Terminate and stay resident program

From HandWiki

A terminate-and-stay-resident program (commonly TSR) is a computer program running under DOS that uses a system call to return control to DOS as though it has finished, but remains in computer memory so it can be reactivated later.[1] This technique partially overcame DOS's limitation of executing only one program, or task, at a time. TSRs are used only in DOS, not in Windows.

Some TSRs are utility software that a computer user might call up several times a day, while working in another program, using a hotkey. Borland Sidekick was an early and popular example of this type. Others serve as device drivers for hardware that the operating system does not directly support.

Use

Normally DOS can run only one program at a time. When a program finishes, it returns control to DOS using the system call INT 21h/4Ch.[2] The memory and system resources used are then marked as unused. This makes it impossible to restart parts of the program without having to reload it all. However, if a program ends with the system call INT 27h or INT 21h/31h, the operating system does not reuse a certain specified part of its memory.

The original call, INT 27h, is called "terminate but stay resident", hence the name "TSR". Using this call, a program can make up to 64 KB of its memory resident. MS-DOS version 2.0 introduced an improved call, INT 21h/31h ('Keep Process'), which removed this limitation and let the program return an exit code. Before making this call, the program can install one or several interrupt handlers pointing into itself, so that it can be called again. Installing a hardware interrupt vector allows such a program to react to hardware events. Installing a software interrupt vector allows it to be called by the currently running program. Installing a timer interrupt handler allows a TSR to run periodically (see ISA and programmable interval timer, especially the section "IBM PC compatible").

The typical method of using an interrupt vector involves reading its present value (the address), storing it within the memory space of the TSR, and replacing it with an address in its own code. The stored address is called from the TSR, in effect forming a singly linked list of interrupt handlers, also called interrupt service routines, or ISRs. This procedure of installing ISRs is called chaining or hooking an interrupt or an interrupt vector.

By chaining the interrupt vectors TSRs can take complete control of the computer. A TSR can have one of two behaviors:

  • Take complete control of an interrupt by not calling other TSRs that had previously altered the same interrupt vector.
  • Cascade with other TSRs by calling the old interrupt vector. This can be done before or after they executed their actual code. This way TSRs can form a chain where each calls the next.

The terminate-and-stay-resident method is used by most DOS viruses and other malware, which can either take control of the PC or stay in the background. This malware will react to disk I/O or execution events by infecting executable (.EXE or .COM) files when it is run and data files when they are opened.

TSRs can be loaded at any time; either during the DOS startup sequence (for example, from AUTOEXEC.BAT), or at the user's request (for example, Borland's Sidekick and Turbo Debugger, Quicken's QuickPay, or FunStuff Software's Personal Calendar). Parts of DOS itself use this technique, especially in DOS versions 5.0 and later. For example, the DOSKEY command-line editor and various other utilities are installed by running them at the command line (manually, or from AUTOEXEC.BAT or through INSTALL from within CONFIG.SYS) rather than loading them as device drivers through DEVICE statements in CONFIG.SYS.

Some TSRs have no way to unload themselves, so they will remain in memory until a reboot. However unloading is possible externally, using utilities like the MARK.EXE/RELEASE.EXE combo by TurboPower Software or soft reboot TSRs which will catch a specific key combination and release all TSRs loaded after them. As the chain of ISRs is singly linked, and a TSR may store the link to its predecessor anywhere it chooses, there is no general way for a TSR to remove itself from the chain. So usually a stub must be left in memory when unloading a TSR, causing memory fragmentation. This problem gave rise to TSR cooperation frameworks such as TesSeRact and AMIS.[3]

Interrupt sharing

To manage problems with many TSRs sharing the same interrupt, a method called Alternate Multiplex Interrupt Specification (AMIS) was proposed by Ralf D. Brown as an improvement over previously used services offered via INT 2Fh. AMIS provides ways to share software interrupts in a controlled manner. It is modeled after IBM's Interrupt Sharing Protocol, originally invented for sharing hardware interrupts of an x86 processor. AMIS services are available via Int 2Dh.[4]

The proposal never gained a widespread traction among programmers in its days. It existed alongside several other competing specifications of varying sophistication.[5]

Faults

While very useful, or even essential to overcome DOS's limitations, TSRs have a reputation as troublemakers. Many hijack the operating system in varying documented or undocumented ways, often causing systems to crash on their activation or deactivation when used with particular applications or other TSRs. As explained above, some viruses and other malware were coded as TSRs, and are deliberately troublesome. Additionally, in DOS all programs, even those with large amounts of physical RAM, must be loaded into the first 640 KB of RAM (the conventional memory). TSRs are no exception, and take chunks from that 640 KB that are thus unavailable to other applications. This meant that writing a TSR was a challenge of achieving the smallest possible size for it, and checking it for compatibility with a lot of software products from different vendors—often a very frustrating task.

In the late 1980s and early 1990s, many video games on the PC platform pushed up against this limit and left less and less space for TSRs—even essential ones like CD-ROM drivers—and arranging things so that there was enough free RAM to run the games, while keeping the necessary TSRs present, became a black art. Many gamers had several boot disks with different configurations for different games. In later versions of MS-DOS, "boot menu" scripts allowed various configurations to be selectable via a single "boot disk". In the mid- to later 1990s, while many games were still written for DOS, the 640 KB limit was eventually overcome by putting parts of the game's data or code above the first 1 MB of memory and using the code below 640 KB to access the extended memory (using DOS extension methods), with code being swapped into the lowest 1 MB of RAM as overlays. Because programming with many overlays is a challenge in and of itself, once the program was too big to fit entirely into about 512 KB, use of extended memory was almost always done using a third-party DOS extender implementing VCPI or DPMI, because it becomes much easier and faster to access memory above the 1 MB boundary, and possible to run code in that area, when the x86 processor is switched from real mode to protected mode. However, since DOS and most DOS programs run in real mode (VCPI or DPMI makes a protected mode program look like a real mode program to DOS and the rest of the system by switching back and forth between the two modes), DOS TSRs and device drivers also run in real mode, and so any time one gets control, the DOS extender has to switch back to real mode until it relinquishes control, incurring a time penalty (unless they utilize techniques such as DPMS or CLOAKING).

Return

With the arrival of expanded memory boards and especially of Intel 80386 processors in the second half of the 1980s, it became possible to use memory above 640 KB to load TSRs. This required complex software solutions, named expanded memory managers. Some memory managers are QRAM and QEMM by Quarterdeck, 386MAX by Qualitas, CEMM by Compaq and later EMM386 by Microsoft. The memory areas usable for loading TSRs above 640 KB are called "upper memory blocks" (UMBs) and loading programs into them is called loading high. Later, memory managers started including programs such as Quarterdeck's Optimize or Microsoft's MEMMAKER which try to maximize the available space in the first 640 KB by determining how best to allocate TSRs between low and high memory.

Decline

With the development of games using DOS extenders (an early example was Doom) which bypassed the 640 KB barrier, many of the issues relating to TSRs disappeared, and with the widespread adoption of Microsoft Windows and especially Windows 95 (followed by Windows 98) – which rendered most TSRs unnecessary and some TSRs incompatible – the TSR faded into obsolescence, though Win16 applications can do TSR-like tricks such as patching the interrupt descriptor table (IDT) because Windows allowed it.

Windows Me and Windows NT (the latter including consumer operating systems from Windows XP on) run in protected mode or long mode all the time, disabling the ability to switch to real mode, which is needed for TSRs to function. Instead these operating systems have modern driver and service frameworks with memory protection and preemptive multitasking, allowing multiple programs and device drivers to run simultaneously without the need for special programming tricks; the kernel and its modules have been made exclusively responsible for modifying the interrupt table.

See also

References

External links