DOS ain't dead

Hello,

while playing with the "boot" variant of Debug, I realized that the MS-DOS v7.1 kernel ( Win 98 SE ) can be convinced of not touching interrupt vectors 1 and 3 if signature "JP" is located at [CS:IP-2] of vector 1. Thus the debugger remains active until the cmd prompt appears.

Is this some kind of "standard", also used by other DOS kernel variants? Found nothing about that in RBIL.

---
MS-DOS forever!

> Hello,
>
> while playing with the "boot" variant of Debug, I realized that the MS-DOS
> v7.1 kernel ( Win 98 SE ) can be convinced of not touching interrupt
> vectors 1 and 3 if signature "JP" is located at [CS:IP-2] of vector 1. Thus
> the debugger remains active until the cmd prompt appears.
>
> Is this some kind of "standard", also used by other DOS kernel variants?
> Found nothing about that in RBIL.

This is the first I hear of it. Usually I patch the kernel, eg lDOS patchdeb or FreeDOS kernel config "CheckDebugger" setting, or a binary patch for MS-DOS kernels without sources.

When running without such a patch, a bootable lDebug command like tp FFFFFF while ! value from linear 0:1 * 4 length 3 * 4 in writing silent 1 does it. This command traces the kernel until it gets to an instruction that's about to write to the IVT entries for int 1, 2, or 3. This is usually a mov or stosw. Crucially, this returns control to the debugger terminal before executing the instruction that would write to the IVT. It does rely on the kernel not calling an interrupt service to do its IVT writes, or we might need to enable Trace Mode.

---
l

> This is the first I hear of it.

So the answer is "No". In the meantime I tested MS-DOS 7.1, EDR-DOS and FreeDOS, and it's true, just MS-DOS knows the signature. Fortunately, it's no problem with both EDR-DOS and FreeDOS, since they change int vectors 0,1 and 3 at the very same occasion, so one can set a write watchpoint at address 0000:0000 to catch it - while MS-DOS first changes vectors int 1 & 3, then, significantly later, int 0. And setting a watchpoint at address 0000:0004 simply "doesn't work" .

EDIT: MS-DOS 6.22 regretably doesn't know the "JP" signature, so it's probably safe to assume that it's a v7.1 (or v7.x) feature only. It can be patched, though: search for hex string "BF 04 00 BB" in file IO.SYS and change the next 6 occurances of AB -> 90 (STOSW -> NOP).

> 1 does it. This command traces the kernel until it gets to an
> instruction that's about to write to the IVT entries for int 1, 2, or 3.
> This is usually a mov or stosw. Crucially, this
> returns control to the debugger terminal before executing the
> instruction that would write to the IVT.

Very sophisticated! A "simple solution" is still preferable, however.

---
MS-DOS forever!