Terminate-and-stay-resident program

Last updated January 24, 2023

A terminate-and-stay-resident program (commonly TSR) is a computer program running under DOS that uses a system call to return control to DOS as though it has finished, but remains in computer memory so it can be reactivated later.^[1] This technique partially overcame DOS's limitation of executing only one program, or task, at a time. TSRs are used only in DOS, not in Windows.

Use

Normally DOS can run only one program at a time. When a program finishes, it returns control to DOS using the system call INT 21h/4Ch.^[2] The memory and system resources used are then marked as unused. This makes it impossible to restart parts of the program without having to reload it all. However, if a program ends with the system call INT 27h or INT 21h/31h, the operating system does not reuse a certain specified part of its memory.

The original call, INT 27h, is called "terminate but stay resident", hence the name "TSR". Using this call, a program can make up to 64 KB of its memory resident. MS-DOS version 2.0 introduced an improved call, INT 21h/31h ('Keep Process'), which removed this limitation and let the program return an exit code. Before making this call, the program can install one or several interrupt handlers pointing into itself, so that it can be called again. Installing a hardware interrupt vector allows such a program to react to hardware events. Installing a software interrupt vector allows it to be called by the currently running program. Installing a timer interrupt handler allows a TSR to run periodically (see ISA and programmable interval timer, especially the section "IBM PC compatible").

The typical method of using an interrupt vector involves reading its present value (the address), storing it within the memory space of the TSR, and replacing it with an address in its own code. The stored address is called from the TSR, in effect forming a singly linked list of interrupt handlers, also called interrupt service routines, or ISRs. This procedure of installing ISRs is called chaining or hooking an interrupt or an interrupt vector.

By chaining the interrupt vectors TSRs can take complete control of the computer. A TSR can have one of two behaviors:

Take complete control of an interrupt by not calling other TSRs that had previously altered the same interrupt vector.
Cascade with other TSRs by calling the old interrupt vector. This can be done before or after they executed their actual code. This way TSRs can form a chain where each calls the next.

The terminate-and-stay-resident method is used by most DOS viruses and other malware, which can either take control of the PC or stay in the background. This malware will react to disk I/O or execution events by infecting executable (.EXE or .COM) files when it is run and data files when they are opened.

TSRs can be loaded at any time; either during the DOS startup sequence (for example, from AUTOEXEC.BAT), or at the user's request (for example, Borland's Sidekick and Turbo Debugger, Quicken's QuickPay, or FunStuff Software's Personal Calendar). Parts of DOS itself use this technique, especially in DOS versions 5.0 and later. For example, the DOSKEY command-line editor and various other utilities are installed by running them at the command line (manually, or from AUTOEXEC.BAT or through INSTALL from within CONFIG.SYS) rather than loading them as device drivers through DEVICE statements in CONFIG.SYS.

Some TSRs have no way to unload themselves, so they will remain in memory until a reboot. However unloading is possible externally, using utilities like the MARK.EXE/RELEASE.EXE combo by TurboPower Software or soft reboot TSRs which will catch a specific key combination and release all TSRs loaded after them. As the chain of ISRs is singly linked, and a TSR may store the link to its predecessor anywhere it chooses, there is no general way for a TSR to remove itself from the chain. So usually a stub must be left in memory when unloading a TSR, causing memory fragmentation. This problem gave rise to TSR cooperation frameworks such as TesSeRact and AMIS.^[3]

Interrupt sharing

To manage problems with many TSRs sharing the same interrupt, a method called Alternate Multiplex Interrupt Specification (AMIS) was proposed by Ralf D. Brown as an improvement over previously used services offered via INT 2Fh. AMIS provides ways to share software interrupts in a controlled manner. It is modeled after IBM's Interrupt Sharing Protocol , originally invented for sharing hardware interrupts of an x86 processor. AMIS services are available via Int 2Dh.^[4]

The proposal never gained a widespread traction among programmers in its days. It existed alongside several other competing specifications of varying sophistication.^[5]

Faults

While very useful, or even essential to overcome DOS's limitations, TSRs have a reputation as troublemakers. Many hijack the operating system in varying documented or undocumented ways, often causing systems to crash on their activation or deactivation when used with particular applications or other TSRs. As explained above, some viruses and other malware were coded as TSRs, and are deliberately troublesome. Additionally, in DOS all programs, even those with large amounts of physical RAM, must be loaded into the first 640 KB of RAM (the conventional memory). TSRs are no exception, and take chunks from that 640 KB that are thus unavailable to other applications. This meant that writing a TSR was a challenge of achieving the smallest possible size for it, and checking it for compatibility with a lot of software products from different vendors—often a very frustrating task.

In the late 1980s and early 1990s, many video games on the PC platform pushed up against this limit and left less and less space for TSRs—even essential ones like CD-ROM drivers—and arranging things so that there was enough free RAM to run the games, while keeping the necessary TSRs present, became a black art. Many gamers had several boot disks with different configurations for different games. In later versions of MS-DOS, "boot menu" scripts allowed various configurations to be selectable via a single "boot disk". In the mid- to later 1990s, while many games were still written for DOS, the 640 KB limit was eventually overcome by putting parts of the game's data or code above the first 1 MB of memory and using the code below 640 KB to access the extended memory (using DOS extension methods), with code being swapped into the lowest 1 MB of RAM as overlays. Because programming with many overlays is a challenge in and of itself, once the program was too big to fit entirely into about 512 KB, use of extended memory was almost always done using a third-party DOS extender implementing VCPI or DPMI, because it becomes much easier and faster to access memory above the 1 MB boundary, and possible to run code in that area, when the x86 processor is switched from real mode to protected mode. However, since DOS and most DOS programs run in real mode (VCPI or DPMI makes a protected mode program look like a real mode program to DOS and the rest of the system by switching back and forth between the two modes), DOS TSRs and device drivers also run in real mode, and so any time one gets control, the DOS extender has to switch back to real mode until it relinquishes control, incurring a time penalty (unless they utilize techniques such as DPMS or CLOAKING).

Return

With the arrival of expanded memory boards and especially of Intel 80386 processors in the second half of the 1980s, it became possible to use memory above 640 KB to load TSRs. This required complex software solutions, named expanded memory managers. Some memory managers are QRAM and QEMM by Quarterdeck, 386^MAX by Qualitas, CEMM by Compaq and later EMM386 by Microsoft. The memory areas usable for loading TSRs above 640 KB are called "upper memory blocks" (UMBs) and loading programs into them is called loading high. Later, memory managers started including programs such as Quarterdeck's Optimize or Microsoft's MEMMAKER which try to maximize the available space in the first 640 KB by determining how best to allocate TSRs between low and high memory.

Decline

With the development of games using DOS extenders (an early example was Doom ) which bypassed the 640 KB barrier, many of the issues relating to TSRs disappeared, and with the widespread adoption of Microsoft Windows and especially Windows 95 (followed by Windows 98) – which rendered most TSRs unnecessary and some TSRs incompatible – the TSR faded into obsolescence, though Win16 applications can do TSR-like tricks such as patching the interrupt descriptor table (IDT) because Windows allowed it.

Windows Me and Windows NT (the latter including consumer operating systems from Windows XP on) run in protected mode or long mode all the time, disabling the ability to switch to real mode, which is needed for TSRs to function. Instead these operating systems have modern driver and service frameworks with memory protection and preemptive multitasking, allowing multiple programs and device drivers to run simultaneously without the need for special programming tricks; the kernel and its modules have been made exclusively responsible for modifying the interrupt table.

Related Research Articles

In computing, BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS firmware comes pre-installed on an IBM PC or IBM PC compatible's system board and exists in some UEFI-based systems to maintain compatibility with operating systems that do not support UEFI native operation. The name originates from the Basic Input/Output System used in the CP/M operating system in 1975. The BIOS originally proprietary to the IBM PC has been reverse engineered by some companies looking to create compatible systems. The interface of that original system serves as a de facto standard.

An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.

Real mode, also called real address mode, is an operating mode of all x86-compatible CPUs. The mode gets its name from the fact that addresses in real mode always correspond to real locations in memory. Real mode is characterized by a 20-bit segmented memory address space and unlimited direct software access to all addressable memory, I/O addresses and peripheral hardware. Real mode provides no support for memory protection, multitasking, or code privilege levels.

The A20, or address line 20, is one of the electrical lines that make up the system bus of an x86-based computer system. The A20 line in particular is used to transmit the 21st bit on the address bus.

In IBM PC compatible computing, DOS memory management refers to software and techniques employed to give applications access to more than 640 kibibytes (KiB) of "conventional memory". The 640 KiB limit was specific to the IBM PC and close compatibles; other machines running MS-DOS had different limits, for example the Apricot PC could have up to 768 KiB and the Sirius Victor 9000, 896 KiB. Memory management on the IBM family was made complex by the need to maintain backward compatibility to the original PC design and real-mode DOS, while allowing computer users to take advantage of large amounts of low-cost memory and new generations of processors. Since DOS has given way to Microsoft Windows and other 32-bit operating systems not restricted by the original arbitrary 640 KiB limit of the IBM PC, managing the memory of a personal computer no longer requires the user to manually manipulate internal settings and parameters of the system.

In DOS memory management, expanded memory is a system of bank switching that provided additional memory to DOS programs beyond the limit of conventional memory (640 KiB).

In DOS memory management, conventional memory, also called base memory, is the first 640 kilobytes of the memory on IBM PC or compatible systems. It is the read-write memory directly addressable by the processor for use by the operating system and application programs. As memory prices rapidly declined, this design decision became a limitation in the use of large memory capacities until the introduction of operating systems and processors that made it irrelevant.

In DOS memory management, the high memory area (HMA) is the RAM area consisting of the first 65520 bytes above the one megabyte in an IBM AT or compatible computer.

CONFIG.SYS is the primary configuration file for the DOS and OS/2 operating systems. It is a special ASCII text file that contains user-accessible setup or configuration directives evaluated by the operating system's DOS BIOS during boot. CONFIG.SYS was introduced with DOS 2.0.

Quarterdeck Expanded Memory Manager (QEMM) is a memory manager produced by Quarterdeck Office Systems in the late 1980s through the late 1990s. It was the most popular third-party memory manager for the MS-DOS and other DOS operating systems.

BIOS interrupt calls are a facility that operating systems and application programs use to invoke the facilities of the Basic Input/Output System firmware on IBM PC compatible computers. Traditionally, BIOS calls are mainly used by DOS programs and some other software such as boot loaders. BIOS runs in the real address mode of the x86 CPU, so programs that call BIOS either must also run in real mode or must switch from protected mode to real mode before calling BIOS and then switching back again. For this reason, modern operating systems that use the CPU in Protected mode or Long mode generally do not use the BIOS interrupt calls to support system functions, although they use the BIOS interrupt calls to probe and initialize hardware during booting. Real mode has the 1MB memory limitation, modern boot loaders use the unreal mode or protected mode to access up to 4GB memory.

<span class="mw-page-title-main">Rainbow 100</span> DEC microcomputer

The Rainbow 100 is a microcomputer introduced by Digital Equipment Corporation (DEC) in 1982. This desktop unit had a monitor similar to the VT220 and a dual-CPU box with both 4 MHz Zilog Z80 and 4.81 MHz Intel 8088 CPUs. The Rainbow 100 was a triple-use machine: VT100 mode, 8-bit CP/M mode, and CP/M-86 or MS-DOS mode using the 8088.

In DOS memory management, the upper memory area (UMA) is the memory between the addresses of 640 KB and 1024 KB (0xA0000–0xFFFFF) in an IBM PC or compatible. IBM reserved the uppermost 384 KB of the 8088 CPU's 1024 KB address space for BIOS ROM, Video BIOS, Option ROMs, video RAM, RAM on peripherals, memory-mapped I/O, and obsoleted ROM BASIC.

INT 13h is shorthand for BIOS interrupt call 13_hex, the 20th interrupt vector in an x86-based computer system. The BIOS typically sets up a real mode interrupt handler at this vector that provides sector-based hard disk and floppy disk read and write services using cylinder-head-sector (CHS) addressing. Modern PC BIOSes also include INT 13h extension functions, originated by IBM and Microsoft in 1992, that provide those same disk access services using 64-bit LBA addressing; with minor additions, these were quasi-standardized by Phoenix Technologies and others as the EDD BIOS extensions.

In computer programming, a self-relocating program is a program that relocates its own address-dependent instructions and data when run, and is therefore capable of being loaded into memory at any address. In many cases, self-relocating code is also a form of self-modifying code.

In computing, the Virtual Control Program Interface (VCPI) is a specification published in 1989 by Phar Lap Software that allows a DOS program to run in protected mode, granting access to many features of the processor not available in real mode. It was supplanted by DOS Protected Mode Interface (DPMI) shortly after being introduced, due in large part to VCPI's inability to work in Windows 3.0's protected mode.

<span class="mw-page-title-main">DOS</span> Group of closely related IBM PC-compatible operating systems

DOS is a family of disk-based operating systems for IBM PC compatible computers. The DOS family primarily consists of Microsoft's MS-DOS and a rebranded version, IBM PC DOS, both of which were introduced in 1981. Later compatible systems from other manufacturers include DR DOS (1988), ROM-DOS (1989), PTS-DOS (1993), and FreeDOS (1998). MS-DOS dominated the IBM PC compatible market between 1981 and 1995.

The Windows 9x series of operating systems refers to the kernel which lies at the heart of Windows 9x. Its architecture is monolithic.

DOS Protected Mode Services (DPMS) is a set of extended DOS memory management services to allow DPMS-enabled DOS drivers to load and execute in extended memory and protected mode.

References

↑ Maybury, Rick (1998). "Beat the Bug—Computer Viruses". PC Top Tips. Retrieved 2012-02-09.
↑ HelpPC reference: INT 21,0 – Program Terminate
↑ a list of TSR libraries Archived 2007-08-17 at the Wayback Machine also known as frameworks.
↑ "int 2D". Archived from the original on 2017-12-01. Retrieved 2019-11-14.
↑ "TSR Libraries". 2016-06-19. Archived from the original on 2016-06-19. Retrieved 2019-11-14.

External links

An early TSR
comp.os.msdos.programmer FAQ – How can I write a TSR (Terminate-and-Stay-Resident) utility?
The Alternate Multiplex Interrupt Specification (AMIS), v.3.5
AMISLIB – a function library to write self-highloading, removable TSRs in assembler
A to Z of C; a free book on DOS programming in C; Chapter 27 – "TSR programming" (PDF). (80 KB)
IBM's Interrupt-Sharing Protocol, zip archive, 6.5 KB (Simtel)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Maybury, Rick (1998). "Beat the Bug—Computer Viruses". PC Top Tips. Retrieved 2012-02-09.

[2] HelpPC reference: INT 21,0 – Program Terminate

[3] st of TSR libraries Archived 2007-08-17 at the Wayback Machine also known as frameworks.

[4] "int 2D". Archived from the original on 2017-12-01. Retrieved 2019-11-14.

[5] "TSR Libraries". 2016-06-19. Archived from the original on 2016-06-19. Retrieved 2019-11-14.

[1]

[2]

[3]

[4]

[5]