Re: Hooking vectors
- Posted by Bernie Ryan <bwryan at PCOM.NET> Feb 26, 1999
- 406 views
There are certain locations in memory that the operating system keeps pointers to location of subroutines in memory. Some of these locations are where the operating systems looks when ( example - ) you receive some data on a port. This causes a interrupt of of the computers processor. The processor then depending on which port receives the data goes to the memory location for that port and gets the address that is store there and calls this address. The software thqat the processor calls then gets the data from the requested port The operating system keeps this list of all these service routines addresses for each hardware device in your system. This place in memory is called the interrupt vectors because when the hardware interrupts the processor it vectors off of this area to the service routine. This called servicing a hardware interrupt. Hooking a vector means to go an replace this vector (address pointer) with a address pointer of a different service routine and then calling the orginal service routine from the new service routine. example We could get the address pointer of the keyboard routine save it and replace it with the address pointer of a new routine to see if someone has typed the letter "A" on the keyboard take some action and pass everything typed on the keyboard to the original service routine. This allows us to monitor the keyboard an take some special action. when ever we see the letter "A" In other words we are hook into the interrupt. This is done by a special program called a TSR ( terminate and stay resident ) Which takes care of replacing and redirecting the interrupt vectors. In addition to Hardware Interrupt vectors. There are other operating system memory locations that vector into the BIOS ( Basic Input Output System ) Which contain software vectors to Operating System software. We call these by filling the hardware registers with certain values and use a special instruction called a software interrupt. These are specific memory locations ( or vectors ) reserved by the operating system for software pointers to routines. When use a software interrupt like INT21 ( this means interrupt 21 ) the processor will go to a specific location and get the address pointer from that location and go to the software routine that it is pointing to an run that routine. Because the number of vectors is limited. We load a number into a register like MOV AH,03H ( the hex number three into the High bits of a 16 bit register called A ) Now when we use an interrupt INT21 the processor will go to the int21 vector and take the address pointer and call the routine that it is pointed to. That routine will then look in the A register and see that we want it to use the third routine to perform our task. In this way by using different numbers in the A register we can do different tasks and only use one interrupt. This Specific area in memory is called the VECTOR TABLE and is defined as a table of pointers. Interrupt vectors are held in 256 four byte fields that take up the lowest 1024bytes of memory. Each field holds the address of an interrupt routine. INT 0 is pointed to by the first vector, INT 1 by the second vector, etc. Dont forget each one takes up four-bytes. If you want to know what each vector contains you will have to look in a book. Some vectors are used by the hardware, some by the BIOS and some are used by software. So you can create your own software interrupts ( using unoccupied vectors ) or hook into some other user's vector as long follow the correct rules that are required. Assembler requires that you learn something about the hardware. An it will take some time to learn. With each new type of processor a new additional set of instructions has to be learned to take full advantage of that processor. Older Assembly instructions will work on new processors but will not be as efficient. In other words new processors are backwords compatible to old instructions. valarrow is a older but good assembler ( generates 16 bit code ) NASM is a newer assembler ( generates 32 bit code ) Check these out I think they are have freeware licenses. Also look at some of the assembler routines on the Euphoria Web site In Euphoria we can't use assembler directly in our programs we have to put the instructions directly in MACHINE CODE which are just hex bytes of instructions these are the binary number that come out of an assember program. You will notice in Euphoria asembler the equivelent machine instructs to the right of these programs in the comments. example if you write MOV AH,03H thats some humans can understand it in MACHINE CODE or binary code which the computer understands the assembler would output - B4 03 ( this is how it would look in hexidecimal format as that instruction ) Bernie