search

FDOS / freecom

FreeDOS Command Shell (command.com)
http://www.freedos.org/
GNU General Public License v2.0
154 stars 39 forks source link

LOADFIX enables the UMB link when executing its command and leaves it enabled afterwards #10

Closed ecm-pushbx closed 5 years ago

ecm-pushbx commented 5 years ago

The following log shows that the UMB link is disabled at first (11B1h => MCB has "Z"), then when loading the debugger with LOADFIX, the UMB link is enabled (1EDCh => MCB has "M"), and afterwards loading the debugger without LOADFIX again, the UMB link is still enabled (11B1h => MCB has "M").

https://github.com/FDOS/freecom/blob/b2e3151f41967632ee161da3d59810c763a49563/shell/loadhigh.c#L196 calls "initialise()" which calls down into "findUMBRegions()" even for LOADFIX (instead of LOADHIGH), which explains how "dosSetUMBLinkState(1)" is called (and why the UMB link state is on during execution of the LOADFIXed command). However, I don't know how the "dosSetUMBLinkState(old_link)" call in https://github.com/FDOS/freecom/blob/b2e3151f41967632ee161da3d59810c763a49563/shell/loadhigh.c#L243 is defeated. Maybe the stack is corrupted?

$ dosemu -dumb
dosemu2 2.0pre8-20180929-436-g31af7ab08
Configured: 2018-09-30 09:36:27 +0200
Please test against a recent version before reporting bugs and problems.
Get the latest code at http://stsp.github.io/dosemu2
Submit Bugs via https://github.com/stsp/dosemu2/issues
Ask for help in mail list: linux-msdos@vger.kernel.org

FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]
Kernel compatibility 7.10 - BORLANDC - FAT32 support

(C) Copyright 1995-2012 Pasquale J. Villani and The FreeDOS Project.
All Rights Reserved. This is free software and comes with ABSOLUTELY NO
WARRANTY; you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation;
either version 2, or (at your option) any later version.
C: HD1, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
D: HD2, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
E: HD3, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
F: HD4, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
dosemu XMS 3.0 & UMB support enabled                                           
dosemu EMS driver rev 0.8 installed.
EMUFS host file and print access available
Kernel: allocated 30 Diskbuffers = 15960 Bytes in HMA
BLASTER=A220 I5 D1 H5 P330 T6
MIDI=SYNTH:2 MAP:E MODE:0
Welcome to dosemu2!
    Build 2.0pre8-20180929-436-g31af7ab08
C:\>ldebug
Determining processor type
Found 186+ processor
Found 286+ processor
Found 386+ processor
Found 486+ processor
Found processor with CPUID support
Executing CPUID 0
CPUID 0 executed
Executing CPUID 1
CPUID 1 executed
Determining floating-point unit

-dm
PSP: 11B2
02B4 4D 0008 000D    208 B SD
02C2 4D 02D6 0012    288 B LDEBUG
02D5 4D 02D6 0EDB   59 KiB LDEBUG
11B1 5A 11B2 8E4D  569 KiB DEBUGGEE
9FFF 4D 0008 0001     16 B SC
A001 4D C21D 0040   1024 B COMMAND
A042 4D 0000 0FBC   62 KiB
AFFF 4D 0008 1100   68 KiB SC
C100 4D 0008 011B    4 KiB SD
C21C 4D C21D 00BC    2 KiB COMMAND
C2D9 4D 0000 1D25  116 KiB
DFFF 4D 0008 1000   64 KiB SC
F000 4D 0000 036E   13 KiB
F36F 5A 0000 0090    2 KiB
-q
C:\>loadfix ldebug
Determining processor type
Found 186+ processor
Found 286+ processor
Found 386+ processor
Found 486+ processor
Found processor with CPUID support
Executing CPUID 0
CPUID 0 executed
Executing CPUID 1
CPUID 1 executed
Determining floating-point unit

-dm
PSP: 1EDD
02B4 4D 0008 000D    208 B SD
02C2 4D C21D 0D3D   52 KiB COMMAND
1000 4D 1001 0EDB   59 KiB LDEBUG
1EDC 4D 1EDD 8122  516 KiB DEBUGGEE
9FFF 4D 0008 0001     16 B SC
A001 4D C21D 0040   1024 B COMMAND
A042 4D 0000 0FBC   62 KiB
AFFF 4D 0008 1100   68 KiB SC
C100 4D 0008 011B    4 KiB SD
C21C 4D C21D 00BC    2 KiB COMMAND
C2D9 4D 0000 1D25  116 KiB
DFFF 4D 0008 1000   64 KiB SC
F000 4D 0000 03EC   15 KiB
F3ED 5A 1001 0012    288 B LDEBUG
-q
C:\>ldebug
Determining processor type
Found 186+ processor
Found 286+ processor
Found 386+ processor
Found 486+ processor
Found processor with CPUID support
Executing CPUID 0
CPUID 0 executed
Executing CPUID 1
CPUID 1 executed
Determining floating-point unit

-dm
PSP: 11B2
02B4 4D 0008 000D    208 B SD
02C2 4D 02D6 0012    288 B LDEBUG
02D5 4D 02D6 0EDB   59 KiB LDEBUG
11B1 4D 11B2 8E4D  569 KiB DEBUGGEE
9FFF 4D 0008 0001     16 B SC
A001 4D C21D 0040   1024 B COMMAND
A042 4D 0000 0FBC   62 KiB
AFFF 4D 0008 1100   68 KiB SC
C100 4D 0008 011B    4 KiB SD
C21C 4D C21D 00BC    2 KiB COMMAND
C2D9 4D 0000 1D25  116 KiB
DFFF 4D 0008 1000   64 KiB SC
F000 5A 0000 03FF   15 KiB
-q
C:\>
ecm-pushbx commented 5 years ago 
$ dosemu -dumb
dosemu2 2.0pre8-20180929-436-g31af7ab08
Configured: 2018-09-30 09:36:27 +0200
Please test against a recent version before reporting bugs and problems.
Get the latest code at http://stsp.github.io/dosemu2
Submit Bugs via https://github.com/stsp/dosemu2/issues
Ask for help in mail list: linux-msdos@vger.kernel.org

FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]
Kernel compatibility 7.10 - BORLANDC - FAT32 support

(C) Copyright 1995-2012 Pasquale J. Villani and The FreeDOS Project.
All Rights Reserved. This is free software and comes with ABSOLUTELY NO
WARRANTY; you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation;
either version 2, or (at your option) any later version.
C: HD1, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
D: HD2, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
E: HD3, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
F: HD4, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
dosemu XMS 3.0 & UMB support enabled                                           
dosemu EMS driver rev 0.8 installed.
EMUFS host file and print access available
Kernel: allocated 30 Diskbuffers = 15960 Bytes in HMA
BLASTER=A220 I5 D1 H5 P330 T6
MIDI=SYNTH:2 MAP:E MODE:0
Welcome to dosemu2!
    Build 2.0pre8-20180929-436-g31af7ab08
C:\>ldebug
Determining processor type
Found 186+ processor
Found 286+ processor
Found 386+ processor
Found 486+ processor
Found processor with CPUID support
Executing CPUID 0
CPUID 0 executed
Executing CPUID 1
CPUID 1 executed
Determining floating-point unit

-a
11B2:0100 mov ax, 3521
11B2:0103 int 21
11B2:0105 mov word [80], bx
11B2:0109 mov word [82], es
11B2:010D mov dx, 130
11B2:0110 mov ax, 2521
11B2:0113 int 21
11B2:0115 mov dx, (200 >> 4) 
11B2:0118 mov ax, 3100
11B2:011B int 21
11B2:011D 
-a 130
11B2:0130 cmp ax, 5803
11B2:0133 jne 140
11B2:0135 int3
11B2:0136 nop
11B2:0137 nop
11B2:0138 nop
11B2:0139 nop
11B2:013A nop
11B2:013B nop
11B2:013C nop
11B2:013D nop
11B2:013E nop
11B2:013F nop
11B2:0140 jmp far [cs:80]
11B2:0145 
-r dco |= 8
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=11B2 SS=11B2 CS=11B2 IP=0100 NV UP EI PL ZR NA PE NC
11B2:0100 B82135            mov     ax, 3521
-t
AX=3521 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=11B2 SS=11B2 CS=11B2 IP=0103 NV UP EI PL ZR NA PE NC
11B2:0103 CD21              int     21
-
AX=3521 BX=F500 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=0105 NV UP EI PL ZR NA PE NC
11B2:0105 891E8000          mov     [0080], bx                     ds:0080=0000
-
AX=3521 BX=F500 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=0109 NV UP EI PL ZR NA PE NC
11B2:0109 8C068200          mov     word [0082], es                ds:0082=000D
-
AX=3521 BX=F500 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=010D NV UP EI PL ZR NA PE NC
11B2:010D BA3001            mov     dx, 0130
-
AX=3521 BX=F500 CX=0000 DX=0130 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=0110 NV UP EI PL ZR NA PE NC
11B2:0110 B82125            mov     ax, 2521
-
AX=2521 BX=F500 CX=0000 DX=0130 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=0113 NV UP EI PL ZR NA PE NC
11B2:0113 CD21              int     21
-
AX=2521 BX=F500 CX=0000 DX=0130 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=0115 NV UP EI PL ZR NA PE NC
11B2:0115 BA2000            mov     dx, 0020
-
AX=2521 BX=F500 CX=0000 DX=0020 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=0118 NV UP EI PL ZR NA PE NC
11B2:0118 B80031            mov     ax, 3100
-
AX=3100 BX=F500 CX=0000 DX=0020 SP=FFFE BP=0000 SI=0000 DI=0000
DS=11B2 ES=F000 SS=11B2 CS=11B2 IP=011B NV UP EI PL ZR NA PE NC
11B2:011B CD21              int     21
-

Program terminated normally (0300)
-tsr
Patched PSP at 11D3, now resident.
-a cs:ip
11D3:0100 mov ax, 4c00
11D3:0103 int 21
11D3:0105 
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=0900 DX=0000 SP=36DE BP=36EC SI=0090 DI=0042
DS=2106 ES=C22D SS=2106 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0000 CX=0900 DX=0008 SP=36DE BP=36EC SI=F370 DI=0042
DS=2106 ES=F36F SS=2106 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
C:\>loadfix lddebug
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=0900 DX=0000 SP=36D6 BP=36E4 SI=0090 DI=0042
DS=9C71 ES=C22D SS=9C71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0000 CX=0900 DX=0008 SP=36D6 BP=36E4 SI=F370 DI=0042
DS=9C71 ES=F36F SS=9C71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0000 CX=1882 DX=34EC SP=374E BP=3754 SI=147A DI=02B4
DS=9C71 ES=00E9 SS=9C71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=11D2 DX=34EC SP=374E BP=3754 SI=1482 DI=8D3D
DS=9C71 ES=8D3D SS=9C71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=0000 BX=0000 CX=00FF DX=11D3 SP=0000 BP=091E SI=0140 DI=0000
DS=11D3 ES=11D3 SS=11D3 CS=11D3 IP=C7AB NV UP EI PL NZ NA PO NC
11D3:C7AB 8CD8              mov     ax, ds
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=00FF DX=80D3 SP=FFF6 BP=091E SI=0140 DI=0000
DS=11D3 ES=11D3 SS=11D3 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=0012 DX=0001 SP=FFF6 BP=008F SI=0140 DI=0000
DS=11D3 ES=11D3 SS=11D3 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
~-q
Unexpected breakpoint interrupt
AX=5803 BX=5800 CX=0000 DX=355C SP=3760 BP=3766 SI=0000 DI=0000
DS=D657 ES=C22D SS=D657 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
C:\>lddebug
Unexpected breakpoint interrupt
AX=0000 BX=0000 CX=00FF DX=11E6 SP=0000 BP=091E SI=0140 DI=0000
DS=11E6 ES=11E6 SS=11E6 CS=11E6 IP=C7AB NV UP EI PL NZ NA PO NC
11E6:C7AB 8CD8              mov     ax, ds
-g 
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=00FF DX=80D3 SP=FFF6 BP=091E SI=0140 DI=0000
DS=11E6 ES=11E6 SS=11E6 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=03FF DX=0001 SP=FFF6 BP=008F SI=0140 DI=0000
DS=11E6 ES=11E6 SS=11E6 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
~-q
C:\>loadfix lddebug
Unexpected breakpoint interrupt
AX=5803 BX=0000 CX=18A6 DX=34EC SP=374E BP=3754 SI=149E DI=02B4
DS=DC71 ES=00E9 SS=DC71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=11B1 DX=34EC SP=374E BP=3754 SI=14A6 DI=11D2
DS=DC71 ES=11D2 SS=DC71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=0000 BX=0000 CX=00FF DX=11D3 SP=0000 BP=091E SI=0140 DI=0000
DS=11D3 ES=11D3 SS=11D3 CS=11D3 IP=C7AB NV UP EI PL NZ NA PO NC
11D3:C7AB 8CD8              mov     ax, ds
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=00FF DX=80D3 SP=FFF6 BP=091E SI=0140 DI=0000
DS=11D3 ES=11D3 SS=11D3 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
Unexpected breakpoint interrupt
AX=5803 BX=0001 CX=0012 DX=0001 SP=FFF6 BP=008F SI=0140 DI=0000
DS=11D3 ES=11D3 SS=11D3 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-g
~-q
Unexpected breakpoint interrupt
AX=5803 BX=5801 CX=0000 DX=BB94 SP=3760 BP=3766 SI=0000 DI=0000
DS=DC71 ES=C22D SS=DC71 CS=11B2 IP=0136 NV UP DI PL ZR NA PE NC
11B2:0136 90                nop
-d ss:sp l 6
DC71:3760  87 C0 4E CD 97 32      -                        ..N..2
-u cd4e:c087
CD4E:C087 5D                pop     bp
CD4E:C088 C3                retn
CD4E:C089 C8140000          enter   0014, 00
CD4E:C08D 56                push    si
CD4E:C08E 8B7604            mov     si, [bp+04]
CD4E:C091 C746EC002C        mov     word [bp-14], 2C00
CD4E:C096 8D46EC            lea     ax, [bp-14]
CD4E:C099 50                push    ax
CD4E:C09A 6A21              push    +21
CD4E:C09C E8F11C            call    DD90
CD4E:C09F 59                pop     cx
CD4E:C0A0 59                pop     cx
CD4E:C0A1 8B46F0            mov     ax, [bp-10]
CD4E:C0A4 C1E808            shr     ax, 08
-u cd4e:c000
CD4E:C000 FF05              inc     word [di]
CD4E:C002 8B1D              mov     bx, [di]
CD4E:C004 D1E3              shl     bx, 1
CD4E:C006 C7000000          mov     word [bx+si], 0000
CD4E:C00A 8B5E04            mov     bx, [bp+04]
CD4E:C00D 8937              mov     [bx], si
CD4E:C00F 33C0              xor     ax, ax
CD4E:C011 5F                pop     di
CD4E:C012 5E                pop     si
CD4E:C013 5D                pop     bp
CD4E:C014 C3                retn
CD4E:C015 C8040000          enter   0004, 00
CD4E:C019 56                push    si
CD4E:C01A 6A02              push    +02
CD4E:C01C E81030            call    F02F
CD4E:C01F 59                pop     cx
-
CD4E:C020 8946FE            mov     [bp-02], ax
CD4E:C023 837EFE00          cmp     word [bp-02], +00
CD4E:C027 7504              jnz     C02D
CD4E:C029 33C0              xor     ax, ax
CD4E:C02B EB4C              jmp     C079
CD4E:C02D C746FC0000        mov     word [bp-04], 0000
CD4E:C032 837E0400          cmp     word [bp+04], +00
CD4E:C036 742B              jz      C063
CD4E:C038 EB19              jmp     C053
CD4E:C03A 8D4604            lea     ax, [bp+04]
CD4E:C03D 50                push    ax
CD4E:C03E 56                push    si
CD4E:C03F 8D46FC            lea     ax, [bp-04]
-
CD4E:C042 50                push    ax
CD4E:C043 8D46FE            lea     ax, [bp-02]
CD4E:C046 50                push    ax
CD4E:C047 E863FF            call    BFAD
CD4E:C04A 83C408            add     sp, +08
CD4E:C04D 0BC0              or      ax, ax
CD4E:C04F 7402              jz      C053
CD4E:C051 EBD6              jmp     C029
CD4E:C053 FF7604            push    word [bp+04]
CD4E:C056 E8CADE            call    9F23
CD4E:C059 59                pop     cx
CD4E:C05A 8BF0              mov     si, ax
CD4E:C05C 8BD8              mov     bx, ax
CD4E:C05E 803F00            cmp     byte [bx], 00
CD4E:C061 75D7              jnz     C03A
-
CD4E:C063 8B5E06            mov     bx, [bp+06]
CD4E:C066 8B46FC            mov     ax, [bp-04]
CD4E:C069 8907              mov     [bx], ax
CD4E:C06B D1E0              shl     ax, 1
CD4E:C06D 8B5EFE            mov     bx, [bp-02]
CD4E:C070 03D8              add     bx, ax
CD4E:C072 C7070000          mov     word [bx], 0000
CD4E:C076 8B46FE            mov     ax, [bp-02]
CD4E:C079 5E                pop     si
CD4E:C07A C9                leave
CD4E:C07B C3                retn
CD4E:C07C 55                push    bp
CD4E:C07D 8BEC              mov     bp, sp
CD4E:C07F 8B5E04            mov     bx, [bp+04]
CD4E:C082 B80358            mov     ax, 5803
-
CD4E:C085 CD21              int     21
CD4E:C087 5D                pop     bp
CD4E:C088 C3                retn
CD4E:C089 C8140000          enter   0014, 00
CD4E:C08D 56                push    si
CD4E:C08E 8B7604            mov     si, [bp+04]
CD4E:C091 C746EC002C        mov     word [bp-14], 2C00
CD4E:C096 8D46EC            lea     ax, [bp-14]
CD4E:C099 50                push    ax
CD4E:C09A 6A21              push    +21
CD4E:C09C E8F11C            call    DD90
CD4E:C09F 59                pop     cx
CD4E:C0A0 59                pop     cx
CD4E:C0A1 8B46F0            mov     ax, [bp-10]
CD4E:C0A4 C1E808            shr     ax, 08
-g
C:\>exitemu
$

Note the breakpoint being triggered with AX=5803 (Set UMB link state) and BX=5800/5801 (presumably left from the function code in AX, should always be 0 or 1).

ecm-pushbx commented 5 years ago

Here's the script for lDebug to set up the TSR and leave the debugger resident:

a
mov ax, 3521
int 21
mov word [80], bx
mov word [82], es
mov dx, 130
mov ax, 2521
int 21
mov dx, (200 >> 4) 
mov ax, 3100
int 21

a 130
cmp ax, 5803
jne 140
int3
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
jmp far [cs:80]

r dco |= 8
g
tsr
a cs:ip
mov ax, 4C00
int 21

g
ecm-pushbx commented 5 years ago 
-d ss:sp
DC71:3760  87 C0 4E CD 97 32 7A 37-43 25 00 58 C4 13 CE 13 ..N..2z7C%.X....
DC71:3770  01 00 00 00 00 58 66 13-32 13 80 37 18 24 D5 13 .....Xf.2..7.$..
DC71:3780  90 37 2E 16 CE 13 00 00-B8 37 00 00 8C 01 C4 13 .7.......7......
DC71:3790  AC 37 90 18 B8 37 E0 13-E0 13 EB 72 B2 37 B6 05 .7...7.....r.7..
DC71:37A0  02 43 AE 37 00 00 00 00-00 00 00 00 CE 38 10 1C .C.7.........8..
DC71:37B0  B8 37 01 00 06 00 00 00-6C 6F 61 64 66 69 78 20 .7......loadfix
DC71:37C0  6C 64 64 65 62 75 67 00-61 62 30 38 00 2E 63 70 lddebug.ab08..cp
DC71:37D0  78 29 00 38 57 D3 90 0D-E6 D9 C7 DE FB 37 57 D3 x).8W........7W.
-u cd4e:c087-20
CD4E:C067 46                inc     si
CD4E:C068 FC                cld
CD4E:C069 8907              mov     [bx], ax
CD4E:C06B D1E0              shl     ax, 1
CD4E:C06D 8B5EFE            mov     bx, [bp-02]
CD4E:C070 03D8              add     bx, ax
CD4E:C072 C7070000          mov     word [bx], 0000
CD4E:C076 8B46FE            mov     ax, [bp-02]
CD4E:C079 5E                pop     si
CD4E:C07A C9                leave
CD4E:C07B C3                retn
CD4E:C07C 55                push    bp
CD4E:C07D 8BEC              mov     bp, sp
CD4E:C07F 8B5E04            mov     bx, [bp+04]
CD4E:C082 B80358            mov     ax, 5803
CD4E:C085 CD21              int     21
-u cd4e:2543 - 20
CD4E:2523 FF360E04          push    word [040E]
CD4E:2527 E836CA            call    EF60
CD4E:252A 59                pop     cx
CD4E:252B C7060E040000      mov     word [040E], 0000
CD4E:2531 C7060C040000      mov     word [040C], 0000
CD4E:2537 C70608040000      mov     word [0408], 0000
CD4E:253D FF76FA            push    word [bp-06]
CD4E:2540 E8399B            call    C07C
-u cd4e:2543 - 60
CD4E:24E3 FF76FE            push    word [bp-02]
CD4E:24E6 E89C71            call    9685
CD4E:24E9 83C406            add     sp, +06
CD4E:24EC 8BF0              mov     si, ax
CD4E:24EE 56                push    si
CD4E:24EF E89D72            call    978F
CD4E:24F2 59                pop     cx
CD4E:24F3 EB03              jmp     24F8
CD4E:24F5 BE0200            mov     si, 0002
CD4E:24F8 33FF              xor     di, di
CD4E:24FA EB11              jmp     250D
CD4E:24FC 8BC7              mov     ax, di
CD4E:24FE D1E0              shl     ax, 1
CD4E:2500 8B1E0804          mov     bx, [0408]
- 
CD4E:2504 03D8              add     bx, ax
CD4E:2506 FF37              push    word [bx]
CD4E:2508 E85E14            call    3969
CD4E:250B 59                pop     cx
CD4E:250C 47                inc     di
CD4E:250D 3B3E0604          cmp     di, [0406]
CD4E:2511 7CE9              jl      24FC
CD4E:2513 FF360C04          push    word [040C]
CD4E:2517 E846CA            call    EF60
CD4E:251A 59                pop     cx
CD4E:251B FF360804          push    word [0408]
CD4E:251F E83ECA            call    EF60
CD4E:2522 59                pop     cx
CD4E:2523 FF360E04          push    word [040E]
- 
CD4E:2527 E836CA            call    EF60
CD4E:252A 59                pop     cx
CD4E:252B C7060E040000      mov     word [040E], 0000
CD4E:2531 C7060C040000      mov     word [040C], 0000
CD4E:2537 C70608040000      mov     word [0408], 0000
CD4E:253D FF76FA            push    word [bp-06]
CD4E:2540 E8399B            call    C07C
CD4E:2543 59                pop     cx
CD4E:2544 FF76F8            push    word [bp-08]
-
ecm-pushbx commented 5 years ago

old_link somehow seems to have been corrupted to 5800h.

ecm-pushbx commented 5 years ago

This is the exec() call in https://github.com/FDOS/freecom/blob/b2e3151f41967632ee161da3d59810c763a49563/shell/loadhigh.c#L215

Still trying to put a breakpoint somehow so as to trigger after this call.

-
AX=0000 BX=0002 CX=0002 DX=0008 SP=3766 BP=377A SI=0000 DI=1684
DS=DC71 ES=11D3 SS=DC71 CS=CD4E IP=24E6 NV UP EI PL ZR NA PE NC
CD4E:24E6 E89C71            call    9685
-d ss:sp
DC71:3760                    40 14-95 16 00 00 84 16 8E 16       @.........
DC71:3770  01 00 00 00 00 00 74 14-40 14 80 37 18 24 95 16 ......t.@..7.$..
DC71:3780  90 37 2E 16 8E 16 00 00-B8 37 00 00 8C 01 84 16 .7.......7......
DC71:3790  AC 37 90 18 B8 37 86 17-86 17 EB 72 B2 37 B6 05 .7...7.....r.7..
DC71:37A0  02 43 AE 37 00 00 00 00-00 00 00 00 CE 38 10 1C .C.7.........8..
DC71:37B0  B8 37 01 00 06 00 00 00-6C 6F 61 64 66 69 78 20 .7......loadfix
DC71:37C0  6C 64 64 65 62 75 67 00-61 62 30 38 00 2E 63 70 lddebug.ab08..cp
DC71:37D0  78 29 00 38 57 D3 90 0D-E6 D9 C7 DE FB 37 57 D3 x).8W........7W.
DC71:37E0  96 32 90 0D 57 D3      -                        .2..W.
-d ss:bp - 6 l 2
DC71:3770              00 00      -                            ..
-
ecm-pushbx commented 5 years ago

lDebug script that makes the handler break on either 21.5802 (Get UMB link state) or 21.5803 (Set UMB link state).

a
mov ax, 3521
int 21
mov word [80], bx
mov word [82], es
mov dx, 130
mov ax, 2521
int 21
mov dx, (200 >> 4) 
mov ax, 3100
int 21

a 130
cmp ax, 5803
jne 138
int3
nop
nop
cmp ax, 5802
jne 140
int3
nop
nop
jmp far [cs:80]

r dco |= 8
g
tsr
a cs:ip
mov ax, 4C00
int 21

g
ecm-pushbx commented 5 years ago

One issue (though perhaps not the only one because that doesn't explain all I've seen yet) is that https://github.com/FDOS/freecom/blob/b2e3151f41967632ee161da3d59810c763a49563/lib/gumblink.c#L51 returns ax, whereas FreeDOS (and MS-DOS) return the UMB link state in al only. When DosUmbLink is called with input 5800h, at https://github.com/FDOS/kernel/blob/e6d427834fb5f414ecb984b87454d5df39f2f571/kernel/memmgr.c#L464 the condition "n > 1" is true and the UMB link state remains unchanged, which is on (1) now. When running LOADFIX a second time, the initial call to dosGetUMBLinkState returns 5801h, which is also rejected by the DosUmbLink function.