Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

the DOS code segment hunt, results/questions (Miscellaneous)

posted by geoffchappell(R), 15.12.2009, 16:56

> Look for SHARE.EXE hooks; they're listed in the Int21.52 (DOS data)
> description.

That listing always puzzled me. I don't believe anyone ever had any evidence of any Microsoft code accessing the SHARE hooks relative to the address returned by int 21h function 52h. As you noted, SHARE uses hard-coded offsets for these pointers (005Ch or 0090h). It's one of those programs that know the layout of DOS data depends on the indicator at offset 04h.

I don't recall any location of the pointers via the first SFT container. Mind you, I don't seem to have any disassemblies of SHARE after DOS 4. I must have looked at it later, but not everything got preserved when I moved from one side of the world to the other. It's quaint now, but back in the late 80s and early 90s, I used to mark up these things with pencil and paper. It was the hard copy that was vital. Marking up the file - and never printing out - didn't take over until about 1992.

Curiously, for access to variables that obviously are in the SYSVARS structure, SHARE sometimes accesses them as members but sometimes uses hard-coded offsets. That may be unintended, of course: the names of the variables and the members are perhaps the same, so that the difference is just the accidental omission of a "[bx].".

> MS-DOS 7.00 probably stores the code segment somewhere around there as
> did earlier and later versions.

I'm pretty sure it doesn't and never has. Once the code's at its final position, the segment only has to persist in far pointers that connect data to code. For instance, if DOS actually has ended up in the HMA, then there's a pointer so that int 21h can get from the stub in low memory to the code in high memory, but that pointer otherwise won't be meaningful. Of course, in the "otherwise" case, you can find the code segment by other ways.

If you really wanted to, you could reliably find the code segment experimentally. DOS calls various interrupts, most notably int 2Fh, directly from its code wherever its code may be. So, hook int 2Fh and call a DOS function that you know will call a particular case of int 2Fh. When your hook sees this case, it can look up the return address and save it for you. When the DOS function returns, you can unhook. The first one that comes to mind is that int 21h function 0Dh always finishes by calling int 2Fh function 1120h - but there's surely a better one than that.

 

Complete thread:

Back to the forum
Board view  Mix view
15112 Postings in 1359 Threads, 247 registered users, 14 users online (0 registered, 14 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum