ID:Q6 Trouble-shooting Stealth
Quarterdeck Technical Note #205 Filename: STEALTH.TEC
by Quarterdeck Testing & Compatibility CompuServe: STEALT.ZIP
Last revised: 8/21/92 Category: QEMM
Subject: Stealth may seem mysterious and cryptic, but it really isn't. This
note describes how to diagnose and cure problems related to the use
of the Stealth feature of QEMM-386 version 6.
This document discusses how to diagnose and cure problems occasioned by
the use of the Stealth feature of QEMM-386, version 6. All users should
review the readq.me file that comes with QEMM-386, version 6 for additional
The first step is to ascertain whether Stealth is involved with the
problem. Remove the Stealth parameter (ST:M or ST:F) from the QEMM-386 line
of the config.sys. Reboot the computer and try to duplicate the problem. If
the problem still happens then Stealth is not causing the problem and you must
address the problem by the means explained in the troubleshooting section of
the QEMM-386 manual.
If Stealth is involved in the problem restore the Stealth
parameter (ST:M) and add XST=F000. Reboot the computer. If this
works, go to the third step; if this does not work, go to Section
Two. On this step the QEMM-386 line of the config.sys should look
device=c:\qemm\qemm386.sys ram st:m xst=f000
If XST=F000 solves your problem replace it with X=F000-FFFF,
reboot and try again. The QEMM-386 line of the config.sys should
look something like:
device=c:\qemm\qemm386.sys ram st:m x=f000-ffff
If this works, add the parameter FSTC to the qemm line, thusly:
device=c:\qemm\qemm386.sys ram st:m x=f000-ffff fstc
and reboot. If this works continue; if this does not work (and
FSTC may not work in all circumstances) then remove the FSTC
parameter and reboot with the previous QEMM-386 line. See the
section about FSTC below for an explanation of FSTC.
In either case, enter Manifest and look at the QEMM-
386/Analysis screen. Look at the last line: It should look
something like this:
Fn00 IIII IIII IIII IIOO
The portions of the address space with the O in them are being
accessed directly. Some program or piece of hardware is trying to
read the contents of the ROM here directly, not merely access them
through interrupts. This portion of the address space must be
allowed to be accessed directly. This is done by excluding QEMM-386
from mapping this area. In this case the target region is FE00-
FFFF. The appropriate Exclude is X=FE00-FFFF. The correct QEMM-
386.SYS line of the config.sys is:
device=c:\qemm\qemm386.sys ram st:m x=fe00-ffff
This Exclude allows Stealth to do its job and costs you only 8K of
high address space.
If XST=F000 solves your problem while X=F000-FFFF does not then
you should try using ST:F instead of ST:M. You may get more high
ram with ST:F than with ST:M XST=F000.
This section is only for users with video ROM. Hercules-compatible
monochrome and CGA systems do not have video ROM and thus this section does
not apply. Some machines have their video ROM elsewhere, usually E000-E7FF.
Such users should use E000 (or wherever their video ROM begins) instead of
C000. IBM PS/2 microchannel machines and many other microchannel machines
have their video ROM in E000-EFFF; XST=E000 is the appropriate XST for use
with such machines in this section. See the instructions in the ninth step
for using XST=E000 on a microchannel machine properly.
If XST=F000 does not solve your problem then try XST=C000. The
QEMM-386 line of the config.sys should look like:
device=c:\qemm\qemm386.sys ram st:m xst=c000
If XST=C000 does not work, go to Section Three. If XST=C000 does
work, go to the next step.
If XST=C000 solves the problem then try placing the page frame
at C000. Do this only if the entire C segment is available to put
the page frame in. The QEMM-386 line of the config.sys should look
device=c:\qemm\qemm386.sys ram st:m fr=c000
If this works then this may be acceptable solution. All the address
space in which high ram can be created is being used in this
configuration. If this step does not work or, if you cannot put the
page frame at C000, go to the seventh step.
If XST=C000 solves the problem but you do not want to (or
cannot) put the page frame at C000 then try the parameter
FASTINT10:N, where "N" tells QEMM-386 to allow the video ROM's own
code to be used. By default QEMM-386 replaces some of the video
ROM's code with its own video code. This parameter tells QEMM to
use the ROM's code. The QEMM-386 line of the config.sys should look
device=c:\qemm\qemm386.sys ram st:m fastint10:n
If this works then all ROMs are being Stealthed. You may choose to
try the eighth step as an alternative though. If this does not
work, go to the next step. There is a further discussion of
If XST=C000 solves the problem but FR=C000 or FASTINT10:N does
not (or you cannot put the page frame at C000 or do not want to use
FASTINT10:N) then replace XST=C000 with X=C000-C7FF. The QEMM-386
line of the config.sys should look like:
device=c:\qemm\qemm386.sys ram st:m x=c000-c7ff
If this works, add the parameter FSTC to the QEMM-386 line, thusly:
device=c:\qemm\qemm386.sys ram st:m x=c000-c7ff fstc
and reboot. If this works continue; if this does not work (and
FSTC may not work in all circumstances) then remove the FSTC
parameter and reboot with the previous QEMM-386 line. See the
section about FSTC below for an explanation.
In either case, enter Manifest, go to the QEMM-386/Analysis
screen, and look at the Cn00 line. It should look something like
Cn00 OIII IIII OOOO OOOO
This indicates that the first 4K region of the C segment, in the
video ROM, is being accessed directly. This portion of the address
space must be Excluded when QEMM-386 is Stealthing. The appropriate
QEMM-386 line in the config.sys is:
device=c:\qemm\qemm386.sys ram st:m x=c000-c0ff
On some machines there are other ROMs that can be Stealthed;
often these are disk ROMs. The same procedure: trying XST=??00,
then replacing it with the appropriate Exclude of the old kind
(X=??00-!!FF) to see if the problem is related to Stealthing or just
not having some portion of the ROM's address space directly
accessible, can be used. The trick of making the page frame begin
at the beginning of the disk ROM may also work here as well. If
XST=??00 solves your problem, try replacing it with FR=??00,
presuming that there is a 64K portion of the address space free
beginning at ??00 and that ?? is a multiple of 16. If some portion
of the address space must be Excluded for Stealth to work you should
check Analysis with the FSTC and X=??00-!!FF parameters on the QEMM
Because of the way the ROMs are written for the IBM PS/2
machines, and, perhaps, other Microchannel machines, it is necessary
to load HOOKROM.SYS before QEMM386.SYS in the CONFIG.SYS for
XST=E000 to work. For example:
device=c:\qemm\qemm386.sys ram st:m xst=e000
Use XST=F000, XST=C000, XST=??00, and simultaneously for all
ROMs being Stealthed. Then replace the XSTs one by one with the
appropriate regular Exclude (X=F000-FFFF, X=C000-C7FF, X=??00-
!!FF...), look at the QEMM-386/Analysis screen of Manifest and
discover what portions of the address space need to be directly
If ST:M with XST on all Stealthed ROMs fails, add FB:N UFP:N VHI:N
F10:N the tenth step's line. If this works, remove all the XSTs and see
if you need only one of them. Then see if you need only one of them. If
they alone do not do the job, go back to section one and look for the
appropriate XST or eXclude, keeping these parameters. These parameters
are explained below or in the manual.
If ST:M does not work try ST:F instead. If ST:F does not work
you should try ST:F XST=C000 (and XST=??00) for other Stealthed ROMs
other than the one(s) overlain by the page frame.
If none of these steps solve the problem please pin down
exactly what program is failing (and at what point), and file a
report with Quarterdeck.
WHAT SHOULD I DO IF QEMM REPORTS "CANNOT FIND ROM HANDLER FOR INTERRUPT XX"?
Load "hookrom.sys" at the beginning of the config.sys. Use a line like:
If this does not work then you may need to tell QEMM-386 to stop
Stealthing this interrupt. The parameter which does this is XSTI=XX, where XX
is the number of the interrupt reported by the error message. When you do
this you must do an Analysis with an Exclude (of the old kind) of the address
space being occupied by all Stealthed ROMs.
Here is a typical QEMM-386 line to do an Analysis:
device=c:\qemm\qemm386.sys ram st:m xsti=70 fstc x=c000-cfff x=f000-ffff
Reboot with this QEMM-386 line, look at the QEMM ANALYSIS MAP in
Manifest. It may look something like:
n=0123 4567 89AB CDEF
0n00 OOOO OOOO OOOO OOOO
1n00 OOOO OOOO OOOO OOOO
2n00 OOOO OOOO OOOO OOOO
3n00 OOOO OOOO OOOO OOOO
4n00 OOOO OOOO OOOO OOOO
5n00 OOOO OOOO OOOO OOOO
6n00 OOOO OOOO OOOO OOOO
7n00 OOOO OOOO OOOO OOOO
8n00 OOOO OOOO OOOO OOOO
9n00 OOOO OOOO OOOO OOOO
An00 OOOO OOOO OOOO OOOO
Bn00 OOOO OOOO OOOO OOOO
Cn00 IIII IIII OOOO OOOO
Dn00 OOOO OOOO OOOO OOOO
En00 OOOO OOOO OOOO OOOO
Fn00 OOOO IIII IIII IIIO
This indicates that the first 16K of the F segment is being accessed by the
INT 70 handler and must remain Excluded. The final QEMM line for this case
device=c:\qemm\qemm386.sys ram st:m xsti=70 x=f000-f3ff
and we at Quarterdeck would very much like to know about the machine that is
reporting this error.
The only cause that we have seen is the case of some users on XT machines
with Inboards. XTs do not have a second bank of hardware interrupts (which
use interrupts 70-77) but there are some ROMs on XTs that mistakenly report
that they do and QEMM-386 looks for the interrupt handler of some interrupts
that do not have handlers. For such machines no Exclude is necessary because
there is no ROM code handling the interrupt. In particular we would like to
know where this interrupt is pointing when Stealth is not being used. This
can be discovered in Manifest on the First Meg Interrupts screen.
Inboard-PC users may need xsti=70 xsti=74 xsti=75 xsti=76. The device
device=c:\qemm\qemm386.sys ram st:m xsti=70 xsti=74 xsti=75 xsti=76
WHAT IS FASTINT10:N?
QEMM-386, when Stealthing a video ROM, replaces some of the video ROM's
code with replacement code written by Quarterdeck. This replacement code is
suitable for most video cards. The FASTINT10:N (which may be abbreviated
F10:N) parameter tells QEMM-386 not to use its own replacement code but the
literal code of the video ROM. This in no way limits the amount of high RAM
Stealth creates and may be acceptable solution for those users who need it.
It should only be necessary on unusual video cards. If placing the page frame
at the beginning of the video card's ROM works or if a small regular Exclude
also solves the problem you may choose to use this solution instead.
WHAT IS FSTC?
The purpose of the FSTC parameter is to make the Analysis procedure
accurate. Some system and video ROMs may not function properly with the FSTC
parameter. If this is the case on your system you will have to perform the
Analysis procedure without the FSTC parameter. However, you should be aware in
this case that some of the Exclude statements that Analysis prompts you to use
may not be necessary. You can try reducing these Excludes on a trial-and-
error basis if you wish.
When QEMM-386 Stealths a ROM certain tables may have to be stored by QEMM-
386 in its own data area. This uses a few kilobytes of high RAM. When a ROM
is being Stealthed but the address in which the ROM resides is Excluded (as
with X=C000-C7FF) then QEMM-386 cleverly figures out that it does not need to
make copies of these tables in its own data area so it saves this memory by
not making copies of the tables. This means that when you do Exclude the
portion(s) of the ROM where these tables are stored the ROM will be accessed
directly though it would not be if it were not Excluded. This will cause
Analysis to report that a portion of the address space is OK when Excluded
even though it would not be accessed directly were it not Excluded.
FSTC (FORCESTEALTHTABLECOPY) forces QEMM-386 to make copies of these
tables so that inappropriate Excludes are not recommended for the above
reason. FSTC should only be used when you are testing a portion of a ROMs
address space for direct access by Excluding the whole ROM. It is not an
appropriate parameter for a final configuration.
WHAT IS FB:N?
FB:N, short for FRAMEBUF:N, disables QEMM-386's feature of breaking up
disk reads into the page frame and disk writes from the page frame. FB:Y is
the default with Stealth; FB:N is the default without Stealth.
WHAT IS UFP:N?
When no program is using Expanded memory, QEMM-386, when Stealth is
active, unmaps the memory last left in the page frame by a previous program
that used expanded memory. This allows the ROM underneath the page frame to
be visible, in case some program reads that ROM directly. However there are
some programs that expect the page frame to continue to contain the contents
they last mapped there even after they have freed their expanded memory.
The UFP:N (abbreviation for UNMAPFREEPAGES) parameter tells not to do this.
This will make such programs work with Stealth. Of course such programs
violate the EMS specification by expecting the page frame to contain the
handle they just released. UFP:N is the default without Stealth.
WHAT ARE ADVANCED DISK FEATURES AND VHI:N?
The BIOS has a set of function calls intended for use by multitasking
programs. These are Int 15, functions 90 and 91. The system ROM or disk ROM
may issue the Int 15, fn 90 call while it is waiting for the disk controller
to read or write a sector, allowing other programs to execute during this
wait. When the sector is ready, the disk interrupt handler issues an Int 15,
Fn 91, signaling the multitasking program that the disk information is ready
to be processed by the system or disk ROM. Some disk caches hook this call to
allow your system to go ahead and execute your current program while the
system or disk ROM is waiting for its requested sector. Whereas these caches
preserve the stack and register state for the BIOS and the application when
doing this pseudo-multitasking, they do not preserve the mapping of the page
frame. Therefore, if the BIOS uses the page frame itself (as does Stealth),
this could generate conflicts and system failures. Since no known disk cache
does the proper page frame preservation, QEMM automatically suppresses INT 15,
function 90 calls from the BIOS, effectively disabling advanced disk features.
Caches that save and restore the page frame when using advanced disk features
can use a programming interface to QEMM-386 to reenable advanced disk
You may defeat QEMM-386's defeating of this feature with the
VIRTUALHDIRQ:N (VHI:N) parameter on the QEMM-386 line of the config.sys. If
your cache has these "Advanced Features" and does not save and restore the
page frame you will crash or corrupt data on the cached drive(s).
WHAT IF I LOAD A DRIVER THAT USES ROM BEFORE QEMM-386?
If you want to load a device driver before QEMM-386 and it uses a ROM
then QEMM-386 can still Stealth this ROM if you load the driver HOOKROM.SYS
before this driver. Here is an example:
device=c:\qemm\qemm386.sys ram st:m
WHY DOES XST=E000 ONLY WORK ON PS/2 MACHINES IF I USE HOOKROM.SYS?
The code in the E000-EFFF portion of the ROM on PS/2 and, perhaps, other
Microchannel machines, is not directly pointed to by the interrupt table. The
interrupt table points to addresses in F000-FFFF, which then point to the
appropriate code in the E000-EFFF segment. You can see this in the
FirstMeg/Interrupts section of Manifest. When you load HOOKROM.SYS, it traces
down the redirection of the interrupts to the place where the executing code
begins, so that interrupts that are serviced by code in the E000-EFFF segment
actually point to addresses in the E000-EFFF segment. How to use HOOKROM.SYS
for this purpose is discussed in the last paragraph of the NINTH STEP of this
WHY DOES MY SYSTEM SETUP NO LONGER COME UP WITH ST:M?
On machines with a built-in system setup program in the BIOS ROM that can
be popped up at any time Stealth may make this feature inaccessible after you
have booted. This is because the setup program accesses the ROM directly. In
order for it to work after QEMM-386 has been loaded you must Exclude the
portion of the address space where it is stored. On most machines this is in
F000-F7FF or thereabouts. You may decide that it is better to use the system
setup only on boot and be able to use this portion of the address space for
high RAM when you are running. This is the way many systems are these days
and you must reboot to implement the changes anyway so you may consider this a
Machines with a setup program that loads as a regular program may not
present this problem.
WHAT IS GOING ON?
With ST:M Stealth is moving out of the address space all ROMs accessed by
means of interrupts (you can see what interrupts are being handled by what
ROMs in the First Meg/Interrupts screen of Manifest when you are not
Stealthing.) When these interrupts are asserted, QEMM-386 puts the ROM code
that services the interrupt into the page frame. With ST:F Stealth is allowing
the page frame to share the address space used by the ROM, making the
underlying ROM code available in the page frame when an interrupt pointing
into the ROM is asserted.
HOW CAN IT FAIL?
The Stealth technology relies on the practice of using the code in ROMs
only by means of interrupts. With the exceptions listed below when the code
in a ROM is accessed directly the program or hardware using this code (or
information) will find high RAM there instead with ST:M and will malfunction.
Although this is not common it does happen. Sometimes programs look for
identification information: For video cards this usually happens in the
bottom 4K; for system BIOSes this usually happens in FE00-FEFF. Most users
for whom Stealth fails can recover almost all the high RAM Stealth can create
with small Excludes of this kind.
1) QEMM-386 does not map High RAM into the last 64 bytes of the
system BIOS ROM because they are commonly accessed directly.
Accesses here do not cause Stealth a problem.
2) When a ROM accesses itself directly then it should work IF the page
frame begins at this ROM's beginning address. There are some video cards
and disk controllers that fail because the video ROM (disk ROM) does not
tolerate relocation. The ready cure for this symptom is to put the page
frame at C000 (or whatever is the beginning of the appropriate video or
disk ROM) so that when an interrupt that points into the video ROM (disk
ROM) is asserted, and QEMM restores the contents of the video ROM (disk
ROM) into the page frame, the ROM code can access itself where it expects
to find itself; this is the purpose of step 6 of this method.
3) Direct accesses of one ROM to another work with ST:F.
Disk caches that write directly to and read directly from the page frame cause
Stealth to fail unless the DISKBUFFRAME=?? (DBF=??) is used.
Stealth relies on there being interrupts pointing into a ROM in order to make
it a target for Stealthing. If there is a ROM in the address space that QEMM-
386 cannot detect as being used then it will not be Stealthed. This may
happen for some disk ROMs and for devices that use the ROM only upon
initialization. If there is a ROM without an interrupt pointing into it it is
a suspect for being unused. You should use the Analysis feature of QEMM-386
to discover if this ROM is being used at all. If it is not then the address
space it occupies may be reclaimed with an INCLUDE.
The Stealth technology has been exhaustively tested but the wide variety
of software and hardware in the PC world has surprises in it for every
program. The actual Stealthing of interrupts is very successful. The most
common failure is due to programs (or other ROMs) trying to access a portion
of the ROM directly, rather than by means of interrupt.
For this to work the target region of this access must be in the address
space at the time of access. This can be achieved by an appropriate exclude of
the old kind, usually at a cost of only 4K or 8K of the additional high RAM
Stealth is creating; see steps 3 through 11 for a procedure to figure these
Excludes out. If the video ROM or adaptor ROM is the target ROM of a problem
then placing the page frame over the video ROM or adaptor ROM may work; see
step 6. The "Advanced disk features" that some disk caches use are
incompatible with Stealth. QEMM-386 disables these by default whenever
possible if Stealth is used. Some disk caches write directly to the page
frame. Such caches should be told to use extended memory or the
DISKBUFFRAME=?? (DBF=??) should be used with QEMM-386; see step 2. If you
have a problem intractable by any of these means Quarterdeck would like to
hear about it.
*This technical note may be copied and distributed freely as long as it*
*is distributed in its entirety and it is not distributed for profit. *
* Copyright (C) 1991-2 by Quarterdeck Office Systems *
************************ E N D O F F I L E *************************