*** Erics Protected-Mode-o-Rama for EMM386 developers *** See below for an explanation of the other files in this directory. All VCPI calls in short: I assume that EMM386 is the host and we are the client that wants to break out of the V86 jail... 67 DE 00 INSTALLATION CHECK - obvious, easy. 67 DE 01 GET PROTECTED MODE INTERFACE - give half-filled system tables and some entry points to the caller. All pages that DOS or EMM386 itself needs are filled in, but allocated EMS is NOT. 67 DE 02 GET MAX PHYSICAL MEMORY ADDRESS - obvious. Take from EMM386. 67 DE 03 GET NUMBER OF FREE 4K PAGES - obvious. Notice that EMM386 should have 4k page management for this (EMS 4.0 has lots of it) 67 DE 04 ALLOCATE A 4K PAGE - obvious. Similar to the EMS call, but possibly other page size (4k, EMS 3.2 only had 16k) 67 DE 05 FREE 4K PAGE - obvious counterpart of function 4. 67 DE 06 GET PHYS ADDR OF PAGE IN FIRST MB - just reads out the appropriate system table from EMM386. 67 DE 07 READ CR0 - obvious and simple. Just a permission backdoor. 67 DE 08 READ DEBUG REGISTERS - obvious / simple permission backdoor. 67 DE 09 SET DEBUG REGISTERS - obvious, simple, (insecure) backdoor. (a similar function allowed the CIH virus to flash your BIOS: It made itself the debugger, which runs in highest priv. level) 67 DE 0A GET 8259 INTERRUPT VECTOR MAPPING - ask about 8259 setup (so you know which INT numbers are for which IRQ numbers) 67 DE 0B SET 8259 INTERRUPT VECTOR MAPPING - tell EMM386 that you have reprogrammed 8259 (you may NOT reprogram 8259 if EMM386 told you that it has already done so, according to the VCPI docs) 67 DE 0C SWITCH TO PROTECTED MODE (or to V86, if called FROM p.m.) This basically takes data from the client and calls IRETD in one direction, or sets GDT / ... registers and jumps in the other. You can reach several of those FROM protected mode through a CALL. Security is not important as VCPI is MEANT to be a backdoor! File list: Notice that this is a collection of snippets of (free) things that you can download on the internet. Apart from emmsys.zip, I am NOT the author. Google for the full files to find our more, e.g. on licensing. Sorry about tearing bundled files here! Mail me if you are REALLY pissed by that. 17k intlist-386-best.txt - table of contents of related functions 224k intel386-doku.zip - 1991 good intel 80386 documentation 35k v86mon.zip - sample v86 monitor (sth. that makes a v86 task run) 17k emmsys.zip - my own emm386 project, kind of abandoned. 30k linux001.zip - sources of Linux 0.0.1, quite interesting, BUT we do not need a full multitasking setup and other gimmicks, careful! 23k linux-0.01-pm-mm-boot-best.tgz - best of the Linux 0.0.1 init 27k swapexec-loadhi.tgz - the swapexec and loadhigh of an old FreeCOM (might be interesting for emm386 starting from command line) 72k vm386.zip - *** v86 monitor, EMS 4.0, VCPI, XMS, done in MASM *** 34k vme1.zip - sample code related to v86 mode (and Pentium bonus) 15k vme-shorter.zip - pick of the most interesting parts of vme1.zip 26k important-api-desc-emm386.tgz - cut and paste of all memory mgmt. related stuff from intlist and other sources. Useful when you do not like megabytes of files and the full intlist distracts you... Recommended reading inside: the text about VCPI. Other stuff is only if you want to fiddle with other parts of memory management.