	Sign In Sign-Up

The intention of these sections is to provide information on the subjects of YOUR (the users) choice, if you have suggestions or comments to the sections, please contact us. The information in these sections are provided 'as is' and the CyberSp@ce Cowboys will not acknowledge any legal claims, due to use/misuse of the contents on this site. Due to the human rights, concerning freedom of speech, neither will any claims of endorsement to 'criminal behavior' be recognized.

This section is currently (and will, most likely, constantly be) under work, so please have patience if a section is incomplete (if you wish to help with any of the chapters, notify berador via the mail-link on either the front- or 'join-' page).

Assembler. C/C++. Java. Pascal. Visual Basic.

Virii, source-code. Scanners. Password-crackers. Trojans. Tips & tricks.

Assembler.

The Assembler-language is (by most people) being referred to as 'the geek-language', due to it's (so-called) level of difficulty (to quote the beginning of the book 'The Art Of Assembly' : Many programmers think that hexadecimal numbers represent absolute proof that God never intended anyone to work with Assembler.That is NOT a fact, most programming languages are hard to learn, IN THE BEGINNING! The advantages by using assembler are many, (in general) you get faster programs aswell as they are (still in general) smaller. You get a higher degree of control, concerning the processes being run and finally you get a higher degree of understandment concerning the working of your computer. But lets start with first things first, the CPU. The CPU contains different SEGMENTS and REGISTERS, and these 'chunks' of storage-space (thats's, if you simplify it, what they are) are the cornerstones which you use to build a program around. To make it a bit easier to understand, lets make a graphical model of a CPU,,,

ax bx cx dx

cs ds ss es

bp si di

sp ip flags

This is basically the layout of a CPU, very simple and yet a necessary thing to understand. Now to explain the different parts of it. The AX, BX, CX & DX are DATA-REGISTERS. Their function is to, temporarily, store data (one register can store 2 bytes) until they have been processed. All of these registers can, if necessary, be divided into two halves (AH/AL=A-High/A-Low, each then capable of containing 1 byte). The different names refer to the use of the registers, AX was I.E. originally used for Arithmetical tasks. As you may have noticed, AX can only contain 16 bits which made it necessary to use DX if you wanted to run 32-bit applications. This issue has been solved by the intel-processor, by the adding of EAX/EBX/ECX & EDX. These are Extended registers, capable of containing 4 bytes each. Though that is the most widespread type of CPU, i will stick to the non-extended while explaining ( i don't want to throw to much at you at a time). The BX-register is (usually) being used for either adress-calculations or as storage for inter-calculatory values, and as for CX the use lies in a counter-function. All registers can be used for what-ever functions you might want, but it will improve stability and speed of your programs if you use the registers for their original function. The next three registers to learn about is the ADRESS-REGISTERS, BP/SI & DI. The BP (base-pointer) is used for adressing, much like BX. SI (source-index) & DI (destination-index) can be turned to such use too, but is mainly for advanced use in processes involving movement of token-strings. Though the CONTROL-REGISTERS are not directly in use by the programmer, it is nevertheless important to understand their usage since many functions rely on the functionality provided by these registers. The SP (stack-pointer) contains the memory-adress of the current stack, and keeps track of the entire content without the programmer needing to worry about it. IP (the instruction-pointer) tells what kind of instruction is currently active, and finally FLAGS contains information of the result of the latest instruction (if some of this rings a bell, then yes,,,,,these informations are the ones shown on your screen if you get I.E. a buffer overflow in the boot-process. Simply because they tell EXACTLY what happened in the CPU when the f***up occured!). The last part of the CPU is the SEGMENT-REGISTERS, the CS (code-segment, showing the segment-adress of the program-instructions) / the DS (same, just for the data-segment) / SS (the stack-segments) and finally the ES (extra-segment, usable for any segment-adressing needed by the programmer). Now lets look at the...

ASM-instructions.

In the following table, these are the short-hands used :

d	destination	"to" operand.
s	source	"from" operand.
t	target	"remote" adress, could be a segment.
l	label	"near" adress, not more than 7Fh
a	accumulator	AL, AH or AX.
p	port	internal port.
i	interrupt	interrupt number.
x	external	external operation-code (i.e. math-processor/GPU or the like).
c	counter	set in CX.

AAA	ASCII adjust for addition.
AAD	ASCII adjust for division.
AAM	ASCII adjust for multiplication.
AAS	ASCII adjust for subtraction.
ADC (d, s)	add with carry.
ADD (d, s)	add.
AND (d, s)	logical and.
CALL (t)	call a procedure.
CBW	convert byte to word.
CLC	clear carry-flag.
CLD	clear direction flag.
CLI	clear interrupt flag.
CMC	complement carry flag.
CMP (d, s)	compare destination to source.
CMPS (d, s)	same, but for string-operands.
CWD	convert word to doubleword.
DAA	decimal adjust for addition.
DAS	decimal adjust for subtraction.
DEC (d)	decrement by 1 (often used in counter-functions).
DIV	division (unsigned).
ESC (x, s)	escape.
HLT	halt.
IDIV	integer division.
IMUL	integer multiplication.
IN (a, p)	input byte or word.
INC (d)	increment by 1 (often used in counter-functions).
INT (i)	interrupt.
INTO	interrupt if overflow.
IRET	return from interrupt.
JA/JNBE (l)	jump if above/jump if not below or equal.
JAE/JNB (l)	jump if above or equal/jump if not below.
JB/JNAE (l)	jump if below/jump if not above or equal.
JBE/JNA (l)	jump if below or equal/jump if not above.
JC (l)	jump if carry.
JCXZ (l)	jump if CX is zero.
JE/JZ (l)	jump if equals/jump if zero.
JG/JNLE (l)	jump if greater/jump if not less or equal.
JGE/JNL (l)	jump if greater or equal/jump if not less.
JL/JNGE (l)	jump if less/jump if not greater or equal.
JLE/JNG (l)	jump if less or equal/jump if not greater.
JMP (t)	jump.
JNC (l)	jump if not carry.
JNE/JNZ (l)	jump if not equal/jump if not zero.
JNO (l)	jump if not overflow.
JNP/JPO (l)	jump if not parity/jump if parity odd.
JNS (l)	jump if not sign.
JO (l)	jump if overflow.
JP/JPE (l)	jump if parity/jump if parity even.
JS (l)	jump if sign.
LAHF	load AH from flags.
LDS (d, s)	load pointer, using DS.
LEA (d, s)	load effective adress.
LES (d, s)	load pointer, using ES.
LOCK	lock bus.
LODS (s)	load string.
LOOP (l)	loop.
LOOPE/LOOPZ (l)	loop if equal/loop if zero.
LOOPNE/LOOPNZ (l)	loop if not equal/loop if not zero.
MOV (d, s)	move.
MOVS (d, s)	move string.
MOVSB/MOVSW	move string (byte/word).
MUL (s)	multiplication (unsigned).
NEG (d)	negate.
NOP	no operation.
NOT (d)	logical not.
OR (d, s)	logical inclusive or.
OUT (p, a)	output byte or word.
POP (d)	pop word of stack.
POPF	pop flags of the stack.
PUSH (s)	push word onto stack.
PUSHF	push flags onto stack.
RCL (d, c)	rotate left through carry.
RCR (d, c)	rotate right through carry.
REP	repeat string operation.
REPE/REPZ	repeat string operation while equals/while zero.
REPNE/REPNZ	repeat string operation while not equals/while not zero.
RET	return from procedure.
ROL (d, c)	rotate left.
ROR (d, c)	rotate right.
SAHF	store AH into flags.
SAL/SHL (d, c)	shift arithmetic left/shift logical left.
SAR (d, s)	shift arithmetic right.
SBB (d, s)	subtract with borrow.
SCAS (d)	scan string.
SHR (d, c)	shift logical right.
STC	set carry flag.
STD	set direction flag.
STI	set interrupt enable flag.
STOS (d)	store byte or string.
SUB (d, s)	subtraction.
TEST (d, s)	test, or logical non-destructive and.
WAIT	wait for TEST-signal (hardware).
XCHG (d, s)	exchange operand.
XLAT (s)	operand is table, translate.
XOR (d, s)	logical exclusive or.

Base-lines of a program.

Scared? If not, you must be eager to learn. Usually that table scares the sh** out of people. But i suppose we should get on with the 'course'. The above commands are the most important, but keep in mind that the best programmers are the one's who challenge themselves by learning new ways of doing things and not the ones who know all the 'standard'-commands by mind (but not heart). There are several things to know, before you start writing your first program. First of all, you should allways make a draft of the whole thing (that may take a bit extra time, but it'll save you a lot of headaches during debugging). But let's take a look at how a simple program could look in assembler :

[ORG 100h]

jmp start

two dw 2

three dw 3

result dw 0

start: mov ax, two

add ax, three

mov result, ax

ret

Well, that doesn't look scary does it. It's a small program that adds the digits 2 & 3, and then places the result in a RAM-area temporarily named RESULT (later on, we'll look at how to display stuff on the screen). First we instructs the machine on where we wanna run the program from ( the [ORG 100h] line). This line tells, that we want it to move to a place 100h after the adress where we originally read the program to. The number 100h equals the decimal-number 256, and these 256 bytes between the 'read-adress' end the 'program-adress' is used by the system to store information. the denunciation of this area is the PSP ; Program-Segment-Prefix. Now we tell the program to jump to the label START (a label can allways be recognized by the trailing ' : '). From that point it very straight-forward, we MOVe the value 2(two) to AX and ADD the value 3(three). When that's done we MOVe the result in AX to the RAM-area reserved under the 'alias' of RESULT, and then we RETurn to the state where we took over the machine. Do you still think assembler is hard? By the way, the DW is used to Define Word (there 's also a term called DD (Define Doubleword), DB (Define Byte) & DQ (Define Quadword). The next thing we'll go over is the...

Interrupts.

One of the most important functions within programming is the interrupts, and even though they are all treated pretty much alike we will go over the types of interrupts and their differences here. The first type of interrupt is the one originating from hardware, I.E. when you press a key at the keyboard. Another type of interrupt is the one that occurs at a system-fault, I.E. parity-error in the RAM.The third type is 'created' in the CPU as a result of abnormal program-terminations, I.E. division by 0. The last one is the type of interrupt invoked by programmer, that is done with the INT command. All interrupts has a number, which is allways smaller than 255 (FFh in hexadecimal). Several of the 'low' numbers occur more than once, but that is because they can be invoked as both a hardware & programmable interrupt. What happens during an interrupt is actually a bit more complex than most people think : First of all the system saves a great deal of important information, like the actual values in IP and CS (in other words, the adress of the instruction that was carried out when the interrupt occured). These values are simply put on top of the active stack, so that you have the possibility to reinstate the program from where it got to after the interrupt has been handled. Also the FLAG-register is saved (which, as you may remember, contains information about the last instructions carried out). A bit in the FLAG-register shows wether or not an interrupt can be accepted, this bit is set to 0, whereby further (simultaneous) interrupts are prevented. When all this is done, new values for IP and CS are found in an interrupt-table located in the beginning of the adressable storage-areas. Since IP and CS both need 2 bytes of storage, the new values are simply found by taking the storage-adress that equals 4 times the value of the interrupt-number ( I.E. the interrupt 10h(screen-commands) or 16 decimal,equals up with the storage-area 40-43(in hex) or 64-67(in decimal)). I guess now is a good time to show you a listing of the different interrupts...

BIOS-interrupts.

00h division by 0.

01h single instruction.

02h non-maskable interrupt (I.E. parity-error).

03h program-break.

04h overflow.

05h print-screen (yup, that's actually an interrupt).

06h reserved.

07h reserved.

08h clock.

09h keyboard.

0Ah reserved.

0Bh communication.

0Ch communication.

0Dh fixed disc.

0Eh floppy drive.

0Fh printer.

10h screen.

11h signal from outer unit.

12h storage-size.

13h fixed/floppy disc.

14h communication.

15h tape-unit.

16h keyboard.

17h printer.

18h ROM-extensions.

19h boot-routine.

1Ah system-clock.

1Bh CTRL-BREAK routine (yup, another interrupt used as a 'system-command').

1Ch routine, executed at every timer-tick (~18 times a second).

1Dh setup of screen-parameters.

1Eh parameters for floppy-drive.

1Fh graphical tokens for colour-screens (ASCII-codes 128-255).

40h used by the system for the fixed discs.

41h parameters for fixed discs.

DOS-interrupts.

20h end program (same as the DOS-function 00h).

21h DOS-functions (see the next table).

22h adress for a programs jumpback to DOS.

23h executed when a CTRL-BREAK is performed.

24h executed in case of errors.

25h direct read from disc.

26h direct write to disc.

27h terminate program, but keep resident (similar to DOS-function 31h, which should be used in preference).

28h-2Eh reserved for DOS.

2Fh switch between processes.

30h-3Fh reserved for DOS.

33h used by mouse.

40h-5Bh reserved.

60h-66h reserved for user-written programs.

67h used by EMM.

68h-7Fh unused.

80h-85h reserved.

86h-F0h used by the system.

F1h-FFh unused.

DOS-functions (interrupt 21h sub-functions).

00h terminate program, same as DOS-interrupt 20h.

01h read one character from keyboard, and print it on screen.

02h print one character on the screen.

03h read character from transmission-line.

04h send character to transmissin-line.

05h send character to std.printer.

06h/07h/08h read character from keyboard.

09h write a string to printer.

0Ah read a string from the keyboard to the keyboard-buffer.

0Bh check for input from the keyboard.

0Ch erase keyboard-buffer and read directly from the keyboard.

0Dh reset all discs.

0Eh select std.disc.

0Fh open file (see 3Dh).

10h close file (see 3Eh).

11h find file-entry in catalogue.

12h find next file-entry in the catalogue.

13h erase a file.

14h read next record.

15h write next record.

16h make file (see 3Ch).

17h (re)name file (see 56h).

18h unused.

19h find actual/active disc.

1Ah set adress for read & write to disc.

1Bh supplies information about the allocation-table for the actual/active disc.

1Ch supplies information about the allocation-table for a specified disc.

1Dh not used.

20h not used.

21h read record from specified adress to disc-buffer.

22h write record to specified adress.

23h find file-size.

24h prepare read & write to specified adress.

25h set adress of specified interrupt.

26h create a new program-segment.

27h read block from specified adress.

28h write block to specified adress.

29h read and enterpret file-name.

2Ah read date.

2Bh set date.

2Ch read time.

2Dh set time.

2Eh set disc write-verification on/off.

2Fh read the adress of the disc-buffer.

30h read DOS-number (version).

31h terminate program, but keep resident.

32h unused.

33h enable/disable the CTRL-BREAK function.

34h unused.

35h find adress of specified interrupt.

36h read free space on disc.

37h unused.

38h find or set country-specific information (time-formats e.t.c. It can also set the table for alphabetical signs that should be changeable to upper-case).

39h make directory.

3Ah remove directory.

3Bh change directory.

3Ch make new file (i recommend this one instead of 16h, though you might want to look at 5Bh).

3Dh open file (recommended, instead of 0Fh, since this one provides user-based acces-priviliges over networks).

3Eh close file.

3Fh read a series of tokens from either a file or the keyboard.

40h write a series of tokens to the screen.

41h erase file.

42h search in file.

43h set file-attributes.

44h general control of an outer unit (this function has a long row of sub-functions).

45h get new reference for active/selected file.

46h set reference to point to selected file.

47h get catalogue-route for a disc.

48h reserve storage.

49h free reserved storage.

4Ah re-enter a storage-reservation.

4Bh read and execute selected program.

4Ch terminate a running program.

4Dh find return-code from terminated program.

4Eh find specified file.

4Fh find next file.

50h-53h unused.

54h get status of verify (read/write-control).

55h unused

56h rename a file.

57h find or set time & date for a files catalogue-registration.

58h unused.

59h get extended error-code.

5Ah create non-existing (new) filename.

5Bh create new file.

5Ch set or erase acces to a file, or part of a file.

5Dh unused.

5E00h find network-name of this machine.

5E02h set control for printer.

5E03h find control for printer.

5F02h find route to outer unit.

5F03h set route to outer unit.

5F04h erase route to outer unit.

62h get adress for programs prefix-area.

65h get country-specific informations.

66h find or set key-table (equals the CHCP (CHange Code-Page) command, in DOS).

67h set number of file-references.

68h flush file-buffers.

To remove all basis of misunderstandment, the DOS-interrupt tables given here are based on DOS 3.3 because of 2 reasons. 1 : they contain the information needed for allmost any needed purpose, and 2 : the amount of 'data' i'd be throwing at you, if i gave the complete lists of the most recent DOS-interrupts whould be too overwhelming for most people (especially beginners).

Examples

Well, now that you have looked over the interrupts it's time for some 'real' programming-examples. Earlier, in the 'Base-lines of a program' sub-section, i talked about how to create a screen-output. As you saw in the interrupt-tables there is several interrupts that provide this service, but we'll start with the BIOS-commands. The BIOS-interrupt for screen-operations is 10h, there are several ways of formatting the screen to graphic-modes but at the time being we'll stick with plain text. Let's take an example...

[ORG 100h]

jmp start

two dw 2

three dw 3

start: mov ax, two

add ax, three

mov si, ax

call msg

ret

msg: lodsb

or al, al

jz done

mov ah, 0Eh

mov bx, 07h

int 10h

jmp msg

done: ret

As you can see, it's still quite simple. the main difference compared to the first time you saw this little 'proggie' is that we don't reserve RAM-space for the result, we move it to SI and then print it to the screen. If you can't quite figure out the or al, al part, it's used to check if the SI-string returns 0 (empty/NULL). If it does, the program considers the string to be empty and doesn't print anything (it returns to the 'main'-part of the program). Well, i guess it's about time i gave you a small challenge for 'those little grey cells' as Hercule Poirot would have said it. Here goes...

[ORG 7C00h]

lea si, msg

mov ah, 0Eh

print: mov al, [si]

cmp al, 0

jz done

int 10h

inc si

jmp print

done: mov ah, 00h

int 16h

mov ax, 0040h

mov ds, ax

mov word[0072h], 0000h

jmp 0FFFFh:0000h

msg db 'Hi, this is a ?'

db 'press a key.', 0

As you might have guessed from the screen-output line, your 'task' is to figure out what this program does (though i wouldn't recommend you running it on a machine untill you've figured it out. Actually that's a good rule with all programs!). Take your time to make cross-references with the different tables provided in this section and then when you've figured it out you might consider how to utilize the feature it provides in your learning process. If you give up (don't be ashamed if you do) drop me a couple of lines, i'll give you an explanatory as soon as i can (after all, the purpose of this site is to share information freely). Another important thing though, is to know what ports to send a signal to. You might know a bit about ports from the internet, I.E. the http-protocol uses port 80 / smtp=25 e.t.c. Likewise, the PC uses ports to contact internal parts. Before i show the table with the port-adresses i think i'd better explain to you how to get/change values in the CMOS-memory, since a number of services can only be utilized fully this way.

First of all, to read or write in the CMOS-RAM, you need to send the adress of the desired block to port 70h. When you've done that, you'll be able to read and write the information to/off that block through port 71h. If you're confused, don't worry. Here's an example...

out 70h, 09h

in ax, 71h

In this simple example, we contacted the CMOS-block where the current year is stored, and pulled that information into ax. Quite simple, as you can see. Now i think it's about time you saw the table with the CMOS block-adresses.

00h seconds.

01h alarm-seconds.

02h minutes.

03h alarm-minutes.

04h hours.

05h alarm-hours.

06h week-day.

07h number of day in the month.

08h month.

09h year.

0Ah status-register A.
bit 7 : update being performed.
bit 4-6 : divisor for time-base frequency.
bit 0-3 : speed-selection.

0Bh status-register B.
bit 7 : stop all update-cycles.
bit 6 : periodical interrupt. bit 5 : alarm interrupt.
bit 4 : update finished interrupt.
bit 3 : reg. A, square-impulse.
bit 2 : 1=calendar is in binary format.
bit 2 : 0=calendar is in BCD format.
bit 1 : 1=24-hour clock.
bit 1 : 0=12-hour clock.
bit 0 : summertime.

0Ch status-register C.
bit 7 : IRQF-flag.
bit 6 : PF-flag.
bit 5 : AF-flag.
bit 4 : UF-flag.
bit 0-3 : reserved.

0Dh status-register D.
bit 7 : RTC (real-time-clock) is on external power-supply.
bit 0-6 : reserved.

0Eh diagnostic status byte.
bit 7 : CMOS-RAM has been reset or battery is dead.
bit 6 : bad check-sum.
bit 5 : configuration-error.
bit 4 : memory-size error.
bit 3 : harddisc byte error.
bit 2 : date error.

0Fh restart status byte. This byte is read before restart, I.E. on a return from protected mode.
00h : power on, or soft reset.
01h : memory-size-check ok.
02h : memory-check ok.
03h : memory-check error.
04h : POST (power-on self-test) finished, boot the system.
05h : JMP doubleword with EOL.
06h : protected test ok.
07h : protected test eror.
08h : memory-size-check error.
09h : int 15, block move.
0Ah : JMP doubleword without EOL.
0Bh : used by 386+.

10h indicates the 'name' & type of the floppy-drive.
bit 7-4 : drive A.
bit 3-0 : drive B.
Value;
00h : no drive.
01h : 360 KB.
02h : 1.2 MB.
03h : 720KB.
04h : 1.44MB.

11h for some BIOS's the following values apply;
bit 7-4 : drive C.
bit 3-0 : drive D.
Value;
00h : no drive.
01h : 360 KB.
02h : 1.2 MB.
03h : 720KB.
04h : 1.44MB.

12h indicates the hard-drivetype.
bit 7-4 : first HD.
bit 3-0 : second HD.
Value;
00h : no HD.
01h-0Eh : disc-type 1-15.
0Fh : use content of adr. 19h or 1Ah.

13h reserved.

14h indicates configuration.
bit 7-6.
00h : 1 floppy-drive.
01h : 2 floppy-drives.
10h : 3 floppy-drives (in some BIOS's).
11h : 4 floppy-drives (in some BIOS's).
bit 5-4.
00h : EGA/VGA.
01h : CGA 40x25.
10h : CGA 80x25.
11h : MDA.
bit 1 : co-processor installed.
bit 0 : floppy-drive installed.

15h base-memory LO-byte in KB's.

16h base-memory HI-byte in KB's.

17h expansion-memory LO-byte in KB's.

18h expansion memory HI-byte in KB's.

19h HD-type, when adress 12h (bit 7-4) = 0Fh.

1Ah HD-type, when adress 12h (bit 3-0) = 0Fh.

1Bh reserved.

2Eh checksum HI-byte for adresses 10h-2Dh.

2Fh checksum LO-byte for adresses 10h-2Dh.

30h-31h contains memory-size above 1MB found during POST (power-on self-test).
30h : LO-byte.
31h : HI-byte.

32h contains the BCD-value of the current century.

33h contains following flags after system-start;
bit 7 : system has 128KB RAM in upper part of memory-map, and so has possibility to use shadow-RAM.
bit 6 : first BOOT, after power-on.

Ok, i admit it, that one gets technical. But it's necessary knowledge, if you want to understand the system fully (and know how to manipulate it's data). But it ain't over yet, those are the adresses of the CMOS, you have yet to know about the systems ports! If, at this point, you're getting 'scared' that you won't ever understand it, don't despair. I' don't have any education on this, i taught myself the whole thing by reading and trying for 1½ year (i know that's a long time, but i didn't know anybody that could teach me). That's one of the reasons that i'm doing this, to pass on knowledge i've gained to others FOR FREE (you might have seen the prices on courses in programming, and even though this is not providing you with the same papers afterwards, my goal is to provide as much of the same knowledge as possible).

Books to read...

Ralph Brown : Art of Assembly.
This is (in my humble opinion) the most significant book ever written on the 80x86 ASM-syntax/programming. Every little detail in the language is described (including TSR and protected-mode programming), and it is a 'must-have' for anybody who want's to learn the intricacies of the assembler-language.

David J. Bradley : Assembly language programming for the IBM-PC.
Amongst the numerous books describing assembler-programming for a PC, this hits my personal top-ten. It contains huge amounts of description on how to utilize the components of the computer, and also describes (briefly) how to incorporate assembler-routines into I.E. pascal-programs.

Peter Norton : Programmers guide to the IBM-PC (A.K.A. The Pink-shirt-guy book).
The programmers BIBLE!

Michael Abrash : Zen of code optimization.
A really great book on code-optimization for 386+ processors, and a 'must-have' for any semi-serious+ assembly-programmer.

Robert L. Hummel : Programmers technical reference, the processor and the co-processor.
An excellent book, with references on the 80x86 family from the 8088 to the 80486. It also gives a nice discussion of the 8087 to 80487 co-processors.

Andrew Schulman, Raymond Michels, Jim Kyle, Tim Patterson, David Maxey, Ralph Brown : Undocumented DOS. A programmers guide to reserved MS-DOS functions and data-structures.
This book describes a lot of features available to MS-DOS, that Microsoft never bothered to document. Contains vital information for anybody that wants to program TSR's and protected-mode software.

Section edited by : Berador.

C & C++.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Java.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Pascal.

Section edited by : BurningShadow.

Not yet written. Back to top.

Visual Basic.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Virus souce-code.

666 (NASM).
Avenger (NASM).

If an assembler is specified at the side, you should use this to compile. If none specified, it's MASM.

Download NASM.

Download FASM.

Section edited by :
Sofar it's Berador & BurningShadow.
Berador would like someone to releave him though.
He's got plenty of work with the ASM-section.

Not yet written. Back to top.

Scanners.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Password-crackers.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Trojans.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Tips & tricks.

Section edited by : 'your-name-here?'.

Not yet written. Back to top.

Assembler.	C/C++.	Java.	Pascal.	Visual Basic.
Virii, source-code.	Scanners.	Password-crackers.	Trojans.	Tips & tricks.

[ORG 100h]
	jmp	start
two	dw	2
three	dw	3
result	dw	0
start:	mov	ax, two
	add	ax, three
	mov	result, ax
	ret

00h	division by 0.
01h	single instruction.
02h	non-maskable interrupt (I.E. parity-error).
03h	program-break.
04h	overflow.
05h	print-screen (yup, that's actually an interrupt).
06h	reserved.
07h	reserved.
08h	clock.
09h	keyboard.
0Ah	reserved.
0Bh	communication.
0Ch	communication.
0Dh	fixed disc.
0Eh	floppy drive.
0Fh	printer.
10h	screen.
11h	signal from outer unit.
12h	storage-size.
13h	fixed/floppy disc.
14h	communication.
15h	tape-unit.
16h	keyboard.
17h	printer.
18h	ROM-extensions.
19h	boot-routine.
1Ah	system-clock.
1Bh	CTRL-BREAK routine (yup, another interrupt used as a 'system-command').
1Ch	routine, executed at every timer-tick (~18 times a second).
1Dh	setup of screen-parameters.
1Eh	parameters for floppy-drive.
1Fh	graphical tokens for colour-screens (ASCII-codes 128-255).
40h	used by the system for the fixed discs.
41h	parameters for fixed discs.

20h	end program (same as the DOS-function 00h).
21h	DOS-functions (see the next table).
22h	adress for a programs jumpback to DOS.
23h	executed when a CTRL-BREAK is performed.
24h	executed in case of errors.
25h	direct read from disc.
26h	direct write to disc.
27h	terminate program, but keep resident (similar to DOS-function 31h, which should be used in preference).
28h-2Eh	reserved for DOS.
2Fh	switch between processes.
30h-3Fh	reserved for DOS.
33h	used by mouse.
40h-5Bh	reserved.
60h-66h	reserved for user-written programs.
67h	used by EMM.
68h-7Fh	unused.
80h-85h	reserved.
86h-F0h	used by the system.
F1h-FFh	unused.

00h	terminate program, same as DOS-interrupt 20h.
01h	read one character from keyboard, and print it on screen.
02h	print one character on the screen.
03h	read character from transmission-line.
04h	send character to transmissin-line.
05h	send character to std.printer.
06h/07h/08h	read character from keyboard.
09h	write a string to printer.
0Ah	read a string from the keyboard to the keyboard-buffer.
0Bh	check for input from the keyboard.
0Ch	erase keyboard-buffer and read directly from the keyboard.
0Dh	reset all discs.
0Eh	select std.disc.
0Fh	open file (see 3Dh).
10h	close file (see 3Eh).
11h	find file-entry in catalogue.
12h	find next file-entry in the catalogue.
13h	erase a file.
14h	read next record.
15h	write next record.
16h	make file (see 3Ch).
17h	(re)name file (see 56h).
18h	unused.
19h	find actual/active disc.
1Ah	set adress for read & write to disc.
1Bh	supplies information about the allocation-table for the actual/active disc.
1Ch	supplies information about the allocation-table for a specified disc.
1Dh	not used.
20h	not used.
21h	read record from specified adress to disc-buffer.
22h	write record to specified adress.
23h	find file-size.
24h	prepare read & write to specified adress.
25h	set adress of specified interrupt.
26h	create a new program-segment.
27h	read block from specified adress.
28h	write block to specified adress.
29h	read and enterpret file-name.
2Ah	read date.
2Bh	set date.
2Ch	read time.
2Dh	set time.
2Eh	set disc write-verification on/off.
2Fh	read the adress of the disc-buffer.
30h	read DOS-number (version).
31h	terminate program, but keep resident.
32h	unused.
33h	enable/disable the CTRL-BREAK function.
34h	unused.
35h	find adress of specified interrupt.
36h	read free space on disc.
37h	unused.
38h	find or set country-specific information (time-formats e.t.c. It can also set the table for alphabetical signs that should be changeable to upper-case).
39h	make directory.
3Ah	remove directory.
3Bh	change directory.
3Ch	make new file (i recommend this one instead of 16h, though you might want to look at 5Bh).
3Dh	open file (recommended, instead of 0Fh, since this one provides user-based acces-priviliges over networks).
3Eh	close file.
3Fh	read a series of tokens from either a file or the keyboard.
40h	write a series of tokens to the screen.
41h	erase file.
42h	search in file.
43h	set file-attributes.
44h	general control of an outer unit (this function has a long row of sub-functions).
45h	get new reference for active/selected file.
46h	set reference to point to selected file.
47h	get catalogue-route for a disc.
48h	reserve storage.
49h	free reserved storage.
4Ah	re-enter a storage-reservation.
4Bh	read and execute selected program.
4Ch	terminate a running program.
4Dh	find return-code from terminated program.
4Eh	find specified file.
4Fh	find next file.
50h-53h	unused.
54h	get status of verify (read/write-control).
55h	unused
56h	rename a file.
57h	find or set time & date for a files catalogue-registration.
58h	unused.
59h	get extended error-code.
5Ah	create non-existing (new) filename.
5Bh	create new file.
5Ch	set or erase acces to a file, or part of a file.
5Dh	unused.
5E00h	find network-name of this machine.
5E02h	set control for printer.
5E03h	find control for printer.
5F02h	find route to outer unit.
5F03h	set route to outer unit.
5F04h	erase route to outer unit.
62h	get adress for programs prefix-area.
65h	get country-specific informations.
66h	find or set key-table (equals the CHCP (CHange Code-Page) command, in DOS).
67h	set number of file-references.
68h	flush file-buffers.

[ORG 7C00h]
	lea	si, msg
	mov	ah, 0Eh
print:	mov	al, [si]
	cmp	al, 0
	jz	done
	int	10h
	inc	si
	jmp	print
done:	mov	ah, 00h
	int	16h
	mov	ax, 0040h
	mov	ds, ax
	mov	word[0072h], 0000h
	jmp	0FFFFh:0000h
msg	db	'Hi, this is a ?'
	db	'press a key.', 0

00h	seconds.
01h	alarm-seconds.
02h	minutes.
03h	alarm-minutes.
04h	hours.
05h	alarm-hours.
06h	week-day.
07h	number of day in the month.
08h	month.
09h	year.
0Ah	status-register A. bit 7 : update being performed. bit 4-6 : divisor for time-base frequency. bit 0-3 : speed-selection.
0Bh	status-register B. bit 7 : stop all update-cycles. bit 6 : periodical interrupt. bit 5 : alarm interrupt. bit 4 : update finished interrupt. bit 3 : reg. A, square-impulse. bit 2 : 1=calendar is in binary format. bit 2 : 0=calendar is in BCD format. bit 1 : 1=24-hour clock. bit 1 : 0=12-hour clock. bit 0 : summertime.
0Ch	status-register C. bit 7 : IRQF-flag. bit 6 : PF-flag. bit 5 : AF-flag. bit 4 : UF-flag. bit 0-3 : reserved.
0Dh	status-register D. bit 7 : RTC (real-time-clock) is on external power-supply. bit 0-6 : reserved.
0Eh	diagnostic status byte. bit 7 : CMOS-RAM has been reset or battery is dead. bit 6 : bad check-sum. bit 5 : configuration-error. bit 4 : memory-size error. bit 3 : harddisc byte error. bit 2 : date error.
0Fh	restart status byte. This byte is read before restart, I.E. on a return from protected mode. 00h : power on, or soft reset. 01h : memory-size-check ok. 02h : memory-check ok. 03h : memory-check error. 04h : POST (power-on self-test) finished, boot the system. 05h : JMP doubleword with EOL. 06h : protected test ok. 07h : protected test eror. 08h : memory-size-check error. 09h : int 15, block move. 0Ah : JMP doubleword without EOL. 0Bh : used by 386+.
10h	indicates the 'name' & type of the floppy-drive. bit 7-4 : drive A. bit 3-0 : drive B. Value; 00h : no drive. 01h : 360 KB. 02h : 1.2 MB. 03h : 720KB. 04h : 1.44MB.
11h	for some BIOS's the following values apply; bit 7-4 : drive C. bit 3-0 : drive D. Value; 00h : no drive. 01h : 360 KB. 02h : 1.2 MB. 03h : 720KB. 04h : 1.44MB.
12h	indicates the hard-drivetype. bit 7-4 : first HD. bit 3-0 : second HD. Value; 00h : no HD. 01h-0Eh : disc-type 1-15. 0Fh : use content of adr. 19h or 1Ah.
13h	reserved.
14h	indicates configuration. bit 7-6. 00h : 1 floppy-drive. 01h : 2 floppy-drives. 10h : 3 floppy-drives (in some BIOS's). 11h : 4 floppy-drives (in some BIOS's). bit 5-4. 00h : EGA/VGA. 01h : CGA 40x25. 10h : CGA 80x25. 11h : MDA. bit 1 : co-processor installed. bit 0 : floppy-drive installed.
15h	base-memory LO-byte in KB's.
16h	base-memory HI-byte in KB's.
17h	expansion-memory LO-byte in KB's.
18h	expansion memory HI-byte in KB's.
19h	HD-type, when adress 12h (bit 7-4) = 0Fh.
1Ah	HD-type, when adress 12h (bit 3-0) = 0Fh.
1Bh	reserved.
2Eh	checksum HI-byte for adresses 10h-2Dh.
2Fh	checksum LO-byte for adresses 10h-2Dh.
30h-31h	contains memory-size above 1MB found during POST (power-on self-test). 30h : LO-byte. 31h : HI-byte.
32h	contains the BCD-value of the current century.
33h	contains following flags after system-start; bit 7 : system has 128KB RAM in upper part of memory-map, and so has possibility to use shadow-RAM. bit 6 : first BOOT, after power-on.