Re: Hooking vectors
There are certain locations in memory that the operating system
keeps pointers to location of subroutines in memory. Some of these
locations are where the operating systems looks when ( example - )
you receive some data on a port. This causes a interrupt of of the
computers processor. The processor then depending on which port
receives the data goes to the memory location for that port and gets the
address that is store there and calls this address. The software thqat
the processor calls then gets the data from the requested port
The operating system keeps this list of all these service routines
addresses for each hardware device in your system. This place in memory
is called the interrupt vectors because when the hardware interrupts
the processor it vectors off of this area to the service routine.
This called servicing a hardware interrupt.
Hooking a vector means to go an replace this vector (address pointer)
with a address pointer of a different service routine and then calling
the orginal service routine from the new service routine.
example
We could get the address pointer of the keyboard routine
save it and replace it with the address pointer of a new routine to see if
someone has typed the letter "A" on the keyboard take some action
and pass everything typed on the keyboard to the original service routine.
This allows us to monitor the keyboard an take some special action.
when ever we see the letter "A"
In other words we are hook into the interrupt.
This is done by a special program called a TSR ( terminate and stay
resident ) Which takes care of replacing and redirecting the interrupt
vectors.
In addition to Hardware Interrupt vectors. There are other operating
system memory locations that vector into the BIOS ( Basic Input Output
System ) Which contain software vectors to Operating System software.
We call these by filling the hardware registers with certain values
and use a special instruction called a software interrupt.
These are specific memory locations ( or vectors ) reserved by the
operating system for software pointers to routines. When use a software
interrupt like INT21 ( this means interrupt 21 ) the processor will
go to a specific location and get the address pointer from that location
and go to the software routine that it is pointing to an run that
routine. Because the number of vectors is limited. We load a number into
a register like MOV AH,03H ( the hex number three into the High bits
of a 16 bit register called A ) Now when we use an interrupt INT21
the processor will go to the int21 vector and take the address pointer
and call the routine that it is pointed to. That routine will then
look in the A register and see that we want it to use the third routine
to perform our task. In this way by using different numbers in the A
register we can do different tasks and only use one interrupt.
This Specific area in memory is called the VECTOR TABLE and is defined
as a table of pointers. Interrupt vectors are held in 256 four byte fields
that take up the lowest 1024bytes of memory. Each field holds the address
of an interrupt routine. INT 0 is pointed to by the first vector, INT 1
by the second vector, etc. Dont forget each one takes up four-bytes.
If you want to know what each vector contains you will have to look in a
book.
Some vectors are used by the hardware, some by the BIOS and some are used
by software.
So you can create your own software interrupts ( using unoccupied vectors )
or hook into some other user's vector as long follow the correct rules
that are required.
Assembler requires that you learn something about the hardware. An it
will take some time to learn. With each new type of processor a new
additional set of instructions has to be learned to take full advantage
of that processor. Older Assembly instructions will work on new processors
but will not be as efficient. In other words new processors are backwords
compatible to old instructions.
valarrow is a older but good assembler ( generates 16 bit code )
NASM is a newer assembler ( generates 32 bit code )
Check these out I think they are have freeware licenses.
Also look at some of the assembler routines on the Euphoria Web site
In Euphoria we can't use assembler directly in our programs we have
to put the instructions directly in MACHINE CODE which are just hex bytes
of instructions these are the binary number that come out of an assember
program. You will notice in Euphoria asembler the equivelent machine
instructs to the right of these programs in the comments.
example if you write MOV AH,03H thats some humans can understand it
in MACHINE CODE or binary code which the computer understands the
assembler would output - B4 03
( this is how it would look in hexidecimal format as that instruction )
Bernie
|
Not Categorized, Please Help
|
|
