Introduction to soft interrupt

Interrupt service program Keywords: soft interrupt, interrupt vector, interrupt vector table, TSR memory resident, DOS re-entry, interrupt request, segment address, offset, register, BIOS, DOS, setVect (), getVect (), Keep (), Disable (), enable (), GenInterrupt (), INT86 (), Interrupt For a general C language enthusiast, how to use interrupt routines in C, this problem should be very familiar, for example, we You can use the INT86 () function to invoke the disk physical sector to operate directly, or the 33H number can be called 33H, and the mouse cursor or the like can be displayed on the screen via the INT86 () function. In fact, 13h is good, 33H, which is just some functions, the parameters of these functions pass through the registers of the CPU. The interrupt number is only the start memory unit indirectly pointing to the function of the function, saying that it is indirect, that is, the start segment address and offset of the function are calculated by the interrupt number by one method (specific Operation, the following will explain it). As a result, the programmer does not need to write the user's program with too much time, as long as setting the parameters in their own program, then call the BIOS or DOS's interrupt service program, greatly reduce the program. Development difficulty, shorten the program development cycle. So since the interrupt is a function, it can be called by the user, and the user is arbitrarily written. The first 1024 bytes of computer memory saves 256 interrupt vectors, and each interrupt vector accounts for 4 bytes, and the first two bytes saves the entry address offset of the interrupt service. The latter two bytes save the entry segment address of the interrupt program, as long as they are transferred into register IP and CS, they can transfer the interrupt service program to implement interrupt calls. Whenever the interrupt occurs, the CPU multiplies the interrupt number in 4, and obtains the interrupt vector address in the interrupt vector table, and then obtains the IP and CS values ​​to go to the inlet address of the interrupt service program, call interrupt. This is the basic process of interrupt service programs through interrupt number. When the computer is started, the BIOS fills the basic interrupt into the interrupt vector table. After the DOS gets the system control, it is necessary to fill some interrupt vectors in the table, and modify a part of the BIOS interrupt vector. A portion of the interrupt vector is that the system is reserved for users, such as 60H to 67H, and users can write their own interrupt service programs into these interrupt vectors. Not only that, but users can change and improve the system existing interrupt vector. In C language, a new function type Interrupt is provided, specifically used to define interrupt service programs, such as interrupt service programs we can write: / * Example 1: Interrupt service program * / void interrupt INT60 () {PUTS ("This is an esample");} The function of the interrupt is to display a string, why not use the printf () function? This involves the issue of DOS, will be introduced later. A simple interrupt service program is written, how to fill in its function entry address to the interrupt meter, so that when the interrupt is generated, it will be transferred to the interrupt service program to execute it? Here you need to use the setVect () and getvect () functions. SetVect () has two parameters: the entry address of the interrupt number and function, which is functionally installed to the specified function to the specified interrupt vector, the getVect () function has a parameter: interrupt number, return value is the entry address of the interrupt .

Before installation interrupts, it is best to use the disable () function to turn off the interrupt to prevent new interrupts during the installation process. After the program is running confusion, after the installation is complete, use the enable () function to open interrupts, so that the program is running normally . Now we can enrich the above example: / * Example 2: Interrupt service program writing, installation, and use * / #include #include #ifdef __cplusplus #define __ARGU ... #ELSE #define __ARGU # endifvoid Interrupt INT60 (__ARGU) / * Interrupt Service Function * / {PUTS ("This Is An Example");} Void Install (VOID INTERRUPT (* FADD) (__ argu), int Num) / * Installation Interrupt * / {Disable (); / * Close Interrupt * / setVect (NUM, FADD); / * Settings Interrupt * / Enable (); / * Open Interrupt * /} void main () {install (int60, 0x60); / * Install the INT60 function to 0x60 interrupt * / geninterrupt (0x60); / * Artificial 0x60 interrupt * /} Have a certain experience of readers easy to get the execution result of the program: Show "this is an example" on the screen ". These are described in writing and installing the interrupt service program. Talk below talks about the writing and use of the internal storage (TSR). In the C language, you can use the Keep () function to resident in memory. This function has two parameters: status and size. Size is the length of the memory, you can use size = _ss _SP / 16-_PSP, of course, this is also an estimated method, not accurate value. After the function is executed, the exit status information is saved in STATUS. For example, for the example above, "GenInterrupt (0x60);" rewritten into "Keep (0, _ss _SP / 16-_PSP);" After executing the program, this program is residing, after which In software or programming, as long as the 60H interrupt is used, the word "this is an example!" Is displayed on the screen. To restore the system's definition of the 60H interrupt, you can only restart your computer. The example above is actually very imperfect. It does not consider the status of the DOS system environment. It does not consider whether the program has resident in memory, and does not consider exiting memory residence. For the second question, it is also very easy to solve: the execution program starts to read a function interrupt entry address (such as 63H interrupt) to determine whether it is empty (NULL), if it is empty, set this address as non-empty Resident in memory, if it is non-empty, it has resided and exited the program. This step is very important, otherwise it will cause the system to crash due to repeated resident occupancy. As for other two problems, there are not many instructions here, and interested readers can refer to some books. Not only that, we can also call the memory resident program by using the hotkey under DOS. For example, after the "Hope Dictionary" comes with the "Hope Dictionary" to resident memory, press the CTRL F11 key at any time to activate the program, and the dictionary interface appears. There is a micro-process chip in the keyboard of the microcomputer, used to scan and detect the pressing and release status of each button. Most buttons have a scan code to inform the CPU current state, but some special keys such as PrintScreen, Ctrl Break will not generate scanning code, and directly generate interrupts.

Because of this, we can point the interrupt number generated by Ctrl Break to our own written program entry address, then after the Ctrl Break is pressed, the system will call our own programs to execute, this is actually modified Interrupt vector of Ctrl Break. As for other buttons activation programs, the captured scan code can be used to interrupt the captured scan code in the 9H keyboard, which is not described here. For example, after executing the following program, return the DOS system, press Ctrl Break when arbitrary, turn red. /? NEWINT (__ argu); / * Function declaration * / void install (*_ argu), int Num); int main () {install (newint, 0x1b); / * Ctrl Break interrupt number: 1bh * / Keyp (0, _SS (_ SP / 16) -_ psp); / * Resident Program * / Return 0;} void interrupt newint (__ argu) {textbackground (4); / * Setting the bottom color * / clrs CRSCR ( ); / * Clear screen * /} Void Install (__ argu), int Num) {Disable (); setVect (NUM, FADD); / * Settings interrupt * / enable ();} Due to 13H The interrupt is the disk interrupt service program provided by the BIOS. For applications under DOS, they are implemented by calling this interrupt. There are many viruses under DOS like to modify the 13H interrupt to destroy the system, for example, modify the 13H interrupt service program, change it to: / * Example 4: Viral program pseudo code * / void interrupt new13 (__ argu) {iF (Virus seizure conditions) {Modified entry parameters point to the virus program entry address; execute the virus code;} Call the original 13h interrupt;} As long as one software (such as edit.com, etc.) is operational and the virus session condition is mature The virus is activated. Of course, this will result in a reduction in available memory space, which is easy to discover by the user. Some "smart" viruses will modify other interrupt vectors, allowing the memory size and actual phase of the system report. There is also a virus that when the user is discovered to track it through some programs (such as Debug.com, etc., it will sneak away, and the basic principle is still related to the modified interrupt. The hard disk 0-faced 1 sector (Side 0 Cylinder 0 Sector 1) saves important boot information, once it is broken, the computer will not recognize the hard disk. We can write a program to prevent any software (including viruses) from performing "writing" operations to this area to a certain extent, and its basic principle is to modify the 13H interrupt vector and resident in memory. Monitor each detail of software (including viruses) to disk operation. Reader Please note: This program does not consider the exit of memory resident. If you want to recover 13H interrupt, restart your computer.

/ * Example 5: Main boot sector protection, please compile with Turbo C 2.0, MBSP.C * / # include #include #include #define stsize 8192 # define PSP_ENV_PSP 0x2C # Define Para (x) ((FP_OFF ​​(X) 15) >> 4) Typef struct {UNSIGNED BP, DI, Si, DS, ES, DX, CX, BX, AX, IP, CS, Flags; INTERRUPT_PARAMETER; void install (void interrupt (* faddress) (), int num); void interrupt new13 (INTERRUPT_PARAMETER p); int main () {union rEGS regs; struct sREGS sregs; unsigned mem; unsigned far * pointer; char far * Stack; Printf ("/ n << Master Boot Sector Protector >> Version 1.0 / n / n"); if ((stack = malloc (stsize)) == null) {Printf ("Not Enough Memory! / N") EXIT (1);} if (getvect (0x62)! = Null) {Printf ("already installed! / N"); exit (1);} install (getvect (0x13), 0x62); install (new13, 0x13 ); Pointer = MK_FP (_PSP, PSP_ENV_PSP); FreeMem (* Pointer); SEGREAD (& SREGS); MEM = SREGS.DS PARA (STACK) -_PSP; setBlock (_PSP, MEM); Keep (0, MEM); Return 0;} Void Install (Void Interrupt (* faddress) (), INT NUM) {Disable (); setVect (NUM, FADDRESS); Enable ();} void interrupt new13 (Interrupt_Parameter P) {P .ax = _ax; p.dx = _cx; p.dx = _dx; if (_ah == 0x03 && _CH == 0 && _ CL == 0x01 && _ DH == 0 && _ DL == 0x80) Return; enable (); genterrupt (0x62); disable () _Ax = p.ax; _dx = p.cx; _dx = p.dx; return;} Description: Before using this program Scan, confident that there is no virus in your computer; 2 readers with computer assembly language can write a new bootstrap, first reside in memory, then call the original bootstrap, so that there is no system control over the virus Previously turned on the protection function. Finally, the DOS system re-entry problem. DOS is a single user single task operating system. If the program is interrupted during the execution, it is possible to cause operational operation because it destroys the original program running environment, which is disastrous.