-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDOS32AWE.asm
10094 lines (9070 loc) · 187 KB
/
DOS32AWE.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
.686p
.mmx
.model large
; Segment type: Regular
seg000 segment byte public 'UNK' use16
assume cs:seg000
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
db 49h ; I
db 44h ; D
db 33h ; 3
db 32h ; 2
db 3Fh ; ?
db 40h ; @
db 2
db 10h
db 0
db 1
db 8
db 8
db 20h
db 0
db 20h
db 0
db 0FFh
db 0FFh
db 0FFh
db 0FFh
db 77h ; w
db 49h ; I
db 0
db 2
db 0Ch
db 9
db 0
db 0
db 44h ; D
db 4Fh ; O
db 53h ; S
db 2Fh ; /
db 33h ; 3
db 32h ; 2
db 41h ; A
db 0
db 43h ; C
db 6Fh ; o
db 70h ; p
db 79h ; y
db 72h ; r
db 69h ; i
db 67h ; g
db 68h ; h
db 74h ; t
db 20h
db 28h ; (
db 43h ; C
db 29h ; )
db 20h
db 31h ; 1
db 39h ; 9
db 39h ; 9
db 36h ; 6
db 2Dh ; -
db 32h ; 2
db 30h ; 0
db 30h ; 0
db 36h ; 6
db 20h
db 62h ; b
db 79h ; y
db 20h
db 4Eh ; N
db 61h ; a
db 72h ; r
db 65h ; e
db 63h ; c
db 68h ; h
db 20h
db 4Bh ; K
db 2Eh ; .
db 0
db 31h ; 1
db 30h ; 0
db 2Fh ; /
db 30h ; 0
db 37h ; 7
db 2Fh ; /
db 32h ; 2
db 31h ; 1
db 0
db 32h ; 2
db 33h ; 3
db 3Ah ; :
db 34h ; 4
db 39h ; 9
db 3Ah ; :
db 31h ; 1
db 31h ; 1
db 0
db 0
db 0
db 0
db 0
db 0
seg000 ends
; Segment type: Pure code
seg001 segment byte public 'CODE' use16
assume cs:seg001
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
db 3 dup(0FFh)
byte_10063 db 0FFh
word_10064 dw 0FFFFh
byte_10066 db 0FFh
byte_10067 db 0FFh
word_10068 dw 0FFFFh
word_1006A dw 0FFFFh
dword_1006C dd 0FFFFFFFFh
dword_10070 dd 0
word_10074 dw 0
word_10076 dw 0
byte_10078 db 0
align 2
byte_1007A db 0
byte_1007B db 9 dup(0)
dword_10084 dd 0
dword_10088 dd 0
byte_1008C db 18h, 0
word_1008E dw 10h
byte_10090 db 48h, 0Bh dup(0), 0FFh, 7, 4 dup(0), 0FFh
db 3, 4 dup(0), 0Ch, 11h, 5Ch, 11h, 2 dup(0)
dword_100AE dd 0
dword_100B2 dd 0
db 6 dup(0)
dword_100BC dd 34h
dword_100C0 dd 3Ch
db 2 dup(0), 20h, 0, 2Ch, 11h, 2 dup(0)
db 8, 5 dup(0), 28h, 3 dup(0)
dword_100D6 dd 58h
db 4 dup(0), 0FFh, 0EEh, 79h, 2Eh, 87h, 0DBh
sub_100E4 proc far
cld
push ds
push es
push cs
loc_100E8:
push cs
pop ds
assume ds:seg001
pop es
call sub_102EC
cmp al, 3
mov ax, 1
jnb short loc_100F8
jmp loc_101AD
loc_100F8:
call sub_10366
mov ah, 30h
int 21h ; DOS - GET DOS VERSION
; Return: AL = major version number (00h for DOS 1.x)
cmp al, 4
mov ax, 0
jb loc_101AD
mov ax, 4300h
int 2Fh ; - Multiplex - XMS - INSTALLATION CHECK
; Return: AL = 80h XMS driver installed
; AL <> 80h no driver
cmp al, 80h ; '€'
jnz short loc_1014C
push es
mov ax, 4310h
int 2Fh ; - Multiplex - XMS - GET DRIVER ADDRESS
; Return: ES:BX -> driver entry point
mov word ptr dword_100AE, bx
mov word ptr dword_100AE+2, es
mov ah, 30h
int 21h ; DOS - GET DOS VERSION
; Return: AL = major version number (00h for DOS 1.x)
mov ah, 88h ; 'ˆ'
xor bx, bx
call dword_100AE
test bl, bl
jz short loc_10139
mov ah, 8
call dword_100AE
movzx eax, ax
loc_10139:
mov dword_100B2, eax
pop es
pushf
pop ax
and ah, 0CFh
push ax
popf
pushf
pop ax
test ah, 30h
jz short loc_1015C
loc_1014C:
call near ptr sub_101D9
call near ptr sub_101B0
smsw ax
and al, 1
mov ax, 2
jnz short loc_101AD
loc_1015C:
cmp dword_100B2, 0
setnz ch
mov bx, 80h ; '€'
loc_10168:
movzx ax, byte_10066
imul ax, word_10068
add bx, ax
movzx ax, byte_10067
imul ax, word_1006A
add bx, ax
movzx ax, byte_10063
imul ax, 19h
add ax, 0Fh
shr ax, 4
add bx, ax
mov ax, word_10064
add ax, 0Bh
shr ax, 1
add bx, ax
loc_1019A:
xor ax, ax
mov cl, byte_10078
mov byte_1007A, ch
mov dx, 2950h
mov di, 550h
loc_101AA:
pop es
pop ds
assume ds:nothing
retf
loc_101AD:
stc
jmp short loc_101AA
sub_100E4 endp ; sp-analysis failed
sub_101B0 proc far
pop bp
mov ax, 1687h
int 2Fh ; - Multiplex - MS WINDOWS - Mode Interface - INSTALLATION CHECK
; Return: AX = 0000h if installed, BX = flags
; CL = processor type, DH = DPMI major version
; DL = DPMI minor version
; SI = number of paragraphs
; ES:DI -> DPMI mode-switch entry point
test ax, ax
jnz short loc_101D7
mov ax, 1
cmp cl, 3
jb short loc_101AD
mov al, 3
test bl, 1
jz short loc_101AD
mov ds:28h, di
mov word ptr ds:2Ah, es
mov bx, si
mov ch, 3
jmp short loc_1019A
loc_101D7:
jmp bp
sub_101B0 endp ; sp-analysis failed
sub_101D9 proc far
pop bp
xor ax, ax
mov es, ax
assume es:nothing
mov ax, es:19Ch
or ax, es:19Eh
jz short loc_101D7
mov ax, 0DE00h
int 67h ; - LIM EMS Program Interface - INSTALLATION CHECK
; Return: AH = 00h VCPI is present, BH = major version number
; BL = minor version number, AH nonzero VCPI not present
test ah, ah
jnz short loc_101D7
mov ax, 0DE0Ah
int 67h ; - LIM EMS Program Interface - GET 8259 INTERRUPT VECTOR MAPPINGS
; Return: AH = 00h successful, BX = first vector used by master 8259 (IRQ0)
; CX = first vector used by slave 8259 (IRQ8)
; AH nonzero: failed
mov ds:1Dh, bl
mov ds:1Ch, cl
mov ax, 4
cmp bl, cl
jz short loc_101AD
cmp bl, 30h ; '0'
jz short loc_101AD
cmp cl, 30h ; '0'
jz short loc_101AD
cmp cl, 8
jz short loc_101AD
test bl, bl
jz short loc_101AD
test cl, cl
jz short loc_101AD
mov edx, ds:52h
mov ecx, edx
jecxz loc_1023A
test byte ptr ds:0, 8
jz short loc_10237
call sub_10DCC
mov di, dx
dec ax
jz short loc_1023A
loc_10237:
xor ecx, ecx
loc_1023A:
mov ax, 0DE03h
int 67h ; - LIM EMS Program Interface - GET NUMBER OF FREE 4K PAGES
; Return: AH = 00h successful, EDX = number of free 4K pages
; AH nonzero: failed
push es
push ecx
push edx
push di
test byte ptr ds:0, 4
jz short loc_1027B
mov ah, 48h ; 'H'
mov bx, 100h
int 21h ; DOS - 2+ - ALLOCATE MEMORY
; BX = number of 16-byte paragraphs desired
jb short loc_1027B
mov es, ax
assume es:nothing
xor di, di
sub sp, 18h
mov si, sp
push ds
push ss
pop ds
mov ax, 0DE01h
int 67h ; - LIM EMS Program Interface - GET PROTECTED MODE INTERFACE
; ES:DI -> 4K page table buffer
; DS:SI -> three descriptor table entries in GDT
; Return: AH = 00h successful, AH = nonzero failed
pop ds
add sp, 18h
mov ah, 49h
int 21h ; DOS - 2+ - FREE MEMORY
; ES = segment address of area to be freed
mov eax, 1000h
sub ax, di
shr ax, 2
jmp short loc_1027E
loc_1027B:
xor eax, eax
loc_1027E:
pop di
pop edx
pop ecx
pop es
assume es:nothing
mov esi, ecx
shr esi, 2
lea esi, [edx+esi+3FFh]
loc_10294:
sub esi, eax
jnb short loc_1029C
adc esi, eax
loc_1029C:
shr esi, 0Ah
jecxz loc_102AB
mov dx, di
mov ah, 0Ah
call dword ptr ds:4Eh
loc_102AB:
movzx ax, byte ptr ds:1
cmp ax, si
jbe short loc_102B6
loc_102B4:
mov ax, si
loc_102B6:
test ax, ax
loc_102B8:
jnz short loc_102D0
pushad
loc_102BC:
mov bp, sp
mov ax, 0FF88h
int 21h ; DOS - DOS v??? - OEM FUNCTION
cmp eax, 49443332h
jnz short loc_102CE
mov [bp+1Ch], si
loc_102CE:
popad
loc_102D0:
cmp al, 40h ; '@'
jbe short loc_102D6
mov al, 40h ; '@'
loc_102D6:
mov ds:1Bh, al
add al, ds:2
shl ax, 8
add ax, 386h
mov bx, ax
mov ch, 2
jmp loc_10168
sub_101D9 endp ; sp-analysis failed
jmp bp
sub_102EC proc near
cli
mov cl, 2
pushf
pop ax
or ax, 0F000h
push ax
popf
pushf
pop ax
and ax, 0F000h
jnz short loc_102FF
jmp short loc_1035F
loc_102FF:
inc cl
pushfd
pop eax
mov edx, eax
loc_10308:
xor eax, 40000h
push eax
popfd
pushfd
pop eax
xor eax, edx
jnz short loc_1031D
jmp short loc_1035F
loc_1031D:
inc cl
push edx
popfd
pushfd
pushfd
pop eax
mov edx, eax
xor eax, 200000h
push eax
popfd
pushfd
pop eax
xor eax, edx
jnz short loc_10341
jmp short loc_10357
loc_10341:
xor eax, eax
cpuid
mov ds:20h, eax
mov eax, 1
cpuid
and ah, 0Fh
mov cl, ah
loc_10357:
popfd
xor eax, eax
xor edx, edx
loc_1035F:
mov al, cl
mov ds:18h, al
sti
retn
sub_102EC endp
sub_10366 proc near
push large 0
mov bp, sp
fninit
fnstcw word ptr [bp+2]
mov ax, [bp+2]
cmp ah, 3
jnz short loc_103C7
mov word ptr [bp+0], 1
and word ptr [bp+2], 0FF7Fh
wait
fldcw word ptr [bp+2]
fdisi
fstcw word ptr [bp+2]
wait
test word ptr [bp+2], 80h
jnz short loc_103C7
mov word ptr [bp+0], 2
fninit
wait
fld1
wait
fldz
wait
fdivp st(1), st
wait
fld st
wait
fchs
wait
fcompp
fstsw ax
fclex
wait
sahf
jz short loc_103C7
mov word ptr [bp+0], 3
mov al, ds:18h
cmp al, 4
jb short loc_103C7
mov [bp+0], al
loc_103C7:
pop eax
and eax, 7
jz short loc_103D9
mov cx, 8
loc_103D2:
fldz
loop loc_103D2
finit
loc_103D9:
mov ds:19h, al
retn
sub_10366 endp
align 4
sub_103E0 proc far
; FUNCTION CHUNK AT 0443 SIZE 0000007F BYTES
; FUNCTION CHUNK AT 0526 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0550 SIZE 0000011F BYTES
; FUNCTION CHUNK AT 07AF SIZE 000002C3 BYTES
push ax
push bx
push ds
xor ax, ax
mov ds, ax
assume ds:nothing
mov ax, ds:0Ah
mov bx, ds:8
add bx, 9
mov ds, ax
assume ds:nothing
cmp dword ptr [bx], 40A861E4h
jnz short loc_1040E
cmp byte ptr [bx+4], 74h ; 't'
jnz short loc_1040E
mov dword ptr [bx], 90909090h
mov word ptr [bx+4], 9090h
loc_1040E:
pop ds
pop bx
pop ax
cld
pushad
push ds
push cs
pop ds
assume ds:seg001
xor eax, eax
mov word_10076, cs
mov word_10074, bx
mov word ptr dword_10070, dx
mov ax, cs
shl eax, 4
mov dword_10084, eax
add dword_100BC, eax
add dword_100C0, eax
add dword_100D6, eax
btr dword_1006C, 1Fh
push es
push cs
pop es
assume es:seg001
mov di, 84h ; '„'
mov cx, 17Eh
xor ax, ax
rep stosw
pop es
assume es:nothing
mov bp, sp
mov [bp+2], ax
mov ax, 0FF88h
int 21h ; DOS - DOS v??? - OEM FUNCTION
cmp eax, 49443332h
jnz short loc_10490
mov [bp+2], bx
cmp bx, word_10074
jnz short loc_10490
mov dword ptr loc_102B4, ecx
mov dword ptr loc_102B8, edx
mov dword ptr loc_102BC, edi
shr esi, 10h
inc si
mov word ptr loc_102BE+2, si
mov dword_1006C, 0
loc_10490:
movzx bx, byte_1007A
add bx, bx
jmp off_1049B[bx]
sub_103E0 endp ; sp-analysis failed
off_1049B dw offset loc_10879
dw offset loc_1080F
dw offset loc_105B0
dw offset loc_10586
; START OF FUNCTION CHUNK FOR sub_103E0
loc_104A3:
xor ax, ax
mov cx, 1
int 31h ; DPMI Services ax=func xxxxh
; ALLOCATE LDT DESCRS
; CX = number of descriptors to allocate
; Return: CF set on error
; CF clear if successful, AX = base selector
jnb short loc_104B1
loc_104AC:
mov ax, 4CFFh
int 21h ; DOS - 2+ - QUIT WITH EXIT CODE (EXIT)
; AL = exit code
loc_104B1:
mov bp, sp
mov bx, ax
mov ax, 7
mov dx, [bp+24h]
mov cx, dx
shl dx, 4
shr cx, 0Ch
int 31h ; DPMI Services ax=func xxxxh
; SET SEGMENT BASE ADDRESS
; BX = selector, CX:DX = linear base address
; Return: CF set on error
; CF clear if successful
jb short loc_104AC
inc ax
xor cx, cx
mov dx, 0FFFFh
int 31h ; DPMI Services ax=func xxxxh
; SET SEGMENT LIMIT
; BX = selector, CX:DX = segment limit
; Return: CF set on error
; CF clear if successful
jb short loc_104AC
inc ax
mov dx, cs
lar cx, dx
shr cx, 8
int 31h ; DPMI Services ax=func xxxxh
; SET DESCRIPTOR ACCESS RIGHTS
; BX = selector, CL = access rights/type byte
; CH = 80386 extended rights/type byte (32-bit DPMI implementations only)
; Return: CF set on error
; CF clear if successful
jb short loc_104AC
mov [bp+24h], bx
cmp cs:byte_1007A, 3
jz short loc_104F4
push ds
mov ds, cs:word_1008E
assume ds:nothing
mov ds:12h, bx
pop ds
assume ds:nothing
loc_104F4:
xor bx, bx
loc_104F6:
mov [bp+1Eh], bx
jb short loc_10516
mov eax, dword ptr cs:loc_100E8
mov edx, dword ptr cs:sub_100E4
mov [bp+1Ah], eax
mov [bp+16h], edx
or eax, edx
jnz short loc_10516
call sub_10522
loc_10516:
pop ds
popad
mov bx, cs
mov si, word ptr cs:loc_102BE+2
cld
retf
; END OF FUNCTION CHUNK FOR sub_103E0
sub_10522 proc near
cmp cs:byte_1007A, 3
jz short locret_10585
mov ds, cs:word_1008E
assume ds:nothing
cmp word ptr ds:260h, 0
jz short locret_10585
mov eax, ds:254h
mov edx, ds:258h
mov [bp+1Ah], eax
mov [bp+16h], edx
mov ds:88h, eax
mov ds:84h, edx
lea ecx, [eax+10h]
lea eax, [ecx+edx]
mov ds:8Ch, eax
mov al, ds:1Ah
cmp al, 0
jz short locret_10585
cmp al, 1
jz short locret_10585
push es
mov esi, ds:25Ch
mov edi, ds:270h
mov es, word ptr ds:2Ch
mov ds, word ptr ds:2Ch
assume ds:nothing
shr ecx, 0Ch
rep movs dword ptr es:[edi], dword ptr [esi]
pop es
locret_10585:
retn
sub_10522 endp
; START OF FUNCTION CHUNK FOR sub_103E0
loc_10586:
pop ds
mov ax, 1
call cs:dword_10088
push ds
jnb loc_104A3
mov bx, 6
cmp ax, 8011h
stc
jz loc_104F6
dec bx
jmp loc_104F6
; END OF FUNCTION CHUNK FOR sub_103E0
align 10h
; START OF FUNCTION CHUNK FOR sub_103E0
loc_105B0:
xor eax, eax
mov ax, es
add ax, 0FFh
xor al, al
mov es, ax
assume es:nothing
mov dx, ax
shl eax, 4
add eax, 1000h
mov ds:268h, eax
add eax, 1000h
movzx ecx, byte ptr ds:1Bh
shl ecx, 0Ch
add eax, ecx
mov ds:26Ch, eax
mov ds:274h, eax
movzx ecx, byte ptr ds:2
shl ecx, 0Ch
add eax, ecx
mov ds:278h, eax
xor di, di
xor eax, eax
mov cx, 800h
rep stosd
mov gs, dx
assume gs:nothing
mov ax, dx
add ax, 100h
mov es, ax
assume es:nothing
mov fs, ax
assume fs:nothing
sub sp, 18h
mov si, sp
xor di, di
push ds
push ss
pop ds
mov ax, 0DE01h
int 67h ; - LIM EMS Program Interface - GET PROTECTED MODE INTERFACE
; ES:DI -> 4K page table buffer
; DS:SI -> three descriptor table entries in GDT
; Return: AH = 00h successful, AH = nonzero failed
pop ds
push di
mov ds:6Eh, ebx
loc_10624:
and byte ptr es:[di+1], 0F1h
sub di, 4
jnb short loc_10624
mov cx, dx
shr cx, 8
mov ax, 0DE06h
int 67h ; - LIM EMS Program Interface - GET PHYS ADDR OF PAGE IN FIRST MB
; CX = page number (linear address shifted right 12 bits)
; Return: AH = 00h successful, EDX = physical address of page
; AH nonzero: invalid page number (AH = 8Bh recommended)
and dx, 0F000h
mov ds:58h, edx
mov cx, es
shr cx, 8
mov ax, 0DE06h
int 67h ; - LIM EMS Program Interface - GET PHYS ADDR OF PAGE IN FIRST MB
; CX = page number (linear address shifted right 12 bits)
; Return: AH = 00h successful, EDX = physical address of page
; AH nonzero: invalid page number (AH = 8Bh recommended)
and dh, 0F0h
mov dl, 7
mov gs:0, edx
mov ax, es
add ax, 100h
mov es, ax
assume es:nothing
mov si, ax
mov al, ds:1Bh
mov ebx, 1
call sub_106CF
mov ax, gs
add ax, 80h ; '€'
mov gs, ax
assume gs:nothing
mov al, ds:2
xor ebx, ebx
call sub_106CF
pop di
xor eax, eax
test byte ptr ds:0, 4
jnz short loc_10689
mov di, 1000h
loc_10689:
mov ax, di
add eax, ds:268h
mov ds:270h, eax
push si
push es
call sub_10707
pop es
assume es:nothing
pop si
push si
xor di, di
mov cx, 34h ; '4'
xor ax, ax
rep stosw
mov eax, ds:58h
mov es:1Ch, eax
mov dword ptr es:64h, 680000h
add si, 7
mov es, si
mov word ptr ds:48h, 110Ch
mov dword ptr ds:4Ah, 115Ch
jmp loc_1097B
; END OF FUNCTION CHUNK FOR sub_103E0
sub_106CF proc near
push bp
movzx bp, al
test bp, bp
jz short loc_10705
loc_106D7:
mov cx, si
shr cx, 8
mov ax, 0DE06h
int 67h ; - LIM EMS Program Interface - GET PHYS ADDR OF PAGE IN FIRST MB
; CX = page number (linear address shifted right 12 bits)
; Return: AH = 00h successful, EDX = physical address of page
; AH nonzero: invalid page number (AH = 8Bh recommended)
and dh, 0F0h
mov dl, 7
mov gs:0[ebx*4], edx
add si, 100h
mov es, si
xor di, di
xor eax, eax
mov cx, 400h
rep stosd
inc bx
dec bp
jnz short loc_106D7
loc_10705:
pop bp
retn
sub_106CF endp
sub_10707 proc near
push fs
pop es
assume es:nothing
movzx eax, byte ptr ds:1Bh
shl eax, 16h
mov ecx, 1000h
sub cx, di
and cl, 0FCh
shl ecx, 0Ah
add eax, ecx
mov ecx, ds:0Ch
cmp ecx, eax
jbe short loc_10733
mov ecx, eax
loc_10733:
xor ebx, ebx
jecxz locret_1079A
loc_10739:
cmp di, 1000h
jb short loc_10748
mov ax, es
add ax, 100h
mov es, ax
assume es:nothing
xor di, di
loc_10748:
mov ax, 0DE04h
int 67h ; - LIM EMS Program Interface - ALLOCATE A 4K PAGE
; Return: AH = 00h successful, EDX = physical address of allocated page
; AH nonzero: failed
test ah, ah
jnz short loc_10767
and dh, 0F0h
mov dl, 7
mov es:[di], edx
add di, 4
inc bx
sub ecx, 1000h
ja short loc_10739
loc_10767:
mov ds:74h, bx
cmp ecx, 1000h