#1448 KBD: unsupported int 16h function 55
I found a reproducible ERROR in Bochs (and QEMU and DOSBox) when i try to start the program "LEARN.COM" from "Microsoft QuickC 2.51" and "Microsoft Learning DOS v2.00" in a DOS environment as guest OS.
The program works fine on real hardware and in the PCjs javascript based x86 emulator but not in Bochs and the other emulators and Virtual machines i mentioned above.
When i run the program, the emulated machine stops in a black screen and in the bochs debugger i get the following ERROR Message:
00272088141i[BIOS ] KBD: unsupported int 16h function 55
00280294020i[XGUI ] charmap update. Font is 9 x 16
Only a reboot of the emulated machine helps at that moment.
When i power off the bochs emulator i get the following register output in the debugger after the above message:
00338572000p[XGUI ] >>PANIC<< POWER button turned off.
========================================================================
Bochs is exiting with the following message:
[XGUI ] POWER button turned off.
========================================================================
00338572000i[CPU0 ] CPU is in real mode (active)
00338572000i[CPU0 ] CS.mode = 16 bit
00338572000i[CPU0 ] SS.mode = 16 bit
00338572000i[CPU0 ] EFER = 0x00000000
00338572000i[CPU0 ] | EAX=00000105 EBX=00000134 ECX=00000000 EDX=00000c40
00338572000i[CPU0 ] | ESP=00001b74 EBP=00001b8c ESI=00000c28 EDI=0000003c
00338572000i[CPU0 ] | IOPL=3 id vip vif ac vm rf NT of df IF tf sf zf af PF cf
00338572000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00338572000i[CPU0 ] | CS:1668( 1e00| 0| 0) 00016680 0000ffff 0 0
00338572000i[CPU0 ] | DS:1bfe( 0000| 0| 0) 0001bfe0 0000ffff 0 0
00338572000i[CPU0 ] | SS:1bfe( 0000| 0| 0) 0001bfe0 0000ffff 0 0
00338572000i[CPU0 ] | ES:1bfe( 0000| 0| 0) 0001bfe0 0000ffff 0 0
00338572000i[CPU0 ] | FS:0000( 0000| 0| 0) 00000000 0000ffff 0 0
00338572000i[CPU0 ] | GS:0000( 0000| 0| 0) 00000000 0000ffff 0 0
00338572000i[CPU0 ] | EIP=00000126 (00000126)
00338572000i[CPU0 ] | CR0=0x60000010 CR2=0x00000000
00338572000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
(0).[338572000] [0x0000000fff53] f000:ff53 (unk. ctxt): iret ; cf
00338572000i[CMOS ] Last time is 1656452451 (Tue Jun 28 23:40:51 2022)
00338572000i[XGUI ] Exit
00338572000i[SIM ] quit_sim called with exit code 1
The problem seems to be in the BOCHS legacy BIOS, that's at least where i found the code for the error message, that is printed in the debugger:
From the File: bochs/bios/rombios.c in Line 4811
BX_INFO("KBD: unsupported int 16h function %02x\n", GET_AH());
That might also be the reason, why QEMU, which uses the same ROM BIOS is affected too.
The number 55 seems to be read from the AH register and printed in the debugger output.
Using other BIOS ROMs, like BIOS-bochs-latest doesn't help. When i use them, DOS doesn't boot, which i did expect, as far as i know, the latest BIOS isn't for Real Mode operating systems. Thus i couldn't test it with these other BIOS ROMs.
Because the error message also says:
charmap update. Font is 9 x 16
I also tested different VGA BIOS files. From Standard VGA to CIRRUS BIOS, but none of them helped.
It also doesn't matter which DOS i use. MS-DOS 6.2, DR DOS 3.41, FreeDOS 1.3, the error is always the same. And because the program LEARN.COM runs fine in a real machine, i highly suspect, that this is an error in BOCHS or its ROM BIOS.
The used BOCHS version was Version 2.6.11 with debugger support turned on from the package repository of Debian 11 Bullseye:
========================================================================
Bochs x86 Emulator 2.6.11
Built from SVN snapshot on January 5, 2020
Timestamp: Sun Jan 5 08:36:00 CET 2020
========================================================================
This is my ~/.bochrc config file:
# configuration file generated by Bochs
plugin_ctrl: unmapped=true, biosdev=true, speaker=true, extfpuirq=true, parallel=true, serial=true, gameport=true, iodebug=true
config_interface: textconfig
display_library: x
memory: host=32, guest=32
# BIOS ROM
# Legacy
romimage: file="/usr/share/bochs/BIOS-bochs-legacy", address=0xffff0000, options=none
# romimage: file="/usr/share/bochs/BIOS-bochs-legacy", address=0x00000000, options=none
# Latest
# romimage: file="/usr/share/bochs/BIOS-bochs-latest", address=0xfffe0000, options=none
# VGA ROM
# VGA BIOS LGPL Latest
#vgaromimage: file="/usr/share/vgabios/vgabios.bin"
# VGA CIRRUS
vgaromimage: file="/usr/share/vgabios/vgabios.cirrus.bin"
boot: floppy
floppy_bootsig_check: disabled=0
# no floppyb
ata0: enabled=true, ioaddr1=0x1f0, ioaddr2=0x3f0, irq=14
ata0-master: type=none
ata0-slave: type=none
ata1: enabled=true, ioaddr1=0x170, ioaddr2=0x370, irq=15
ata1-master: type=none
ata1-slave: type=none
ata2: enabled=false
ata3: enabled=false
optromimage1: file=none
optromimage2: file=none
optromimage3: file=none
optromimage4: file=none
optramimage1: file=none
optramimage2: file=none
optramimage3: file=none
optramimage4: file=none
pci: enabled=1, chipset=i440fx
# Normal VGA BIOS and standard VGA
# vga: extension=none, update_freq=5, realtime=1
# VGA BIOS-LGPL-Latest
# vga: extension=vbe, update_freq=5, realtime=1
# CIRRUS VGA BIOS
vga: extension=cirrus, update_freq=10, realtime=1
# Voodoo Banshee + VGABIOS-lgpl-latest-banshee
# vga: extension=voodoo
# Voodooo Banshee
# voodoo: enabled=1, model=banshee
# Voodoo 3
# voodoo: enabled=1, model=voodoo3
cpu: count=1:1:1, ips=4000000, quantum=16, model=bx_generic, reset_on_triple_fault=1, cpuid_limit_winnt=0, ignore_bad_msrs=1, mwait_is_nop=0
cpuid: level=6, stepping=3, model=3, family=6, vendor_string="GenuineIntel", brand_string=" Intel(R) Pentium(R) 4 CPU "
cpuid: mmx=true, apic=xapic, simd=sse2, sse4a=false, misaligned_sse=false, sep=true
cpuid: movbe=false, adx=false, aes=false, sha=false, xsave=false, xsaveopt=false, avx_f16c=false
cpuid: avx_fma=false, bmi=0, xop=false, fma4=false, tbm=false, x86_64=true, 1g_pages=false
cpuid: pcid=false, fsgsbase=false, smep=false, smap=false, mwait=true, vmx=1, svm=false
print_timestamps: enabled=0
debugger_log: -
magic_break: enabled=0
port_e9_hack: enabled=0
private_colormap: enabled=0
clock: sync=none, time0=local, rtc_sync=0
# no cmosimage
log: -
logprefix: %t%e%d
debug: action=ignore
info: action=report
error: action=report
panic: action=ask
keyboard: type=mf, serial_delay=250, paste_delay=100000, user_shortcut=none
mouse: type=ps2, enabled=false, toggle=ctrl+mbutton
sound: waveoutdrv=alsa, waveout=none, waveindrv=alsa, wavein=none, midioutdrv=alsa, midiout=none
speaker: enabled=true, mode=sound
parport1: enabled=true, file=none
parport2: enabled=false
com1: enabled=true, mode=null
com2: enabled=false
com3: enabled=false
com4: enabled=false
I start the machine with the following command line:
bochs boot:a 'floppya: image=floppy_1440.img, status=inserted'
The floppy_1440.img is a 1.4 MiB large self bootable DOS floppy with the accoring files for the LEARN.COM program on it.
That's all i can say about this bug at the moment.
If you need more informations, just ask me.
BTW, in the current SVN tree the error message can be found here:
https://sourceforge.net/p/bochs/code/HEAD/tree/trunk/bochs/bios/rombios.c#l4966
And from the Release 2.6.11 here:
https://sourceforge.net/p/bochs/code/HEAD/tree/tags/REL_2_6_11_FINAL/bochs/bios/rombios.c#l4956
Last edit: Oliver 2022-06-29
BTW, i don't know why there is no category for "New bug reports" but the category "can't_reproduce" is wrong for this bug. The Bug IS reproducible.
The real bug has little to do with int 16/ax=55xx.
That particular service is for a TSR related to Word for DOS according to Ralf Brown's interrupt list. The value "MS" is supposed to be returned in AX if that particular TSR is installed, otherwise AX remains umodified.
There has to be another bug, because when you break into the hung black screen, you look at an "arpl ds:[bx+si], ax" instruction (bytes 63 00). Which sits in the middle of otherwise normal code. Looks like a botched jump or return address or something.
The program works fine in 86DOS emulator.
Maybe it has other reasons. But the point is, it doesn't run in BOCHS, QEMU and DOSBox.
It runs in PCjs javascript based x86 emulator.
I didn't check 86DOS emulator but good to hear that it is working there too.
In my opinion if it doesn't run in all emulators (in this case BOCHS, QEMU and DOSBox) but in some (PCjs and 86DOS and on real machines), then there must be something wrong with BOCHS, QEMU and DOSBox.
If it were a bug in the software then it shouldn't run in PCjs, 86DOS and real machines either.
Yes. I tried to run the program through a debugger to see where it goes off the rails, but with no luck. When the hang occurs (when the jump into weird code happens), it is in the middle of doing graphics stuff with I/O ports and stuff related to video. Also the debugger I tried did not have the ability to "record" where it came from (stack trace).
You could try to use the Javascript based PCjs emulator, it has an integrated debugger and is able to run the software.
https://github.com/jeffpar/pcjs