From 498e5832519ef38d40c932a435a2a3474b545cf8 Mon Sep 17 00:00:00 2001
From: Peter Veenstra <qbix79@users.sourceforge.net>
Date: Fri, 8 Jun 2012 14:23:55 +0000
Subject: [PATCH] Model irq 0 stack layout in a more compatible way. Fixes
 M.U.L.E. booter. (ripsaw)

Imported-from: https://svn.code.sf.net/p/dosbox/code-0/dosbox/trunk@3781
---
 src/cpu/callback.cpp | 29 +++++++++++++++--------------
 src/ints/bios.cpp    |  6 +++---
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/cpu/callback.cpp b/src/cpu/callback.cpp
index 31761e00..de64bf59 100644
--- a/src/cpu/callback.cpp
+++ b/src/cpu/callback.cpp
@@ -218,24 +218,25 @@ Bitu CALLBACK_SetupExtra(Bitu callback, Bitu type, PhysPt physAddress, bool use_
 		phys_writeb(physAddress+0x06,(Bit8u)0xcf);		//An IRET Instruction
 		return (use_cb?0x0b:0x07);
 	case CB_IRQ0:	// timer int8
+		phys_writeb(physAddress+0x00,(Bit8u)0xFB);		//STI
 		if (use_cb) {
-			phys_writeb(physAddress+0x00,(Bit8u)0xFE);	//GRP 4
-			phys_writeb(physAddress+0x01,(Bit8u)0x38);	//Extra Callback instruction
-			phys_writew(physAddress+0x02,(Bit16u)callback);		//The immediate word
+			phys_writeb(physAddress+0x01,(Bit8u)0xFE);	//GRP 4
+			phys_writeb(physAddress+0x02,(Bit8u)0x38);	//Extra Callback instruction
+			phys_writew(physAddress+0x03,(Bit16u)callback);		//The immediate word
 			physAddress+=4;
 		}
-		phys_writeb(physAddress+0x00,(Bit8u)0x50);		// push ax
-		phys_writeb(physAddress+0x01,(Bit8u)0x52);		// push dx
-		phys_writeb(physAddress+0x02,(Bit8u)0x1e);		// push ds
-		phys_writew(physAddress+0x03,(Bit16u)0x1ccd);	// int 1c
-		phys_writeb(physAddress+0x05,(Bit8u)0xfa);		// cli
-		phys_writeb(physAddress+0x06,(Bit8u)0x1f);		// pop ds
-		phys_writeb(physAddress+0x07,(Bit8u)0x5a);		// pop dx
-		phys_writew(physAddress+0x08,(Bit16u)0x20b0);	// mov al, 0x20
-		phys_writew(physAddress+0x0a,(Bit16u)0x20e6);	// out 0x20, al
+		phys_writeb(physAddress+0x01,(Bit8u)0x1e);		// push ds
+		phys_writeb(physAddress+0x02,(Bit8u)0x50);		// push ax
+		phys_writeb(physAddress+0x03,(Bit8u)0x52);		// push dx
+		phys_writew(physAddress+0x04,(Bit16u)0x1ccd);	// int 1c
+		phys_writeb(physAddress+0x06,(Bit8u)0xfa);		// cli
+		phys_writew(physAddress+0x07,(Bit16u)0x20b0);	// mov al, 0x20
+		phys_writew(physAddress+0x09,(Bit16u)0x20e6);	// out 0x20, al
+		phys_writeb(physAddress+0x0b,(Bit8u)0x5a);		// pop dx
 		phys_writeb(physAddress+0x0c,(Bit8u)0x58);		// pop ax
-		phys_writeb(physAddress+0x0d,(Bit8u)0xcf);		//An IRET Instruction
-		return (use_cb?0x12:0x0e);
+		phys_writeb(physAddress+0x0d,(Bit8u)0x1f);		// pop ds
+		phys_writeb(physAddress+0x0e,(Bit8u)0xcf);		//An IRET Instruction
+		return (use_cb?0x13:0x0f);
 	case CB_IRQ1:	// keyboard int9
 		phys_writeb(physAddress+0x00,(Bit8u)0x50);			// push ax
 		phys_writew(physAddress+0x01,(Bit16u)0x60e4);		// in al, 0x60
diff --git a/src/ints/bios.cpp b/src/ints/bios.cpp
index 8fc37c40..470a290e 100644
--- a/src/ints/bios.cpp
+++ b/src/ints/bios.cpp
@@ -997,14 +997,14 @@ public:
 		CALLBACK_Setup(call_irq0,INT8_Handler,CB_IRQ0,Real2Phys(BIOS_DEFAULT_IRQ0_LOCATION),"IRQ 0 Clock");
 		RealSetVec(0x08,BIOS_DEFAULT_IRQ0_LOCATION);
 		// pseudocode for CB_IRQ0:
+		//	sti
 		//	callback INT8_Handler
-		//	push ax,dx,ds
+		//	push ds,ax,dx
 		//	int 0x1c
 		//	cli
-		//	pop ds,dx
 		//	mov al, 0x20
 		//	out 0x20, al
-		//	pop ax
+		//	pop dx,ax,ds
 		//	iret
 
 		mem_writed(BIOS_TIMER,0);			//Calculate the correct time