[Soekris] Buggy BIOS , int 15h, ah=87h (continuation)

Yuri Karaban tech at askold.net
Fri May 13 19:35:02 UTC 2005

Pcengines has the same bug.

As I understand soekris bios has the same background as pcengines

Look at tinybios int 1587 handler

01  int1587:        push    ax
02          push    bx
03          push    si
04          push    di
05          push    ds
06          push    es
07          call    cs_a20on        ;enable A20 gate
08          cld
09          and     ecx,0000ffffh
10          mov     edi,[es:si+1ah] ;24 bit destination address
11          and     edi,00ffffffh   ;mask high bits
12          mov     esi,[es:si+12h] ;24 bit destination address
13          and     esi,00ffffffh   ;mask high bits
15          ; enter unreal mode

On lines 10 and 12 it load first 32 bits of descriptor.

And masks higher 8, it is correct. Because first 24 bits of descriptor
is the base addres of selector and high 8 bits is selector

But it does not load high 8 bits (32-24) of base address.

This byte located at [es:si+1fh] for destination and at [es:si+17h]
for source address.

