TIP: Click on subject to list as thread! ANSI
echo: 80xxx
to: SYLVAIN LAUZON
from: PETER LOUWEN
date: 1997-03-03 23:29:00
subject: Re: Unknown function
 -=> Quoting Sylvain Lauzon to All <=-
 SL> I found two unknown functions and potentialy dangerous maybe?
 SL> mov al,00h
 SL> mov ah,13h
 SL> int 2f
 SL> This clear up the DOS from the memory. And it should not! All it says
 SL> is "Swap 13h and 19h". It doesn't say much. This function is used to
 SL> check for a free "hole" i mean from AH=0 to AH=FF
I don't understand what you're saying at all.
Here's what Ralf Brown has to say on the subject:
----- Quote
INT 2F U - DOS 3.2+ - SET DISK INTERRUPT HANDLER
        AH = 13h
        DS:DX -> interrupt handler disk driver calls on read/write
        ES:BX = address to restore INT 13 to on system halt (exit from root
                 shell) or warm boot (INT 19)
Return: DS:DX set by previous invocation of this function
        ES:BX set by previous invocation of this function
Notes:  IO.SYS hooks INT 13 and inserts one or more filters ahead of the
          original INT 13 handler.  The first is for disk change detection
          on floppy drives, the second is for tracking formatting calls and
          correcting DMA boundary errors, the third is for working around
          problems in a particular version of IBM's ROM BIOS
        before the first call, ES:BX points at the original BIOS INT 13; 
S:DX
          also points there unless IO.SYS has installed a special filter for
          hard disk reads (on systems with model byte FCh and BIOS date
          "01/10/84" only), in which case it points at the special filter
        most DOS 3.2+ disk access is via the vector in DS:DX, although a few
          functions are still invoked via an INT 13 instruction
        this is a dangerous security loophole for any virus-monitoring 
software
          which does not trap this call ("INT13", "Nomenklatura", and many
          Bulgarian viruses are known to use it to get the original ROM entry
          point)
----- Unquote
 SL> Another mysterious one is the following.
 SL> mov al,00h
 SL> mov ah,55h
 SL> int 2f
 SL> This one returns 0000. I have no idea why.
Because it should:
----- Quote
INT 2F U - DOS 5+ - COMMAND.COM INTERFACE
        AX = 5500h
Return: AX = 0000h if an instance of COMMAND.COM is already running
        DS:SI -> entry point table
Notes:  used to access the shareable portion of COMMAND.COM, which may have
          been moved into the HMA; only the primary COMMAND.COM retains this
          portion
        procedures called from a dispatcher in COMMAND's resident portion;
          most assume that the segment address of the resident portion is on
          the stack and are thus not of general use
----- Unquote
Peter
... COBOL programs are an exercise in artificial inelegance.  
--- EBO-BBS Diemen - NL
---------------
* Origin: EBO-BBS Diemen (http://www.worldonline.nl/~biginski) (2:280/901)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.