TIP: Click on subject to list as thread! ANSI
echo: 80xxx
to: SYLVAIN LAUZON
from: TOM TORFS
date: 1997-03-06 12:50:00
subject: Unknown function
Sylvain Lauzon wrote in a message to All:
 SL> I found two unknown functions and potentialy dangerous maybe? 
 SL> mov al,00h
 SL> mov ah,13h
 SL> int 2f
...
 SL> mov al,00h
 SL> mov ah,55h
 SL> int 2f
Extract from Ralf Brown's Interrupt List:
--------D-2F13-------------------------------
INT 2F U - DOS 3.2+ - SET DISK INTERRUPT HANDLER
   AH = 13h
   DS:DX -> interrupt handler disk driver calls on read/write
   ES:BX = address to restore INT 13 to on system halt (exit from root
       shell) or warm boot (INT 19)
Return: DS:DX set by previous invocation of this function
   ES:BX set by previous invocation of this function
Notes:   IO.SYS hooks INT 13 and inserts one or more filters ahead of the
     original INT 13 handler.  The first is for disk change detection
     on floppy drives, the second is for tracking formatting calls and
     correcting DMA boundary errors, the third is for working around
     problems in a particular version of IBM's ROM BIOS
   before the first call, ES:BX points at the original BIOS INT 13; DS:DX
     also points there unless IO.SYS has installed a special filter for
     hard disk reads (on systems with model byte FCh and BIOS date
     "01/10/84" only), in which case it points at the special filter
   most DOS 3.2+ disk access is via the vector in DS:DX, although a few
     functions are still invoked via an INT 13 instruction
   this is a dangerous security loophole for any virus-monitoring software
     which does not trap this call ("INT13", "Nomenklatura", and many
     Bulgarian viruses are known to use it to get the original ROM entry
     point)
SeeAlso: INT 13/AH=01h,INT 19,INT 9D"VIRUS"
--------l-2F5500-----------------------------
INT 2F U - DOS 5+ - COMMAND.COM INTERFACE
   AX = 5500h
Return: AX = 0000h if an instance of COMMAND.COM is already running
   DS:SI -> entry point table
Notes:   used to access the shareable portion of COMMAND.COM, which may have
     been moved into the HMA; only the primary COMMAND.COM retains this
     portion
   procedures called from a dispatcher in COMMAND's resident portion;
     most assume that the segment address of the resident portion is on
     the stack and are thus not of general use
SeeAlso: AX=5501h
greetz,
Tom
tomtorfs@mail.dma.be
--- timEd/2 1.10+
---------------
* Origin: 80X86 BBS 32-15-24.62.32 V.34/V.FC (24h/24h) (2:292/516)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.