Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

the DOS code segment hunt, results/questions (Miscellaneous)

posted by Ninho(R) E-mail, 16.12.2009, 20:24

> If you really wanted to, you could reliably find the code segment
> experimentally. DOS calls various interrupts, most notably int 2Fh,
> directly from its code wherever its code may be. So, hook int 2Fh and call
> a DOS function that you know will call a particular case of int 2Fh. When
> your hook sees this case, it can look up the return address and save it
> for you. When the DOS function returns, you can unhook. The first one that
> comes to mind is that int 21h function 0Dh always finishes by calling int
> 2Fh function 1120h - but there's surely a better one than that.

Nice and easily applied trick, thank you very much! Didn't you tell you had forgotten you DOS basics ;-)

However the principle of least work (or simple=pretty) makes me stick to my current method (pick the DOS CS from the pristine share hooks). Of course I'll switch to using your method IFF someone find a convincing case where mine is in fault - when looking for the kernel CS during drivers init phase, be it clearly stated. I agree your method is the better one to use in the general case.

---
Ninho

 

Complete thread:

Back to the forum
Board view  Mix view
15108 Postings in 1358 Threads, 246 registered users, 15 users online (0 registered, 15 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum