flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > DOS > Hot-patching?

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 598
Hot-patching?
debugging INT 21 it is

Code:
90     NOP
90     NOP
E8**** CALL ****

I guessed it must be hot patching, but the 5 bytes before aren't

Code:
90 90 90 90 90

.So are they still hooken code?[/code]
Post 21 Feb 2015, 15:00
View user's profile Send private message Reply with quote
nop



Joined: 01 Sep 2008
Posts: 165
Location: right here left there
are you sugesting microsoft would use self modifying code inside a dos interupt Question you maybe right and the 2 nops could be replaced by a near jmp to bypass the subroutine call
Post 21 Feb 2015, 23:11
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 598

nop wrote:
are you sugesting microsoft would use self modifying code inside a dos interupt Question you maybe right and the 2 nops could be replaced by a near jmp to bypass the subroutine call

I know the one in Windows which is just after 5 nops and is

Code:
Mov ediedi

Post 22 Feb 2015, 06:21
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
l4m2,

That could be alignment due to linker involved.
Post 22 Feb 2015, 09:00
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 598

baldr wrote:
l4m2,

That could be alignment due to linker involved.

so why not directly go to the third command
Post 22 Feb 2015, 09:38
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
l4m2,

It seems to me that you didn't understand neither 'alignment' nor 'linker'.
Post 22 Feb 2015, 09:45
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 680
Location: Adelaide
Re: Hot-patching?

l4m2 wrote:
debugging INT 21 it is

Code:
90     NOP
90     NOP
E8**** CALL ****

I guessed it must be hot patching, but the 5 bytes before aren't

Code:
90 90 90 90 90

.So are they still hooken code?[/code]


I think that code is when DOS is loaded high, it calls himem's a20 enable then jumps to FDxx:xxxx, if not high the two nops become a short jump past the E8
Post 22 Feb 2015, 19:18
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.