eXtended Memory Specification (XMS), ver 3.0
January 1991
Copyright (c) 1988, Microsoft Corporation, Lotus Development
Corporation, Intel Corporation, and AST Research, Inc.
Microsoft Corporation
Box 97017
One Microsoft Way
Redmond, WA 98073
LOTUS (r)
INTEL (r)
MICROSOFT (r)
AST (r) Research
This specification was jointly developed by Microsoft Corporation,
Lotus Development Corporation, Intel Corporation,and AST Research,
Inc. Although it has been released into the public domain and is not
confidential or proprietary, the specification is still the copyright
and property of Microsoft Corporation, Lotus Development Corporation,
Intel Corporation, and AST Research, Inc.
Disclaimer of Warranty
MICROSOFT CORPORATION, LOTUS DEVELOPMENT CORPORATION, INTEL
CORPORATION, AND AST RESEARCH, INC., EXCLUDE ANY AND ALL IMPLIED
WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. NEITHER MICROSOFT NOR LOTUS NOR INTEL NOR AST
RESEARCH MAKE ANY WARRANTY OF REPRESENTATION, EITHER EXPRESS OR
IMPLIED, WITH RESPECT TO THIS SPECIFICATION, ITS QUALITY,
PERFORMANCE, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
NEITHER MICROSOFT NOR LOTUS NOR INTEL NOR AST RESEARCH SHALL HAVE ANY
LIABILITY FOR SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
OUT OF OR RESULTING FROM THE USE OR MODIFICATION OF THIS
SPECIFICATION.
This specification uses the following trademarks:
Intel is a registered trademark of Intel Corporation, Microsoft is a
registered trademark of Microsoft Corporation, Lotus is a registered
trademark of Lotus Development Corporation, and AST is a registered
trademark of AST Research, Inc.
Extended Memory Specification
The purpose of this document is to define the Extended Memory Specification (XMS) version 3.00 for MS-DOS. XMS allows DOS programs to utilize additional memory found in Intel's 80286 and 80386 based machines in a consistent, machine independent manner. With some restrictions, XMS adds almost 64K to the 640K which DOS programs can access directly. Depending on available hardware, XMS may provide even more memory to DOS programs. XMS also provides DOS programs with a standard method of storing data in extended memory.
To be considered fully XMS 3.0 compliant, all calls except those associated with UMB support must be implemented. UMB functions 10h, 11h and 12h are optional for XMS 3.0 and may return the Function Not Implemented error code, 80h.
DEFINITIONS:
------------
Extended Memory:
Memory in 80286 and 80386 based machines which is located above the 1MB address boundary.
High Memory Area (HMA):
The first 64K of extended memory. The High Memory Area is unique because code can be executed in it while in real mode. The HMA officially starts at FFFF:10h and ends at FFFF:FFFFh making it 64K-16 bytes in length.
Upper Memory Blocks (UMBs):
Blocks of memory available on some 80x86 based machines which are located between DOS's 640K limit and the 1MB address boundary. The number, size, and location of these blocks vary widely depending upon the types of hardware adapter cards installed in the machine.
Extended Memory Blocks (EMBs):
Blocks of extended memory located above the HMA which can only be used for data storage.
A20 Line:
The 21st address line of 80x86 CPUs. Enabling the A20 line allows access to the HMA.
XMM:
An Extended Memory Manager. A DOS device driver which implements XMS. XMMs are machine specific but allow programs to use extended memory in a machine-independent manner.
HIMEM.SYS:
The Extended Memory Manager currently being distributed by Microsoft.
Helpful Diagram:
| | Top of Memory
| |
| |
| /\ |
| /||\ |
| || |
| || |
| |
| |
| |
| Possible Extended Memory Block |
| |
| |
| |
| || |
| || |
| \||/ |
| \/ |
| |
| |
| Other EMBs could exist above 1088K (1MB+64K) |
| |
| |
| | 1088K
| |
| |
| The High Memory Area |
| |
| |
| | 1024K or 1MB
| |
| /\ |
| /||\ |
| || |
| || |
| |
| |
| Possible Upper Memory Block |
| |
| || |
| || |
| \||/ |
| \/ |
| |
| Other UMBs could exist between 640K and 1MB |
| |
| | 640K
| |
| |
| |
| Conventional or DOS Memory |
| |
| |
| |
| |
| |
+ + 0K
DRIVER INSTALLATION:
--------------------
An XMS driver is installed by including a DEVICE= statement in the
machine's CONFIG.SYS file. It must be installed prior to any other
devices or TSRs which use it. An optional parameter after the driver's
name (suggested name "/HMAMIN=") indicates the minimum amount of space in
the HMA a program can use. Programs which use less than the minimum will
not be placed in the HMA. See "Prioritizing HMA Usage" below for more
information. A second optional parameter (suggested name "/NUMHANDLES=")
allows users to specify the maximum number of extended memory blocks which
may be allocated at any time.
NOTE: XMS requires DOS 3.00 or above.
THE PROGRAMMING API:
--------------------
The XMS API Functions are accessed via the XMS driver's Control Function.
The address of the Control Function is determined via INT 2Fh. First, a
program should determine if an XMS driver is installed. Next, it should
retrieve the address of the driver's Control Function. It can then use any
of the available XMS functions. The functions are divided into several
groups:
1. Driver Information Functions (0h)
2. HMA Management Functions (1h-2h)
3. A20 Management Functions (3h-7h)
4. Extended Memory Management Functions (8h-Fh)
5. Upper Memory Management Functions (10h-11h)
DETERMINING IF AN XMS DRIVER IS INSTALLED:
------------------------------------------
The recommended way of determining if an XMS driver is installed is to
set AH=43h and AL=00h and then execute INT 2Fh. If an XMS driver is available,
80h will be returned in AL.
Example:
; Is an XMS driver installed?
mov ax,4300h
int 2Fh
cmp al,80h
jne NoXMSDriver
CALLING THE API FUNCTIONS:
--------------------------
Programs can execute INT 2Fh with AH=43h and AL=10h to obtain the address
of the driver's control function. The address is returned in ES:BX. This
function is called to access all of the XMS functions. It should be called
with AH set to the number of the API function requested. The API function
will put a success code of 0001h or 0000h in AX. If the function succeeded
(AX=0001h), additional information may be passed back in BX and DX. If the
function failed (AX=0000h), an error code may be returned in BL. Valid
error codes have their high bit set. Developers should keep in mind that
some of the XMS API functions may not be implemented by all drivers and will
return failure in all cases.
Example:
; Get the address of the driver's control function
mov ax,4310h
int 2Fh
mov word ptr [XMSControl],bx ; XMSControl is a DWORD
mov word ptr [XMSControl+2],es
; Get the XMS driver's version number
mov ah,00h
call [XMSControl] ; Get XMS Version Number
NOTE: Programs should make sure that at least 256 bytes of stack space
is available before calling XMS API functions.
API FUNCTION DESCRIPTIONS:
--------------------------
The following XMS API functions are available:
0h) Get XMS Version Number
1h) Request High Memory Area
2h) Release High Memory Area
3h) Global Enable A20
4h) Global Disable A20
5h) Local Enable A20
6h) Local Disable A20
7h) Query A20
8h) Query Free Extended Memory
9h) Allocate Extended Memory Block
Ah) Free Extended Memory Block
Bh) Move Extended Memory Block
Ch) Lock Extended Memory Block
Dh) Unlock Extended Memory Block
Eh) Get Handle Information
Fh) Reallocate Extended Memory Block
10h) Request Upper Memory Block
11h) Release Upper Memory Block
12h) Realloc Upper Memory Block
88h) Query any Free Extended Memory
89h) Allocate any Extended Memory Block
8Eh) Get Extended EMB Handle
8Fh) Realloc any Extended Memory
Each is described below.
Get XMS Version Number (Function 00h):
--------------------------------------
ARGS: AH = 00h
RETS: AX = XMS version number
BX = Driver internal revision number
DX = 0001h if the HMA exists, 0000h otherwise
ERRS: None
This function returns with AX equal to a 16-bit BCD number representing
the revision of the DOS Extended Memory Specification which the driver
implements (e.g. AX=0235h would mean that the driver implemented XMS version
2.35). BX is set equal to the driver's internal revision number mainly for
debugging purposes. DX indicates the existence of the HMA (not its
availability) and is intended mainly for installation programs.
NOTE: This document defines version 3.00 of the specification.
Request High Memory Area (Function 01h):
----------------------------------------
ARGS: AH = 01h
If the caller is a TSR or device driver,
DX = Space needed in the HMA by the caller in bytes
If the caller is an application program,
DX = FFFFh
RETS: AX = 0001h if the HMA is assigned to the caller, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 90h if the HMA does not exist
BL = 91h if the HMA is already in use
BL = 92h if DX is less than the /HMAMIN= parameter
This function attempts to reserve the 64K-16 byte high memory area for
the caller. If the HMA is currently unused, the caller's size parameter is
compared to the /HMAMIN= parameter on the driver's command line. If the
value passed by the caller is greater than or equal to the amount specified
by the driver's parameter, the request succeeds. This provides the ability
to ensure that programs which use the HMA efficiently have priority over
those which do not.
NOTE: See the sections "Prioritizing HMA Usage" and "High Memory Area
Restrictions" below for more information.
Release High Memory Area (Function 02h):
----------------------------------------
ARGS: AH = 02h
RETS: AX = 0001h if the HMA is successfully released, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 90h if the HMA does not exist
BL = 93h if the HMA was not allocated
This function releases the high memory area and allows other programs to
use it. Programs which allocate the HMA must release it before exiting.
When the HMA has been released, any code or data stored in it becomes invalid
and should not be accessed.
Global Enable A20 (Function 03h):
---------------------------------
ARGS: AH = 03h
RETS: AX = 0001h if the A20 line is enabled, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 82h if an A20 error occurs
This function attempts to enable the A20 line. It should only be used
by programs which have control of the HMA. The A20 line should be turned
off via Function 04h (Global Disable A20) before a program releases control
of the system.
NOTE: On many machines, toggling the A20 line is a relatively slow
operation.
Global Disable A20 (Function 04h):
----------------------------------
ARGS: AH = 04h
RETS: AX = 0001h if the A20 line is disabled, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 82h if an A20 error occurs
BL = 94h if the A20 line is still enabled
This function attempts to disable the A20 line. It should only be used
by programs which have control of the HMA. The A20 line should be disabled
before a program releases control of the system.
NOTE: On many machines, toggling the A20 line is a relatively slow
operation.
Local Enable A20 (Function 05h):
--------------------------------
ARGS: AH = 05h
RETS: AX = 0001h if the A20 line is enabled, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 82h if an A20 error occurs
This function attempts to enable the A20 line. It should only be used
by programs which need direct access to extended memory. Programs which use
this function should call Function 06h (Local Disable A20) before releasing
control of the system.
NOTE: On many machines, toggling the A20 line is a relatively slow
operation.
Local Disable A20 (Function 06h):
---------------------------------
ARGS: AH = 06h
RETS: AX = 0001h if the function succeeds, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 82h if an A20 error occurs
BL = 94h if the A20 line is still enabled
This function cancels a previous call to Function 05h (Local Enable
A20). It should only be used by programs which need direct access to
extended memory. Previous calls to Function 05h must be canceled before
releasing control of the system.
NOTE: On many machines, toggling the A20 line is a relatively slow
operation.
Query A20 (Function 07h):
-------------------------
ARGS: AH = 07h
RETS: AX = 0001h if the A20 line is physically enabled, 0000h otherwise
ERRS: BL = 00h if the function succeeds
BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
This function checks to see if the A20 line is physically enabled. It
does this in a hardware independent manner by seeing if "memory wrap" occurs.
Query Free Extended Memory (Function 08h):
------------------------------------------
ARGS: AH = 08h
RETS: AX = Size of the largest free extended memory block in K-bytes
DX = Total amount of free extended memory in K-bytes
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A0h if all extended memory is allocated
This function returns the size of the largest available extended memory
block in the system.
NOTE: The 64K HMA is not included in the returned value even if it is
not in use.
Allocate Extended Memory Block (Function 09h):
----------------------------------------------
ARGS: AH = 09h
DX = Amount of extended memory being requested in K-bytes
RETS: AX = 0001h if the block is allocated, 0000h otherwise
DX = 16-bit handle to the allocated block
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A0h if all available extended memory is allocated
BL = A1h if all available extended memory handles are in use
This function attempts to allocate a block of the given size out of the
pool of free extended memory. If a block is available, it is reserved
for the caller and a 16-bit handle to that block is returned. The handle
should be used in all subsequent extended memory calls. If no memory was
allocated, the returned handle is null.
NOTE: Extended memory handles are scarce resources. Programs should
try to allocate as few as possible at any one time. When all
of a driver's handles are in use, any free extended memory is
unavailable.
Free Extended Memory Block (Function 0Ah):
------------------------------------------
ARGS: AH = 0Ah
DX = Handle to the allocated block which should be freed
RETS: AX = 0001h if the block is successfully freed, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A2h if the handle is invalid
BL = ABh if the handle is locked
This function frees a block of extended memory which was previously
allocated using Function 09h (Allocate Extended Memory Block). Programs
which allocate extended memory should free their memory blocks before
exiting. When an extended memory buffer is freed, its handle and all data
stored in it become invalid and should not be accessed.
Move Extended Memory Block (Function 0Bh):
------------------------------------------
ARGS: AH = 0Bh
DS:SI = Pointer to an Extended Memory Move Structure (see below)
RETS: AX = 0001h if the move is successful, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = 82h if an A20 error occurs
BL = A3h if the SourceHandle is invalid
BL = A4h if the SourceOffset is invalid
BL = A5h if the DestHandle is invalid
BL = A6h if the DestOffset is invalid
BL = A7h if the Length is invalid
BL = A8h if the move has an invalid overlap
BL = A9h if a parity error occurs
Extended Memory Move Structure Definition:
ExtMemMoveStruct struc
Length dd ? ; 32-bit number of bytes to transfer
SourceHandle dw ? ; Handle of source block
SourceOffset dd ? ; 32-bit offset into source
DestHandle dw ? ; Handle of destination block
DestOffset dd ? ; 32-bit offset into destination block
ExtMemMoveStruct ends
This function attempts to transfer a block of data from one location to
another. It is primarily intended for moving blocks of data between
conventional memory and extended memory, however it can be used for moving
blocks within conventional memory and within extended memory.
NOTE: If SourceHandle is set to 0000h, the SourceOffset is interpreted
as a standard segment:offset pair which refers to memory that is
directly accessible by the processor. The segment:offset pair
is stored in Intel DWORD notation. The same is true for DestHandle
and DestOffset.
SourceHandle and DestHandle do not have to refer to locked memory
blocks.
Length must be even. Although not required, WORD-aligned moves
can be significantly faster on most machines. DWORD aligned move
can be even faster on 80386 machines.
If the source and destination blocks overlap, only forward moves
(i.e. where the source base is less than the destination base) are
guaranteed to work properly.
Programs should not enable the A20 line before calling this
function. The state of the A20 line is preserved.
This function is guaranteed to provide a reasonable number of
interrupt windows during long transfers.
Lock Extended Memory Block (Function 0Ch):
------------------------------------------
ARGS: AH = 0Ch
DX = Extended memory block handle to lock
RETS: AX = 0001h if the block is locked, 0000h otherwise
DX:BX = 32-bit physical address of the locked block
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A2h if the handle is invalid
BL = ACh if the block's lock count overflows
BL = ADh if the lock fails
This function locks an extended memory block and returns its base
address as a 32-bit physical address. Locked memory blocks are guaranteed not
to move. The 32-bit pointer is only valid while the block is locked.
Locked blocks should be unlocked as soon as possible.
NOTE: A block does not have to be locked before using Function 0Bh (Move
Extended Memory Block).
"Lock counts" are maintained for EMBs.
Unlock Extended Memory Block (Function 0Dh):
--------------------------------------------
ARGS: AH = 0Dh
DX = Extended memory block handle to unlock
RETS: AX = 0001h if the block is unlocked, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A2h if the handle is invalid
BL = AAh if the block is not locked
This function unlocks a locked extended memory block. Any 32-bit
pointers into the block become invalid and should no longer be used.
Get EMB Handle Information (Function 0Eh):
------------------------------------------
ARGS: AH = 0Eh
DX = Extended memory block handle
RETS: AX = 0001h if the block's information is found, 0000h otherwise
BH = The block's lock count
BL = Number of free EMB handles in the system
DX = The block's length in K-bytes
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A2h if the handle is invalid
This function returns additional information about an extended memory
block to the caller.
NOTE: To get the block's base address, use Function 0Ch (Lock Extended
Memory Block).
Reallocate Extended Memory Block (Function 0Fh):
------------------------------------------------
ARGS: AH = 0Fh
BX = New size for the extended memory block in K-bytes
DX = Unlocked extended memory block handle to reallocate
RETS: AX = 0001h if the block is reallocated, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = 81h if a VDISK device is detected
BL = A0h if all available extended memory is allocated
BL = A1h if all available extended memory handles are in use
BL = A2h if the handle is invalid
BL = ABh if the block is locked
This function attempts to reallocate an unlocked extended memory block
so that it becomes the newly specified size. If the new size is smaller
than the old block's size, all data at the upper end of the old block is
lost.
Request Upper Memory Block (Function 10h):
------------------------------------------
ARGS: AH = 10h
DX = Size of requested memory block in paragraphs
RETS: AX = 0001h if the request is granted, 0000h otherwise
BX = Segment number of the upper memory block
If the request is granted,
DX = Actual size of the allocated block in paragraphs
otherwise,
DX = Size of the largest available UMB in paragraphs
ERRS: BL = 80h if the function is not implemented
BL = B0h if a smaller UMB is available
BL = B1h if no UMBs are available
This function attempts to allocate an upper memory block to the caller.
If the function fails, the size of the largest free UMB is returned in DX.
NOTE: By definition UMBs are located below the 1MB address boundary.
The A20 Line does not need to be enabled before accessing an
allocated UMB.
UMBs are paragraph aligned.
To determine the size of the largest available UMB, attempt to
allocate one with a size of FFFFh.
UMBs are unaffected by EMS calls.
Release Upper Memory Block (Function 11h):
------------------------------------------
ARGS: AH = 11h
DX = Segment number of the upper memory block
RETS: AX = 0001h if the block was released, 0000h otherwise
ERRS: BL = 80h if the function is not implemented
BL = B2h if the UMB segment number is invalid
This function frees a previously allocated upper memory block. When an
UMB has been released, any code or data stored in it becomes invalid and
should not be accessed.
Reallocate Upper Memory Block (Function 12h)
ARGS:
AH = 12h
BX = New size for UMB in paragraphs
DX = Segment number of the UMB to reallocate
RETS:
AX = 1 if the block was reallocated, 0 otherwise
ERRS:
BL = 80h if the function is not implemented
BL = B0h if no UMB large enough to satisfy the request is available.
In this event, DX is returned with the size of the largest UMB that is available.
BL = B2h if the UMB segment number is invalid
This function attempts to reallocate an Upper Memory Block to a newly specified size. If the new size is smaller than the old block's size, all data at the upper end of the block is lost.
Super Extended Memory Support
These changes are intended to provide support for extended memory pools up to 4 Gb in size. The current XMS API, since it uses 16-bit values to specify block sizes in Kb, is limited to 64 Mb maximum block size. Future machines are expected to support memory above 64 MB.
This support is implemented in the form of extensions to existing functions, rather than entirely new entry points, to allow for more efficient implementations.
Programs should generally use the existing functions, instead of these extended ones, unless they have an explicit need to deal with memory above 64 Mb.
Query Any Free Extended Memory (Function 88h)
Entry:
AH = 88h
Exit:
EAX = Size of largest free extended memory block in Kb.
BL = 0 if no error occurs, otherwise it takes an error code.
ECX = Highest ending address of any memory block.
EDX = Total amount of free memory in Kb.
Errors:
BL = 80h if the function is not implemented.
BL = 81h if a VDISK device is detected.
BL = A0h if all extended memory is allocated.
This function uses 32-bit values to return the size of available memory, thus allowing returns up to 4GByte. Additionally, it returns the highest known physical memory address, that is, the physical address of the last byte of memory. There may be discontinuities in the memory map below this address.
The memory pool reported on is the same as that reported on by the existing Query Free Extended Memory function. If the highest memory address is not more than 64 Mb, then these two functions will return the same results.
Because of its reliance on 32-bit registers, this function is only available on 80386 and higher processors. XMS drivers on 80286 machines should return error code 80h if this function is called.
If error code 81h is returned, the value in ECX will still be valid. If error code A0h is returned, EAX and EDX will be 0, and ECX will still be valid.
Allocate Any Extended Memory (Function 89h)
Entry:
AH = 89h
EDX = Amount of extended memory requested, in Kb.
Exit:
AX = 1 if the block is allocated, 0 if not
DX = Handle to allocated block.
Errors:
BL = 80h if the function is not implemented.
BL = 81h if a VDISK device is detected.
BL = A0h if all available extended memory is allocated.
BL = A1h if all available extended memory handles are in use.
This function is similar to the existing Allocate Extended Memory, except that it uses a 32-bit instead of a 16-bit value to specify the amount of memory requested. It allocates from the same memory and handle pool as the current function. Since it requires a 32-bit register, this function can be supported only on 80386 and higher processors, and XMS drivers on 80286 machines should return error code 80h.
Get Extended EMB Handle Information (Function 8Eh)
Entry:
AH = 8Eh
DX = Extended memory block handle.
Exit:
AX = 1 if the block's information is found, 0 if not
BH = Block lock count
CX = Number of free EMB handles in the system
EDX = Block's length in Kb.
Errors:
BL = 80h if the function is not implemented.
BL = 81h if a VDISK device is detected.
BL = A2h if the handle is invalid.
This function is similar to the Get EMB Handle Information function. Since it uses a 32-bit register to report the block size, it can be used to get information on blocks larger than 64 Mb. It also uses a 16-bit instead of 8-bit register to report the number of free handles, allowing the handle pool to be extended beyond 256 entries.
Because of its reliance on a 32-bit register, this function is available on 80386 and higher processors. XMS drivers on 80286 machines should return error code 80h if this function is called.
Reallocate Any Extended Memory (Function 8Fh)
Entry:
AH = 8Fh
EBX = New size for extended memory block, in Kb.
DX = Unlocked handle for memory block to be resized.
Exit:
AX = 1 if the block is reallocated, 0 if not
Errors:
BL = 80h if the function is not implemented.
BL = 81h if a VDISK device is detected.
BL = A0h if all available extended memory is allocated.
BL = A1h if all available extended memory handles are in use.
BL = A2h if the handle is invalid.
BL = ABh if the block is locked.
This function is similar to the existing Reallocate Extended Memory, except that it uses a 32-bit instead of a 16-bit value to specify the amount of memory requested. It allocates from the same memory and handle pool as the current function. Since it requires a 32-bit register, this function can be supported only on 80386 and higher processors, and XMS drivers on 80286 machines should return error code 80h.
PRIORITIZING HMA USAGE:
-----------------------
For DOS users to receive the maximum benefit from the High Memory Area,
programs which use the HMA must store as much of their resident code in it as
is possible. It is very important that developers realize that the HMA is
allocated as a single unit.
For example, a TSR program which grabs the HMA and puts 10K of code into
it may prevent a later TSR from putting 62K into the HMA. Obviously, regular
DOS programs would have more memory available to them below the 640K line if
the 62K TSR was moved into the HMA instead of the 10K one.
The first method for dealing with conflicts such as this is to require
programs which use the HMA to provide a command line option for disabling
this feature. It is crucial that TSRs which do not make full use of the HMA
provide such a switch on their own command line (suggested name "/NOHMA").
The second method for optimizing HMA usage is through the /HMAMIN=
parameter on the XMS device driver line. The number after the parameter
is defined to be the minimum amount of HMA space (in K-bytes) used by any
driver or TSR. For example, if "DEVICE=HIMEM.SYS /HMAMIN=48" is in a
user's CONFIG.SYS file, only programs which request at least 48K would be
allowed to allocate the HMA. This number can be adjusted either by
installation programs or by the user himself. If this parameter is not
specified, the default value of 0 is used causing the HMA to be allocated
on a first come, first served basis.
Note that this problem does not impact application programs. If the HMA
is available when an application program starts, the application is free to
use as much or as little of the HMA as it wants. For this reason,
applications should pass FFFFh in DX when calling Function 01h.
HIGH MEMORY AREA RESTRICTIONS:
------------------------------
- Far pointers to data located in the HMA cannot be passed to DOS. DOS
normalizes any pointer which is passed into it. This will cause data
addresses in the HMA to be invalidated.
- Disk I/O directly into the HMA (via DOS, INT 13h, or otherwise) is not
recommended.
- Programs, especially drivers and TSRs, which use the HMA *MUST* use
as much of it as possible. If a driver or TSR is unable to use at
least 90% of the available HMA (typically ~58K), they must provide
a command line switch for overriding HMA usage. This will allow
the user to configure his machine for optimum use of the HMA.
- Device drivers and TSRs cannot leave the A20 line permanently turned
on. Several applications rely on 1MB memory wrap and will overwrite the
HMA if the A20 line is left enabled potentially causing a system crash.
- Interrupt vectors must not point into the HMA. This is a result of
the previous restriction. Note that interrupt vectors can point into
any allocated upper memory blocks however.
ERROR CODE INDEX:
-----------------
If AX=0000h when a function returns and the high bit of BL is set,
BL=80h if the function is not implemented
81h if a VDISK device is detected
82h if an A20 error occurs
8Eh if a general driver error occurs
8Fh if an unrecoverable driver error occurs
90h if the HMA does not exist
91h if the HMA is already in use
92h if DX is less than the /HMAMIN= parameter
93h if the HMA is not allocated
94h if the A20 line is still enabled
A0h if all extended memory is allocated
A1h if all available extended memory handles are in use
A2h if the handle is invalid
A3h if the SourceHandle is invalid
A4h if the SourceOffset is invalid
A5h if the DestHandle is invalid
A6h if the DestOffset is invalid
A7h if the Length is invalid
A8h if the move has an invalid overlap
A9h if a parity error occurs
AAh if the block is not locked
ABh if the block is locked
ACh if the block's lock count overflows
ADh if the lock fails
B0h if a smaller UMB is available
B1h if no UMBs are available
B2h if the UMB segment number is invalid
IMPLEMENTATION NOTES FOR DOS XMS DRIVERS:
-----------------------------------------
- A DOS XMS driver's control function must begin with code similar to the
following:
XMMControl proc far
jmp short XCControlEntry ; For "hookability"
nop ; NOTE: The jump must be a short
nop ; jump to indicate the end of
nop ; any hook chainThe nop's
; allow a far jump to be
; patched in.
XCControlEntry:
- XMS drivers must preserve all registers except those containing
returned values across any function call.
- XMS drivers are required to hook INT 15h and watch for calls to
functions 87h (Block Move) and 88h (Extended Memory Available). The
INT 15h Block Move function must be hooked so that the state of the A20
line is preserved across the call. The INT 15h Extended Memory
Available function must be hooked to return 0h to protect the HMA.
- In order to maintain compatibility with existing device drivers, DOS XMS
drivers must not hook INT 15h until the first non-Version Number call
to the control function is made.
- XMS drivers are required to check for the presence of drivers which
use the IBM VDISK allocation scheme. Note that it is not sufficient to
check for VDISK users at installation time but at the time when the HMA
is first allocated. If a VDISK user is detected, the HMA must not be
allocated. Microsoft will publish a standard method for detecting
drivers which use the VDISK allocation scheme.
- XMS drivers which have a fixed number of extended memory handles (most
do) should implement a command line parameter for adjusting that number
(suggested name "/NUMHANDLES=")
- XMS drivers should make sure that the major DOS version number is
greater than or equal to 3 before installing themselves.
- UMBs cannot occupy memory addresses that can be banked by EMS 4.0.
EMS 4.0 takes precedence over UMBs for physically addressable memory.
- All driver functions must be re-entrant. Care should be taken to not
leave interrupts disabled for long periods of time.
- Allocation of a zero length extended memory buffer is allowed. Programs
which hook XMS drivers may need to reserve a handle for private use via
this method. Programs which hook an XMS driver should pass all requests
for zero length EMBs to the next driver in the chain.
- Drivers should control the A20 line via an "enable count." Local En-
able only enables the A20 line if the count is zero. It then increments
the count. Local Disable only disables A20 if the count is one. It
then decrements the count. Global Enable/Disable keeps a flag which
indicates the state of A20. They use Local Enable/Disable to actually
change the state.
- Drivers should always check the physical A20 state in the local Enable-Disable calls, to see
that the physical state matches the internal count. If the physical state does not match, it should
be modified so that it matches the internal count. This avoids problems with applications that
modify A20 directly.
IMPLEMENTATION OF CODE FOR HOOKING THE XMS DRIVER:
In order to support the hooking of the XMS driver by multiple
pieces of code, the following code sample should be followed.
Use of other methods for hooking the XMS driver will not work
in many cases. This method is the official supported one.
The basic strategy is:
Find the XMS driver header which has the "near jump" dispatch.
Patch the near jump to a FAR jump which jumps to my HOOK XMS
driver header.
NOTES:
o This architecture allows the most recent HOOKer to undo his
XMS driver hook at any time without having to worry about
damaging a "hook chain".
o This architecture allows the complete XMS hook chain to be
enumerated at any time. There are no "hidden hooks".
o This architecture allows the HOOKer to not have to worry
about installing an "INT 2F hook" to hook the AH=43h
INT 2Fs handled by the XMS driver. The base XMS driver
continues to be the only one installed on INT 2Fh AH=43h.
This avoids all of the problems of undoing a software
interrupt hook.
;
; When I wish to CHAIN to the previous XMS driver, I execute a FAR JMP
; to the address stored in this DWORD.
;
PrevXMSControlAddr dd ?
;
; The next two data items are needed ONLY if I desire to be able to undo
; my XMS hook.
; PrevXMSControlJmpVal stores the previos XMS dispatch near jump offset
; value that is used to unhook my XMS hook
; PrevXMSControlBase stores the address of the XMS header that I hooked
;
PrevXMSControlBase dd ?
PrevXMSControlJmpVal db ?
;
; This is MY XMS control header.
;
MyXMSControlFunc proc FAR
jmp short XMSControlEntry
nop
nop
nop
XMSControlEntry:
......
Chain:
jmp cs:[PrevXMSControlAddr]
MyXMSControlFunc endp
.......
;
; This is the code which installs my hook into the XMS driver.
;
;
; See if there is an XMS driver to hook
;
mov ax,4300h
int 2Fh
cmp al,80h
jne NoXMSDrvrToHookError
;
; Get the current XMS driver Control address
;
mov ax,4310h
int 2Fh
NextXMSHeader:
mov word ptr [PrevXMSControlAddr+2],es
mov word ptr [PrevXMSControlBase+2],es
mov word ptr [PrevXMSControlBase],bx
mov cx,word ptr es:[bx]
cmp cl,0EBh ; Near JUMP
je ComputeNearJmp
cmp cl,0EAh ; Far JUMP
jne XMSDrvrChainMessedUpError
ComputeFarJmp:
mov si,word ptr es:[bx+1] ; Offset of jump
mov es,word ptr es:[bx+1+2] ; Seg of jump
mov bx,si
jmp short NextXMSHeader
ComputeNearJmp:
cmp word ptr es:[bx+2],9090h ; Two NOPs?
jne XMSDrvrChainMessedUpError ; No
cmp byte ptr es:[bx+4],90h ; Total of 3 NOPs?
jne XMSDrvrChainMessedUpError ; No
mov di,bx ; Save pointer to header
xor ax,ax
mov al,ch ; jmp addr of near jump
mov [PrevXMSControlJmpVal],al
add ax,2 ; NEAR JMP is 2 byte instruction
add bx,ax ; Target of jump
mov word ptr [PrevXMSControlAddr],bx
;
; Now INSTALL my XMS HOOK
;
cli ; Disable INTs in case someone calls
; XMS at interrupt time
mov byte ptr es:[di],0EAh ; Far Immed. JUMP instruction
mov word ptr es:[di+1],offset MyXMSControlFunc
mov word ptr es:[di+3],cs
sti
.....
;
; Deinstall my XMS hook. This can be done IF AND ONLY IF my XMS header
; still contains the near jump dispatch
;
cmp byte ptr [MyXMSControlFunc],0EBh
jne CantDeinstallError
mov al,0EBh
mov ah,[PrevXMSControlJmpVal]
les bx,[PrevXMSControlBase]
cli ; Disable INTs in case someone calls
; XMS at interrupt time
mov word ptr es:[bx],ax
mov word ptr es:[bx+2],9090h
mov byte ptr es:[bx+4],90h
sti
....
IMPLEMENTATION NOTES FOR HIMEM.SYS:
-----------------------------------
- HIMEM.SYS currently supports true AT-compatibles, 386 AT machines, IBM
PS/2s, AT&T 6300 Plus systems and Hewlett Packard Vectras.
- If HIMEM finds that it cannot properly control the A20 line or if there
is no extended memory available when HIMEM.SYS is invoked, the driver
does not install itself. HIMEM.SYS displays the message "High Memory
Area Unavailable" when this situation occurs.
- If HIMEM finds that the A20 line is already enabled when it is invoked,
it will NOT change the A20 line's state. The assumption is that whoever
enabled it knew what they were doing. HIMEM.SYS displays the message "A20
Line Permanently Enabled" when this situation occurs.
- HIMEM.SYS is incompatible with IBM's VDISK.SYS driver and other drivers
which use the VDISK scheme for allocating extended memory. However,
HIMEM does attempt to detect these drivers and will not allocate the
HMA if one is found.
- HIMEM.SYS supports the optional "/HMAMIN=" parameter. The valid values
are decimal numbers between 0 and 63.
- By default, HIMEM.SYS has 32 extended memory handles available for use.
This number may be adjusted with the "/NUMHANDLES=" parameter. The
maximum value for this parameter is 128 and the minimum is 0. Each
handle currently requires 6 bytes of resident space.
Copyright (c) 1988, Microsoft Corporation