• Please review our updated Terms and Rules here

Fixed addresses in the BIOS, what program still uses them?

Ruud

Ruud

Veteran Member
Joined
Nov 30, 2009
Messages
1,383
Location
Heerlen, NL
The various IBM PC/XT BIOSes use quite some fixed addresses for certain routines. The most well known one is the address 0E5Bh, the first address where the CPU far jumps to after an hard reset or a power-up. I noticed that most BIOSes I ran into use this address as well. Sergey Kiselev's BIOS, one of the newest I know of, is using this address and many others as well. The most well known (more or less) IBM compatible PC that doesn't use this address is the IBM PCjr.

But I have seen BIOSes that used only some of the fixed addresses and the PC performed w/o any problem AFAIK. So my first question is: why these fixed address? My own answer would be: because some programs need them. Which raises the questions: what programs needed those addresses? I have written various programs in ML but never had any need to use those addresses and thus: why would these programs need them?

I have an idea for my Mini-V20: http://baltissen.org/newhtm/mini-v20.htm which doesn't involve video, drives or an keyboard. It still needs to load data in one or another way and as I still want to be able to run MS-DOS on it, it will mean I have to rewrite INT 10h, INT 13h and other routines completely. After erasing my own standard BIOS with everything I'm sure of that I don't need, I'm stuck with a BIOS with several fixed address but no code at all. And that lead to this post.

I decided to simply ignore all these fixed address. There is a risk: if something goes wrong, is it because of a faulty BIOS or because a fixed address is missing? So I decided to run a parallel project as well: I take Sergey's BIOS and remove all fixed addresses. And then run my XI-8088 and see where it goes wrong (or not).

I'm looking forward to any comment!
 
Fixed addresses where in the BIOS? If you're talking about the fixed addresses used in the BIOS RAM area, I suspect that would be quite a few programs. If you're talking about identification strings in the BIOS (e.g. BIOS date), still probably a few. If you're talking about identification strings in the VGA BIOS, again, probably quite a few.

If, on the other hand, you're talking about specific code entry points, not very many nowadays. I wouldn't think that it would be difficult to adhere to the published Phoenix CBIOS guidelines in any case. For example, the book "CBIOS for the IBM PS/2 Computers and Compatibles" makes it very clear what addresses are important.

My recollection is the BIOS published by Annabooks worked well--and it was looser on locations than the Phoenix BIOS were.
 
Chuck(G) said:
Fixed addresses where in the BIOS?.
Click to expand...
Code: 
; Fixed BIOS Entry Points
;
; Location Description
; -------- -----------
; F000:E05B POST Entry Point
; F000:E2C3 NMI Entry Point
; F000:E6F2 INT 19 Entry Point
; F000:E6F5 Configuration Data Table
; F000:E729 Baut Rate Generator Table
; F000:E739 INT 14 Entry Point
; F000:E82E INT 16 Entry Point
; F000:E987 INT 09 Entry Point
; F000:EC59 INT 13 (Floppy) Entry Point
; F000:EF57 INT 0E Entry Point
; F000:EFC7 Floppy Disk Controller Parameter Table
; F000:EFD2 INT 17
; F000:F065 INT 10 (Video) Entry Point
; F000:F0A4 INT 1D MDA and CGA Video Parameter Table
; F000:F841 INT 12 Entry Point
; F000:F84D INT 11 Entry Point
; F000:F859 INT 15 Entry Point
; F000:FA6E Low 128 Characters of Graphic Video Font
; F000:FE6E INT 1A Entry Point
; F000:FEA5 INT 08 Entry Point
; F000:FF53 Dummy Interrupt Handler (IRET)
; F000:FF54 INT 05 (Print Screen) Entry Point
; F000:FFF0 Power-On Entry Point
; F000:FFF5 ROM Date in ASCII "MM/DD/YY" Format (8 Characters)
; F000:FFFE System Model (0xFC - AT, 0xFE - XT)
 
Okay, so you're talking about addresses in BIOS ROM. My list has a couple more, such as F000:FEF3, but yes, you're pretty much got the list.

When looking at the 5170 BIOS listing, I scratched my head a bit trying to figure out why certain routines suddenly jumped to a seemingly unrelated location. Then It dawned on me, as a compared the addresses with those of the 5150.

I wonder if there were any commercial BIOS compatibility tests...I don't recall any.
 
I'm pretty sure that I found a few instances of F000:F065 (the BIOS INT 10h entry point) hardcoded into an EGA VBIOS when I was disassembling it last year.

Couldn't hurt to just stick an IRET instruction at the address of every IBM interrupt vector entry point...
 
kdr said:
I'm pretty sure that I found a few instances of F000:F065 (the BIOS INT 10h entry point) hardcoded into an EGA VBIOS when I was disassembling it last year.
Click to expand...
Thank you for this information! I thought that in case of a VGA or EGA BIOS it was only a matter of replacing the vector of INT 10h with a new one. So it seems it is better to keep this entry: better to be safe than to be sorry afterwards.

Couldn't hurt to just stick an IRET instruction at the address of every IBM interrupt vector entry point...
Click to expand...
I did that and ran into them several times. That meant I had to create a detour around them.And when there was a need to change the code, that either created an unneeded gap or I had to move the detour which on its turn could create other complications. And THAT was why I opened this topic.

But your first remark convinced me to keep at least some like INT 10h and 13h.
 
Maybe I'm dense, but I can't see what a hardcoded F000 address in an add-on EGA BIOS would accomplish? Perhaps restoring the INT 10H address in case of a failure or pass-along?
 
Chuck(G) said:
Maybe I'm dense, but I can't see what a hardcoded F000 address in an add-on EGA BIOS would accomplish? Perhaps restoring the INT 10H address in case of a failure or pass-along?
Click to expand...

Yeah, something like that. I wouldn't have expected to see it either. As it turns out there is only a single instance of the hardcoded vector address, as part of the card's POST init routine:

Code: 
; (DS is 0000 at this point)
LES BX,[0040h]
CMP BYTE PTR ES:[BX], 0CFh         ; is the first byte of current INT 10h vector an IRET (CFh) opcode?
JNZ L01E1
MOV WORD PTR [0040h], 0F065h
MOV WORD PTR [0042h], 0F000h
L01E1:

The code is of course littered with references to memory locations in the 0:400..4FF range (BIOS data area) and makes liberal use of direct far CALLs with a hardcoded C000 segment, as one would expect.
 
So, if I read correctly, if there's no INT 10H services installed, it sticks the address of the default INT 10H routine in. Under what circumstance could this possibly occur with a standard BIOS? Could this be a debug case?
 
Chuck(G) said:
Under what circumstance could this possibly occur with a standard BIOS? Could this be a debug case?
Click to expand...

Well, the official IBM EGA BIOS also has a literal F000:F065 vector address in its initialization/POST routine. Recall that the EGA video BIOS, if present, is responsible for initializing both the EGA card as well as any CGA/MDA cards that may be present. It may have something to do with that.

If you're keen to dig further, the code snippet I posted above is at C000:00CB in the SPEGASYNC video BIOS (linked post has an attachment containing the ROM image).
 
You must log in or register to reply here.
Back
Top