A Simple Disassemby of the Initial Code found in BIOS.440.ROM; specifically part of its "Boot Block" area showing its "OUT 80,AL" instruction. (Disassembly was done using the 16-bit "Enhanced DEBUG" program mentioned in the descriptions on webpage: https://thestarman.pcministry.com/asm/bios/index.html ) Note: The "F000:" Segment designation shown in the code below was added afterwards. F000:FFF0 E906E7 JMP E6F9 F000:E6F9 FA CLI F000:E6FA 66C1E210 SHL EDX,10 ; 1st i386 (32-bit) instruction encountered. F000:E6FE 8EE0 MOV FS,AX ; AX is zero. F000:E700 66C1C810 ROR EAX,10 ; 2nd i386 (32-bit) instruction encountered. F000:E704 8EE8 MOV GS,AX ; AX is zero. F000:E706 B800F0 MOV AX,F000 F000:E709 8ED8 MOV DS,AX ; Sets DS to Segment F000: F000:E70B BEF0FF MOV SI,FFF0 F000:E70E 8A1C MOV BL,[SI] ; F000:FFF0 byte is "E9"... F000:E710 80FBE9 CMP BL,E9 ; so comparison is zero! F000:E713 7505 JNZ E71A ; And execution... F000:E715 EA1FE700F0 +-- JMP F000:E71F ; does this jump... F000:E71A EA5BE000F0 | JMP F000:E05B ; _not_ this one! | F000:E71F E90000 . JMP E722 ; 1st Jump to next instruction encountered. F000:E722 FC CLD F000:E723 BB54E8 MOV BX,E854 ------------------------------------------------------------------------------------------- F000:E726 2E8E1EF3E6 MOV DS,CS:[E6F3] ; [F000:E6F3] = 0, so at this... F000:E72B 2E8E16F3E6 MOV SS,CS:[E6F3] ; point, DS, SS and ES are ... F000:E730 2E8E06F3E6 MOV ES,CS:[E6F3] ; all set to zero! F000:E735 66BC007C0000 MOV ESP,00007C00 F000:E73B 2E803F8E CMP BYTE PTR CS:[BX],8E ; [F000:E854] = 80, so... ; _not_ the same, but... ; curiously, both of the following jumps go to the same location! There was obviously ; some kind of logic trap set up here, but now it has been removed. Why? We may never ; know! Apparently the original code was 'tweaked' by Phoenix beforehand, or by VWware: F000:E73F 7303 JAE E744 F000:E741 E90000 JMP E744 ; 2nd Jump to next instruction encountered. F000:E744 2E8B07 MOV AX,CS:[BX] ; This becomes the Diagnostic Code! F000:E747 43 INC BX F000:E748 43 INC BX F000:E749 8BC8 MOV CX,AX F000:E74B 0AC0 OR AL,AL F000:E74D 7404 JZ E753 F000:E74F 8AC0 MOV AL,AL F000:E751 E680 OUT 80,AL ; Manufacturer's Diagnostic Checkpoint. F000:E753 E90000 JMP E756 ; 3rd Jump to next instruction encountered. ; We will change this to jump to a Serial Port ; output routine to a VMware text file instead! F000:E756 2E8B07 MOV AX,CS:[BX] ; This is the instruction we'll hardcode ; a return to after running our routine. F000:E759 43 INC BX F000:E75A 43 INC BX F000:E75B FFE0 JMP AX F000:E75D 2E8B37 MOV SI,CS:[BX] F000:E760 FFE6 JMP SI F000:E762 43 INC BX F000:E763 43 INC BX F000:E764 EBC0 JMP E726 ; Loops back through code above. ------------------------------------------------------------------------------------------- EOF . D.S. . 03/10/2023 .