flat assembler
Message board for the users of flat assembler.

Index > DOS > how to check if EMM386 is ON and switch it off?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
Hello guys!

how can i check if emm386 is active and switch it off from my program? it doesn't allow me to enter protected mode.

i've read that cpu operates in virtual-8086 mode when emm386 is active. now i'm stuck with turning this mode off Sad
Post 25 Feb 2010, 13:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16931
Location: In your JS exploiting you and your system
revolution
Code:
 smsw    ax
  shr     ax,1
        jc      WeAreInProtectedMode    
To turn it off requires knowledge of which EMM386 version your are using.
Post 25 Feb 2010, 15:17
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
revolution wrote:
Code:
  smsw    ax
  shr     ax,1
        jc      WeAreInProtectedMode    
To turn it off requires knowledge of which EMM386 version your are using.
Doesn't it have an undocumented interface that has since been documented enough that it can be considered pretty much official? Smile

_________________
Image - carpe noctem
Post 25 Feb 2010, 16:46
View user's profile Send private message Visit poster's website Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
i did some investigations... emm uses int 0x67, so to check if we're in V86 mode i use the following routine (seems to be working):
Code:
    push es
    xor ax, ax
    mov es, ax
    ;
    ;check if int 0x67 vector is set up
    ;
    mov si, 0x67*4      
    mov ax, [es:si]
    mov cx, [es:si+2]
    or ax, cx
    jz short no_ems
    ;
    ;check if VCPI is present
    ;
    mov ax, 0xde00
    int 0x67
    or ah, ah
    jnz short no_ems
    ;
    ;check if cpu is in V86 mode
    ;
    pushf
    pop ax
    bt ax, 17        ;check VM flag in EFLAGS
    jnc not_v86
    ;
    ;switch from V86 mode to protected
    ;
    ;<<< Fn 0xDE0C Int 0x67 call >>>
    ;
    

for now, i'm able to detect V86 mode. Fn 0xDE0C Int 0x67 is used to switch from V86 mode into protected. But i can't make it work, yet. Dunno how initialize this function call correctly. Always get triple fault. Keep investigating...
Post 25 Feb 2010, 23:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16931
Location: In your JS exploiting you and your system
revolution
zhak wrote:
Code:
bt ax, 17        ;check VM flag in EFLAGS     
ax has no bit 17!
Post 26 Feb 2010, 02:09
View user's profile Send private message Visit poster's website Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
hehe really, it doesn't ) midnight coding can give you pretty funny errors )
Post 26 Feb 2010, 09:07
View user's profile Send private message Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
but why didn't fasm give me compile-time error? is it a fasm bug?

changed to
pushfd
pop eax
bt eax, 17

now this test returns that VM is cleared. but direct access to cr0 is not allowed, which means that cpu is in PM, ring3. I'll try to allocate a mem page later today. I've read that this will enter v86 mode. if this helps, then will think what to do next.
Post 26 Feb 2010, 09:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16931
Location: In your JS exploiting you and your system
revolution
Did you try the code I posted above? It works no matter what mode because reading the MSW is not protected.
Post 26 Feb 2010, 09:57
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16931
Location: In your JS exploiting you and your system
revolution
zhak wrote:
but why didn't fasm give me compile-time error? is it a fasm bug?
It is not a bug. The CPU will mask the immediate value appropriately. According to the manuals there is no restriction in using any value up to 255.
Post 26 Feb 2010, 10:00
View user's profile Send private message Visit poster's website Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
revolution wrote:
Did you try the code I posted above? It works no matter what mode because reading the MSW is not protected.

smsw will work to check if in protected, but it's not enough. the main purpose is to disable protected or v86 mode - to go back to old good real mode
Post 26 Feb 2010, 10:13
View user's profile Send private message Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
i thought of an idea that if i'm sure that i'm in v86 mode, then i use Fn 0xDE0C Int 0x67 to switch to protected mode and then disable it, because i only need unreal mode for one segment register.
another option is to learn how to use vcpi services correctly and use them for loading files above 1 mb. but this will make code more complex - routines for vcpi and routines for not vcpi, relocating, and all other stuff. so i'd prefer just to switch to plain real mode and then initialize flat unreal mode.
Post 26 Feb 2010, 10:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16931
Location: In your JS exploiting you and your system
revolution
Why not just use protected mode? Why go to all the trouble to disable things when instead you can use them for what they were designed for?
Post 26 Feb 2010, 10:28
View user's profile Send private message Visit poster's website Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
i cannot use int 13h functions in protected. my proggie is intended to run either from dos, or not (loaded by boot sector). and i'm trying to keep it smaller and easier. using vcpi services will split the code into two parallel routines - one part is executed under dos with emm386, another part - if dos is not used (or dos w/o emm386). it makes code size at least twice bigger. then i suppose i'll need to add dpmi support which will split my code into 3 streams. and i have only 64kbytes for everything

i thought it could be easier to disable all third-party features (dos) and run full initialization in one stream.

another option is to exit with notification "please, turn off EMM services" Smile but it's not very user-friendly. (another reason i don't want to exit - because its tooooo simple Smile)
Post 26 Feb 2010, 10:43
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1903
DOS386
Code:
    pushf
    pop ax
    bt ax, 17        ;check VM flag in EFLAGS
    jnc not_v86
    


This is a "popular" way to do but invalid, even with EAX instead of AX: PUSHF is NOT realiable in V86, see Intel manuals.

Code:
        smsw    ax
        shr     ax,1
        jc      WeAreInProtectedMode
    


This is sufficient and the only correct way to detect V86 (will hang on CPU's older than 80286). INT $67 is only useful if you want to use EMS or VCPI.

Quote:
i've read that cpu operates in virtual-8086 mode when emm386 is active.


Right. NOT true for hardware (addon memory cards) or XMS based (EMSMAGIC) EMS services.

Quote:
now i'm stuck with turning this mode off


No official way. Use VCPI to get into Ring0 (will not work inside NTVDM Shocked) and then switch to RM. Untested, may leave misstargeted IVT entries or other mess and hang Sad

Quote:
I'll try to allocate a mem page later today. I've read that this will enter v86 mode.


Popular "info" but seems wrong Neutral

Quote:
if this helps, then


NO it won't. Test for V86 before INT $67. If in RM, be happy. If V86, try VCPI, no need for an EMS page.
Post 17 Mar 2010, 07:10
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
Emm386 definitively can be turned off. Win9x loader does it.

Even if it is not official, as f0dder said, it ought to be de-facto standard, and no one is going to change anything in DOS "standards" until after World War 3.
Post 17 Mar 2010, 12:41
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1903
DOS386
vid wrote:
Emm386 definitively can be turned off. Win9x loader does it. Even if it is not official, as f0dder said, it ought to be de-facto standard, and no one is going to change anything in DOS "standards" until after World War 3.


So post working FASM code please !
Post 18 Mar 2010, 06:54
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
Quote:
So post working FASM code please !

DOS is dead, and I don't feel like wasting my time with it now. If you really need to know, I think this code was located somewhere in WIN.COM, but I am not sure. More likely, it should still be floating somewhere in internet. It was some undocumented call.

Without it, Windows 95 wouldn't be able to take over machine from DOS with EMM386 running.
Post 18 Mar 2010, 11:52
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7521
Location: Kraków, Poland
Tomasz Grysztar
I think it may have something to do with this function:
http://lrs.uni-passau.de/support/doc/interrupt-57/RB-4390.HTM
Check out the function pointed to by DS:SI. Wink
Post 18 Mar 2010, 12:29
View user's profile Send private message Visit poster's website Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
thank you guys for useful info.
Post 18 Mar 2010, 13:05
View user's profile Send private message Reply with quote
Japheth



Joined: 26 Oct 2004
Posts: 151
Japheth
vid wrote:
Emm386 definitively can be turned off.


No. It MIGHT be possible that Emm386 can be turned off, but this cannot be guaranteed and since the intention behind using Emm386 often is to get UMBs it is usually impossible.

Quote:

Win9x loader does it.


Yes, it get the Emm386 info and handles int 67h on its own then. But it most likely cannot deactivate EMM - because there might exist a DOS device driver or TSR loaded before Windows which has allocated EMS pages.
Post 18 Mar 2010, 18:34
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.