---------δ  ת-----------------------
̳̣
	ģʽܼWIN95µĳ

ߣ 
	liutt@371.net
	liutt@iname.com
ַ
        http://www.netease.com/~ayliutt

	Ȩ תأȫתأ޸	
	

TR for Win95TRWѾƳΪòϤWIN95³ٵҲʹTRWд̡̳Щƾодģдemail,ϸ

	1ΪʲôҪñģʽ
	2һģʽpmode
	3pmode
	4ģʽµһЩ
	5һWIN95µĳ
	6WIN95µıģʽ
	7һWIN95µĳ
	8
________________________________________________________

	1ΪʲôҪñģʽ

ŴҶDOSµĳжѾϤˡôΪʲôҪģʽأ
𰸺ܼ򵥣ΪDOSʵģʽµĳֻʹ640Kڴ档Ƚϸӣ640Kˣ㲻ʺDOSʵģʽȻҲSMARTDRVXMSXMSֻһֿ⡱ԴݣʹõʱȴҪ640Kڴ档֮DOS¹Ӧóʩչȭŵĳֻ640KDOSҪռһЩsmartdrv,mouse,doskey,cdromXX.sys,mscdexȣʹLHҲֻʣ500Kܹдͳ
ԣDOSеĴͳ򶼲DOSµıģʽӿDPMIDOS Protect ed-Mode InterfaceͨõDPMI HostУDOS/4GW,PmodeW,DOS Extender(=DOSX ?),....
ӣSEA 1.3 õDOS/4GW 1.97, IDAXDOS/4GW, GHOST 4.xǱ׼DOSGHOST 5.XDOS Extender, FoxProXDOSX, BC++ 3.1Borland
DPMI,Auto CAD 12.0  DOSX. ûǴĻƱǮҲõıģʽ

________________________________________________________

	2һģʽpmode

ȻBC++ 3.1DPMIֱҲûҵһܱDPMIBC˵еģֻҵһWATCOM C/C++ԱDOS4GW.EXE֧µDOSģʽ򡣺ҵһPMODE/W԰ѱģʽSTUBEXEļСԿʼˡ
Ҫ
	TASM 3.1	in BC++ 3.1
	PMODEW.EXE	Does it has Web page ?
	WLINK.EXE 	WatCom linker 10.0 from WatCom C++
PMODEW.LNK:
	--------------------------
	system begin pmodew
	    option osname='PMODE/W'
	    op stub=pmodew.exe
	    format os2 le
	end
	--------------------------
PMODE.ASM:
-----------------------------------------------
.386p

_TEXT   segment use32 dword public 'CODE'
        assume  cs:_TEXT,ds:_DATA
start:
        mov ah,9                        ; AH=09h - Print DOS Message
        mov edx,offset _msg             ; DS:EDX -> $ Terminated String
        int 21h                         ; DOS INT 21h
@@0:
	mov	ah,0bh	;check keyboard
	int	21h
	mov	ecx,0f100h
@@1:
	nop
	loop	@@1
	cmp	al,0
	jz	@@0

        mov ax,4c00h                    ; AH=4Ch - Exit To DOS
        int 21h                         ; DOS INT 21h

_TEXT   ends

_DATA   segment use32 dword public 'DATA'

_msg    db 'Hello World From Protected Mode!',10,13,'$'

_DATA   ends

        end start
-----------------------------------------------

Make it:
	TASM /ml /m2 pmode.asm
	wlink @pmodew.lnk system pmodew file pmode

ǾһDOSµıģʽPMODE.EXE

________________________________________________________

	3pmode

trһ:
	tr pmode.exe
		g
Կtrٵ
	FCB8:2F97  6338            ARPL      [BX+SI],DI
͸ٲȥ.Ϊ˼Ҫ뱣ģʽ!

trw,ͿԼ.trw:
	1. win95дdos.
	2. һdostrw,ִ"catchnewdos",֪ͨtrwһdos.
	3. <alt>+<tab>תһdos,pmode.exe.
	4. <alt>+<tab>תtrw,ԿtrwѾ"ץס"pmode,ͣڵһָ,

trwload trick.ַһdos,ʰ!ַ,еanti-load,Ӧóû취ԼǱ"","".Ϊ!

	5. Ը:
		g 342		(Ļ486,5)
		t
		g 342
Ϊ֪ڶ342Ҫҵ.<f8>ټ,Ϳҵarpl.<f8>Ϳ!
!ǽ˱ģʽ!
"ldt cs"Ըڻ16λģʽ.(ģʽĽ뿴)
		g 4dd
<f8>κ,һretf,<f8>,ǵasm,32λģʽ!
,dos v86ģʽ16bit protect modeҪarpl(һarplа),16bit32bitģʽҪretf.
!
		g	;߰
		q	;quit

________________________________________________________

	4ģʽµһЩ

д,̫.֮ģʽµණdos v86²һ.鶼רŽһµ.

1. еĶμĴcs ds es ss fs gsĶǶsegment,ѡselector.dos v86Ҫ28:4000h,ôֱ280+4000=4280h.ڱģʽ¾͸.ȵgdt(Global Descriptor Table),ldt(Local Descriptor Table)ҵ28descriptor.Descriptordword,¼selectorĻϢ.һǻַBase Address.ַ+ƫƲҪľԵַ.
selectorĸԿ޸.ʹselectorǰҪ,Ҫfree.ϲdosһmove dsһ6789.

2.DOSģʽDPMI£INT21жϵûõģοDPMI
Serverֲᣩͬǣ32λģʽеļĴ32λ磬
mov ah,9/mov dx,offset msg/int 21Ϊmov ah,9,/mov edx,offset32 msg/int 21.
Win95ıģʽ±̣INT21ɣеĹܵöAPI
ԣڸWin95ʱԶҪϣxor ax,ax/int 16mov ah,2/
int 13֮ĳ

3. ڱģʽУINT 31HϵһDPMIã

INT 31 0000 - ALLOCATE LDT DESCRIPTORS
INT 31 0001 - FREE LDT DESCRIPTOR
INT 31 0002 - SEGMENT TO DESCRIPTOR
INT 31 0003 - GET NEXT SELECTOR INCREMENT VALUE
INT 31 0004 - LOCK SELECTOR
INT 31 0005 - UNLOCK SELECTOR
INT 31 0006 - GET SEGMENT BASE ADDRESS
INT 31 0007 - SET SEGMENT BASE ADDRESS
INT 31 0008 - SET SEGMENT LIMIT
INT 31 0009 - SET DESCRIPTOR ACCESS RIGHTS
INT 31 000a - CREATE ALIAS DESCRIPTOR
INT 31 000b - GET DESCRIPTOR
INT 31 000c - SET DESCRIPTOR
INT 31 000d - ALLOCATE SPECIFIC LDT DESCRIPTOR
INT 31 000e * GET MULTIPLE DESCRIPTORS
INT 31 000f * SET MULTIPLE DESCRIPTORS
INT 31 0100 - ALLOCATE DOS MEMORY BLOCK
INT 31 0101 - FREE DOS MEMORY BLOCK
INT 31 0102 - RESIZE DOS MEMORY BLOCK
INT 31 0200 - GET REAL MODE INTERRUPT VECTOR
INT 31 0201 - SET REAL MODE INTERRUPT VECTOR
INT 31 0202 - GET PROCESSOR EXCEPTION HANDLER VECTOR
INT 31 0203 - SET PROCESSOR EXCEPTION HANDLER VECTOR
INT 31 0204 - GET PROTECTED MODE INTERRUPT VECTOR
INT 31 0205 - SET PROTECTED MODE INTERRUPT VECTOR
INT 31 0210 * GET PROTECTED MODE EXTENDED PROCESSOR EXCEPTION HANDLER
INT 31 0211 * GET REAL MODE EXTENDED PROCESSOR EXCEPTION HANDLER
INT 31 0212 * SET PROTECTED MODE EXTENDED PROCESSOR EXCEPTION HANDLER
INT 31 0213 * SET REAL MODE EXTENDED PROCESSOR EXCEPTION HANDLER
INT 31 0300 - SIMULATE REAL MODE INTERRUPT
INT 31 0301 - CALL REAL MODE PROCEDURE WITH FAR RETURN FRAME
INT 31 0302 - CALL REAL MODE PROCEDURE WITH IRET FRAME
INT 31 0303 - ALLOCATE REAL MODE CALLBACK ADDRESS
INT 31 0400 - GET DPMI VERSION

INT 31 0800 - PHYSICAL ADDRESS MAPPING
... ...

ϸοPMODEW.DOC
WIN 3.X  Win95 ֧DPMI 0.9

________________________________________________________

	5һWIN95µĳ
ûԱһWIN95µС
;filename t1.asm
.386
model flat
extrn	WriteConsoleA:near,GetStdHandle:near,ExitProcess:near
.data
	StdOut	dd	0
	d	dd	0
	msg	db	'hello!'
	msglen	=	$-msg

.code
start:

	call	Init_Console
	call	WriteConsoleA stdcall,StdOut,offset msg,msglen,offset d,0
	call	ExitProcess

Init_Console Proc 
	pusha
	push	-11
	call	GetStdHandle
	mov	[StdOut],eax
	popa
	ret
	endp
end start

뷽TASM 5.0(BC++5.0):
	tasm32 /mx t1
	tlink32 t1,,,import32.lib
ˣʾHello!ȻDOSûʲô𣬵ֻ
WIN95С

C++͸ˣ
//filename t2.cpp
//compile:	BCC32 t2
#include <stdio.h>
void main()
{
	printf("Hello!\n");
}
DOSһģһ
ҪһWIN95ĳ
//filename: msg.cpp
//compile:	bcc32 msg
#include <windows.h>
void main()
{
	MessageBoxA(0,"msg1","msg2",MB_OK);
}

________________________________________________________

	6WIN95µıģʽ

1. WIN95УʽDOSV86ģʽһ386+CPUֵ֧һڱģʽܼ֮µ8086ģʽ.win95һvm struct.ÿһdosռһvm.vmṹdosеϢ.trwwinice,"vm"鿴vmϢ.

*. WIN9532λPEPortable ExecutableʽWIN32sWindows3.x
ҲвPEļPEļĸʽμ
	http://www.microsoft.com/win32dev/base/pefile.htm
	http://www.eccentrica.org/Mammon/pefile.html


2. 32λwin95PEwin95,Խṹpdb.ÿpdbжͬʱе߳thread.win95ǻthreadcpuȵ.trwĸҲǻthread.

3. 16λwin 3.xNEҲwin95.

4. ߳ڱģʽ,ȨĲͬ,ԷΪ4.0Ȩ,1,2,3Ȩ.û3,ϵͳvxdļ0.win95KERNEL32.DLL,USER32.DLLdllļ3,Ϊûṩ˴api.vmm32.vxd(vxd)vxdļ0,ͲĿ.

5. ??
________________________________________________________

	7һWIN95µĳ

trwдһСmsg.exe,ǸֻʾһԻpe.:
	trw msg.exe
ϵͳmsg.exe,ͣڵһָ.עָɼ,Ϊwin95ʹڴ潻,
õڴᱻӲ.ʲڵڴʱ,һ0e쳣,ϵͳӹܵ0e쳣ݶڴ.
<f8>һ,ԿѾɶ.
,,,,,,
g	;let it go
q	;quit
