Hi, I'm interested in how the I/O instructions work with devices. I found some examples to beep Internal Speakers, but I don't get how it works. on Windows, in device manager, I found I/O ports, but I don't know which signals should I send to them using IN and OUT instructions. Can anyone point me to the right direction where can I get started ?
Thank you.

You have already started.

To use those privileged instructions you have to run in DOS mode or in ring0 usin a driver.

You can try also using debug.exe to play with some ports.

In general, IO mappings are derived from PCI device enumeration (this includes legacy controllers that are bridged). Each device has an identifier that should have a corresponding driver; this driver should know how to use the IO ports according the the device's specification.

The exceptions are the legacy controllers such as PIT, PIC, RTC, CMOS, PS2, ... these have fixed IO mappings but still have a specification on how to use them. I believe the speaker is driven by the PIT and simply gates clock signals to produce a tone. (The PIT was originally the "intel 8253" chip)

----

in/out are not privileged instructions - they can actually be used in ring 3 as long as the IOPL in the TSS allows it; though, yes, most OSs disable them all.

I'm using DosBox for testing, but I think you guys don't understand me.
For example, take this example:
Internal Speaker

How these things are happening? I though system speaker port was 61h, but for me, seems arbitrary values.

I need list of values to send, to control them.
Thanks!

The enable is port 0x61, which is gating the output of the i8253 PIT. The signal is defined by the magic value "182" in your example, which if you read the specification, means "select channel 2, LSB then MSB, square wave mode, binary input" into port 0x43 (PIT command register). It then loads the "frequency number" (PIT channel 2 register), which is actually the clock divider of the master clock, one byte at a time LSB then MSB. The frequency is 0x1234DD/divider and divider must be 1..65535. The duration is being controlled based on how long it takes the CPU to count ~1.6M times. (It would be better to use the channel 0 or RTC IRQ for real timing)

In short, you choose when to toggle the speaker and load a divider to get the frequency you want.

Okay, you gave me the little tutorial here, where can I find all the "magic values" that does something?

Overflowz,

No magic there, i8253/54 datasheets are available freely (even Wiki has an article about it).

Well then can you explain why Windows produces a "Privileged Instruction" Exception when you use in/out?

Maybe I might try one day injecting a thread into user32/kernel32 and use the IN/OUT instructions because it seems like these DLLs use them all the time.

// Added to TODO list.

Windows runs with IOPL=0. While x86 documentation distinguishes between "privileged instructions" (CPL=0 only; e.g. HLT, LGDT, MOV CRx) vs. "IOPL-sensitive instructions" (CPL<=IOPL: CLI, STI, IN, OUT), Windows raises the same kind of exception (STATUS_PRIVILEGED_INSTRUCTION) on the offending thread regardless.

"injecting a thread into user32/kernel32" doesn't make any sense; they're not processes, they're just libraries. As with any library, their code runs with no more privileges than any other code in the process they're loaded into (so they can't use IN/OUT either).

typedef,

Your code have to have enough permissions (via IOPL or I/O permission map thru TSS) to use in/out instructions seamlessly. NTVDM (SoftPC evolved) intrusively emulates direct access to hardware ports for 16-bit code. With enough privileges you can use ready-made WinIO.Sys driver or something similar in Win32.

Intel SDM/AMD APM give clear understanding when (and why) privileged instructions (such as in/out) cause #PF.