Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cwjcc!tut.cis.ohio-state.edu!rutgers!att!ttrdc!levy
From: levy@ttrdc.UUCP (Daniel R. Levy)
Newsgroups: comp.sys.ibm.pc
Subject: problems trying to intercept msdos function requests
Message-ID: <3204@ttrdc.UUCP>
Date: 14 Feb 89 03:43:47 GMT
Organization: AT&T, Skokie, IL
Lines: 97

Hello again, and thanks to all the folks who replied to my earlier request
for info about talking PC software.

With just enough understanding of MS-DOS to be dangerous, I am now trying to
do something screwey, that is, intercept calls to the MS-DOS function
requests (that are made through interrupt 21h).  This is so that I can do
something even screwier (that is, to make a UNIX-structured floppy look to
programs running on the PC like a MS-DOS file system, as much as is possible
given the braindamage of the MS-DOS file system).  This is a research project
I've committed to for a class I am taking at Northwestern, so I can't back
out of it.

My problem is that I can't even seem to make a do-nothing intercept program do
what I want.  My code gets the interrupt vector for 21h, copies it to an
unused interrupt vector, replaces the interrupt vector at 21h with
a pointer to my intercept routine, then terminates while staying resident
(the interrupt for this final request being done through the formerly unused
vector).  Future interrupts to 21h should, I figure, call my routine.
I tried a do-nothing routine which just interrupts to the vector to which
I had copied the old vector at 21h, and then performs an iret.  This works
a little, but flakily.  DIR works okay after this, and I can execute some
programs in the current directory, but when I try to run a program where MS-DOS
must search PATH, the machine goes into an infinite loop and it's reboot time.
(This is on an AT&T PC6300.)

Could some MS-DOS guru please look at the assembly code below and tell me
what I'm missing?  It _must_ be something awfully simple, I just don't know
what it is :-).  Thanks much in advance!

(Yes, I have verified that 88h is an unused interrupt vector [contains
0000:0000], at least at the time I run this program.)

	.8087

CODE	segment
	assume	cs:CODE

; get the interrupt vector currently at 21h

START:	mov	al,21h
	mov	ah,35h
	int	21h

; at this point, ES contains the segment and BX contains the offset
; of the interrupt vector currently at 21h

; set the interrupt vector at 88h to be the same as the one at 21h

	mov	ax,es
	mov	ds,ax
	mov	ax,bx
	mov	dx,ax
	mov	al,88h
	mov	ah,25h
	int	21h

; Now (here's the trick) set the interrupt vector at 21h to be CATCH, below

	mov	ax,seg CATCH
	mov	ds,ax
	mov	ax,offset CATCH
	mov	dx,ax
	mov	al,21h
	mov	ah,25h
	int	21h	; note we must hereafter use 88h for subsequent
			; system calls that we don't want to be caught

; terminate this process but keep it

	mov	ax,128	; keep this many paragraphs
	mov	dx,ax
	mov	al,0	; exit code 0
	mov	ah,31h
	int	88h	; don't catch THIS call

; this is the system call intercept code

CATCH:

; make the real system call

	int	88h
	iret

CODE	ends

STACK	segment stack
	assume	ss:STACK
	dw	64 dup(?)
STACK	ends

	end	START
-- 
Daniel R. Levy             UNIX(R) mail:  att!ttbcad!levy
AT&T Bell Laboratories
5555 West Touhy Avenue     Any opinions expressed in the message above are
Skokie, Illinois  60077    mine, and not necessarily AT&T's.