02-58) return this byte with its 7th bit set, if disk is accessed via a network.
- ^ If object is created under DOS, then this data field is not filled. Copying procedures under DOS don’t copy those data, which may be present in this field.
- ^ This data field is used by operating systems Windows-2000/XP, but the author has no information about role of these data.
- ^ Object’s starting cluster number in FAT-16 volumes is a word at offset 1Ah; field at offset 14h is not used. But cluster number in FAT-32 volumes is a double word. The most significant two bytes of this double word are stored at offset 14h.
- ^ Search functions INT 21AX=4E00h (8.02-57) and INT 21AH=4Fh (8.02-58) don’t overwrite name search template at offset 01h; actual name of the found object, ending with 00h byte, is returned at offset 1Eh.
A.09-2 Structure of attribute byte
Attribute byte at offset 0Bh in a directory record (A.09-1) defines class of the object, associated with this record. Bitfields of attribute byte are explained in the table below.
|3||Volume label (must be zero for files and directories)|
|4||Directory (must be zero for files and volume labels)|
|5||File, which is to be stored in archive|
|6,7||Not used under MS-DOS, must be zero|
Note 1: the 0Fh value of attribute byte is regarded as a signature of LFN directory records, associated with files having “long” names (A.09-3). Such records are formed by Windows-95/98/ME operating systems.
Note 2: states of bits 3 and 4 in attribute byte can’t be changed by INT 21AX=4301h function (8.02-39) or by ATTRIB.EXE utility (6.01).
Note 3: file search functions INT 21AX=4E00h (8.02-57) and INT 21AH=4Fh (8.02-58) ignore states of bits 0 and 5 in attribute byte.
Note 4: extended “file open” function INT 21AX=6C00h (8.02-78) accepts in CX register an attribute word with clear bits 4 and 6-15. Role of other bits corresponds to that shown in table A.09-2.
A.09-3 Format of LFN directory records
Each “long” filename, accepted by Windows-95/98/ME operating systems, occupies at least several directory records of standard 32-byte size. Truncated version of “long” filename is stored in the last of these records; its structure corresponds to that shown in table A.09-1. But the rest records, associated with the same file, store unicode characters of “long” filename. These rest LFN records have other structure, shown in the table below.
|00h||1||Ordinal number of LFN record [Note 1]|
|01h||10||First portion of “long” filename’s characters|
|0Bh||1||= 0Fh – signature of LFN record|
|0Ch||1||= 00h (reserved)|
|0Dh||1||Checksum for short filename [Note 2]|
|10h||12||Second portion of “long” filename’s characters|
|1Ah||2||= 0000h for all LFN records|
|1Ch||4||Third portion of “long” filename’s characters|
- ^ The last LFN record, associated with the same “long” filename, is marked by set state of bit 6 in the first byte.
- ^ The short filename checksum byte is calculated by adding up the eleven bytes of the short filename, with rotating the intermediate sum right one bit before adding each next character byte.
A.09-4 Bitfields of access and sharing byte
While preparing an object for access, the INT 21AH=3Dh (8.02-33) and INT 21AX=6C00h (8.02-78) functions accept a byte of access conditions. This byte is written into a cell at offset 02h in corresponding SFT entry (A.01-4). Role of bitfields in access and sharing conditions byte is shown in the table below.
|2||If set, prohibits updating file’s last-access time|
|3||= 0b (reserved)|
|7||If set, file’s handle will not be inherited by child processes.|
Note 1: sharing conditions are ignored unless SHARE.EXE utility is loaded.
Note 2: previous versions of MS-DOS require clear state of bit 2.
A.09-5 Unopened file control blocks
File control block (FCB) is an obsolete form of object’s properties specification. It gives no access to objects beyond current directory and to disks with FAT-32 file system. Nevertheless some functions employ partially filled (unopened) FCBs just as a template of specification for object’s search, renaming and deletion. Unlike operations with completely filled (opened) FCB blocks, operations with unopened FCBs (INT 21AH=11h, 12h, 13h, 17h) are still used and can be applied to objects in the current directory on disks with FAT-32 file system. Unopened FCB’s data structure is shown in the table below.
In MS-DOS 7 two forms of FCB blocks are allowed: normal FCB blocks up to 36 bytes long and extended FCBs up to 43 bytes long. A distinctive feature of extended FCB is FFh value of its first byte. Normal FCB blocks define files only, except those having “Hidden” and “System” attributes. Extended FSBs include search attributes specification and therefore may be applied to different objects: files, volume labels and subdirectories. Both normal and extended FCBs may be completely filled (opened) and partially filled (unopened). Column “N” of the table below shows data structure in unopened normal FCB blocks, column “E” shows the same for unopened extended FCB blocks. Those FCB bytes, which are not shown in the table below, must have the 00h value.
|00h||1||= FFh – signature of extended FCB|
|06h||1||Attributes specification for search (A.09-2)|
|00h||07h||1||Logical disk number: 00h = “current” disk, 01h = A:, 03h = C:, and so on (except the FFh value).|
|01h||08h||8||Object’s name or its search mask [Note 1]|
|09h||10h||3||Object’s suffix or its search mask [Note 1]|
|0Ch||13h||1||On return: search attributes (from offset 06h)|
|0Dh||14h||2||On return: object’s record number in directory|
|0Fh||16h||2||On return: current directory’s cluster number|
|11h||18h||8||On call for INT 21AH=17h: new name for file|
|15h||1Ch||1||On return: disk number (01h=A:, 03h=C:, and so on)|
|19h||20h||3||On call for INT 21AH=17h: new suffix for file|
- ^ In FCBs all characters of name and suffix must be in upper case. Name is appended with spaces (20h) to its nominal length 8 bytes, suffix is appended with spaces to its nominal length 3 bytes. If empty, both name and suffix fields must be filled with spaces. The mentioned and some other requirements to filling FCB fields can be met by means of INT 21AH=29h function (8.02-19).
- Being called for the first time, functions INT 21AH=11h (8.02-11) and INT 21AH=13h (8.02-13) require 00h values in all fields after offset 0Ch in normal FCB and after offset 13h in extended FCB. On return these fields contain data, which must be preserved intact from each previous search call to each next search call. In the same FCB fields the INT 21AH=17h function (8.02-14) accepts new name for the renamed file, requiring buffer 28 bytes long for normal FCB and 35 bytes long for extended FCB.
- Unopened FCB blocks are not subjected to restriction, imposed by FCBS command specification (4.10) in CONFIG.SYS file.
A.09-6 Canonical structure of a CD directory record
High Sierra and ISO 9660 file systems implement slightly different data structures in CD directory records. Both these data structures can be translated by INT 2FAX=150Fh function (8.03-19) to a common canonical form, which is shown below.
|00h||1||Length of attribute record in logical blocks|
|01h||4||File’s first logical block number|
|05h||2||Size of file in logical blocks|
|07h||4||File’s length in bytes|
|0Bh||7||Date and time|
|13h||1||Interleave size (for AVI files only)|
|14h||1||Interleave skip factor (for AVI files only)|
|15h||2||Volume set sequence number|
|17h||1||Length of file name|
|18h||38||Name of file, ending with 00h byte|
|3Eh||2||File version number|
|40h||1||Number of bytes in system data block|
|41h||220||System data block|
A.10 Video data tables
A.10-1 Selected videomodes
Videomodes define screen appearance. Both BIOS and DOS use textual videomodes : color videomode 03h or monochrome videomode 07h. Each program is allowed to set the most appropriate video mode, either textual or graphic.
Available videomodes depend on PC’s hardware. During hardware evolution some videomodes have become common for the sake of compatibility. Later a subset of videomodes has acquired the status of a standard. The table below lists only those videomodes, which are almost certainly supported by any modern video card. Video cards with insufficient internal memory probably will not be able to support graphic videomodes with high resolution. Obsolete PC’s produced before 1991 don’t support SVGA videomodes at all.
EGA and VGA videomodes are defined by one-byte code, specified in the first column of the table below. These videomodes may be set by INT 10AH=00h function (8.01-10).
SVGA video modes are defined by 2-byte hexadecimal code, which should be specified in BX register for INT 10AX=4F02h function (8.01-37). The table below doesn’t specify the most significant half-byte of SVGA videomode code, because this half-byte (bits 15–12) is charged with another mission. Its 12th and 13th bits must be cleared, the 14th bit enables linear frame buffer access, and the 15th bit forces to retain video memory contents. For example, you may specify BX=0102h, when you want video memory to be cleared, or BX=8102h if you want video memory contents to be preserved: in both cases you’ll get the same videomode, which is specified as 102h in the first column of the table below. Codes of other SVGA videomodes are shown in the same way — without specification of the most significant half-byte. Codes of non-SVGA video modes may be specified for INT 10AX=4F02h function in the least significant byte of BX register while its bits 15 and 14 are charged with the described missions, and bits 13–8 are made clear.
Monochrome videomodes, both textual and graphic, are marked in the second column of the table as “b/w” (instead of colors number).
Textual video modes are characterized in column 3 of the table below by number of characters in a row and by number of rows per screen height. For example, definition 80×25 means that you may address rows 0–24 and character cells 0–79 in each row. All listed textual modes accept 8×16 fonts.
Graphic modes are characterized by their resolution in pixels, shown in the 4th column. For example, resolution 640×480 means that you are allowed to address screen lines 0–479 and pixels 0–639 in each line.
The 5th column in the table shows video buffer starting address for those videomodes, which use fixed video buffer in UMB address space.
Note 1: position and size of video memory access “windows” in address space for SVGA videomodes may depend on PC’s hardware. Video memory access parameters should be determined by call for INT 10AX=4F01h function (8.01-36, A.10-7).
Note 2: when SVGA standard hasn’t been adopted yet, then equivalent to SVGA’s 102h videomode was 6Ah videomode (800x600x16). The 6Ah videomode still can be set by INT 10AH=00h function (8.01-10).
Note 3: SVGA standard reserves BX=81FFh code for special video mode, enabling unlimited direct access to video memory.
A.10-2 Information about video adapter status
The table below shows structure of 64-byte data block, returned by INT 10AH=1Bh function (8.01-34). This block presents information about current status of video adapter.
|00h||4||Address of static functionality table (A.10-3)|
|04h||1||Current video mode|
|05h||2||Number of columns or of pixels along a line|
|07h||2||Size of regeneration buffer in bytes|
|09h||2||Starting address of regeneration buffer|
|0Bh||16||Cursor positions (2 bytes each) for pages 0–7|
|1Bh||2||Cursor’s start and stop scan lines|
|1Dh||1||Active screen page|
|1Eh||2||CRT controller’s port address|
|20h||2||Last values sent to ports 03x8h and 03x9h|
|22h||1||Number of rows (or screen lines) minus one|
|23h||2||Number of bytes per font’s character|
|25h||1||Active video adapter code|
|26h||1||Code of alternate video adapter (if it exists)|
|27h||2||Number of videomode’s colors (0000h = monochrome)|
|29h||1||Number of screen pages supported by videomode|
|2Ah||1||Active scan lines [Note 1]|
|2Bh||1||Character generator’s primary font block|
|2Ch||1||Character generator’s secondary font block|
|2Dh||1||Current status flags [Note 2]|
|31h||1||Video memory, 00h–03h correspond to 64,128,192,256k|
|32h||1||Flags, just as at offset 0Eh in table A.10-3.|
- ^ Number of active scan lines is defined by set state of one bit in a byte at offset 2Ah. Set state of bit 0, 1, 2, 3, 4, 5, 6 corresponds to numbers of lines 200, 350, 400, 480, 512, 600, 768.
- ^ Bits in flag’s byte at offset 2Dh have the following meaning :
- bit 0 – no restrictions on videomode choice
- bit 1 – gray scale summing is on
- bit 2 – monochrome display attached
- bit 3 – default palette loading disabled
- bit 4 – cursor emulation enabled
- bit 5 – role of 7th bit in color byte (A.10-5)
- bit 6 – 9-dot wide fonts are not supported
If 5th bit in flag’s byte is cleared, then 7th bit in color byte defines brightness of background, otherwise it defines blinking.
A.10-3 Format of static functionality table
Static functionality table informs about variety of capabilities, potentially supported by PC’s video adapter. A pointer to static functionality table is returned by INT 10AH=1Bh function (8.01-34) in current video adapter status table (A.10-2) at offset 00h.
|00h||7||Bits 0–13h correspond to video modes 00h–13h ; if a bit is set, the corresponding video mode is supported. The rest bits are reserved for OEM videomodes.|
|07h||1||Bits 0, 1, 2, 3, 4, 5, 6 signify support to scan lines numbers 200, 350, 400, 480, 512, 600, 768.|
|08h||1||Maximum number of fonts in textual videomodes|
|09h||1||Maximum number of active fonts in textual videomodes|
|0Eh||1||Fonts and palettes support:
A.10-4 BIOS information about SVGA extensions
The table below shows selected data from a data block 512 bytes long returned by INT 10AX=4F00 function (8.01-35). These data characterize software supplied in fixed storage chip(s) of video adapter.
|00h||4||Signature “VESA” or “VBE2”|
|04h||2||Version number of SVGA BIOS extensions|
|06h||4||Pointer to manufacturer’s (OEM) name|
|0Eh||4||Pointer to list of supported videomodes (end mark FFFFh)|
|12h||2||Amount of video memory in 64 kb blocks|
A.10-5 16-color codes
Though AT-compatible computer’s hardware suggests a large variety of videomodes, the default videomode for both BIOS and MS-DOS 7 is a 16-color 80×25 textual videomode 03h. For this videomode and for all other 16-color videomodes (A.10-1) colors are defined by a 4-bit code, shown in the table below.
Color codes are used to compose color bytes, also known as display attribute bytes. Video memory in textual videomodes is filled with alternating color bytes and character bytes. In each color byte bits 3–0 define foreground (character’s) color, and bits 6–4 define background color. By default the 7th bit defines character’s blinking instead of background’s brightness, but role of the 7th bit may be reprogrammed by INT 10AX=1003h function (8.01-23), and then the most significant bits in both 4-bit groups will have the same mission. By default the 3rd bit defines foreground brightness, but this role also may be reprogrammed by INT 10AX=1103h function (8.01-28), and then bit 3 will redirect character generator to another font block, thus enabling to display characters from two fonts at the same time.
A.10-6 Video data fields in BIOS data area
The table below shows those selected items in BIOS data area, which have relation to computer’s video subsystem. All offsets in the table are counted from the start of BIOS data area (A.01-1) at segment address 0040h.
|10h||2||Bits 5–4 define initial video mode:|
|00b||–||according to video adapter settings|
|01b||–||40×25 textual CGA color mode|
|10b||–||80×25 textual CGA color mode|
|11b||–||80×25 monochrome textual mode|
|49h||1||Current video mode (A.10-1)|
|4Ah||2||Number of columns (or pixels) per screen width|
|4Ch||2||Video buffer’s screen page size (in bytes)|
|4Eh||2||Current page start address in video buffer|
|50h||16||Cursor XY positions on each of 8 video pages|
|60h||2||Cursor start and end scan lines (INT 10/AH=01h)|
|62h||1||Active screen page number|
|63h||2||CRT controller base I/O port address (usually 03D4h)|
|65h||1||Last control byte value sent to port 03B8h/03D8h:
|66h||1||Last control byte value sent to I/O port 03D9h:
|84h||1||Number of rows (or lines) on screen minus one|
|85h||2||Font height in scan lines|
|87h||5||Video adapter control flags:
|A8h||4||Pointer to VGA video pointers table|
Note 1: presented data placement may depend on BIOS version (A.01-1).
A.10-7 Features of requested SVGA videomode
This table presents selected data from a 256-byte data block, returned by INT 10AX=4F01 function (8.01-36) in response to a request about any SVGA videomode, supported by computer’s hardware.
|00h||2||Flags :||bit 0 – requested videomode is supported|
|bit 2 – functions 8.01-21, 8.01-33 are supported|
|bit 3 – set for color videomode|
|bit 4 – set for graphic videomode|
|bit 5 – videomode differs from VGA standard|
|bit 6 – memory banks switching isn’t supported|
|bit 7 – linear frame buffer is supported|
|02h||1||Window “A” :|
|bit 0 – sliding window “A” is active|
|bit 1 – window “A” is readable|
|bit 2 – window “A” is writable|
|03h||1||Window “B”: the same, as at offset 02h for window “A”|
|04h||2||Shift step (in kb) of windows “A”, “B” in video memory|
|06h||2||Size of sliding windows “A” and “B” (in kb)|
|08h||2||Segment address of window “A” in CPU’s address space|
|0Ah||2||Segment address of window “B” in CPU’s address space|
|0Ch||4||Direct call address for sliding windows positioning program, similar to INT 10AX=4F05h (8.01-39)|
|10h||2||Number of video memory bytes per one screen line|
|12h||2||Screen line length in pixels for graphic videomodes or in character cells for textual videomodes|
|14h||2||Screen height in pixels for graphic videomodes or in character cells for textual videomodes|
|16h||1||Character cell width (in pixels)|
|17h||1||Character cell height (in pixels)|
|18h||1||Number of video memory planes|
|19h||1||Number of video memory bits per one pixel|
|1Ah||1||Number of video adapter’s memory banks|
|1Bh||1||Video memory filling model:|
|00h||–||textual, alternate character and color bytes|
|03h||–||16-color graphic EGA model|
|04h||–||graphic model with “packed” pixels|
|06h||–||3 color bytes per pixel (HiColor)|
|07h||–||luminance-chrominance model (YUV/YIQ)|
|1Ch||1||Video memory bank size (in kilobytes)|
|1Dh||1||Number of screen pages|
|28h||4||Physical address of linear video buffer (VBE v2.0)|
A.11 PC’s hardware specifications
A.11-1 Hardware configuration word
Hardware configuration word is returned by INT 11 handler (8.01-42); it reads this word in BIOS data area (A.01-1) at address 0040:0010h (exact address may depend on BIOS version). Bifields in hardware configuration word should be interpreted according to the following table.
|0||PC can be booted from existing floppy drive|
|1||Math coprocessor is present|
|2||BIOS controlled pointing device (mouse) is attached|
|4-5||Code of initial video mode (A.10-1)|
|6-7||Number of floppy drives minus one (if bit 0 is set)|
|9-11||Number of available serial ports (COM-ports)|
|12||Game port is present (for joystick)|
|13||Internal modem is present|
|14-15||Number of available parallel ports (LPT-ports)|
A.11-2 PC model identifiers for HIMEM.SYS driver
In order to enable access to computer’s extended memory, HIMEM.SYS driver (5.04-01) has to determine CPU model. However, in some computers HIMEM.SYS can’t determine CPU model properly, and then computer’s identifier or its numeric code should be specified explicitly in driver’s command line.
The table below presents identifiers and corresponding numeric codes for computers, which don’t ensure CPU determination for at least some versions of HIMEM.SYS driver. The first place in this table (code 1) is an exception: IBM AT is a determinable model, it represents the default choice. Latest versions of HIMEM.SYS driver are able to detect properly most part of PC types, specified in this table, except Acer 1100, Wyse, and IBM 7552.
|at||1||IBM PC AT and compatible models|
|ptlcascade||3||Phoenix Cascade BIOS|
|hpvectra||4||HP Vectra (A & A+)|
|att6300plus||5||AT&T 6300 Plus|
|toshiba||7||Toshiba 1600 & 1200XE|
|wyse||8||Wyse 12.5 Mhz 286|
|at1||11||reserved by IBM|
|at2||12||reserved by IBM|
|at3||13||reserved by IBM|
|ibm7552||15||IBM 7552 Industrial Computer|
|bullmicral||16||Bull Micral 60|
A.11-3 Keyboard controller
Keyboard controller is a chip on computer’s motherboard. Though types of keyboard controllers may be different, their mission and their interface in all AT-compatible computers are unified. Main interaction between CPU and keyboard controller occurs via ports 60h and 64h.
Port 64h is always opened for reading keyboard controller’s current status by IN command (7.03-26). Set state of bits in status byte, read from port 64h, should be interpreted as follows:
- bit 7 – an error has occurred in data sent from keyboard
- bit 6 – keyboard doesn’t respond to controller
- bit 4 – keyboard is blocked with ADh command
- bit 2 – keyboard’s self-test has been successful
- bit 1 – previous operation isn’t completed yet
- bit 0 – a key code is prepared for reading in port 60h
At each keystroke and at each key release keyboard controller exhibits transformed key code in port 60h and just after that announces its readiness for reading via bit 0 in port 64h and via bit 4 of controller’s output line.[Note 1] The latter signal invokes INT 09 handler (8.01-09), which reads the prepared byte from port 60h. Each reading access to port 60h clears bit 0 in port 64h.
Besides that, port 64h receives operation codes, sent to keyboard controller with OUT command (7.03-66). As far as keyboard controller is much slower, than CPU, before sending an operation code the CPU must wait until bit 1 will be cleared in status byte, read from the same port 64h: it will signify that the keyboard controller has finished its previous operation and is ready to receive the next operation code for execution. Codes of some important operations, which may be sent to keyboard controller’s port 64h, are shown in the table below.
|ADh||Block the keyboard (switch it OFF)|
|AEh||Activate the keyboard (switch it ON)|
|D1h||Open port 60h for data reception [Note 1]|
|EDh||Open port 60h for data reception [Note 2]|
|FEh||Send reset signal to CPU [Note 3]|
- ^ a b Having received operation code D1h via port 64h, keyboard controller begins to wait for reception of data byte via port 60h and then transfers the received data byte to its output bus. Bits of data byte are distributed among output bus lines in the following way:
- bit 7 – command output to keyboard via data line;
- bit 6 – clock output to keyboard via clock line;
- bit 4 – a call for INT 09 (8.01-09) via line IRQ 1;
- bit 1 – to gate of CPU’s address line A20;
- bit 0 – to CPU’s reset pin.
Active state of controller’s output lines corresponds to cleared states of bits in data byte; hence, sending a data byte with clear bit 0 is not allowed – CPU will get blocked. Because of the same reason for opening A20 line gate a data byte FFh should be sent to port 60h, and for closing access to HMA – data byte FDh.
- ^ Having received operation code EDh via port 64h, keyboard controller begins to wait for reception of data byte via port 60h and then transfers bit states of the received data byte to control lines of keyboard’s LED indicators, in particular :
- bit 2 – to Caps Lock indicator;
- bit 1 – to Num Lock indicator;
- bit 0 – to Scroll Lock indicator.
Indicator will be lit, if corresponding bit in data byte is set. Not mentioned bits in this data byte must be cleared.
- ^ Having received operation codes F0h–FFh via port 64h, keyboard controller sends four least significant bits of this operation code to lines 3–0 of its output bus. Unlike to response on reception of operation code D1h, after reception of operation codes F0h–FFh the imposed states of output lines are not fixed for ever, but are kept for about 6 milliseconds as a solitary pulse. In particular, operation code FEh causes a pulse sent to CPU’s reset pin, just as after a press on RESET button on a face panel of computer’s system block. Some ways to affect further events after CPU’s reset are described in [Note 4 to A.12-1].
A.11-4. CPU’s flags register
Former 16-bit flags register in modern processors, starting from model 80386, has been expanded to 32 bits; besides that, control registers CR0, CR2 and CR3 have been introduced. Later, starting from Pentium CPU, one more control register CR4 has been added. Flags are present in all of the mentioned control registers, except CR2: it stores linear address of that last command, which requested access to a forbidden memory page. Missions of flags in flags register, and also of some flags in control registers are shown in the table below.
- ^ Mission and states of this flag are described in article 6.05-15.
- ^ Bits 0Ch and 0Dh in flags register express required privilege level for performing I/O operations. By default under DOS both bits 0Ch and 0Dh are set: hence, direct I/O operations are allowed for all processes. But only processes with the highest (zero) privilege level are allowed to alter states of 0Ch and 0Dh bits with POPF command (7.03-68). The latter feature enables to determine whether the current process indeed is performed at the highest privilege level.
- ^ Flags register enables to perform a coarse identification of CPU type. Inability to clear the 0Fh flag is a distinctive feature of obsolete 8086 CPU. Inability to set the 0Eh flag is specific for 16-bit processors. If CPU is able to set the 0Eh flag, hence it is a 32-bit CPU and is equipped with extended EFLAGS register. In the latter case bit 15 in EFLAGS register will show, whether this CPU is able to respond properly to CPU identification command (CPUID, machine code 0Fh A2h)
- ^ a b c EFLAGS is a 32-bit extension of 16-bit flags register. In real mode access to EFLAGS’s bits 31–16 can be provided by PUSHF and POPF commands, preceded by prefix 66h, as it is described in article 7.02-06.
- ^ An opportunity to set V86 mode with POPF command is blocked by hardware. Nevertheless V86 mode can be set from stack with IRET command, if CPU is in protected mode and if at the same time the 06 bit in segment descriptor allows 32-bit addressing (A.12-2).
- ^ Here alignment implies that address of each operand in memory must be a multiple of this operand’s size (in bytes). Alignment check can be performed at the lowest (the third) privilege level only, when CPU is in protected mode (note 1 to 8.01-42). Alignment mask bit in CR0 enables alignment exceptions even if these are not enabled by AC flag in EFLAGS register.
- ^ Control registers can be accessed with MOV command (note 1 to 7.03-58). Besides that, contents of CR0 register can be read by INT 67AX=DE07h function (8.03-72).
- ^ Bit 10h is used in order to protect application programs segments from being accessed for writing to operating system or to other processes, which may have higher privilege level.
- ^ 20 most significant bits of CR3 register store base address of page directory. This base address must be a multiple of page size (normally 4 kb). Each writing operation to CR3 register causes updating of TLB buffer contents; this should be done after every change in page address translation table(s).
A.11-5 CPU’s debugging registers
Debugging registers enable to call for INT 01 handler (8.01-02) each time a particular target is addressed: a port or a prescribed memory region, including non-writable regions of address space, where breakpoints can’t be stored. All modern processors of x86 platform, starting from model 80386, are equipped with debugging registers DR0–DR7. Access to debugging registers is provided by INT 67AX=DE08h-DE09h functions (8.03-73), and also by MOV command (note 1 to 7.03-58).
Registers DR0–DR3 store four 32-bit absolute linear addresses of prescribed target points. The DR7 register defines conditions of access event enrolment. The DR6 register stores some circumstances of happened access event (programmable and external interrupts don’t affect DR6 contents). Missions of selected bitfields in DR6 and DR7 registers are shown in the following table.
|DR6||00h||Event has occurred at DR0 address||[Note 1]|
|DR6||01h||Event has occurred at DR1 address||[Note 1]|
|DR6||02h||Event has occurred at DR2 address||[Note 1]|
|DR6||03h||Event has occurred at DR3 address||[Note 1]|
|DR6||0Dh||Breakpoint debug access detected||[Note 1]|
|DR6||0Eh||BS – single step state detected||[Note 1]|
|DR6||0Fh||TS – task switch state detected||[Note 1]|
|DR7||00h||2-bit permission field for DR0||[Note 2]|
|DR7||02h||2-bit permission field for DR1||[Note 2]|
|DR7||04h||2-bit permission field for DR2||[Note 2]|
|DR7||06h||2-bit permission field for DR3||[Note 2]|
|DR7||0Dh||GD – general detect enabled||[Note 3]|
|DR7||10h||4-bit control field for DR0||[Note 4]|
|DR7||14h||4-bit control field for DR1||[Note 4]|
|DR7||18h||4-bit control field for DR2||[Note 4]|
|DR7||1Ch||4-bit control field for DR3||[Note 4]|
- ^ Access event is fixed in bits 01h–03h of DR6 register even when exception generation is not permitted by bit 0Dh in DR7 register or by bit 10h in EFLAGS register (A.11-4). Bit 0Eh in DR6 register fixes state of TF flag at the moment of access event ; bit 0Fh, the state of task switch. Set state of bit 0Dh in DR6 register reminds that exception hasn’t been generated yet, though access event has happened (bit 0Dh is cleared by exception).
- ^ Permission field defines either local or global permission to enroll access events. The first of bits in permission field acts locally within current task only and is turned off at each task change. The second bit in permission field is imparted with global property and enables to enroll access events beyond the current task.
- ^ Bit 0Dh in DR7 register doesn’t affect access event enrolment, but rather allows exception generation, caused by access event. State of 0Dh bit in DR7 can’t be changed unless the process either has the highest privilege level or is executed in real mode.
- ^ The first pair of bits in each control field defines purpose of those access events, which should be intercepted :
- 00 – attempt to execute machine code
- 01 – attempt of writing into memory
- 10 – I/O address to a port (for CPUs Pentium+)
- 11 – both reading and writing attempts.
The second pair of bits in each control field defines size of the monitored address space: a byte, a word or a double word. Attempt of access to either byte within monitored address space is equally enrolled as access event.
A.12 Memory allocation and management
A.12-1 General memory map
This table shows general allocation of memory space below 1 Mb, typical for AT-compatible computers, controlled by DOS operating system. However, memory allocation depends on BIOS version, on BIOS Setup settings, on particular computer’s configuration. Therefore some features of memory allocation in your computer may differ from those shown below.
|0000:0000||400h||Interrupt table for real mode|
|0000:0074||4||Pointer to video register’s default settings|
|0000:0078||4||Pointer to default floppy data table (A.08-2)|
|0000:007C||4||Pointer to 8×8 graphic font characters 80–FFh|
|0000:0104||4||Pointer to 1st HDD parameters table (A.13-1)|
|0000:010C||4||Pointer to current graphic font (8.01-30)|
|0000:0118||4||Pointer to 2nd HDD parameters table (A.13-1)|
|0040:0000||100h||BIOS data area (A.01-1)|
|0050:0000||1||Printer’s status for INT 05 (8.01-06)|
|0050:0004||1||Floppy drive choice (A: or B:)|
|0050:0040||BCh||Selected pointers to original interrupt handlers [Note 6]|
|0000:7C00||200h||Default area to load and execute boot record|
|9000:FFFF||–||Upper boundary of “conventional” memory [Note 1]|
|A000:0000||10000h||Video memory access “window” [Note 2]|
|B000:0000||10000h||Video memory access “window” [Note 2]|
|B800:0000||8000h||Video buffer for textual videomodes EGA+|
|C000:0000||8000h||Video adapter’s BIOS area [Note 3]|
|C000:0070||7||“EXTMODE” signature: SVGA videomodes support|
|C800:0000||4000h||Hard disk’s BIOS area|
|D000:0000||10000h||Default area for UMBs, arranged by EMM386.EXE|
|E000:0000||10000h||Default area for expanded memory pages|
|F000:0000||FFFFh||Relocated copy of PC’s ROM BIOS [Note 3]|
|F000:FFF0||–||Reboot program’s entrance point [Note 4]|
|F000:FFFD||1||BIOS code checksum|
|F000:FFFE||1||Computer’s model code|
|FFFF:0010||FFEFh||High memory area [Note 5]|
- ^ The 640 kb boundary of conventional memory is hardware defined by dynamic memory controller chip in motherboard’s chipset. Above this boundary the next 384 kb of address space are reserved for video memory and for BIOS ROM chips. Free space in this area normally is made accessible in protected mode due to address translation mechanism in CPU.
- ^ a b Address space area A000:0000–B000:FFFF provides access to video memory. Particular usage of this area depends on videomode (A.10-1). SVGA BIOS of modern video adapters arranges in this area one or two “sliding” windows, providing “sliding” access to selected part(s) of large video memory (details in section 8.01-39).
- ^ a b Access via the same areas of address space may be arranged either directly to BIOS and video BIOS codes in ROM chips or to copies of these codes in a more fast RAM. A choice of a particular alternative depends on “shadowing” parameters settings for corresponding memory areas, set by BIOS Setup program.
- ^ a b c d e Reset program’s entrance point address F000:FFF0h is hardware defined by CPU : at power-on the initial state of its address bus is just FFFF0h. Further booting process depends on value written in byte 0Fh in BIOS’s CMOS RAM[Note 1 to A.14-1]:
- 00h – ordinary booting with POST test
- 04h – reboot with a call for INT 19 (8.01-90)
- 05h – reset and jump to address in 0040:0067 cell (A.01-1)
- 0Ah – jump to address prepared in 0040:0067 cell (A.01-1)
Unlike booting after power-on, POST test after reboot depends on a word at address 0040:0072h.[Note 1 to A.01-1] Alternatives 05h and 0Ah are used after reboot only and differ in that whether interrupt controller will be reset or not.
- ^ High memory area is accessed, when segment address summation with offset produces a carry bit, directed into A20 line of address bus. High memory area is accessible in real mode, but needs HIMEM.SYS driver (5.04-01) to be installed, which provides control over A20 line gate.
- ^ The 0050:0040–0050:00FB area stores copies of selected interrupt handler’s addresses (INT 00 – INT 1F, INT 40 – INT 43, INT 46, INT 70 – INT 77), prepared by BIOS for subsequent loading of operating system. In main interrupt table these addresses may be overwritten by addresses of other handlers, installed later either by MS-DOS 7 itself, or by TSR programs, or by drivers.
A.12-2 Segment descriptors
Segment boundaries and access rights in protected mode are defined by segment descriptors. A number of most important segment descriptors constitute global descriptor table (GDT). CPU transition to protected mode implies presence of a GDT, at least partially prepared beforehand, while CPU is in real mode. Order and selection of descriptors in the prepared GDT depend on requirements of that procedure, which should control CPU transition to protected mode.
Examples of GDT tables for different procedures are shown in articles 8.01-76, 8.01-78 and 9.10-01. In all GDT tables the first descriptor must be filled with zeros: it is a template for non-requested segments and memory pages. All descriptors have the same internal structure, shown in the following table. Least
|00h||2||Less significant 2 bytes of segment size, the least first|
|02h||3||Less significant 3 bytes of base address, the least first|
|05h||1||Access rights byte [Note 2]:|
|bit 0:||= 0 – segment hasn’t been accessed yet|
|= 1 – segment has been accessed|
|bit 1:||= 0 – data reading or code execution only|
|= 1 – data writing and code reading allowed|
|bit 2 : – direction of expansion [Note 3]|
|bit 3 :||= 0 – segment contains data|
|= 1 – segment contains executable code|
|bit 4 :||= 0 – system descriptor’s marker|
|= 1 – application descriptor’s marker|
|bits 5–6 : – privilege level :|
|= 00 – highest|
|= 11 – lowest|
|bit 7 :||= 0 – segment must be read from disk|
|= 1 – segment is present in RAM|
|06h||1||bits 0–3 : – most significant 4 bits of segment size|
|bit 4: – free bit [Note 4]:|
|bit 5:||= 0 (reserved)|
|bit 6: – address and operand’s size [Note 5]:|
|= 0 – 16-bit addressing and operands|
|= 1 – 32-bit addressing and operands|
|bit 7: – granularity bit:|
|= 0 – segment size count in bytes|
|= 1 – segment size count in 4 kb units|
|07h||1||Most significant byte of base address|
- ^ Bytes 06h and 07h of segment descriptor are taken into account by CPU models 80386 and higher. If program is expected to be executed by CPU 80286, then bytes 06h and 07h must be cleared. Zero values of bytes 06h and 07h are a distinctive feature of protected mode 16-bit programs, enabling their proper execution by 32-bit CPU models.
- ^ Interpretation of bits 0–3 in access rights byte depends on bit 4. The shown interpretation of bits 0–3 relates to application programs, including their data segments and executable code segments. In system descriptors bits 0–3 define 16 types of different descriptor’s subtypes.
- ^ Interpretation of bit 2 in access rights byte depends on bit 3. In code segments cleared state of bit 2 means that code can be executed by programs of the same privilege level (otherwise code also can be executed by programs having higher privilege level). For data segments cleared state of bit 2 means normal expansion direction upwards, whereas set state of bit 2 means reverse expansion direction — downwards, as used in stack segments.
- ^ Bit 4 in byte 06h is available to programmer’s regulation. In memory page descriptors this bit is used as a redefinition ban mark, for example, for mapping I/O address space into memory.
- ^ a b c d Size bit 6 in byte 06h of code segment descriptors defines sizes of both addresses and operands. In system segments, bits 4–6 of byte 06h must be cleared.
A.12-3 Selected subfunctions of XMS-driver
XMS subfunctions are performed by extended memory driver HIMEM.SYS (5.04-01). Before these subfunctions can be used, two preliminary operations have to be done. First is to check with INT 2FAX=4300h function (8.03-22) whether HIMEM.SYS driver is installed. The second operation is to find out with INT 2FAX=4310h function (8.03-23) an address of XMS driver’s entrance point. Returned double-word address should be specified for a CALL FAR command (7.03-08). On call the subfunction to be executed is defined by value in AX register, shown in the first column of the table below. DX register’s mission is shown in second column, returned AX contents – in the fourth column. If AX returns status, AX=0001h means success, AX=0000h means failure. In case of failure, almost all subfunctions (except AH=00h) return error code (A.06-1) in BL register. Query subfunctions AH=08h and AH=88h return error code in BL register in any case.
|AH||DX||Subfunction||AX on return||Comments|
|00h||Report XMS version||XMS version||[Note 1]|
|05h||Turn ON the A20 line gate||status|
|06h||Turn OFF the A20 line gate||status|
|08h||Report free XMS-memory||largest block||[Note 2]|
|09h||size||Allot XMS-memory block||status||[Note 3]|
|0Ah||handle||Release XMS-memory block||status|
|0Bh||Copying in XMS-memory||status||A.12-4|
|0Ch||handle||Lock XMS-memory block||status||[Note 4]|
|0Dh||handle||Unlock XMS-memory block||status|
|0Eh||handle||Get XMS handle information||status||[Note 5]|
|0Fh||handle||Resize XMS-memory block||status||[Note 6]|
|10h||size||Allot UMB memory block||status||[Note 7][Note 8]|
|11h||segment||Release UMB memory block||status||[Note 7]|
|12h||segment||Resize UMB memory block||status||[Note 7][Note 8]|
|88h||Report free XMS memory||largest block||[Note 2][Note 9]|
|89h||size||Allot XMS-memory block||status||[Note 3][Note 9]|
|8Eh||handle||Get XMS handle information||status||[Note 5][Note 9]|
|8Fh||handle||Resize XMS-memory block||status||[Note 6][Note 9]|
- ^ This subfunction returns status of HMA area in DX register: DX=0001h signifies that HMA area is in use, DX=0000h – that HMA area is not used.
- ^ On call subfunction 08h needs BL=00h. On return size of free XMS memory (in kilobytes) is reported in DX register, and size of the largest available XMSmemory block is reported in AX register. The 88h subfunction does the same, but returns similar results in 32-bit registers EDX and EAX. Besides that, subfunction 88h in ECX register returns maximum physical address, corresponding to furthermost available byte of XMS-memory.
- ^ Both 09h and 89h subfunctions accept requested size of XMS-memory block in kilobytes, but 09h subfunction accepts requested size from DX register, whereas 89h subfunction accepts requested size from 32-bit EDX register. Both 09h and 89h subfunctions return a handle for allotted XMS-memory block in DX register.
- ^ In case of success registers DX:BX return 32-bit physical address of that memory block, which has been locked.
- ^ The 0Eh subfunction returns in BH register a number of lock counts for the requested XMS block, in BL register – number of free handles, in DX register – size in kilobytes of XMS block, opened for access by the specified handle. The 8Eh subfunction does the same, but returns number of free handles in CX register, and size of XMS block – in EDX register.
- ^ a b Resizing subfunction 0Fh accepts new size (in kilobytes) for the requested memory block from BX register. The 8Fh subfunction does the same, but accepts new size from EBX register. Requested memory block must not be locked.
- ^ For CPU models 80386 and higher the 10h–12h subfunctions usually are implemented by means of address translation in CPU’s TLB buffer. Therefore execution of these subfunctions is relegated to EMM386.EXE driver (5.04-02), which arranges address translation and intercepts address of direct calls for HIMEM.SYS driver. However, subfunctions 10h–12h don’t necessarily require switching CPU to protected mode and can be implemented in real mode by UMBPCI.SYS driver (5.04-04).
- ^ Both 10h and 12h subfunctions operate with UMB block size specifications in 16-byte units (paragraphs). Resizing subfunction 12h accepts requested new size from BX register. Allocation subfunction 10h in case of successful termination returns segment address of UMB block in BX register, and actual size of UMB block — in DX register. In case of a failure, marked by AX=0000h value, both 10h and 12h subfunctions return size of the largest available UMB block in DX register.
- ^ Unlike 0xh subfunctions, the 8xh subfunctions can’t be implemented by obsolete 16-bit processors and require HIMEM.SYS driver’s version not less than 3.07.
A.12-4 Format of XMS copy request
A pointer to this request data block is accepted from DS:SI registers by subfunction AH = 0Bh (A.12-3) of XMS driver HIMEM.SYS (5.04-01). Subfunction AH = 0Bh copies a group of bytes from one XMS block, addressed via source handle, to another XMS block, addressed via destination handle.
|00h||4||Number of bytes to copy (must be even)|
|06h||4||Offset in source block|
|0Ch||4||Offset in destination block|
Note 1: if source and destination overlap, only forward copying (source base less than destination base) is guaranteed to work properly.
Note 2: if either handle in the request is 0000h, then the corresponding offset double-word is interpreted as ordinary address (segment: offset) inside directly addressable conventional memory.
A.12-5 Format of EMS copy descriptor
EMS copy descriptor specifies source and destination for copying and exchange functions INT 67AX=5700h-5701h (8.03-69), performed by EMM386.EXE driver (5.04-02). Both source and destination may belong either to EMS memory page(s) or to conventional memory. In the latter case 0000h value should be written instead of corresponding handle number, and location should be specified by segment address in place of EMS logical page number.
|00h||4||Length in bytes of the data block to be copied/exchanged|
|04h||1||= 00h: source block is in conventional memory|
|= 01h: source block is in EMS-memory page|
|05h||2||Source handle (0000h if source in conventional memory)|
|07h||2||Source offset in page or in conventional memory segment|
|09h||2||Source logical page or segment in conventional memory|
|0Bh||1||= 00h: destination block is in conventional memory|
|= 01h: destination block is in EMS-memory page|
|0Ch||2||Destination handle (0000h if destination in conventional memory)|
|0Eh||2||Destination offset in page or in conventional memory segment|
|10h||2||Destination logical page or segment in conventional memory|
Note 1: for move operation the source and destination may overlap, but then only one direction of copying provides proper result.
A.12-6 Data block for jumps inside EMS memory
The shown data block specifies parameters of a call for subroutine inside EMS memory, performed by INT 67AH=56h function (8.03-68) of EMM386.EXE driver (5.04-02). A far jump operation inside EMS memory, performed by INT 67AH=55h function (8.03-68), uses a part of the shown data block up to offset 09h.
|00h||4||Target address (segment: offset)|
|04h||1||Length of new page mapping list|
|05h||4||Pointer to new page mapping list|
|09h||1||Length of current page mapping list|
|0Ah||4||Pointer to current page mapping list|
|0Eh||8||(reserved for EMM386.EXE driver’s data)|
Note 1: internal structure of page mapping lists is described in note 3 to article 8.03-66. Data about current page mapping list, which is to be replaced, are needed for return to current program execution when subroutine’s execution terminates.
A.12-7 Memory control descriptors
Computer’s memory allocation is a prerogative of operating system. Each memory block, allotted by DOS, is preceded by a 16 bytes long memory control descriptor. These descriptors are also known as MCB (Memory Control Blocks). MCBs are easy to find: segment address of MCB descriptor is always a unity less, than segment address of allotted memory block, associated with this MCB descriptor.
DOS traces the whole available memory via a chain of MCB descriptors.[Note 3] Free memory space beyond the allocated memory areas is considered by DOS as a separate memory block: it also must be preceded by MCB descriptor. A distinctive feature of MCB descriptor(s), associated with free memory space(s), is code 0000h instead of segment address of the owner program. All data about available free memory and about disposition of particular free memory areas DOS acquires from a traceable chain of MCB descriptors.
Data structure inside a MCB descriptor is shown in the following table.
|00h||1||= 4Dh (= M) – not-the-last MCB||[Note 1]|
|= 5Ah (= Z) – the last MCB in a chain|
|01h||2||Segment address of owner program||[Note 2]|
|03h||2||Size of associated memory block||[Note 3]|
|08h||8||Program filename||[Note 4]|
- ^ Memory block with main DOS’s system data is divided into subblocks, each having its own MCB descriptor, but with other identifiers in a byte at offset 00h :
- 42h (= B) – subblock with buffers (4.03)
- 44h (= D) – subblock for DOS’s drivers
- 45h (= E) – data subblock for DOS’s drivers
- 46h (= F) – subbblock with SFT table (4.12)
- 49h (= I) – subblock for IFS data
- 4Ch (= L) – subblock with CDS table (4.17)
- 53h (= S) – subblock for DOS’s stacks (4.27)
- 54h (= T) – subblock for transition code(s)
- 58h (= X) – subblock for FCBS (4.10)
- ^ If associated memory space is free, then in MCB descriptor a word at offset 01h is filled with zeros. If associated memory block is allocated by DOS to itself, then code 0008h is written in a word at offset 01h instead of segment address of the owner program.
- a b Size of associated memory block is specified in 16-byte units (paragraphs). Segment address of each next MCB descriptor is a unity greater than a sum of a number, specified at offset 03h in current MCB descriptor, with segment address of current MCB descriptor. On basis of this formula DOS traces a chain of MCB descriptors. Tracing starts from the first MCB descriptor; segment address of this first MCB descriptor is stored in a word just preceding DOS’s List-of-Lists. This word is marked in table A.01-2 as having offset −02h.
- ^ Name of program’s file is specified in those MCB descriptors, which are associated with PSP memory blocks, with driver’s subblocks and with IFS subblocks. At offset 08h in several other MCB descriptors there are signatures with the following meaning :
- SC – associated block contains DOS’s executable code;
- SD – associated block contains DOS’s data;
- SM – associated block is the last in UMB area;
- UMB – associated block is the first in UMB area.
Bytes 08h–0Fh in MCB descriptors, associated with other memory blocks, are not used and may contain “garbage”.
- ^ Program files with *.COM suffix have no headers, which specify the required memory space for other types of executable files. This is why for programs with *.COM suffix DOS allocates the whole free memory space, following previously allocated memory areas. When DOS has no more free memory space, then computer may get hanged at each next request for memory space, which may come from unexpectedly activated resident program of from a handler, invoked by external interrupt. In order to avoid a threat of hanging the programs with *.COM suffix must call for INT 21AH=4Ah function (8.02-52), forming a separate MCB descriptor for unused part of memory and thus announcing it free. Examples of such calls are shown in the first 6 lines of assembler texts in articles 9.06, 9.10-01 and 9.10-02.
A.13 Hard disk data structures
A.13-1 BIOS tables of physical HDD parameters
BIOS systems in obsolete computers, produced before 1996, addressed HDDs with parameters CHS (Cylinder-Head-Sector). HDD’s storage space, available for CHS addressing, is limited to 528 Mb. BIOS system stored CHS parameters of first and second physical HDDs in data tables; addresses of these tables were written in memory cells 0000:0104h and 0000:0118h correspondingly. Both these cells are inside interrupt table (A.12-1) and sometimes are referred to as INT 41 and INT 46. If computer was equipped with more than two HDDs, then the only way to obtain CHS parameters of the rest HDDs was a call for INT 13AH=08h function (8.01-49).
In 1995 capacities of HDDs have reached 1 Gb. The 528 Mb limit, inherent to CHS addressing, had to be overcame. For newer BIOS systems LBA addressing[Note 4 to A.13-6] and extended INT 13 functions (8.01-55 – 8.01-60) have been developed. But compatibility with former programs had to be preserved. Therefore in newer BIOS systems the INT 13AH=08h function (8.01-49) has been “taught” to yield not the real, but transformed CHS parameters. When programs call for “old” INT 13 functions (8.01-46 – 8.01-54) and specify transformed CHS parameters, then BIOS system automatically performs reverse transformation so that HDD’s storage space, available for CHS addressing, is expanded to 8.4 Gb (some detail in note 2 to A.13-6).
Data blocks, addressed by pointers stored in cells 0000:0104h and 0000:0118h, may have different data structures: it depends on whether there are real or transformed CHS parameters. Both kinds of data structures are shown in the table below. Real data offsets are shown in the first column (Std). Offsets in the second column (Trs) correspond to transformed CHS data, conforming to Phoenix-1995 specification for HDDs with more than 1024 cylinders. Though described data blocks are supported by modern BIOS systems, nevertheless for programs being developed now usage of parameters from these data blocks is not recommended.
|00h||00h||2||Number of HDD’s cylinders [Note 1]|
|02h||02h||1||Number of HDD’s heads [Note 1]|
|03h||1||Signature A0h — distinctive feature of blocks, conforming to Phoenix-1995 specification.|
|04h||1||Number of sectors per track [Note 2]|
|05h||05h||2||Cylinder number, where write precompensation should start [Note 3]|
|08h||08h||1||Flags :||bit 2 – no recalibration;|
|bit 3 – more than 8 heads;|
|bit 5 – defect map is present[Note 4];|
|bit 6 – disable ECC reading retries;|
|bit 7 – disable access retries.|
|09h||2||Number of tracks (up to 65536)[Note 2]|
|0Bh||1||Number of heads (up to 16)[Note 2]|
|0Ch||0Ch||2||Cylinder number of landing zone[Note 3]|
|0Eh||0Eh||1||Number of sectors per track [Note 1]|
- ^ CHS parameters in these positions are for “old” functions of INT 13 handler (8.01-46 – 8.01-54). Nevertheless there are some BIOS versions, which specify in these positions a number of cylinders exceeding 1024, inadmissible for “old” functions.
- ^ These positions are filled with real HDD’s parameters for programs, appealing not to INT 13 handler, but directly to HDD controller’s port. These positions are not filled in those data blocks, which supply real parameters for “old” functions of INT 13 handler.
- ^ Modern disk drives perform landing and write precompensation independently. Attempts to affect these operations are ignored.
- ^ The track number, where surface defect map is written, is usually a unit greater than the number of cylinders, specified at offset 00h in BIOS tables of physical HDD’s parameters.
A.13-2 Extended table of HDD’s parameters
Extended table of HDD’s parameters is written into a prepared buffer by INT 13AH=48h function (8.01-60).
|00h||2||On call: length of prepared buffer (8.01-60)|
|On return: actual length of returned data|
|02h||2||Flags :||bit 0 : DMA boundary errors handled transparently|
|bit 1 : CHS data (A.13-1) are valid|
|bit 2 : this is a removable drive, bits 4–6 are valid|
|bit 3 : writing with verification is supported|
|bit 4 : drive provides change-line support|
|bit 5 : drive provides locking and unlocking|
|bit 6 : media isn’t present, default CHS data reported|
|04h||4||Number of physical cylinders on the drive [Note 1]|
|08h||4||Number of physical heads on the drive [Note 1]|
|0Ch||4||Number of physical sectors per track (counted from 1)|
|10h||8||Total number of sectors (number of the last sector plus 1)|
|18h||2||Bytes per sector|
|1Ah||4||Pointer to auxiliary DPTE table [Note 2]|
|1Eh||2||= BEDDh: signature confirming path data presence|
|20h||1||= 2Ch: size of path data, including the signature|
|24h||4||Bus type (ISA or PCI) appended with a space (20h)|
|28h||8||Interface type [Note 3]|
|30h||8||Interface path field [Note 4]|
|38h||16||Device path field [Note 5]|
|49h||1||Complement checksum for bytes at offsets 1Eh–48h|
- ^ Valid numbers of tracks, cylinders and heads are counted from zero, therefore the last valid number is a unity less than the value specified in this field. A value in this field is a real value. Therefore this value shouldn’t be specified in calls for “old” INT 13 functions: these functions require transformed parameters, returned by INT 13AH=08h function (8.01-49).
- ^ BIOS INT 13 extensions below version 2.x don’t return DPTE table, and fill DPTE pointer field with FFFFh:FFFFh value. Structure of DPTE table is shown in appendix A.13-3. DPTE table is presented in a temporary buffer; its contents are not preserved after next calls for BIOS functions.
- ^ Interface type field may be filled with the following words: 1394, ATA, ATAPI, SCSI, USB. Words are appended with spaces up to nominal field length 8 bytes.
- ^ For ISA bus the path field contains a 2-byte base I/O port address, bytes at offsets 32h–37h are zeros. For PCI bus a byte at offset 30h presents bus number ; byte at offset 31h, slot number ; byte at offset 32h, function number ; byte at offset 33h, controller number ; bytes at offsets 34h–37h are zeros.
- ^ For 1394 (Firewire) interface a 8-byte extended unique identifier (EUI-64) is specified at offset 38h. For ATA (IDE) interface the 00h value at offset 38h signifies master device, the 01h value at offset 38h signifies slave device. Byte at offset 38h has the same meaning for ATAPI interface, but byte at offset 39h represents logical unit number (LUN). For SCSI interface a 2-byte device identifier (SCSI ID) is specified starting at offset 38h, and a 8-byte logical unit number (LUN) is specified starting at offset 3Ah. For USB interface a 8-byte serial number is written starting at offset 38h. Not mentioned bytes at offsets 3Ah–48h are reserved and must be cleared.
A.13-3 Auxiliary device parameters table DPTE
BIOS INT 13 version 2.0 and higher supplement extended HDD’s parameters table (A.13-2) with auxiliary device parameters table DPTE. A pointer to DPTE table is returned by INT 13AH=48h function (8.01-60) at offset 1Ah inside extended HDD’s parameters table (A.13-2). DPTE address points at a temporary buffer, which doesn’t preserve its contents after following BIOS functions calls. Data in DPTE table are consigned for those programs, which intend to appeal directly to ports of HDD controller. DPTE data structure is shown in the table below.
|00h||2||Physical I/O port base address for the device|
|02h||2||Disk drive control registers port address|
|04h||1||Flags :||bits 0–3 are cleared, bits 5 and 7 are set|
|bit 4 : cleared if master device, set if slave|
|bit 6 : set if LBA addressing is enabled|
|06h||1||Bits 0–3 : IRQ number, bits 4–7 are cleared|
|07h||1||Blocks (sectors) count for multi-block transfers|
|08h||1||Bits 0–3 : DMA channel number, bits 4–7: DMA type according to ATA-2 specification.|
|09h||1||Bits 0–3 : PIO type, if in a word at offset 0Ah bit 0 is set.|
|0Ah||2||Flags :||bit 0 : fast PIO enabled, byte 09h is valid|
|bit 1 : fast DMA access enabled|
|bit 2 : multi-sector transfers enabled|
|bit 3 : CHS parameters translation enabled|
|bit 4 : LBA translation enabled|
|bit 5 : drive uses removable media|
|bit 6 : ATAPI interface device (probably CD-ROM)|
|bit 7 : 32-bit transfer mode enabled|
|bit 8 : ATAPI signal readiness for packet transfers|
|bits 9–10 : CHS parameters translation type:
|bit 11 : ultra DMA access enabled.|
|0Eh||1||INT 13 extension version number|
|0Fh||1||Complement checksum of bytes 00h–0Eh|
A.13-4 Disk address packet
This form of data packet is used by extended reading function INT 13AH=42h (8.01-56) and by extended writing function INT 13AH=43h (8.01-57). Before applying these functions a check for their BIOS support should be made with a call for INT 13AH=41h (8.01-55).
|00h||1||Size of address packet [Note 1]|
|02h||1||Number (up to 7Fh) of data blocks to transfer [Note 21]|
|04h||4||Pointer to data transfer buffer [Note 3]|
|08h||8||LBA absolute number of the first data block [Note 4]|
|10h||8||64-bit pointer to data transfer buffer [Note 3]|
|18h||8||Number of data blocks to transfer [Note 21]|
- ^ If extended disk address packet is supported, then size is 20h, otherwise size is 10h. Set state of bit 3 in CX register, returned by INT 13AH=41h function (8.01-55), signifies that extended disk address packet is supported.
- ^ If extended disk address packet is supported, and if the FFh value is written into a byte at offset 02h, then number of blocks to transfer will be read from a quad word at offset 18h. On return this number at offset 18h is replaced with number of blocks, which actually have been transferred.
- ^ If extended disk address packet is supported, and if FFFF:FFFFh value is written into a double word at offset 04h, then pointer to data buffer will be read from a quad word at offset 10h.
- ^ For disk drives, not supporting LBA addressing,[Note 4 to A.13-6] absolute number of starting block is calculated according to formula
- (C×N + H)×T + S − 1
where: C – number of the selected cylinder, N – number of heads (by 1 greater than maximum head number), H – number of the selected head, T – number of sectors per track, S – number of the selected sector on a track.
A.13-5 HDD’s partition descriptors
In sector 01h of bootable physical HDD’s head 00 cylinder 00 is the master boot record (MBR), containing up to 446 bytes of executable code, 4-byte identifier (at offsets 1B8h–1BBh) and partition table. Identifier is written by operating systems Windows-NT/2000/XP only and may be absent. In order to view MBR sector it should be copied into a file, as it is explained in article 9.02-02. Non-textual file can be opened by a viewer of Volkov Commander file manager (6.25) or else by debugger DEBUG.EXE (6.05). Fig.12 shows fragments of MBR sector, copied from a real physical disk.
The first fragment presents starting part of executable code (proprietary OnTrack’s MBR version). The second fragment presents final part of that executable code with a prepared error message. The third fragment presents partition table, defining division of HDD’s writable surface into partitions in a particular computer.
Partition table consists of 4 partition descriptors, each 16 bytes long. If offsets are counted from start of MBR sector, then partition descriptor’s offsets are 1BEh, 1CEh, 1DEh, 1EEh correspondingly. However, MBR sector’s copy, shown in fig.12, is loaded from offset 100h and on; therefore in fig.12 partition descriptor’s offsets are 2BEh, 2CEh, 2DEh, 2EEh. The last word in MBR sector is a signature AA55h, marking the end of bootable disk’s MBR.
Four partition descriptors enable to create up to four primary partitions in any physical HDD drive. If there is less than 4 partitions, the rest descriptors are filled with zeros. In fig.12 the first descriptor in partition table is filled with zeros. Hence, this particular HDD is divided into three valid primary partitions.
On a bootable HDD one primary partition must be marked as active (potentially bootable) with a 80h mark in the first descriptor’s byte. In fig.12 the 80h mark is present at offset 02CEh, which is the first byte of the second partition descriptor. Hence, active partition in this particular HDD is the second partition.
Missions of the mentioned and of other bytes in partition descriptors are shown in the table below. Offsets in the first column of the table are counted from the start of each partition descriptor.
|00h||1||Status indicator (80h – active partition)|
|01h||1||Partition’s start HDD’s head|
|02h||1||Partition’s first sector [Note 1]|
|03h||1||Partition’s first track [Note 1]|
|04h||1||Partition’s file system identifier (A.13-6)|
|05h||1||Partition’s final HDD’s head|
|06h||1||Partition’s last sector [Note 2]|
|07h||1||Partition’s last track [Note 2]|
|08h||4||Number of sectors preceding the partition|
|0Ch||4||Length of the partition (in sectors)|
- ^ In a byte at offset 02h bits 5–0 express number of partition’s first sector on a track, but bits 6 and 7 represent most significant bits of partition’s 10-bit first track number. 8 least significant bits of partition’s 10-bit first track number are stored in a byte at offset 03h.
- ^ In a byte at offset 06h bits 5–0 express number of partition’s last sector on a track, but bits 6 and 7 represent most significant bits of partition’s 10-bit last track number. 8 least significant bits of partition’s 10-bit last track number are stored in a byte at offset 07h.
- Descriptors to partitions with LBA addressing[Note 4 to A.13-6] may contain invalid CHS parameters (numbers of tracks, heads and sectors). Nevertheless data in bytes at offsets 08h–0Fh must be valid.
A.13-6 Selected file system identifiers
In each partition descriptor (A.13-5) a byte at offset 04h is file system identifier. Operating system reads file system identifier and “decides” whether it can ensure access to this partition. If file system identifier is not “known” to operating system, then access to this partition will not be attempted. Most probably such partition even wouldn’t be shown to user. Some file system identifiers denote hidden partitions, which can be accessed for system purposes, but stay hidden for the user. The table below presents interpretation of selected file system identifiers.
|00h||Free disk’s space|
|01h||File system FAT-12 for volumes 16 Mb and less|
|04h||Obsolete FAT-16 up to 32 Mb without cluster structure|
|05h||Extended partition with CHS addressing [Note 1][Note 2]|
|06h||FAT-16 up to 2 Gb with CHS addressing [Note 2]|
|07h||NTFS file system [Note 3]|
|0Bh||FAT-32 with CHS addressing [Note 2]|
|0Ch||FAT-32 with LBA addressing [Note 4]|
|0Eh||FAT-16 up to 2 Gb with LBA addressing [Note 4]|
|0Fh||extended partition with LBA addressing [Note 1][Note 4]|
|11h||Hidden FAT-12 partition (for OS/2 boot manager)|
|14h||Hidden FAT-16 partition (for OS/2 boot manager)|
|1Bh||Hidden FAT-32 with CHS addressing [Note 2]|
|1Ch||Hidden FAT-32 with LBA addressing [Note 4]|
|3Ch||PowerQuest’s Partition Magic recovery partition|
|42h||Dynamic partition of Windows Vista OS|
|43h||PTS DOS boot manager’s (BootWizard’s) partition|
|4Dh-4Fh||QNX OS partitions|
|54h||OnTrack Disk Manager’s DDO (Dynamic Drive Overlay)|
|64h-65h||Novell Netware OS partitions|
|82h||Linux OS swap partition|
|83h||Ext2fs file system of Linux OS|
|84h||Partition for power supply state recovery|
|85h||Linux OS extended partition [Note 1]|
|A0h||Partition for portable PC’s state recovery|
|A5h||FreeBSD OS partition|
|A6h||OpenBSD OS partition|
|A8h||UFS file system of MacOS|
|A9h||Net BSD OS partition|
|ABh||Bootable partition of MacOS|
|BEh||Bootable partition of Solaris OS|
|D8h, DBh||CP/M OS partitions|
|EBh||BFS1 file system of BeOS|
|EEh||GPT partition of 64-bit Windows OS versions [Note 5]|
|FDh||RAID partition of Linux OS|
- ^ Extended partition is a formal specification of disk’s space for placement of several non-primary partitions (logical disks). Descriptors of non-primary partitions are written not in MBR, but in separate dedicated sectors, traced via a chain of references. MS-DOS doesn’t allow this chain to be closed in a loop, otherwise MS-DOS hangs in infinite cycle of finding the end of this loop.
- a b As far as parameters CHS (Cylinder-Head-Sector) occupy 3 bytes in partition descriptors (A.13-5), hence CHS parameters enable to address not more than 2^24 sectors 512 bytes each, equivalent to 2^23 kilobytes, or else 8 Gb. Therefore partitions with CHS addressing can’t be arranged beyond first 8 Gb, counted from the start of disk’s space (LBA addressing should be applied further). In table A.13-6 those only identifiers are marked with CHS, which are used as distinctive features of CHS addressing.
- ^ The 07h file system identifier is interpreted by Microsoft as belonging to installable file systems (IFS), file systems with transformed presentation to the user. But in fact, besides NTFS, only one rarely used IBM’s HPFS file system is marked with 07h identifier.
- ^ a b c d e f Linear Block Addressing (LBA) is based on sectors count from start of disk’s space according to data in bytes 08h–0Fh in partition descriptors (A.13-5). LBA enables to overcome the 8 Gb boundary, inherent to CHS addressing. LBA requires support for extended functions of INT 13 handler (8.01-55) from both disk drive and BIOS system. All modern computers provide such support.
- ^ Data about partitions GPT (= GUID Partition Table) constitute extended MBR, occupying not a single sector, but a considerable part of disk’s first track. Only 64-bit versions of operating systems Windows server 2003, Windows XP and Windows Vista provide support for GPT partitions.
- As far as it is known, partition identifiers 21, 23, 26, 31, 33, 34, 36, 71, 73, 74, 76, 86, A1, A3, A4, A6, B1, B3, B4, B6, E5, E6, F3, F6 are reserved and are not used yet.
A.13-7 Disk’s free space table
This table with data about logical disk’s free space is returned by INT 21AX=7303h function (8.02-80), which may be applied to logical disks, formatted with FAT-12, FAT-16 and FAT-32 file systems.
|00h||2||Size of this table (in bytes)|
|02h||2||Must be = 0000h on call|
|08h||4||Number of bytes per sector|
|0Ch||4||Number of free clusters|
|10h||4||Total number of clusters in logical disk|
|14h||4||Number of free physical sectors in logical disk|
|18h||4||Total number of physical sectors in logical disk|
|1Ch||4||Number of available allocation units|
|20h||4||Total number of allocation units in logical disk|
A.14 I/O Ports
A.14-1 Selected port addresses
Ports represent computer’s hardware and therefore should be addressed either via BIOS functions, which are adapted to a particular computer’s motherboard, or via device drivers for expansion boards. Direct access to ports can’t be recommended for application programs, though there are some exceptions. But knowledge of port addresses is beneficial, at least in order to avoid address conflicts with expansion boards.
The table below shows relatively steady features of general port addresses allocation in AT-compatible computers. Of course, port addresses allocation in your particular computer may somewhat differ from the one shown below.
|Address ranges||Target devices|
|0000h–001Fh||1st direct memory access controller (DMA1)|
|0020h–0021h||1st interrupt controller (IRQ 1 – IRQ 7, 8.01-09)|
|0022h–0023h||Dynamic RAM controller|
|0060h–0064h||Keyboard controller (A.11-3)|
|0070h||CMOS RAM requests reception port [Note 1]|
|0071h||CMOS RAM data I/O port [Note 1]|
|0080h||Manufacturing diagnostics port|
|00A0h–00A1h||2nd interrupt controller (IRQ 8 – IRQ 15, 8.03-75)|
|00B2h–00B3h||Advanced power management ports|
|00C0h–00DFh||2nd direct memory access controller (DMA2)|
|0168h–016Fh||IFS devices or expansion boards|
|0170h–0177h||2nd IDE HDD controller (default IRQ 15)|
|01E8h–01Efh||PS/2 mouse or other devices (IRQ 12)|
|01F0h–01F7h||1st IDE HDD controller (default IRQ 14)|
|01F8h||A20 line gate control|
|0200h–020Fh||Game port (joystick)|
|0279h||Plug-and-play configuration register port|
|02E8h–02EFh||Serial port COM4|
|02F8h–02FFh||Serial port COM2 (default IRQ 3)|
|0300h–031Fh||NE2000-compatible Ethernet adapters|
|0330h–0331h||Musical instrument’s MIDI interface|
|0378h–037Ah||Parallel port LPT1 (default IRQ 7)|
|03C0h–03CFh||Ports of EGA-compatible video adapters [Note 2]|
|03C4h||EGA sequencer’s selector port [Note 3]|
|03C5h||EGA sequencer’s data port [Note 3]|
|03CEh||Graphic register’s selector port [Note 4]|
|03CFh||Graphic register’s data port [Note 4]|
|03DAh||CGA/EGA/VGA video adapter’s status port [Note 5]|
|03E0h–03E7h||PCMCIA i82365 controller’s ports|
|03E8h–03EFh||Serial port COM3|
|03F0h–03F7h||Floppy disk controller (default IRQ 6)|
|03F8h–03FFh||Serial port COM1 (default IRQ 4)|
|0A79h||Plug-and-play system data port|
|0CF8h–0CFFh||PCI bus configuration ports|
- ^ a b c d Some data in CMOS RAM are accessible via BIOS Setup program (1.01). Besides that, some hardware data and memory data are read by INT 11 (8.01-42) and by INT 12 (8.01-43) handlers. Direct appeals to CMOS RAM may be necessary for masking NMI (note 1 to 8.01-03), for obtaining data about floppy drives (offset 10h in A.08-03) and for defining CPU’s actions after reset, dependent on a byte at offset 0Fh in CMOS RAM.[Note 4 to A.12-1] For access to data in CMOS RAM the requested byte’s offset (up to 7Fh) should be sent by OUT command (7.03-66) to port 70h; then via port 71h the requested byte’s value can be read by IN command (7.03-26) or altered with OUT command.
- ^ As far as drawing graphics with INT 10AH=0Ch function (8.01-19) is slow, operating systems appeal directly to video memory and to ports of EGAcompatible video adapters. Therefore EGA port addresses are preserved as a standard, though EGA adapter itself has come out of use long ago.
- ^ Port 03C5h transfers a byte, sent by OUT command (7.03-66), to that internal register in video adapter, which is defined beforehand via port 03C4h. If a byte AL = 02h is sent in advance to port 03C4h, then the next byte, sent to port 03C5h, will be accepted as color mask (its normal value is 0Fh).
- ^ Port 03CFh transfers a byte, sent by OUT command (7.03-66), to that internal register in video adapter, which is defined beforehand via port 03CEh. If a byte AL = 08h is sent in advance to port 03CEh, then the next byte, sent to port 03CFh, will be accepted as a bit-mask for 8 consecutive pixels. If a byte AL = 05h is sent in advance to port 03CEh, then the next byte, sent to port 03CFh, will specify mode (00h–02h) of writing into video memory (note 3 to 8.01-39).
- ^ Port 03DAh is intended for data reading only. Bit 3 in a byte, read from port 03DAh, is kept set during field retrace intervals and is kept cleared outside these intervals. Therefore field retrace intervals can be registered by IN command (7.03-26) in order to avoid image disruptions, which are noticeable, if changes of the displayed image occur outside retrace intervals.
A.14-2 Status of serial port
This table presents interpretation of bitfields in status byte, returned in AH register by INT 14AH=00h – INT 14AH=03h functions (8.01-65 – 8.01-68).
|0||Received data are ready|
|5||Transmit holding register is empty|
|6||Transmit shift register is empty|
|7||Timeout. no reply|
A.14-3 Status of printer, connected to parallel port
This table presents interpretation of bitfields in status byte, returned in AH register by INT 17AH=00h – INT 17AH=02h functions (8.01-86 – 8.01-88).
|0||Timeout, no reply|
|1||EPP BIOS only: requested port is not supported|
|4||Port is busy|
|5||Printer is out of paper|
|7||Printer is ready (not busy)|
Note 1: returned set state of CF flag with status byte AH = 03h means that EPP BIOS is present, but it doesn’t support the requested port.
Note 2: status byte AH = 00h means that EPP data are returned in registers (A.14-4).
A.14-4 Selected functions of EPP BIOS
EPP is a BIOS supplement, enabling enhanced modes of data transfer through LPT ports according to IEEE 1284 specification. Presence of EPP BIOS in your computer should be proved by INT 17AX=0200h function (8.01-88), which also reports LPT port base address, EPP BIOS version, and address of its entrance point. The latter is used as a target address for CALL FAR command (7.03-08); being called in this way, EPP BIOS performs the operation, specified by a value in AH register at that moment. For the latest revision 7 of EPP BIOS the choice of a particular LPT port is defined by its base address in DX register; earlier EPP BIOS versions define LPT port by its number 00h–03h in DL register. Besides this, some EPP BIOS functions need other data, shown in the second column of the table below or in notes, marked by note number in fifth column. Unless specified otherwise, almost all EPP BIOS functions return status byte (A.14-7) in AH register, mark failure with set state of CF flag and don’t preserve contents of BX register.
|AH||On call||EPP BIOS function||On return||Comments|
|00h||Report configuration||AL = IRQ||A.14-5|
|01h||A.14-6||Set transfer mode||AX altered|
|02h||Report transfer mode||AH altered||A.14-6|
|03h||AL=00h||Enable LPT interrupts|
|03h||AL=01h||Disable LPT interrupts|
|04h||Reset EPP||AL altered|
|05h||AL=address||Address-write I/O cycle||AL altered|
|06h||Address-read I/O cycle||AL=address|
|07h||AL=byte||Send a byte|
|08h||Send a block of data||[Note 1]|
|09h||Receive a byte||AL=byte|
|0Ah||Receive a block of data||[Note 2]|
|0Bh||AL=address||Addressed byte reading||AL=byte|
|0Ch||AL=address||Addressed byte sending||[Note 3]|
|0Dh||AL=address||Addressed block reading||[Note 2]|
|0Eh||AL=address||Addressed block sending||[Note 1]|
|0Fh||AL=port||Lock LPT port||[Note 4]|
|10h||AL=port||Unlock LPT port||[Note 4]|
|11h||CH=00h||Disable device interrupts||[Note 5]|
|11h||CH=01h||Enable device interrupts||[Note 5]|
|12h||AL=00h||Real-time device present?||AL=01h if yes|
|12h||AL=01h||Add real-time device|
|12h||AL=02h||Remove real-time device|
|40h||Query multiplexer||[Note 6][Note 7]|
|41h||AL=port||Query multiplexer port||[Note 6][Note 8]|
|50h||AL=port||Query daisy chain||[Note 6][Note 9]|
|51h||AL=port||Reassign chain numbers||[Note 6]|
- ^ On call a pointer to data block must be specified in DS:SI registers, length of data block (in bytes) — in CX register. Earlier versions of EPP BIOS, preceding the 7th revision, accept a pointer to data block from ES:DI registers. Function returns in CX register a number of bytes not sent yet.
- ^ On call a pointer to buffer for data must be specified in ES:DI registers, length of this buffer — in CX register. After successful termination function returns buffer filled, and in CX register — a number of bytes left not filled in the buffer.
- ^ On call the data byte to be sent must be specified in CL register. Earlier versions of EPP BIOS, preceding the 7th revision, accept data byte from DH register.
- ^ If external devices are connected via multiplexer, then multiplexer port number (01h–08h) should be specified in bits 3–0 of a byte in AL register. If external devices are connected as a daisy chain, then daisy chain port number (10h–80h) should be specified in bits 7–4 of a byte in AL register.
- ^ Multiplexer port number (01h–08h) should be specified in AL register. If multiplexer is not used, then AL register must be cleared. For interrupt enable function (CH = 01h) a pointer to interrupt event handler should be specified in ES:DI registers.
- ^ This function is not implemented in earlier versions, preceding EPP BIOS revision 7. This function shouldn’t be applied, if external devices are not connected to a certain LPT port via multiplexer or as a daisy chain. The requested LPT port will be identified not by its number, but by its I/O base address, which should be specified in DX register.
- ^ The number of currently active multiplexer port is returned by this function in AL register, and a flags byte is returned in CH register. Set state of bit 0 in flags byte signifies locked state of multiplexer port, set state of bit 1 in flags byte signifies that there is an interrupt pending from this multiplexer port.
- ^ This function returns in CH register a byte of flags. Set state of bits in this flags byte have the following meaning :
- bit 0 – this port is selected (active)
- bit 1 – port is locked
- bit 2 – interrupts from this port are enabled
- bit 3 – interrupt is pending from this port.
- ^ This function returns in BH register the EPP BIOS version, in BL register — number of currently active daisy chain device, in CH register — a flags byte (as described in note 7), in CL register — number of devices constituting the daisy chain (or 00h, if there is no daisy chain), in ES:DI registers — a pointer to driver’s vendor identification string.
A.14-5 EPP BIOS configuration byte
The “Report configuration” function, defined on call by 00h value in AH register (A.14-4), returns in AL register a LPT port’s IRQ line number, in BH register — the EPP BIOS version, in ES:DI registers — a pointer to driver’s information, in CX register — LPT port’s I/O base address (for versions 1.0 – 3.0 of EPP BIOS only), and in BL register returns EPP BIOS configuration byte. Interpretation of configuration byte’s bitfields is given in the table below.
|0||Multiplexer is present|
|1||Bi-directional data transfer is supported|
|2||Daisy chain is present|
|3||ECP specification is supported|
|4||EPP software emulation is supported|
|5||EPP BIOS functions are supported|
|6||“Fast Centronics” data transfer is supported|
|7||Standard EPP I/O map|
A.14-6 Code of EPP BIOS data transfer mode
The “Report transfer mode” function, defined on call by 02h value in AH register (A.14-4), returns code of current transfer mode in AL register. The “Set transfer mode” function, defined on call by 01h value in AH register (A.14-4), enables to change LPT data transfer mode according to mode’s code, specified in AL register. Interpretation of bitfields in this mode’s code is given in the table below.
|0||Compatibility mode enabled|
|1||Bi-directional data transfer enabled|
|2||Data transfer according to EPP specification|
|3||Data transfer according to ECP specification [Note 1]|
|4||EPP software emulation enabled [Note 1]|
|5||“Fast Centronics” data transfer enabled [Note 1]|
|6||= 0b (reserved)|
|7||EPP port interrupts enabled [Note 2]|
- ^ Modes defined by set state of bits 3–5 in mode’s code cannot be implemented by earlier versions of EPP BIOS, preceding its latest 7th revision.
- ^ As far as device interrupts are enabled by AH = 11h function (A.11-4), set state of bit 7 is not accepted by “Set transfer mode” function (AH = 01h), but nevertheless may be reported by “Report transfer mode” EPP BIOS function (AH = 02h).
A.14-7 Status code of EPP BIOS functions
Almost all EPP BIOS functions, except 01h and 02h (A.14-4), return in AH register a status byte. Interpretation of EPP BIOS status byte codes is given in the following table.
|02h||Requested command or feature is not supported|
|03h||Requested parallel port is not supported|
|05h||Request is not supported in current mode|
|06h||Invalid subfunction requested|
|07h||Request is already done or set|
|20h||LPT multiplexer isn’t present (AMI BIOS versions only)|
|40h||LPT multiplexer isn’t present (other EPP BIOS versions)|
|41h||Currently multiplexer is locked|
|80h||I/O timeout, no response|
|FFh||Requested function either is invalid or isn’t supported|
A.15 CD/DVD service tables
A.15-1 Bootable CD/DVD specification packet
BIOS functions INT 13AH=4A00h and INT 13AX=4C00h (8.01-61) emulate a logical disk on basis of its copy, read from an optical CD/DVD disc. Emulation control parameters must be prepared in a form of bootable CD/DVD specification packet. Internal data structure of this packet is shown in the following table.
|00h||1||Size of this packet in bytes (=13h normally)|
|01h||1||Disk copy type (same as at offset 21h in A.15-3)|
|02h||1||Drive number to emulate (note 1 to 8.01-44)|
|03h||1||Drive controller number to emulate|
|04h||4||CD Logical Block Address where disk copy begins (the same as at offset 28h in table A.15-3)|
|08h||2||Bit||0||: emulate a slave IDE drive|
|Bits||7–0||: LUN and SCSI ID number (for SCSI)|
|Bits||15–8||: bus number (for SCSI)|
|0Ah||2||Segment address of prepared 3 kb read buffer (or 0000h value if no caching)|
|0Ch||2||Segment address to load boot sector of disk’s copy (the same as at offset 22h in table A.15-3)|
|0Eh||2||Number of 512-byte virtual sectors in disk’s copy (the same as at offset 26h in table A.15-3)|
|10h||1||Least significant 8 bits in number of disk’s copy cylinders (as is returned by INT 13AH=08h in CH)|
|11h||1||Bits||5–0||: number of last sector on a track|
|Bits||7–6||: most significant bits of copy cylinders number (as is returned by INT 13AH=08h in CL)|
|12h||1||Number of heads in emulated disk drive|
A.15-2 Format of command packet
This command packet specifies parameters for INT 13AH=4Dh function (8.01-63), which reads sectors from optical CD/DVD discs. During boot procedure this command packet specifies reading of boot catalog from CD/DVD disc.
|00h||1||Size of packet in bytes (= 08h normally)|
|01h||1||Number of sectors to be read|
|02h||4||Pointer to buffer for read data|
|06h||2||Number of the first sector to be read|
A.15-3 Boot catalog of optical CD/DVD discs
Optical discs potentially are able to implement several computer booting scenarios. Initial data, defining each booting scenario, must be present on bootable optical disc(s) in form of a hidden directory, also known as boot catalog. This directory can be read by INT 13AH=4Dh function (8.01-63). As in ordinary directory, records in boot catalog have standard length 20h bytes. Minimal contents of boot catalog are composed of two required records: the first record is known as validation entry, the second record is a descriptor of default bootable disk’s copy. The table below presents structures of both mentioned required records. Offsets 00h–1Fh correspond to validation entry record ; offsets 20h–3Fh, to descriptor of default bootable disk’s copy.
|00h||1||= 01h: signature of validation entry start|
|04h||24||CD/DVD drive manufacturer (ASCII string)|
|1Ch||2||Complement checksum of bytes 00h–1Fh|
|1Eh||2||= AA55h: validation entry termination signature|
|20h||1||= 88h: signature of bootable disk’s descriptor [Note 2]|
|21h||1||Bits 3-0 :
|Bit 6: – copy of a disk with ATAPI interface|
|Bit 7: – copy of a disk with SCSI interface|
|22h||2||Segment address for loading boot sector (if = 0000h, then segment address is 07C0h by default)|
|24h||1||Disk’s copy file system identifier (A.13-6)|
|26h||2||Number of 512-byte virtual sectors in disk’s copy|
|28h||4||CD/DVD Logical Block Address where disk’s copy starts|
- Besides two required records, presented in table A.15-3, CD boot catalog may contain other 32-byte records, grouped in several sections. Each section represents a separate booting option and consists of not less than two records: a header record and a bootable disk’s copy descriptor for that booting option. Header record begins with signature byte 90h, except header record in the last section, which begins with signature byte 91h. In every header record a word at offset 02h announces number of 32-byte records in this section. In each section descriptor of booting option may be followed by auxiliary records. Data structure in each descriptor of booting option is the same as that of default bootable disk’s descriptor, shown in table A.13-3 at offsets 20h–3Fh.
- ^ Descriptors of non-bootable disks are allowed too, their distinctive feature is starting signature 00h.
A.15-4 Commands, performed by CD/DVD drivers
In order to send a command to a driver, you have to obtain a handle, associated with this driver. The first step is to find a pointer to CD/DVD driver header by means of INT 2FAX=1501h function (8.03-14), performed by TSR program either MSCDEX.EXE (5.08-03) or SHSUCDX.COM (5.08-04). Second step is to read a 8-byte name (signature) of driver’s access channel inside driver’s header at offset 0Ah. Driver access channel usually is named after the identifier, which follows the /D: parameter in command line, loading the driver (for example, the /D:MSCD001 identifier for CD/DVD drivers, shown in articles 5.10-01 – 5.10-03). The next third step is to use the name for obtaining a handle with INT 21AH=3Dh function (8.02-33). The name must be uppercased and appended to 8 bytes with spaces (20h), if it is shorter. Returned handle should be placed in BX register before the desired command will be sent to the driver by INT 21AX=4403h or by INT 21AX=4402h function (8.02-41). Besides that, these functions need a request data block to be prepared. A pointer to request data block must be specified in DS:DX registers, and length of request data block — in CX register. Length of request data block for different commands is shown in the second column of the table below. The third column shows codes of CD/DVD driver’s commands, which are to be specified at offset 00h in request data block. If command implies return of some data, driver will write these data into cells of the same request data block.
|4402h||05h||00h||Report driver’s header address||[Note 2]|
|4402h||06h||01h||Report drive’s head location||[Note 3]|
|4402h||09h||04h||Report audio control status||A.15-5|
|4402h||05h||06h||Report CD/DVD drive status||A.15-6|
|4402h||04h||07h||Read mode, sector size||[Note 4]|
|4402h||05h||08h||Get number of sectors||[Note 2]|
|4402h||02h||09h||Report disc change status||[Note 5]|
|4402h||07h||0Ah||Get number of tracks||[Note 6]|
|4402h||08h||0Bh||Get start of track||[Note 7]|
|4403h||01h||00h||Eject the tray|
|4403h||02h||0100h||Unlock the door|
|4403h||02h||0101h||Lock the door|
|4403h||01h||02h||Reset the drive||[Note 1]|
|4403h||01h||05h||Pull the track in|
- ^ After any request to CD/DVD driver sent by INT 21AX=4402h function and before the driver is activated for any other purpose it must be reset by sending command 02h via INT 21AX=4403h function.
- ^ After execution of operations 00h and 08h the requested result is written into request data block starting at offset 01h. This result is either a 4-byte number or a 4-byte address according to the requested operation.
- ^ After a request for drive’s head location a returned byte at offset 01h in request data block represents CD/DVD addressing format :
- 00h – HSG format
- 01h – Red Book format (frames/seconds/minutes).
Besides that, a double word at offset 02h in request data block is drive’s head location in units according to addressing format.
- ^ After a request for read mode it is returned in request data block at offset 01h :
- 00h – reading with error correction (cooked)
- 01h – reading with ECC code, but without error correction (raw).
Besides that, returned word at offset 02h presents sector’s size.
- ^ After a request for disc change status driver returns status byte at offset 01h in request data block :
- 00h – change status isn’t determined,
- 01h – disc has not been changed,
- FFh – disc has been changed.
- ^ After a request for number of tracks driver returns number of the first track in a byte at offset 01h, number of the last track — in a byte at offset 02h, and start address of the first track (in Red Book format) is returned as a double word at offset 04h.
- ^ On call for start of a track the number of requested track must be specified in byte at offset 01h in request data block. In response to this call driver writes into request data block at offset 02h a double word address of requested track’s starting point (in Red Book format). Besides that, in a word at offset 06h driver returns flags, where set state of bits means the following :
- bit 12 – audio track, written with preemphasis,
- bit 13 – digital copying is permitted,
- bit 14 – this track contains data (not audio),
- bit 15 – this is a 4-channel audio track.
A.15-5 CD/DVD audio control
If in CD/DVD drive status word (A.15-6) bit 8 is set, then this CD/DVD drive doesn’t need audio card in order to control audio playback: this CD/DVD drive itself is able to control audio playback.
For sending a request to CD/DVD drive via INT 21AX=4403h function (A.15-4), a pointer to data block with requested parameters must be specified in DS:DX registers. The table below presents structure of a data block with audio control parameters, which should be prepared for audio control operation 03h in order to alter audio playback. Data block of the same structure is written into a prepared buffer by INT 21AX=4402h function in response to a request for audio control status operation (A.15-4). On call for INT 21AX=4402h function a byte at offset 00h in prepared buffer must be filled yet : it must specify code 04h of audio control status operation.
|00h||1||Function: 03h for AX=4403h or 04h for AX=4402h|
|01h||1||Input channel (0–3) for output channel 0|
|02h||1||Volume for output channel 0|
|03h||1||Input channel (0–3) for output channel 1|
|04h||1||Volume for output channel 1|
|05h||1||Input channel (0–3) for output channel 2|
|06h||1||Volume for output channel 2|
|07h||1||Input channel (0–3) for output channel 3|
|08h||1||Volume for output channel 3|
Note 1: output channels 0 and 1 correspond to left and right; output channels 2 and 3 correspond to rear left and rear right. Each channel may be switched off by sending its volume value 00h.
Note 2: by default each input channel is connected to output channel with the same number, and volume is set to maximum value FFh.
A.15-6 Bitfields in optical disc drive status word
This table shows meaning of bitfields in status word, returned by INT 21AX=4402h function inside data block at offset 01h in response to CD/DVD drive status request 06h (A.15-4).
|0||Drive’s tray is ejected|
|1||Tray lid is unlocked|
|2||“Raw” reading mode is supported [Note 1]|
|3||Drive enables writing onto CD/DVD discs|
|4||CD/DVD drive is able to play audio/video tracks|
|5||CD/DVD drive supports interleaving [Note 2]|
|7||CD/DVD drive supports prefetch requests [Note 3]|
|8||CD/DVD drive supports audio channel control|
|9||Red Book addressing is supported (in addition to HSG)|
|10||CD/DVD drive drive is busy with playing audio|
|11||There is no disc in CD/DVD drive|
|12||CD/DVD drive has separate read and write channels|
- ^ “raw” reading mode implies that ECC code together with data is read and sent to output, but error correction is not performed. Normal “cooked” reading mode implies that ECC code is used for error correction, but is not sent to output together with corrected data.
- ^ Interleaving here is related to video files, composed of alternating groups of image frames and audio frames.
- ^ Prefetch requests cause reading into drive’s memory buffer, so that later the requested data can be obtained without waiting for access to the requested track.
A.16 Some relevant abbreviations
|ACPI||–||Advanced Configuration and Power Interface specification stipulates presentation of motherboard’s parameters to operating system in a form of data tables in dedicated memory areas.|
|AGP||–||Accelerated Graphic Port : a slot for inserting video adapters, and also specification of video adapter’s interaction with motherboard.|
|AH||–||CPU’s 8-bit register, representing bits 15–8 of 16-bit AX register.|
|AL||–||CPU’s 8-bit register, representing bits 7–0 of 16-bit AX register.|
|AMIS||–||Alternate Multiplex Interrupt Specification (A.07-6)|
|ANSI||–||American National Standards Institute (USA)|
|API||–||Application Program Interface, i.e. OS services for programs.|
|APM||–||Advanced Power Management : extension of computer’s BIOS system, providing control over power supply (8.01-70 – 8.01-72)|
|ASCII||–||American Standard Code for Information Interchange.|
|ASCIIZ||–||a string in ASCII code terminated with at least one 00h byte.|
|ASPI||–||Advanced SCSI Programming Interface : enhanced set of commands for SCSI interface (5.07-03). Nowadays many ASPI commands are implemented in ATAPI (5.07-01) and USB (5.07-05) controllers.|
|AT||–||Advanced Technology : a name of IBM’s PC model produced in 1984. Most modern computers inherit some features of AT model.|
|ATA||–||AT Attachment : disk storage device’s interface, implemented for the first time in IBM’s PC AT model.|
|ATAPI||–||ATA Packet Interface: packet enhancement of ATA (5.07-01).|
|ATX||–||AT extension : enhanced specification of PC blocks construction features, implemented since 1998.|
|AUX||–||reserved word, used to address serial port COM1.|
|AVI||–||suffix of video files, composed of interleaved audio and video frames.|
|AX||–||16-bit general purpose register, associated with CPU’s arithmetic unit. In 32-bit CPUs AX represents a part (bits 15–0) of 32-bit register EAX.|
|b||–||binary : distinctive mark of binary numbers.|
|BAT||–||suffix of batch files, interpreted by COMMAND.COM (6.04). Unlike ordinary command files, batch files are accepted by COMMAND.COM interpreter from command line without input redirection.|
|BH||–||CPU’s 8-bit register, representing bits 15–8 of 16-bit BX register.|
|BIOS||–||Basic Input-Output System, the one supplied with PC’s motherboard.|
|BL||–||CPU’s 8-bit register, representing bits 7–0 of 16-bit BX register.|
|BP||–||Base Pointer : 16-bit register, used as a base for addressing data arrays. In 32-bit CPUs BP represents bits 15–0 of 32-bit register EBP.|
|BPB||–||BIOS Parameters Block (A.03-4).|
|BSD||–||Berkley Software Distribution, known for a freeware OS.|
|BX||–||16-bit general purpose register, also used as a base for addressing data. In 32-bit CPUs BX represents bits 15–0 of 32-bit register EBX.|
|CD||–||Compact Disc : a one-sided 650–800 Mb optical disc.|
|CD-ROM||–||a read-only compact disc or a drive for such discs.|
|CDS||–||Current Directory Structure (A.03-3).|
|CF – (1)||:||CPU’s Carry Flag, used to indicate carry and errors.|
|CF – (2)||:||Compact Flash — a type of removable storage cards.|
|CGA||–||Color Graphic Adapter : the first IBM’s model of color video adapter.|
|CH||–||CPU’s 8-bit register, representing bits 15–8 of 16-bit register CX.|
|CHS||–||Cylinder-Head-Sector : mode of HDDs addressing.[Note 2 to A.13-6]|
|CL||–||CPU’s 8-bit register, representing bits 7–0 of 16-bit register CX.|
|CMOS||–||Complementary Metal-Oxide Semiconductor : BIOS’ memory block on CMOS chips, which doesn’t lose stored data when PC is switched off.|
|COM – (1)||:||suffix of executable files, which have no header.|
|COM – (2)||:||reserved word for access to serial ports.|
|COM – (3)||:||Common Object Model — a programming technique.|
|CON||–||console, i.e. keyboard for input and display for output.|
|CP||–||Codepage (more about CP in articles 1.06 and A.02-2).|
|CP/M||–||Control Program for Microcomputers : a prototype of DR-DOS.|
|CPU||–||Central Processing Unit — the main processor chip in a PC.|
|CR||–||Control Registers : 32-bit registers CR0, CR2, CR3 (A.11-4), introduced in 80386 CPU model. CR4 has been introduced later in Pentium CPU.|
|CRC||–||Cyclic Redundancy Check : code for error detection only (no correction)|
|CRT||–||Cathode Ray Tube.|
|CS||–||Code Segment : 16-bit segment register, defining segment address of the code, executed by CPU.|
|CSM||–||Compatibility Support Module supplements UEFI BIOS with features of ordinary BIOS systems, thus enabling to use DOS’ software, to launch Windows-XP and many other OSes, which can’t start under UEFI.|
|CWR||–||Control Word Register in arithmetical coprocessor.|
|CX||–||16-bit general purpose register, often used as a counter. In 32-bit CPUs CX represents a part (bits 15–0) of 32-bit ECX register.|
|dd||–||two-digit decimal day number in a month.|
|DDO||–||Dynamic Drive Overlay : OnTrack’s BIOS extension for access to HDDs over 512 Mb in obsolete PCs.|
|DH||–||CPU’s 8-bit register, representing bits 15–8 of 16-bit register DX.|
|DI||–||Destination Index : 16-bit register normally used to store target offset. In 32-bit CPUs DI represents a part (bits 15–0) of 32-bit register EDI.|
|DL||–||CPU’s 8-bit register, representing bits 7–0 of 16-bit register DX.|
|DMA||–||Direct Memory Access.|
|DOS||–||Disk-based Operating System.|
|DPB||–||Drive Parameters Block (A.03-1).|
|DPMI||–||DOS Protected Mode Interface : API functions for programs, designed to be executed in CPU’s V86 mode. DPMI is implemented, in particular, by “DOS box” of Windows OS (more about that in 8.03-21).|
|DPR||–||Data Pointer Register in arithmetical coprocessor.|
|DPTE||–||Drive Parameter Table Extension (A.13-3).|
|DR – (1)||:||Digital Research — company developer of CP/M and DR-DOS.|
|DR – (2)||:||Debug Registers — CPU’s registers DR0–DR7 (A.11-5).|
|DS||–||Data Segment : 16-bit segment register, defining segment address of current program’s data block.|
|DTA||–||Data Transfer Area (8.02-16, A.09-1)|
|DVD||–||Digital Versatile Disk — optical disc with 4.7 Gb of data per side.|
|DX||–||16-bit general purpose register. In 32-bit CPUs DX represents a part (bits 15–0) of 32-bit register EDX.|
|EAX||–||32-bit general purpose register in 32-bit CPUs. Least significant bits of EAX register (bits 15–0) constitute AX register.|
|EBIOS||–||BIOS extension providing LBA mode of disk access in obsolete PCs.|
|EBP||–||32-bit base address register in 32-bit CPUs. Least significant bits of EBP register(bits 15–0) constitute BP register.|
|EBX||–||32-bit general purpose register in 32-bit CPUs. Least significant bits of EBX register (bits 15–0) constitute BX register.|
|ECC||–||Error Correcting Code.|
|ECP||–||Extended Capabilities Port : data transfer specification for LPT ports.|
|ECX||–||32-bit general purpose register in 32-bit CPUs. Least significant bits of ECX register (bits 15–0) constitute CX register.|
|EDI||–||32-bit destination offset register in 32-bit CPUs. Least significant bits of EDI register (bits 15–0) constitute DI register.|
|EDX||–||32-bit general purpose register in 32-bit CPUs. Least significant bits of EDX register (bits 15–0) constitute DX register.|
|EFI||–||Extensible Firmware Interface : Intel’s specification of 32-bit BIOSes, originally intended for Itanium 64-bit single-core CPU (2002). Revision of EFI for newer 32-bit multi-core CPUs is known as UEFI (2007).|
|EGA||–||Enhanced Graphics Adapter : obsolete IBM’s color video adapter. Modern video adapters inherit many important features from EGA.|
|EHCI||–||Enhanced Host Controller Interface : controller specification for USB bus versions 2.x (more about that in 5.07-05).|
|EMM||–||Expanded Memory Manager : EMM386.EXE driver (5.04-02).|
|EMS||–||Expanded Memory Specification, implemented by EMM (5.04-02).|
|EOF||–||End Of File : EOF mark in ASCII code is byte 1Ah.|
|EPP||–||Enhanced Parallel Port : BIOS extension of LPT functions (A.14-4)|
|ES||–||16-bit segment register in CPU, defining target segment address.|
|ESI||–||32-bit source offset register in 32-bit CPUs. Least significant bits of ESI (bits 15–0) constitute SI register.|
|ESP||–||32-bit stack pointer register in 32-bit CPUs. Least significant bits of ESP (bits 15–0) constitute SP register.|
|EXE||–||Executable : suffix for executable files having a header.|
|FASM||–||Flat ASseMbler : modern freeware assembler for DOS, Windows, Linux and Unix. Can be downloaded from http://www.flatassembler.net/ .|
|FAT||–||File Allocation Table.|
|FCB||–||File Control Block (A.09-5).|
|FCBS||–||command (4.10), reserving memory for FCBs.|
|FDD||–||Floppy Disk Drive.|
|FS||–||auxiliary 16-bit segment register, introduced since CPU 80386.|
|GDT||–||Global Descriptor Table — a table of 8-byte segment descriptors, defining main system segments in protected mode. (A.12-2).|
|GDTR||–||CPU’s system register. Stores GDT’s linear address and size.|
|GS||–||auxiliary 16-bit segment register, introduced since CPU 80386.|
|GUI||–||Graphical User Interface — alternative to textual command line.|
|GUID||–||Globally Unique IDentifier — 32-bytes long universal identifier.|
|h||–||hexadecimal : distinctive mark of hexadecimal numbers.|
|HDD||–||Hard Disk Drive.|
|HMA||–||High Memory Area : memory area 1024–1088 kb.|
|HRS||–||Hidden, Read-only, System : a set of attributes for system files.|
|HSG||–||High Sierra Group specification — prototype of ISO 9660 standard.|
|IBM||–||International Business Machines company.|
|IDE||–||Integrated Drive Electronics : HDD interface, equivalent to ATA.|
|IDT||–||Interrupt Descriptor Table : table of interrupts for protected mode. Its segment descriptor is sometimes also denoted as IDT.|
|IDTR||–||CPU’s system register. Stores IDT’s linear address and size.|
|IEEE||–||Institute of Electrical and Electronics Engineers.|
|IFS||–||Installable File System : file system (5.08-01), accessed by means of installable driver.|
|IML||–||Initial Machine Load system.|
|INT||–||Interrupt : event or command (7.03-28), invoking interrupt handler.|
|I/O||–||Input-Output, i.e. data transfer operations.|
|IOCTL||–||Input-Output Control system (8.02-41).|
|IP||–||Instruction Pointer : 16-bit register, defining offset of the next command. In 32-bit CPUs IP represents a part (bits 15–0) of 32-bit EIP register.|
|IPR||–||Instruction Pointer Register in arithmetical coprocessor.|
|IRQ||–||Interrupt ReQuest line(s).|
|ISA||–||Industrial Standard Architecture : (obsolete) bus for expansion cards.|
|ISO||–||International Standards Organization.|
|ISP||–||Interrupt Sharing Protocol (A.07-5).|
|JFT||–||Job File Table : table of opened handles.[Note 3 to A.07-1]|
|LAN||–||Local Area Network.|
|LBA||–||Linear Block Addressing — HDDs addressing mode.[Note 4 to A.13-6]|
|LCD||–||Liquid Crystal Display.|
|LFN||–||Long File Name (A.09-3).|
|LIM||–||Lotus-Intel-Microsoft : the founders of EMS specification.|
|LPT||–||Line PrinTer : port, also known as parallel port.|
|LUN||–||Logical Unit Number : identifier for devices, sharing one bus address.[Note 1 to A.03-2]|
|MASM||–||Macro ASseMbler : Microsoft’s low-level code assembler.|
|MBR||–||Master Boot Record (A.13-5).|
|MCB||–||Memory Control Block : 16 bytes long descriptor (A.12-7).|
|MDA||–||Monochrome Display Adapter, used in IBM’s obsolete PCs.|
|mm||–||two-digit decimal month number in a year.|
|MO||–||Magneto-Optical disks or disk drives.|
|MS||–||mark for objects, owned or developed by Microsoft.|
|MSWR||–||Machine Status Word Register : control register in CPU 80286. In modern CPUs MSWR is a part of control register CR0.|
|NTFS||–||New Technology File System for HDDs under Windows NT/2000/XP.|
|NUL – (1)||:||channel “to nowhere”, as alternative to real channels.|
|NUL – (2)||:||the 00h byte value.|
|OEM||–||Original Equipment Manufacturer : direct delivery of components (as antonym of retail sale).|
|OHCI||–||Open Host Controller Interface : controller specification for USB bus versions 1.x (5.07-05).|
|PCI||–||Peripheral Components Interconnect : type of bus for expansion cards.|
|PCMCIA||–||PC Memory Card International Association : interface standard, originally designed for memory expansion cards (5.07-02).|
|PD||–||Powerful Disk : a 650 Mb rewritable optical discs of CD-RAM type, prototype of DVD-RAM discs.|
|PIO||–||Programmed I/O control for devices with ATAPI interface.|
|PM||–||Protected Mode of CPU operation.|
|POST||–||Power-On Self Test : performed by BIOS when PC is switched on.|
|PRN||–||reserved word used to address printer port LPT1.|
|PSP||–||Program Segment Prefix (A.07-1).|
|PS/2||–||Personal System/2 : IBM’s PC model developed in 1987.|
|PS2||–||mouse port and connector type, first introduced in PS/2 PCs.|
|PTS||–||PhysTechSoft — russian software vendor, known for its PTS-DOS|
|RAID||–||Redundant Array of Inexpensive Disks : distributed storage technique, enhancing transfer speed. Under permanent qualified maintenance, some RAID versions also may reduce risk of data loss.|
|RAM||–||Random Access Memory — ordinary writable memory, as alternative to sequential access to tape and disk media.|
|ROM||–||Read-Only Memory, i.e. non-rewritable storage media.|
|SCSI||–||Small Computer System Interface (5.07-03).|
|SFT||–||System File Table of associations for active handles (A.01-4)|
|SFX||–||SelF eXtracting packed archive or module.|
|SI||–||Source Index : 16-bit register, used to store source address offset. In 32-bit CPUs SI represents a part (bits 15–0) of 32-bit ESI register.|
|SIMD||–||Single Instruction Multiple Data : class of commands, performing the same operation over a group of data items.|
|SP||–||Stack Pointer : 16-bit register, defining offset of stack’s top. In 32-bit CPUs SP register represents a part (bits 15–0) of 32-bit ESP register.|
|SS||–||Stack Segment : 16-bit register, defining stack’s segment address.|
|SSE||–||Streaming SIMD Extensions : extensions of SIMD command set, implemented in modern CPUs.|
|STDIN||–||input channel, corresponding to handle 0000h and having default association with keyboard as data source.|
|STDOUT||–||output channel, corresponding to handle 0001h and having default association with display as target device.|
|STDERR||–||channel to display error messages, associated with handle 0002h.|
|SVGA||–||SuperVGA videomodes (A.10-1), suggested by VESA.|
|SWR||–||Status Word Register in arithmetical coprocessor (7.04-08, 7.04-64).|
|TASM||–||TurboASseMbler : a low-level code assembler from Borland Co.|
|TLB||–||Translation Lookaside Buffer : cache buffer in CPU, performing translation of linear addresses into physical addresses.|
|TSR||–||Terminate and Stay Resident : resident modules or programs (8.02-23)|
|TWR||–||Tags Word Register in arithmetical coprocessor.|
|UEFI||–||Unified EFI — revision of EFI, adopted in 2007 for modern 32-bit multicore CPUs. UEFI stipulates for graphic shell, for network support and for retention of compatibility with OSes by means of CSM module.|
|UHCI||–||Universal Host Controller Interface : controller specification for USB bus versions 1.x (5.07-05).|
|UMB||–||Upper Memory Blocks : address space pieces, allotted for loading drivers inside 640–1024 kb area.|
|USB||–||Universal Serial Bus (5.07-05).|
|V86||–||virtual 8086 mode : emulation of obsolete CPU 8086 by modern CPUs, operating in protected mode. V86 mode enables to execute DOS programs at the lowest (third) privilege level.|
|VBE||–||Video BIOS Extensions, developed by VESA (8.01-35) in order to enable implementation of SVGA videomodes.|
|VC||–||Volkov Commander shell (6.25).|
|VCPI||–||Virtual Control Program Interface : protocol of interaction enabling control transfer from one control program to another (5.04-02).|
|VESA||–||Video Electronics Standards Association.|
|VGA||–||Video Graphics Array : video adapter for IBMs PS/2 computers.|
|XMS||–||Extended Memory Specification implemented by Himem.sys (5.04-01)|
|YIQ||–||model of pixel representation in luminance and two chrominance axes, corresponding to highest and lowest visual color resolution.|
|YUV||–||model of pixel representation in luminance and two chrominance axes, conforming to specifications of CIE (Comite Internationale d’Eclairage).|
|yy||–||year (in MS-DOS 7 year is represented by a four-digit number).|
|ZIP – (1)||:||suffix of archive files, compressed by PKZIP utility.|
|ZIP – (2)||:||trade mark of removable disk drives, produced by Iomega Co.|
|ZF||–||CPU’s zero flag, used to indicate equality or zero result.|