Claus-Justus Heine (claus@momo.math.rwth-aachen.de)
17 Jun 1998 12:28:33 +0200
"Grant R. Guenther" <grant@torque.net> writes:
> > > timers; and he said that I/O trace logs could be produced by EMM86
> > > as well, is this true???)
> >
> > Yes. There are some EMM386 hacks for this. Windows guys use them a lot
>
> So can anybody tell us how to find and use them ?
Clive Turvey from MSI was so kind to provide me with the following
information. Have fun.
Claus
attached mail follows:
This is from a letter I sent to Andrew Schulman back in 1994,
documentation did appear in MSDN later that year.
-Clive
....
Further to your quest to uncover all that Microsoft chooses not
to document, I have discovered an API for EMM386 which you might
be interested in. The API provides a means of virtualizing IO
ports under DOS and uses INT 0x2F, AX = 0x4A15. Microsoft use it
in WSSXLAT.EXE to emulate Sound Blaster Hardware for DOS games on
their Windows Sound System Card. From what I've managed to
reverse so far the API first appeared in EMM386 v4.46, although I
only have v4.48 which came with DOS 6.20. The virtualization is
not as complete as that provided for Windows VxDs, as it does not
appear to support word or string IO. It does however, provide a
doorway to Ring 0 & the GDT and gives an interesting means of
debugging, reverse engineering or emulating hardware & software.
EMM v4.48 provides up to 6 virtualization handles and the
following example illustrates a simple use of the API to provide
a virtual parallel port at 0x3BC by mapping all IO to the real
port at 0x378.
....
PAGE 100,132
SUBTTL 3BCto378.ASM
TITLE Copyright (C) Tenth Planet Software Intl. 1994
;***************************************************************************
****
;
; Virtual Parallel Port using EMM386 v4.46 or greater, maps logical
; port at 0x3BC to physical port at 0x378. The port trapping used
; increases IO time on a 486DX33 from 1.7us to 20us for the port
; being trapped. The trapping could be used for analysing/debugging
; hardware & software and emulating hardware.
;
; This code demonstrates the use of EMM386's AX=0x4A15 INT 0x2F API
; to the best of my knowledge this is an undocumented API.
;
; ==== ===
; \\ / th
; \\ /
; \\ / Planet
; \\/ Software
; /\\ International
; / \\
; / \\
; / \\
; === ====
;
; Copyright (C) Tenth Planet Software Intl., C Turvey 1994.
; Chicago & Southampton.
;
; CompuServe ID 74011,1732
; 74011.1732@compuserve.com
;
;***************************************************************************
****
;
; INT 0x2F, AX = 0x4A15, EMM386
;
;---------------------------------------------------------------------------
----
;
; BX = 0x0000 Open Port Trap, Six Traps available in 4.48 (DOS 6.20)
;
; Entry CX Number of Ports in Trap Table
; this can be less than range checked
; EDX Low Word Min Port, High Word Max Port, Ports >= 0x0100
; this range checked first
; SI Port Table, CX * DW Port,offset FarPortSub
; DI Segment Limit for Ring-0 (16:16)
; DS Ring 0 (16:16), CS, DS & ES
;
; Exit cf Set, Error
; Clear, Port Trap Successful
; AX Port Trap Handle
;
; Note IN AX,DX, OUT DX,AX, INS & OUTS Don't Work
;
;---------------------------------------------------------------------------
----
;
; BX = 0x0001 Close Port Trap
;
; Entry SI Port Trap Handle
;
; Exit cf Set, Error
; Clear, Port Trap Removed
;
;---------------------------------------------------------------------------
----
;
; BX = 0x0002 Crash & Burn, Microsoft Coding Error, Its Zero Based!!!
;
;---------------------------------------------------------------------------
----
;
; BX = 0x0003..0xFFFF Invalid
;
; Exit cf Set, Error
;
;***************************************************************************
****
cr equ 13
lf equ 10
.386
RING0 segment para public use16 'CODE' ; 16:16 Code
assume cs:RING0, ds:RING0, es:RING0
;***************************************************************************
****
;
; Order highest frequency first, EMM386 Searches on the range of ports
; you assigned to the trap, before committing to, and search this list.
;
port_trap_table dw 003BCh,offset emu_port_3BC ; Data Port
dw 003BEh,offset emu_port_3BE ; Control Port
dw 003BDh,offset emu_port_3BD ; Status Port
;***************************************************************************
****
;
; Data Port, Read & Write
;
; Entry
; CS Execute, Read Only Selector (0x138 on 4.48)
; DS Read & Write Selector (0x140 on 4.48)
; ES Read & Write Selector (0x140 on 4.48)
; AL Write Data
; CX 0 Read, 4 Write (Like Windows VxDs)
; DX Trapped Port
; SI Port Trap Handle
; DI Offset into Trap Table
;
; Exit
; cf Clear, Trapped OK
; AL Read Data
;
emu_port_3BC proc far
push dx
mov dx,00378h
test cx,4
jz rd_port_3BC
wr_port_3BC:
out dx,al
pop dx
clc
ret
rd_port_3BC:
in al,dx
pop dx
clc
ret
emu_port_3BC endp
;***************************************************************************
****
;
; Status Port, Read Only
;
emu_port_3BD proc far
push dx
mov dx,00379h
test cx,4
jz rd_port_3BD
wr_port_3BD:
pop dx
clc
ret
rd_port_3BD:
in al,dx
pop dx
clc
ret
emu_port_3BD endp
;***************************************************************************
****
;
; Control Port, Read & Write
;
emu_port_3BE proc far
push dx
mov dx,0037Ah
test cx,4
jz rd_port_3BE
wr_port_3BE:
out dx,al
pop dx
clc
ret
rd_port_3BE:
in al,dx
pop dx
clc
ret
emu_port_3BE endp
;***************************************************************************
****
high_water_mark label byte
;***************************************************************************
****
RING0 ends
;***************************************************************************
****
RING3 segment para public use16 'CODE' ; 16:16 Code
assume cs:RING3, ds:RING3, es:RING3
;***************************************************************************
****
exe_entry proc far
mov ax,seg RING3
mov ds,ax
mov ah,009h
mov dx,offset copyright
int 021h
mov ax,seg RING0
mov ds,ax
mov ax,04A15h ; EMM386
mov bx,00000h ; Open Port Trap
mov cx,00003h ; # Ports in Table
mov edx,003BE03BCh ; Range of Ports
mov si,offset port_trap_table
mov di,offset high_water_mark ; Code Segment Size?
stc
int 02Fh
jc exe_entry_10
mov ax,seg RING3
mov ds,ax
mov ah,009h
mov dx,offset trap_ok_msg
int 021h
mov ax,03100h ; TSR to DOS
mov dx,offset high_water_mark
add dx,0000Fh
shr dx,4
add dx,00010h ; Add in PSP
int 021h
exe_entry_10:
mov ax,seg RING3
mov ds,ax
mov ah,009h
mov dx,offset trap_fail_msg
int 021h
mov ax,04CFFh ; Terminate to DOS
int 021h
exe_entry endp
;***************************************************************************
****
copyright db '3BCto378 V1.0 (C) Copyright Tenth Planet Software
Intl., C Turvey, 1993-1994.',cr,lf
db ' CompuServe ID
74011,1732.',cr,lf,lf,'$'
trap_ok_msg db 'Installed I/O Trap',cr,lf,'$'
trap_fail_msg db 'Failed to install I/O Trap',cr,lf
db 'Requires Microsoft EMM386 v4.46 or greater',cr,lf,'$'
;***************************************************************************
****
RING3 ends
;***************************************************************************
****
STACK segment para stack use16 'STACK'
dw 256 dup (?)
STACK ends
;***************************************************************************
****
end exe_entry
-- To unsubscribe, send mail to: linux-parport-request@torque.net --
-- with the single word "unsubscribe" in the body of the message. --
This archive was generated by hypermail 2.0b3 on Wed 30 Dec 1998 - 10:17:51 EST